diff options
1287 files changed, 24922 insertions, 26254 deletions
diff --git a/.gitignore b/.gitignore index 19a82fb4b6..d3ac3bbc52 100644 --- a/.gitignore +++ b/.gitignore @@ -52,7 +52,6 @@ core.* /autom4te.cache /build-stamp /compile -/config.rust /configure /Doxyfile /orconfig.h @@ -63,7 +62,6 @@ core.* /config.guess /config.sub /conftest* -/link_rust.sh /micro-revision.* /patch-stamp /stamp-h @@ -161,12 +159,6 @@ core.* /src/app/tor-cov /src/app/tor-cov.exe -# /src/rust -/src/rust/.cargo/config -/src/rust/.cargo/registry -/src/rust/target -/src/rust/registry - # /src/test /src/test/Makefile /src/test/Makefile.in diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 284f7d858c..d033b7ca30 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -188,18 +188,6 @@ debian-tracing: DISTCHECK: "yes" script: - ./scripts/ci/ci-driver.sh - # Ensure that we only run tracing when it's implemented. - # - # Once versions before 0.4.5 are obsolete, we can remove this test. - rules: - # This first "if" check prevents us from running a duplicate version of - # this pipeline whenever we push and create an MR. I don't understand why - # it is necessary, though the following URL purports to explain: - # - # https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines - - if: '$CI_PIPELINE_SOURCE == "push"' - exists: - - src/lib/trace/trace_sys.c ##### # No-authority mode @@ -220,18 +208,6 @@ debian-disable-relay: DISABLE_RELAY: "yes" script: - ./scripts/ci/ci-driver.sh - # Ensure that we only run tracing when it's implemented. - # - # Once versions before 0.4.3 are obsolete, we can remove this test. - rules: - # This first "if" check prevents us from running a duplicate version of - # this pipeline whenever we push and create an MR. I don't understand why - # it is necessary, though the following URL purports to explain: - # - # https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines - - if: '$CI_PIPELINE_SOURCE == "push"' - exists: - - src/feature/relay/relay_stub.c ##### # NSS check on debian diff --git a/.gitlab/issue_templates/Bug.md b/.gitlab/issue_templates/Bug.md new file mode 100644 index 0000000000..3702c1f0b6 --- /dev/null +++ b/.gitlab/issue_templates/Bug.md @@ -0,0 +1,32 @@ +### Summary + + + +### Steps to reproduce: + +1. Step 1 +2. ... + +### What is the current bug behavior? + + + +### What is the expected behavior? + + + +### Environment + +- Which version of Tor are you using? Run `tor --version` to get the version if you are unsure. +- Which operating system are you using? For example: Debian GNU/Linux 10.1, Windows 10, Ubuntu Xenial, FreeBSD 12.2, etc. +- Which installation method did you use? Distribution package (apt, pkg, homebrew), from source tarball, from Git, etc. + +### Relevant logs and/or screenshots + + + +### Possible fixes + + + +/label ~Bug diff --git a/.gitlab/issue_templates/Feature.md b/.gitlab/issue_templates/Feature.md new file mode 100644 index 0000000000..62b2f8e944 --- /dev/null +++ b/.gitlab/issue_templates/Feature.md @@ -0,0 +1,9 @@ +### Summary + + + +### What is the expected behavior? + + + +/label ~Feature diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 8f80405650..0000000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "src/ext/rust"] - path = src/ext/rust - url = https://git.torproject.org/tor-rust-dependencies diff --git a/.travis.yml b/.travis.yml index aaca3a7368..ceec8169c1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,13 +2,6 @@ language: c cache: ccache: true - ## cargo: true - directories: - - $HOME/.cargo - ## caching CARGO_TARGET_DIR actually slows down the build over time, - ## because old build products are never deleted. - ## where we point CARGO_TARGET_DIR in all our cargo invocations - #- $TRAVIS_BUILD_DIR/src/rust/target compiler: - gcc @@ -29,8 +22,6 @@ env: - HARDENING_OPTIONS="--enable-all-bugs-are-fatal --enable-expensive-hardening" ## We turn off asciidoc by default, because it's slow - ASCIIDOC_OPTIONS="--disable-asciidoc" - ## Our default rust version is the minimum supported version - - RUST_VERSION="1.31.0" ## Turn off tor's sandbox in chutney, until we fix sandbox errors that are ## triggered by Ubuntu Xenial and Bionic. See #32722. - CHUTNEY_TOR_SANDBOX="0" @@ -68,10 +59,6 @@ matrix: ## We check disable module dirauth - env: MODULES_OPTIONS="--disable-module-dirauth" HARDENING_OPTIONS="--enable-expensive-hardening" - ## We run rust on Linux, because it's faster than rust on macOS - ## We check rust offline - - env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true - ## We check NSS ## Use -std=gnu99 to turn off some newer features, and maybe turn on some ## extra gcc warnings? @@ -86,14 +73,6 @@ matrix: ## We run `make doxygen` without `make check`. - env: SKIP_MAKE_CHECK="yes" DOXYGEN="yes" - ## macOS builds are very slow, and we have a limited number of - ## concurrent macOS jobs. We're not actively developing Rust, so it is - ## the lowest priority. - ## We run rust on macOS, because we have seen macOS rust failures before - #- env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" - # compiler: clang - # os: osx - ## Allow the build to report success (with non-required sub-builds ## continuing to run) if all required sub-builds have succeeded. fast_finish: true @@ -101,16 +80,6 @@ matrix: ## Careful! We use global envs, which makes it hard to allow failures by env: ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures allow_failures: - ## macOS rust and chutney are very slow, so we let the build finish before - ## they are done. We'd like to fast finish, but still eventually show - ## any failures in the build status. But Travis doesn't have that ability. - - ## Since this job is disabled, there's not much point having an exception - ## for it - #- env: RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode" - # compiler: clang - # os: osx - ## Since we're actively developing IPv6, we want to require the IPv6 ## chutney tests #- env: CHUTNEY_MAKE="test-network-ipv6" CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes" @@ -187,8 +156,6 @@ osx_image: xcode11.2 before_install: ## Set pipefail: we use pipes - set -o pipefail || echo "pipefail failed" - ## Create empty rust directories for non-Rust builds, so caching succeeds - - if [[ "$RUST_OPTIONS" == "" ]]; then mkdir -p $HOME/.cargo $TRAVIS_BUILD_DIR/src/rust/target; fi install: ## If we're on OSX, configure ccache (ccache is automatically installed and configured on Linux) @@ -200,13 +167,6 @@ install: - if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi ## If we're on OSX, and using asciidoc, configure asciidoc - if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi - ## If we're using Rust, download rustup - - if [[ "$RUST_OPTIONS" != "" ]]; then curl -Ssf -o rustup.sh https://sh.rustup.rs; fi - ## Install the stable channels of rustc and cargo and setup our toolchain environment - - if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain $RUST_VERSION; fi - - if [[ "$RUST_OPTIONS" != "" ]]; then source $HOME/.cargo/env; fi - ## If we're testing rust builds in offline-mode, then set up our vendored dependencies - - if [[ "$TOR_RUST_DEPENDENCIES" == "true" ]]; then export TOR_RUST_DEPENDENCIES=$PWD/src/ext/rust/crates; fi ## If we're running chutney, install it. - if [[ "$CHUTNEY" != "" ]]; then git clone --depth 1 https://github.com/torproject/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi ## If we're running stem, install it. @@ -215,13 +175,6 @@ install: ## Finally, list installed package versions - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew list --versions; fi - ## Get some info about rustup, rustc and cargo - - if [[ "$RUST_OPTIONS" != "" ]]; then which rustup; fi - - if [[ "$RUST_OPTIONS" != "" ]]; then which rustc; fi - - if [[ "$RUST_OPTIONS" != "" ]]; then which cargo; fi - - if [[ "$RUST_OPTIONS" != "" ]]; then rustup --version; fi - - if [[ "$RUST_OPTIONS" != "" ]]; then rustc --version; fi - - if [[ "$RUST_OPTIONS" != "" ]]; then cargo --version; fi ## Get python version - python --version ## If we're running chutney, show the chutney commit @@ -240,7 +193,7 @@ script: # Skip test_rebind and test_include on macOS - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export TOR_SKIP_TEST_REBIND=true; export TOR_SKIP_TEST_INCLUDE=true; fi - ./autogen.sh - - CONFIGURE_FLAGS="$ASCIIDOC_OPTIONS $COVERAGE_OPTIONS $HARDENING_OPTIONS $MODULES_OPTIONS $NSS_OPTIONS $OPENSSL_OPTIONS $RUST_OPTIONS --enable-fatal-warnings --disable-silent-rules" + - CONFIGURE_FLAGS="$ASCIIDOC_OPTIONS $COVERAGE_OPTIONS $HARDENING_OPTIONS $MODULES_OPTIONS $NSS_OPTIONS $OPENSSL_OPTIONS --enable-fatal-warnings --disable-silent-rules" - echo "Configure flags are $CONFIGURE_FLAGS CC=\"$CC $C_DIALECT_OPTIONS\"" - ./configure $CONFIGURE_FLAGS CC="$CC $C_DIALECT_OPTIONS"; ## We run `make check` because that's what https://jenkins.torproject.org does. @@ -270,9 +223,6 @@ after_failure: before_cache: ## Delete all gcov files. - if [[ "$COVERAGE_OPTIONS" != "" ]]; then make reset-gcov; fi - ## Delete the cargo registry before caching .cargo, because it's cheaper to - ## download the registry and throw it away, rather than caching it - - rm -rf $HOME/.cargo/registry notifications: irc: @@ -1,3 +1,2388 @@ +Changes in version 0.4.7.8 - 2022-06-17 + This version fixes several bugfixes including a High severity security issue + categorized as a Denial of Service. Everyone running an earlier version + should upgrade to this version. + + o Major bugfixes (congestion control, TROVE-2022-001): + - Fix a scenario where RTT estimation can become wedged, seriously + degrading congestion control performance on all circuits. This + impacts clients, onion services, and relays, and can be triggered + remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes + bug 40626; bugfix on 0.4.7.5-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on June 17, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/06/17. + + o Minor bugfixes (linux seccomp2 sandbox): + - Allow the rseq system call in the sandbox. This solves a crash + issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug + 40601; bugfix on 0.3.5.11. + + o Minor bugfixes (logging): + - Demote a harmless warn log message about finding a second hop to + from warn level to info level, if we do not have enough + descriptors yet. Leave it at notice level for other cases. Fixes + bug 40603; bugfix on 0.4.7.1-alpha. + - Demote a notice log message about "Unexpected path length" to info + level. These cases seem to happen arbitrarily, and we likely will + never find all of them before the switch to arti. Fixes bug 40612; + bugfix on 0.4.7.5-alpha. + + o Minor bugfixes (relay, logging): + - Demote a harmless XOFF log message to from notice level to info + level. Fixes bug 40620; bugfix on 0.4.7.5-alpha. + + +Changes in version 0.4.7.7 - 2022-04-27 + This is the first stable version of the 0.4.7.x series. This series includes + several major bugfixes from previous series and one massive new feature: + congestion control. + + Congestion control should improve traffic speed and stability on the network + once a majority of Exit upgrade. You can find more details about it in + proposal 324 in the torspec.git repository. + + For a complete list of changes since 0.4.6.10, see the ReleaseNotes file. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on April 27, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/04/27. + + o Minor bugfixes (congestion control, client side logs): + - Demote a warn about 1-hop circuits using congestion control down to + info; Demote the 4-hop case to notice. Fixes bug 40598; bugfix on + 0.4.5-alpha. + + +Changes in version 0.4.7.6-rc - 2022-04-07 + This is the first release candidate of the 0.4.7.x series. Only one minor + bugfix went in since the last alpha couple weeks ago. We strongly recommend + anyone running an alpha version to upgrade to this version. Unless major + problems are found, the next release will finally be the stable! + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on April 07, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/04/07. + + o Minor features (linux seccomp2 sandbox): + - Permit the clone3 syscall, which is apparently used in glibc-2.34 + and later. Closes ticket 40590. + + +Changes in version 0.4.7.5-alpha - 2022-03-25 + This version contains, of what we hope, the final work for congestion + control paving the way to the stable version. We expect this to be the last + alpha version of the 0.4.7.x series. Mostly minor bugfixes except one major + bugfix that changes how Tor behaves with DNS timeouts for Exit relays. As + always with an alpha, we recommend all relay operators to upgrade from + previous alpha to this one. + + o Major bugfixes (onion service, congestion control): + - Fix the onion service upload case where the congestion control + parameters were not added to the right object. Fixes bug 40586; + bugfix on 0.4.7.4-alpha. + + o Major bugfixes (relay, DNS): + - Lower the DNS timeout from 3 attempts at 5 seconds each to 2 + attempts at 1 seconds each. Two new consensus parameters were + added to control these values. This change should improve observed + performance under DNS load; see ticket for more details. Fixes bug + 40312; bugfix on 0.3.5.1-alpha. + + o Minor features (control port): + - Provide congestion control fields on CIRC_BW and STREAM control + port events, for use by sbws. Closes ticket 40568. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on March 25, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/03/25. + + o Minor bugfixes (DNSPort, dormant mode): + - A request on the DNSPort now wakes up a dormant tor. Fixes bug + 40577; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (metrics port, onion service): + - Fix the metrics with a port label to be unique. Before this, all + ports of an onion service would be on the same line which violates + the Prometheus rules of unique labels. Fixes bug 40581; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (onion service congestion control): + - Avoid a non-fatal assertion failure in the case where we fail to + set up congestion control on a rendezvous circuit. This could + happen naturally if a cache entry expired at an unexpected time. + Fixes bug 40576; bugfix on 0.4.7.4-alpha. + + o Minor bugfixes (onion service, client): + - Fix a rare but fatal assertion failure due to a guard subsystem + recursion triggered by the onion service client. Fixes bug 40579; + bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (relay, overload): + - Decide whether to signal overload based on a fraction and + assessment period of ntor handshake drops. Previously, a single + drop could trigger an overload state, which caused many false + positives. Fixes bug 40560; bugfix on 0.4.7.1-alpha. + + +Changes in version 0.4.7.4-alpha - 2022-02-25 + This version contains the negotiation congestion control work which is the + final part needed before going stable. There are also various bugfixes + including two major ones detailed below. Last, the Exit notice page layout + has been modernized but the text is unchanged. We recommend that all relay + operators running any previous alpha upgrade to this one. + + o Major features (relay, client, onion services): + - Implement RTT-based congestion control for exits and onion + services, from Proposal 324. Disabled by default. Enabled by the + 'cc_alg' consensus parameter. Closes ticket 40444. + + o Major bugfixes (client): + - Stop caching TCP connect failures to relays/bridges when we + initiated the connection as a client. Now we only cache connect + failures as a relay or bridge when we initiated them because of an + EXTEND request. Declining to re-attempt the client-based + connections could cause problems when we lose connectivity and try + to reconnect. Fixes bug 40499; bugfix on 0.3.3.4-alpha. + + o Major bugfixes (relay, overload): + - Do not trigger a general overload on DNS timeout. Even after + fixing 40527, some code remained that triggered the overload. + Fixes bug 40564; bugfix on 0.4.7.1-alpha. + + o Minor feature (authority, relay): + - Reject End-Of-Life relays running version 0.3.5.x. Closes + ticket 40559. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on February 25, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/25. + + o Minor bugfix (logging): + - Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): + - Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (cell scheduling): + - Avoid writing empty payload with NSS write. + - Don't attempt to write 0 bytes after a cell scheduling loop. No + empty payload was put on the wire. Fixes bug 40548; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (compilation): + - Resume being able to build on old / esoteric gcc versions. Fixes + bug 40550; bugfix on 0.4.7.1-alpha. + + o Minor bugfixes (compiler warnings): + - Fix couple compiler warnings on latest Ubuntu Jammy. Fixes bug + 40516; bugfix on 0.3.5.1-alpha. + + o Documentation: + - Provide an improved version of the tor-exit-notice.html file for + exit relays to use as a landing page. The text is unchanged, but + the page design and layout are significantly modernized, and + several links are fixed. Patch from "n_user"; closes ticket 40529. + + +Changes in version 0.4.6.10 - 2022-02-04 + This version contains minor bugfixes but one in particular is that relays + don't advertise onion service v2 support at the protocol version level. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): + - Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): + - Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (MetricsPort, Prometheus): + - Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + +Changes in version 0.4.5.12 - 2022-02-04 + This version contains mostly minor bugfixes for which you can find the + details below. The previous release (0.4.5.11) was suppose to update the + GeoIP and fallbackdir lists but a problem in our release pipeline prevented + those files to be updated correctly. Thus, this release regenerates up to + date lists. Furthermore, another fix to highlight is that relays don't + advertise onion service v2 support at the protocol version level. + + o Minor feature (reproducible build): + - The repository can now build reproducible tarballs which adds the + build command "make dist-reprod" for that purpose. Closes + ticket 26299. + + o Minor features (compilation): + - Give an error message if trying to build with a version of + LibreSSL known not to work with Tor. (There's an incompatibility + with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of + their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes + ticket 40511. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): + - Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): + - Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (compilation): + - Fix a compilation error when trying to build Tor with a compiler + that does not support expanding statically initialized const + values in macro's. Fixes bug 40410; bugfix on 0.4.5.1-alpha + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than + to change whether we suppress deprecated API warnings. Fixes bug + 40429; bugfix on 0.3.5.13. + + o Minor bugfixes (MetricsPort, Prometheus): + - Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay): + - Reject IPv6-only DirPorts. Our reachability self-test forces + DirPorts to be IPv4, but our configuration parser allowed them to + be IPv6-only, which led to an assertion failure. Fixes bug 40494; + bugfix on 0.4.5.1-alpha. + + +Changes in version 0.4.7.3-alpha - 2021-12-15 + This third alpha release of the 0.4.7.x series fixes several bugs including + two major ones affecting Bridges and Relays (see below). If you are running + an earlier 0.4.7.x version, you should upgrade to this version. + + o Major bugfixes (bridges): + - Make Tor work reliably again when you have multiple bridges + configured and one or more of them are unreachable. The problem + came because we require that we have bridge descriptors for both + of our first two bridges (else we refuse to try to connect), but + in some cases we would wait three hours before trying to fetch + these missing descriptors, and/or never recover when we do try to + fetch them. Fixes bugs 40396 and 40495; bugfix on 0.3.0.5-rc + and 0.3.2.1-alpha. + + o Major bugfixes (relay, overload): + - Change the MetricsPort DNS "timeout" label to be "tor_timeout" in + order to indicate that this was a DNS timeout from tor perspective + and not the DNS server itself. + - Deprecate overload_dns_timeout_period_secs and + overload_dns_timeout_scale_percent consensus parameters as well. + They were used to assess the overload state which is no more now. + - Don't make Tor DNS timeout trigger an overload general state. + These timeouts are different from DNS server timeout. They have to + be seen as timeout related to UX and not because of a network + problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha. + + o Minor feature (reproducible build): + - The repository can now build reproducible tarballs which adds the + build command "make dist-reprod" for that purpose. Closes + ticket 26299. + + o Minor features (compilation): + - Give an error message if trying to build with a version of + LibreSSL known not to work with Tor. (There's an incompatibility + with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of + their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes + ticket 40511. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on December 15, 2021. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/12/15. + + o Minor features (portability): + - Try to prevent a compiler warning about printf arguments that + could sometimes occur on MSYS2 depending on the configuration. + Closes ticket 40355. + + o Minor bugfix (pluggable transport): + - Do not kill a managed proxy if one of its transport configurations + emits a method error. Instead log a warning and continue processing + method arguments. Fixes bug 7362; bugfix on 0.2.3.6-alpha. + + o Minor bugfixes (bridges): + - When we don't yet have a descriptor for one of our bridges, + disable the entry guard retry schedule on that bridge. The entry + guard retry schedule and the bridge descriptor retry schedule can + conflict, e.g. where we mark a bridge as "maybe up" yet we don't + try to fetch its descriptor yet, leading Tor to wait (refusing to + do anything) until it becomes time to fetch the descriptor. Fixes + bug 40497; bugfix on 0.3.0.3-alpha. + + o Minor bugfixes (compilation): + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than + to change whether we suppress deprecated API warnings. Fixes bug + 40429; bugfix on 0.3.5.13. + + o Minor bugfixes (controller, path bias): + - When a circuit's path is specified, in full or in part, from the + controller API, do not count that circuit towards our path-bias + calculations. (Doing so was incorrect, since we cannot tell + whether the controller is selecting relays randomly.) Resolves a + "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (logging): + - When we no longer have enough directory information to use the + network, we would log a notice-level message -- but we would not + reliably log a message when we recovered and resumed using the + network. Now make sure there is always a corresponding message + about recovering. Fixes bug 40496; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack + found by OSS-Fuzz in our consensus-diff parsing code. This attack + causes a lot small of memory allocations and then immediately + frees them: this is only slow when running with all the sanitizers + enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - Reject IPv6-only DirPorts. Our reachability self-test forces + DirPorts to be IPv4, but our configuration parser allowed them to + be IPv6-only, which led to an assertion failure. Fixes bug 40494; + bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (sandbox): + - Fix the sandbox on i386 by modifying it to allow the + "clock_gettime64" and "statx" system calls and to filter the + "chown32" and "stat64" system calls in place of "chown" and + "stat", respectively. Fixes bug 40505; bugfix on 0.2.5.4-alpha. + + o Documentation (man, relay): + - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504; + bugfix on 0.4.6.1-alpha. + + +Changes in version 0.4.6.9 - 2021-12-15 + This version fixes several bugs from earlier versions of Tor. One important + piece is the removal of DNS timeout metric from the overload general signal. + See below for more details. + + o Major bugfixes (relay, overload): + - Don't make Tor DNS timeout trigger an overload general state. + These timeouts are different from DNS server timeout. They have to + be seen as timeout related to UX and not because of a network + problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha. + + o Minor feature (reproducible build): + - The repository can now build reproducible tarballs which adds the + build command "make dist-reprod" for that purpose. Closes + ticket 26299. + + o Minor features (compilation): + - Give an error message if trying to build with a version of + LibreSSL known not to work with Tor. (There's an incompatibility + with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of + their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes + ticket 40511. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on December 15, 2021. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/12/15. + + o Minor bugfixes (compilation): + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than + to change whether we suppress deprecated API warnings. Fixes bug + 40429; bugfix on 0.3.5.13. + + o Minor bugfixes (relay): + - Reject IPv6-only DirPorts. Our reachability self-test forces + DirPorts to be IPv4, but our configuration parser allowed them to + be IPv6-only, which led to an assertion failure. Fixes bug 40494; + bugfix on 0.4.5.1-alpha. + + o Documentation (man, relay): + - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504; + bugfix on 0.4.6.1-alpha. + + +Changes in version 0.4.7.2-alpha - 2021-10-26 + This second alpha release of the 0.4.7.x series adds two major + features: congestion control (prop324) for network performance, and + the MiddleOnly flag (prop335) voted by the authorities to pin relays + to the middle position for various network health reasons. This + release also fixes numerous bugs. + + The congestion control feature, detailed in proposal 324, still needs + more work before we can enable it by default. It is currently in its + testing and tuning phase which means that you should expect more + 0.4.7.x alphas as congestion control gets stabilized and tuned for + optimal performance. And so, at this release, it can not be used + without a custom patch. + + o Major features (congestion control): + - Implement support for flow control over congestion controlled + circuits. This work comes from proposal 324. Closes ticket 40450. + + o Major features (directory authority): + - Add a new consensus method to handle MiddleOnly specially. When + enough authorities are using this method, then any relay tagged + with the MiddleOnly flag will have its Exit, Guard, HSDir, and + V2Dir flags automatically cleared, and will have its BadExit flag + automatically set. Implements part of proposal 335. + - Authorities can now be configured to label relays as "MiddleOnly". + When voting for this flag, authorities automatically vote against + Exit, Guard, HSDir, and V2Dir; and in favor of BadExit. Implements + part of proposal 335. Based on a patch from Neel Chauhan. + + o Major bugfix (relay, metrics): + - On the MetricsPort, the DNS error statistics are not reported by + record type ("record=...") anymore due to a libevent bug + (https://github.com/libevent/libevent/issues/1219). Fixes bug + 40490; bugfix on 0.4.7.1-alpha. + + o Major bugfixes (relay, overload state): + - Relays report the general overload state for DNS timeout errors + only if X% of all DNS queries over Y seconds are errors. Before + that, it only took 1 timeout to report the overload state which + was just too low of a threshold. The X and Y values are 1% and 10 + minutes respectively but they are also controlled by consensus + parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha. + + o Minor feature (authority, relay): + - Reject End-Of-Life relays running version 0.4.2.x, 0.4.3.x, + 0.4.4.x and 0.4.5 alphas/rc. Closes ticket 40480. + + o Minor feature (onion service v2): + - Onion service v2 addresses are now not recognized anymore by tor + meaning a bad hostname is returned when attempting to pass it on a + SOCKS connection. No more deprecation log is emitted client side. + Closes ticket 40476. + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor features (logging, heartbeat): + - When a relay receives a cell that isn't encrypted properly for it, + but the relay is the last hop on the circuit, the relay now counts + how many cells of this kind it receives, on how many circuits, and + reports this information in the log. Previously, we'd log each + cell at PROTOCOL_WARN level, which is far too verbose to be + useful. Fixes part of ticket 40400. + + o Minor features (testing): + - We now have separate fuzzers for the inner layers of v3 onion + service descriptors, to prevent future bugs like 40392. Closes + ticket 40488. + + o Minor bugfixes (compilation): + - Fix compilation error when __NR_time is not defined. Fixes bug + 40465; bugfix on 0.2.5.5-alpha. Patch by Daniel Pinto. + + o Minor bugfixes (dirauth, bandwidth scanner): + - Add the AuthDirDontVoteOnDirAuthBandwidth dirauth config parameter + to avoid voting on bandwidth scanner weights to v3 directory + authorities. Fixes bug 40471; bugfix on 0.2.2.1-alpha. Patch by + Neel Chauhan. + + o Minor bugfixes (fragile-hardening, sandbox): + - When building with --enable-fragile-hardening, add or relax Linux + seccomp rules to allow AddressSanitizer to execute normally if the + process terminates with the sandbox active. This has the side + effect of disabling the filtering of file- and directory-open + requests on most systems and dilutes the effectiveness of the + sandbox overall, as a wider range of system calls must be + permitted. Fixes bug 11477; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (logging): + - If a channel has never received or transmitted a cell, or seen a + client, do not calculate time diffs against 1/1/1970 but log a + better prettier message. Fixes bug 40182; bugfix on 0.2.4.4. + + o Minor bugfixes (onion service): + - Fix a warning BUG that would occur often on heavily loaded onion + service leading to filling the logs with useless warnings. Fixes + bug 34083; bugfix on 0.3.2.1-alpha. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, config): + - Fix a memory leak for a small config line string that could occur + if the onion service failed to be configured from file properly. + Fixes bug 40484; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008): + - Only log v2 access attempts once total, in order to not pollute + the logs with warnings and to avoid recording the times on disk + when v2 access was attempted. Note that the onion address was + _never_ logged. This counts as a Low-severity security issue. + Fixes bug 40474; bugfix on 0.4.5.8. + - Note that due to #40476 which removes v2 support entirely, this + log line is not emitted anymore. We still mention this in the + changelog because it is a Low-severity TROVE. + + o Minor bugfixes (usability): + - Do not log "RENDEZVOUS1 cell with unrecognized rendezvous cookie" + at LOG_PROTOCOL_WARN; instead log it at DEBUG. This warning can + happen naturally if a client gives up on a rendezvous circuit + after sending INTRODUCE1. Fixes part of bug 40400; bugfix + on 0.1.1.13-alpha. + - Do not log "circuit_receive_relay_cell failed" at + LOG_PROTOCOL_WARN; instead log it at DEBUG. In every case where we + would want to log this as a protocol warning, we are already + logging another warning from inside circuit_receive_relay_cell. + Fixes part of bug 40400; bugfix on 0.1.1.9-alpha. + + o Code simplification and refactoring: + - Lower the official maximum for "guard-extreme-restriction-percent" + to 100. This has no effect on when the guard code will generate a + warning, but it makes the intent of the option clearer. Fixes bug + 40486; bugfix on 0.3.0.1-alpha. + + o Testing: + - Add unit tests for the Linux seccomp sandbox. Resolves + issue 16803. + + o Code simplification and refactoring (rust): + - Remove Rust support and its associated code. It is unsupported and + Rust focus should be shifted to arti. Closes ticket 40469. + + o Testing (CI, chutney): + - Bump the data size that chutney transmits to 5MBytes in order to + trigger the flow control and congestion window code. Closes + ticket 40485. + + +Changes in version 0.4.6.8 - 2021-10-26 + This version fixes several bugs from earlier versions of Tor. One + highlight is a fix on how we track DNS timeouts to report general + relay overload. + + o Major bugfixes (relay, overload state): + - Relays report the general overload state for DNS timeout errors + only if X% of all DNS queries over Y seconds are errors. Before + that, it only took 1 timeout to report the overload state which + was just too low of a threshold. The X and Y values are 1% and 10 + minutes respectively but they are also controlled by consensus + parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor features (testing): + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfix (onion service): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which can thus lead + to wrongly flagging many relays and thus affecting circuit building + path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + - Improve logging when a bad HS version is given. Fixes bug 40476; + bugfix on 0.4.6.1-alpha. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (compatibility): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008): + - Only log v2 access attempts once total, in order to not pollute + the logs with warnings and to avoid recording the times on disk + when v2 access was attempted. Note that the onion address was + _never_ logged. This counts as a Low-severity security issue. + Fixes bug 40474; bugfix on 0.4.5.8. + + +Changes in version 0.4.5.11 - 2021-10-26 + The major change in this version is that v2 onion services are now + disabled at the client, service, and relay: any Tor nodes running this + version and onward will stop supporting v2 onion services. This is the + last step in the long deprecation process of v2 onion services. + Everyone running an earlier version, whether as a client, a relay, or + an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, + or 0.4.6.8. + + o Major feature (onion service v2): + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + - The control port commands HSFETCH and HSPOST no longer allow + version 2, and it is no longer possible to create a v2 service + with ADD_ONION. + - Tor no longer allows creating v2 services, or connecting as a + client to a v2 service. Relays will decline to be a v2 HSDir or + introduction point. This effectively disables onion service + version 2 Tor-wide. Closes ticket 40476. + + o Minor features (bridge, backport from 0.4.6.8): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor features (logging, diagnostic, backport from 0.4.6.5): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + o Minor features (testing, backport from 0.4.6.8): + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; + bugfix on 0.3.2.1-alpha. + + o Minor bugfix (onion service, backport from 0.4.6.8): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which can thus lead + to wrongly flagging many relays and thus affecting circuit building + path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + + o Minor bugfixes (compatibility, backport from 0.4.6.8): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (consensus handling, backport from 0.4.6.4-rc): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008, backport from 0.4.6.8): + - Only log v2 access attempts once total, in order to not pollute + the logs with warnings and to avoid recording the times on disk + when v2 access was attempted. Note that the onion address was + _never_ logged. This counts as a Low-severity security issue. + Fixes bug 40474; bugfix on 0.4.5.8. + + +Changes in version 0.3.5.17 - 2021-10-26 + The major change in this version is that v2 onion services are now + disabled at the client, service, and relay: any Tor nodes running this + version and onward will stop supporting v2 onion services. This is the + last step in the long deprecation process of v2 onion services. + Everyone running an earlier version, whether as a client, a relay, or + an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, + or 0.4.6.8. + + o Major feature (onion service v2, backport from 0.4.5.11): + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + - The control port commands HSFETCH and HSPOST no longer allow + version 2, and it is no longer possible to create a v2 service + with ADD_ONION. + - Tor no longer allows creating v2 services, or connecting as a + client to a v2 service. Relays will decline to be a v2 HSDir or + introduction point. This effectively disables onion service + version 2 Tor-wide. Closes ticket 40476. + + o Minor features (bridge, backport from 0.4.6.8): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor bugfixes (compatibility, backport from 0.4.6.8): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + +Changes in version 0.4.7.1-alpha - 2021-09-17 + This version is the first alpha release of the 0.4.7.x series. One + major feature is Vanguards Lite, from proposal 333, to help mitigate + guard discovery attacks against onion services. It also includes + numerous bugfixes. + + o Major features (Proposal 332, onion services, guard selection algorithm): + - Clients and onion services now choose four long-lived "layer 2" + guard relays for use as the middle hop in all onion circuits. + These relays are kept in place for a randomized duration averaging + 1 week. This mitigates guard discovery attacks against clients and + short-lived onion services such as OnionShare. Long-lived onion + services that need high security should still use the Vanguards + addon (https://github.com/mikeperry-tor/vanguards). Closes ticket + 40363; implements proposal 333. + + o Minor features (bridge testing support): + - Let external bridge reachability testing tools discard cached + bridge descriptors when setting new bridges, so they can be sure + to get a clean reachability test. Implements ticket 40209. + + o Minor features (fuzzing): + - When building with --enable-libfuzzer, use a set of compiler flags + that works with more recent versions of the library. Previously we + were using a set of flags from 2017. Closes ticket 40407. + + o Minor features (testing configuration): + - When TestingTorNetwork is enabled, skip the permissions check on + hidden service directories. Closes ticket 40338. + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfixes (circuit padding): + - Don't send STOP circuit padding cells when the other side has + already shut down the corresponding padding machine. Fixes bug + 40435; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (compatibility): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (control, sandbox): + - Allows the control command SAVECONF to succeed when the seccomp + sandbox is enabled. Makes SAVECONF keep only one backup file, to + simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. + Patch by Daniel Pinto. + + o Minor bugfixes (heartbeat): + - Adjust the heartbeat log message about distinct clients to + consider the HeartbeatPeriod rather than a flat 6-hour delay. + Fixes bug 40330; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (logging, relay): + - Add spaces between the "and" when logging the "Your server has not + managed to confirm reachability for its" on dual-stack relays. + Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (onion service): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which leads to + wrongly flagging many relays and thus affecting circuit path + selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + + o Minor bugfixes (statistics): + - Fix a fencepost issue when we check stability_last_downrated where + we called rep_hist_downrate_old_runs() twice. Fixes bug 40394; + bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (tests): + - Fix a bug that prevented some tests from running with the correct + names. Fixes bug 40365; bugfix on 0.4.3.1-alpha. + + o Documentation: + - Add links to original tor design paper and anonbib to + docs/HACKING/README.1st.md. Closes ticket 33742. Patch from + Emily Bones. + - Describe the "fingerprint-ed25519" file in the tor.1 man page. + Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan. + + +Changes in version 0.4.6.7 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, + including one that could lead to a denial-of-service attack. Everyone + running an earlier version, whether as a client, a relay, or an onion + service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between + our batch-signature verification code and our single-signature + verification code. This assertion failure could be triggered + remotely, leading to a denial of service attack. We fix this issue + by disabling batch verification. Fixes bug 40078; bugfix on + 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and + CVE-2021-38385. Found by Henry de Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/08/12. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. + Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry + de Valence. + + o Minor bugfixes (onion service): + - Send back the extended SOCKS error 0xF6 (Onion Service Invalid + Address) for a v2 onion address. Fixes bug 40421; bugfix + on 0.4.6.2-alpha. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW + in order to reduce CPU load on the directory relays. Fixes bug + 40301; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating voting + schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + +Changes in version 0.4.5.10 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, + including one that could lead to a denial-of-service attack. Everyone + running an earlier version, whether as a client, a relay, or an onion + service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between + our batch-signature verification code and our single-signature + verification code. This assertion failure could be triggered + remotely, leading to a denial of service attack. We fix this issue + by disabling batch verification. Fixes bug 40078; bugfix on + 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and + CVE-2021-38385. Found by Henry de Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/08/12. + + o Minor features (testing): + - Enable the deterministic RNG for unit tests that covers the + address set bloomfilter-based API's. Fixes bug 40419; bugfix + on 0.3.3.2-alpha. + + o Minor bugfix (crypto, backport from 0.4.6.7): + - Disable the unused batch verification feature of ed25519-donna. + Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry + de Valence. + + o Minor bugfixes (relay, backport from 0.4.6.7): + - Reduce the compression level for data streaming from HIGH to LOW. + Fixes bug 40301; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping, backport from 0.4.6.7): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating voting + schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + o Minor bugfixes (warnings, portability, backport from 0.4.6.6): + - Suppress a strict-prototype warning when building with some + versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.3.5.16 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, + including one that could lead to a denial-of-service attack. Everyone + running an earlier version, whether as a client, a relay, or an onion + service, should upgrade to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between + our batch-signature verification code and our single-signature + verification code. This assertion failure could be triggered + remotely, leading to a denial of service attack. We fix this issue + by disabling batch verification. Fixes bug 40078; bugfix on + 0.2.6.1-alpha. This issue is also tracked as TROVE-2021-007 and + CVE-2021-38385. Found by Henry de Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/08/12. + + o Minor bugfix (crypto, backport from 0.4.6.7): + - Disable the unused batch verification feature of ed25519-donna. + Fixes bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry + de Valence. + + o Minor bugfixes (relay, backport from 0.4.6.7): + - Reduce the compression level for data streaming from HIGH to LOW. + Fixes bug 40301; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.4.6.6 - 2021-06-30 + Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that + allows Tor to build correctly on older versions of GCC. You should + upgrade to this version if you were having trouble building Tor + 0.4.6.5; otherwise, there is probably no need. + + o Minor bugfixes (compilation): + - Fix a compilation error when trying to build Tor with a compiler + that does not support const variables in static initializers. + Fixes bug 40410; bugfix on 0.4.6.5. + - Suppress a strict-prototype warning when building with some + versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing): + - Enable the deterministic RNG for unit tests that covers the + address set bloomfilter-based API's. Fixes bug 40419; bugfix + on 0.3.3.2-alpha. + + +Changes in version 0.4.5.9 - 2021-06-14 + Tor 0.4.5.9 fixes several security issues, including a + denial-of-service attack against onion service clients, and another + denial-of-service attack against relays. Everybody should upgrade to + one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + o Major bugfixes (security, backport from 0.4.6.5): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service, backport from 0.4.6.5): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor features (compatibility, backport from 0.4.6.4-rc): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor bugfixes (control, sandbox, backport from 0.4.6.4-rc): + - Allow the control command SAVECONF to succeed when the seccomp + sandbox is enabled, and make SAVECONF keep only one backup file to + simplify implementation. Previously SAVECONF allowed a large + number of backup files, which made it incompatible with the + sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by + Daniel Pinto. + + o Minor bugfixes (metrics port, backport from 0.4.6.4-rc): + - Fix a bug that made tor try to re-bind() on an already open + MetricsPort every 60 seconds. Fixes bug 40370; bugfix + on 0.4.5.1-alpha. + + +Changes in version 0.4.4.9 - 2021-06-14 + Tor 0.4.4.9 fixes several security issues, including a + denial-of-service attack against onion service clients, and another + denial-of-service attack against relays. Everybody should upgrade to + one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + Note that the scheduled end-of-life date for the Tor 0.4.4.x series is + June 15. This is therefore the last release in its series. Everybody + still running 0.4.4.x should plan to upgrade to 0.4.5.x or later. + + o Major bugfixes (security, backport from 0.4.6.5): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service, backport from 0.4.6.5): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor features (compatibility, backport from 0.4.6.4-rc): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + +Changes in version 0.3.5.15 - 2021-06-14 + Tor 0.3.5.15 fixes several security issues, including a + denial-of-service attack against onion service clients, and another + denial-of-service attack against relays. Everybody should upgrade to + one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + o Major bugfixes (security, backport from 0.4.6.5): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service, backport from 0.4.6.5): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + o Minor features (compatibility, backport from 0.4.6.4-rc): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + +Changes in version 0.4.6.5 - 2021-06-14 + Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x + series includes numerous features and bugfixes, including a significant + improvement to our circuit timeout algorithm that should improve + observed client performance, and a way for relays to report when they are + overloaded. + + This release also includes security fixes for several security issues, + including a denial-of-service attack against onion service clients, + and another denial-of-service attack against relays. Everybody should + upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + Below are the changes since 0.4.6.4-rc. For a complete list of changes + since 0.4.5.8, see the ReleaseNotes file. + + o Major bugfixes (security): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor features (logging, diagnostic): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + +Changes in version 0.4.6.4-rc - 2021-05-28 + Tor 0.4.6.4-rc fixes a few bugs from previous releases. This, we hope, + the final release candidate in its series: unless major new issues are + found, the next release will be stable. + + o Minor features (compatibility): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor bugfixes (consensus handling): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (control, sandbox): + - Allow the control command SAVECONF to succeed when the seccomp + sandbox is enabled, and make SAVECONF keep only one backup file to + simplify implementation. Previously SAVECONF allowed a large + number of backup files, which made it incompatible with the + sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by + Daniel Pinto. + + o Minor bugfixes (metrics port): + - Fix a bug that made tor try to re-bind() on an already open + MetricsPort every 60 seconds. Fixes bug 40370; bugfix + on 0.4.5.1-alpha. + + o Removed features: + - Remove unneeded code for parsing private keys in directory + documents. This code was only used for client authentication in v2 + onion services, which are now unsupported. Closes ticket 40374. + + +Changes in version 0.4.5.8 - 2021-05-10 + Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes + from the 0.4.6.x series. + + o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc): + - Add a workaround to enable the Linux sandbox to work correctly + with Glibc 2.33. This version of Glibc has started using the + fstatat() system call, which previously our sandbox did not allow. + Closes ticket 40382; see the ticket for a discussion of trade-offs. + + o Minor features (compilation, backport from 0.4.6.3-rc): + - Make the autoconf script build correctly with autoconf versions + 2.70 and later. Closes part of ticket 40335. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/05/07. + + o Minor features (onion services): + - Add warning message when connecting to now deprecated v2 onion + services. As announced, Tor 0.4.5.x is the last series that will + support v2 onions. Closes ticket 40373. + + o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha): + - Fix a regression that made it impossible start Tor using a bridge + line with a transport name and no fingerprint. Fixes bug 40360; + bugfix on 0.4.5.4-rc. + + o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc): + - Allow a custom "ar" for cross-compilation. Our previous build + script had used the $AR environment variable in most places, but + it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (controller, backport from 0.4.6.1-alpha): + - Fix a "BUG" warning that would appear when a controller chooses + the first hop for a circuit, and that circuit completes. Fixes bug + 40285; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, client, memory leak, backport from 0.4.6.3-rc): + - Fix a bug where an expired cached descriptor could get overwritten + with a new one without freeing it, leading to a memory leak. Fixes + bug 40356; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha): + - Fix pattern-matching errors when patterns expand to invalid paths + on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by + Daniel Pinto. + + +Changes in version 0.4.6.3-rc - 2021-05-10 + Tor 0.4.6.3-rc is the first release candidate in its series. It fixes + a few small bugs from previous versions, and adds a better error + message when trying to use (no longer supported) v2 onion services. + + Though we anticipate that we'll be doing a bit more clean-up between + now and the stable release, we expect that our remaining changes will + be fairly simple. There will likely be at least one more release + candidate before 0.4.6.x is stable. + + o Major bugfixes (onion service, control port): + - Make the ADD_ONION command properly configure client authorization. + Before this fix, the created onion failed to add the client(s). + Fixes bug 40378; bugfix on 0.4.6.1-alpha. + + o Minor features (compatibility, Linux seccomp sandbox): + - Add a workaround to enable the Linux sandbox to work correctly + with Glibc 2.33. This version of Glibc has started using the + fstatat() system call, which previously our sandbox did not allow. + Closes ticket 40382; see the ticket for a discussion of trade-offs. + + o Minor features (compilation): + - Make the autoconf script build correctly with autoconf versions + 2.70 and later. Closes part of ticket 40335. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/05/07. + + o Minor features (onion services): + - Add a warning message when trying to connect to (no longer + supported) v2 onion services. Closes ticket 40373. + + o Minor bugfixes (build, cross-compilation): + - Allow a custom "ar" for cross-compilation. Our previous build + script had used the $AR environment variable in most places, but + it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (compiler warnings): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (logging, relay): + - Emit a warning if an Address is found to be internal and tor can't + use it. Fixes bug 40290; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (onion service, client, memory leak): + - Fix a bug where an expired cached descriptor could get overwritten + with a new one without freeing it, leading to a memory leak. Fixes + bug 40356; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.4.6.2-alpha - 2021-04-15 + Tor 0.4.6.2-alpha is the second alpha in its series. It fixes several + small bugs in previous releases, and solves other issues that had + enabled denial-of-service attacks and affected integration with + other tools. + + o Minor features (client): + - Clients now check whether their streams are attempting to re-enter + the Tor network (i.e. to send Tor traffic over Tor), and close + them preemptively if they think exit relays will refuse them for + this reason. See ticket 2667 for details. Closes ticket 40271. + + o Minor features (command line): + - Add long format name "--torrc-file" equivalent to the existing + command-line option "-f". Closes ticket 40324. Patch by + Daniel Pinto. + + o Minor features (dormant mode): + - Add a new 'DormantTimeoutEnabled' option to allow coarse-grained + control over whether the client ever becomes dormant from + inactivity. Most people won't need this. Closes ticket 40228. + + o Minor features (fallback directory list): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/04/13. + + o Minor features (logging): + - Edit heartbeat log messages so that more of them begin with the + string "Heartbeat: ". Closes ticket 40322; patch + from 'cypherpunks'. + + o Minor bugfixes (bridge, pluggable transport): + - Fix a regression that made it impossible start Tor using a bridge + line with a transport name and no fingerprint. Fixes bug 40360; + bugfix on 0.4.5.4-rc. + + o Minor bugfixes (channel, DoS): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compilation): + - Fix a compilation warning about unused functions when building + with a libc that lacks the GLOB_ALTDIRFUNC constant. Fixes bug + 40354; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. + + o Minor bugfixes (configuration): + - Fix pattern-matching for directories on all platforms when using + %include options in configuration files. This patch also fixes + compilation on musl libc based systems. Fixes bug 40141; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (relay): + - Move the "overload-general" line from extrainfo to the server + descriptor. Fixes bug 40364; bugfix on 0.4.6.1-alpha. + + o Minor bugfixes (testing, BSD): + - Fix pattern-matching errors when patterns expand to invalid paths + on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by + Daniel Pinto. + + o Documentation (manual): + - Move the ServerTransport* options to the "SERVER OPTIONS" section. + Closes issue 40331. + - Indicate that the HiddenServiceStatistics option also applies to + bridges. Closes ticket 40346. + - Move the description of BridgeRecordUsageByCountry to the section + "STATISTICS OPTIONS". Closes ticket 40323. + + +Changes in version 0.4.6.1-alpha - 2021-03-18 + Tor 0.4.6.1-alpha is the first alpha release in the 0.4.6.x series. It + improves client circuit performance, adds missing features, and + improves some of our DoS handling and statistics reporting. It also + includes numerous smaller bugfixes. + + Below are the changes since 0.4.5.7. (Note that this release DOES + include the fixes for the security bugs already fixed in 0.4.5.7.) + + o Major features (control port, onion services): + - Add controller support for creating version 3 onion services with + client authorization. Previously, only v2 onion services could be + created with client authorization. Closes ticket 40084. Patch by + Neel Chauhan. + + o Major features (directory authority): + - When voting on a relay with a Sybil-like appearance, add the Sybil + flag when clearing out the other flags. This lets a relay operator + know why their relay hasn't been included in the consensus. Closes + ticket 40255. Patch by Neel Chauhan. + + o Major features (metrics): + - Relays now report how overloaded they are in their extrainfo + documents. This information is controlled with the + OverloadStatistics torrc option, and it will be used to improve + decisions about the network's load balancing. Implements proposal + 328; closes ticket 40222. + + o Major features (relay, denial of service): + - Add a new DoS subsystem feature to control the rate of client + connections for relays. Closes ticket 40253. + + o Major features (statistics): + - Relays now publish statistics about the number of v3 onion + services and volume of v3 onion service traffic, in the same + manner they already do for v2 onions. Closes ticket 23126. + + o Major bugfixes (circuit build timeout): + - Improve the accuracy of our circuit build timeout calculation for + 60%, 70%, and 80% build rates for various guard choices. We now + use a maximum likelihood estimator for Pareto parameters of the + circuit build time distribution, instead of a "right-censored + estimator". This causes clients to ignore circuits that never + finish building in their timeout calculations. Previously, clients + were counting such unfinished circuits as having the highest + possible build time value, when in reality these circuits most + likely just contain relays that are offline. We also now wait a + bit longer to let circuits complete for measurement purposes, + lower the minimum possible effective timeout from 1.5 seconds to + 10ms, and increase the resolution of the circuit build time + histogram from 50ms bin widths to 10ms bin widths. Additionally, + we alter our estimate Xm by taking the maximum of the top 10 most + common build time values of the 10ms histogram, and compute Xm as + the average of these. Fixes bug 40168; bugfix on 0.2.2.14-alpha. + - Remove max_time calculation and associated warning from circuit + build timeout 'alpha' parameter estimation, as this is no longer + needed by our new estimator from 40168. Fixes bug 34088; bugfix + on 0.2.2.9-alpha. + + o Major bugfixes (signing key): + - In the tor-gencert utility, give an informative error message if + the passphrase given in `--create-identity-key` is too short. + Fixes bug 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan. + + o Minor features (bridge): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (build system): + - New "make lsp" command to auto generate the compile_commands.json + file used by the ccls server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (command-line interface): + - Add build informations to `tor --version` in order to ease + reproducible builds. Closes ticket 32102. + - When parsing command-line flags that take an optional argument, + treat the argument as absent if it would start with a '-' + character. Arguments in that form are not intelligible for any of + our optional-argument flags. Closes ticket 40223. + - Allow a relay operator to list the ed25519 keys on the command + line by adding the `rsa` and `ed25519` arguments to the + --list-fingerprint flag to show the respective RSA and ed25519 + relay fingerprint. Closes ticket 33632. Patch by Neel Chauhan. + + o Minor features (control port, stream handling): + - Add the stream ID to the event line in the ADDRMAP control event. + Closes ticket 40249. Patch by Neel Chauhan. + + o Minor features (dormant mode): + - Add a new 'DormantTimeoutEnabled' option for coarse-grained + control over whether the client can become dormant from + inactivity. Most people won't need this. Closes ticket 40228. + + o Minor features (logging): + - Change the DoS subsystem heartbeat line format to be more clear on + what has been detected/rejected, and which option is disabled (if + any). Closes ticket 40308. + - In src/core/mainloop/mainloop.c and src/core/mainloop/connection.c, + put brackets around IPv6 addresses in log messages. Closes ticket + 40232. Patch by Neel Chauhan. + + o Minor features (performance, windows): + - Use SRWLocks to implement locking on Windows. Replaces the + "critical section" locking implementation with the faster + SRWLocks, available since Windows Vista. Closes ticket 17927. + Patch by Daniel Pinto. + + o Minor features (protocol, proxy support, defense in depth): + - Close HAProxy connections if they somehow manage to send us data + before we start reading. Closes another case of ticket 40017. + + o Minor features (tests, portability): + - Port the hs_build_address.py test script to work with recent + versions of python. Closes ticket 40213. Patch from + Samanta Navarro. + + o Minor features (vote document): + - Add a "stats" line to directory authority votes, to report various + statistics that authorities compute about the relays. This will + help us diagnose the network better. Closes ticket 40314. + + o Minor bugfixes (build): + - The configure script now shows whether or not lzma and zstd have + been used, not just if the enable flag was passed in. Fixes bug + 40236; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (compatibility): + - Fix a failure in the test cases when running on the "hppa" + architecture, along with a related test that might fail on other + architectures in the future. Fixes bug 40274; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (controller): + - Fix a "BUG" warning that would appear when a controller chooses + the first hop for a circuit, and that circuit completes. Fixes bug + 40285; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (directory authorities, voting): + - Add a new consensus method (31) to support any future changes that + authorities decide to make to the value of bwweightscale or + maxunmeasuredbw. Previously, there was a bug that prevented the + authorities from parsing these consensus parameters correctly under + most circumstances. Fixes bug 19011; bugfix on 0.2.2.10-alpha. + + o Minor bugfixes (ipv6): + - Allow non-SOCKSPorts to disable IPv4, IPv6, and PreferIPv4. Some + rare configurations might break, but in this case you can disable + NoIPv4Traffic and NoIPv6Traffic as needed. Fixes bug 33607; bugfix + on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (key generation): + - Do not require a valid torrc when using the `--keygen` argument to + generate a signing key. This allows us to generate keys on systems + or users which may not run Tor. Fixes bug 40235; bugfix on + 0.2.7.2-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (onion services, logging): + - Downgrade the severity of a few rendezvous circuit-related + warnings from warning to info. Fixes bug 40207; bugfix on + 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW. + This should reduce the CPU and memory burden for directory caches. + Fixes bug 40301; bugfix on 0.3.5.1-alpha. + + o Code simplification and refactoring: + - Remove the orconn_ext_or_id_map structure and related functions. + (Nothing outside of unit tests used them.) Closes ticket 33383. + Patch by Neel Chauhan. + + o Removed features: + - As of this release, Tor no longer supports the old v2 onion + services. They were deprecated last July for security, and support + will be removed entirely later this year. We strongly encourage + everybody to migrate to v3 onion services. For more information, + see https://blog.torproject.org/v2-deprecation-timeline . Closes + ticket 40266. (NOTE: We accidentally released an earlier version + of the 0.4.6.1-alpha changelog without this entry. Sorry for + the confusion!) + + o Code simplification and refactoring (metrics, DoS): + - Move the DoS subsystem into the subsys manager, including its + configuration options. Closes ticket 40261. + + o Removed features (relay): + - Because DirPorts are only used on authorities, relays no longer + advertise them. Similarly, self-testing for DirPorts has been + disabled, since an unreachable DirPort is no reason for a relay + not to advertise itself. (Configuring a DirPort will still work, + for now.) Closes ticket 40282. + + +Changes in version 0.3.5.14 - 2021-03-16 + Tor 0.3.5.14 backports fixes for two important denial-of-service bugs + in earlier versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a + compatibility issue. + + o Major bugfixes (security, denial of service, backport from 0.4.5.7): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data, backport from 0.4.5.7): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Removed features (mallinfo deprecated, backport from 0.4.5.7): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.4.8 - 2021-03-16 + Tor 0.4.4.8 backports fixes for two important denial-of-service bugs + in earlier versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a + compatibility issue. + + o Major bugfixes (security, denial of service, backport from 0.4.5.7): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data, backport from 0.4.5.7): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Removed features (mallinfo deprecated, backport from 0.4.5.7): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.5.7 - 2021-03-16 + Tor 0.4.5.7 fixes two important denial-of-service bugs in earlier + versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a few + smaller bugs in earlier releases. + + o Major bugfixes (security, denial of service): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Minor bugfixes (directory authority): + - Now that exit relays don't allow exit connections to directory + authority DirPorts (to prevent network reentry), disable + authorities' reachability self test on the DirPort. Fixes bug + 40287; bugfix on 0.4.5.5-rc. + + o Minor bugfixes (documentation): + - Fix a formatting error in the documentation for + VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (Linux, relay): + - Fix a bug in determining total available system memory that would + have been triggered if the format of Linux's /proc/meminfo file + had ever changed to include "MemTotal:" in the middle of a line. + Fixes bug 40315; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (metrics port): + - Fix a BUG() warning on the MetricsPort for an internal missing + handler. Fixes bug 40295; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (onion service): + - Remove a harmless BUG() warning when reloading tor configured with + onion services. Fixes bug 40334; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (portability): + - Fix a non-portable usage of "==" with "test" in the configure + script. Fixes bug 40298; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay): + - Remove a spammy log notice falsely claiming that the IPv4/v6 + address was missing. Fixes bug 40300; bugfix on 0.4.5.1-alpha. + - Do not query the address cache early in the boot process when + deciding if a relay needs to fetch early directory information + from an authority. This bug resulted in a relay falsely believing + it didn't have an address and thus triggering an authority fetch + at each boot. Related to our fix for 40300. + + o Removed features (mallinfo deprecated): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.5.6 - 2021-02-15 + The Tor 0.4.5.x release series is dedicated to the memory of Karsten + Loesing (1979-2020), Tor developer, cypherpunk, husband, and father. + Karsten is best known for creating the Tor metrics portal and leading + the metrics team, but he was involved in Tor from the early days. For + example, while he was still a student he invented and implemented the + v2 onion service directory design, and he also served as an ambassador + to the many German researchers working in the anonymity field. We + loved him and respected him for his patience, his consistency, and his + welcoming approach to growing our community. + + This release series introduces significant improvements in relay IPv6 + address discovery, a new "MetricsPort" mechanism for relay operators + to measure performance, LTTng support, build system improvements to + help when using Tor as a static library, and significant bugfixes + related to Windows relay performance. It also includes numerous + smaller features and bugfixes. + + Below are the changes since 0.4.4.4-rc. For a complete list of changes + since 0.4.4.7, see the ReleaseNotes file. + + o Major bugfixes (IPv6, relay): + - Fix a bug that prevented a relay from publishing its descriptor if + an auto-discovered IPv6 that was found unreachable. Fixes bug + 40279; bugfix on 0.4.5.1-alpha. + + o Minor features (protocol versions): + - Stop claiming to support the "DirCache=1" subprotocol version. + Technically, we stopped supporting this subprotocol back in + 0.4.5.1-alpha, but we needed to wait for the authorities to stop + listing it as "required" before we could drop it from the list. + Closes ticket 40221. + + o Minor bugfixes (logging): + - Avoid a spurious log message about missing subprotocol versions, + when the consensus that we're reading from is older than the + current release. Previously we had made this message nonfatal, but + in practice, it is never relevant when the consensus is older than + the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (metrics port): + - Fix a bug warning when a metrics port socket was unexpectedly + closed. Fixes bug 40257; bugfix on 0.4.5.1-alpha + + o Minor bugfixes (relay): + - Allow relays to have a RFC1918 address if PublishServerDescriptor + is set to 0 and AssumeReachable is set to 1. This is to support + the use case of a bridge on a local network, exposed via a + pluggable transport. Fixes bug 40208; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay, config): + - Fix a problem in the removal of duplicate ORPorts from the + internal port list when loading the config file. We were removing + the wrong ports, breaking valid torrc uses cases for multiple + ORPorts of the same address family. Fixes bug 40289; bugfix + on 0.4.5.1-alpha. + + +Changes in version 0.4.4.7 - 2021-02-03 + Tor 0.4.4.7 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.4.3.8 - 2021-02-03 + Tor 0.4.3.8 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + Note that this is, in all likelihood, the last release of Tor 0.4.3.x, + which will reach end-of-life on 15 Feb 2021. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major bugfixes (stats, onion services, backport from 0.4.4.5): + - Fix a bug where we were undercounting the Tor network's total + onion service traffic, by ignoring any traffic originating from + clients. Now we count traffic from both clients and services. + Fixes bug 40117; bugfix on 0.2.6.2-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.1-rc): + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.3.5.13 - 2020-02-03 + Tor 0.3.5.13 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major bugfixes (stats, onion services, backport from 0.4.4.5): + - Fix a bug where we were undercounting the Tor network's total + onion service traffic, by ignoring any traffic originating from + clients. Now we count traffic from both clients and services. + Fixes bug 40117; bugfix on 0.2.6.2-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitigate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.1-rc): + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.4.5.5-rc - 2021-02-01 + Tor 0.4.5.5-rc is the third release candidate in its series. We're + coming closer and closer to a stable release series. This release + fixes an annoyance with address detection code, and somewhat mitigates + an ongoing denial-of-service attack. + + We anticipate no more code changes between this and the stable + release, though of course that could change. + + o Major feature (exit): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor bugfixes (relay, configuration): + - Don't attempt to discover our address (IPv4 or IPv6) if no ORPort + for it can be found in the configuration. Fixes bug 40254; bugfix + on 0.4.5.1-alpha. + + +Changes in version 0.4.5.4-rc - 2021-01-22 + Tor 0.4.5.4-rc is the second release candidate in its series. It fixes + several bugs present in previous releases. + + We expect that the stable release will be the same, or almost the + same, as this release candidate, unless serious bugs are found. + + o Major bugfixes (authority, IPv6): + - Do not consider multiple relays in the same IPv6 /64 network to be + sybils. Fixes bug 40243; bugfix on 0.4.5.1-alpha. + + o Major bugfixes (directory cache, performance, windows): + - Limit the number of items in the consensus diff cache to 64 on + Windows. We hope this will mitigate an issue where Windows relay + operators reported Tor using 100% CPU, while we investigate better + solutions. Fixes bug 24857; bugfix on 0.3.1.1-alpha. + + o Minor feature (build system): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (authority, logging): + - Log more information for directory authority operators during the + consensus voting process, and while processing relay descriptors. + Closes ticket 40245. + - Reject obsolete router/extrainfo descriptors earlier and more + quietly, to avoid spamming the logs. Fixes bug 40238; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (compilation): + - Fix another warning about unreachable fallthrough annotations when + building with "--enable-all-bugs-are-fatal" on some compilers. + Fixes bug 40241; bugfix on 0.4.5.3-rc. + - Change the linker flag ordering in our library search code so that + it works for compilers that need the libraries to be listed in the + right order. Fixes bug 33624; bugfix on 0.1.1.0-alpha. + + o Minor bugfixes (config, bridge): + - Don't initiate a connection to a bridge configured to use a + missing transport. This change reverts an earlier fix that would + try to avoid such situations during configuration chcecking, but + which doesn't work with DisableNetwork. Fixes bug 40106; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (onion services): + - Avoid a non-fatal assertion in certain edge-cases when + establishing a circuit to an onion service. Fixes bug 32666; + bugfix on 0.3.0.3-alpha. + + o Minor bugfixes (relay): + - If we were unable to build our descriptor, don't mark it as having + been advertised. Also remove an harmless BUG(). Fixes bug 40231; + bugfix on 0.4.5.1-alpha. + + +Changes in version 0.4.5.3-rc - 2021-01-12 + Tor 0.4.5.3-rc is the first release candidate in its series. It fixes + several bugs, including one that broke onion services on certain older + ARM CPUs, and another that made v3 onion services less reliable. + + Though we anticipate that we'll be doing a bit more clean-up between + now and the stable release, we expect that our remaining changes will + be fairly simple. There will be at least one more release candidate + before 0.4.5.x is stable. + + o Major bugfixes (onion service v3): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Minor features (crypto): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor features (documentation): + - Mention the "!badexit" directive that can appear in an authority's + approved-routers file, and update the description of the + "!invalid" directive. Closes ticket 40188. + + o Minor bugfixes (compilation): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + - Fix the "--enable-static-tor" switch to properly set the "-static" + compile option onto the tor binary only. Fixes bug 40111; bugfix + on 0.2.3.1-alpha. + + o Minor bugfixes (config, bridge): + - Really fix the case where torrc has a missing ClientTransportPlugin + but is configured with a Bridge line and UseBridges. Previously, + we didn't look at the managed proxy list and thus would fail for + the "exec" case. Fixes bug 40106; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (logging, relay): + - Log our address as reported by the directory authorities, if none + was configured or detected before. Fixes bug 40201; bugfix + on 0.4.5.1-alpha. + - When a launching bandwidth testing circuit, don't incorrectly call + it a reachability test, or trigger a "CHECKING_REACHABILITY" + control event. Fixes bug 40205; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay, statistics): + - Report the correct connection statistics in our extrainfo + documents. Previously there was a problem in the file loading + function which would wrongly truncate a state file, causing the + wrong information to be reported. Fixes bug 40226; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (SOCKS5): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.4.5.2-alpha - 2020-11-23 + Tor 0.4.5.2-alpha is the second alpha release in the 0.4.5.x series. + It fixes several bugs present in earlier releases, including one that + made it impractical to run relays on Windows. It also adds a few small + safety features to improve Tor's behavior in the presence of strange + compile-time options, misbehaving proxies, and future versions + of OpenSSL. + + o Major bugfixes (relay, windows): + - Fix a bug in our implementation of condition variables on Windows. + Previously, a relay on Windows would use 100% CPU after running + for some time. Because of this change, Tor now require Windows + Vista or later to build and run. Fixes bug 30187; bugfix on + 0.2.6.3-alpha. (This bug became more serious in 0.3.1.1-alpha with + the introduction of consensus diffs.) Patch by Daniel Pinto. + + o Minor features (compilation): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (protocol, proxy support, defense in depth): + - Respond more deliberately to misbehaving proxies that leave + leftover data on their connections, so as to make Tor even less + likely to allow the proxies to pass their data off as having come + from a relay. Closes ticket 40017. + + o Minor features (safety): + - Log a warning at startup if Tor is built with compile-time options + that are likely to make it less stable or reliable. Closes + ticket 18888. + + o Minor bugfixes (circuit, handshake): + - In the v3 handshaking code, use connection_or_change_state() to + change the state. Previously, we changed the state directly, but + this did not pass the state change to the pubsub or channel + objects, potentially leading to bugs. Fixes bug 32880; bugfix on + 0.2.3.6-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (compilation): + - Use the correct 'ranlib' program when building libtor.a. + Previously we used the default ranlib, which broke some kinds of + cross-compilation. Fixes bug 40172; bugfix on 0.4.5.1-alpha. + - Remove a duplicate typedef in metrics_store.c. Fixes bug 40177; + bugfix on 0.4.5.1-alpha. + - When USDT tracing is enabled, and STAP_PROBEV() is missing, don't + attempt to build. Linux supports that macro but not the BSDs. + Fixes bug 40174; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (configuration): + - Exit Tor on a misconfiguration when the Bridge line is configured + to use a transport but no corresponding ClientTransportPlugin can + be found. Prior to this fix, Tor would attempt to connect to the + bridge directly without using the transport, making it easier for + adversaries to notice the bridge. Fixes bug 25528; bugfix + on 0.2.6.1-alpha. + - Fix an issue where an ORPort was compared with other kinds of + ports, when it should have been only checked against other + ORPorts. This bug would lead to "DirPort auto" getting ignored. + Fixes bug 40195; bugfix on 0.4.5.1-alpha. + - Fix a bug where a second non-ORPort with a variant family (ex: + SocksPort [::1]:9050) would be ignored due to a configuration + parsing error. Fixes bug 40183; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (crash, relay, signing key): + - Avoid assertion failures when we run Tor from the command line + with `--key-expiration sign`, but an ORPort is not set. Fixes bug + 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (logging): + - Remove trailing whitespace from control event log messages. Fixes + bug 32178; bugfix on 0.1.1.1-alpha. Based on a patch by + Amadeusz Pawlik. + - Turn warning-level log message about SENDME failure into a debug- + level message. (This event can happen naturally, and is no reason + for concern). Fixes bug 40142; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (relay, address discovery): + - Don't trigger an IP change when no new valid IP can be found. + Fixes bug 40071; bugfix on 0.4.5.1-alpha. + - When attempting to discover our IP, use a simple test circuit, + rather than a descriptor fetch: the same address information is + present in NETINFO cells, and is better authenticated there. Fixes + bug 40071; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (testing): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix unit tests that used newly generated list of routers so that + they check them with respect to the date when they were generated, + not with respect to the current time. Fixes bug 40187; bugfix + on 0.4.5.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + o Removed features (controller): + - Remove the "GETINFO network-status" controller command. It has + been deprecated since 0.3.1.1-alpha. Closes ticket 22473. + + Changes in version 0.4.4.6 - 2020-11-12 Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- @@ -2764,7 +5149,7 @@ Changes in version 0.4.1.7 - 2019-12-09 uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha. - Disable backtrace signal handlers when shutting down tor. Fixes bug 31614; bugfix on 0.2.5.2-alpha. - - Rate-limit our the logging message about the obsolete .exit + - Rate-limit the logging message about the obsolete .exit notation. Previously, there was no limit on this warning, which could potentially be triggered many times by a hostile website. Fixes bug 31466; bugfix on 0.2.2.1-alpha. @@ -3067,7 +5452,7 @@ Changes in version 0.4.0.6 - 2019-12-09 on 0.1.1.10-alpha. o Minor bugfixes (logging, backport from 0.4.2.2-alpha): - - Rate-limit our the logging message about the obsolete .exit + - Rate-limit the logging message about the obsolete .exit notation. Previously, there was no limit on this warning, which could potentially be triggered many times by a hostile website. Fixes bug 31466; bugfix on 0.2.2.1-alpha. @@ -3101,7 +5486,7 @@ Changes in version 0.4.0.6 - 2019-12-09 o Minor bugfixes (onion services, backport from 0.4.1.1-alpha): - Avoid a GCC 9.1.1 warning (and possible crash depending on libc - implemenation) when failing to load an onion service client + implementation) when failing to load an onion service client authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. o Minor bugfixes (out-of-memory handler, backport from 0.4.1.2-alpha): @@ -3493,7 +5878,7 @@ Changes in version 0.3.5.9 - 2019-12-09 on 0.1.1.10-alpha. o Minor bugfixes (logging, backport from 0.4.2.2-alpha): - - Rate-limit our the logging message about the obsolete .exit + - Rate-limit the logging message about the obsolete .exit notation. Previously, there was no limit on this warning, which could potentially be triggered many times by a hostile website. Fixes bug 31466; bugfix on 0.2.2.1-alpha. @@ -3531,7 +5916,7 @@ Changes in version 0.3.5.9 - 2019-12-09 o Minor bugfixes (onion services, backport from 0.4.1.1-alpha): - Avoid a GCC 9.1.1 warning (and possible crash depending on libc - implemenation) when failing to load an onion service client + implementation) when failing to load an onion service client authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. o Minor bugfixes (out-of-memory handler, backport from 0.4.1.2-alpha): @@ -3911,7 +6296,7 @@ Changes in version 0.4.2.2-alpha - 2019-10-07 uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha. - Disable backtrace signal handlers when shutting down tor. Fixes bug 31614; bugfix on 0.2.5.2-alpha. - - Rate-limit our the logging message about the obsolete .exit + - Rate-limit the logging message about the obsolete .exit notation. Previously, there was no limit on this warning, which could potentially be triggered many times by a hostile website. Fixes bug 31466; bugfix on 0.2.2.1-alpha. @@ -4985,7 +7370,7 @@ Changes in version 0.4.1.1-alpha - 2019-05-22 o Minor bugfixes (onion services): - Avoid a GCC 9.1.1 warning (and possible crash depending on libc - implemenation) when failing to load an onion service client + implementation) when failing to load an onion service client authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. - When refusing to launch a controller's HSFETCH request because of rate-limiting, respond to the controller with a new response, diff --git a/Doxyfile.in b/Doxyfile.in index 4374e54858..d06c344528 100644 --- a/Doxyfile.in +++ b/Doxyfile.in @@ -864,10 +864,8 @@ RECURSIVE = YES # run. EXCLUDE = ./src/ext/ed25519 \ - ./src/ext/rust \ ./src/trunnel \ - ./src/test \ - ./src/rust/registry + ./src/test # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded diff --git a/Makefile.am b/Makefile.am index c889945d5a..280047a71b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -36,12 +36,6 @@ else TESTING_TOR_BINARY=$(top_builddir)/src/app/tor$(EXEEXT) endif -if USE_RUST -rust_ldadd=$(top_builddir)/$(TOR_RUST_LIB_PATH) -else -rust_ldadd= -endif - # "Common" libraries used to link tor's utility code. TOR_UTIL_LIBS = \ src/lib/libtor-geoip.a \ @@ -192,7 +186,7 @@ EXTRA_DIST+= \ INSTALL \ LICENSE \ Makefile.nmake \ - README \ + README.md \ ReleaseNotes \ scripts/build/combine_libs \ scripts/maint/checkIncludes.py \ @@ -253,7 +247,7 @@ endif TEST_NETWORK_SHOW_WARNINGS_FOR_LAST_RUN_FLAGS=--quiet --only-warnings if LIBFUZZER_ENABLED -TEST_CFLAGS += -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div +TEST_CFLAGS += -fsanitize=fuzzer-no-link # not "edge" endif @@ -590,7 +584,7 @@ check-typos: $(top_srcdir)/doc \ $(top_srcdir)/contrib \ $(top_srcdir)/scripts \ - $(top_srcdir)/README \ + $(top_srcdir)/README.md \ $(top_srcdir)/ChangeLog \ $(top_srcdir)/INSTALL \ $(top_srcdir)/ReleaseNotes \ @@ -601,51 +595,6 @@ check-typos: echo "You can install the latest version of misspell here: https://github.com/client9/misspell#install"; \ fi -.PHONY: rustfmt -rustfmt: -if USE_RUST - @if test -x "`which cargo-fmt 2>&1;true`"; then \ - echo "Formatting Rust code ..."; \ - (cd "$(top_srcdir)/src/rust" && cargo fmt --all --); \ - else \ - echo "Tor uses rustfmt (via cargo-fmt) to format Rust code."; \ - echo "However, it seems that you don't have rustfmt installed."; \ - printf "You can install rustfmt by following the directions here:"; \ - echo " https://github.com/rust-lang-nursery/rustfmt"; \ - fi -endif - -.PHONY: check-rustfmt -check-rustfmt: -if USE_RUST - @if test -x "`which cargo-fmt 2>&1;true`"; then \ - printf "Running rustfmt..."; \ - (cd "$(top_srcdir)/src/rust" && cargo fmt --all -- --check && echo "done.") || \ - (echo "**************** check-rustfmt failed. ****************"; \ - echo " Run \`make rustfmt\` to apply the above changes."; \ - exit 1); \ - else \ - echo "Tor uses rustfmt (via cargo-fmt) to format Rust code."; \ - echo "However, it seems that you don't have rustfmt installed."; \ - printf "You can install rustfmt by following the directions here:"; \ - echo " https://github.com/rust-lang-nursery/rustfmt"; \ - fi -endif - -.PHONY: clippy -clippy: -if USE_RUST - @if test -x "`which cargo-clippy 2>&1;true`"; then \ - echo "Running cargo clippy ..."; \ - echo "Prepare yourself for the onslaught of suggestions ..."; \ - (cd "$(top_srcdir)/src/rust" && cargo clippy); \ - else \ - echo "Tor can use clippy to lint Rust code."; \ - echo "However, it seems that you don't have clippy installed."; \ - echo "You can install the latest version of clippy by following the directions here: https://github.com/rust-lang-nursery/rust-clippy"; \ - fi -endif - .PHONY: check-changes check-changes: if USEPYTHON @@ -686,7 +635,7 @@ update-copyright: $(PERL) $(top_srcdir)/scripts/maint/updateCopyright.pl $(OWNED_TOR_C_FILES) .PHONY: autostyle -autostyle: update-versions rustfmt autostyle-ifdefs rectify-includes +autostyle: update-versions autostyle-ifdefs rectify-includes mostlyclean-local: rm -f $(top_builddir)/src/*/*.gc{da,no} $(top_builddir)/src/*/*/*.gc{da,no} @@ -694,14 +643,6 @@ mostlyclean-local: rm -rf $(top_builddir)/doc/doxygen rm -rf $(TEST_NETWORK_ALL_LOG_DIR) -clean-local: - rm -rf $(top_builddir)/src/rust/target - rm -rf $(top_builddir)/src/rust/.cargo/registry - -if USE_RUST -distclean-local: distclean-rust -endif - # This relies on some internal details of how automake implements # distcheck. We check two directories because automake-1.15 changed # from $(distdir)/_build to $(distdir)/_build/sub. diff --git a/README b/README deleted file mode 100644 index 397f6b927e..0000000000 --- a/README +++ /dev/null @@ -1,31 +0,0 @@ -Tor protects your privacy on the internet by hiding the connection -between your Internet address and the services you use. We believe Tor -is reasonably secure, but please ensure you read the instructions and -configure it properly. - -To build Tor from source: - ./configure && make && make install - -To build Tor from a just-cloned git repository: - sh autogen.sh && ./configure && make && make install - -Home page: - https://www.torproject.org/ - -Download new versions: - https://www.torproject.org/download/download.html - -Documentation, including links to installation and setup instructions: - https://www.torproject.org/docs/documentation.html - -Making applications work with Tor: - https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO - -Frequently Asked Questions: - https://www.torproject.org/docs/faq.html - -Release timeline: - https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorReleases - -To get started working on Tor development: - See the doc/HACKING directory. diff --git a/README.md b/README.md new file mode 100644 index 0000000000..4a8db49e53 --- /dev/null +++ b/README.md @@ -0,0 +1,70 @@ +Tor protects your privacy on the internet by hiding the connection between +your Internet address and the services you use. We believe Tor is reasonably +secure, but please ensure you read the instructions and configure it properly. + +## Build + +To build Tor from source: + +``` +./configure +make +make install +``` + +To build Tor from a just-cloned git repository: + +``` +./autogen.sh +./configure +make +make install +``` + +## Releases + +The tarballs, checksums and signatures can be found here: https://dist.torproject.org + +- Checksum: `<tarball-name>.sha256sum` +- Signatures: `<tarball-name>.sha256sum.asc` + +### Schedule + +You can find our release schedule here: + +- https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/CoreTorReleases + +### Keys that CAN sign a release + +The following keys are the maintainers of this repository. One or many of +these keys can sign the releases, do NOT expect them all: + +- Alexander Færøy: + [514102454D0A87DB0767A1EBBE6A0531C18A9179](https://keys.openpgp.org/vks/v1/by-fingerprint/1C1BC007A9F607AA8152C040BEA7B180B1491921) +- David Goulet: + [B74417EDDF22AC9F9E90F49142E86A2A11F48D36](https://keys.openpgp.org/vks/v1/by-fingerprint/B74417EDDF22AC9F9E90F49142E86A2A11F48D36) +- Nick Mathewson: + [2133BC600AB133E1D826D173FE43009C4607B1FB](https://keys.openpgp.org/vks/v1/by-fingerprint/2133BC600AB133E1D826D173FE43009C4607B1FB) + +## Development + +See our hacking documentation in [doc/HACKING/](./doc/HACKING). + +## Resources + +Home page: + +- https://www.torproject.org/ + +Download new versions: + +- https://www.torproject.org/download/download.html + +Documentation, including links to installation and setup instructions: + +- https://www.torproject.org/docs/documentation.html + +Frequently Asked Questions: + +- https://www.torproject.org/docs/faq.html + diff --git a/ReleaseNotes b/ReleaseNotes index 2ce9ceaa90..ae90f71510 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,2286 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.7.8 - 2022-06-17 + This version fixes several bugfixes including a High severity security issue + categorized as a Denial of Service. Everyone running an earlier version + should upgrade to this version. + + o Major bugfixes (congestion control, TROVE-2022-001): + - Fix a scenario where RTT estimation can become wedged, seriously + degrading congestion control performance on all circuits. This + impacts clients, onion services, and relays, and can be triggered + remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes + bug 40626; bugfix on 0.4.7.5-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on June 17, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/06/17. + + o Minor bugfixes (linux seccomp2 sandbox): + - Allow the rseq system call in the sandbox. This solves a crash + issue with glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug + 40601; bugfix on 0.3.5.11. + + o Minor bugfixes (logging): + - Demote a harmless warn log message about finding a second hop to + from warn level to info level, if we do not have enough + descriptors yet. Leave it at notice level for other cases. Fixes + bug 40603; bugfix on 0.4.7.1-alpha. + - Demote a notice log message about "Unexpected path length" to info + level. These cases seem to happen arbitrarily, and we likely will + never find all of them before the switch to arti. Fixes bug 40612; + bugfix on 0.4.7.5-alpha. + + o Minor bugfixes (relay, logging): + - Demote a harmless XOFF log message to from notice level to info + level. Fixes bug 40620; bugfix on 0.4.7.5-alpha. + + +Changes in version 0.4.7.7 - 2022-04-27 + This is the first stable version of the 0.4.7.x series. This series + includes several major bugfixes from previous series and several features + including one massive new one: congestion control. + + Congestion control, among other things, should improve traffic speed and + stability on the network once a majority of Exit upgrade. You can find more + details about it in proposal 324 in the torspec.git repository. + + Below are all the changes of the 0.4.7.x series: + + o Major features (congestion control): + - Implement support for flow control over congestion controlled + circuits. This work comes from proposal 324. Closes ticket 40450. + + o Major features (relay, client, onion services): + - Implement RTT-based congestion control for exits and onion + services, from Proposal 324. Disabled by default. Enabled by the + 'cc_alg' consensus parameter. Closes ticket 40444. + + o Major features (directory authority): + - Add a new consensus method to handle MiddleOnly specially. When + enough authorities are using this method, then any relay tagged + with the MiddleOnly flag will have its Exit, Guard, HSDir, and + V2Dir flags automatically cleared, and will have its BadExit flag + automatically set. Implements part of proposal 335. + - Authorities can now be configured to label relays as "MiddleOnly". + When voting for this flag, authorities automatically vote against + Exit, Guard, HSDir, and V2Dir; and in favor of BadExit. Implements + part of proposal 335. Based on a patch from Neel Chauhan. + + o Major features (Proposal 332, onion services, guard selection algorithm): + - Clients and onion services now choose four long-lived "layer 2" + guard relays for use as the middle hop in all onion circuits. + These relays are kept in place for a randomized duration averaging + 1 week. This mitigates guard discovery attacks against clients and + short-lived onion services such as OnionShare. Long-lived onion + services that need high security should still use the Vanguards + addon (https://github.com/mikeperry-tor/vanguards). Closes ticket + 40363; implements proposal 333. + + o Major bugfix (relay, metrics): + - On the MetricsPort, the DNS error statistics are not reported by + record type ("record=...") anymore due to a libevent bug + (https://github.com/libevent/libevent/issues/1219). Fixes bug + 40490; bugfix on 0.4.7.1-alpha. + + o Major bugfixes (bridges): + - Make Tor work reliably again when you have multiple bridges + configured and one or more of them are unreachable. The problem + came because we require that we have bridge descriptors for both + of our first two bridges (else we refuse to try to connect), but + in some cases we would wait three hours before trying to fetch + these missing descriptors, and/or never recover when we do try to + fetch them. Fixes bugs 40396 and 40495; bugfix on 0.3.0.5-rc + and 0.3.2.1-alpha. + + o Major bugfixes (client): + - Stop caching TCP connect failures to relays/bridges when we + initiated the connection as a client. Now we only cache connect + failures as a relay or bridge when we initiated them because of an + EXTEND request. Declining to re-attempt the client-based + connections could cause problems when we lose connectivity and try + to reconnect. Fixes bug 40499; bugfix on 0.3.3.4-alpha. + + o Major bugfixes (onion service, congestion control): + - Fix the onion service upload case where the congestion control + parameters were not added to the right object. Fixes bug 40586; + bugfix on 0.4.7.4-alpha. + + o Major bugfixes (relay, DNS): + - Lower the DNS timeout from 3 attempts at 5 seconds each to 2 + attempts at 1 seconds each. Two new consensus parameters were + added to control these values. This change should improve observed + performance under DNS load; see ticket for more details. Fixes bug + 40312; bugfix on 0.3.5.1-alpha. + + o Major bugfixes (relay, overload state): + - Relays report the general overload state for DNS timeout errors + only if X% of all DNS queries over Y seconds are errors. Before + that, it only took 1 timeout to report the overload state which + was just too low of a threshold. The X and Y values are 1% and 10 + minutes respectively but they are also controlled by consensus + parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha. + + o Major bugfixes (relay, overload): + - Do not trigger a general overload on DNS timeout. Even after + fixing 40527, some code remained that triggered the overload. + Fixes bug 40564; bugfix on 0.4.7.1-alpha. + - Change the MetricsPort DNS "timeout" label to be "tor_timeout" in + order to indicate that this was a DNS timeout from tor perspective + and not the DNS server itself. + - Deprecate overload_dns_timeout_period_secs and + overload_dns_timeout_scale_percent consensus parameters as well. + They were used to assess the overload state which is no more now. + - Don't make Tor DNS timeout trigger an overload general state. + These timeouts are different from DNS server timeout. They have to + be seen as timeout related to UX and not because of a network + problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha. + + o Minor feature (authority, relay): + - Reject End-Of-Life relays running version 0.4.2.x, 0.4.3.x, + 0.4.4.x and 0.4.5 alphas/rc. Closes ticket 40480. + - Reject End-Of-Life relays running version 0.3.5.x. Closes + ticket 40559. + + o Minor feature (onion service v2): + - Onion service v2 addresses are now not recognized anymore by tor + meaning a bad hostname is returned when attempting to pass it on a + SOCKS connection. No more deprecation log is emitted client side. + Closes ticket 40476. + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + + o Minor feature (reproducible build): + - The repository can now build reproducible tarballs which adds the + build command "make dist-reprod" for that purpose. Closes + ticket 26299. + + o Minor features (bridge testing support): + - Let external bridge reachability testing tools discard cached + bridge descriptors when setting new bridges, so they can be sure + to get a clean reachability test. Implements ticket 40209. + + o Minor features (compilation): + - Give an error message if trying to build with a version of + LibreSSL known not to work with Tor. (There's an incompatibility + with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of + their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes + ticket 40511. + + o Minor features (control port): + - Provide congestion control fields on CIRC_BW and STREAM control + port events, for use by sbws. Closes ticket 40568. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on April 27, 2022. + + o Minor features (fuzzing): + - When building with --enable-libfuzzer, use a set of compiler flags + that works with more recent versions of the library. Previously we + were using a set of flags from 2017. Closes ticket 40407. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/04/27. + + o Minor features (logging, heartbeat): + - When a relay receives a cell that isn't encrypted properly for it, + but the relay is the last hop on the circuit, the relay now counts + how many cells of this kind it receives, on how many circuits, and + reports this information in the log. Previously, we'd log each + cell at PROTOCOL_WARN level, which is far too verbose to be + useful. Fixes part of ticket 40400. + + o Minor features (portability): + - Try to prevent a compiler warning about printf arguments that + could sometimes occur on MSYS2 depending on the configuration. + Closes ticket 40355. + + o Minor features (testing configuration): + - When TestingTorNetwork is enabled, skip the permissions check on + hidden service directories. Closes ticket 40338. + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor features (testing): + - We now have separate fuzzers for the inner layers of v3 onion + service descriptors, to prevent future bugs like 40392. Closes + ticket 40488. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug + 40500; bugfix on 0.3.2.1-alpha. + + o Minor bugfix (logging): + - Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (pluggable transport): + - Do not kill a managed proxy if one of its transport configurations + emits a method error. Instead log a warning and continue processing + method arguments. Fixes bug 7362; bugfix on 0.2.3.6-alpha. + + o Minor bugfix (relay): + - Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (bridges): + - When we don't yet have a descriptor for one of our bridges, + disable the entry guard retry schedule on that bridge. The entry + guard retry schedule and the bridge descriptor retry schedule can + conflict, e.g. where we mark a bridge as "maybe up" yet we don't + try to fetch its descriptor yet, leading Tor to wait (refusing to + do anything) until it becomes time to fetch the descriptor. Fixes + bug 40497; bugfix on 0.3.0.3-alpha. + + o Minor bugfixes (cell scheduling): + - Avoid writing empty payload with NSS write. + - Don't attempt to write 0 bytes after a cell scheduling loop. No + empty payload was put on the wire. Fixes bug 40548; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (circuit padding): + - Don't send STOP circuit padding cells when the other side has + already shut down the corresponding padding machine. Fixes bug + 40435; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (compatibility): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (compilation): + - Fix compilation error when __NR_time is not defined. Fixes bug + 40465; bugfix on 0.2.5.5-alpha. Patch by Daniel Pinto. + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than + to change whether we suppress deprecated API warnings. Fixes bug + 40429; bugfix on 0.3.5.13. + - Resume being able to build on old / esoteric gcc versions. Fixes + bug 40550; bugfix on 0.4.7.1-alpha. + + o Minor bugfixes (compiler warnings): + - Fix couple compiler warnings on latest Ubuntu Jammy. Fixes bug + 40516; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (congestion control, client side logs): + - Demote a warn about 1-hop circuits using congestion control down + to info; Demote the 4-hop case to notice. Fixes bug 40598; bugfix + on 0.4.5-alpha. + + o Minor bugfixes (control, sandbox): + - Allows the control command SAVECONF to succeed when the seccomp + sandbox is enabled. Makes SAVECONF keep only one backup file, to + simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. + Patch by Daniel Pinto. + + o Minor bugfixes (controller, path bias): + - When a circuit's path is specified, in full or in part, from the + controller API, do not count that circuit towards our path-bias + calculations. (Doing so was incorrect, since we cannot tell + whether the controller is selecting relays randomly.) Resolves a + "Bug" warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (dirauth, bandwidth scanner): + - Add the AuthDirDontVoteOnDirAuthBandwidth dirauth config parameter + to avoid voting on bandwidth scanner weights to v3 directory + authorities. Fixes bug 40471; bugfix on 0.2.2.1-alpha. Patch by + Neel Chauhan. + + o Minor bugfixes (DNSPort, dormant mode): + - A request on the DNSPort now wakes up a dormant tor. Fixes bug + 40577; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (fragile-hardening, sandbox): + - When building with --enable-fragile-hardening, add or relax Linux + seccomp rules to allow AddressSanitizer to execute normally if the + process terminates with the sandbox active. This has the side + effect of disabling the filtering of file- and directory-open + requests on most systems and dilutes the effectiveness of the + sandbox overall, as a wider range of system calls must be + permitted. Fixes bug 11477; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (heartbeat): + - Adjust the heartbeat log message about distinct clients to + consider the HeartbeatPeriod rather than a flat 6-hour delay. + Fixes bug 40330; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (logging): + - If a channel has never received or transmitted a cell, or seen a + client, do not calculate time diffs against 1/1/1970 but log a + better prettier message. Fixes bug 40182; bugfix on 0.2.4.4. + - When we no longer have enough directory information to use the + network, we would log a notice-level message -- but we would not + reliably log a message when we recovered and resumed using the + network. Now make sure there is always a corresponding message + about recovering. Fixes bug 40496; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (logging, relay): + - Add spaces between the "and" when logging the "Your server has not + managed to confirm reachability for its" on dual-stack relays. + Fixes bug 40453; bugfix on 0.4.5.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (metrics port, onion service): + - Fix the metrics with a port label to be unique. Before this, all + ports of an onion service would be on the same line which violates + the Prometheus rules of unique labels. Fixes bug 40581; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (onion service congestion control): + - Avoid a non-fatal assertion failure in the case where we fail to + set up congestion control on a rendezvous circuit. This could + happen naturally if a cache entry expired at an unexpected time. + Fixes bug 40576; bugfix on 0.4.7.4-alpha. + + o Minor bugfixes (onion service): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which leads to + wrongly flagging many relays and thus affecting circuit path + selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + - Fix a warning BUG that would occur often on heavily loaded onion + service leading to filling the logs with useless warnings. Fixes + bug 34083; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, client): + - Fix a rare but fatal assertion failure due to a guard subsystem + recursion triggered by the onion service client. Fixes bug 40579; + bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (onion service, config): + - Fix a memory leak for a small config line string that could occur + if the onion service failed to be configured from file properly. + Fixes bug 40484; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008): + - Only log v2 access attempts once total, in order to not pollute + the logs with warnings and to avoid recording the times on disk + when v2 access was attempted. Note that the onion address was + _never_ logged. This counts as a Low-severity security issue. + Fixes bug 40474; bugfix on 0.4.5.8. + - Note that due to #40476 which removes v2 support entirely, this + log line is not emitted anymore. We still mention this in the + changelog because it is a Low-severity TROVE. + + o Minor bugfixes (performance, DoS): + - Fix one case of a not-especially viable denial-of-service attack + found by OSS-Fuzz in our consensus-diff parsing code. This attack + causes a lot small of memory allocations and then immediately + frees them: this is only slow when running with all the sanitizers + enabled. Fixes one case of bug 40472; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - Reject IPv6-only DirPorts. Our reachability self-test forces + DirPorts to be IPv4, but our configuration parser allowed them to + be IPv6-only, which led to an assertion failure. Fixes bug 40494; + bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay, overload): + - Decide whether to signal overload based on a fraction and + assessment period of ntor handshake drops. Previously, a single + drop could trigger an overload state, which caused many false + positives. Fixes bug 40560; bugfix on 0.4.7.1-alpha. + + o Minor bugfixes (sandbox): + - Fix the sandbox on i386 by modifying it to allow the + "clock_gettime64" and "statx" system calls and to filter the + "chown32" and "stat64" system calls in place of "chown" and + "stat", respectively. Fixes bug 40505; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (statistics): + - Fix a fencepost issue when we check stability_last_downrated where + we called rep_hist_downrate_old_runs() twice. Fixes bug 40394; + bugfix on 0.2.0.5-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (tests): + - Fix a bug that prevented some tests from running with the correct + names. Fixes bug 40365; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (usability): + - Do not log "RENDEZVOUS1 cell with unrecognized rendezvous cookie" + at LOG_PROTOCOL_WARN; instead log it at DEBUG. This warning can + happen naturally if a client gives up on a rendezvous circuit + after sending INTRODUCE1. Fixes part of bug 40400; bugfix + on 0.1.1.13-alpha. + - Do not log "circuit_receive_relay_cell failed" at + LOG_PROTOCOL_WARN; instead log it at DEBUG. In every case where we + would want to log this as a protocol warning, we are already + logging another warning from inside circuit_receive_relay_cell. + Fixes part of bug 40400; bugfix on 0.1.1.9-alpha. + + o Code simplification and refactoring: + - Lower the official maximum for "guard-extreme-restriction-percent" + to 100. This has no effect on when the guard code will generate a + warning, but it makes the intent of the option clearer. Fixes bug + 40486; bugfix on 0.3.0.1-alpha. + + o Documentation: + - Add links to original tor design paper and anonbib to + docs/HACKING/README.1st.md. Closes ticket 33742. Patch from + Emily Bones. + - Describe the "fingerprint-ed25519" file in the tor.1 man page. + Fixes bug 40467; bugfix on 0.4.3.1-alpha. Patch by Neel Chauhan. + - Provide an improved version of the tor-exit-notice.html file for + exit relays to use as a landing page. The text is unchanged, but + the page design and layout are significantly modernized, and + several links are fixed. Patch from "n_user"; closes ticket 40529. + + o Testing: + - Add unit tests for the Linux seccomp sandbox. Resolves + issue 16803. + + o Code simplification and refactoring (rust): + - Remove Rust support and its associated code. It is unsupported and + Rust focus should be shifted to arti. Closes ticket 40469. + + o Documentation (man, relay): + - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504; + bugfix on 0.4.6.1-alpha. + + o Testing (CI, chutney): + - Bump the data size that chutney transmits to 5MBytes in order to + trigger the flow control and congestion window code. Closes + ticket 40485. + + +Changes in version 0.4.6.10 - 2022-02-04 + This version contains minor bugfixes but one in particular is that relays + don't advertise onion service v2 support at the protocol version level. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on February 04, 2022. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2022/02/04. + + o Minor bugfix (logging): + - Update a log notice dead URL to a working one. Fixes bug 40544; + bugfix on 0.3.5.1-alpha. + + o Minor bugfix (relay): + - Remove the HSDir and HSIntro onion service v2 protocol versions so + relay stop advertising that they support them. Fixes bug 40509; + bugfix on 0.3.5.17. + + o Minor bugfixes (MetricsPort, Prometheus): + - Add double quotes to the label values of the onion service + metrics. Fixes bug 40552; bugfix on 0.4.5.1-alpha. + + +Changes in version 0.4.6.9 - 2021-12-15 + This version fixes several bugs from earlier versions of Tor. One important + piece is the removal of DNS timeout metric from the overload general signal. + See below for more details. + + o Major bugfixes (relay, overload): + - Don't make Tor DNS timeout trigger an overload general state. + These timeouts are different from DNS server timeout. They have to + be seen as timeout related to UX and not because of a network + problem. Fixes bug 40527; bugfix on 0.4.6.1-alpha. + + o Minor feature (reproducible build): + - The repository can now build reproducible tarballs which adds the + build command "make dist-reprod" for that purpose. Closes + ticket 26299. + + o Minor features (compilation): + - Give an error message if trying to build with a version of + LibreSSL known not to work with Tor. (There's an incompatibility + with LibreSSL versions 3.2.1 through 3.4.0 inclusive because of + their incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) Closes + ticket 40511. + + o Minor features (fallbackdir): + - Regenerate fallback directories generated on December 15, 2021. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/12/15. + + o Minor bugfixes (compilation): + - Fix our configuration logic to detect whether we had OpenSSL 3: + previously, our logic was reversed. This has no other effect than + to change whether we suppress deprecated API warnings. Fixes bug + 40429; bugfix on 0.3.5.13. + + o Minor bugfixes (relay): + - Reject IPv6-only DirPorts. Our reachability self-test forces + DirPorts to be IPv4, but our configuration parser allowed them to + be IPv6-only, which led to an assertion failure. Fixes bug 40494; + bugfix on 0.4.5.1-alpha. + + o Documentation (man, relay): + - Missing "OverloadStatistics" in tor.1 manpage. Fixes bug 40504; + bugfix on 0.4.6.1-alpha. + + +Changes in version 0.4.6.8 - 2021-10-26 + This version fixes several bugs from earlier versions of Tor. One + highlight is a fix on how we track DNS timeouts to report general + relay overload. + + o Major bugfixes (relay, overload state): + - Relays report the general overload state for DNS timeout errors + only if X% of all DNS queries over Y seconds are errors. Before + that, it only took 1 timeout to report the overload state which + was just too low of a threshold. The X and Y values are 1% and 10 + minutes respectively but they are also controlled by consensus + parameters. Fixes bug 40491; bugfix on 0.4.6.1-alpha. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor features (testing): + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfix (onion service): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which can thus lead + to wrongly flagging many relays and thus affecting circuit building + path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + - Improve logging when a bad HS version is given. Fixes bug 40476; + bugfix on 0.4.6.1-alpha. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (compatibility): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008): + - Only log v2 access attempts once total, in order to not pollute + the logs with warnings and to avoid recording the times on disk + when v2 access was attempted. Note that the onion address was + _never_ logged. This counts as a Low-severity security issue. + Fixes bug 40474; bugfix on 0.4.5.8. + + +Changes in version 0.4.5.11 - 2021-10-26 + The major change in this version is that v2 onion services are now + disabled at the client, service, and relay: any Tor nodes running this + version and onward will stop supporting v2 onion services. This is the + last step in the long deprecation process of v2 onion services. + Everyone running an earlier version, whether as a client, a relay, or + an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, + or 0.4.6.8. + + o Major feature (onion service v2): + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + - The control port commands HSFETCH and HSPOST no longer allow + version 2, and it is no longer possible to create a v2 service + with ADD_ONION. + - Tor no longer allows creating v2 services, or connecting as a + client to a v2 service. Relays will decline to be a v2 HSDir or + introduction point. This effectively disables onion service + version 2 Tor-wide. Closes ticket 40476. + + o Minor features (bridge, backport from 0.4.6.8): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor features (logging, diagnostic, backport from 0.4.6.5): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + o Minor features (testing, backport from 0.4.6.8): + - On a testing network, relays can now use the + TestingMinTimeToReportBandwidth option to change the smallest + amount of time over which they're willing to report their observed + maximum bandwidth. Previously, this was fixed at 1 day. For + safety, values under 2 hours are only supported on testing + networks. Part of a fix for ticket 40337. + - Relays on testing networks no longer rate-limit how frequently + they are willing to report new bandwidth measurements. Part of a + fix for ticket 40337. + - Relays on testing networks now report their observed bandwidths + immediately from startup. Previously, they waited until they had + been running for a full day. Closes ticket 40337. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; + bugfix on 0.3.2.1-alpha. + + o Minor bugfix (onion service, backport from 0.4.6.8): + - Do not flag an HSDir as non-running in case the descriptor upload + or fetch fails. An onion service closes pending directory + connections before uploading a new descriptor which can thus lead + to wrongly flagging many relays and thus affecting circuit building + path selection. Fixes bug 40434; bugfix on 0.2.0.13-alpha. + + o Minor bugfixes (compatibility, backport from 0.4.6.8): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + o Minor bugfixes (consensus handling, backport from 0.4.6.4-rc): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service, TROVE-2021-008, backport from 0.4.6.8): + - Only log v2 access attempts once total, in order to not pollute + the logs with warnings and to avoid recording the times on disk + when v2 access was attempted. Note that the onion address was + _never_ logged. This counts as a Low-severity security issue. + Fixes bug 40474; bugfix on 0.4.5.8. + + +Changes in version 0.3.5.17 - 2021-10-26 + The major change in this version is that v2 onion services are now + disabled at the client, service, and relay: any Tor nodes running this + version and onward will stop supporting v2 onion services. This is the + last step in the long deprecation process of v2 onion services. + Everyone running an earlier version, whether as a client, a relay, or + an onion service, should upgrade to Tor 0.3.5.17, 0.4.5.11, + or 0.4.6.8. + + o Major feature (onion service v2, backport from 0.4.5.11): + - See https://blog.torproject.org/v2-deprecation-timeline for + details on how to transition from v2 to v3. + - The control port commands HSFETCH and HSPOST no longer allow + version 2, and it is no longer possible to create a v2 service + with ADD_ONION. + - Tor no longer allows creating v2 services, or connecting as a + client to a v2 service. Relays will decline to be a v2 HSDir or + introduction point. This effectively disables onion service + version 2 Tor-wide. Closes ticket 40476. + + o Minor features (bridge, backport from 0.4.6.8): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (fallbackdir): + - Regenerate fallback directories for October 2021. Closes + ticket 40493. + + o Minor bugfixes (compatibility, backport from 0.4.6.8): + - Fix compatibility with the most recent Libevent versions, which no + longer have an evdns_set_random_bytes() function. Because this + function has been a no-op since Libevent 2.0.4-alpha, it is safe + for us to just stop calling it. Fixes bug 40371; bugfix + on 0.2.1.7-alpha. + + +Changes in version 0.4.6.7 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, including one + that could lead to a denial-of-service attack. Everyone running an earlier + version, whether as a client, a relay, or an onion service, should upgrade + to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between our + batch-signature verification code and our single-signature verification + code. This assertion failure could be triggered remotely, leading to a + denial of service attack. We fix this issue by disabling batch + verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is + also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de + Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, + as retrieved on 2021/08/12. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. Fixes + bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. + + o Minor bugfixes (onion service): + - Send back the extended SOCKS error 0xF6 (Onion Service Invalid Address) + for a v2 onion address. Fixes bug 40421; bugfix on 0.4.6.2-alpha. + + o Minor bugfix (CI, onion service): + - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW in + order to reduce CPU load on the directory relays. Fixes bug 40301; + bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating + voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + +Changes in version 0.4.5.10 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, including one + that could lead to a denial-of-service attack. Everyone running an earlier + version, whether as a client, a relay, or an onion service, should upgrade + to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between our + batch-signature verification code and our single-signature verification + code. This assertion failure could be triggered remotely, leading to a + denial of service attack. We fix this issue by disabling batch + verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is + also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de + Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, + as retrieved on 2021/08/12. + + o Minor features (testing): + - Enable the deterministic RNG for unit tests that covers the address set + bloomfilter-based API's. Fixes bug 40419; bugfix on 0.3.3.2-alpha. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. Fixes + bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. + + o Minor bugfixes (relay, backport from 0.4.6.x): + - Reduce the compression level for data streaming from HIGH to LOW. Fixes + bug 40301; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (timekeeping, backport from 0.4.6.x): + - Calculate the time of day correctly on systems where the time_t + type includes leap seconds. (This is not the case on most + operating systems, but on those where it occurs, our tor_timegm + function did not correctly invert the system's gmtime function, + which could result in assertion failures when calculating + voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. + + o Minor bugfixes (warnings, portability, backport from 0.4.6.x): + - Suppress a strict-prototype warning when building with some versions + of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.3.5.16 - 2021-08-16 + This version fixes several bugs from earlier versions of Tor, including one + that could lead to a denial-of-service attack. Everyone running an earlier + version, whether as a client, a relay, or an onion service, should upgrade + to Tor 0.3.5.16, 0.4.5.10, or 0.4.6.7. + + o Major bugfixes (cryptography, security): + - Resolve an assertion failure caused by a behavior mismatch between our + batch-signature verification code and our single-signature verification + code. This assertion failure could be triggered remotely, leading to a + denial of service attack. We fix this issue by disabling batch + verification. Fixes bug 40078; bugfix on 0.2.6.1-alpha. This issue is + also tracked as TROVE-2021-007 and CVE-2021-38385. Found by Henry de + Valence. + + o Minor feature (fallbackdir): + - Regenerate fallback directories list. Close ticket 40447. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, + as retrieved on 2021/08/12. + + o Minor bugfix (crypto): + - Disable the unused batch verification feature of ed25519-donna. Fixes + bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence. + + o Minor bugfixes (relay, backport from 0.4.6.x): + - Reduce the compression level for data streaming from HIGH to LOW. Fixes + bug 40301; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.4.6.6 - 2021-06-30 + Tor 0.4.6.6 makes several small fixes on 0.4.6.5, including one that + allows Tor to build correctly on older versions of GCC. You should + upgrade to this version if you were having trouble building Tor + 0.4.6.5; otherwise, there is probably no need. + + o Minor bugfixes (compilation): + - Fix a compilation error when trying to build Tor with a compiler + that does not support const variables in static initializers. + Fixes bug 40410; bugfix on 0.4.6.5. + - Suppress a strict-prototype warning when building with some + versions of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing): + - Enable the deterministic RNG for unit tests that covers the + address set bloomfilter-based API's. Fixes bug 40419; bugfix + on 0.3.3.2-alpha. + + +Changes in version 0.4.6.5 - 2021-06-14 + Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x + series includes numerous features and bugfixes, including a significant + improvement to our circuit timeout algorithm that should improve + observed client performance, and a way for relays to report when they are + overloaded. + + This release also includes security fixes for several security issues, + including a denial-of-service attack against onion service clients, + and another denial-of-service attack against relays. Everybody should + upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + Below are the changes since 0.4.5.8. For a list of changes since + 0.4.6.4-rc, see the ChangeLog file. + + o Major bugfixes (security): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Major features (control port, onion services): + - Add controller support for creating version 3 onion services with + client authorization. Previously, only v2 onion services could be + created with client authorization. Closes ticket 40084. Patch by + Neel Chauhan. + + o Major features (directory authority): + - When voting on a relay with a Sybil-like appearance, add the Sybil + flag when clearing out the other flags. This lets a relay operator + know why their relay hasn't been included in the consensus. Closes + ticket 40255. Patch by Neel Chauhan. + + o Major features (metrics): + - Relays now report how overloaded they are in their extrainfo + documents. This information is controlled with the + OverloadStatistics torrc option, and it will be used to improve + decisions about the network's load balancing. Implements proposal + 328; closes ticket 40222. + + o Major features (relay, denial of service): + - Add a new DoS subsystem feature to control the rate of client + connections for relays. Closes ticket 40253. + + o Major features (statistics): + - Relays now publish statistics about the number of v3 onion + services and volume of v3 onion service traffic, in the same + manner they already do for v2 onions. Closes ticket 23126. + + o Major bugfixes (circuit build timeout): + - Improve the accuracy of our circuit build timeout calculation for + 60%, 70%, and 80% build rates for various guard choices. We now + use a maximum likelihood estimator for Pareto parameters of the + circuit build time distribution, instead of a "right-censored + estimator". This causes clients to ignore circuits that never + finish building in their timeout calculations. Previously, clients + were counting such unfinished circuits as having the highest + possible build time value, when in reality these circuits most + likely just contain relays that are offline. We also now wait a + bit longer to let circuits complete for measurement purposes, + lower the minimum possible effective timeout from 1.5 seconds to + 10ms, and increase the resolution of the circuit build time + histogram from 50ms bin widths to 10ms bin widths. Additionally, + we alter our estimate Xm by taking the maximum of the top 10 most + common build time values of the 10ms histogram, and compute Xm as + the average of these. Fixes bug 40168; bugfix on 0.2.2.14-alpha. + - Remove max_time calculation and associated warning from circuit + build timeout 'alpha' parameter estimation, as this is no longer + needed by our new estimator from 40168. Fixes bug 34088; bugfix + on 0.2.2.9-alpha. + + o Major bugfixes (signing key): + - In the tor-gencert utility, give an informative error message if + the passphrase given in `--create-identity-key` is too short. + Fixes bug 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan. + + o Minor features (bridge): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (build system): + - New "make lsp" command to auto generate the compile_commands.json + file used by the ccls server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (client): + - Clients now check whether their streams are attempting to re-enter + the Tor network (i.e. to send Tor traffic over Tor), and close + them preemptively if they think exit relays will refuse them for + this reason. See ticket 2667 for details. Closes ticket 40271. + + o Minor features (command line): + - Add long format name "--torrc-file" equivalent to the existing + command-line option "-f". Closes ticket 40324. Patch by + Daniel Pinto. + + o Minor features (command-line interface): + - Add build informations to `tor --version` in order to ease + reproducible builds. Closes ticket 32102. + - When parsing command-line flags that take an optional argument, + treat the argument as absent if it would start with a '-' + character. Arguments in that form are not intelligible for any of + our optional-argument flags. Closes ticket 40223. + - Allow a relay operator to list the ed25519 keys on the command + line by adding the `rsa` and `ed25519` arguments to the + --list-fingerprint flag to show the respective RSA and ed25519 + relay fingerprint. Closes ticket 33632. Patch by Neel Chauhan. + + o Minor features (compatibility): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (control port, stream handling): + - Add the stream ID to the event line in the ADDRMAP control event. + Closes ticket 40249. Patch by Neel Chauhan. + + o Minor features (dormant mode): + - Add a new 'DormantTimeoutEnabled' option to allow coarse-grained + control over whether the client ever becomes dormant from + inactivity. Most people won't need this. Closes ticket 40228. + - Add a new 'DormantTimeoutEnabled' option for coarse-grained + control over whether the client can become dormant from + inactivity. Most people won't need this. Closes ticket 40228. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor features (logging): + - Edit heartbeat log messages so that more of them begin with the + string "Heartbeat: ". Closes ticket 40322; patch + from 'cypherpunks'. + - Change the DoS subsystem heartbeat line format to be more clear on + what has been detected/rejected, and which option is disabled (if + any). Closes ticket 40308. + - In src/core/mainloop/mainloop.c and src/core/mainloop/connection.c, + put brackets around IPv6 addresses in log messages. Closes ticket + 40232. Patch by Neel Chauhan. + + o Minor features (logging, diagnostic): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + o Minor features (onion services): + - Add a warning message when trying to connect to (no longer + supported) v2 onion services. Closes ticket 40373. + + o Minor features (performance, windows): + - Use SRWLocks to implement locking on Windows. Replaces the + "critical section" locking implementation with the faster + SRWLocks, available since Windows Vista. Closes ticket 17927. + Patch by Daniel Pinto. + + o Minor features (protocol, proxy support, defense in depth): + - Close HAProxy connections if they somehow manage to send us data + before we start reading. Closes another case of ticket 40017. + + o Minor features (tests, portability): + - Port the hs_build_address.py test script to work with recent + versions of python. Closes ticket 40213. Patch from + Samanta Navarro. + + o Minor features (vote document): + - Add a "stats" line to directory authority votes, to report various + statistics that authorities compute about the relays. This will + help us diagnose the network better. Closes ticket 40314. + + o Minor bugfixes (build): + - The configure script now shows whether or not lzma and zstd have + been used, not just if the enable flag was passed in. Fixes bug + 40236; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (compatibility): + - Fix a failure in the test cases when running on the "hppa" + architecture, along with a related test that might fail on other + architectures in the future. Fixes bug 40274; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (compilation): + - Fix a compilation warning about unused functions when building + with a libc that lacks the GLOB_ALTDIRFUNC constant. Fixes bug + 40354; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. + + o Minor bugfixes (consensus handling): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (control, sandbox): + - Allow the control command SAVECONF to succeed when the seccomp + sandbox is enabled, and make SAVECONF keep only one backup file to + simplify implementation. Previously SAVECONF allowed a large + number of backup files, which made it incompatible with the + sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by + Daniel Pinto. + + o Minor bugfixes (directory authorities, voting): + - Add a new consensus method (31) to support any future changes that + authorities decide to make to the value of bwweightscale or + maxunmeasuredbw. Previously, there was a bug that prevented the + authorities from parsing these consensus parameters correctly under + most circumstances. Fixes bug 19011; bugfix on 0.2.2.10-alpha. + + o Minor bugfixes (ipv6): + - Allow non-SOCKSPorts to disable IPv4, IPv6, and PreferIPv4. Some + rare configurations might break, but in this case you can disable + NoIPv4Traffic and NoIPv6Traffic as needed. Fixes bug 33607; bugfix + on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (key generation): + - Do not require a valid torrc when using the `--keygen` argument to + generate a signing key. This allows us to generate keys on systems + or users which may not run Tor. Fixes bug 40235; bugfix on + 0.2.7.2-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (logging, relay): + - Emit a warning if an Address is found to be internal and tor can't + use it. Fixes bug 40290; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (metrics port): + - Fix a bug that made tor try to re-bind() on an already open + MetricsPort every 60 seconds. Fixes bug 40370; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (onion services, logging): + - Downgrade the severity of a few rendezvous circuit-related + warnings from warning to info. Fixes bug 40207; bugfix on + 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW. + This should reduce the CPU and memory burden for directory caches. + Fixes bug 40301; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, BSD): + - Fix pattern-matching errors when patterns expand to invalid paths + on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by + Daniel Pinto. + + o Code simplification and refactoring: + - Remove the orconn_ext_or_id_map structure and related functions. + (Nothing outside of unit tests used them.) Closes ticket 33383. + Patch by Neel Chauhan. + + o Removed features: + - Remove unneeded code for parsing private keys in directory + documents. This code was only used for client authentication in v2 + onion services, which are now unsupported. Closes ticket 40374. + - As of this release, Tor no longer supports the old v2 onion + services. They were deprecated last July for security, and support + will be removed entirely later this year. We strongly encourage + everybody to migrate to v3 onion services. For more information, + see https://blog.torproject.org/v2-deprecation-timeline . Closes + ticket 40266. (NOTE: We accidentally released an earlier version + of the 0.4.6.1-alpha changelog without this entry. Sorry for + the confusion!) + + o Code simplification and refactoring (metrics, DoS): + - Move the DoS subsystem into the subsys manager, including its + configuration options. Closes ticket 40261. + + o Documentation (manual): + - Move the ServerTransport* options to the "SERVER OPTIONS" section. + Closes issue 40331. + - Indicate that the HiddenServiceStatistics option also applies to + bridges. Closes ticket 40346. + - Move the description of BridgeRecordUsageByCountry to the section + "STATISTICS OPTIONS". Closes ticket 40323. + + o Removed features (relay): + - Because DirPorts are only used on authorities, relays no longer + advertise them. Similarly, self-testing for DirPorts has been + disabled, since an unreachable DirPort is no reason for a relay + not to advertise itself. (Configuring a DirPort will still work, + for now.) Closes ticket 40282. + + +Changes in version 0.4.5.9 - 2021-06-14 + Tor 0.4.5.9 fixes several security issues, including a + denial-of-service attack against onion service clients, and another + denial-of-service attack against relays. Everybody should upgrade to + one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + o Major bugfixes (security, backport from 0.4.6.5): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service, backport from 0.4.6.5): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor features (compatibility, backport from 0.4.6.4-rc): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor bugfixes (control, sandbox, backport from 0.4.6.4-rc): + - Allow the control command SAVECONF to succeed when the seccomp + sandbox is enabled, and make SAVECONF keep only one backup file to + simplify implementation. Previously SAVECONF allowed a large + number of backup files, which made it incompatible with the + sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by + Daniel Pinto. + + o Minor bugfixes (metrics port, backport from 0.4.6.4-rc): + - Fix a bug that made tor try to re-bind() on an already open + MetricsPort every 60 seconds. Fixes bug 40370; bugfix + on 0.4.5.1-alpha. + + +Changes in version 0.4.4.9 - 2021-06-14 + Tor 0.4.4.9 fixes several security issues, including a + denial-of-service attack against onion service clients, and another + denial-of-service attack against relays. Everybody should upgrade to + one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + Note that the scheduled end-of-life date for the Tor 0.4.4.x series is + June 15. This is therefore the last release in its series. Everybody + still running 0.4.4.x should plan to upgrade to 0.4.5.x or later. + + o Major bugfixes (security, backport from 0.4.6.5): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service, backport from 0.4.6.5): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor features (compatibility, backport from 0.4.6.4-rc): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + +Changes in version 0.3.5.15 - 2021-06-14 + Tor 0.3.5.15 fixes several security issues, including a + denial-of-service attack against onion service clients, and another + denial-of-service attack against relays. Everybody should upgrade to + one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + o Major bugfixes (security, backport from 0.4.6.5): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth, backport from 0.4.6.5): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service, backport from 0.4.6.5): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + o Minor features (compatibility, backport from 0.4.6.4-rc): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + +Changes in version 0.4.5.8 - 2021-05-10 + Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes + from the 0.4.6.x series. + + o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc): + - Add a workaround to enable the Linux sandbox to work correctly + with Glibc 2.33. This version of Glibc has started using the + fstatat() system call, which previously our sandbox did not allow. + Closes ticket 40382; see the ticket for a discussion of trade-offs. + + o Minor features (compilation, backport from 0.4.6.3-rc): + - Make the autoconf script build correctly with autoconf versions + 2.70 and later. Closes part of ticket 40335. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/05/07. + + o Minor features (onion services): + - Add warning message when connecting to now deprecated v2 onion + services. As announced, Tor 0.4.5.x is the last series that will + support v2 onions. Closes ticket 40373. + + o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha): + - Fix a regression that made it impossible start Tor using a bridge + line with a transport name and no fingerprint. Fixes bug 40360; + bugfix on 0.4.5.4-rc. + + o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc): + - Allow a custom "ar" for cross-compilation. Our previous build + script had used the $AR environment variable in most places, but + it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (controller, backport from 0.4.6.1-alpha): + - Fix a "BUG" warning that would appear when a controller chooses + the first hop for a circuit, and that circuit completes. Fixes bug + 40285; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, client, memory leak, backport from 0.4.6.3-rc): + - Fix a bug where an expired cached descriptor could get overwritten + with a new one without freeing it, leading to a memory leak. Fixes + bug 40356; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha): + - Fix pattern-matching errors when patterns expand to invalid paths + on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by + Daniel Pinto. + + +Changes in version 0.3.5.14 - 2021-03-16 + Tor 0.3.5.14 backports fixes for two important denial-of-service bugs + in earlier versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a + compatibility issue. + + o Major bugfixes (security, denial of service, backport from 0.4.5.7): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data, backport from 0.4.5.7): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Removed features (mallinfo deprecated, backport from 0.4.5.7): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.4.8 - 2021-03-16 + Tor 0.4.4.8 backports fixes for two important denial-of-service bugs + in earlier versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a + compatibility issue. + + o Major bugfixes (security, denial of service, backport from 0.4.5.7): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data, backport from 0.4.5.7): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Removed features (mallinfo deprecated, backport from 0.4.5.7): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.5.7 - 2021-03-16 + Tor 0.4.5.7 fixes two important denial-of-service bugs in earlier + versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a few + smaller bugs in earlier releases. + + o Major bugfixes (security, denial of service): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Minor bugfixes (directory authority): + - Now that exit relays don't allow exit connections to directory + authority DirPorts (to prevent network reentry), disable + authorities' reachability self test on the DirPort. Fixes bug + 40287; bugfix on 0.4.5.5-rc. + + o Minor bugfixes (documentation): + - Fix a formatting error in the documentation for + VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (Linux, relay): + - Fix a bug in determining total available system memory that would + have been triggered if the format of Linux's /proc/meminfo file + had ever changed to include "MemTotal:" in the middle of a line. + Fixes bug 40315; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (metrics port): + - Fix a BUG() warning on the MetricsPort for an internal missing + handler. Fixes bug 40295; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (onion service): + - Remove a harmless BUG() warning when reloading tor configured with + onion services. Fixes bug 40334; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (portability): + - Fix a non-portable usage of "==" with "test" in the configure + script. Fixes bug 40298; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay): + - Remove a spammy log notice falsely claiming that the IPv4/v6 + address was missing. Fixes bug 40300; bugfix on 0.4.5.1-alpha. + - Do not query the address cache early in the boot process when + deciding if a relay needs to fetch early directory information + from an authority. This bug resulted in a relay falsely believing + it didn't have an address and thus triggering an authority fetch + at each boot. Related to our fix for 40300. + + o Removed features (mallinfo deprecated): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.5.6 - 2021-02-15 + The Tor 0.4.5.x release series is dedicated to the memory of Karsten + Loesing (1979-2020), Tor developer, cypherpunk, husband, and father. + Karsten is best known for creating the Tor metrics portal and leading + the metrics team, but he was involved in Tor from the early days. For + example, while he was still a student he invented and implemented the + v2 onion service directory design, and he also served as an ambassador + to the many German researchers working in the anonymity field. We + loved him and respected him for his patience, his consistency, and his + welcoming approach to growing our community. + + This release series introduces significant improvements in relay IPv6 + address discovery, a new "MetricsPort" mechanism for relay operators + to measure performance, LTTng support, build system improvements to + help when using Tor as a static library, and significant bugfixes + related to Windows relay performance. It also includes numerous + smaller features and bugfixes. + + Below are the changes since 0.4.4.7. For a list of changes since + 0.4.5.5-rc, see the ChangeLog file. + + o Major features (build): + - When building Tor, first link all object files into a single + static library. This may help with embedding Tor in other + programs. Note that most Tor functions do not constitute a part of + a stable or supported API: only those functions in tor_api.h + should be used if embedding Tor. Closes ticket 40127. + + o Major features (metrics): + - Introduce a new MetricsPort which exposes, through an HTTP + interface, a series of metrics that tor collects at runtime. At + the moment, the only supported output format is Prometheus data + model. Closes ticket 40063. See the manual page for more + information and security considerations. + + o Major features (relay, IPv6): + - The torrc option Address now supports IPv6. This unifies our + address discovery interface to support IPv4, IPv6, and hostnames. + Closes ticket 33233. + - Launch IPv4 and IPv6 ORPort self-test circuits on relays and + bridges. Closes ticket 33222. + - Relays now automatically bind on IPv6 for their ORPort, unless + specified otherwise with the IPv4Only flag. Closes ticket 33246. + - When a relay with IPv6 support is told to open a connection to + another relay, and the extend cell lists both IPv4 and IPv6 + addresses, the first relay now picks randomly which address to + use. Closes ticket 33220. + - Relays now track their IPv6 ORPort reachability separately from + the reachability of their IPv4 ORPort. They will not publish a + descriptor unless _both_ ports appear to be externally reachable. + Closes ticket 34067. + + o Major features (tracing): + - Add event-tracing library support for USDT and LTTng-UST, and a + few tracepoints in the circuit subsystem. More will come + incrementally. This feature is compiled out by default: it needs + to be enabled at configure time. See documentation in + doc/HACKING/Tracing.md. Closes ticket 32910. + + o Major bugfixes (directory cache, performance, windows): + - Limit the number of items in the consensus diff cache to 64 on + Windows. We hope this will mitigate an issue where Windows relay + operators reported Tor using 100% CPU, while we investigate better + solutions. Fixes bug 24857; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (relay, windows): + - Fix a bug in our implementation of condition variables on Windows. + Previously, a relay on Windows would use 100% CPU after running + for some time. Because of this change, Tor now require Windows + Vista or later to build and run. Fixes bug 30187; bugfix on + 0.2.6.3-alpha. (This bug became more serious in 0.3.1.1-alpha with + the introduction of consensus diffs.) Patch by Daniel Pinto. + + o Major bugfixes (TLS, buffer): + - When attempting to read N bytes on a TLS connection, really try to + read all N bytes. Previously, Tor would stop reading after the + first TLS record, which can be smaller than the N bytes requested, + and not check for more data until the next mainloop event. Fixes + bug 40006; bugfix on 0.1.0.5-rc. + + o Minor features (address discovery): + - If no Address statements are found, relays now prioritize guessing + their address by looking at the local interface instead of the + local hostname. If the interface address can't be found, the local + hostname is used. Closes ticket 33238. + + o Minor features (admin tools): + - Add a new --format argument to -key-expiration option to allow + specifying the time format of the expiration date. Adds Unix + timestamp format support. Patch by Daniel Pinto. Closes + ticket 30045. + + o Minor features (authority, logging): + - Log more information for directory authority operators during the + consensus voting process, and while processing relay descriptors. + Closes ticket 40245. + + o Minor features (bootstrap reporting): + - When reporting bootstrapping status on a relay, do not consider + connections that have never been the target of an origin circuit. + Previously, all connection failures were treated as potential + bootstrapping failures, including connections that had been opened + because of client requests. Closes ticket 25061. + + o Minor features (build): + - When running the configure script, try to detect version + mismatches between the OpenSSL headers and libraries, and suggest + that the user should try "--with-openssl-dir". Closes 40138. + - If the configure script has given any warnings, remind the user + about them at the end of the script. Related to 40138. + + o Minor features (configuration): + - Allow using wildcards (* and ?) with the %include option on + configuration files. Closes ticket 25140. Patch by Daniel Pinto. + - Allow the configuration options EntryNodes, ExcludeNodes, + ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and + HSLayer3Nodes to be specified multiple times. Closes ticket 28361. + Patch by Daniel Pinto. + + o Minor features (control port): + - Add a DROPTIMEOUTS command to drop circuit build timeout history + and reset the current timeout. Closes ticket 40002. + - When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status, + send a control port event. Closes ticket 32190. Patch by + Neel Chauhan. + - Introduce GETINFO "stats/ntor/{assigned/requested}" and + "stats/tap/{assigned/requested}" to get the NTor and TAP circuit + onion handshake counts respectively. Closes ticket 28279. Patch by + Neel Chauhan. + + o Minor features (control port, IPv6): + - Tor relays now try to report to the controller when they are + launching an IPv6 self-test. Closes ticket 34068. + - Introduce "GETINFO address/v4" and "GETINFO address/v6" in the + control port to fetch the Tor host's respective IPv4 or IPv6 + address. We keep "GETINFO address" for backwards-compatibility. + Closes ticket 40039. Patch by Neel Chauhan. + + o Minor features (directory authorities): + - Add a new consensus method 30 that removes the unnecessary "=" + padding from ntor-onion-key. Closes ticket 7869. Patch by + Daniel Pinto. + - Directory authorities now reject descriptors from relays running + Tor versions from the obsolete 0.4.1 series. Resolves ticket + 34357. Patch by Neel Chauhan. + - The AssumeReachable option no longer stops directory authorities + from checking whether other relays are running. A new + AuthDirTestReachability option can be used to disable these + checks. Closes ticket 34445. + - When looking for possible Sybil attacks, also consider IPv6 + addresses. Two routers are considered to have "the same" address + by this metric if they are in the same /64 network. Patch from + Maurice Pibouin. Closes ticket 7193. + + o Minor features (directory authorities, IPv6): + - Make authorities add their IPv6 ORPort (if any) to the trusted + servers list. Authorities previously added only their IPv4 + addresses. Closes ticket 32822. + + o Minor features (documentation): + - Mention the "!badexit" directive that can appear in an authority's + approved-routers file, and update the description of the + "!invalid" directive. Closes ticket 40188. + + o Minor features (ed25519, relay): + - Save a relay's base64-encoded ed25519 identity key to the data + directory in a file named fingerprint-ed25519. Closes ticket + 30642. Patch by Neel Chauhan. + + o Minor features (heartbeat): + - Include the total number of inbound and outbound IPv4 and IPv6 + connections in the heartbeat message. Closes ticket 29113. + + o Minor features (IPv6, ExcludeNodes): + - Handle IPv6 addresses in ExcludeNodes; previously they were + ignored. Closes ticket 34065. Patch by Neel Chauhan. + + o Minor features (logging): + - Add the running glibc version to the log, and the compiled glibc + version to the library list returned when using --library-versions. + Patch from Daniel Pinto. Closes ticket 40047. + - Consider an HTTP 301 response to be an error (like a 404) when + processing a directory response. Closes ticket 40053. + - Log directory fetch statistics as a single line. Closes + ticket 40159. + - Provide more complete descriptions of our connections when logging + about them. Closes ticket 40041. + - When describing a relay in the logs, we now include its ed25519 + identity. Closes ticket 22668. + + o Minor features (onion services): + - Only overwrite an onion service's existing hostname file if its + contents are wrong. This enables read-only onion-service + directories. Resolves ticket 40062. Patch by Neel Chauhan. + + o Minor features (pluggable transports): + - Add an OutboundBindAddressPT option to allow users to specify + which IPv4 and IPv6 address pluggable transports should use for + outgoing IP packets. Tor does not have a way to enforce that the + pluggable transport honors this option, so each pluggable transport + needs to implement support on its own. Closes ticket 5304. + + o Minor features (protocol, proxy support, defense in depth): + - Respond more deliberately to misbehaving proxies that leave + leftover data on their connections, so as to make Tor even less + likely to allow the proxies to pass their data off as having come + from a relay. Closes ticket 40017. + + o Minor features (relay address tracking): + - We now store relay addresses for OR connections in a more logical + way. Previously we would sometimes overwrite the actual address of + a connection with a "canonical address", and then store the "real + address" elsewhere to remember it. We now track the "canonical + address" elsewhere for the cases where we need it, and leave the + connection's address alone. Closes ticket 33898. + + o Minor features (relay): + - If a relay is unable to discover its address, attempt to learn it + from the NETINFO cell. Closes ticket 40022. + - Log immediately when launching a relay self-check. Previously we + would try to log before launching checks, or approximately when we + intended to launch checks, but this tended to be error-prone. + Closes ticket 34137. + + o Minor features (relay, address discovery): + - If Address option is not found in torrc, attempt to learn our + address with the configured ORPort address if any. Closes + ticket 33236. + + o Minor features (relay, IPv6): + - Add an AssumeReachableIPv6 option to disable self-checking IPv6 + reachability. Closes part of ticket 33224. + - Add new "assume-reachable" and "assume-reachable-ipv6" consensus + parameters to be used in an emergency to tell relays that they + should publish even if they cannot complete their ORPort self- + checks. Closes ticket 34064 and part of 33224. + - Allow relays to send IPv6-only extend cells. Closes ticket 33222. + - Declare support for the Relay=3 subprotocol version. Closes + ticket 33226. + - When launching IPv6 ORPort self-test circuits, make sure that the + second-last hop can initiate an IPv6 extend. Closes ticket 33222. + + o Minor features (safety): + - Log a warning at startup if Tor is built with compile-time options + that are likely to make it less stable or reliable. Closes + ticket 18888. + + o Minor features (specification update): + - Several fields in microdescriptors, router descriptors, and + consensus documents that were formerly optional are now required. + Implements proposal 315; closes ticket 40132. + + o Minor features (state management): + - When loading the state file, remove entries from the statefile + that have been obsolete for a long time. Ordinarily Tor preserves + unrecognized entries in order to keep forward-compatibility, but + these entries have not actually been used in any release since + before 0.3.5.x. Closes ticket 40137. + + o Minor features (statistics, ipv6): + - Relays now publish IPv6-specific counts of single-direction versus + bidirectional relay connections. Closes ticket 33264. + - Relays now publish their IPv6 read and write statistics over time, + if statistics are enabled. Closes ticket 33263. + + o Minor features (subprotocol versions): + - Use the new limitations on subprotocol versions due to proposal + 318 to simplify our implementation. Part of ticket 40133. + + o Minor features (testing configuration): + - The TestingTorNetwork option no longer implicitly sets + AssumeReachable to 1. This change allows us to test relays' self- + testing mechanisms, and to test authorities' relay-testing + functionality. Closes ticket 34446. + + o Minor features (testing): + - Added unit tests for channel_matches_target_addr_for_extend(). + Closes Ticket 33919. Patch by MrSquanchee. + + o Minor bugfixes (circuit padding): + - When circpad_send_padding_cell_for_callback is called, + `is_padding_timer_scheduled` flag was not reset. Now it is set to + 0 at the top of that function. Fixes bug 32671; bugfix + on 0.4.0.1-alpha. + - Add a per-circuit padding machine instance counter, so we can + differentiate between shutdown requests for old machines on a + circuit. Fixes bug 30992; bugfix on 0.4.1.1-alpha. + - Add the ability to keep circuit padding machines if they match a + set of circuit states or purposes. This allows us to have machines + that start up under some conditions but don't shut down under + others. We now use this mask to avoid starting up introduction + circuit padding again after the machines have already completed. + Fixes bug 32040; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (circuit, handshake): + - In the v3 handshaking code, use connection_or_change_state() to + change the state. Previously, we changed the state directly, but + this did not pass the state change to the pubsub or channel + objects, potentially leading to bugs. Fixes bug 32880; bugfix on + 0.2.3.6-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (compilation): + - Change the linker flag ordering in our library search code so that + it works for compilers that need the libraries to be listed in the + right order. Fixes bug 33624; bugfix on 0.1.1.0-alpha. + - Fix the "--enable-static-tor" switch to properly set the "-static" + compile option onto the tor binary only. Fixes bug 40111; bugfix + on 0.2.3.1-alpha. + + o Minor bugfixes (configuration): + - Exit Tor on a misconfiguration when the Bridge line is configured + to use a transport but no corresponding ClientTransportPlugin can + be found. Prior to this fix, Tor would attempt to connect to the + bridge directly without using the transport, making it easier for + adversaries to notice the bridge. Fixes bug 25528; bugfix + on 0.2.6.1-alpha. + + o Minor bugfixes (control port): + - Make sure we send the SOCKS request address in relay begin cells + when a stream is attached with the purpose + CIRCUIT_PURPOSE_CONTROLLER. Fixes bug 33124; bugfix on 0.0.5. + Patch by Neel Chauhan. + + o Minor bugfixes (crash, relay, signing key): + - Avoid assertion failures when we run Tor from the command line + with `--key-expiration sign`, but an ORPort is not set. Fixes bug + 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (logging): + - Avoid a spurious log message about missing subprotocol versions, + when the consensus that we're reading from is older than the + current release. Previously we had made this message nonfatal, but + in practice, it is never relevant when the consensus is older than + the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. + - Remove trailing whitespace from control event log messages. Fixes + bug 32178; bugfix on 0.1.1.1-alpha. Based on a patch by + Amadeusz Pawlik. + - Turn warning-level log message about SENDME failure into a debug- + level message. (This event can happen naturally, and is no reason + for concern). Fixes bug 40142; bugfix on 0.4.1.1-alpha. + - When logging a rate-limited message about how many messages have + been suppressed in the last N seconds, give an accurate value for + N, rounded up to the nearest minute. Previously we would report + the size of the rate-limiting interval, regardless of when the + messages started to occur. Fixes bug 19431; bugfix + on 0.2.2.16-alpha. + + o Minor bugfixes (onion services): + - Avoid a non-fatal assertion in certain edge-cases when + establishing a circuit to an onion service. Fixes bug 32666; + bugfix on 0.3.0.3-alpha. + + o Minor bugfixes (rust, protocol versions): + - Declare support for the onion service introduction point denial of + service extensions when building with Rust. Fixes bug 34248; + bugfix on 0.4.2.1-alpha. + - Make Rust protocol version support checks consistent with the + undocumented error behavior of the corresponding C code. Fixes bug + 34251; bugfix on 0.3.3.5-rc. + + o Minor bugfixes (self-testing): + - When receiving an incoming circuit, only accept it as evidence + that we are reachable if the declared address of its channel is + the same address we think that we have. Otherwise, it could be + evidence that we're reachable on some other address. Fixes bug + 20165; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (spec conformance): + - Use the correct key type when generating signing->link + certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (subprotocol versions): + - Consistently reject extra commas, instead of only rejecting + leading commas. Fixes bug 27194; bugfix on 0.2.9.4-alpha. + - In summarize_protover_flags(), treat empty strings the same as + NULL. This prevents protocols_known from being set. Previously, we + treated empty strings as normal strings, which led to + protocols_known being set. Fixes bug 34232; bugfix on + 0.3.3.2-alpha. Patch by Neel Chauhan. + + o Code simplification and refactoring: + - Add and use a set of functions to perform down-casts on constant + connection and channel pointers. Closes ticket 40046. + - Refactor our code that logs descriptions of connections, channels, + and the peers on them, to use a single call path. This change + enables us to refactor the data types that they use, and eliminates + many confusing usages of those types. Closes ticket 40041. + - Refactor some common node selection code into a single function. + Closes ticket 34200. + - Remove the now-redundant 'outbuf_flushlen' field from our + connection type. It was previously used for an older version of + our rate-limiting logic. Closes ticket 33097. + - Rename "fascist_firewall_*" identifiers to "reachable_addr_*" + instead, for consistency with other code. Closes ticket 18106. + - Rename functions about "advertised" ports which are not in fact + guaranteed to return the ports that have been advertised. Closes + ticket 40055. + - Split implementation of several command line options from + options_init_from_torrc into smaller isolated functions. Patch by + Daniel Pinto. Closes ticket 40102. + - When an extend cell is missing an IPv4 or IPv6 address, fill in + the address from the extend info. This is similar to what was done + in ticket 33633 for ed25519 keys. Closes ticket 33816. Patch by + Neel Chauhan. + + o Deprecated features: + - The "non-builtin" argument to the "--dump-config" command is now + deprecated. When it works, it behaves the same as "short", which + you should use instead. Closes ticket 33398. + + o Documentation: + - Replace URLs from our old bugtracker so that they refer to the new + bugtracker and wiki. Closes ticket 40101. + + o Removed features: + - We no longer ship or build a "tor.service" file for use with + systemd. No distribution included this script unmodified, and we + don't have the expertise ourselves to maintain this in a way that + all the various systemd-based distributions can use. Closes + ticket 30797. + - We no longer ship support for the Android logging API. Modern + versions of Android can use the syslog API instead. Closes + ticket 32181. + - The "optimistic data" feature is now always on; there is no longer + an option to disable it from the torrc file or from the consensus + directory. Closes part of 40139. + - The "usecreatefast" network parameter is now removed; there is no + longer an option for authorities to turn it off. Closes part + of 40139. + + o Testing: + - Add unit tests for bandwidth statistics manipulation functions. + Closes ticket 33812. Patch by MrSquanchee. + + o Code simplification and refactoring (autoconf): + - Remove autoconf checks for unused funcs and headers. Closes ticket + 31699; Patch by @bduszel + + o Code simplification and refactoring (maintainer scripts): + - Disable by default the pre-commit hook. Use the environment + variable TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. + Furthermore, stop running practracker in the pre-commit hook and + make check-local. Closes ticket 40019. + + o Code simplification and refactoring (relay address): + - Most of IPv4 representation was using "uint32_t". It has now been + moved to use the internal "tor_addr_t" interface instead. This is + so we can properly integrate IPv6 along IPv4 with common + interfaces. Closes ticket 40043. + + o Documentation (manual page): + - Move them from doc/ to doc/man/. Closes ticket 40044. + - Describe the status of the "Sandbox" option more accurately. It is + no longer "experimental", but it _is_ dependent on kernel and libc + versions. Closes ticket 23378. + + o Documentation (tracing): + - Document in depth the circuit subsystem trace events in the new + doc/tracing/EventsCircuit.md. Closes ticket 40036. + + o Removed features (controller): + - Remove the "GETINFO network-status" controller command. It has + been deprecated since 0.3.1.1-alpha. Closes ticket 22473. + + +Changes in version 0.4.4.7 - 2021-02-03 + Tor 0.4.4.7 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.4.3.8 - 2021-02-03 + Tor 0.4.3.8 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + Note that this is, in all likelihood, the last release of Tor 0.4.3.x, + which will reach end-of-life on 15 Feb 2021. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major bugfixes (stats, onion services, backport from 0.4.4.5): + - Fix a bug where we were undercounting the Tor network's total + onion service traffic, by ignoring any traffic originating from + clients. Now we count traffic from both clients and services. + Fixes bug 40117; bugfix on 0.2.6.2-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.1-rc): + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.3.5.13 - 2020-02-03 + Tor 0.3.5.13 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major bugfixes (stats, onion services, backport from 0.4.4.5): + - Fix a bug where we were undercounting the Tor network's total + onion service traffic, by ignoring any traffic originating from + clients. Now we count traffic from both clients and services. + Fixes bug 40117; bugfix on 0.2.6.2-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.1-rc): + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + Changes in version 0.4.4.6 - 2020-11-12 Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It backports fixes from later releases, including a fix for TROVE-2020- @@ -2349,7 +4629,7 @@ Changes in version 0.4.2.5 - 2019-12-09 uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha. - Disable backtrace signal handlers when shutting down tor. Fixes bug 31614; bugfix on 0.2.5.2-alpha. - - Rate-limit our the logging message about the obsolete .exit + - Rate-limit the logging message about the obsolete .exit notation. Previously, there was no limit on this warning, which could potentially be triggered many times by a hostile website. Fixes bug 31466; bugfix on 0.2.2.1-alpha. @@ -2694,7 +4974,7 @@ Changes in version 0.4.1.7 - 2019-12-09 uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha. - Disable backtrace signal handlers when shutting down tor. Fixes bug 31614; bugfix on 0.2.5.2-alpha. - - Rate-limit our the logging message about the obsolete .exit + - Rate-limit the logging message about the obsolete .exit notation. Previously, there was no limit on this warning, which could potentially be triggered many times by a hostile website. Fixes bug 31466; bugfix on 0.2.2.1-alpha. @@ -2997,7 +5277,7 @@ Changes in version 0.4.0.6 - 2019-12-09 on 0.1.1.10-alpha. o Minor bugfixes (logging, backport from 0.4.2.2-alpha): - - Rate-limit our the logging message about the obsolete .exit + - Rate-limit the logging message about the obsolete .exit notation. Previously, there was no limit on this warning, which could potentially be triggered many times by a hostile website. Fixes bug 31466; bugfix on 0.2.2.1-alpha. @@ -3031,7 +5311,7 @@ Changes in version 0.4.0.6 - 2019-12-09 o Minor bugfixes (onion services, backport from 0.4.1.1-alpha): - Avoid a GCC 9.1.1 warning (and possible crash depending on libc - implemenation) when failing to load an onion service client + implementation) when failing to load an onion service client authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. o Minor bugfixes (out-of-memory handler, backport from 0.4.1.2-alpha): @@ -3424,7 +5704,7 @@ Changes in version 0.3.5.9 - 2019-12-09 on 0.1.1.10-alpha. o Minor bugfixes (logging, backport from 0.4.2.2-alpha): - - Rate-limit our the logging message about the obsolete .exit + - Rate-limit the logging message about the obsolete .exit notation. Previously, there was no limit on this warning, which could potentially be triggered many times by a hostile website. Fixes bug 31466; bugfix on 0.2.2.1-alpha. @@ -3462,7 +5742,7 @@ Changes in version 0.3.5.9 - 2019-12-09 o Minor bugfixes (onion services, backport from 0.4.1.1-alpha): - Avoid a GCC 9.1.1 warning (and possible crash depending on libc - implemenation) when failing to load an onion service client + implementation) when failing to load an onion service client authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. o Minor bugfixes (out-of-memory handler, backport from 0.4.1.2-alpha): @@ -4071,7 +6351,7 @@ Changes in version 0.4.1.5 - 2019-08-20 o Minor bugfixes (onion services): - Avoid a GCC 9.1.1 warning (and possible crash depending on libc - implemenation) when failing to load an onion service client + implementation) when failing to load an onion service client authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. - When refusing to launch a controller's HSFETCH request because of rate-limiting, respond to the controller with a new response, @@ -4326,14 +6606,6 @@ Changes in version 0.4.0.5 - 2019-05-02 handshake with one another when these ciphersuites were enabled. Fixes bug 29241; bugfix on 0.3.5.1-alpha. - o Major bugfixes (windows, startup): - - When reading a consensus file from disk, detect whether it was - written in text mode, and re-read it in text mode if so. Always - write consensus files in binary mode so that we can map them into - memory later. Previously, we had written in text mode, which - confused us when we tried to map the file on windows. Fixes bug - 28614; bugfix on 0.4.0.1-alpha. - o Minor features (address selection): - Treat the subnet 100.64.0.0/10 as public for some purposes; private for others. This subnet is the RFC 6598 (Carrier Grade @@ -4570,8 +6842,6 @@ Changes in version 0.4.0.5 - 2019-05-02 on 0.3.0.1-alpha. o Minor bugfixes (compilation): - - Fix compilation warnings in test_circuitpadding.c. Fixes bug - 29169; bugfix on 0.4.0.1-alpha. - Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug 29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn. - Compile correctly on OpenBSD; previously, we were missing some @@ -4612,10 +6882,6 @@ Changes in version 0.4.0.5 - 2019-05-02 of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn. - o Minor bugfixes (linux seccomp sandbox): - - Fix startup crash when experimental sandbox support is enabled. - Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber. - o Minor bugfixes (logging): - Correct a misleading error message when IPv4Only or IPv6Only is used but the resolved address can not be interpreted as an address @@ -4699,11 +6965,6 @@ Changes in version 0.4.0.5 - 2019-05-02 of our circuit scheduling code. Fixes bug 29508; bugfix on 0.3.2.10. - o Minor bugfixes (shellcheck): - - Look for scripts in their correct locations during "make - shellcheck". Previously we had looked in the wrong place during - out-of-tree builds. Fixes bug 30263; bugfix on 0.4.0.1-alpha. - o Minor bugfixes (single onion services): - Allow connections to single onion services to remain idle without being disconnected. Previously, relays acting as rendezvous points @@ -4731,14 +6992,6 @@ Changes in version 0.4.0.5 - 2019-05-02 29530; bugfix on 0.3.5.8. - Fix our gcov wrapper script to look for object files at the correct locations. Fixes bug 29435; bugfix on 0.3.5.1-alpha. - - Decrease the false positive rate of stochastic probability - distribution tests. Fixes bug 29693; bugfix on 0.4.0.1-alpha. - - Fix intermittent failures on an adaptive padding test. Fixes one - case of bug 29122; bugfix on 0.4.0.1-alpha. - - Disable an unstable circuit-padding test that was failing - intermittently because of an ill-defined small histogram. Such - histograms will be allowed again after 29298 is implemented. Fixes - a second case of bug 29122; bugfix on 0.4.0.1-alpha. - Detect and suppress "bug" warnings from the util/time test on Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha. - Do not log an error-level message if we fail to find an IPv6 @@ -4748,8 +7001,6 @@ Changes in version 0.4.0.5 - 2019-05-02 objects in test_build_descriptors(), we now deallocate them one by one. This lets Coverity know that we are not leaking memory there and fixes CID 1442277. Fixes bug 28989; bugfix on 0.3.5.1-alpha. - - Check the time in the "Expires" header using approx_time(). Fixes - bug 30001; bugfix on 0.4.0.4-rc. o Minor bugfixes (TLS protocol): - When classifying a client's selection of TLS ciphers, if the @@ -4760,10 +7011,6 @@ Changes in version 0.4.0.5 - 2019-05-02 was causing Stem integration tests to stall in some cases. Fixes bug 30021; bugfix on 0.2.4.8-alpha. - o Minor bugfixes (UI): - - Lower log level of unlink() errors during bootstrap. Fixes bug - 29930; bugfix on 0.4.0.1-alpha. - o Minor bugfixes (usability): - Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate(). Some users took this phrasing to mean that the mentioned guard was diff --git a/changes/40241 b/changes/40241 deleted file mode 100644 index c9b2e2c011..0000000000 --- a/changes/40241 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation warning about unreachable fallthrough annotations - when building with "--enable-all-bugs-are-fatal" on some compilers. - Fixes bug 40241; bugfix on 0.3.5.4-alpha. diff --git a/changes/40241_v2 b/changes/40241_v2 deleted file mode 100644 index 85038297f7..0000000000 --- a/changes/40241_v2 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix another warning about unreachable fallthrough annotations - when building with "--enable-all-bugs-are-fatal" on some compilers. - Fixes bug 40241; bugfix on 0.4.5.3-rc. diff --git a/changes/autoconf-2.70 b/changes/autoconf-2.70 deleted file mode 100644 index 27a9f243b1..0000000000 --- a/changes/autoconf-2.70 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (compilation): - - Make the autoconf script build correctly with autoconf versions 2.70 - and later. Closes part of ticket 40335. diff --git a/changes/bug24857 b/changes/bug24857 deleted file mode 100644 index ea9c763332..0000000000 --- a/changes/bug24857 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (directory cache, performance, windows): - - Limit the number of items in the consensus diff cache to 64 on Windows. - We hope this will resolve an issue where Windows relay operators reported - Tor using 100% CPU while we investigate better solutions. Fixes bug 24857; - bugfix on 0.3.1.1-alpha. - diff --git a/changes/bug30187 b/changes/bug30187 deleted file mode 100644 index 2a3358d6be..0000000000 --- a/changes/bug30187 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (relay, windows): - - Fix bug where running a relay on Windows would use 100% - CPU after some time. Makes Windows >= Vista the required - Windows version to build and run tor. Fixes bug 30187; - bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. diff --git a/changes/bug32666 b/changes/bug32666 deleted file mode 100644 index d487b22148..0000000000 --- a/changes/bug32666 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion services): - - Avoid a non-fatal assertion in certain edge-cases when establishing a - circuit to onion service. Fixes bug 32666; bugfix on 0.3.0.3-alpha. diff --git a/changes/bug32880 b/changes/bug32880 deleted file mode 100644 index a25cabb7dc..0000000000 --- a/changes/bug32880 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (circuit, handshake): - - In the v3 handshaking code, Use connection_or_change_state() to change - the state. Previously, we changed the state directly, but this did not - pass a state change to the pubsub or channel object. Fixes bug 32880; - bugfix on 0.2.3.6-alpha. Patch by Neel Chauhan. diff --git a/changes/bug40015 b/changes/bug40015 deleted file mode 100644 index 1d190df751..0000000000 --- a/changes/bug40015 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (crash, relay, signing key): - - Avoid asserts when we run Tor from the command line with - `--key-expiration sign` when an ORPort is not set. Fixes - bug 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. diff --git a/changes/bug40017 b/changes/bug40017 deleted file mode 100644 index 3f5c2da968..0000000000 --- a/changes/bug40017 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (protocol, proxy support, defense in depth): - - Respond more deliberately to misbehaving proxies that leave leftover - data on their connections, so as to be even less likely as to allow - them to pass their data off as having come from a relay. - Closes ticket 40017. diff --git a/changes/bug40078 b/changes/bug40078 deleted file mode 100644 index 717309e076..0000000000 --- a/changes/bug40078 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (crypto): - - Disable the unused batch verification feature of ed25519-donna. Fixes - bug 40078; bugfix on 0.2.6.1-alpha. Found by Henry de Valence.
\ No newline at end of file diff --git a/changes/bug40172 b/changes/bug40172 deleted file mode 100644 index a73fcb39a3..0000000000 --- a/changes/bug40172 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation issue in which the correct 'ranlib' program was not - used when building libtor.a. Fixes bug 40172; bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40175 b/changes/bug40175 deleted file mode 100644 index aa2ce9566f..0000000000 --- a/changes/bug40175 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (logging, diagnostic): - - Log decompression failures at a higher severity level, since they - can help provide missing context for other warning messages. - We rate-limit these messages, to avoid flooding the logs if they - begin to occur frequently. Closes ticket 40175. diff --git a/changes/bug40177 b/changes/bug40177 deleted file mode 100644 index b08be64e47..0000000000 --- a/changes/bug40177 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compilation): - - Remove a duplicate typedef in metrics_store.c. Fixes bug 40177; - bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40179_part1 b/changes/bug40179_part1 deleted file mode 100644 index c302373534..0000000000 --- a/changes/bug40179_part1 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing, portability): - - Fix our Python reference-implementation for the v3 onion service - handshake so that it works correctly with the version of hashlib provided - by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. diff --git a/changes/bug40179_part2 b/changes/bug40179_part2 deleted file mode 100644 index 15dc861321..0000000000 --- a/changes/bug40179_part2 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Fix the config/parse_tcp_proxy_line test so that it works correctly on - systems where the DNS provider hijacks invalid queries. - Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. diff --git a/changes/bug40187 b/changes/bug40187 deleted file mode 100644 index 563e4b4d76..0000000000 --- a/changes/bug40187 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Fix unit tests that used newly generated list of routers so that they - check them with respect to the date when they were generated, not - with respect to the current time. Fixes bug 40187; bugfix on - 0.4.5.1-alpha. diff --git a/changes/bug40190 b/changes/bug40190 deleted file mode 100644 index 0f3d6941dc..0000000000 --- a/changes/bug40190 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (SOCKS5): - - Handle partial socks5 messages correctly. Previously, our code would - send an incorrect error message if it got a socks5 request that wasn't - complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug40210 b/changes/bug40210 deleted file mode 100644 index f492262a11..0000000000 --- a/changes/bug40210 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (crypto): - - Fix undefined behavior on our Keccak library. The bug only appears on - platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result - in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to - Bernhard Übelacker, Arnd Bergmann and weasel for diagnosing this. diff --git a/changes/bug40238 b/changes/bug40238 deleted file mode 100644 index 35784a16bb..0000000000 --- a/changes/bug40238 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Reject obsolete router/extrainfo descs earlier and more quietly. - Fixes bug 40238; bugfix on 0.4.5.1-alpha.
\ No newline at end of file diff --git a/changes/bug40256_045 b/changes/bug40256_045 deleted file mode 100644 index 14e67659e0..0000000000 --- a/changes/bug40256_045 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (documentation): - - Fix a formatting error on the documentation for - VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha. diff --git a/changes/bug40281 b/changes/bug40281 deleted file mode 100644 index 0708039f04..0000000000 --- a/changes/bug40281 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (logging): - - Avoid a spurious log message about missing subprotocol versions, when - the consensus that we're reading from is older than the current - release. . Previously we had made this message nonfatal in this case, - but in practice, it is never relevant when the consensus is older than - the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. diff --git a/changes/bug40285_045 b/changes/bug40285_045 deleted file mode 100644 index db4f73cde0..0000000000 --- a/changes/bug40285_045 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (controller): - - Fix a "BUG" warning that would appear when a controller chooses the - first hop for a circuit, and that circuit completes. Fixes - bug 40285; bugfix on 0.3.2.1-alpha. diff --git a/changes/bug40287 b/changes/bug40287 deleted file mode 100644 index 5a9c899d52..0000000000 --- a/changes/bug40287 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (directory authority): - - Now that exit relays don't allow exit connections to directory authority - DirPorts (network reentry), disable authorities' reachability self test - on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc. diff --git a/changes/bug40298 b/changes/bug40298 deleted file mode 100644 index 8b8b0bbc12..0000000000 --- a/changes/bug40298 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (portability): - - Fix a non-portable usage of "==" with "test" in the configure script. - Fixes bug 40298; bugfix on 0.4.5.1-alpha. diff --git a/changes/bug40315 b/changes/bug40315 deleted file mode 100644 index 9e9c740d96..0000000000 --- a/changes/bug40315 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (Linux, relay): - - Fix a bug in determining total available system memory that would have - been triggered if the format of /proc/meminfo had ever changed - to include "MemTotal:" in the middle of a line. Fixes bug 40315; - bugfix on 0.2.5.4-alpha. diff --git a/changes/bug40316 b/changes/bug40316 deleted file mode 100644 index cd275b5c9c..0000000000 --- a/changes/bug40316 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (security, denial of service): - - Fix a bug in appending detached signatures to a pending consensus - document that could be used to crash a directory authority. - Fixes bug 40316; bugfix on 0.2.2.6-alpha. Tracked as - TROVE-2021-002 and CVE-2021-28090. diff --git a/changes/bug40317 b/changes/bug40317 deleted file mode 100644 index 18ec499a51..0000000000 --- a/changes/bug40317 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (control, sandbox): - - Allows the control command SAVECONF to succeed when the seccomp - sandbox is enabled. Makes SAVECONF keep only one backup file to - simplify implementation. Fixes bug 40317; bugfix on 0.2.5.4-alpha. - Patch by Daniel Pinto. diff --git a/changes/bug40318 b/changes/bug40318 deleted file mode 100644 index cc02f08ca0..0000000000 --- a/changes/bug40318 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (configuration tests bsd): - - Fix glob processing errors when globs expand to invalid paths on - BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by - Daniel Pinto. diff --git a/changes/bug40371 b/changes/bug40371 deleted file mode 100644 index 8cc7117f9f..0000000000 --- a/changes/bug40371 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (compatibility): - - Fix compatibility with the most recent Libevent versions, which - no longer have an evdns_set_random_bytes() function. Because - this function has been a no-op since Libevent 2.0.4-alpha, - it is safe for us to just stop calling it. Fixes bug 40371; - bugfix on 0.2.1.7-alpha. diff --git a/changes/bug40375 b/changes/bug40375 deleted file mode 100644 index 7ac32bc628..0000000000 --- a/changes/bug40375 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (consensus handling): - - Avoid a set of bugs that could be caused by inconsistently preferring - an out-of-date consensus stored in a stale directory cache over - a more recent one stored on disk as the latest consensus. - Fixes bug 40375; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug40380 b/changes/bug40380 deleted file mode 100644 index 24d2876b7d..0000000000 --- a/changes/bug40380 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (compiler warnings): - - Fix an indentation problem that led to a warning from GCC 11.1.1. - Fixes bug 40380; bugfix on 0.3.0.1-alpha. diff --git a/changes/bug40383 b/changes/bug40383 deleted file mode 100644 index c4ca46fac7..0000000000 --- a/changes/bug40383 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (timekeeping): - - Calculate the time of day correctly on systems where the time_t - type includes leap seconds. (This is not the case on most - operating systems, but on those where it occurs, our tor_timegm - function did not correctly invert the system's gmtime function, - which could result in assertion failures when calculating - voting schedules.) Fixes bug 40383; bugfix on 0.2.0.3-alpha. diff --git a/changes/bug40391 b/changes/bug40391 deleted file mode 100644 index e3c186275f..0000000000 --- a/changes/bug40391 +++ /dev/null @@ -1,9 +0,0 @@ - o Major bugfixes (security): - - Resist a hashtable-based CPU denial-of-service attack against - relays. Previously we used a naive unkeyed hash function to look up - circuits in a circuitmux object. An attacker could exploit this to - construct circuits with chosen circuit IDs in order to try to create - collisions and make the hash table inefficient. Now we use a SipHash - construction for this hash table instead. Fixes bug 40391; bugfix on - 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005. - Reported by Jann Horn from Google's Project Zero. diff --git a/changes/bug40392 b/changes/bug40392 deleted file mode 100644 index 4dffa50bb2..0000000000 --- a/changes/bug40392 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (security, denial of service, onion services): - - Fix an out-of-bounds memory access in v3 descriptor parsing. Fixes bug - 40392; bugfix on 0.3.0.1-alpha. This issue is also tracked as - TROVE-2021-006. Reported by Sergei Glazunov from Google's Project Zero.
\ No newline at end of file diff --git a/changes/bug40399 b/changes/bug40399 deleted file mode 100644 index 7954b85eaf..0000000000 --- a/changes/bug40399 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (compatibility): - - Remove an assertion function related to TLS renegotiation. - It was used nowhere outside the unit tests, and it was breaking - compilation with recent alpha releases of OpenSSL 3.0.0. - Closes ticket 40399. diff --git a/changes/bug40409 b/changes/bug40409 deleted file mode 100644 index b8d061be78..0000000000 --- a/changes/bug40409 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (warnings, portability): - - Suppress a strict-prototype warning when building with some versions - of NSS. Fixes bug 40409; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug40429 b/changes/bug40429 deleted file mode 100644 index 9bf3b63818..0000000000 --- a/changes/bug40429 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (compilation): - - Fix our configuration logic to detect whether we had OpenSSL 3: - previously, our logic was reversed. This has no other effect than to - change whether we suppress deprecated API warnings. Fixes - bug 40429; bugfix on 0.3.5.13. diff --git a/changes/bug40472 b/changes/bug40472 deleted file mode 100644 index d87c1dc2cc..0000000000 --- a/changes/bug40472 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (performance, DoS): - - Fix one case of a not-especially viable denial-of-service attack found - by OSS-Fuzz in our consensus-diff parsing code. This attack causes a - lot small of memory allocations and then immediately frees them: this - is only slow when running with all the sanitizers enabled. Fixes one - case of bug 40472; bugfix on 0.3.1.1-alpha. diff --git a/changes/bug40515 b/changes/bug40515 deleted file mode 100644 index d315e28411..0000000000 --- a/changes/bug40515 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (controller, path bias): - - When a circuit's path is specified, in full or in part, from the - controller API, do not count that circuit towards our path-bias - calculations. (Doing so was incorrect, since we cannot tell whether - the controller is selecting relays randomly.) Resolves a "Bug" - warning. Fixes bug 40515; bugfix on 0.2.4.10-alpha. diff --git a/changes/bug40639 b/changes/bug40639 new file mode 100644 index 0000000000..d975e9ad22 --- /dev/null +++ b/changes/bug40639 @@ -0,0 +1,5 @@ + o Major bugfixes (vanguards): + - We had omitted some checks for whether our vanguards (second layer + guards from proposal 333) overlapped. Now make sure to pick each + of them to be independent. Also, change the design to allow them to + come from the same family. Fixes bug 40639; bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40642 b/changes/bug40642 new file mode 100644 index 0000000000..f50d87e031 --- /dev/null +++ b/changes/bug40642 @@ -0,0 +1,9 @@ + o Major bugfixes (congestion control): + - Implement RFC3742 Limited Slow Start. Congestion control was + overshooting the congestion window during slow start, particularly for + onion service activity. With this fix, we now update the congestion + window more often during slow start, as well as dampen the exponential + growth when the congestion window grows above a capping parameter. + This should reduce the memory increases guard relays were seeing, as + well as allow us to set lower queue limits to defend against + ongoing DoS attacks. Fixes bug 40642; bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40644 b/changes/bug40644 new file mode 100644 index 0000000000..a27c63ede2 --- /dev/null +++ b/changes/bug40644 @@ -0,0 +1,8 @@ + o Minor bugfixes (congestion control): + - Add a check for an integer underflow condition that might + happen in cases where the system clock is stopped, the + ORconn is blocked, and the endpoint sends more than a + congestion window worth of non-data control cells at once. + This would cause a large congestion window to be calculated + instead of a small one. No security impact. Fixes bug 40644; + bugfix on 0.4.7.5-alpha. diff --git a/changes/bug40673 b/changes/bug40673 new file mode 100644 index 0000000000..1bbf42649b --- /dev/null +++ b/changes/bug40673 @@ -0,0 +1,7 @@ + o Minor bugfixes (relay overload statistics): + - Count total create cells vs dropped create cells properly, when + assessing if our fraction of dropped cells is too high. We only + count non-client circuits in the denominator, but we would include + client circuits in the numerator, leading to surprising log lines + claiming that we had dropped more than 100% of incoming create + cells. Fixes bug 40673; bugfix on 0.4.7.1-alpha. diff --git a/changes/bug40698 b/changes/bug40698 new file mode 100644 index 0000000000..98ddd4f968 --- /dev/null +++ b/changes/bug40698 @@ -0,0 +1,11 @@ + o Minor bugfixes (dirauth): + - Directory authorities stop voting a consensus "Measured" weight + for relays with the Authority flag. Now these relays will be + considered unmeasured, which should reserve their bandwidth + for their dir auth role and minimize distractions from other + roles. In place of the "Measured" weight, they now include a + "MeasuredButAuthority" weight (not used by anything) so the + bandwidth authority's opinion on this relay can be recorded for + posterity. Lastly, remove the AuthDirDontVoteOnDirAuthBandwidth + torrc option which never worked right. Fixes bugs 40698 and 40700; + bugfix on 0.4.7.2-alpha. diff --git a/changes/bug40732 b/changes/bug40732 new file mode 100644 index 0000000000..f2388e7e8d --- /dev/null +++ b/changes/bug40732 @@ -0,0 +1,7 @@ + o Major bugfixes (congestion control): + - Avoid incrementing the congestion window when the window is not + fully in use. Thia prevents overshoot in cases where long periods + of low activity would allow our congestion window to grow, and + then get followed by a burst, which would cause queue overload. + Also improve the increment checks for RFC3742. Fixes bug 40732; + bugfix on 0.4.7.5-alpha. diff --git a/changes/clone3-sandbox b/changes/clone3-sandbox deleted file mode 100644 index dac8fe72da..0000000000 --- a/changes/clone3-sandbox +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (linux seccomp2 sandbox): - - Permit the clone3 syscall, which is apparently used in glibc-2.34 and - later. Closes ticket 40590. diff --git a/changes/fallbackdirs-2021-12-15 b/changes/fallbackdirs-2021-12-15 deleted file mode 100644 index ce08cef5cb..0000000000 --- a/changes/fallbackdirs-2021-12-15 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on December 15, 2021. diff --git a/changes/fallbackdirs-2022-02-04 b/changes/fallbackdirs-2022-02-04 deleted file mode 100644 index 3d4ec28fe9..0000000000 --- a/changes/fallbackdirs-2022-02-04 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories generated on February 04, 2022. diff --git a/changes/fallbackdirs-2022-11-10 b/changes/fallbackdirs-2022-11-10 new file mode 100644 index 0000000000..64df9c5f10 --- /dev/null +++ b/changes/fallbackdirs-2022-11-10 @@ -0,0 +1,2 @@ + o Minor features (fallbackdir): + - Regenerate fallback directories generated on November 10, 2022. diff --git a/changes/geoip-2021-03-12 b/changes/geoip-2021-03-12 deleted file mode 100644 index 01c1b0f162..0000000000 --- a/changes/geoip-2021-03-12 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor features (geoip data): - - We have switched geoip data sources. Previously we shipped - IP-to-country mappings from Maxmind's GeoLite2, but in 2019 they - changed their licensing term, so we were unable to update them after - that point. We now ship geoip files based on the IPFire Location - Database instead. (See https://location.ipfire.org/ for more - information). This release updates our geoip files to match the - IPFire Location Database as retrieved on 2021/03/12. Closes - ticket 40224. diff --git a/changes/geoip-2021-05-07 b/changes/geoip-2021-05-07 deleted file mode 100644 index 07bf12c4d8..0000000000 --- a/changes/geoip-2021-05-07 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/05/07. diff --git a/changes/geoip-2021-06-10 b/changes/geoip-2021-06-10 deleted file mode 100644 index 2b798012c8..0000000000 --- a/changes/geoip-2021-06-10 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/06/10. diff --git a/changes/geoip-2021-08-12 b/changes/geoip-2021-08-12 deleted file mode 100644 index 59afcc5bb7..0000000000 --- a/changes/geoip-2021-08-12 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/08/12. diff --git a/changes/geoip-2021-12-15 b/changes/geoip-2021-12-15 deleted file mode 100644 index 5123557138..0000000000 --- a/changes/geoip-2021-12-15 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/12/15. diff --git a/changes/geoip-2022-02-04 b/changes/geoip-2022-02-04 deleted file mode 100644 index 41921da85f..0000000000 --- a/changes/geoip-2022-02-04 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (geoip data): - - Update the geoip files to match the IPFire Location Database, - as retrieved on 2022/02/04. diff --git a/changes/geoip-2021-04-13 b/changes/geoip-2022-11-10 index db21a1c037..dce05f50c4 100644 --- a/changes/geoip-2021-04-13 +++ b/changes/geoip-2022-11-10 @@ -1,3 +1,3 @@ o Minor features (geoip data): - Update the geoip files to match the IPFire Location Database, - as retrieved on 2021/04/13. + as retrieved on 2022/11/10. diff --git a/changes/ip_bind_address_no_port b/changes/ip_bind_address_no_port new file mode 100644 index 0000000000..9c4f712a9e --- /dev/null +++ b/changes/ip_bind_address_no_port @@ -0,0 +1,5 @@ + o Minor features (relays): + - Set the Linux-specific IP_BIND_ADDRESS_NO_PORT option on outgoing + sockets, allowing relays using OutboundBindAddress to make more outgoing + connections than ephemeral ports, as long as they are to separate + destinations. Related to issue 40597; patch by Alex Xu (Hello71). diff --git a/changes/issue40613 b/changes/issue40613 new file mode 100644 index 0000000000..76434beba2 --- /dev/null +++ b/changes/issue40613 @@ -0,0 +1,3 @@ + o Code simplifications and refactoring: + - Rely on actual error returned by the kernel when choosing what resource + exhaustion to log. Fixes issue 40613; Fix on tor-0.4.6.1-alpha. diff --git a/changes/ticket18888 b/changes/ticket18888 deleted file mode 100644 index 279eab76ad..0000000000 --- a/changes/ticket18888 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (safety): - - Log a warning at startup if Tor is built with compile-time options that - are likely to make it less stable or reliable. Closes ticket 18888. diff --git a/changes/ticket22473 b/changes/ticket22473 deleted file mode 100644 index c7496f9da7..0000000000 --- a/changes/ticket22473 +++ /dev/null @@ -1,3 +0,0 @@ - o Removed features (controller): - - Remove the "GETINFO network-status" controller command. It has - been deprecated since 0.3.1.1-alpha. Closes ticket 22473. diff --git a/changes/ticket25528 b/changes/ticket25528 deleted file mode 100644 index cfc6c91fb7..0000000000 --- a/changes/ticket25528 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (client, bridge, configuration): - - Exit tor on a misconfiguration when the Bridge line has a transport but - no corresponding ClientTransportPlugin can be found. Prior to this fix, - tor would attempt to connect to the bridge directly without using the - transport leading to a possible leak on the wire. Fixes bug 25528; - bugfix on 0.2.6.1-alpha. diff --git a/changes/ticket26299 b/changes/ticket26299 deleted file mode 100644 index 6b08adf53c..0000000000 --- a/changes/ticket26299 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (reproducible build): - - The repository can now build reproducible tarballs which adds the build - command "make dist-reprod" for that purpose. Closes ticket 26299. diff --git a/changes/ticket2667 b/changes/ticket2667 deleted file mode 100644 index cc42286ef9..0000000000 --- a/changes/ticket2667 +++ /dev/null @@ -1,4 +0,0 @@ - o Major feature (exit): - - Re-entry into the network is now denied at the Exit level to all relays' - ORPort and authorities' ORPort+DirPort. This is to help mitigate a series - of attacks. See ticket for more information. Closes ticket 2667. diff --git a/changes/ticket30477 b/changes/ticket30477 deleted file mode 100644 index 379fc4e7eb..0000000000 --- a/changes/ticket30477 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (bridge): - - We now announce the URL to Tor's new bridge status at - https://bridges.torproject.org/ when Tor is configured to run as a bridge - relay. Closes ticket 30477. diff --git a/changes/ticket32178 b/changes/ticket32178 deleted file mode 100644 index c13e490cb0..0000000000 --- a/changes/ticket32178 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Remove trailing whitespaces from control event log messages. Fixes bug - 32178; bugfix on 0.1.1.1-alpha. Based on a patch by Amadeusz Pawlik. diff --git a/changes/ticket33624 b/changes/ticket33624 deleted file mode 100644 index eded3b4dee..0000000000 --- a/changes/ticket33624 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (configure, static build): - - Change our search library configure macro linker flag order so it works - for certain compilers that need the right order. Fixes bug 33624; bugfix - on 0.1.1.0-alpha. - diff --git a/changes/ticket40071 b/changes/ticket40071 deleted file mode 100644 index 1e294a68e7..0000000000 --- a/changes/ticket40071 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (relay, address): - - Don't trigger an IP change if no new valid IP can be found. Fixes bug - 40071; bugfix on 0.4.5.1-alpha. - - When attempting to discover our IP, don't launch a descriptor fetch - anymore but rather a simple test circuit since the address discovery is - through the NETINFO cell now from the authorities. Fixes bug 40071; bugfix - on 0.4.5.1-alpha. diff --git a/changes/ticket40106 b/changes/ticket40106 deleted file mode 100644 index 3f344d478f..0000000000 --- a/changes/ticket40106 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (config, bridge): - - Don't initiate a connection to a bridge without a corresponding - transport. Fixes bug 40106; bugfix on 0.4.5.1-alpha. - - This also reverts an earlier fix we did for this that would validate - configuration to avoid such situation but turns out it wouldn't work for - a DisableNetwork thus the new approach. diff --git a/changes/ticket40111 b/changes/ticket40111 deleted file mode 100644 index a82ca0d489..0000000000 --- a/changes/ticket40111 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (configure, build): - - Fix the --enable-static-tor switch to properly set the -static compile - option onto the tor binary only. Fixes bug 40111; bugfix on - 0.2.3.1-alpha. - - Path to static libevent has been fixed as well which affects the - --enable-static-libevent to behave correctly now. The .a file is in - .libs/ of libevent repository, not at the root. diff --git a/changes/ticket40142 b/changes/ticket40142 deleted file mode 100644 index 25a96b3df3..0000000000 --- a/changes/ticket40142 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging, flow control): - - Turn a SENDME failure log warning into a debug. It can actually happen - naturally. Fixes bug 40142; bugfix on 0.4.1.1-alpha. diff --git a/changes/ticket40165 b/changes/ticket40165 deleted file mode 100644 index a8dd0a339b..0000000000 --- a/changes/ticket40165 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (compilation): - - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. - There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor - still requires. (A later version of Tor will try to stop depending on - these.) Closes ticket 40165. diff --git a/changes/ticket40170 b/changes/ticket40170 deleted file mode 100644 index cc1c8dbad1..0000000000 --- a/changes/ticket40170 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (tests): - - Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0. - Fixes bug 40170; bugfix on 0.2.8.1-alpha. diff --git a/changes/ticket40174 b/changes/ticket40174 deleted file mode 100644 index 869a2756f4..0000000000 --- a/changes/ticket40174 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (configure, build): - - With USDT tracing enabled, if STAP_PROBEV() is missing, don't attempt to - build. Linux supports that macro but not the BSDs. Fixes bug 40174; bugfix - on 0.4.5.1-alpha. diff --git a/changes/ticket40183 b/changes/ticket40183 deleted file mode 100644 index 3c4bdf21e2..0000000000 --- a/changes/ticket40183 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (port configuration): - - Second non ORPort of a different family (ex: SocksPort [::1]:9050) was - ignored due to a logical configuration parsing error. Fixes bug 40183; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40188 b/changes/ticket40188 deleted file mode 100644 index e29b2a9438..0000000000 --- a/changes/ticket40188 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (documentation): - - Mention the !badexit directive that can appear in an authority's - approved-routers file, and update the description of the !invalid - directive. Closes ticket 40188. diff --git a/changes/ticket40194 b/changes/ticket40194 new file mode 100644 index 0000000000..9f3a4833cf --- /dev/null +++ b/changes/ticket40194 @@ -0,0 +1,9 @@ + o Minor feature (relay, metrics): + - Add counters to the MetricsPort how many connections, per type, are + currently opened and how many were created. Part of ticket 40194. + - Add total number of streams seen by an Exit to the MetricsPort. + - Add congestion control RTT reset counter to MetricsPort. + - Add DoS defenses counter to MetricsPort. + - Add relay flags from the consensus to the MetricsPort. + - Add total number of opened circuits to MetricsPort. + - Add traffic stats as in number of read/written bytes in total. diff --git a/changes/ticket40195 b/changes/ticket40195 deleted file mode 100644 index caa0bace94..0000000000 --- a/changes/ticket40195 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (configuration, ports): - - Fix an issue where an ORPort was validated against other type of ports - when it should have been only checked against other ORPorts. This lead to - "DirPort auto" to be ignored and failing to be used. Fixes bug 40195; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40201 b/changes/ticket40201 deleted file mode 100644 index cdf8d99172..0000000000 --- a/changes/ticket40201 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging, relay): - - Logs the address discovered by the directory authorities if none were - configured or detected before. Fixes bug 40201; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40205 b/changes/ticket40205 deleted file mode 100644 index e21c7fab7c..0000000000 --- a/changes/ticket40205 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay, logging, reachability): - - When launching bandwidth testing circuit, don't log notice that we are - doing a reachability test. Furthermore, avoid to trigger a - "CHECKING_REACHABILITY" control event. Fixes bug 40205; bugfix on - 0.4.5.1-alpha. diff --git a/changes/ticket40208 b/changes/ticket40208 deleted file mode 100644 index 5a3a1aa55e..0000000000 --- a/changes/ticket40208 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (relay): - - Allow relays to have a RFC1918 address if PublishServerDescriptor is set - to 0 and AssumeReachable is set to 1. This is to support the use case of a - bridge on a local network that can be used by restricted users on that - network to reach the Tor network. Fixes bug 40208; bugfix on - 0.4.5.1-alpha. diff --git a/changes/ticket40221_045 b/changes/ticket40221_045 deleted file mode 100644 index 0f3ab894c2..0000000000 --- a/changes/ticket40221_045 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (protocol versions): - - Stop claiming to support the "DirCache=1" subprotocol version. - Technically, we stopped supporting this subprotocol back in - 0.4.5.1-alpha, but we needed to wait for the authorities to stop - listing it as "required" before we can drop support. Closes ticket - 40221. diff --git a/changes/ticket40226 b/changes/ticket40226 deleted file mode 100644 index 4775438f63..0000000000 --- a/changes/ticket40226 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay, statistics): - - The connection statistics were wrongly exported in the extrainfo document - due to a problem in the file loading function which would wrongly truncate - the file reporting the wrong information. It is now fixed. Fixes bug - 40226; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40227 b/changes/ticket40227 deleted file mode 100644 index e5efad0f95..0000000000 --- a/changes/ticket40227 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor feature (build system): - - New "make lsp" command to auto generate the compile_commands.json file - used by the ccls server. The "bear" program is needed for this. Closes - ticket 40227. diff --git a/changes/ticket40231 b/changes/ticket40231 deleted file mode 100644 index a5ba598fd1..0000000000 --- a/changes/ticket40231 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - If we were unable to build our descriptor, don't mark that we've - advertised our descriptor. Also remove an harmless BUG(). Fixes bug 40231; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40237 b/changes/ticket40237 deleted file mode 100644 index fc32f59cd4..0000000000 --- a/changes/ticket40237 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes (onion service v3): - - Stop requiring a live consensus for v3 clients and services to work. The - use of a reasonably live consensus will allow v3 to work properly in most - cases if the network failed to generate a consensus for more than 2 hours - in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40243 b/changes/ticket40243 deleted file mode 100644 index 548ec95ab4..0000000000 --- a/changes/ticket40243 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (authority, IPv6): - - Do not consider multiple relays in the same IPv6 network to be sybils. - Sybils are selected based on the /128 now, not the /64. Fixes bug 40243; - bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40245 b/changes/ticket40245 deleted file mode 100644 index 641372333e..0000000000 --- a/changes/ticket40245 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (logging): - - Give more visibility to directory authority operators during the - consensus voting process and while processing relay descriptors. - Closes ticket 40245. diff --git a/changes/ticket40254 b/changes/ticket40254 deleted file mode 100644 index 9945e3d3b8..0000000000 --- a/changes/ticket40254 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay, configuration): - - Don't attempt to discover address (IPv4 or IPv6) if no ORPort for it can - be found in the configuration. Fixes bug 40254; bugfix on 0.4.5.1-alpha. - diff --git a/changes/ticket40257 b/changes/ticket40257 deleted file mode 100644 index 4bcebc45a1..0000000000 --- a/changes/ticket40257 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (metrics port): - - Fix a bug warning when the socket was unexpectedly closed. Fixes bug - 40257; bugfix on 0.4.5.1-alpha diff --git a/changes/ticket40265 b/changes/ticket40265 deleted file mode 100644 index 2a346d64c3..0000000000 --- a/changes/ticket40265 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor feature (fallback directory): - - Renegerate the list to a new set of 200 relays acting as fallback - directories. Closes ticket 40265. diff --git a/changes/ticket40279 b/changes/ticket40279 deleted file mode 100644 index 351db40789..0000000000 --- a/changes/ticket40279 +++ /dev/null @@ -1,4 +0,0 @@ - o Major bugfixes (IPv6, relay): - - Fix a bug that prevented a relay to publish its descriptor in the case of - an auto-discovered IPv6 that was found unreachable for which we always - publish if the IPv4 is correct. Fixes bug 40279; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40286_minimal b/changes/ticket40286_minimal deleted file mode 100644 index 6a04ca79eb..0000000000 --- a/changes/ticket40286_minimal +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (security, denial of service): - - Disable the dump_desc() function that we used to dump unparseable - information to disk. It was called incorrectly in several places, - in a way that could lead to excessive CPU usage. Fixes bug 40286; - bugfix on 0.2.2.1-alpha. This bug is also tracked as - TROVE-2021-001 and CVE-2021-28089. diff --git a/changes/ticket40289 b/changes/ticket40289 deleted file mode 100644 index cdb36825b0..0000000000 --- a/changes/ticket40289 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (relay, config): - - Fix a problem in the removal of duplicate ORPort from the internal port - list when loading config file. We were removing wrong ports breaking valid - torrc uses cases for multiple ORPorts of the same address family. Fixes - bug 40289; bugfix on 0.4.5.1-alpha. - diff --git a/changes/ticket40295 b/changes/ticket40295 deleted file mode 100644 index e6dba80120..0000000000 --- a/changes/ticket40295 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (metrics port): - - Fix a BUG() on the MetricsPort for an internal missing handler. Fixes bug - 40295; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40300 b/changes/ticket40300 deleted file mode 100644 index b772ff60a4..0000000000 --- a/changes/ticket40300 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (relay): - - Remove a spammy log notice that should not have been indicating the - operator that its IPv4/v6 was missing but it was not. Fixes bug 40300; - bugfix on 0.4.5.1-alpha. - - Do not query the address cache early in the boot process when deciding - if we a relay needs to fetch early directory information from an - authority. This resulted in a relay falsely believing it didn't have an - address and thus triggering an authority fetch at each boot. diff --git a/changes/ticket40301 b/changes/ticket40301 deleted file mode 100644 index c1fd821e3f..0000000000 --- a/changes/ticket40301 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (relay): - - Reduce the compression level for data streaming from HIGH to LOW. Fixes - bug 40301; bugfix on 0.3.5.1-alpha. - diff --git a/changes/ticket40309 b/changes/ticket40309 deleted file mode 100644 index 087ac36a4f..0000000000 --- a/changes/ticket40309 +++ /dev/null @@ -1,3 +0,0 @@ - o New system requirements (mallinfo() deprecated): - - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. Closes - ticket 40309. diff --git a/changes/ticket40334 b/changes/ticket40334 deleted file mode 100644 index c1c34384a0..0000000000 --- a/changes/ticket40334 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service): - - Remove a harmless BUG() warning when reloading tor configured with onion - services. Fixes bug 40334; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40337 b/changes/ticket40337 deleted file mode 100644 index 1c86fc4c99..0000000000 --- a/changes/ticket40337 +++ /dev/null @@ -1,16 +0,0 @@ - o Minor features (testing): - - On a testing network, relays can now use the - TestingMinTimeToReportBandwidth option to change - the smallest amount of time over which they're willing to report - their observed maximum bandwidth. Previously, this was fixed - at 1 day. For safety, values under 2 hours are only supported on - testing networks. Part of a fix for ticket 40337. - - o Minor features (testing): - - Relays on testing networks now report their observed bandwidths - immediately from startup. Previously, they waited - until they had been running for a full day. Closes ticket - 40337. - - Relays on testing networks no longer rate-limit how frequently - they are willing to report new bandwidth measurements. Part of a fix - for ticket 40337. diff --git a/changes/ticket40345 b/changes/ticket40345 deleted file mode 100644 index 246e4a86af..0000000000 --- a/changes/ticket40345 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (channel, DoS): - - Fix a possible non fatal assertion BUG() due to a too early free of a - string when noting down the client connection for the DoS defenses - subsystem. Fixes bug 40345; bugfix on 0.4.3.4-rc - diff --git a/changes/ticket40356 b/changes/ticket40356 deleted file mode 100644 index 59c32ce0cc..0000000000 --- a/changes/ticket40356 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (onion service, client, memory leak): - - An expired cached descriptor could have been overwritten with a new one - leading to a memory leak. Fixes bug 40356; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40360 b/changes/ticket40360 deleted file mode 100644 index 4a1b2c3446..0000000000 --- a/changes/ticket40360 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (bridge, pluggable transport): - - Fix a regression that prevented to configure a Bridge line without a - fingerprint (which is a normal use case). Fixes bug 40360; bugfix on - 0.4.5.4-rc. - diff --git a/changes/ticket40369 b/changes/ticket40369 deleted file mode 100644 index abb59a7125..0000000000 --- a/changes/ticket40369 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (build, cross-compilation): - - Allow a custom "ar" for cross-compilation. Our previous build script - had used the $AR environment variable in most places, but it missed - one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40370 b/changes/ticket40370 deleted file mode 100644 index fcdb0eb173..0000000000 --- a/changes/ticket40370 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (metrics port): - - Fix a bug that made tor try to re-bind() every 60 seconds on an already - open MetricsPort. Fixes bug 40370; bugfix on 0.4.5.1-alpha. - diff --git a/changes/ticket40373 b/changes/ticket40373 deleted file mode 100644 index e2ea297bc2..0000000000 --- a/changes/ticket40373 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (onion services): - - Add warning message when connecting to soon-to-be-deprecated v2 onions. - Closes ticket 40373. diff --git a/changes/ticket40382 b/changes/ticket40382 deleted file mode 100644 index 5ac1b771b9..0000000000 --- a/changes/ticket40382 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (compatibility, Linux seccomp sandbox): - - Add a workaround to enable the Linux sandbox to work correctly - on systems running Glibc 2.33. These versions have started - using the fstatat() system call, which previously our sandbox did not - allow. - Closes ticket 40382; see the ticket for a discussion of tradeoffs. diff --git a/changes/ticket40389 b/changes/ticket40389 deleted file mode 100644 index 7dcf65b32e..0000000000 --- a/changes/ticket40389 +++ /dev/null @@ -1,3 +0,0 @@ - o Major bugfixes (relay, TROVE): - - Don't allow entry or middle relays to spoof RELAY_END or RELAY_RESOLVED - cell on half-closed streams. Fixes bug 40389; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40390 b/changes/ticket40390 deleted file mode 100644 index b56fa4d9da..0000000000 --- a/changes/ticket40390 +++ /dev/null @@ -1,8 +0,0 @@ - o Major bugfixes (security, defense-in-depth): - - Detect a wider variety of failure conditions from the OpenSSL RNG - code. Previously, we would detect errors from a missing RNG - implementation, but not failures from the RNG code itself. - Fortunately, it appears those failures do not happen in practice - when Tor is using OpenSSL's default RNG implementation. - Fixes bug 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as - TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. diff --git a/changes/ticket40410 b/changes/ticket40410 deleted file mode 100644 index 658e0683c7..0000000000 --- a/changes/ticket40410 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (compilation): - - Fix a compilation error when trying to build Tor with a compiler that - does not support expanding statitically initialized const values in - macro's. Fixes bug 40410; bugfix on 0.4.5.1-alpha diff --git a/changes/ticket40419 b/changes/ticket40419 deleted file mode 100644 index 0004329662..0000000000 --- a/changes/ticket40419 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (testing): - - Enable the deterministic RNG for unit tests that covers the address set - bloomfilter-based API's. Fixes bug 40419; bugfix on 0.3.3.2-alpha. diff --git a/changes/ticket40434 b/changes/ticket40434 deleted file mode 100644 index 988bb416be..0000000000 --- a/changes/ticket40434 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfix (onion service): - - Do not flag an HSDir as non-running in case the descriptor upload or - fetch fails. An onion service closes pending directory connections - before uploading a new descriptor which can thus lead to wrongly - flagging many relays and thus affecting circuit building path selection. - Fixes bug 40434; bugfix on 0.2.0.13-alpha. diff --git a/changes/ticket40447 b/changes/ticket40447 deleted file mode 100644 index d1be646a7d..0000000000 --- a/changes/ticket40447 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor feature (fallbackdir): - - Regenerate fallback directories list. Close ticket 40447. diff --git a/changes/ticket40474 b/changes/ticket40474 deleted file mode 100644 index d2a7231106..0000000000 --- a/changes/ticket40474 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (onion service, TROVE-2021-008): - - Only log once any v2 access attempts in order to not pollute the logs - with warnings and avoid recording the times on disk when v2 access was - attempted. Important to note that the onion address was _never_ logged. - That is a Low security issue. Fixes bug 40474; bugfix on 0.4.5.8. diff --git a/changes/ticket40476 b/changes/ticket40476 deleted file mode 100644 index 062e36f9bc..0000000000 --- a/changes/ticket40476 +++ /dev/null @@ -1,8 +0,0 @@ - o Major feature (onion service v2): - - Tor does NOT allow anymore to create v2 services, to connect as a client - to a v2 service and for a relay to be a v2 HSDir or introduction point. - This effectively disable onion service version 2 tor wide. Closes 40476. - - The control port command HSFETCH and HSPOST don't allow version 2 as well. - It is also not possible to create a v2 service with ADD_ONION. - - See https://blog.torproject.org/v2-deprecation-timeline for details on - how to transition from v2 to v3. diff --git a/changes/ticket40493 b/changes/ticket40493 deleted file mode 100644 index eb9baf916b..0000000000 --- a/changes/ticket40493 +++ /dev/null @@ -1,2 +0,0 @@ - o Minor features (fallbackdir): - - Regenerate fallback directories for October 2021. Close ticket 40493. diff --git a/changes/ticket40494 b/changes/ticket40494 deleted file mode 100644 index a0e6c38443..0000000000 --- a/changes/ticket40494 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (relay): - - Reject IPv6-only DirPorts. Our reachability self-test forces DirPorts to - be IPv4, but our configuration parser allowed them to be IPv6-only, - which led to an assertion failure. Fixes bug 40494; bugfix on - 0.4.5.1-alpha. diff --git a/changes/ticket40500 b/changes/ticket40500 deleted file mode 100644 index 2e5ff39761..0000000000 --- a/changes/ticket40500 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (CI, onion service): - - Exclude onion service version 2 Stem tests in our CI. Fixes bug 40500; - bugfix on 0.3.2.1-alpha. diff --git a/changes/ticket40509 b/changes/ticket40509 deleted file mode 100644 index ba4502ff3b..0000000000 --- a/changes/ticket40509 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfix (relay): - - Remove the HSDir and HSIntro onion service v2 protocol versions so relay - stop advertising that they support them. Fixes bug 40509; bugfix on - 0.3.5.17. diff --git a/changes/ticket40511 b/changes/ticket40511 deleted file mode 100644 index 756edd874d..0000000000 --- a/changes/ticket40511 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features (compilation): - - Give an error message if trying to build with a version of LibreSSL - known not to work with Tor. (There's an incompatibility with - LibreSSL versions 3.2.1 through 3.4.0 inclusive because of their - incompatibility with OpenSSL 1.1.1's TLSv1.3 APIs.) - Closes ticket 40511. diff --git a/changes/ticket40544 b/changes/ticket40544 deleted file mode 100644 index b0754f0fd4..0000000000 --- a/changes/ticket40544 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfix (logging): - - Update a log notice dead URL to a working one. Fixes bug 40544; bugfix on - 0.3.5.1-alpha. diff --git a/changes/ticket40552 b/changes/ticket40552 deleted file mode 100644 index 7811f3a743..0000000000 --- a/changes/ticket40552 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (MetricsPort, Prometheus): - - Add double quotes to the label values of the onion service metrics. Fixes - bug 40552; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40579 b/changes/ticket40579 deleted file mode 100644 index e2558c1102..0000000000 --- a/changes/ticket40579 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (onion service, client): - - Fix a fatal assert due to a guard subsystem recursion triggered by the - onion service client. Fixes bug 40579; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40581 b/changes/ticket40581 deleted file mode 100644 index 315215d8ed..0000000000 --- a/changes/ticket40581 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (metrics port, onion service): - - Fix the metrics with a port label to be unique. Before this, all ports of - an onion service would be on the same line which violates the Prometheus - rules of unique labels. Fixes bug 40581; bugfix on 0.4.5.1-alpha. diff --git a/changes/ticket40601 b/changes/ticket40601 deleted file mode 100644 index 529e3badfe..0000000000 --- a/changes/ticket40601 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (linux seccomp2 sandbox): - - Allow the rseq system call in the sandbox. This solves a crash issue with - glibc 2.35 on Linux. Patch from pmu-ipf. Fixes bug 40601; bugfix on - 0.3.5.11. diff --git a/changes/ticket40648 b/changes/ticket40648 new file mode 100644 index 0000000000..a891e30204 --- /dev/null +++ b/changes/ticket40648 @@ -0,0 +1,3 @@ + o Code simplification and refactoring (bridges): + - Remove unused code related to ExtPort connection ID. Fixes bug 40648; + bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40652 b/changes/ticket40652 new file mode 100644 index 0000000000..ff9f4d0591 --- /dev/null +++ b/changes/ticket40652 @@ -0,0 +1,10 @@ + o Minor features (dirauth): + - Add an AuthDirVoteGuard torrc option that can allow authorities to + assign the Guard flag to the given fingerprints/country code/IPs. This + is a needed feature mostly for defense purposes in case a DoS hits the + network and relay start losing the Guard flags too fast. + - Make UPTIME_TO_GUARANTEE_STABLE, MTBF_TO_GUARANTEE_STABLE, + TIME_KNOWN_TO_GUARANTEE_FAMILIAR WFU_TO_GUARANTEE_GUARD tunable from + torrc. + - Add a torrc option to control the Guard flag bandwidth threshold + percentile. Closes ticket 40652. diff --git a/changes/ticket40663 b/changes/ticket40663 new file mode 100644 index 0000000000..3992d8e2b5 --- /dev/null +++ b/changes/ticket40663 @@ -0,0 +1,3 @@ + o Minor bugfixes (authorities, sandbox): + - Allow to write file my-consensus-<flavor-name> to disk when sandbox is + activated. Fixes bug 40663; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40664 b/changes/ticket40664 new file mode 100644 index 0000000000..729b6ff02a --- /dev/null +++ b/changes/ticket40664 @@ -0,0 +1,3 @@ + o Minor feature (authority): + - Reject 0.4.6.x series at the authority level. Closes ticket 40664. + diff --git a/changes/ticket40680 b/changes/ticket40680 new file mode 100644 index 0000000000..1383844969 --- /dev/null +++ b/changes/ticket40680 @@ -0,0 +1,6 @@ + o Minor feature (relay, DoS): + - Apply circuit creation anti-DoS defenses if the outbound circuit max cell + queue size is reached too many times. This introduces two new consensus + parameters to control the queue size limit and number of times allowed to + go over that limit. Close ticket 40680. + diff --git a/changes/ticket40683 b/changes/ticket40683 new file mode 100644 index 0000000000..6df078ebae --- /dev/null +++ b/changes/ticket40683 @@ -0,0 +1,6 @@ + o Minor feature (Mac and iOS build): + - Change how combine_libs works on Darwin like platforms to + make sure we don't include any `__.SYMDEF` and `__.SYMDEF SORTED` + symbols on the archive before we repack and run ${RANLIB} on the + archive. This fixes a build issue with recent Xcode versions on + Mac Silicon and iOS. Closes ticket 40683. diff --git a/changes/ticket40692 b/changes/ticket40692 new file mode 100644 index 0000000000..8405486115 --- /dev/null +++ b/changes/ticket40692 @@ -0,0 +1,3 @@ + o Minor bugfixes (onion service client): + - A collapsing onion service circuit should be seen as an "unreachable" + error so it can be retried. Fixes bug 40692; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40694 b/changes/ticket40694 new file mode 100644 index 0000000000..f17639cc27 --- /dev/null +++ b/changes/ticket40694 @@ -0,0 +1,5 @@ + o Major bugfixes (onion service): + - Set a much higher circuit build timeout for opened client rendezvous + circuit. Before this, tor would time them out very quickly leading to many + unnecessary retries and thus more load on the network. Fixes bug 40694; + bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40696 b/changes/ticket40696 new file mode 100644 index 0000000000..a2c09f6a83 --- /dev/null +++ b/changes/ticket40696 @@ -0,0 +1,3 @@ + o Minor bugfixes (onion service): + - Make the service retry a rendezvous if the circuit is being repurposed for + measurements. Fixes bug 40696; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40703 b/changes/ticket40703 new file mode 100644 index 0000000000..f005f8f851 --- /dev/null +++ b/changes/ticket40703 @@ -0,0 +1,4 @@ + o Minor feature (performance): + - Bump the maximum amount of CPU to use from 16 to 128. Note that NumCPUs + torrc option overrides this hardcoded maximum. Fixes bug 40703; bugfix on + 0.3.5.1-alpha. diff --git a/changes/ticket40704 b/changes/ticket40704 new file mode 100644 index 0000000000..b1a83488da --- /dev/null +++ b/changes/ticket40704 @@ -0,0 +1,6 @@ + o Minor feature (relay): + - Two new consensus parameters are added to control the wait time in queue + of the onionskins. One of them is the torrc MaxOnionQueueDelay options + which supersedes the consensus parameter. Closes ticket 40704. + - Change a hardcoded value for the maximum of per CPU tasks into a + consensus parameter. diff --git a/changes/ticket40708 b/changes/ticket40708 new file mode 100644 index 0000000000..1c4a044a0b --- /dev/null +++ b/changes/ticket40708 @@ -0,0 +1,3 @@ + o Minor feature (metrics): + - Add various congestion control counters to the MetricsPort. Closes ticket + 40708. diff --git a/changes/ticket40719 b/changes/ticket40719 new file mode 100644 index 0000000000..eec84dce0f --- /dev/null +++ b/changes/ticket40719 @@ -0,0 +1,3 @@ + o Minor bugfixes (cpuworker, relay): + - Fix an off by one overload calculation on the number of CPUs being used by + our thread pool. Fixes bug 40719; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40724 b/changes/ticket40724 new file mode 100644 index 0000000000..aeb6f9ae8b --- /dev/null +++ b/changes/ticket40724 @@ -0,0 +1,3 @@ + o Minor feature (Congestion control metrics): + - Add additional metricsport relay metrics for congestion control. + Closes ticket 40724. diff --git a/changes/ticket40727 b/changes/ticket40727 new file mode 100644 index 0000000000..ce462481f4 --- /dev/null +++ b/changes/ticket40727 @@ -0,0 +1,3 @@ + o Minor bugfixes (relay, metrics): + - Fix typo in a congestion control label on the MetricsPort. Fixes bug + 40727; bugfix on 0.4.7.12. diff --git a/changes/ticket40729 b/changes/ticket40729 new file mode 100644 index 0000000000..1c2d43d14f --- /dev/null +++ b/changes/ticket40729 @@ -0,0 +1,3 @@ + o Minor bugfixes (sandbox, authority): + - With the sandbox enabled, allow to write "my-consensus-{ns|microdesc}" and + to rename them as well. Fixes bug 40729; bugfix on 0.3.5.1-alpha. diff --git a/config.rust.in b/config.rust.in deleted file mode 100644 index 11b671b980..0000000000 --- a/config.rust.in +++ /dev/null @@ -1,24 +0,0 @@ -# Used by our cargo build.rs script to get variables from autoconf. -# -# The "configure" script will generate "config.rust" from "config.rust.in", -# and then build.rs will read "config.rust". - -BUILDDIR=@BUILDDIR@ -TOR_LDFLAGS_zlib=@TOR_LDFLAGS_zlib@ -TOR_LDFLAGS_nss=@TOR_LDFLAGS_nss@ -TOR_LDFLAGS_openssl=@TOR_LDFLAGS_openssl@ -TOR_LDFLAGS_libevent=@TOR_LDFLAGS_libevent@ -TOR_ZLIB_LIBS=@TOR_ZLIB_LIBS@ -TOR_LIB_MATH=@TOR_LIB_MATH@ -TOR_LIBEVENT_LIBS=@TOR_LIBEVENT_LIBS@ -TOR_OPENSSL_LIBS=@TOR_OPENSSL_LIBS@ -TOR_LIB_WS32=@TOR_LIB_WS32@ -TOR_LIB_GDI=@TOR_LIB_GDI@ -TOR_LIB_USERENV=@TOR_LIB_USERENV@ -CURVE25519_LIBS=@CURVE25519_LIBS@ -TOR_SYSTEMD_LIBS=@TOR_SYSTEMD_LIBS@ -TOR_LZMA_LIBS=@TOR_LZMA_LIBS@ -TOR_ZSTD_LIBS=@TOR_ZSTD_LIBS@ -LIBS=@LIBS@ -LDFLAGS=@LDFLAGS@ -NSS_LIBS=@NSS_LIBS@
\ No newline at end of file diff --git a/configure.ac b/configure.ac index bd15215075..27bfca46c1 100644 --- a/configure.ac +++ b/configure.ac @@ -4,11 +4,13 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc. dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.4.5.16-dev]) +AC_INIT([tor],[0.4.7.13]) AC_CONFIG_SRCDIR([src/app/main/tor_main.c]) AC_CONFIG_MACRO_DIR([m4]) configure_flags="$*" +AC_DEFINE_UNQUOTED([CONFIG_FLAGS], ["$configure_flags"], [Flags passed to configure]) + # DO NOT EDIT THIS DEFINITION BY HAND UNLESS YOU KNOW WHAT YOU'RE DOING. # @@ -16,7 +18,7 @@ configure_flags="$*" # version number changes. Tor uses it to make sure that it # only shuts down for missing "required protocols" when those protocols # are listed as required by a consensus after this date. -AC_DEFINE(APPROX_RELEASE_DATE, ["2023-01-12"], # for 0.4.5.16-dev +AC_DEFINE(APPROX_RELEASE_DATE, ["2023-01-12"], # for 0.4.7.13 [Approximate date when this software was released. (Updated when the version changes.)]) # "foreign" means we don't follow GNU package layout standards @@ -73,10 +75,6 @@ AC_ARG_ENABLE(oss-fuzz, AS_HELP_STRING(--enable-oss-fuzz, [build extra fuzzers based on 'oss-fuzz' environment])) AC_ARG_ENABLE(memory-sentinels, AS_HELP_STRING(--disable-memory-sentinels, [disable code that tries to prevent some kinds of memory access bugs. For fuzzing only.])) -AC_ARG_ENABLE(rust, - AS_HELP_STRING(--enable-rust, [enable rust integration])) -AC_ARG_ENABLE(cargo-online-mode, - AS_HELP_STRING(--enable-cargo-online-mode, [Allow cargo to make network requests to fetch crates. For builds with rust only.])) AC_ARG_ENABLE(restart-debugging, AS_HELP_STRING(--enable-restart-debugging, [Build Tor with support for debugging in-process restart. Developers only.])) AC_ARG_ENABLE(zstd-advanced-apis, @@ -113,10 +111,14 @@ AM_CONDITIONAL(COVERAGE_ENABLED, test "x$enable_coverage" = "xyes") AM_CONDITIONAL(DISABLE_ASSERTS_IN_UNIT_TESTS, test "x$enable_asserts_in_tests" = "xno") AM_CONDITIONAL(LIBFUZZER_ENABLED, test "x$enable_libfuzzer" = "xyes") AM_CONDITIONAL(OSS_FUZZ_ENABLED, test "x$enable_oss_fuzz" = "xyes") -AM_CONDITIONAL(USE_RUST, test "x$enable_rust" = "xyes") AM_CONDITIONAL(USE_NSS, test "x$enable_nss" = "xyes") AM_CONDITIONAL(USE_OPENSSL, test "x$enable_nss" != "xyes") +if test "x$enable_coverage" = "xyes"; then + AC_DEFINE(ENABLE_COVERAGE, 1, + [Defined if coverage support is enabled for the unit tests]) +fi + if test "x$enable_nss" = "xyes"; then AC_DEFINE(ENABLE_NSS, 1, [Defined if we're building with NSS.]) @@ -231,6 +233,7 @@ AC_ARG_ENABLE(fragile-hardening, AS_HELP_STRING(--enable-fragile-hardening, [enable more fragile and expensive compiler hardening; makes Tor slower])) if test "x$enable_expensive_hardening" = "xyes" || test "x$enable_fragile_hardening" = "xyes"; then fragile_hardening="yes" + AC_DEFINE(ENABLE_FRAGILE_HARDENING, 1, [Defined if we're building with additional, fragile and expensive compiler hardening]) AC_DEFINE(DEBUG_SMARTLIST, 1, [Enable smartlist debugging]) fi @@ -428,6 +431,17 @@ AC_PROG_MAKE_SET AC_PROG_RANLIB AC_PROG_SED +AX_COMPILER_VERSION +AX_COMPILER_VENDOR + +AC_DEFINE_UNQUOTED([COMPILER_VERSION],["$ax_cv_c_compiler_version"], [Compiler version]) +AC_DEFINE_UNQUOTED([COMPILER_VENDOR],["$ax_cv_c_compiler_vendor"], [Compiler vendor]) + +AS_CASE($ax_cv_c_compiler_vendor, + [gnu], AC_DEFINE([COMPILER],["GCC"],[Compiler name]), + AC_DEFINE([COMPILER],[],[Compiler name]) +) + AC_ARG_VAR([PERL], [path to Perl binary]) AC_CHECK_PROGS([PERL], [perl]) AM_CONDITIONAL(USE_PERL, [test "x$ac_cv_prog_PERL" != "x"]) @@ -443,7 +457,7 @@ AM_CONDITIONAL(BUILD_HTML_DOCS, [test "x$enable_html_manual" != "xno"]) AM_PROG_CC_C_O dnl Before autoconf 2.70, AC_PROG_CC_C99 is supposedly necessary for some -dnl compilers if you wan't C99 support. Starting with 2.70, it is obsolete and +dnl compilers if you want C99 support. Starting with 2.70, it is obsolete and dnl forbidden. m4_version_prereq([2.70], [:], [AC_PROG_CC_C99]) @@ -464,13 +478,6 @@ fi AM_CONDITIONAL(USEPYTHON, [test "x$PYTHON" != "x"]) -dnl List all external rust crates we depend on here. Include the version -rust_crates=" \ - digest-0.7.2 \ - libc-0.2.39 \ -" -AC_SUBST(rust_crates) - ifdef([AC_C_FLEXIBLE_ARRAY_MEMBER], [ AC_C_FLEXIBLE_ARRAY_MEMBER ], [ @@ -623,105 +630,6 @@ fi AC_C_BIGENDIAN -AC_ARG_VAR([TOR_RUST_TARGET], [Rust target, must be specified when cross-compiling (HOST != BUILD). example: i686-pc-windows-gnu]) - -if test "x$enable_rust" = "xyes"; then - AC_ARG_VAR([RUSTC], [path to the rustc binary]) - AC_CHECK_PROG([RUSTC], [rustc], [rustc],[no]) - if test "x$RUSTC" = "xno"; then - AC_MSG_ERROR([rustc unavailable but rust integration requested.]) - fi - - AC_ARG_VAR([CARGO], [path to the cargo binary]) - AC_CHECK_PROG([CARGO], [cargo], [cargo],[no]) - if test "x$CARGO" = "xno"; then - AC_MSG_ERROR([cargo unavailable but rust integration requested.]) - fi - - AC_DEFINE([HAVE_RUST], 1, [have Rust]) - if test "x$enable_fatal_warnings" = "xyes"; then - RUST_WARN= - else - RUST_WARN=# - fi - if test "x$enable_cargo_online_mode" = "xyes"; then - CARGO_ONLINE= - RUST_DL=# - else - CARGO_ONLINE=--frozen - RUST_DL= - - dnl When we're not allowed to touch the network, we need crate dependencies - dnl locally available. - AC_MSG_CHECKING([rust crate dependencies]) - AC_ARG_VAR([TOR_RUST_DEPENDENCIES], [path to directory with local crate mirror]) - if test "x$TOR_RUST_DEPENDENCIES" = "x"; then - TOR_RUST_DEPENDENCIES="${srcdir}/src/ext/rust/crates" - fi - dnl Check whether the path exists before we try to cd into it. - if test ! -d "$TOR_RUST_DEPENDENCIES"; then - AC_MSG_ERROR([Rust dependency directory $TOR_RUST_DEPENDENCIES does not exist. Specify a dependency directory using the TOR_RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.]) - ERRORED=1 - fi - dnl Make the path absolute, since we'll be using it from within a - dnl subdirectory. - TOR_RUST_DEPENDENCIES=$(cd "$TOR_RUST_DEPENDENCIES" ; pwd) - - for dep in $rust_crates; do - if test ! -d "$TOR_RUST_DEPENDENCIES"/"$dep"; then - AC_MSG_ERROR([Failure to find rust dependency $TOR_RUST_DEPENDENCIES/$dep. Specify a dependency directory using the TOR_RUST_DEPENDENCIES variable or allow cargo to fetch crates using --enable-cargo-online-mode.]) - ERRORED=1 - fi - done - if test "x$ERRORED" = "x"; then - AC_MSG_RESULT([yes]) - fi - fi - - dnl For now both MSVC and MinGW rust libraries will output static libs with - dnl the MSVC naming convention. - if test "$bwin32" = "true"; then - tor_rust_static_name=tor_rust.lib - else - tor_rust_static_name=libtor_rust.a - fi - - AC_CANONICAL_BUILD - - if test -n "$TOR_RUST_TARGET"; then - if test "$host" = "$build"; then - AC_MSG_ERROR([HOST = BUILD is invalid if TOR_RUST_TARGET is specified, see configure --help for more information.]) - fi - RUST_TARGET_PROP="target = '$TOR_RUST_TARGET'" - TOR_RUST_LIB_PATH="src/rust/target/$TOR_RUST_TARGET/release/$tor_rust_static_name" - else - if test "$host" != "$build"; then - AC_MSG_ERROR([TOR_RUST_TARGET must be specified when cross-compiling with Rust enabled.]) - fi - RUST_TARGET_PROP= - TOR_RUST_LIB_PATH="src/rust/target/release/$tor_rust_static_name" - fi - - AC_SUBST(RUST_TARGET_PROP) - AC_SUBST(TOR_RUST_LIB_PATH) - AC_SUBST(CARGO_ONLINE) - AC_SUBST(RUST_WARN) - AC_SUBST(RUST_DL) - - dnl Let's check the rustc version, too - AC_MSG_CHECKING([rust version]) - RUSTC_VERSION=`$RUSTC --version` - RUSTC_VERSION_MAJOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 1` - RUSTC_VERSION_MINOR=`$RUSTC --version | cut -d ' ' -f 2 | cut -d '.' -f 2` - if test "x$RUSTC_VERSION_MAJOR" = "x" -o "x$RUSTC_VERSION_MINOR" = "x"; then - AC_MSG_ERROR([rustc version couldn't be identified]) - fi - if test "$RUSTC_VERSION_MAJOR" -lt 2 -a "$RUSTC_VERSION_MINOR" -lt 31; then - AC_MSG_ERROR([rustc must be at least version 1.31.0]) - fi - AC_MSG_RESULT([$RUSTC_VERSION]) -fi - AC_SEARCH_LIBS(socket, [socket network]) AC_SEARCH_LIBS(gethostbyname, [nsl]) AC_SEARCH_LIBS(dlopen, [dl]) @@ -781,6 +689,7 @@ AC_CHECK_FUNCS( readpassphrase \ rint \ sigaction \ + snprintf \ socketpair \ statvfs \ strncasecmp \ @@ -798,7 +707,8 @@ AC_CHECK_FUNCS( uname \ usleep \ vasprintf \ - _vscprintf + _vscprintf \ + vsnprintf ) # Apple messed up when they added some functions: they @@ -897,8 +807,6 @@ if test "$bwin32" = "true"; then TOR_LIB_WS32=-lws2_32 TOR_LIB_IPHLPAPI=-liphlpapi TOR_LIB_SHLWAPI=-lshlwapi - # Some of the cargo-cults recommend -lwsock32 as well, but I don't - # think it's actually necessary. TOR_LIB_GDI=-lgdi32 TOR_LIB_USERENV=-luserenv TOR_LIB_BCRYPT=-lbcrypt @@ -1454,33 +1362,6 @@ if test "$fragile_hardening" = "yes"; then TOR_CHECK_CFLAGS([-fno-omit-frame-pointer]) fi -dnl Find the correct libraries to add in order to use the sanitizers. -dnl -dnl When building Rust, Cargo will run the linker with the -nodefaultlibs -dnl option, which will prevent the compiler from linking the sanitizer -dnl libraries it needs. We need to specify them manually. -dnl -dnl What's more, we need to specify them in a linker script rather than -dnl from build.rs: these options aren't allowed in the cargo:rustc-flags -dnl variable. -RUST_LINKER_OPTIONS="" -if test "x$have_clang" = "xyes"; then - if test "x$CFLAGS_ASAN" != "x"; then - RUST_LINKER_OPTIONS="$RUST_LINKER_OPTIONS -Clink-arg=$CFLAGS_ASAN -Cdefault-linker-libraries" - fi - if test "x$CFLAGS_UBSAN" != "x"; then - RUST_LINKER_OPTIONS="$RUST_LINKER_OPTIONS -Clink-arg=$CFLAGS_UBSAN -Cdefault-linker-libraries" - fi -else - if test "x$CFLAGS_ASAN" != "x"; then - RUST_LINKER_OPTIONS="$RUST_LINKER_OPTIONS -Clink-arg=-fsanitize=address -Cdefault-linker-libraries" - fi - if test "x$CFLAGS_UBSAN" != "x"; then - RUST_LINKER_OPTIONS="$RUST_LINKER_OPTIONS -Clink-arg=-fsanitize=undefined -Cdefault-linker-libraries" - fi -fi -AC_SUBST(RUST_LINKER_OPTIONS) - CFLAGS_BUGTRAP="$CFLAGS_FTRAPV $CFLAGS_ASAN $CFLAGS_UBSAN" CFLAGS_CONSTTIME="$CFLAGS_FWRAPV" @@ -2691,11 +2572,9 @@ CPPFLAGS="$CPPFLAGS $TOR_CPPFLAGS_libevent $TOR_CPPFLAGS_openssl $TOR_CPPFLAGS_z AC_CONFIG_FILES([ Doxyfile Makefile - config.rust contrib/operator-tools/tor.logrotate src/config/torrc.sample src/config/torrc.minimal - src/rust/.cargo/config scripts/maint/checkOptionDocs.pl warning_flags ]) @@ -2771,12 +2650,6 @@ AS_ECHO test "x$enable_fatal_warnings" = "xyes" && value=1 || value=0 PPRINT_PROP_BOOL([Warnings are fatal (--enable-fatal-warnings)], $value) -test "x$enable_rust" = "xyes" && value=1 || value=0 -PPRINT_PROP_BOOL([Rust support (--enable-rust)], $value) - -test "x$enable_cargo_online_mode" = "xyes" && value=1 || value=0 -PPRINT_PROP_BOOL([Cargo Online Fetch (--enable-cargo-online-mode)], $value) - test "x$enable_android" = "xyes" && value=1 || value=0 PPRINT_PROP_BOOL([Android support (--enable-android)], $value) @@ -2819,10 +2692,10 @@ PPRINT_PROP_BOOL([libscrypt (--disable-libscrypt)], $value) test "x$enable_systemd" = "xyes" && value=1 || value=0 PPRINT_PROP_BOOL([Systemd support (--enable-systemd)], $value) -test "x$enable_lzma" = "xyes" && value=1 || value=0 +test "x$have_lzma" = "xyes" && value=1 || value=0 PPRINT_PROP_BOOL([liblzma (--enable-lzma)], $value) -test "x$enable_zstd" = "xyes" && value=1 || value=0 +test "x$have_zstd" = "xyes" && value=1 || value=0 PPRINT_PROP_BOOL([libzstd (--enable-zstd)], $value) AS_ECHO diff --git a/contrib/operator-tools/tor-exit-notice.html b/contrib/operator-tools/tor-exit-notice.html index 278d3de502..cedb3cb353 100644 --- a/contrib/operator-tools/tor-exit-notice.html +++ b/contrib/operator-tools/tor-exit-notice.html @@ -1,18 +1,17 @@ -<?xml version="1.0"?> -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml"> +<!DOCTYPE html> +<html lang="en-US"> <head> -<meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> +<meta charset="UTF-8"> <title>This is a Tor Exit Router</title> - +<meta name="viewport" content="width=device-width, initial-scale=1"> +<link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAAXNSR0IArs4c6QAAAMxQTFRFAAAAcK9AAAAAaK9IAAAAaq9FAAAAaK9EAAAAaa9DAAAAaK9FAAAAaa9EAAAAaK9EAgICZ7FEAgICaLBDAgICZ7BEAQEBaLBEAQEBZ7BEAQEBaLBDAQEBZ7BEHDATAQEB9fje5unQ19nCx8q1uLqnqauZmpuLaLBEiox9e31wbG1iSHkvfkeYXV5UdkOPbj6FZzp8TU5GXzZyVzFpPj84Ty1fRyhWQCRNLy8qLykwJyQmMBs6ICAdKBcwIBMnGA4dEBAPEQoUCQUKAQEBYGuyKwAAACB0Uk5TABAQICAwMEBAUFBgYHBwgICPj5+fr6+/v8/P39/v7+9rEnzIAAABbUlEQVR42n2SbVuCMBSG8TXzpUzN1DTOBoyNmIZOpUJS9///U0f7EFzIno+77z3b2TXrZmo1y5i7oZl3ppXOsFKKHzuL3uu0nDeeF1PfwK3hwjfyiu/7C9MM9yg0ynG7/uT7PcP+vn57f7EMqUduPG+aDA0ibRl4VUNw6Bv4WNJ4p0sr2rYijKWb86B6e/uRA/U8sVke7HaRN+cxBZBEkM8wxJLCgLYkQCIGzGXbMPwoGDMJ4CkHqKPIIbwY+at2EwCBDnCXsa8Qs5/nC7BbIPfcAKRaobA8515UExIh5wwrpFyHmNyDtRIEQJSDkuTqKuzHWUEBFkTIPSaY2l+FSXbIBAWPA9BAuDL5E0ZWJjYVjiDYTwKi9PWI9CErjIQTCAqUg3D0VVjpelZoHWnEObguCKH1EoXviZXLIHbihLgMBNc/yLc2FuQyioMkAgkq0jvkul38sEedRAFL9Gm5Tm9+zPrI1pekp1n3f/UXYAE8WMMDnnoAAAAASUVORK5CYII="> <!-- This notice is intended to be placed on a virtual host for a domain that your Tor exit node IP reverse resolves to so that people who may be about to file an abuse complaint would check it first before bothering you or your ISP. Ex: -http://tor-exit.yourdomain.org or http://tor-readme.yourdomain.org. +https://tor-exit.yourdomain.org or https://tor-readme.yourdomain.org. This type of setup has proven very effective at reducing abuse complaints for exit node operators. @@ -21,213 +20,250 @@ There are a few places in this document that you may want to customize. They are marked with FIXME. --> +<style> +:root{ +--background-color: white; +--text-color: rgb(33, 37, 41); +--link-color: rgb(116, 42, 152); +} +@media (prefers-color-scheme: dark){ +:root{ +--background-color: rgb(34, 34, 34); +--text-color: rgb(221, 221, 221); +--link-color: rgb(219, 142, 255); +} +} +*{ +font-family: Arial; +box-sizing: border-box; +} +html{ +background: var(--background-color); +} +body{ +margin-left: auto; +margin-right: auto; +padding-left: 5vw; +padding-right: 5vw; +max-width: 1000px; +} +h1, p{ +color: var(--text-color); +} +h1{ +font-size: 55px; +text-align: center; +} +p, a{ +font-size: 20px; +} +a{ +color: var(--link-color); +text-decoration: none; +} +a:hover{ +filter: brightness(.8); +text-decoration: underline; +} +.links{ +display: flex; +flex-wrap: wrap; +justify-content: space-evenly; +} +.links > a{ +margin: 10px; +white-space: nowrap; +} +</style> </head> <body> - -<p style="text-align:center; font-size:xx-large; font-weight:bold">This is a -Tor Exit Router</p> +<main> +<h1>This is a Tor Exit Router</h1> +<p style="text-align:center"> +<svg xmlns="http://www.w3.org/2000/svg" width="500" viewBox="0 0 274.3 159.9" style="width:100%;max-width:500px"> +<desc></desc> +<defs> +<style> +.a{fill:none}.b,.e{fill:#895ba5}.b{stroke:#895ba5}.j,.l,.m,.o,.b,.d{stroke-miterlimit:10}.l,.b{stroke-width:.75px}.k,.c,.f{fill:#24093b}.a,.c,.f{stroke:#24093b;stroke-linecap:round;stroke-linejoin:round}.m,.o,.c,.d{stroke-width:.5px}.i,.j,.d{fill:#6fc8b7}.j,.d{stroke:#6fc8b7}.l,.m,.g{fill:#fed916}.h{fill:#fff}.a{stroke-width:1.6px}.j{stroke-width:.68px}.l,.m{stroke:#fed916}.n,.o{fill:#cf63a6}.o{stroke:#cf63a6} +</style> +</defs> +<path d="M153.6 27.5s6.2 13.1 18.1 3c-8-5.7-10.9-7.6-10.9-7.6z" class="c"/> +<path d="M212.9 96.2c3.2 6.5 5.2 13.8 9 20 2.3 3.8 4 4.5 8.3 3.3 8.2-2.3 17.4-6.3 25.6-9.7l-1.2-7.6a7.5 7.5 0 0 1-3.2 1.2c-2 0-4-1-5.8-1.6-1.4-.4-3.9.4-4.6.8-3.5 1.9-4.8 4-7 7-.6-7.8-1.2-15.6-1.5-23.4-6.6 3.4-12.9 7-19.6 10z" class="d"/> +<path d="M217.2 108.6c.6 1.3 1.7 2 1.5 2.8 1.7 1.9 1.8 5.2 3 6.6 2.3-4 5.5-7.4 7.9-11.2.5-1.5 1.8-2.3 2.4-3.3.7-1.8 2.8-4.4 2.4-7.1.6-3.7.4-7.4 1-11-4-5-19.5 18.8-19.5 19.2-.4.5 1.4 2.6 1.3 4zm3.4 6.8c-.4-.3.3-.5 0 0z" class="e"/> +<path d="M221 115.4c-1.2-3.3-.3-9.3 1.4-11.6 2.3-3 5.3-3.6 7.4-5.5 1.7-1.4 3.3-4.8 3.6-5.9 6.3-23.1-13.8 5.3-17.2 11.2 1.6 4 3.1 8 4.9 11.8z" class="f"/> +<path d="M220.6 97c2.5-2.7 5.3-5.1 7.7-8-5-.4-10-.8-14.8-1.5-4.1 5.4-8 11.1-11.9 16.7-8 13.6-14.5 28.2-21.6 42.3a9.1 9.1 0 0 0 5 2c.3.1.8.4 1.2.2.4-.3.4 0 .9-.6.4-.6 0 .4.8-.9 3-4.7 5.4-10.1 9-15.1.6-.9 2.7-2.8 4-4.5a16.8 16.8 0 0 0 2.3-3.2c2.7-4.9 5.5-11.3 9.2-16.8a119.3 119.3 0 0 1 8.2-10.6z" class="d"/> +<path d="M233.4 75.7c0-.1-.2-.1-.2 0v.2zm-3.6 2.3c-2.5 1.1-4.2 2.1-6.5 2.7-2.5 1-5.7.5-7.7 2.8-2.6 2.8-4 6.5-6.7 9.2-2.6 3.5-4.3 7.6-7.4 10.5 0 2.2 2.3 3.3 4 4 1.5.3 2.4 1.8 3.9 2.2 1.5.7 3.3.1 4.3-1.2 2-2 3.4-4.6 5.8-6.1 5.3-4 11.6-6.9 16.1-12 2.6-2.6 4.5-6.7 2.7-10.2-.8-1.4-1.8-3-3.4-3.3-2.1.2-1.1-.1-5.1 1.4z" class="e"/> +<path d="m185.4 133 7 6.2c-2 3.9-4.2 7.6-6.5 11.2-1.8-2.2-3.6-4.3-5.3-6.6a82.4 82.4 0 0 0 4.8-10.9z" class="g"/> +<path d="M182.5 141.4c-1.3 0-1.2 1.3-2.2 2.2a13.9 13.9 0 0 0-1.8 2.3c-.3-2.6 0-4.4-1.4-7-.3-.6-1.8-2.3-3-2.2-.6 0-2.4-.4-3.2.1a12.4 12.4 0 0 0-2.2 1.2c2.6 4 5.2 7.9 7.7 12a24 24 0 0 0 3 3.5l2.8 2.5a103.3 103.3 0 0 0 6-8.8 24.5 24.5 0 0 0-2.6-3.4c-1.1-1.3-1.7-2.5-3-2.4z" class="f"/> +<path d="m168.3 138-.8.6c-.6 1-1 2 0 3 4 4.7 8.1 9.4 12.3 14 1.1 1.3 2 .5 3.3-.1-5-5.9-9.8-11.7-14.8-17.4z" class="e"/> +<path d="m248 113 .1-10.8 12.6-4v10L248 113z" class="g"/> +<path d="M257.4 109.2c1.3.7 2-.6 3.4-1a13.6 13.6 0 0 0 2.8-1.1c-.9 2.7-1.8 4.2-1.5 7.5 0 .7.7 3 1.8 3.7.4.3 1.8 1.7 2.5 1.8a9.4 9.4 0 0 0 2.3.2c-.4-5.3-.9-10.6-1.5-15.8a37.3 37.3 0 0 0-1-5l-1.3-4c-3.2 1.7-6.4 3-9.5 4.9a26.3 26.3 0 0 0 .3 4.7c.4 1.9.3 3.4 1.7 4.1z" class="f"/> +<path d="M269 120.3c.3 0 .7.2.9 0a2.5 2.5 0 0 0 1.3-2.8c-1.4-6.8-2.9-13.7-4.5-20.4-.4-1.7-1.4-1.6-2.7-1.7l5 25z" class="e"/> +<path d="m185.2 134.6 6.5 6.4m58-39.4.1 10.8" class="a"/> +<path d="M188.5 86.7c.4.6.7 1.3.8 2 0 1.2-.4 2-1.4 2.3-2.8.6-5.8 0-8.1-1.7-1.6-1-3-2.4-2.8-4.5" class="d"/> +<path d="M213.8 50.2a55.2 55.2 0 0 0-8.7 14.6 61.4 61.4 0 0 0-4.3 17.4 13.5 13.5 0 0 0-6.8-.7 14.2 14.2 0 0 0-5.5 2.2l-1 4.5-.7 3.2c4.6-.5 9.2.2 14-.2 2.2-.2 3-.5 4.6-3.1 3.6-6.4 7-14 11.2-20.2-1.8-5.8-1.5-11.7-2.8-17.7z" class="d"/> +<path d="m186.7 91.3 1.4-8.5 6-1.1-1.4 9.7-6-.1z" class="b"/> +<path d="M249 83.2a3.5 3.5 0 0 0 2.4-2.3 2.1 2.1 0 0 0-1-2.7c-.9-.3-3.4 1.4-1.8 1.8 1.6.4 2.2-2.2 1.9-3.6-.8-3-2.7-4-5.2-3a5.4 5.4 0 0 0-3.8 5.8c.8 4.5 4.2 4.8 7.6 4z" class="d"/> +<path d="M235.1 82.3a33.1 33.1 0 0 1-.4-16.9c1.8-5.8 4.6-7.7 6.4-12.2a6.3 6.3 0 0 0 .2-2.6c.7-4.3-3.3-6.3-5.7-6.4A46.6 46.6 0 0 0 218 48c-4.5 1.9-5 4.2-7.1 7-2.1 3-1.5 6-1.3 8.2.5 5 2.3 7 3.8 11.1a84 84 0 0 1 4 15.4c5.9-2.8 12-4.5 17.8-7.4z" class="b"/> +<path d="m234.4 58.2.2-.5a15.3 15.3 0 0 1 4.3.7l4 .8 1.9.3a6.3 6.3 0 0 0 3-.3c1.7-.5 3.6-.5 5.2-1.2m-35.8 26.8c2.8-2.9 6.5-4.4 9.9-6a67.1 67.1 0 0 1 6.4-2.8" class="a"/> +<path fill="#6fc8b7" stroke="#6fc8b7" stroke-miterlimit="10" stroke-width=".6" d="M220.3 46.4c-1.4 1.5-5 6.6-.8 6.2 4.3-.4 7.4-4.4 10.5-7.6a77.4 77.4 0 0 0-9.7 1.4z"/> +<path d="M238.3 48.2a2.8 2.8 0 0 0-5.2-1.6c-2.7 3.8-8.9 13.7-3.7 17 5.6 3.5 9.1-10.3 8.9-15.4z" class="f"/> +<path d="M242.6 46c5.8 2.2 12.6 3.7 18.3 6.4 3.3 1.6 3.5 3.9 1.2 7.3-3.3 5-8.3 10.3-12 15.5-1.8-1-3.5-2-5.3-2.8 2.7-4.5 5.3-8.9 8.1-13.2-5.6-.4-10.5-.5-16.4-1.3-.6 0-3.9-1.1-3.6-3.4.2-1.3 0-3.7 1-5.3.3-.3.3-1.2 1.3-1.7 2.3-1.2 4.4-2.7 7.4-1.5z" class="d"/> +<path d="m247.5 67.2 1.5.4 5 1.6c-1.1 2.3-2.6 4.6-4 7q-2.5-2-5.2-3.8" class="b"/> +<path d="M224.6 37a117.1 117.1 0 0 0-5.9 10.2 65.3 65.3 0 0 1 13-2.9q.6-5.7 1.5-11.4l-8.6 4z" class="f"/> +<path d="M218.3 29.7c2.1-6.6 7.7-10 13.8-10.6 4.2 1 7.3 2.6 7 7.6 0 .6 0 .6-.4 1.3-2.1 2.6-6 6-9 8.7-2.4 2.1-4 2.4-6.7 3h-.5c-3.5-2.6-6-4.3-4.2-10z" class="i"/> +<path d="M233.6 29.7c1.2.2 3 .4 3.9 1.2.9.8.2 1.2.3 2.2a3.7 3.7 0 0 1 0 .8 3.5 3.5 0 0 1-.5 1 4.3 4.3 0 0 1-4.1 2.3c-1.6-.1-2-.5-2.2-2.1" class="i"/> +<path d="M235.4 31.5a6.4 6.4 0 0 0 1-.7c3.5-6-3-3.8-1 .7z" class="j"/> +<path d="M224.7 23c-2-4.7.8-8.1 4-11.3 1.6-1.5 5-3.5 7.3-3.2 2.3.2 3 1.5 2 3.8s-3.5 3.8-5.2 5.4c2.2-.2 6-1.8 7.3 1.4 1.4 4-2.4 6.4-5.5 6.8-3.1.3-8.1 1.2-9.9-2.9z" class="f"/> +<path d="m233.7 27.9.6.9m1.9-1 .2.1m-2.6 1.9.7.2m-13.3-4.2c-2.1 1.4-4.3 2.7-6.4 4.2 1.4-.1 2.8.5 4.3.4l.6.1m-2.5 3c4.2.3 8.5-.8 12-3.1" class="a"/> +<path d="M65.3 25.6c-1.9-2-.8-6 2-6.5.7-.2 1.7 0 .7.6-1.7 1.7-3.9 3.4-6.4 3.1a5.2 5.2 0 0 1-5-4c-.6-2.3.2-5 2-6.5 1.7-1.8 3.5-4 6.1-4 6.7-.1-1.8 5.7-.4 2.4.6-1.5 1.3-3 2.3-4.2 2.2-3.2 5.7-5.9 9.7-6 2.7 0 5.9 1.6 6.3 4.5 1.2 9.3-9.6 27-17.3 20.6Z" class="k"/> +<path d="M11.9 82.2c1.3 1.3 2.3 1 4.5.6 2.1-.4 4.4-2.1 6.2-3.9 0 2.4-.8 5-1.3 7.1.5 1.7 2.5-.3 2.8-.8 1.1-2 2.4-3.7 3.9-5.4 1.6-1.4 4-1.2 5.4-2.5 1.9-1.8 2.2-2.8-.6-3.6-2.7-.7-2.8-3-7.2-.1-2.8 1.8-9.6 8.8-13.7 8.6z" class="e"/> +<path d="M55.8 93.4c2.8 7 4.9 15 8.2 21.4 2 4 3.7 5 8 4.3 7.7-1.2 16-4 23.8-4.9l-.2-8.2c-1 .2-2.2.7-3.1.4a23.6 23.6 0 0 1-5-3 5.7 5.7 0 0 0-4.1-.3c-3.5 1.4-4.8 3.5-7.2 6.3l.6-24.6c-7 3-14 5.8-21 8.6z" class="b"/> +<path d="M58.3 99.4c1.3 4.2.8 7 4.8 14.8.4 1 .8 1.4 2.1-.2l10.9-14c1-1.1 1-1.2 1-2 .2-6.5 1.1-10.7 2-16.5-6.7 6.3-13.9 12-20.8 18z" class="k"/> +<path d="M63.5 95c2.8-2.6 5.6-5 8.4-7.4a140.2 140.2 0 0 1-15.8-3.7c-4 5.9-7.5 11.9-11.6 17.8-9.9 14-20.3 28-30.2 42A13.4 13.4 0 0 0 20 146c.4 0 .9.3 1.4.1.5-.2.5 0 1.1-.6.6-.6 0 .3 1.2-1 4-4.6 8-10 13-14.6a51.6 51.6 0 0 0 4.8-4 12.3 12.3 0 0 0 2.8-3c3.2-5 7-11.3 10.9-17.1a134.4 134.4 0 0 1 8.4-10.9z" class="b"/> +<path d="M63.3 78.6c-5-.4-7 4.8-9.5 7.8-2.7 4-5.1 8-7.6 11.9-4.6 4.5 2.9 6.5 5.3 8.9 5 2.7 6.6-5.2 10.3-7.1 3.9-3.9 9.2-5.4 14.3-6.6 3.3-.8 5.1-3.2 6.5-6.5 1.4-4 .8-9.3-2.5-12.1a46.7 46.7 0 0 0-16.8 3.7z" class="k"/> +<path d="m24.3 129.5 5.6 7.2-9.1 11.3c-1.9-2.4-3.7-4.8-5.6-7z" class="l"/> +<path d="M17.9 138.4c-1.6 0-1.8 1.4-3 2.4a15.7 15.7 0 0 0-2.2 2.4c-.4-2.9-.3-4.7-2-7.2-.3-.6-1.7-2.3-3.1-2.3-.5 0-2.4-.4-3.2 0a15.7 15.7 0 0 0-2.4 1.1c2.7 4.2 5.3 8.4 8.2 12.5a27.5 27.5 0 0 0 3.3 3.6c1 1 2 1.8 3 2.6 2.3-3 4.9-5.8 7.1-9a21.8 21.8 0 0 0-2.3-3.5c-1.2-1.4-1.9-2.5-3.4-2.5z" class="f"/> +<path d="m1.6 135-.8.4c-.6 1.3-.9 2 0 3.1 4.2 4.9 8.6 10 13 14.6 1.2 1.2 2.1.5 3.5 0 0 0 0-.1.1 0L1.6 135Z" class="m"/> +<path d="m88.7 115.2 1-11 12-.4-1.5 10.3-11.5 1.1z" class="l"/> +<path d="M97.2 114c1 1.2 1.8.2 3.1.3a9.6 9.6 0 0 0 2.7-.5c-1.2 2.8-2.2 4.4-2.5 7.8-.1.7 0 3.4 1 4.4.3.3 1.3 2 2 2.2a10 10 0 0 0 2.2.6l1.1-16.8a43.8 43.8 0 0 0-.3-5.6l-.6-4.4c-3.1 1-6.3 1.4-9.4 2.5a33.5 33.5 0 0 0-.2 4.7c0 2.1-.1 3.6.9 4.8z" class="f"/> +<path d="M106 129c.2 0 .5.3.8.1 1-.7 1.7-1.1 1.6-2.7-.3-7.2-.5-14.9-1-22-.1-2-1-2-2.3-2.6h-.1l1 27.2z" class="m"/> +<path d="m22.7 131.3 6.1 7.1M91.1 104l-.8 11.1" class="a"/> +<path d="M59.9 50.2c-2.6 2.1-4.8 3.6-6.9 6.2a53.5 53.5 0 0 0-8.2 15.3c-2.1-.3-3.5-.8-5.8-1-2.7-.2-5.4 0-8 .6l.5 6.6v2.6c3.9-.3 9.4 1.6 12.5 2.5 3.1 1 3.8 1 5.9-1.2 5.6-5.5 9.7-12 14.9-17.8-1.8-4.8-3.4-8.8-5-13.8Z" class="b"/> +<path d="M79 75.3a17 17 0 0 1-1.6-10.9c1-5 3.2-8.1 4.4-12.3a7 7 0 0 0 .1-2.5c.3-4-3.8-5-5.9-4.6-5 .8-10.7 3-14.7 4-3.9.8-4.3 2.6-6.6 4.8-2.3 2.2-1.7 4.8-1.7 6.8 0 4.3 1.8 6.8 2.6 10.3 1 4 1.2 7.2 1.4 11.3 7.6-2 14.8-3.5 22.1-6.9Z" class="m"/> +<path d="M63.2 48.1c-1.7 1.7-3.7 4.7-.2 4.8 3.4.1 6.3-3.3 8.7-6.4L63.2 48z" class="b"/> +<path d="M81.3 47.7c-.4-2.8-5-2.9-6.6 0-2.6 4.3-7.6 13-2 15.5 6 2.7 9.6-9.9 8.6-15.5z" class="f"/> +<path d="m66.8 37.6-4 11c3.8-1.2 7.6-1.8 11.4-3.2l1.5-9.6-9 1.8z" class="k"/> +<path d="m30 80.1-.3-8.1a62.1 62.1 0 0 1 9.4-1.5 6.5 6.5 0 0 1 .9 4 19.4 19.4 0 0 1-2.6 6.3 55.3 55.3 0 0 0-7.3-.7z" class="f"/> +<path d="M84.2 52.5c2.1 6 3.9 12.3 6.1 18.2 2.5 0 5.5-.6 7.8-.5a54.5 54.5 0 0 1 14.2 1.8 1.6 1.6 0 0 1 0 3c-7 2.4-15.4 4.2-22.3 5.8a6.5 6.5 0 0 1-5.7-1.5 43 43 0 0 1-10-19c-1-3.8 0-8.7 2.3-12 .5-.8 1.6-.7 2.4-.8h.1c2.2 1.2 4 2.1 5 5z" class="b"/> +<path d="M95.6 70.1c.8.9 3.6 8 10.2 6.7 6.6-1.3 6.9-10.7-10.2-6.7z" class="c"/> +<path d="M56 81.7c3 .4 6 1.1 9 .3a42.4 42.4 0 0 0 15.1-7.2" class="a"/> +<path d="M60.7 34.3c2.2-5.9 7.3-8.1 12.4-8.7a9.4 9.4 0 0 1 3.2 1.7 5.7 5.7 0 0 1 2.5 3.7c0 .6-.4.8-.6 1.1l-5.3 6.7a32.9 32.9 0 0 1-5.1 3.2 12.8 12.8 0 0 1-3.2 1h-.4c-2.6-2.5-5.5-3.6-3.5-8.7z" class="e"/> +<path d="M75.6 32.6c1.3.2 2.7.6 3.7 1.5.3.3.2.7.1 1v1.1c0 .8-.6 1.3-1 1.9a4 4 0 0 1-4.4.8c-.5-.2-.7-.8-.8-1.3l-.1-.4" class="e"/> +<path d="m62.9 31.2-1.6 1.5-1.8 1.5c0 .2-.5.4-.5.5l3.1.4.6.2" class="a"/> +<path d="M79.7 28.6c-4.6-1.5-11-5.8-15.1-4.9-.6.7-.6 1.7-1.2 2.3-.4 1-.2 2.3.8 2.7 3.8 0 12.2 4.9 14.6 4.3.5-2.4 1.4-1.7.9-4.4z" class="n"/> +<path d="M83.4 29.3c-2.1 1.5-5.4 2-7.5.2-2-2-.9-6 2-6.5.7-.3 1.8 0 .6.7-1.7 1.8-4 3.5-6.7 3A5.3 5.3 0 0 1 67 22c5-6 11.8-17.7 18.8-17.8 2.9-.4 6.3 1 7 4 .9 3.5-1.5 7.3-5 7.7-4-.3 2.9-4 4.1-4 2.2-.1 4 1.4 4.8 3.3 1.3 3.4-.3 7.1-2.5 9.7a13 13 0 0 1-7.7 4.5c-2.2 0-4.4-2.3-3.3-4.5 2.2-1.2 4.6.5 1.3 3.7l-1 .6z" class="k"/> +<path d="M63.9 27.6c5.6 2.5 10.4 4.3 15.4 6.4" class="a"/> +<path fill="#fff" stroke="#24093b" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.6" d="M14.5 84.1c1.4-1.7 3.3-2.7 5-3.9 1-.7 1.8-1.6 2.8-2.2m29.4 32.6a26 26 0 0 0 7.2-7.2l3.5-3"/> +<path d="M65.7 34.6c-.2 2-2 4.8 1 5.7M37.4 80.8c4.4 0 8.8 6.8 12.4-.2l4.6-3.3v0" class="a"/> +<path d="M155.4 28.1c-.9 4.1-3.8 7.2-7.5 6.6-3.7-.6-5.4-4.2-4.5-8.3 1-4.2 4-7.1 7.8-6.5 3.8.6 5.2 4.2 4.3 8.3z" class="k"/> +<path d="M142.8 36.6c1.2-2.9 2.6-4.2 5.2-4.8" class="a"/> +<path d="M136.3 93.5c2.3 7.6 3.4 16 6.8 23 2.1 4.3 3.6 5.4 8.2 4.8 8.6-1 17.9-4.6 26.3-7.8l-1.1-8a7.9 7.9 0 0 1-3.4 1.2c-2 0-4-1.1-5.8-1.7-1.3-.6-3.7 0-4.5.4-3.4 1.7-5 3.7-7.3 6.4-.4-8-.3-16-.2-24-6.4 1.8-12.7 3.7-19 5.7z" class="o"/> +<path d="M138 100c1.5 5.7 2.8 10.7 4.6 16.3.5 1.5.8.8 1.3.3a81 81 0 0 0 11-14.2c1-1.3.5-2.6.8-4.3l1.8-13-19.4 14.8Z" class="g"/> +<path d="M142.3 115.6c-1.1-3.5.1-9.5 2-11.7 2.4-3 5.2-2.8 7.5-4.4 1.8-1.1 3.4-4.1 3.9-5.1 1.8-4.5 1.6-7 2-11.3-8.6 8.4-16.2 15.5-19 19.1 1 4.5 2.1 9.1 3.6 13.4z" class="f"/> +<path fill="#cf63a6" stroke="#cf63a6" stroke-miterlimit="10" d="m143.2 96 8-6.4c-4.6-1.7-9-3.6-13.5-5.4-4 4.9-7.7 10-11.5 15l-1 1.4c-10.4 14.8-21 29.6-31.1 44.7a11 11 0 0 0 5.5 2.1c.4 0 .9.4 1.4.1.4-.2.5 0 1-.6.6-.7 0 .3 1.2-1.2 4-5 8.2-10.7 13.2-15.7.9-.8 3.4-2.4 5-4.1 1-.9 2-1.9 2.7-3 3.2-4.9 7-11.2 10.8-16.9 2.6-3.5 5.3-6.8 8.3-10z"/> +<path d="M156.7 82.7c-.4 5.6-.4 6.6-3.8 11.1-1 1.1-2.2 2-3.6 2.7-2.3 1-5.5 2.6-8 3.6l-5.3 5.3c-.9 1.2-.6 1.6-3.7 1-3.8-1-8-3.8-8.2-5 0-.8 1.2-2 1.6-2.6 5-6.5 8.2-10.5 13-17 5.5.2 12.5 1 18 1z" class="g"/> +<path d="m104.5 129.7 5.1 7.7-9.2 12-5.4-7 9.5-12.7z" class="h"/> +<path d="M97.6 139.7c-1.5 0-1.8 1.5-3 2.5a16.3 16.3 0 0 0-2.1 2.5c-.3-2.9-.2-4.6-1.8-7.3-.3-.6-1.8-2.2-3-2.2-.6 0-2.4-.5-3 0a13.6 13.6 0 0 0-2.3 1c2.6 4.1 5.1 8.4 7.8 12.5a28.8 28.8 0 0 0 3 3.6l3 2.7c2.3-3 4.9-6 7-9.2a22.9 22.9 0 0 0-2.2-3.6c-1.3-1.4-1.8-2.6-3.4-2.5z" class="f"/> +<path d="M82 136.2c-.2.2-.6.2-.7.5-.6 1-1 2 0 3 4 5 8.1 10 12.4 14.8 1 1.3 2 .6 3.3 0l-15-18.3Z" class="e"/> +<path d="m169.4 116.6.4-11.2c4.4-1.3 8.7-2.7 13.1-3.8l-.1 10.1-13.4 5z" class="h"/> +<path d="M179.2 112.7c1.4.8 2.3-.5 3.7-.8a13.8 13.8 0 0 0 2.8-1.1c-.9 2.8-1.8 4.5-1.5 7.8 0 .7.6 3 1.7 3.8.4.3 1.6 1.7 2.4 1.8a11 11 0 0 0 2.3.3c-.4-5.4-.7-10.7-1.3-16.1a38 38 0 0 0-1-5.2c-.3-1.6-.7-2.7-1.2-4.2-3.2 1.6-6.6 2.8-9.7 4.7a26.9 26.9 0 0 0 .2 4.7c.3 2 .2 3.5 1.6 4.3z" class="f"/> +<path d="M191 124.6c.1 0 .5.2.7 0 1-.7 1.6-1.3 1.3-2.8-1.2-7-2.5-14-4-21-.5-1.8-1.5-1.6-2.8-2 0 0 0 .1 0 0l4.7 25.8z" class="e"/> +<path d="M102.8 131.7c2 2.8 4 5 5.6 7.6m63-34.5-.1 11.3" class="a"/> +<path d="M139.9 50.3a15.3 15.3 0 0 0-6.7 6.3c-1.2 2.3-1.4 4-3 8.9l-2.5 7a21.1 21.1 0 0 1-8-1.8 24.7 24.7 0 0 1-5.5-3.7 33.1 33.1 0 0 1-3.8 5.2c-.5.5-1.4.9-2 1.4a35.7 35.7 0 0 0 14 8.6c3 .9 5.5 1.6 8.2.9 8-2.1 11.3-14.8 11.7-16.4-.8-5.6-1.5-11-2.4-16.4z" class="o"/> +<path d="M108.2 74c7-3.3 5.8-3 10.9-3.7-.2 1.4-.1 2.8-.8 4-1 1.7-2.6 3-4.5 3.7-2.2-2-3.3-2-5.6-4zM158 84.5c-1.7-4.3-.6-13.4.4-16.7 1.8-5.8 4.1-8.2 5.8-12.7.3-.9.4-1.8.3-2.7.7-4-3-6.5-5.1-6.6-5.2-.3-11.3 1.5-15.2 2.4-4 .8-4 2.6-6 4.7-2.2 2.1-1.5 5-1.5 7 0 4.5 1.6 7.3 2 11.4.6 4.7-.1 9.3-.8 14 6.7-.6 13.4.3 20.2-.8z" class="j"/> +<path d="M145.6 47.2c-1.3 1.6-3.5 5 0 5.3 3.4.4 6.3-3.2 8.5-6q-4.2.2-8.5.7z" class="o"/> +<path d="M164 49.8c-.5-3-5.2-4.4-6.8-1.7-2.7 4.2-8.2 12.4-3 16.3 6 4.3 10.7-8.5 9.8-14.6z" class="f"/> +<path d="M148.9 36q-2 5.8-3.7 11.8l10.5-2 2.3-10.9-9.1 1z" class="k"/> +<path d="M165 35.3a12.8 12.8 0 0 0-8.7-12.3 10.7 10.7 0 0 0-3.8 1 8.8 8.8 0 0 0-4 3.6 1.5 1.5 0 0 0 0 1.4c.9 3 2 5.5 3 8.3a28 28 0 0 0 4 4.5 11.8 11.8 0 0 0 2.8 1.9h.4c3.4-2.2 6.3-2.9 6.2-8.4z" class="n"/> +<path d="M151 30a8 8 0 0 0-4.3 1c-.5.4-.4 1-.6 1.5-.5 1.3-.5 3 .7 4 .9.9 2.3 1.1 3.5.7.7-.2 1.1-1 1.5-1.6" class="n"/> +<path d="M163 31.3c1 .9 1.6 2 2.5 3l1.6 1.7c.1.4-.7 0-1 .1l-2-.1-1.4-.2" class="a"/> +<path d="M167 29.3c4.6 5.4 11.5 10 18.9 8.6 5-1 10-5.6 9.1-11-.4-3.6-4.4-5.7-7.7-4.4-3.2 1-6.5 3.4-10 1.9-3.8-2-5.9-6-9.7-8-6.1-4-15.5-2.7-19.4 3.7a6.4 6.4 0 0 0 1.4 6c2.9 2.7 7.3.4 13 1.6 1.8-.3 3.5-.6 4.4 1.6Zm8.2 6.7-.2-.1zm.8.4c-.5.4 0-.6 0 0zm-1.1-1.7h-.1z" class="k"/> +<path d="M164.6 50.5c1.8 2 2.3 4.9 2.9 7.5.8 4.4 1.2 8.9 2.2 13.3.2 1.4.4 2.8 2.2 2.7 2.7.7 5.9 1.3 7.6 3.7 1.5 2.3.6 5.3 2 7.6.3 1 2.5 2.5.5 1.9-4.4-.5-8.4-2.4-12.7-2.8-6.1 0-7.8-7.5-10.1-12-2.4-6.4-4.5-14-2.1-20.8.5-2.3 2.8-4 5.1-2.5l1.3.6z" class="o"/> +<path fill="none" stroke="#fed916" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.6" d="M148.1 31.8c2.2 1.2 3.7 3 3.2 6s-2.2 4.8-4.8 4.5c-2.6-.4-3.4-3-3.7-5.6"/> +<path d="M138 83.4c2.4 1.3 4.5 3 7.2 3.4 4.5.7 8.7-.3 13.1-1.6m-20.4 0L128.5 97m29.9-60.2a8 8 0 0 0 5.3 2.6m23.2 32.4 1.4-14.8" class="a"/> +<path d="M186.2 88.7c-4.8.9-10.2-1.5-12-6.2-2.9-6.7 1.9-14.6 8.5-16.6 5-2 11.6 0 14 5.2 3.3 7.5-2.8 16.2-10.5 17.6Z" class="g"/> +<path d="M186.2 88.7c-5.2 1-11-2-12.5-7.3-2.2-7.8 4.8-16 12.7-16.3 5.5-.5 10.8 4 11.1 9.6.6 6.7-4.9 12.8-11.3 14Z" class="a"/> +<path d="M185.6 84.4c-3.6.7-7.5-2-7.8-5.7-.2-2.7 1-5.5 3-7.2 1.5-1.2 3.6-2 5.5-2 2.1 0 4.3.8 5.5 2.6 1.9 2.4 1.6 6 0 8.4a8.5 8.5 0 0 1-4.1 3.4c-.7.1-1.4.5-2.1.5Z" class="a"/> +<path d="M185.2 81c-2.5.4-4.7-2.3-3.7-4.7.7-2.8 4.6-4.6 6.8-2.4 2 1.5 1.5 4.5-.3 6-.8.7-1.8 1-2.8 1.1Zm10.3-19.2c-2.1.4-4.3 1-6.4 1.3m-79.6-5-1.8-14.7" class="a"/> +<path d="m112.5 74.7-.7.3-.8.2-.7.1-.8.2-.8.1-.8-.1h-1.6l-.8-.1-.7-.3-.8-.2-.8-.1-.7-.4-.7-.4-.6-.5-.7-.4-.6-.6-.6-.5-.4-.7-.5-.6-.5-.6-.3-.8-.4-.7-.2-.8-.2-.7-.1-.8-.1-.8-.1-.8.1-.7v-.8l.2-.8.1-.8.3-.7.3-.8.3-.7.3-.7.5-.7.4-.6.5-.6.5-.7.5-.5.6-.6.6-.5.6-.5.7-.5.7-.3.7-.3.7-.4.7-.4.8-.1.7-.2.8-.3.8-.1.8-.1.8.1h.8l.8-.1.8.2.7.2.8.2.7.4.8.3.7.3.7.5.6.4.5.6.7.5.5.6.5.6.3.7.4.8.3.7.3.7.2.8.1.8.1.8v.7l.1.8-.2.8-.1.8-.2.8-.2.7-.4.7-.2.8-.4.7-.4.6-.4.7-.6.6-.4.7-.6.5-.5.6-.6.5-.6.5-.7.5-.7.3-.7.3-.7.4z" class="n"/> +<path d="M112.5 74.7c-1.4.5-2.8.9-4.3.8-1.5.1-3-.1-4.5-.6a9.6 9.6 0 0 1-4-2.6 11 11 0 0 1-2.6-4.1c-.9-3-.7-6.1.7-8.8 1-2 2.5-3.7 4.2-5.1 1-1 2.4-1.4 3.6-2 1.7-.4 3.3-1.2 5-.9 2.3-.3 4.5.8 6.5 1.8 1.2 1 2.4 2 3.2 3.3a12 12 0 0 1 1.5 4.8 13.4 13.4 0 0 1-7.8 12.8l-1.5.6z" class="a"/> +<path d="M111.1 70.7c-2.3.8-5.1.5-7.1-1-2.1-1.5-3.4-4.4-2.6-7a8.7 8.7 0 0 1 4.2-5.7 8.6 8.6 0 0 1 7-.8c3.1.9 5.1 4.5 4.4 7.7-.3 2.7-2.3 5-4.6 6.2l-1.3.6z" class="a"/> +<path d="M109.8 67.5c-4 1.2-6.7-4.3-3.5-6.8 2.5-3 8.2-.9 7.1 3.2-.3 1.8-2 3-3.6 3.6zm6.5-20.9-6.3 2.5m-54.1 83.1c-5.3 0-12 8.7-14.5 7.3 2.4-5.3 9.2-7 14.5-7.3Zm72.3 10.1c-4.1 7.4-14 8.5-21.6 7.8a53 53 0 0 1 20.6-8.4l.7.1zm58.1 9.7c4.3-5.7 10.2-22 21-17.9 5 1.7 4.4 10.7-.9 10.7 4.4-9.1 16.3-14.3 25.6-9.3M73.4 60.8c3.3 6.7 6 14 11.6 19.2 6.5 1.4 13.3-1.4 19.7-2.6l5.6-1.5" class="a"/> +<path d="M161.5 158c1.6-3.3 5.6-4.4 8.8-5.6 10-3 20.6-4.7 31-3.5 2.8 0 8.5 2.5 4.4 5.3-1.4 1.1-4 3.3 1.7-2.3a20 20 0 0 1 12.7-5c5.2 0 11 .9 15 4.6 2.2 1.6-1.3 6-2 5.5 2.8-1.9 6.5-1.8 9.7-2 3.2.2 6.8 0 9.5 1.9l.2.4-.5.6" class="o"/> +<path d="M21.9 158.4a204 204 0 0 1 43-9.4c10.8-.8 23-2.8 33.4 1.5 2.4 4.1-7.3 4.4-10.4 5.5-2.6.5-7.7 1.6-2.5-.8a51 51 0 0 1 33.4-1.5c-1.7 3.8-8.9 3-12.8 4.4a207.6 207.6 0 0 1 77.6.6" class="o"/> +<path d="M15 159.2c6.2-5.7 14.2-9 22.2-11.2 4.2-.9 9.4-1 12.4 2.5 1.4 3.4-3 5.2-5.4 6.3-1 .9-2.8.8-1.1-.6 3.3-4 9-5 13.9-3.7 3.4.8 1.2 5.5-1.6 5.3l-2 .8c10-4.6 22.1-4.7 32.2-.4 1.5.4 2.8 1.8.6 1.4l-71.2-.4Z" class="j"/> +<path fill="#6fc8b7" stroke="#6fc8b7" stroke-linecap="round" stroke-linejoin="round" d="M213.7 157.6c4.8-2.7-9-5.2.4-6.8a43 43 0 0 1 8-.8c5.6 0 9.7 1.6 9.3 3-.5 1.5-4.2 2.7-8.5 3.6a10.4 10.4 0 0 1 5.5-3c3.2-.7 8.8-.8 11.5 0 1.8.7 1.7 1.5.4 2.2a27.6 27.6 0 0 1-5.6 1.7 66.4 66.4 0 0 1 20-2.2c7.7.2 15 1.4 19 3.1z"/> +</svg> +</p> <p> -Most likely you are accessing this website because you had some issue with +You are most likely accessing this website because you've had some issue with the traffic coming from this IP. This router is part of the <a href="https://www.torproject.org/">Tor Anonymity Network</a>, which is -dedicated to <a href="https://www.torproject.org/about/overview">providing +dedicated to <a href="https://2019.www.torproject.org/about/overview">providing privacy</a> to people who need it most: average computer users. This router IP should be generating no other traffic, unless it has been compromised.</p> -<p style="text-align:center"> -<a href="https://www.torproject.org/about/overview"> -<img src="data:image/png;base64, -iVBORw0KGgoAAAANSUhEUgAAAQQAAACQCAMAAADZVuXZAAAABGdBTUEAANbY1E9Y -MgAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAGAUExURej4 -6Zycm+Hh4XZ2duTk5LS0tfP79OLc3P/r/6iopv///2ZmZgMDAw8PD/b29v39/cTE -whUVFS8vL/Ly8by8uvv7+vn5+CUlJcXCm+/v7xsbGuzs7E5OTq2trASbBVpaWszM -yaKipDk5ONra2iAhH8/OrX9/fPf35vv77j4+Pvj2zPz82Onp6PPz3t7e3ra2n66s -if7+9b+/v+3t7efn529vb9DQ0GNjY4iIiLi9xtfX15aWldTU1Ofmyy6wMZCQjtkG -Bufl4ZTcmYiLjujo4dbVwmppZmvLcd3czoaHhaSstsjIyMTL07Pmt9ny2sjty/// -/EVBPe/x05WcpZGRkVKzV+Pj3vDuw9vasqOfet/extbd5uPivOVXVvr9+dHY35WU -hefm1IjJi8zR2e+bm/vg4C5PMvfFxf3w8DlyQP/4+Nvj6/77/IuTnZ7KolF8Vv39 -/+bi5v/9/HvCgCU7KLm5uMraylZfa3CZdf3//P3//7TQtu3k7ZwICPn9/eLu7gnB -e20AAB3ZSURBVHja7F2JQ9rY1hdCOh/33YRAQhBDIAGJbLJYwAUqFhfUulu1taO1 -+zZdpp193ve9f/0754ZNwG4683yvHjAJycnJvb977pb8chz6x5X8Y+gf5JuXKxCu -QPgYCE5KiEBGs980CKGACSBYRA4ZhA/5v0kQPJRQIsijQZql8qhMv0kQqtRLNSoG -IPtZ3huZ/CZBoH5SclN11BX1gU9Eole9w1UX+a2CIN/cvwny4/6PN9maLW+ep4d4 -908wsG+bBbu4BYvvLjEI/iJRNU3LZBZuOrP7rn2X62Yms0XkgWcfb9Rnw+HwLC7C -jc1rg6+hfrclawto0rWPcnNhYUHbWvD09kn/XECwFopwHDf29xdgq6/ngn37CwzP -hYXW2nPBIIjlLXeJs1a4pclIKBn1BUa9At0vZPpP3WiEw3sPN1o/r/3ZmA3vbW70 -K8rlLQ4sWmAyFEr6mEkv2Vd71PzZrZlyWVJ0t6NScZhuXpHk93JP/jxBv1g2JIXX -Taalg5a4JV80CNKWOblUKiEG2y0QjC1nT2J+b4Rn62qfufW9cPjhcc9OTSIlsFha -igCszOQIgLAs9mFFSgAWV2ppeQV3QevRUrOJKpQRx01GIskoaI14qVEoei4WBFkq -nEQikUlMsA0CXGa44Dp1mYez4fr/nWFRrYdnT9eLjLQ1GZkEiYT29p76ApBwQRgA -gkRAZ4mhb19XqCUWegpZrSaUphL6KQNB8jv9F+0JiZMQoBBCP7DT4qW5hKsbgvDe -xkeNboTD3QpavBBBkwBrvfE0wLInbPWBEJQKTAsujblDLasPBLE8lm8qQc1CWwJV -Cln/RXtCYiW5HdreDjEMWKlRPbHf8fjw3qfNXpsNb3ZAMAohNPg06Vtfj0C6R4SB -ICiJ7RATLGIEX+DGHvSDULO1oMoEsM5AEY1lL9wT0itRqAgIAfM2SDB1256wgIW8 -93mGxb02DAhCEuRtfX1zY3O97kVcC4e9IGhKArVYg4AXBq3SIBBWmNK2jRTgCX6a -fXfRnpC2fAwAXzMpVKD5tBMONcK/z4Y3Pts084bGQ2wY02Av6gMQNoY2AARhIAhB -KRH1Rdvgo9ZS+oHYB8IJJC+KWuCmUEaU5tIXXx3SXACTAfWNuSRtgQANf/jOFxkP -4vjhAzSM6SiY8z19GtrY+O3FU8SAJgaDYGOPXo4XLo33gzBuNXVYc4VO5R77C0Cw -RgPsEiN2XQDRx5zgBzAq+lLzdRxEBaU0phlRXV9/ITCbwkAQmmrtC58FAmqNtDD4 -CzwB2gRrZGSUQWBfg+JlXA0cGM5e+0LzOJIM7wEIIyPMYL0OfkDR6CAQ0lDJ8cre -Fvjczg25HwSWuK7k/RXVIWV5mX1MSROE4ZTzj6++xLVflHTAa0vbpJA+/KUXhHg6 -wLLW0bJSN3o9oTp+FzRsnGw4aW784scJqRVMRxcEAMK48xzX+J942id0MLCNpu/s -rfdXh9aFm9dd2ekHIZUXOqaYopL6C9qEu1hnGcqtxNxJuc5xDS2e8qG9Vsk1PeFl -uGssgSAMpwNCN/SU5lPf91WHHUloS7OI/gIQUgcH36PcYcI2D1I/ngeEpsk7TZPM -ZuqOCH3H7EY3CKAUH8477p6crJzczQ/H7xwcHPZ5wsHBnTvDw3lbycwN3/n+4ODC -q4ORy+cd+eE8yDCTu458XsqcY4oSVMBkPgcpH0aTYBcs5iRxExrNh93VYTiHx+PD -TcnlhnPxXhBiCuyOd5SGwbDkumAQ/K41Xnc8WF5cNIxFWCzu53leqZ5nsirHJN59 -iCYXbZMLJs8bLhX6jtnwqfzp7mW4bBzEiP+i6LqixHpnkUVJdytVOC7F45JhVHNu -ni9rFzyLJKLmqubu5ttA35WcRU0+D9R+OeMs37170jFZdbk00UMam6TeGXp4ZFes -nMsjBPH1eDyfm3G6ir33E4gItnK5eEvyejXr1NSLvr3mf6cWlUQhkYC/QgHWEiBw -PqQ9fjE7hsZsSRSWVX/L4my9cxsus18eHxtLJMaYLH9X1Po7Zo9YXF4ea0p6bCw+ -UxTPeWNpAAg3dVZc8XhrCRUwN36uiyy2/KpplFX4VqbaFcIjLaoJURxjXybqsNKH -gaokEqDAVGy9Yz540SCoZUX647jwQ8H/g7+AC/8PJKcsn+caIq/s+9GS/7i1Cip8 -q4I1HnbUFn+HS6KrFPxqQS0oCt/bFoGXKgUVTKjHqqqiX23xynf+CwZBlqZ5RR1j -ONsfNcfz1fNcJujmpw9F8F40iiKO6zzfavE2Wq2CDE2cMTYOFQL+ZFDjQbReQGd4 -PgdHZVAbAzU5AambUS8cBF3Xc+nx9Dh+QdJuXXdXz1PtNLCgL47bglk8dLtXc+1m -v1Ufgrrpdg8bceweFrHNM0H6QKiabjOPKobdMjpAqSxe+N1mR61SqdUqJzWQE7as -6K7zgBBUKjVmDFYnTcMOpe3o4ePWjVa3A2S3An+4cFRMReqt7mqWNysVplbZhQ9u -5mIX7Qmqy1BgYDCtoPBsqUjV4HlAEGOS0hKet+1K2XbpzQ61qnvVMNbgUzYMo1w2 -JKkcc/WWsV+bwcNdsmbMaBfdJnhELVMsFjOZTDHDlvgjeK6rwDihyMwwi0VmU+sM -AFpDZ48qBmU5CH9MgrAlqp7+3rZ5EA7jB76i/6J7B7wQfD3wZX8ee8c5xWMb8dgG -PZ5um3sb5N8sl+CB7OzmJQFhW6CKbnZ2U+qzqzMlxOsR2rvZchKmryNdNhxmtF11 -ff/BIFCn5vYKJCCQaAVyKkcILS7B/uTkJBHICEnSIBFGYcPOPXUSjsacpVFCdKrX -3BZRqENNUtNHv5zRsXdZQNCitGa6a5Ye8Eo1pOdEIx676CkRVMGxQkIB96RJ9IiO -nRbNOkOEun1MY8R0R8FjvBkv/PgKVsulAYGSMnXr1pJS9gb5CHi1gx2doT5BQRDc -ZIVWFBeJSQGDgTCDILjZmSUAIUj1edn3dSA0LgsIJqWxIlUoNUZ84Pky1PrsNtSG -DJFKAb9ABKpnKM2QIqUaA4EE6IqEjUiEJnf5JFkSRuUoOs6XU90a65eud/D+7Ulo -1K+6SFJ/6Lk8IHg/0cUFBu302d1mkDvH/Gp243KAYBkVYhGjpApkhVQwR3wJK7+0 -QpYssqKYRHFQaB+IanAe7D1MDZRKFZkatAxNg2NELJe+Ng3dd1v/rb2DGVIE12iV -eiejRFirQRFnoeQVqkeyPhFaTL8gQasn0Qx1ey3Ivy80yY06RzI0S3VoSd0+FQ5+ -ZRr2wpelizRNIRYhmpeGoDeETlJYgmERv0ImvaMwCEgWwe8Ni1AYRgWUEtaNbCg6 -Img4kIgESSwEjvC1IGzOqvbcqCXv2lt+z4Ablv3iuZC7zXSEzggijApgTFimSxHi -otuQJ2WFCCvgByQk0ijkN7SdDZEADyD4RqjkrcGhAICgkSzlaejsMYIoiyKb/Yls -i90/7Dr8poGZW+g/b4uovXNpdX+A/a1zTfXbIFhJEiFWNBYiZpCRmZO4lHXCBxQp -SkrqUiRCuKhTq3i4KjQCAYePWD5eKUHWLUiozw0nn4nBuJbJaAuZhQx+2V+m+1GB -Gma3S7Y8pCBrONNGomNQfE/I+0Jv9sQHP5AtFYyBEnw1DdU853ok0KkOXyhfMlHy -Z4lYNQxJUpo3VySj+l7svoWK/BfZOFYiv5aQnBfa9vmQOSgkE8c93EGPtkwik0uc -VVqyaZYjAqWjBU2+ABD+UlGrW2aJs1i6Q01mZGGsm3sozzLuoLIEGJQiSOFjDEUh -mihke0AoLm9FUKs0GYm0KIYjhfGLAcHim3tC2Ujbr5Py/PSnbayHwx9t31Vjq9Li -hyI7D7k4+2Onihim07KUcNtsx+iLFz/ZvLmAlugHoQBT26W2GnK36MWAINEIX6Uc -8VGZCu5i1BJIhS5Be6m7ynSFeKMh7C8rpESz2aWoANVBwt205cx7JDy7sRc+/iMc -Xr9W72F3iVKhxuihkSard0QQlNMgXAvPhqWEI4R8x1C00fgpwKhb3uWx2AAQbCIj -qD21jdFrC/KFtAnbEuQfxj4zIWck5i1HqpEYrUXlpRjMpXE+7SEwZnAmVZxA+4K1 -aUoCLtq6Zz4bPg5vbOxthGc3r4WHwsenuU2ikbA6DEVWxFQf737Yf4wMLyl9EgK1 -7aivvg46o8jDWOwHYTHhCyEtMhmo16NQFZCzM7ZzMSAsSdRdIYYVBRBmKJmswuho -PiqWYJv6KY6ZHSbN+nTLdBMefIEqNc9I+05pfSNM1vfW12fr9fpGYwAIye0k46Ai -Ow9BcJ8CgTxEEMasZDIZ3Wu82dxcf7jHCEnx9CAQQO3p3oc3mxuohjS3sQvxhBr1 -KQ4cJAjKPI04EQQ6CqNCapZXKM4PRj0kMuIlPoGbhg4SR1QC3nFivrCBbUKY/B4O -16+Fw7NDjeNwHwjRpM1QDNi0QMEc//FU7hrh8J9jFraHjfr6hrr5Z4Nx3OLp3jbB -tZgORKPRp3uN9Q0PMkORrtLH+bx8vYNopJF7yOiXNj2P0vx4D/flYRhZpKDx9reH -mxvKh98YHyc+PsATRsDYT3t7HzY33nzYY6Sd8f8IELgmjxFZ26zszIPelwcaStqy -tQLr64EmOW0xFev3BG+bFPm0yVvqozu+83xE3jWfJPSCAG0bm9p//k2eSHNdO3X5 -uR/O8ITR0dPUyNzBqx4QgtAwjjAe40/1+ghlat47qXu9nhBPe9EWWHvYJkXuHHZ7 -gidrmtPTq9MVaXqad+s8f7/6SHr0aFpf5cvGmoR7p/ndVbUfhPrmtQb5sLlO6jiQ -V5Y02c1leTY9LinEsaLAPo9L4edJJSiVVgh1EK5CXJM+nHG/fHxEHj8jTx4fvRwI -QoqzCYreNoMtfqMXBFnaOfEylLxPnzaJaSM7A0EYYXrepz95myy31CnOp8hz3Pz8 -69XXq6u7q6s6vzoNIkm8vgpbPOzc3X3N/fprZ+DeAuF49uFefe9DIzw0O7RORJgZ -a6OS7qvC8NgbY5Posq9KV6I4oTbozChPyyHemqaGgC8GiXPPjp7978u5J3NngGAJ -p4mR9MaTXlIggHBXaPIYW1qBndT9h71tQgqVuric4DCnQPDIqxYHuZ9eW3vkuH/v -3r1Xznuv7r969epeFn7wj9bWpldXX3OlDuWtBcLvs43NjT1oo0k9XCciLVEtSWoj -2yXsCpJ4B1XiiMuSSEgJKRxxV6DXDIVgpJDUGAhk7ujo+Rw5yxNOTvMTKU0f/Njn -Cam80MNj3N45+OdpQrXHFU/1sh1p4LQnyGuO0vz8CnzmYT1fq813pGbBkRVrxbJ2 -Xf7+NoGBsDlbDzcaJEaTNAO1npZgpBiK4E0DKtLRAI6tKQwdRygZodYolQI+qkI3 -+fyIHB0BEHNneUIqlU6l06kuOfhnPwhMDfXSHe0fYRzVxaj2ZOKppgpTZavUwSkQ -VFdZ+qhAuyAZsaDnq3sHB8W7DN3yyUcNfqfuqN0d7shJrWIqvZ2aeN+s1KwurXyt -4nAoQRxHdd2PDiqOSm24W0DNbXQ3zx5VDmrwaQluaRp+g/aCPdLuont9OQgiCZa/ -7BTk5q3l+Nx+FuS7fScvlWPZPtqdP+iMGW6FV3I4287lcooxE4sVxaHwqTeq1Eys -Kin8cA4UUTcnGTMzzuBF3E8Ad8bVs2cDVEL2yiD8qaASS1+Agiq7lIWFmw8ePMDF -gqSJAzgFHlXM5BaXD/FzuLy8bGiiqoJauB4e6gYLjC3OwPFD9l1c/JetdoZUI58N -whx59vL9c+jmXpKXzxFvzeMRg34RHzwqREagQ5I1DY1gEB1PDIpagMjg0VqQBOVP -3dtSh3O6eReJwnnH3Txs5HLD/cn27y9K7hsdWTQWlx/g7ArG5d3VZrGsLN648T18 -mBxKi8sfSUE5QgR8zOyFho56PgrC/6pzR3NzR48fzz2fO3pG/NSiQepz00nsIoPQ -TBIPHYFZBEzj8Tk9hSl3gPdFHSEOmkyf8XEM3sWme/lXC8pib4L8RanvzLhkjyvf -7HXNy6t9aobyMU9QRG434Ao5aTDr+7gnAAhPnhw9noN6MfeEkEkvdpEW9SUBBPak -lUTKJcM5SQNUIjUFXCAQEUYtxUs/fWtONBT+QSIhqgkRliJsLPO80cfXrSq8qqoJ -f6GAK/hsSYpSttVm20NZTZmOb/kTCdBR/QnU3ZJ4Xj7TD5TQUqTi8KluJ4V29uMg -iOAAT46Ons09hnEPkaI61UrEFcCHD0KQgbA0WeKzkZDOBUmWcqPFQC2iR6CDlGHK -6fkECLzOHzYpfAvwt8jzfNnTr8Xr44zn+ByZfmPIUGxj1a4QLtg7LA4hi/H5GKpd -Gwa1szitfkqzppCM+ETTsEao+6MgfEeePH/58smT5+9exp7B+N+Ixd45CXGio8c8 -WVJGbl/R73cRA73RWY6RLJkpk4wkymUS+wQIVSiDCrYIbpR8vlJxVLK958iGCQd3 -dnZuHOwwycFvs2X64WxrxKi7TVNhChsHBzs3mJr7fMTev2MW6c8YNneP8QKn2XY/ -KVCM8W6zR/jOexbh1t1mQzfNU4oOk6/Klx4Ejxq0iXsZmxjIGHx9TZknmJ2pzpyW -bIfHyOZ1iFUx1q+m+S89CC3OXvdyIFZiW5qbXf3/tZYr+LFJVG0Ne62qFx1E4tLK -X/jU9j8HhC9+MfW/EoSNKxDIqQnENwvCVZtwBUJ3F/lNgzA0ewUC2WxcgUDq9SsQ -SP3hFQjkX1/UJjwnzx//F4JwHP58AN7PPSYqgDD3+BKBIAY1kHFcaMFx9ihgPPil -L3TOHn6e3tzc8/b2JQJBHRj/uS8shSfDsNLGM5qG3wWErHOH9pdZe74tD5AOH/B5 -LyRPLgkI8uLWCmdZVmlyMrLdjKiV7I/HKFa3JF5ncRZrK/jY0KHL77tuvrDJgz9T -eE/GZySp9eaq5BTJD+9bd+GO5nqMPnl8SUDQ4qRU4jiuhGEuk3ZAtxGS7QtFaKCa -xS2xQJCM36X7u+IxMlcQY4ll1CqVJm0aGBKgYsetF9qffFUC/xYQpC0MoYg0xqdP -f7Kz5+0HIYjxGJdKNlTRwOioV1g5FYoQJ9NqVZ0BJQ6sMconRusTjILB3OrZ8wFX -fzb3SWj+JhAizRiK9foLO9LigKCUQWmrFY+xyVQVLHFBPD2HClYTixHkfEYiL96+ -tUOdCnzCYJ4wN/Dyzx7PXQYQMB6jTWNcr7+w+WtCoQ8ETQI1DDa5nWzGpBRKY6dA -qM/ONqqJP0N2hMu39Q/NAJd3myAMlqO5T3WVf48nJJClmXzx22+bmw9/22M0k0Eg -sHiMdjhGRvGiS6cIir8j5fP+2PA2WAOdt/U3gs2BOkmU/e/mnr0cePXHcyCXAgTo -E5J2PMbN9cbZIETbkRZHMXsAQjct7Q8E4d6YEgWg9hpv1pHziUH9qDVmqFDeP5wx -eAIQnn0+CJ5PyDvPV71ArzUDLb798GZjY/1Ng5FtBocibIVjbEaCXOohKO6Fw9Vx -BRmRjcb65tDQev0t0nasdPkPLO+zGsCXR3OfB4InaL5WeH668maNnzZ1nS8/qj4y -Hj2CrbVyeQ0JYKv87u7XBO7Q4uloM8jl5nqIUjso5eIAEAIBXzsSJJKRSqmeUISN -sJHKYczMFy/evtn85cWLn9DWStp4Mtep+R55zSivVWOPsrEZfFATe/XqO6fTmYWt -bPZeNluNzTxak6oDmCrqo9Kv3Ovd3Qry3pD8Nz29Zk5L06vIe9tF3tvr+Xlu6Wui -nIEn+EYZkdFbr4eapLN0f4zWeDpgh1rsxGPsBYH8+SY1HLDJnL/V39h40pNU+air -8VN5rvR69/VuydzddczXKq+xAOH7+nWFZxw+E/LC/Sr3c5ZEifu1yXvT1+7fv3fv -1b1X+uY9EPhhPgJXgHPnS9WvCF+iDSd8yD2EzL198RNtxWPsbxPSAZuh2GbnWYNC -EcabMTPfNj40OXz5nftHnQbBI69y3C6SF9ce7WJGXkFWfrnXzMobdOpVJDL2Ufgw -do+jBENbC8ar3AojvdVqnE1+W5nnkPcGK8t0ql9VHXxeoRPn82wQfALjMdKW4kmf -J4jVnTgLSdmKyWjHIix3hdL2BHmL2zUBhbW13UeP7qPE7BX8mmYgrO5y3M1+EPyZ -KpLb1hjBbY19mmS3bpn5mtfOMFov7REhfae/TUiFGAG8FXHSOzI8IDLnk3iLytnG -Kp46NU4QszizYMKegLMPzzaakW1ws6oNoPD55TblTWuy3ewVUuC0JhPuq2K4aHEk -HB4cfH8nHo8Px+98f4A/B4FgExM7kuoH4dHB99tNujwKtDQB3/epcne6WGwcV7FY -dOECtlwgbGX/tDeC6oAu0uO3n/eqamvdJa1dX/X4Vxs+SKXsb5PImTo4SA0AIY6h -Fu/Y4d4ALvglxQcFpYxjrMYcI4KxM1KnPYH4VVFuvYDZeg+zvaO1T/3EYAkagwud -Ss9MrzoOHzy4gTQUWNwYr7hXpb7WRXSV1/hrhcIPhcRxoaBuZaclo9obblLMKnk3 -EkNZTDtc3HXnc8POM0tH5+x32TPzXzhipNokBTiRR+An6rlf7PcHi1kjXztZbEal -zLvLTlemj1ziUWVt5m5H8k5NlvspnzOG5EiMjeG9lCFYisq0YWTPZqpElBkKXk7K -S2dnZCAIAjKYhckSH1F925P03P8Myy/KMXWLbLWEVMVB9Et1IWvcOFw+vHHjxvLy -jcP4zP6Adz7BVlFy381hhcD4pTmlKH8s3FRkxQoQ6vOWqY/OfDEIk9Sn0SWN+gTx -vBgUWWTWpmCMVqjI/dxHv5R7wPJ/eDizzHiaTxRFHeAvP/KFBIuaiVKIu+SPddsR -KUaNChFik0Swvqg6lJI+frsyaoQooVnunP9MhIi61OeJBt9XeLLOxz0FP0Zb9B9j -XEai9BMUPaL7zuIvdgA+Ow7fncXD/PLZVTYyWaKioAtl6qbKl4BgSFBOSlXKEIn4 -eem8tSHoVpSEmFCRxwllpyYSfqUTj7Gjlud5qRmu8Pn40OB4jKoT0vNDoQAoed7D -Ej5EGuAwbclKkkZivEeOKeK/dSoNuePt3OHi2tBQjtdzff4V5E3TzG20qM07jKg3 -ICilkgMYAc2xhIhxLhM4EDpfLMK/A4RgzmE6zHyO9e05+GDYRbOvXJDIqJ8SXprp -eyuiCjo5xHLHZsju5NyrunH5QWDDWGV6WlLYC1mM0bnWF2kRJj7O7CmJZYt97zGI -MdOBsSgrjoq9cDgqDnPm8oOAw1gMG5HJdFZB8YxAISq2i2yE6setvi5EY1McycAl -LiRjrftNnksLArHjOzZvXJHzBUBRm1McFr2yuSVeePDqb1CuQLgC4QqEKxCuQLgC -4QqEKxA+AsKV/GPoyhEIuQLhCoRPgcBdJ+RW39vFUxxK5/fEbULcnItMdCLBOyb6 -jcWmmL2uo82fvWJyE5+TbLBn31+Y4s74j22xibMucX4QINt696/rnEisqQliTnwK -hKbsfhyEz054r92PJ/OcIJgcZxKrXOUmRBt0sH79NgcFxk1hTM7bLpcFbmC5YlPc -VAx3ViZuTbkmOO62OFHBE9ygzDwBNG5fd+BRNH+bm7ougqFbxDHFldkGAMhxtnHY -F4OfoPQzx7na+1p6aA+ud52Dv1ZiUFkHZTQ6EYM/dsWpWMyyOMfXgoDiuDV1/frU -LfNnnjNv3W5BrDtIjLvOUkN+npgwXZZrhYA7TEDSIE+3retkql0Q1anrLq6MINwG -h/mZHUXzE6Qy8bNJXFPirk54N24w6G3jFXa+wyQOKIef7X0Ondgn2CAAKghuOzGg -XHEQNx8rk6qFyeSuszTFABcrdh5PQK/SJ27ddjgsk2+B4IDsg22WmaoJ7m/pJupf -53DJCvGWxU25On7JPIGdsMuKmJnXJxwIdAzM2Rtsd4UZdzCEYalPEF3fbe1r6dlt -jI4gtBPTUr6ugyvYILA0YZWZOhcIzBOgJlgxO5EdT3DZIIgW1BI3FAuibjEQJnjm -M7ft2l8GC9ZE0xN0d+soywOvExdLvb3R8QSXDUKlma/2vp+bel0gtBPTAsFtkgmu -4wnWuUHYReyh4b9t4ZecbhPsNuw25GkCgIhZrE24Dl4uWrfgtNvXJ1hV1Fttggtr -MTvaAgGrryVC6u0NtrtZ/095QntfS68LhHZiWsq3OM7NibdYm7CCbQIDYcJxNU64 -GixdgXAFwhUIny3/L8AAEAy9MIp/F7YAAAAASUVORK5CYII=" -alt="How Tor works" style="border-style:none"/> -</a></p> +<p> +Tor works by running user traffic through a random chain of encrypted +servers, and then letting the traffic exit the Tor network through an +exit node like this one. This design makes it very hard for a service to +know which user is connecting to it, since it can only see the IP-address +of the Tor exit node:</p> + +<p style="text-align:center;margin:40px 0"> +<svg xmlns="http://www.w3.org/2000/svg" width="500" viewBox="0 0 490.28 293.73" style="width:100%;max-width:600px"> +<desc>Illustration showing how a user might connect to a service through the Tor network. The user first sends their data through three daisy-chained encrypted Tor servers that exist on three different continents. Then the last Tor server in the chain connects to the target service over the normal internet.</desc> +<defs> +<style> +.t{ +fill: var(--text-color); +stroke: var(--text-color); +} +</style> +</defs> +<path fill="#6fc8b7" d="M257.89 69.4c-6.61-6.36-10.62-7.73-18.36-8.62-7.97-1.83-20.06-7.99-24.17-.67-3.29 5.85-18.2 12.3-16.87 2.08.92-7.03 11.06-13.28 17-17.37 8.69-5.99 24.97-2.87 26.1-10.28 1.04-6.86-8.33-13.22-8.55-2.3-.38 12.84-19.62 2.24-8.73-6.2 8.92-6.9 16.05-9.02 25.61-6.15 12.37 4.83 25.58-2.05 33.73-.71 12.37-2.01 24.69-5.25 37.39-3.96 13 .43 24.08-.14 37.06.63 9.8 1.58 16.5 2.87 26.37 3.6 6.6.48 17.68-.82 24.3 1.9 8.3 4.24.44 10.94-6.89 11.8-8.79 1.05-23.59-1.19-26.6 1.86-5.8 7.41 10.75 5.68 11.27 14.54.57 9.45-5.42 9.38-8.72 16-2.7 4.2.3 13.93-1.18 18.45-1.85 5.64-19.64 4.47-14.7 14.4 4.16 8.34 1.17 19.14-10.33 12.02-5.88-3.65-9.85-22.04-15.66-21.9-11.06.27-11.37 13.18-12.7 17.52-1.3 4.27-3.79 2.33-6-.63-3.54-4.76-7.75-14.22-12.01-17.32-6.12-4.46-10.75-1.17-15.55 2.83-5.63 4.69-8.78 7.82-7.46 16.5.78 9.1-12.9 15.84-14.98 24.09-2.61 10.32-2.57 22.12-8.81 31.47-4 5.98-14.03 20.12-21.27 14.97-7.5-5.34-7.22-14.6-9.56-23.08-2.5-9.02.6-17.35-2.57-26.2-2.45-6.82-6.23-14.54-13.01-13.24-6.5.92-15.08 1.38-19.23-2.97-5.65-5.93-6-10.1-6.61-18.56 1.65-6.94 5.79-12.64 10.38-18.63 3.4-4.42 17.45-10.39 25.26-7.83 10.35 3.38 17.43 10.5 28.95 8.57 3.12-.53 9.14-4.65 7.1-6.62zm-145.6 37.27c-4.96-1.27-11.57 1.13-11.8 6.94-1.48 5.59-4.82 10.62-5.8 16.32.56 6.42 4.34 12.02 8.18 16.97 3.72 3.85 8.58 7.37 9.3 13.1 1.24 5.88 1.6 11.92 2.28 17.87.34 9.37.95 19.67 7.29 27.16 4.26 3.83 8.4-2.15 6.52-6.3-.54-4.54-.6-9.11 1.01-13.27 4.2-6.7 7.32-10.57 12.44-16.64 5.6-7.16 12.74-11.75 14-20.9.56-4.26 5.72-13.86 1.7-16.72-3.14-2.3-15.83-4-18.86-6.49-2.36-1.71-3.86-9.2-9.86-12.07-4.91-3.1-10.28-6.73-16.4-5.97zm11.16-49.42c6.13-2.93 10.58-4.77 14.61-10.25 3.5-4.28 2.46-12.62-2.59-15.45-7.27-3.22-13.08 5.78-18.81 8.71-5.96 4.2-12.07-5.48-6.44-10.6 5.53-4.13.38-9.2-5.66-8.48-6.12.8-12.48-1.45-18.6-1.73-5.3-.7-10.13-1-15.45-1.37-5.37-.05-16.51-2.23-25.13.87-5.42 1.79-12.5 5.3-16.73 9.06-4.85 4.2.2 7.56 5.54 7.45 5.3-.22 16.8-5.36 20.16.98 3.68 8.13-5.82 18.29-5.2 26.69.1 6.2 3.37 11 4.74 16.98 1.62 5.94 6.17 10.45 10 15.14 4.7 5.06 13.06 6.3 19.53 8.23 7.46.14 3.34-9.23 3.01-14.11 1.77-7.15 8.49-7.82 12.68-13.5 7.14-7.72 16.41-13.4 24.34-18.62zM190.88 3.1c-4.69 0-13.33.04-18.17-.34-7.65.12-13.1-.62-19.48-1.09-3.67.39-9.09 3.34-5.28 7.04 3.8.94 7.32 4.92 7.1 9.31 1.32 4.68 1.2 11.96 6.53 13.88 4.76-.2 7.12-7.6 11.93-8.25 6.85-2.05 12.5-4.58 17.87-9.09 2.48-2.76 7.94-6.38 5.26-10.33-1.55-1.31-2.18-.64-5.76-1.13zm178.81 157.37c-2.66 10.08-5.88 24.97 9.4 15.43 7.97-5.72 12.58-2.02 17.47 1.15.5.43 2.65 9.2 7.19 8.53 5.43-2.1 11.55-5.1 14.96-11.2 2.6-4.62 3.6-12.39 2.76-13.22-3.18-3.43-6.24-11.03-7.7-15.1-.76-2.14-2.24-2.6-2.74-.4-2.82 12.85-6.04 1.22-10.12-.05-8.2-1.67-29.62 7.17-31.22 14.86z"/> +<g fill="none"> +<path stroke="#cf63a6" stroke-linecap="round" stroke-width="2.76" d="M135.2 140.58c61.4-3.82 115.95-118.83 151.45-103.33"/> +<path stroke="#cf63a6" stroke-linecap="round" stroke-width="2.76" d="M74.43 46.66c38.15 8.21 64.05 42.26 60.78 93.92M286.65 37.25c-9.6 39.44-3.57 57.12-35.64 91.98"/> +<path stroke="#e4c101" stroke-dasharray="9.06,2.265" stroke-width="2.27" d="M397.92 162.52c-31.38 1.26-90.89-53.54-148.3-36.17"/> +<path stroke="#cf63a6" stroke-linecap="round" stroke-width="2.77" d="M17.6 245.88c14.35 0 14.4.05 28-.03"/> +<path stroke="#e3bf01" stroke-dasharray="9.06,2.265" stroke-width="2.27" d="M46.26 274.14c-17.52-.12-16.68.08-30.34.07"/> +</g> +<g transform="translate(120.8 -35.81)"> +<circle cx="509.78" cy="68.74" r="18.12" fill="#240a3b" transform="translate(-93.3 38.03) scale(.50637)"/> +<circle cx="440.95" cy="251.87" r="18.12" fill="#240a3b" transform="translate(-93.3 38.03) scale(.50637)"/> +<circle cx="212.62" cy="272.19" r="18.12" fill="#240a3b" transform="translate(-93.3 38.03) scale(.50637)"/> +<circle cx="92.12" cy="87.56" r="18.12" fill="#240a3b" transform="translate(-93.3 38.03) scale(.50637)"/> +<circle cx="730.88" cy="315.83" r="18.12" fill="#67727b" transform="translate(-93.3 38.03) scale(.50637)"/> +<circle cx="-102.85" cy="282.18" r="9.18" fill="#240a3b"/> +<circle cx="-102.85" cy="309.94" r="9.18" fill="#67727b"/> +</g> +<g class="t"> +<text xml:space="preserve" x="-24.76" y="10.37" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="-24.76" y="10.37">The user</tspan></text> +<text xml:space="preserve" x="150.63" y="196.62" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="150.63" y="196.62">This server</tspan></text> +<text xml:space="preserve" x="346.39" y="202.63" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="346.39" y="202.63">Your service</tspan></text> +<text xml:space="preserve" x="34.52" y="249.07" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="34.52" y="249.07">Tor encrypted link</tspan></text> +<text xml:space="preserve" x="34.13" y="276.05" stroke-width=".26" font-size="16.93" font-weight="700" style="line-height:1.25" transform="translate(27.79 2.5)" word-spacing="0"><tspan x="34.13" y="276.05">Unencrypted link</tspan></text> +<path fill="none" stroke-linecap="round" stroke-width="1.67" d="M222.6 184.1c-2.6-15.27 8.95-23.6 18.43-38.86m186.75 45.61c-.68-10.17-9.4-17.68-18.08-23.49"/> +<path fill="none" stroke-linecap="round" stroke-width="1.67" d="M240.99 153.41c.35-3.41 1.19-6.17.04-8.17m-7.15 5.48c1.83-2.8 4.58-4.45 7.15-5.48"/> +<path fill="none" stroke-linecap="round" stroke-width="1.67" d="M412.43 173.21c-2.2-3.15-2.54-3.85-2.73-5.85m0 0c2.46-.65 3.85.01 6.67 1.24M61.62 40.8C48.89 36.98 36.45 27.54 36.9 18.96M61.62 40.8c.05-2.58-3.58-4.8-5.25-5.26m-2.65 6.04c1.8.54 6.8 1.31 7.9-.78"/> +<path fill="none" stroke-linecap="round" stroke-linejoin="round" stroke-width="2.44" d="M1.22 229.4h247.74v63.1H1.22z"/> +</g> +</svg> +</p> + +<p> +<a href="https://2019.www.torproject.org/about/overview">Read more about how Tor works.</a></p> <p> -Tor sees use by <a href="https://www.torproject.org/about/torusers">many +Tor sees use by <a href="https://2019.www.torproject.org/about/torusers">many important segments of the population</a>, including whistle blowers, journalists, Chinese dissidents skirting the Great Firewall and oppressive censorship, abuse victims, stalker targets, the US military, and law enforcement, just to name a few. While Tor is not designed for malicious computer users, it is true that they can use the network for malicious ends. In reality however, the actual amount of <a -href="https://www.torproject.org/docs/faq-abuse">abuse</a> is quite low. This +href="https://support.torproject.org/abuse/">abuse</a> is quite low. This is largely because criminals and hackers have significantly better access to privacy and anonymity than do the regular users whom they prey upon. Criminals can and do <a -href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html">build, +href="https://web.archive.org/web/20200131013910/http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_tools.html">build, sell, and trade</a> far larger and <a -href="http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html">more +href="https://web.archive.org/web/20200131013908/http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_distributing_your.html">more powerful networks</a> than Tor on a daily basis. Thus, in the mind of this operator, the social need for easily accessible censorship-resistant private, anonymous communication trumps the risk of unskilled bad actors, who are @@ -256,7 +292,7 @@ Furthermore, this machine also serves as a carrier of email, which means that its contents are further protected under the ECPA. <a href="https://www.law.cornell.edu/uscode/text/18/2707">18 USC 2707</a> explicitly allows for civil remedies ($1000/account -<i><b>plus</b></i> legal fees) +<i>plus</i> legal fees) in the event of a seizure executed without good faith or probable cause (it should be clear at this point that traffic with an originating IP address of FIXME_DNS_NAME should not constitute probable cause to seize the @@ -275,16 +311,16 @@ equipment, in accordance with <a href="https://www.law.cornell.edu/uscode/text/17/512">DMCA "safe harbor" provisions</a>. In other words, you will have just as much luck sending a takedown notice to the Internet backbone providers. Please consult -<a href="https://www.torproject.org/eff/tor-dmca-response">EFF's prepared +<a href="https://community.torproject.org/relay/community-resources/eff-tor-legal-faq/tor-dmca-response/">EFF's prepared response</a> for more information on this matter.</p> <p>For more information, please consult the following documentation:</p> -<ol> -<li><a href="https://www.torproject.org/about/overview">Tor Overview</a></li> -<li><a href="https://www.torproject.org/docs/faq-abuse">Tor Abuse FAQ</a></li> -<li><a href="https://www.torproject.org/eff/tor-legal-faq">Tor Legal FAQ</a></li> -</ol> +<div class="links"> +<a href="https://2019.www.torproject.org/about/overview">Tor Overview</a> +<a href="https://support.torproject.org/abuse/">Tor Abuse FAQ</a> +<a href="https://community.torproject.org/relay/community-resources/eff-tor-legal-faq/">Tor Legal FAQ</a> +</div> <p> That being said, if you still have a complaint about the router, you may @@ -298,14 +334,15 @@ already blocked.</p> <p> You also have the option of blocking this IP address and others on the Tor network if you so desire. The Tor project provides a <a -href="https://check.torproject.org/cgi-bin/TorBulkExitList.py">web service</a> +href="https://check.torproject.org/torbulkexitlist">web service</a> to fetch a list of all IP addresses of Tor exit nodes that allow exiting to a specified IP:port combination, and an official <a -href="https://www.torproject.org/tordnsel/dist/">DNSRBL</a> is also available to +href="https://dist.torproject.org/tordnsel/">DNSRBL</a> is also available to determine if a given IP address is actually a Tor exit server. Please be considerate when using these options. It would be unfortunate to deny all Tor users access to your site indefinitely simply because of a few bad apples.</p> +</main> </body> </html> diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index 94f2e2453d..7fe5042f01 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.4.5.16-dev" +!define VERSION "0.4.7.13" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/doc/HACKING/CircuitPaddingDevelopment.md b/doc/HACKING/CircuitPaddingDevelopment.md index 95ffbae4dd..e4aa9ddd09 100644 --- a/doc/HACKING/CircuitPaddingDevelopment.md +++ b/doc/HACKING/CircuitPaddingDevelopment.md @@ -381,11 +381,10 @@ use case. #### 2.2.2. Detecting and Negotiating Machine Support When a new machine specification is added to Tor (or removed from Tor), you -should bump the Padding subprotocol version in `src/core/or/protover.c` and -`src/rust/protover/protover.rs`, add a field to `protover_summary_flags_t` in -`or.h`, and set this field in `memoize_protover_summary()` in versions.c. This -new field must then be checked in `circpad_node_supports_padding()` in -`circuitpadding.c`. +should bump the Padding subprotocol version in `src/core/or/protover.c`, add a +field to `protover_summary_flags_t` in `or.h`, and set this field in +`memoize_protover_summary()` in versions.c. This new field must then be +checked in `circpad_node_supports_padding()` in `circuitpadding.c`. Note that this protocol version update and associated support check is not necessary if your experiments will *only* be using your own relays that diff --git a/doc/HACKING/CodingStandards.md b/doc/HACKING/CodingStandards.md index cd3417d0b5..c5dd6c744f 100644 --- a/doc/HACKING/CodingStandards.md +++ b/doc/HACKING/CodingStandards.md @@ -59,7 +59,7 @@ Some compatible licenses include: Each main development series (like 0.2.1, 0.2.2, etc) has its main work applied to a single branch. At most one series can be the development series at a time; all other series are maintenance series that get bug-fixes only. -The development series is built in a git branch called "master"; the +The development series is built in a git branch called "main"; the maintenance series are built in branches called "maint-0.2.0", "maint-0.2.1", and so on. We regularly merge the active maint branches forward. @@ -75,7 +75,7 @@ If you're working on a bugfix for a bug that occurs in a particular version, base your bugfix branch on the "maint" branch for the first supported series that has that bug. (As of June 2013, we're supporting 0.2.3 and later.) -If you're working on a new feature, base it on the master branch. If you're +If you're working on a new feature, base it on the main branch. If you're working on a new feature and it will take a while to implement and/or you'd like to avoid the possibility of unrelated bugs in Tor while you're implementing your feature, consider branching off of the latest maint- branch. diff --git a/doc/HACKING/CodingStandardsRust.md b/doc/HACKING/CodingStandardsRust.md deleted file mode 100644 index c821465173..0000000000 --- a/doc/HACKING/CodingStandardsRust.md +++ /dev/null @@ -1,553 +0,0 @@ -# Rust Coding Standards - -You MUST follow the standards laid out in `doc/HACKING/CodingStandards.md`, -where applicable. - -## Module/Crate Declarations - -Each Tor C module which is being rewritten MUST be in its own crate. -See the structure of `src/rust` for examples. - -In your crate, you MUST use `lib.rs` ONLY for pulling in external -crates (e.g. `extern crate libc;`) and exporting public objects from -other Rust modules (e.g. `pub use mymodule::foo;`). For example, if -you create a crate in `src/rust/yourcrate`, your Rust code should -live in `src/rust/yourcrate/yourcode.rs` and the public interface -to it should be exported in `src/rust/yourcrate/lib.rs`. - -If your code is to be called from Tor C code, you MUST define a safe -`ffi.rs`. See the "Safety" section further down for more details. - -For example, in a hypothetical `tor_addition` Rust module: - -In `src/rust/tor_addition/addition.rs`: - -```rust -pub fn get_sum(a: i32, b: i32) -> i32 { - a + b -} -``` - -In `src/rust/tor_addition/lib.rs`: - -```rust -pub use addition::*; -``` - -In `src/rust/tor_addition/ffi.rs`: - -```rust -#[no_mangle] -pub extern "C" fn tor_get_sum(a: c_int, b: c_int) -> c_int { - get_sum(a, b) -} -``` - -If your Rust code must call out to parts of Tor's C code, you must -declare the functions you are calling in the `external` crate, located -at `src/rust/external`. - -<!-- XXX get better examples of how to declare these externs, when/how they --> -<!-- XXX are unsafe, what they are expected to do —isis --> - -Modules should strive to be below 500 lines (tests excluded). Single -responsibility and limited dependencies should be a guiding standard. - -If you have any external modules as dependencies (e.g. `extern crate -libc;`), you MUST declare them in your crate's `lib.rs` and NOT in any -other module. - -## Dependencies and versions - -In general, we use modules from only the Rust standard library -whenever possible. We will review including external crates on a -case-by-case basis. - -If a crate only contains traits meant for compatibility between Rust -crates, such as [the digest crate](https://crates.io/crates/digest) or -[the failure crate](https://crates.io/crates/failure), it is very likely -permissible to add it as a dependency. However, a brief review should -be conducted as to the usefulness of implementing external traits -(i.e. how widespread is the usage, how many other crates either -implement the traits or have trait bounds based upon them), as well as -the stability of the traits (i.e. if the trait is going to change, we'll -potentially have to re-do all our implementations of it). - -For large external libraries, especially which implement features which -would be labour-intensive to reproduce/maintain ourselves, such as -cryptographic or mathematical/statistics libraries, only crates which -have stabilised to 1.0.0 should be considered, however, again, we may -make exceptions on a case-by-case basis. - -Currently, Tor requires that you use the latest stable Rust version. At -some point in the future, we will freeze on a given stable Rust version, -to ensure backward compatibility with stable distributions that ship it. - -## Updating/Adding Dependencies - -To add/remove/update dependencies, first add your dependencies, -exactly specifying their versions, into the appropriate *crate-level* -`Cargo.toml` in `src/rust/` (i.e. *not* `/src/rust/Cargo.toml`, but -instead the one for your crate). Also, investigate whether your -dependency has any optional dependencies which are unnecessary but are -enabled by default. If so, you'll likely be able to enable/disable -them via some feature, e.g.: - -```toml -[dependencies] -foo = { version = "1.0.0", default-features = false } -``` - -Next, run `/scripts/maint/updateRustDependencies.sh`. Then, go into -`src/ext/rust` and commit the changes to the `tor-rust-dependencies` -repo. - -## Documentation - -You MUST include `#![deny(missing_docs)]` in your crate. - -For function/method comments, you SHOULD include a one-sentence, "first person" -description of function behaviour (see requirements for documentation as -described in `src/HACKING/CodingStandards.md`), then an `# Inputs` section -for inputs or initialisation values, a `# Returns` section for return -values/types, a `# Warning` section containing warnings for unsafe behaviours or -panics that could happen. For publicly accessible -types/constants/objects/functions/methods, you SHOULD also include an -`# Examples` section with runnable doctests. - -You MUST document your module with _module docstring_ comments, -i.e. `//!` at the beginning of each line. - -## Style - -You SHOULD consider breaking up large literal numbers with `_` when it makes it -more human readable to do so, e.g. `let x: u64 = 100_000_000_000`. - -## Testing - -All code MUST be unittested and integration tested. - -Public functions/objects exported from a crate SHOULD include doctests -describing how the function/object is expected to be used. - -Integration tests SHOULD go into a `tests/` directory inside your -crate. Unittests SHOULD go into their own module inside the module -they are testing, e.g. in `src/rust/tor_addition/addition.rs` you -should put: - -```rust -#[cfg(test)] -mod test { - use super::*; - -#[test] - fn addition_with_zero() { - let sum: i32 = get_sum(5i32, 0i32); - assert_eq!(sum, 5); - } -} -``` - -## Benchmarking - -The external `test` crate can be used for most benchmarking. However, using -this crate requires nightly Rust. Since we may want to switch to a more -stable Rust compiler eventually, we shouldn't do things which will automatically -break builds for stable compilers. Therefore, you MUST feature-gate your -benchmarks in the following manner. - -If you wish to benchmark some of your Rust code, you MUST put the -following in the `[features]` section of your crate's `Cargo.toml`: - -```toml -[features] -bench = [] -``` - -Next, in your crate's `lib.rs` you MUST put: - -```rust -#[cfg(all(test, feature = "bench"))] -extern crate test; -``` - -This ensures that the external crate `test`, which contains utilities -for basic benchmarks, is only used when running benchmarks via `cargo -bench --features bench`. - -Finally, to write your benchmark code, in -`src/rust/tor_addition/addition.rs` you SHOULD put: - -```rust -#[cfg(all(test, features = "bench"))] -mod bench { - use test::Bencher; - use super::*; - -#[bench] - fn addition_small_integers(b: &mut Bencher) { - b.iter(| | get_sum(5i32, 0i32)); - } -} -``` - -## Fuzzing - -If you wish to fuzz parts of your code, please see the -[cargo fuzz](https://github.com/rust-fuzz/cargo-fuzz) crate, which uses -[libfuzzer-sys](https://github.com/rust-fuzz/libfuzzer-sys). - -## Whitespace & Formatting - -You MUST run `rustfmt` (https://github.com/rust-lang-nursery/rustfmt) -on your code before your code will be merged. You can install rustfmt -by doing `cargo install rustfmt-nightly` and then run it with `cargo -fmt`. - -## Safety - -You SHOULD read [the nomicon](https://doc.rust-lang.org/nomicon/) before writing -Rust FFI code. It is *highly advised* that you read and write normal Rust code -before attempting to write FFI or any other unsafe code. - -Here are some additional bits of advice and rules: - -0. Any behaviours which Rust considers to be undefined are forbidden - - From https://doc.rust-lang.org/reference/behavior-considered-undefined.html: - - > Behavior considered undefined - > - > The following is a list of behavior which is forbidden in all Rust code, - > including within unsafe blocks and unsafe functions. Type checking provides the - > guarantee that these issues are never caused by safe code. - > - > * Data races - > * Dereferencing a null/dangling raw pointer - > * Reads of [undef](https://llvm.org/docs/LangRef.html#undefined-values) - > (uninitialized) memory - > * Breaking the - > [pointer aliasing rules](https://llvm.org/docs/LangRef.html#pointer-aliasing-rules) - > with raw pointers (a subset of the rules used by C) - > * `&mut T` and `&T` follow LLVM’s scoped noalias model, except if the `&T` - > contains an `UnsafeCell<U>`. Unsafe code must not violate these aliasing - > guarantees. - > * Mutating non-mutable data (that is, data reached through a shared - > reference or data owned by a `let` binding), unless that data is - > contained within an `UnsafeCell<U>`. - > * Invoking undefined behavior via compiler intrinsics: - > - Indexing outside of the bounds of an object with - > `std::ptr::offset` (`offset` intrinsic), with the exception of - > one byte past the end which is permitted. - > - Using `std::ptr::copy_nonoverlapping_memory` (`memcpy32`/`memcpy64` - > intrinsics) on overlapping buffers - > * Invalid values in primitive types, even in private fields/locals: - > - Dangling/null references or boxes - > - A value other than `false` (0) or `true` (1) in a `bool` - > - A discriminant in an `enum` not included in the type definition - > - A value in a `char` which is a surrogate or above `char::MAX` - > - Non-UTF-8 byte sequences in a `str` - > * Unwinding into Rust from foreign code or unwinding from Rust into foreign - > code. Rust's failure system is not compatible with exception handling in other - > languages. Unwinding must be caught and handled at FFI boundaries. - -1. `unwrap()` - - If you call `unwrap()`, anywhere, even in a test, you MUST include - an inline comment stating how the unwrap will either 1) never fail, - or 2) should fail (i.e. in a unittest). - - You SHOULD NOT use `unwrap()` anywhere in which it is possible to handle the - potential error with the eel operator, `?` or another non panicking way. - For example, consider a function which parses a string into an integer: - - ```rust - fn parse_port_number(config_string: &str) -> u16 { - u16::from_str_radix(config_string, 10).unwrap() - } - ``` - - There are numerous ways this can fail, and the `unwrap()` will cause the - whole program to byte the dust! Instead, either you SHOULD use `ok()` - (or another equivalent function which will return an `Option` or a `Result`) - and change the return type to be compatible: - - ```rust - fn parse_port_number(config_string: &str) -> Option<u16> { - u16::from_str_radix(config_string, 10).ok() - } - ``` - - or you SHOULD use `or()` (or another similar method): - - ```rust - fn parse_port_number(config_string: &str) -> Option<u16> { - u16::from_str_radix(config_string, 10).or(Err("Couldn't parse port into a u16") - } - ``` - - Using methods like `or()` can be particularly handy when you must do - something afterwards with the data, for example, if we wanted to guarantee - that the port is high. Combining these methods with the eel operator (`?`) - makes this even easier: - - ```rust - fn parse_port_number(config_string: &str) -> Result<u16, Err> { - let port = u16::from_str_radix(config_string, 10).or(Err("Couldn't parse port into a u16"))?; - - if port > 1024 { - return Ok(port); - } else { - return Err("Low ports not allowed"); - } - } - ``` - -2. `unsafe` - - If you use `unsafe`, you MUST describe a contract in your - documentation which describes how and when the unsafe code may - fail, and what expectations are made w.r.t. the interfaces to - unsafe code. This is also REQUIRED for major pieces of FFI between - C and Rust. - - When creating an FFI in Rust for C code to call, it is NOT REQUIRED - to declare the entire function `unsafe`. For example, rather than doing: - - ```rust - #[no_mangle] - pub unsafe extern "C" fn increment_and_combine_numbers(mut numbers: [u8; 4]) -> u32 { - for number in &mut numbers { - *number += 1; - } - std::mem::transmute::<[u8; 4], u32>(numbers) - } - ``` - - You SHOULD instead do: - - ```rust - #[no_mangle] - pub extern "C" fn increment_and_combine_numbers(mut numbers: [u8; 4]) -> u32 { - for index in 0..numbers.len() { - numbers[index] += 1; - } - unsafe { - std::mem::transmute::<[u8; 4], u32>(numbers) - } - } - ``` - -3. Pass only C-compatible primitive types and bytes over the boundary - - Rust's C-compatible primitive types are integers and floats. - These types are declared in the [libc crate](https://doc.rust-lang.org/libc/x86_64-unknown-linux-gnu/libc/index.html#types). - Most Rust objects have different [representations](https://doc.rust-lang.org/libc/x86_64-unknown-linux-gnu/libc/index.html#types) - in C and Rust, so they can't be passed using FFI. - - Tor currently uses the following Rust primitive types from libc for FFI: - * defined-size integers: `uint32_t` - * native-sized integers: `c_int` - * native-sized floats: `c_double` - * native-sized raw pointers: `* c_void`, `* c_char`, `** c_char` - - TODO: C smartlist to Stringlist conversion using FFI - - The only non-primitive type which may cross the FFI boundary is - bytes, e.g. `&[u8]`. This SHOULD be done on the Rust side by - passing a pointer (`*mut libc::c_char`). The length can be passed - explicitly (`libc::size_t`), or the string can be NUL-byte terminated - C string. - - One might be tempted to do this via doing - `CString::new("blah").unwrap().into_raw()`. This has several problems: - - a) If you do `CString::new("bl\x00ah")` then the unwrap() will fail - due to the additional NULL terminator, causing a dangling - pointer to be returned (as well as a potential use-after-free). - - b) Returning the raw pointer will cause the CString to run its deallocator, - which causes any C code which tries to access the contents to dereference a - NULL pointer. - - c) If we were to do `as_raw()` this would result in a potential double-free - since the Rust deallocator would run and possibly Tor's deallocator. - - d) Calling `into_raw()` without later using the same pointer in Rust to call - `from_raw()` and then deallocate in Rust can result in a - [memory leak](https://doc.rust-lang.org/std/ffi/struct.CString.html#method.into_raw). - - [It was determined](https://github.com/rust-lang/rust/pull/41074) that this - is safe to do if you use the same allocator in C and Rust and also specify - the memory alignment for CString (except that there is no way to specify - the alignment for CString). It is believed that the alignment is always 1, - which would mean it's safe to dealloc the resulting `*mut c_char` in Tor's - C code. However, the Rust developers are not willing to guarantee the - stability of, or a contract for, this behaviour, citing concerns that this - is potentially extremely and subtly unsafe. - -4. Perform an allocation on the other side of the boundary - - After crossing the boundary, the other side MUST perform an - allocation to copy the data and is therefore responsible for - freeing that memory later. - -5. No touching other language's enums - - Rust enums should never be touched from C (nor can they be safely - `#[repr(C)]`) nor vice versa: - - > "The chosen size is the default enum size for the target platform's C - > ABI. Note that enum representation in C is implementation defined, so this is - > really a "best guess". In particular, this may be incorrect when the C code - > of interest is compiled with certain flags." - - (from https://gankro.github.io/nomicon/other-reprs.html) - -6. Type safety - - Wherever possible and sensical, you SHOULD create new types in a - manner which prevents type confusion or misuse. For example, - rather than using an untyped mapping between strings and integers - like so: - - ```rust - use std::collections::HashMap; - - pub fn get_elements_with_over_9000_points(map: &HashMap<String, usize>) -> Vec<String> { - ... - } - ``` - - It would be safer to define a new type, such that some other usage - of `HashMap<String, usize>` cannot be confused for this type: - - ```rust - pub struct DragonBallZPowers(pub HashMap<String, usize>); - - impl DragonBallZPowers { - pub fn over_nine_thousand<'a>(&'a self) -> Vec<&'a String> { - let mut powerful_enough: Vec<&'a String> = Vec::with_capacity(5); - - for (character, power) in &self.0 { - if *power > 9000 { - powerful_enough.push(character); - } - } - powerful_enough - } - } - ``` - - Note the following code, which uses Rust's type aliasing, is valid - but it does NOT meet the desired type safety goals: - - ```rust - pub type Power = usize; - - pub fn over_nine_thousand(power: &Power) -> bool { - if *power > 9000 { - return true; - } - false - } - - // We can still do the following: - let his_power: usize = 9001; - over_nine_thousand(&his_power); - ``` - -7. Unsafe mucking around with lifetimes - - Because lifetimes are technically, in type theory terms, a kind, i.e. a - family of types, individual lifetimes can be treated as types. For example, - one can arbitrarily extend and shorten lifetime using `std::mem::transmute`: - - ```rust - struct R<'a>(&'a i32); - - unsafe fn extend_lifetime<'b>(r: R<'b>) -> R<'static> { - std::mem::transmute::<R<'b>, R<'static>>(r) - } - - unsafe fn shorten_invariant_lifetime<'b, 'c>(r: &'b mut R<'static>) -> &'b mut R<'c> { - std::mem::transmute::<&'b mut R<'static>, &'b mut R<'c>>(r) - } - ``` - - Calling `extend_lifetime()` would cause an `R` passed into it to live forever - for the life of the program (the `'static` lifetime). Similarly, - `shorten_invariant_lifetime()` could be used to take something meant to live - forever, and cause it to disappear! This is incredibly unsafe. If you're - going to be mucking around with lifetimes like this, first, you better have - an extremely good reason, and second, you may as be honest and explicit about - it, and for ferris' sake just use a raw pointer. - - In short, just because lifetimes can be treated like types doesn't mean you - should do it. - -8. Doing excessively unsafe things when there's a safer alternative - - Similarly to #7, often there are excessively unsafe ways to do a task and a - simpler, safer way. You MUST choose the safer option where possible. - - For example, `std::mem::transmute` can be abused in ways where casting with - `as` would be both simpler and safer: - - ```rust - // Don't do this - let ptr = &0; - let ptr_num_transmute = unsafe { std::mem::transmute::<&i32, usize>(ptr)}; - - // Use an `as` cast instead - let ptr_num_cast = ptr as *const i32 as usize; - ``` - - In fact, using `std::mem::transmute` for *any* reason is a code smell and as - such SHOULD be avoided. - -9. Casting integers with `as` - - This is generally fine to do, but it has some behaviours which you should be - aware of. Casting down chops off the high bits, e.g.: - - ```rust - let x: u32 = 4294967295; - println!("{}", x as u16); // prints 65535 - ``` - - Some cases which you MUST NOT do include: - - * Casting an `u128` down to an `f32` or vice versa (e.g. - `u128::MAX as f32` but this isn't only a problem with overflowing - as it is also undefined behaviour for `42.0f32 as u128`), - - * Casting between integers and floats when the thing being cast - cannot fit into the type it is being casted into, e.g.: - - ```rust - println!("{}", 42949.0f32 as u8); // prints 197 in debug mode and 0 in release - println!("{}", 1.04E+17 as u8); // prints 0 in both modes - println!("{}", (0.0/0.0) as i64); // prints whatever the heck LLVM wants - ``` - - Because this behaviour is undefined, it can even produce segfaults in - safe Rust code. For example, the following program built in release - mode segfaults: - - ```rust - #[inline(never)] - pub fn trigger_ub(sl: &[u8; 666]) -> &[u8] { - // Note that the float is out of the range of `usize`, invoking UB when casting. - let idx = 1e99999f64 as usize; - &sl[idx..] // The bound check is elided due to `idx` being of an undefined value. - } - - fn main() { - println!("{}", trigger_ub(&[1; 666])[999999]); // ~ out of bound - } - ``` - - And in debug mode panics with: - - thread 'main' panicked at 'slice index starts at 140721821254240 but ends at 666', /checkout/src/libcore/slice/mod.rs:754:4 diff --git a/doc/HACKING/GettingStarted.md b/doc/HACKING/GettingStarted.md index 6d61be9881..271e2d7517 100644 --- a/doc/HACKING/GettingStarted.md +++ b/doc/HACKING/GettingStarted.md @@ -41,7 +41,7 @@ Once you've reached this point, here's what you need to know. $ git clone https://git.torproject.org/git/tor ``` - This will give you a checkout of the master branch. If you're + This will give you a checkout of the main branch. If you're going to fix a bug that appears in a stable version, check out the appropriate "maint" branch, as in: diff --git a/doc/HACKING/GettingStartedRust.md b/doc/HACKING/GettingStartedRust.md deleted file mode 100644 index beef825226..0000000000 --- a/doc/HACKING/GettingStartedRust.md +++ /dev/null @@ -1,187 +0,0 @@ -# Hacking on Rust in Tor - -## Getting Started - -Please read or review our documentation on Rust coding standards -(`doc/HACKING/CodingStandardsRust.md`) before doing anything. - -Please also read -[the Rust Code of Conduct](https://www.rust-lang.org/en-US/conduct.html). We -aim to follow the good example set by the Rust community and be -excellent to one another. Let's be careful with each other, so we can -be memory-safe together! - -Next, please contact us before rewriting anything! Rust in Tor is still -an experiment. It is an experiment that we very much want to see -succeed, so we're going slowly and carefully. For the moment, it's also -a completely volunteer-driven effort: while many, if not most, of us are -paid to work on Tor, we are not yet funded to write Rust code for Tor. -Please be patient with the other people who are working on getting more -Rust code into Tor, because they are graciously donating their free time -to contribute to this effort. - -## Resources for learning Rust - -**Beginning resources** - -The primary resource for learning Rust is -[The Book](https://doc.rust-lang.org/book/). If you'd like to start writing -Rust immediately, without waiting for anything to install, there is -[an interactive browser-based playground](https://play.rust-lang.org/). - -**Advanced resources** - -If you're interested in playing with various Rust compilers and viewing -a very nicely displayed output of the generated assembly, there is -[the Godbolt compiler explorer](https://rust.godbolt.org/) - -For learning how to write unsafe Rust, read -[The Rustonomicon](https://doc.rust-lang.org/nomicon/). - -For learning everything you ever wanted to know about Rust macros, there -is -[The Little Book of Rust Macros](https://danielkeep.github.io/tlborm/book/index.html). - -For learning more about FFI and Rust, see Jake Goulding's -[Rust FFI Omnibus](https://jakegoulding.com/rust-ffi-omnibus/). - -## Compiling Tor with Rust enabled - -You will need to run the `configure` script with the `--enable-rust` -flag to explicitly build with Rust. Additionally, you will need to -specify where to fetch Rust dependencies, as we allow for either -fetching dependencies from Cargo or specifying a local directory. - -**Fetch dependencies from Cargo** - -```console -$ ./configure --enable-rust --enable-cargo-online-mode -``` - -**Using a local dependency cache** - -You'll need the following Rust dependencies (as of this writing): - - libc==0.2.39 - -We vendor our Rust dependencies in a separate repo using -[cargo-vendor](https://github.com/alexcrichton/cargo-vendor). To use -them, do: - -```console -$ git submodule init -$ git submodule update -``` - -To specify the local directory containing the dependencies, (assuming -you are in the top level of the repository) configure tor with: - -```console -$ TOR_RUST_DEPENDENCIES='path_to_dependencies_directory' ./configure --enable-rust -``` - -(Note that `TOR_RUST_DEPENDENCIES` must be the full path to the directory; it -cannot be relative.) - -Assuming you used the above `git submodule` commands and you're in the -topmost directory of the repository, this would be: - -```console -$ TOR_RUST_DEPENDENCIES=`pwd`/src/ext/rust/crates ./configure --enable-rust -``` - -## Identifying which modules to rewrite - -The places in the Tor codebase that are good candidates for porting to -Rust are: - -1. loosely coupled to other Tor submodules, -2. have high test coverage, and -3. would benefit from being implemented in a memory safe language. - -Help in either identifying places such as this, or working to improve -existing areas of the C codebase by adding regression tests and -simplifying dependencies, would be really helpful. - -Furthermore, as submodules in C are implemented in Rust, this is a good -opportunity to refactor, add more tests, and split modules into smaller -areas of responsibility. - -A good first step is to build a module-level callgraph to understand how -interconnected your target module is. - -```console -$ git clone https://git.torproject.org/user/nickm/calltool.git -$ cd tor -$ CFLAGS=0 ./configure -$ ../calltool/src/main.py module_callgraph -``` - -The output will tell you each module name, along with a set of every module that -the module calls. Modules which call fewer other modules are better targets. - -## Writing your Rust module - -Strive to change the C API as little as possible. - -We are currently targeting Rust stable. (See `CodingStandardsRust.md` for more -details.) - -It is on our TODO list to try to cultivate good -standing with various distro maintainers of `rustc` and `cargo`, in -order to ensure that whatever version we solidify on is readily -available. - -If parts of your Rust code needs to stay in sync with C code (such as -handling enums across the FFI boundary), annonotate these places in a -comment structured as follows: - - `/// C_RUST_COUPLED: <path_to_file> <name_of_c_object>` - -Where `<name_of_c_object>` can be an enum, struct, constant, etc. Then, -do the same in the C code, to note that rust will need to be changed -when the C does. - -## Adding your Rust module to Tor's build system - -0. Your translation of the C module should live in its own crate(s) - in the `src/rust/` directory. -1. Add your crate to `src/rust/Cargo.toml`, in the - `[workspace.members]` section. -2. Add your crate's files to src/rust/include.am - -If your crate should be available to C (rather than just being included as a -dependency of other Rust modules): -0. Declare the crate as a dependency of tor_rust in - `src/rust/tor_util/Cargo.toml` and include it in - `src/rust/tor_rust/lib.rs` - -## How to test your Rust code - -Everything should be tested full stop. Even non-public functionality. - -Be sure to edit `src/test/test_rust.sh` to add the name of your -crate to the `crates` variable! This will ensure that `cargo test` is -run on your crate. - -Configure Tor's build system to build with Rust enabled: - -```console -$ ./configure --enable-fatal-warnings --enable-rust --enable-cargo-online-mode -``` - -Tor's test should be run by doing: - -```console -$ make check -``` - -Tor's integration tests should also pass: - -```console -$ make test-stem -``` - -## Submitting a patch - -Please follow the instructions in `doc/HACKING/GettingStarted.md`. diff --git a/doc/HACKING/HelpfulTools.md b/doc/HACKING/HelpfulTools.md index 0ce59576f0..7849fc67c7 100644 --- a/doc/HACKING/HelpfulTools.md +++ b/doc/HACKING/HelpfulTools.md @@ -33,8 +33,8 @@ OFTC. If they don't, ask #tor-dev (also on OFTC). It's CI/builders. Looks like this: https://jenkins.torproject.org Runs automatically on commits merged to git.torproject.org. We CI the -master branch and all supported tor versions. We also build nightly debian -packages from master. +main branch and all supported tor versions. We also build nightly debian +packages from main. Builds Linux and Windows cross-compilation. Runs Linux tests. diff --git a/doc/HACKING/Maintaining.md b/doc/HACKING/Maintaining.md index 4d5a7f6b76..267f6d0b58 100644 --- a/doc/HACKING/Maintaining.md +++ b/doc/HACKING/Maintaining.md @@ -7,7 +7,7 @@ The first section describes who is the current Tor maintainer and what are the responsibilities. Tor has one main single maintainer but does have many committers and subsystem maintainers. -The second third section describes how the **alpha and master** branches are +The second third section describes how the **alpha and main** branches are maintained and by whom. Finally, the last section describes how the **stable** branches are maintained @@ -25,7 +25,7 @@ protocol design. Releasing Tor falls under their responsibility. ## Alpha and Master Branches -The Tor repository always has at all times a **master** branch which contains +The Tor repository always has at all times a **main** branch which contains the upstream ongoing development. It may also contain a branch for a released feature freezed version which is @@ -37,7 +37,7 @@ Tor is separated into subsystems and some of those are maintained by other developers than the main maintainer. Those people have commit access to the code base but only commit (in most cases) into the subsystem they maintain. -Upstream merges are restricted to the alpha and master branches. Subsystem +Upstream merges are restricted to the alpha and main branches. Subsystem maintainers should never push a patch into a stable branch which is the responsibility of the [stable branch maintainer](#stable-branches). @@ -69,7 +69,7 @@ maintain the following subsystems: These are the tasks of a subsystem maintainer: 1. Regularly go over `merge_ready` tickets relevant to the related subsystem - and for the current alpha or development (master branch) Milestone. + and for the current alpha or development (main branch) Milestone. 2. A subsystem maintainer is expected to contribute to any design changes (including proposals) or large patch set about the subsystem. @@ -102,7 +102,7 @@ These are few important items to follow when merging code upstream: 4. Tor uses the "merge forward" method, that is, if a patch applies to the alpha branch, it has to be merged there first and then merged forward - into master. + into main. 5. Maintainer should always consult with the network team about any doubts, mis-understandings or unknowns of a patch. Final word will always go to the diff --git a/doc/HACKING/README.1st.md b/doc/HACKING/README.1st.md index 4bc3298c67..1c0decf9ce 100644 --- a/doc/HACKING/README.1st.md +++ b/doc/HACKING/README.1st.md @@ -5,12 +5,11 @@ This directory has helpful information about what you need to know to hack on Tor! -First, read `GettingStarted.md` and `GettingStartedRust.md` -to learn how to get a start in Tor development. +First, read `GettingStarted.md` to learn how to get a start in Tor +development. -If you've decided to write a patch, `CodingStandards.md` and -`CodingStandardsRust.md` will give you a bunch of information -about how we structure our code. +If you've decided to write a patch, `CodingStandards.md` will give you a bunch +of information about how we structure our code. It's important to get the code right! Reading `WritingTests.md` will tell you how to write and run tests in the Tor codebase. @@ -36,6 +35,13 @@ For the latest version of the code, get a copy of git, and $ git clone https://git.torproject.org/git/tor ``` +For a copy of Tor's original design paper, see +[here](https://spec.torproject.org/tor-design). Note that Tor has changed in +many ways since 2004. + +For a large collection of security papers, many of which are related to Tor, +see [Anonbib's Selected Papers in Anonymity](https://www.freehaven.net/anonbib/). + ## Stay in touch We talk about Tor on the `tor-talk` mailing list. Design proposals and diff --git a/doc/HACKING/ReleaseSeriesLifecycle.md b/doc/HACKING/ReleaseSeriesLifecycle.md index 8536fbbd08..e47ac90fa5 100644 --- a/doc/HACKING/ReleaseSeriesLifecycle.md +++ b/doc/HACKING/ReleaseSeriesLifecycle.md @@ -87,17 +87,17 @@ they do not apply to security-related patch release versions. (Ideally, do this immediately after a release.) -1. Start a new maint-x.y.z branch based on master, and a new - release-x.y.z branch based on master. They should have the same +1. Start a new maint-x.y.z branch based on main, and a new + release-x.y.z branch based on main. They should have the same starting point. - Push both of these branches to the master git repository. + Push both of these branches to the canonical git repository. -2. In master, change the version to "0.x.y.0-alpha-dev". Run the +2. In the main branch, change the version to "0.x.y.0-alpha-dev". Run the update_versions.py script, and commit this version bump. 3. Tag the version bump with "tor-0.x.y.0-alpha-dev". Push the tag - and master. + and main branch. 4. Open tickets for connecting the new branches to various other places. See section 2 above for a list of affected locations. @@ -107,7 +107,7 @@ they do not apply to security-related patch release versions. target in the maint-x.y.z branch only. * Delete the file scripts/maint/practracker/.enable_practracker_in_hooks in the maint-x.y.z branch only. - * Merge to release-x.y.z, but do not forward-port to master. + * Merge to release-x.y.z, but do not forward-port to the main branch. 6. Finally, make sure this document is up to date with our latest process. diff --git a/doc/HACKING/ReleasingTor.md b/doc/HACKING/ReleasingTor.md index 24b66a069a..a32bb10dad 100644 --- a/doc/HACKING/ReleasingTor.md +++ b/doc/HACKING/ReleasingTor.md @@ -1,233 +1,161 @@ -# Putting out a new release +# How to Release Tor Here are the steps that the maintainer should take when putting out a -new Tor release: +new Tor release. It is split in 3 stages and coupled with our Tor CI Release +pipeline. -## 0. Preliminaries +Before we begin, first rule is to make sure: -1. Get at least two of weasel/arma/Sebastian to put the new - version number in their approved versions list. Give them a few - days to do this if you can. + - Our CIs (*nix and Windows) pass for each version to release + - Coverity has no new alerts -2. If this is going to be an important security release, give these packagers - some advance warning: +## 0. Security Release - - {weasel,sysrqb,mikeperry} at torproject dot org - - {blueness} at gentoo dot org - - {paul} at invizbox dot io - - {vincent} at invizbox dot com - - {lfleischer} at archlinux dot org - - {Nathan} at freitas dot net - - {mike} at tig dot as - - {tails-rm} at boum dot org - - {simon} at sdeziel.info - - {yuri} at freebsd.org - - {mh+tor} at scrit.ch - -3. Given the release date for Tor, ask the TB team about the likely release - date of a TB that contains it. See note below in "commit, upload, - announce". - -## I. Make sure it works - -1. Make sure that CI passes: have a look at Travis - (https://travis-ci.org/torproject/tor/branches), Appveyor - (https://ci.appveyor.com/project/torproject/tor/history), and - Jenkins (https://jenkins.torproject.org/view/tor/). - Make sure you're looking at the right branches. - - If there are any unexplained failures, try to fix them or figure them - out. - -2. Verify that there are no big outstanding issues. You might find such - issues -- - - * On Trac - - * On coverity scan +To start with, if you are doing a security release, this must be done few days +prior to the release: - * On OSS-Fuzz + 1. If this is going to be an important security release, give the packagers + advance warning, via `tor-packagers@lists.torproject.org`. -## II. Write a changelog -1a. (Alpha release variant) +## 1. Preliminaries - Gather the `changes/*` files into a changelog entry, rewriting many - of them and reordering to focus on what users and funders would find - interesting and understandable. +The following must be done **2 days** at the very least prior to the release: - To do this, run `./scripts/maint/sortChanges.py changes/* > changelog.in` - to combine headings and sort the entries. Copy the changelog.in file into - the ChangeLog. Run `format_changelog.py --inplace` (see below) to clean up - the line breaks. + 1. Add the version(s) in the dirauth-conf git repository as the + RecommendedVersion and RequiredVersion so they can be approved by the + authorities and be in the consensus before the release. - Remove the `changes/*` files that you just merged into the ChangeLog. + 2. Send a pre-release announcement to `tor-project@lists.torproject.org` in + order to inform every teams in Tor of the upcoming release. This is so + we can avoid creating release surprises and sync with other teams. - After that, it's time to hand-edit and fix the issues that - lintChanges can't find: + 3. Ask the network-team to review the `changes/` files in all versions we + are about to release. This step is encouraged but not mandatory. - 1. Within each section, sort by "version it's a bugfix on", else by - numerical ticket order. - 2. Clean them up: +## 2. Tarballs - Make stuff very terse +To build the tarballs to release, we need to launch the CI release pipeline: - Describe the user-visible problem right away + https://gitlab.torproject.org/tpo/core/tor-ci-release - Mention relevant config options by name. If they're rare or unusual, - remind people what they're for +The `versions.yml` needs to be modified with the Tor versions you want to +release. Once done, git commit and push to trigger the release pipeline. - Avoid starting lines with open-paren +The first two stages (Preliminary and Patches) will be run automatically. The +Build stage needs to be triggered manually once all generated patches have +been merged upstream. - Present and imperative tense: not past. + 1. Download the generated patches from the `Patches` stage. - "Relays", not "servers" or "nodes" or "Tor relays". + Apply these patches to the `main` or `release` branch as appropriate. + (Version bumps apply to `maint`; anything touching the changelog should + apply only to `main` or `release`.) - "Onion services", not "hidden services". + 2. For the ChangeLog and ReleaseNotes, you need to write a blurb at the top + explaining a bit the release. - "Stop FOOing", not "Fix a bug where we would FOO". + 3. Review, modify if needed, and merge them upstream. - Try not to let any given section be longer than about a page. Break up - long sections into subsections by some sort of common subtopic. This - guideline is especially important when organizing Release Notes for - new stable releases. + 4. Manually trigger the `maintained` job in the `Build` stage so the CI can + build the tarballs without errors. - If a given changes stanza showed up in a different release (e.g. - maint-0.2.1), be sure to make the stanzas identical (so people can - distinguish if these are the same change). +Once this is done, each selected developers need to build the tarballs in a +reproducible way using: - 3. Clean everything one last time. + https://gitlab.torproject.org/tpo/core/tor-ci-reproducible - 4. Run `./scripts/maint/format_changelog.py --inplace` to make it prettier +Steps are: -1b. (old-stable release variant) + 1. Run `./build.sh` which will download everything you need, including the + latest tarballs from the release CI, and auto-commit the signatures if + the checksum match. You will need to confim the commits. - For stable releases that backport things from later, we try to compose - their releases, we try to make sure that we keep the changelog entries - identical to their original versions, with a "backport from 0.x.y.z" - note added to each section. So in this case, once you have the items - from the changes files copied together, don't use them to build a new - changelog: instead, look up the corrected versions that were merged - into ChangeLog in the master branch, and use those. + 2. If all is good, `git push origin main` your signatures. - Add "backport from X.Y.Z" in the section header for these entries. +Once all signatures from all selected developers have been committed: -2. Compose a short release blurb to highlight the user-facing - changes. Insert said release blurb into the ChangeLog stanza. If it's - a stable release, add it to the ReleaseNotes file too. If we're adding - to a release-* branch, manually commit the changelogs to the later - git branches too. + 1. Manually trigger the `signature` job in the `Post-process` stage of the + CI release pipeline. -3. If there are changes that require or suggest operator intervention - before or during the update, mail operators (either dirauth or relays - list) with a headline that indicates that an action is required or - appreciated. + 2. If it passes, the tarball(s) and signature(s) will be available as + artifacts and should be used for the release. -4. If you're doing the first stable release in a series, you need to - create a ReleaseNotes for the series as a whole. To get started - there, copy all of the Changelog entries from the series into a new - file, and run `./scripts/maint/sortChanges.py` on it. That will - group them by category. Then kill every bugfix entry for fixing - bugs that were introduced within that release series; those aren't - relevant changes since the last series. At that point, it's time - to start sorting and condensing entries. (Generally, we don't edit the - text of existing entries, though.) + 3. Put them on `dist.torproject.org`: -## III. Making the source release. + Upload the tarball and its sig to the dist website: -1. In `maint-0.?.x`, bump the version number in `configure.ac` and run - `make update-versions` to update version numbers in other - places, and commit. Then merge `maint-0.?.x` into `release-0.?.x`. + `rsync -avP tor-*.gz{,.asc} dist-master.torproject.org:/srv/dist-master.torproject.org/htdocs/` - When you merge the maint branch forward to the next maint branch, or into - master, merge it with "-s ours" to avoid conflict with the version - bump. + Then, on dist-master.torproject.org, run: -2. Make distcheck, put the tarball up in somewhere (how about your - homedir on people.torproject.org?) , and tell `#tor-dev` - about it. + `static-update-component dist.torproject.org` - If you want, wait until at least one person has built it - successfully. (We used to say "wait for others to test it", but our - CI has successfully caught these kinds of errors for the last several - years.) + For an alpha or latest stable, open an MR in + https://gitlab.torproject.org/tpo/web/tpo that updates the + `databags/versions.ini` to note the new version. -3. Make sure that the new version is recommended in the latest consensus. - (Otherwise, users will get confused when it complains to them - about its status.) + (NOTE: Due to #17805, there can only be one stable version listed at once. + Nonetheless, do not call your version "alpha" if it is stable, or people + will get confused.) - If it is not, you'll need to poke Roger, Weasel, and Sebastian again: see - item 0.1 at the start of this document. + (NOTE: It will take a while for the website update scripts to update the + website.) -## IV. Commit, upload, announce -1. Sign the tarball, then sign and push the git tag: +## 3. Post Process -```console -$ gpg -ba <the_tarball> -$ git tag -s tor-0.4.x.y-<status> -$ git push origin tag tor-0.4.x.y-<status> -``` +Once the tarballs have been uploaded and are ready to be announced, we need to +do the following: - (You must do this before you update the website: the website scripts - rely on finding the version by tag.) + 1. Tag versions (`main` branch or `release` branch as appropriate) using + `git tag -s tor-0.x.y.z-<status>` and then push the tag(s): + `git push origin tor-0.x.y.z-<status>` - (If your default PGP key is not the one you want to sign with, then say - "-u <keyid>" instead of "-s".) + (This should be the `main` or `release` branch because that is the one + from which the tarballs are built. We want our tags to match our + tarballs.) -2. scp the tarball and its sig to the dist website, i.e. - `/srv/dist-master.torproject.org/htdocs/` on dist-master. Run - "static-update-component dist.torproject.org" on dist-master. + 2. Merge upstream the artifacts from the `patches` job in the + `Post-process` stage of the CI release pipeline. - In the project/web/tpo.git repository, update `databags/versions.ini` - to note the new version. Push these changes to master. + 3. Write and post the release announcement for the `forum.torproject.net` + in the `News -> Tor Release Announcement` category. - (NOTE: Due to #17805, there can only be one stable version listed at - once. Nonetheless, do not call your version "alpha" if it is stable, - or people will get confused.) + If possible, mention in which Tor Browser version (with dates) the + release will be in. This usually only applies to the latest stable. - (NOTE: It will take a while for the website update scripts to update - the website.) + 4. Inform `tor-talk@lists.torproject.org` with the releasing pointing to + the Forum. Append the ChangeLog there. We do this until we can automate + such post from the forum directly. -3. Email the tor-packagers@lists.torproject.org mailing list to tell them - about the new release. +### New Stable - Also, email tor-packagers@lists.torproject.org. + 1. Create the `maint-x.y.z` and `release-x.y.z` branches and update the + `./scripts/git/git-list-tor-branches.sh` with the new version. - Mention where to download the tarball (https://dist.torproject.org). + 2. Add the new version in `./scripts/ci/ci-driver.sh`. - Include a link to the changelog. + 3. Forward port the ChangeLog and ReleaseNotes into main branch. Remove any + change logs of stable releases in ReleaseNotes. -4. Wait for the download page to be updated. (If you don't do this before you - announce, people will be confused.) -5. Mail the release blurb and ChangeLog to tor-talk (development release) or - tor-announce (stable). +## Appendix: An alternative means to notify packagers - Post the changelog on the blog as well. You can generate a - blog-formatted version of the changelog with - `./scripts/maint/format_changelog.py -B` +If for some reason you need to contact a bunch of packagers without +using the publicly archived tor-packagers list, you can try these +people: - When you post, include an estimate of when the next TorBrowser - releases will come out that include this Tor release. This will - usually track https://wiki.mozilla.org/RapidRelease/Calendar , but it - can vary. - - For templates to use when announcing, see: - https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/AnnouncementTemplates - -## V. Aftermath and cleanup - -1. If it's a stable release, bump the version number in the - `maint-x.y.z` branch to "newversion-dev", and do a `merge -s ours` - merge to avoid taking that change into master. - -2. If there is a new `maint-x.y.z` branch, create a Travis CI cron job that - builds the release every week. (It's ok to skip the weekly build if the - branch was updated in the last 24 hours.) - -3. Forward-port the ChangeLog (and ReleaseNotes if appropriate) to the - master branch. - -4. Keep an eye on the blog post, to moderate comments and answer questions. + - {weasel,sysrqb,mikeperry} at torproject dot org + - {blueness} at gentoo dot org + - {paul} at invizbox dot io + - {vincent} at invizbox dot com + - {lfleischer} at archlinux dot org + - {Nathan} at freitas dot net + - {mike} at tig dot as + - {tails-rm} at boum dot org + - {simon} at sdeziel.info + - {yuri} at freebsd.org + - {mh+tor} at scrit.ch + - {security} at brave.com diff --git a/doc/HACKING/ReleasingTor.md.old b/doc/HACKING/ReleasingTor.md.old new file mode 100644 index 0000000000..490c100fcb --- /dev/null +++ b/doc/HACKING/ReleasingTor.md.old @@ -0,0 +1,255 @@ +# CHECKLIST + +Here's a summary checklist, with the things that Nick messes up most often. + +Did you: + + * [ ] Copy the ChangeLog to the ReleaseNotes? + * [ ] Check that the new versions got approved? + * [ ] Check the release date in the ChangeLog? + * [ ] Update the GeoIP file? + +# Putting out a new release + +Here are the steps that the maintainer should take when putting out a +new Tor release: + +## 0. Preliminaries + +1. Get at least three of weasel/arma/Sebastian/Sina to put the new + version number in their approved versions list. Give them a few + days to do this if you can. + +2. If this is going to be an important security release, give the packagers + advance warning, via `tor-packagers@lists.torproject.org`. + + +3. Given the release date for Tor, ask the TB team about the likely release + date of a TB that contains it. See note below in "commit, upload, + announce". + +## I. Make sure it works + +1. Make sure that CI passes: have a look at the branches on gitlab. + + _Optionally_, have a look at Travis + (https://travis-ci.org/torproject/tor/branches), Appveyor + (https://ci.appveyor.com/project/torproject/tor/history), and + Jenkins (https://jenkins.torproject.org/view/tor/). + Make sure you're looking at the right branches. + + If there are any unexplained failures, try to fix them or figure them + out. + +2. Verify that there are no big outstanding issues. You might find such + issues -- + + * On Gitlab + + * On coverity scan + + * On OSS-Fuzz + +## II. Write a changelog + + +1a. (Alpha release variant) + + Gather the `changes/*` files into a changelog entry, rewriting many + of them and reordering to focus on what users and funders would find + interesting and understandable. + + To do this, run `./scripts/maint/sortChanges.py changes/* > changelog.in` + to combine headings and sort the entries. Copy the changelog.in file into + the ChangeLog. Run `format_changelog.py --inplace` (see below) to clean up + the line breaks. + + Remove the `changes/*` files that you just merged into the ChangeLog. + + After that, it's time to hand-edit and fix the issues that + lintChanges can't find: + + 1. Within each section, sort by "version it's a bugfix on", else by + numerical ticket order. + + 2. Clean them up: + + Make stuff very terse + + Describe the user-visible problem right away + + Mention relevant config options by name. If they're rare or unusual, + remind people what they're for + + Avoid starting lines with open-paren + + Present and imperative tense: not past. + + "Relays", not "servers" or "nodes" or "Tor relays". + + "Onion services", not "hidden services". + + "Stop FOOing", not "Fix a bug where we would FOO". + + Try not to let any given section be longer than about a page. Break up + long sections into subsections by some sort of common subtopic. This + guideline is especially important when organizing Release Notes for + new stable releases. + + If a given changes stanza showed up in a different release (e.g. + maint-0.2.1), be sure to make the stanzas identical (so people can + distinguish if these are the same change). + + 3. Clean everything one last time. + + 4. Run `./scripts/maint/format_changelog.py --inplace` to make it prettier + +1b. (old-stable release variant) + + For stable releases that backport things from later, we try to compose + their releases, we try to make sure that we keep the changelog entries + identical to their original versions, with a "backport from 0.x.y.z" + note added to each section. So in this case, once you have the items + from the changes files copied together, don't use them to build a new + changelog: instead, look up the corrected versions that were merged + into ChangeLog in the main branch, and use those. + + Add "backport from X.Y.Z" in the section header for these entries. + +2. Compose a short release blurb to highlight the user-facing + changes. Insert said release blurb into the ChangeLog stanza. If it's + a stable release, add it to the ReleaseNotes file too. If we're adding + to a release-* branch, manually commit the changelogs to the later + git branches too. + +3. If there are changes that require or suggest operator intervention + before or during the update, mail operators (either dirauth or relays + list) with a headline that indicates that an action is required or + appreciated. + +4. If you're doing the first stable release in a series, you need to + create a ReleaseNotes for the series as a whole. To get started + there, copy all of the Changelog entries from the series into a new + file, and run `./scripts/maint/sortChanges.py` on it. That will + group them by category. Then kill every bugfix entry for fixing + bugs that were introduced within that release series; those aren't + relevant changes since the last series. At that point, it's time + to start sorting and condensing entries. (Generally, we don't edit the + text of existing entries, though.) + +## III. Making the source release. + +1. In `maint-0.?.x`, bump the version number in `configure.ac` and run + `./scripts/main/update_versions.py` to update version numbers in other + places, and commit. Then merge `maint-0.?.x` into `release-0.?.x`. + + When you merge the maint branch forward to the next maint branch, or into + main, merge it with `-s ours` to avoid conflict with the version + bump. + +2. In `release-0.?.x`, run `make distcheck`, put the tarball up in somewhere + (how about your homedir on people.torproject.org?) , and tell `#tor-dev` + about it. + + If you want, wait until at least one person has built it + successfully. (We used to say "wait for others to test it", but our + CI has successfully caught these kinds of errors for the last several + years.) + +3. Make sure that the new version is recommended in the latest consensus. + (Otherwise, users will get confused when it complains to them + about its status.) + + If it is not, you'll need to poke Roger, Weasel, Sebastian, and Sina + again: see the note at the start of the document. + +## IV. Commit, upload, announce + +1. Sign the tarball, then sign and push the git tag: + +```console +$ gpg -ba <the_tarball> +$ git tag -s tor-0.4.x.y-<status> +$ git push origin tag tor-0.4.x.y-<status> +``` + + (You must do this before you update the website: the website scripts + rely on finding the version by tag.) + + (If your default PGP key is not the one you want to sign with, then say + "-u <keyid>" instead of "-s".) + +2. scp the tarball and its sig to the dist website, i.e. + `/srv/dist-master.torproject.org/htdocs/` on dist-master. Run + "static-update-component dist.torproject.org" on dist-master. + + In the `project/web/tpo.git` repository, update `databags/versions.ini` + to note the new version. Push these changes to `master`. + + (NOTE: Due to #17805, there can only be one stable version listed at + once. Nonetheless, do not call your version "alpha" if it is stable, + or people will get confused.) + + (NOTE: It will take a while for the website update scripts to update + the website.) + +3. Email the tor-packagers@lists.torproject.org mailing list to tell them + about the new release. + + Also, email tor-packagers@lists.torproject.org. + + Mention where to download the tarball (`https://dist.torproject.org/`). + + Include a link to the changelog. + +4. Wait for the download page to be updated. (If you don't do this before you + announce, people will be confused.) + +5. Mail the release blurb and ChangeLog to tor-talk (development release) or + tor-announce (stable). + + Post the changelog on the blog as well. You can generate a + blog-formatted version of the changelog with + `./scripts/maint/format_changelog.py -B` + + When you post, include an estimate of when the next TorBrowser + releases will come out that include this Tor release. This will + usually track https://wiki.mozilla.org/RapidRelease/Calendar , but it + can vary. + + For templates to use when announcing, see: + https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/AnnouncementTemplates + +## V. Aftermath and cleanup + +1. If it's a stable release, bump the version number in the + `maint-x.y.z` branch to "newversion-dev", and do a `merge -s ours` + merge to avoid taking that change into main. + +2. If there is a new `maint-x.y.z` branch, create a Travis CI cron job that + builds the release every week. (It's ok to skip the weekly build if the + branch was updated in the last 24 hours.) + +3. Forward-port the ChangeLog (and ReleaseNotes if appropriate) to the + main branch. + +4. Keep an eye on the blog post, to moderate comments and answer questions. + +## Appendix: An alternative means to notify packagers + +If for some reason you need to contact a bunch of packagers without +using the publicly archived tor-packagers list, you can try these +people: + + - {weasel,sysrqb,mikeperry} at torproject dot org + - {blueness} at gentoo dot org + - {paul} at invizbox dot io + - {vincent} at invizbox dot com + - {lfleischer} at archlinux dot org + - {Nathan} at freitas dot net + - {mike} at tig dot as + - {tails-rm} at boum dot org + - {simon} at sdeziel.info + - {yuri} at freebsd.org + - {mh+tor} at scrit.ch + - {security} at brave.com diff --git a/doc/asciidoc-helper.sh b/doc/asciidoc-helper.sh index 3706ca2e14..98e216e68a 100755 --- a/doc/asciidoc-helper.sh +++ b/doc/asciidoc-helper.sh @@ -9,7 +9,7 @@ set -e if [ $# != 3 ]; then - exit 1; + exit 1 fi SOURCE_DATE_EPOCH="$(git show --no-patch --format='%ct')" @@ -22,50 +22,49 @@ if [ "$1" = "html" ]; then base=${output%%.html.in} if [ "$2" != none ]; then - TZ=UTC "$2" -f "$(dirname "$0")/nofooter.conf" -d manpage -o "$output" "$input"; + TZ=UTC "$2" -f "$(dirname "$0")/nofooter.conf" -d manpage -o "$output" "$input"; else - echo "=================================="; - echo; - echo "You need asciidoc installed to be able to build the manpage."; - echo "To build without manpages, use the --disable-asciidoc argument"; - echo "when calling configure."; - echo; - echo "=================================="; - exit 1; + echo "==================================" + echo + echo "You need asciidoc installed to be able to build the manpage." + echo "To build without manpages, use the --disable-asciidoc argument" + echo "when calling configure." + echo + echo "==================================" + exit 1 fi elif [ "$1" = "man" ]; then input=${output%%.1.in}.1.txt base=${output%%.1.in} if test "$2" = none; then - echo "=================================="; - echo; - echo "You need asciidoc installed to be able to build the manpage."; - echo "To build without manpages, use the --disable-asciidoc argument"; - echo "when calling configure."; - echo; - echo "=================================="; - exit 1; + echo "==================================" + echo + echo "You need asciidoc installed to be able to build the manpage." + echo "To build without manpages, use the --disable-asciidoc argument" + echo "when calling configure." + echo + echo "==================================" + exit 1 fi if "$2" -f manpage "$input"; then - mv "$base.1" "$output"; + mv "$base.1" "$output" else - cat<<EOF + cat<<EOF ================================== You need a working asciidoc installed to be able to build the manpage. a2x is installed, but for some reason it isn't working. Sometimes this happens because required docbook support files are missing. Please install docbook-xsl, docbook-xml, and xmlto (Debian) or -similar. If you use homebrew on Mac OS X, install the docbook formula +similar. If you use homebrew on Mac OS X, install the docbook formula and add "export XML_CATALOG_FILES=/usr/local/etc/xml/catalog" to your -.bashrc +.bashrc file. Alternatively, to build without manpages, use the --disable-asciidoc argument when calling configure. ================================== EOF - exit 1; + exit 1 fi fi - diff --git a/doc/include.am b/doc/include.am index 7a8a64ed16..d10f380e7f 100644 --- a/doc/include.am +++ b/doc/include.am @@ -51,10 +51,8 @@ EXTRA_DIST+= doc/asciidoc-helper.sh \ doc/TUNING \ doc/HACKING/README.1st.md \ doc/HACKING/CodingStandards.md \ - doc/HACKING/CodingStandardsRust.md \ doc/HACKING/Fuzzing.md \ doc/HACKING/GettingStarted.md \ - doc/HACKING/GettingStartedRust.md \ doc/HACKING/HelpfulTools.md \ doc/HACKING/HowToReview.md \ doc/HACKING/Module.md \ diff --git a/doc/man/tor-gencert.1.txt b/doc/man/tor-gencert.1.txt index 9262c4a39a..b9ef94d674 100644 --- a/doc/man/tor-gencert.1.txt +++ b/doc/man/tor-gencert.1.txt @@ -6,6 +6,7 @@ :man manual: Tor Manual tor-gencert(1) ============== +Tor Project, Inc. NAME ---- diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index 7c0071500e..3672444c5d 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -67,11 +67,11 @@ The following options in this section are only recognized on the [[opt-h]] **`-h`**, **`--help`**:: Display a short help message and exit. -[[opt-f]] **`-f`** __FILE__:: +[[opt-f]] **`-f`**, **`--torrc-file`** __FILE__:: Specify a new configuration file to contain further Tor configuration options, or pass *-* to make Tor read its configuration from standard input. (Default: **`@CONFDIR@/torrc`**, or **`$HOME/.torrc`** if - that file is not found) + that file is not found.) [[opt-allow-missing-torrc]] **`--allow-missing-torrc`**:: Allow the configuration file specified by **`-f`** to be missing, @@ -91,8 +91,9 @@ The following options in this section are only recognized on the [[opt-hash-password]] **`--hash-password`** __PASSWORD__:: Generate a hashed password for control port access. -[[opt-list-fingerprint]] **`--list-fingerprint`**:: - Generate your keys and output your nickname and fingerprint. +[[opt-list-fingerprint]] **`--list-fingerprint`** [__key type__]:: + Generate your keys and output your nickname and fingerprint. Optionally, + you can specify the key type as `rsa` (default) or `ed25519`. [[opt-verify-config]] **`--verify-config`**:: Verify whether the configuration file is valid. @@ -100,7 +101,7 @@ The following options in this section are only recognized on the [[opt-dump-config]] **`--dump-config`** **`short`**|**`full`**:: Write a list of Tor's configured options to standard output. When the `short` flag is selected, only write the options that - are different from their default values + are different from their default values. When `full` is selected, write every option. [[opt-serviceinstall]] **`--service install`** [**`--options`** __command-line options__]:: @@ -965,23 +966,6 @@ forward slash (/) in the configuration file and on the command line. If KIST is used in Schedulers, this is a multiplier of the per-socket limit calculation of the KIST algorithm. (Default: 1.0) - -[[ServerTransportListenAddr]] **ServerTransportListenAddr** __transport__ __IP__:__PORT__:: - When this option is set, Tor will suggest __IP__:__PORT__ as the - listening address of any pluggable transport proxy that tries to - launch __transport__. (IPv4 addresses should written as-is; IPv6 - addresses should be wrapped in square brackets.) (Default: none) - -[[ServerTransportOptions]] **ServerTransportOptions** __transport__ __k=v__ __k=v__ ...:: - When this option is set, Tor will pass the __k=v__ parameters to - any pluggable transport proxy that tries to launch __transport__. + - (Example: ServerTransportOptions obfs45 shared-secret=bridgepasswd cache=/var/lib/tor/cache) (Default: none) - -[[ServerTransportPlugin]] **ServerTransportPlugin** __transport__ exec __path-to-binary__ [options]:: - The Tor relay launches the pluggable transport proxy in __path-to-binary__ - using __options__ as its command-line options, and expects to receive - proxied client traffic from it. (Default: none) - [[Socks4Proxy]] **Socks4Proxy** __host__[:__port__]:: Tor will make all OR connections through the SOCKS 4 proxy at host:port (or host:1080 if port is not specified). @@ -1004,20 +988,20 @@ forward slash (/) in the configuration file and on the command line. running. (Default: none) [[TCPProxy]] **TCPProxy** __protocol__ __host__:__port__:: - Tor will use the given protocol to make all its OR (SSL) connections through - a TCP proxy on host:port, rather than connecting directly to servers. You may - want to set **FascistFirewall** to restrict the set of ports you might try to - connect to, if your proxy only allows connecting to certain ports. There is no - equivalent option for directory connections, because all Tor client versions - that support this option download directory documents via OR connections. + + Tor will use the given protocol to make all its OR (SSL) connections through + a TCP proxy on host:port, rather than connecting directly to servers. You may + want to set **FascistFirewall** to restrict the set of ports you might try to + connect to, if your proxy only allows connecting to certain ports. There is no + equivalent option for directory connections, because all Tor client versions + that support this option download directory documents via OR connections. + + - The only protocol supported right now 'haproxy'. This option is only for - clients. (Default: none) + + The only protocol supported right now 'haproxy'. This option is only for + clients. (Default: none) + + - The HAProxy version 1 proxy protocol is described in detail at - https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt + + The HAProxy version 1 proxy protocol is described in detail at + https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt + + - Both source IP address and source port will be set to zero. + Both source IP address and source port will be set to zero. [[TruncateLogFile]] **TruncateLogFile** **0**|**1**:: If 1, Tor will overwrite logs at startup and in response to a HUP signal, @@ -1240,16 +1224,6 @@ The following options are useful only for clients (that is, if **FascistFirewall** is set. This option is deprecated; use ReachableAddresses instead. (Default: 80, 443) -[[HidServAuth]] **HidServAuth** __onion-address__ __auth-cookie__ [__service-name__]:: - Client authorization for a v2 hidden service. Valid onion addresses contain 16 - characters in a-z2-7 plus ".onion", and valid auth cookies contain 22 - characters in A-Za-z0-9+/. The service name is only used for internal - purposes, e.g., for Tor controllers. This option may be used multiple times - for different hidden services. If a hidden service uses authorization and - this option is not set, the hidden service is not accessible. Hidden - services can be configured to require authorization using the - **HiddenServiceAuthorizeClient** option. - [[HTTPTunnelPort]] **HTTPTunnelPort** ['address'**:**]{empty}__port__|**auto** [_isolation flags_]:: Open this port to listen for proxy connections using the "HTTP CONNECT" protocol instead of SOCKS. Set this to @@ -1775,6 +1749,13 @@ The following options are useful only for clients (that is, if the guard-n-primary-guards consensus parameter, and default to 3 if the consensus parameter isn't set. (Default: 0) +[[VanguardsLiteEnabled]] **VanguardsLiteEnabled** **0**|**1**|**auto**:: + This option specifies whether clients should use the vanguards-lite + subsystem to protect against guard discovery attacks. If it's set to + 'auto', clients will do what the vanguards-lite-enabled consensus parameter + tells them to do, and will default to enable the subsystem if the consensus + parameter isn't set. (Default: auto) + [[UseMicrodescriptors]] **UseMicrodescriptors** **0**|**1**|**auto**:: Microdescriptors are a smaller version of the information that Tor needs in order to build its circuits. Using microdescriptors makes Tor clients @@ -1888,6 +1869,12 @@ The following options control when Tor enters and leaves dormant mode: counts as client activity for the purpose of DormantClientTimeout. If false, then only network activity counts. (Default: 1) +[[DormantTimeoutEnabled]] **DormantTimeoutEnabled** **0**|**1**:: + If false, then no amount of time without activity is sufficient to + make Tor go dormant. Setting this option to zero is only recommended for + special-purpose applications that need to use the Tor binary for + something other than sending or receiving Tor traffic. (Default: 1) + == NODE SELECTION OPTIONS // These options are in alphabetical order, with exceptions as noted. @@ -2206,13 +2193,14 @@ is non-zero): (Default: "month 1 0:00") [[Address]] **Address** __address__:: - The IPv4 address of this server, or a fully qualified domain name of - this server that resolves to an IPv4 address. You can leave this - unset, and Tor will try to guess your IPv4 address. This IPv4 - address is the one used to tell clients and other servers where to - find your Tor server; it doesn't affect the address that your server - binds to. To bind to a different address, use the ORPort and - OutboundBindAddress options. + The address of this server, or a fully qualified domain name of this server + that resolves to an address. You can leave this unset, and Tor will try to + guess your address. If a domain name is provided, Tor will attempt to + resolve it and use the underlying IPv4/IPv6 address as its publish address + (taking precedence over the ORPort configuration). The publish address is + the one used to tell clients and other servers where to find your Tor + server; it doesn't affect the address that your server binds to. To bind + to a different address, use the ORPort and OutboundBindAddress options. [[AddressDisableIPv6]] **AddressDisableIPv6** **0**|**1**:: By default, Tor will attempt to find the IPv6 of the relay if there is no @@ -2241,21 +2229,13 @@ is non-zero): relay is configured in bridge mode. //Out of order because it logically belongs after BridgeRelay. -[[BridgeRecordUsageByCountry]] **BridgeRecordUsageByCountry** **0**|**1**:: - When this option is enabled and BridgeRelay is also enabled, and we have - GeoIP data, Tor keeps a per-country count of how many client - addresses have contacted it so that it can help the bridge authority guess - which countries have blocked access to it. If ExtraInfoStatistics is - enabled, it will be published as part of the extra-info document. - (Default: 1) - -//Out of order because it logically belongs after BridgeRelay. [[BridgeDistribution]] **BridgeDistribution** __string__:: If set along with BridgeRelay, Tor will include a new line in its bridge descriptor which indicates to the BridgeDB service how it would like its bridge address to be given out. Set it to "none" if you want BridgeDB to avoid distributing your bridge address, or "any" to - let BridgeDB decide. (Default: any) + let BridgeDB decide. See https://bridges.torproject.org/info for a more + up-to-date list of options. (Default: any) [[ContactInfo]] **ContactInfo** __email_address__:: Administrative contact information for this relay or bridge. This line @@ -2678,6 +2658,22 @@ is non-zero): name lookups that your server does on behalf of clients. (Default: "www.google.com, www.mit.edu, www.yahoo.com, www.slashdot.org") +[[ServerTransportListenAddr]] **ServerTransportListenAddr** __transport__ __IP__:__PORT__:: + When this option is set, Tor will suggest __IP__:__PORT__ as the + listening address of any pluggable transport proxy that tries to + launch __transport__. (IPv4 addresses should written as-is; IPv6 + addresses should be wrapped in square brackets.) (Default: none) + +[[ServerTransportOptions]] **ServerTransportOptions** __transport__ __k=v__ __k=v__ ...:: + When this option is set, Tor will pass the __k=v__ parameters to + any pluggable transport proxy that tries to launch __transport__. + + (Example: ServerTransportOptions obfs45 shared-secret=bridgepasswd cache=/var/lib/tor/cache) (Default: none) + +[[ServerTransportPlugin]] **ServerTransportPlugin** __transport__ exec __path-to-binary__ [options]:: + The Tor relay launches the pluggable transport proxy in __path-to-binary__ + using __options__ as its command-line options, and expects to receive + proxied client traffic from it. (Default: none) + [[ShutdownWaitLength]] **ShutdownWaitLength** __NUM__:: When we get a SIGINT and we're a server, we begin shutting down: we close listeners and start refusing new circuits. After **NUM** @@ -2705,6 +2701,14 @@ Relays publish most statistics in a document called the extra-info document. The following options affect the different types of statistics that Tor relays collect and publish: +[[BridgeRecordUsageByCountry]] **BridgeRecordUsageByCountry** **0**|**1**:: + When this option is enabled and BridgeRelay is also enabled, and we have + GeoIP data, Tor keeps a per-country count of how many client + addresses have contacted it so that it can help the bridge authority guess + which countries have blocked access to it. If ExtraInfoStatistics is + enabled, it will be published as part of the extra-info document. + (Default: 1) + [[CellStatistics]] **CellStatistics** **0**|**1**:: Relays only. When this option is enabled, Tor collects statistics about cell @@ -2761,13 +2765,33 @@ types of statistics that Tor relays collect and publish: (Default: 1) [[HiddenServiceStatistics]] **HiddenServiceStatistics** **0**|**1**:: - Relays only. + Relays and bridges only. When this option is enabled, a Tor relay writes obfuscated statistics on its role as hidden-service directory, introduction point, or rendezvous point to disk every 24 hours. If ExtraInfoStatistics is enabled, it will be published as part of the extra-info document. (Default: 1) +[[OverloadStatistics]] **OverloadStatistics** *0**|**1**:: + Relays and bridges only. + When this option is enabled, a Tor relay will write an overload general + line in the server descriptor if the relay is considered overloaded. + (Default: 1) + + + A relay is considered overloaded if at least one of these conditions is + met: + - Onionskins are starting to be dropped. + - The OOM was invoked. + + - (Exit only) DNS timeout occurs X% of the time over Y seconds (values + controlled by consensus parameters, see param-spec.txt). + + + If ExtraInfoStatistics is enabled, it can also put two more specific + overload lines in the extra-info document if at least one of these + conditions is met: + - TCP Port exhaustion. + - Connection rate limits have been reached (read and write side). + [[PaddingStatistics]] **PaddingStatistics** **0**|**1**:: Relays and bridges only. When this option is enabled, Tor collects statistics for padding cells @@ -2805,6 +2829,11 @@ details.) + The same flags are supported here as are supported by ORPort. This port can only be IPv4. + + + As of Tor 0.4.6.1-alpha, non-authoritative relays (see + AuthoritativeDirectory) will not publish the DirPort but will still listen + on it. Clients don't use the DirPorts on relays, so it is safe for you + to remove the DirPort from your torrc configuration. [[DirPortFrontPage]] **DirPortFrontPage** __FILENAME__:: When this option is set, it takes an HTML file and publishes it as "/" on @@ -2825,11 +2854,15 @@ details.) == DENIAL OF SERVICE MITIGATION OPTIONS -Tor has three built-in mitigation options that can be individually -enabled/disabled and fine-tuned, but by default Tor directory authorities will -define reasonable values for relays and no explicit configuration is required -to make use of these protections. The mitigations take place at relays, -and are as follows: +Tor has a series of built-in denial of service mitigation options that can be +individually enabled/disabled and fine-tuned, but by default Tor directory +authorities will define reasonable values for the network and no explicit +configuration is required to make use of these protections. + +The following is a series of configuration options for relays and then options +for onion services and how they work. + +The mitigations take place at relays, and are as follows: 1. If a single client address makes too many concurrent connections (this is configurable via DoSConnectionMaxConcurrentCount), hang up on further @@ -2947,6 +2980,30 @@ Denial of Service mitigation subsystem described above. consensus, the value is 100. (Default: 0) +[[DoSConnectionConnectRate]] **DoSConnectionConnectRate** __NUM__:: + + The allowed rate of client connection from a single address per second. + Coupled with the burst (see below), if the limit is reached, the address + is marked and a defense is applied (DoSConnectionDefenseType) for a period + of time defined by DoSConnectionConnectDefenseTimePeriod. If not defined + or set to 0, it is controlled by a consensus parameter. + (Default: 0) + +[[DoSConnectionConnectBurst]] **DoSConnectionConnectBurst** __NUM__:: + + The allowed burst of client connection from a single address per second. + See the DoSConnectionConnectRate for more details on this detection. If + not defined or set to 0, it is controlled by a consensus parameter. + (Default: 0) + +[[DoSConnectionConnectDefenseTimePeriod]] **DoSConnectionConnectDefenseTimePeriod** __N__ **seconds**|**minutes**|**hours**:: + + The base time period in seconds that the client connection defense is + activated for. The actual value is selected randomly for each activation + from N+1 to 3/2 * N. If not defined or set to 0, it is controlled by a + consensus parameter. + (Default: 24 hours) + [[DoSRefuseSingleHopClientRendezvous]] **DoSRefuseSingleHopClientRendezvous** **0**|**1**|**auto**:: Refuse establishment of rendezvous points for single hop clients. In other @@ -2956,6 +3013,68 @@ Denial of Service mitigation subsystem described above. (Default: auto) +As for onion services, only one possible mitigation exists. It was intended to +protect the network first and thus do not help the service availability or +reachability. + +The mitigation we put in place is a rate limit of the amount of introduction +that happens at the introduction point for a service. In other words, it rates +limit the number of clients that are attempting to reach the service at the +introduction point instead of at the service itself. + +The following options are per onion service: + +[[HiddenServiceEnableIntroDoSDefense]] **HiddenServiceEnableIntroDoSDefense** **0**|**1**:: + Enable DoS defense at the intropoint level. When this is enabled, the + rate and burst parameter (see below) will be sent to the intro point which + will then use them to apply rate limiting for introduction request to this + service. + + + The introduction point honors the consensus parameters except if this is + specifically set by the service operator using this option. The service + never looks at the consensus parameters in order to enable or disable this + defense. (Default: 0) + +//Out of order because it logically belongs after HiddenServiceEnableIntroDoSDefense. +[[HiddenServiceEnableIntroDoSBurstPerSec]] **HiddenServiceEnableIntroDoSBurstPerSec** __NUM__:: + The allowed client introduction burst per second at the introduction + point. If this option is 0, it is considered infinite and thus if + **HiddenServiceEnableIntroDoSDefense** is set, it then effectively + disables the defenses. (Default: 200) + +[[HiddenServiceEnableIntroDoSRatePerSec]] **HiddenServiceEnableIntroDoSRatePerSec** __NUM__:: + The allowed client introduction rate per second at the introduction + point. If this option is 0, it is considered infinite and thus if + **HiddenServiceEnableIntroDoSDefense** is set, it then effectively + disables the defenses. (Default: 25) + +The rate is the maximum number of clients a service will ask its introduction +points to allow every seconds. And the burst is a parameter that allows that +many within one second. + +For example, the default values of 25 and 200 respectively means that for every +introduction points a service has (default 3 but can be configured with +**HiddenServiceNumIntroductionPoints**), 25 clients per seconds will be allowed +to reach the service and 200 at most within 1 second as a burst. This means +that if 200 clients are seen within 1 second, it will take 8 seconds (200/25) +for another client to be able to be allowed to introduce due to the rate of 25 +per second. + +This might be too much for your use case or not, fine tuning these values is +hard and are likely different for each service operator. + +Why is this not helping reachability of the service? Because the defenses are +at the introduction point, an attacker can easily flood all introduction point +rendering the service unavailable due to no client being able to pass through. +But, the service itself is not overwhelmed with connetions allowing it to +function properly for the few clients that were able to go through or other any +services running on the same tor instance. + +The bottom line is that this protects the network by preventing an onion +service to flood the network with new rendezvous circuits that is reducing load +on the network. + + == DIRECTORY AUTHORITY SERVER OPTIONS The following options enable operation as a directory authority, and @@ -2993,6 +3112,11 @@ on the public Tor network. is the same as for exit policies, except that you don't need to say "accept" or "reject", and ports are not needed.) +[[AuthDirMiddleOnly]] **AuthDirMiddleOnly** __AddressPattern...__:: + Authoritative directories only. A set of address patterns for servers that + will be listed as middle-only in any network status document this authority + publishes, if **AuthDirListMiddleOnly** is set. + + [[AuthDirFastGuarantee]] **AuthDirFastGuarantee** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**:: Authoritative directories only. If non-zero, always vote the Fast flag for any relay advertising this amount of capacity or @@ -3040,6 +3164,13 @@ on the public Tor network. 1 unless you plan to list non-functioning exits as bad; otherwise, you are effectively voting in favor of every declared exit as an exit.) +[[AuthDirListMiddleOnly]] **AuthDirListMiddleOnly** **0**|**1**:: + Authoritative directories only. If set to 1, this directory has some + opinion about which nodes should only be used in the middle position. + (Do not set this to 1 unless you plan to list questionable relays + as "middle only"; otherwise, you are effectively voting _against_ + middle-only status for every relay.) + [[AuthDirMaxServersPerAddr]] **AuthDirMaxServersPerAddr** __NUM__:: Authoritative directories only. The maximum number of servers that we will list as acceptable on a single IP address. Set this to "0" for "no limit". @@ -3058,18 +3189,20 @@ on the public Tor network. authority publishes, or accepted as an OR address in any descriptor submitted for publication by this authority. +[[AuthDirRejectRequestsUnderLoad]] **AuthDirRejectRequestsUnderLoad** **0**|**1**:: + If set, the directory authority will start rejecting directory requests + from non relay connections by sending a 503 error code if it is under + bandwidth pressure (reaching the configured limit if any). Relays will + always tried to be answered even if this is on. (Default: 1) + //Out of order because it logically belongs with the other CCs options. [[AuthDirBadExitCCs]] **AuthDirBadExitCCs** __CC__,... + //Out of order because it logically belongs with the other CCs options. [[AuthDirInvalidCCs]] **AuthDirInvalidCCs** __CC__,... + - -[[AuthDirRejectRequestsUnderLoad]] **AuthDirRejectRequestsUnderLoad** **0**|**1**:: - If set, the directory authority will start rejecting directory requests - from non relay connections by sending a 503 error code if it is under - bandwidth pressure (reaching the configured limit if any). Relays will - always tried to be answered even if this is on. (Default: 1) +//Out of order because it logically belongs with the other CCs options. +[[AuthDirMiddleOnlytCCs]] **AuthDirMiddleOnlyCCs** __CC__,... + [[AuthDirRejectCCs]] **AuthDirRejectCCs** __CC__,...:: Authoritative directories only. These options contain a comma-separated @@ -3096,6 +3229,32 @@ on the public Tor network. If set to 0, we vote Running for every relay, and don't perform these tests. (Default: 1) +[[AuthDirVoteGuard]] **AuthDirVoteGuard** __node__,__node__,__...__:: + A list of identity fingerprints or country codes or address patterns of + nodes to vote Guard for regardless of their uptime and bandwidth. See + <<ExcludeNodes,ExcludeNodes>> for more information on how to specify nodes. + +[[AuthDirVoteGuardBwThresholdFraction]] **AuthDirVoteGuardBwThresholdFraction** __FRACTION__:: + The Guard flag bandwidth performance threshold fraction that is the + fraction representing who gets the Guard flag out of all measured + bandwidth. (Default: 0.75) + +[[AuthDirVoteGuardGuaranteeTimeKnown]] **AuthDirVoteGuardGuaranteeTimeKnown** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: + A relay with at least this much weighted time known can be considered + familiar enough to be a guard. (Default: 8 days) + +[[AuthDirVoteGuardGuaranteeWFU]] **AuthDirVoteGuardGuaranteeWFU** __FRACTION__:: + A level of weighted fractional uptime (WFU) is that is sufficient to be a + Guard. (Default: 0.98) + +[[AuthDirVoteStableGuaranteeMinUptime]] **AuthDirVoteStableGuaranteeMinUptime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: + If a relay's uptime is at least this value, then it is always considered + stable, regardless of the rest of the network. (Default: 30 days) + +[[AuthDirVoteStableGuaranteeMTBF]] **AuthDirVoteStableGuaranteeMTBF** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: + If a relay's mean time between failures (MTBF) is least this value, then + it will always be considered stable. (Default: 5 days) + [[BridgePassword]] **BridgePassword** __Password__:: If set, contains an HTTP authenticator that tells a bridge authority to serve all requested bridge information. Used by the (only partially @@ -3216,20 +3375,6 @@ The next section describes the per service options that can only be set not an authorization mechanism; it is instead meant to be a mild inconvenience to port-scanners.) (Default: 0) -[[HiddenServiceAuthorizeClient]] **HiddenServiceAuthorizeClient** __auth-type__ __client-name__,__client-name__,__...__:: - If configured, the v2 hidden service is accessible for authorized clients - only. The auth-type can either be \'basic' for a general-purpose - authorization protocol or \'stealth' for a less scalable protocol that also - hides service activity from unauthorized clients. Only clients that are - listed here are authorized to access the hidden service. Valid client names - are 1 to 16 characters long and only use characters in A-Za-z0-9+-_ (no - spaces). If this option is set, the hidden service is not accessible for - clients without authorization any more. Generated authorization data can be - found in the hostname file. Clients need to put this authorization data in - their configuration file using **HidServAuth**. This option is only for v2 - services; v3 services configure client authentication in a subdirectory of - HiddenServiceDir instead (see <<client-authorization,CLIENT AUTHORIZATION>>). - [[HiddenServiceDir]] **HiddenServiceDir** __DIRECTORY__:: Store data files for a hidden service in DIRECTORY. Every hidden service must have a separate directory. You may use this option multiple times to @@ -3248,30 +3393,6 @@ The next section describes the per service options that can only be set only owner is able to read the hidden service directory. (Default: 0) Has no effect on Windows. -[[HiddenServiceEnableIntroDoSDefense]] **HiddenServiceEnableIntroDoSDefense** **0**|**1**:: - Enable DoS defense at the intropoint level. When this is enabled, the - rate and burst parameter (see below) will be sent to the intro point which - will then use them to apply rate limiting for introduction request to this - service. - + - The introduction point honors the consensus parameters except if this is - specifically set by the service operator using this option. The service - never looks at the consensus parameters in order to enable or disable this - defense. (Default: 0) - -//Out of order because it logically belongs after HiddenServiceEnableIntroDoSDefense. -[[HiddenServiceEnableIntroDoSBurstPerSec]] **HiddenServiceEnableIntroDoSBurstPerSec** __NUM__:: - The allowed client introduction burst per second at the introduction - point. If this option is 0, it is considered infinite and thus if - **HiddenServiceEnableIntroDoSDefense** is set, it then effectively - disables the defenses. (Default: 200) - -[[HiddenServiceEnableIntroDoSRatePerSec]] **HiddenServiceEnableIntroDoSRatePerSec** __NUM__:: - The allowed client introduction rate per second at the introduction - point. If this option is 0, it is considered infinite and thus if - **HiddenServiceEnableIntroDoSDefense** is set, it then effectively - disables the defenses. (Default: 25) - [[HiddenServiceExportCircuitID]] **HiddenServiceExportCircuitID** __protocol__:: The onion service will use the given protocol to expose the global circuit identifier of each inbound client circuit. The only @@ -3324,7 +3445,7 @@ The next section describes the per service options that can only be set [[HiddenServiceNumIntroductionPoints]] **HiddenServiceNumIntroductionPoints** __NUM__:: Number of introduction points the hidden service will have. You can't - have more than 10 for v2 service and 20 for v3. (Default: 3) + have more than 20. (Default: 3) [[HiddenServicePort]] **HiddenServicePort** __VIRTPORT__ [__TARGET__]:: Configure a virtual port VIRTPORT for a hidden service. You may use this @@ -3338,17 +3459,9 @@ The next section describes the per service options that can only be set connects to that VIRTPORT, one of the TARGETs from those lines will be chosen at random. Note that address-port pairs have to be comma-separated. -[[HiddenServiceVersion]] **HiddenServiceVersion** **2**|**3**:: +[[HiddenServiceVersion]] **HiddenServiceVersion** **3**:: A list of rendezvous service descriptor versions to publish for the hidden - service. Currently, versions 2 and 3 are supported. (Default: 3) - -[[RendPostPeriod]] **RendPostPeriod** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: - Every time the specified period elapses, Tor uploads any rendezvous - service descriptors to the directory servers. This information is also - uploaded whenever it changes. Minimum value allowed is 10 minutes and - maximum is 3.5 days. This option is only for v2 services. - (Default: 1 hour) - + service. Currently, only version 3 is supported. (Default: 3) **PER INSTANCE OPTIONS:** @@ -3397,8 +3510,6 @@ The next section describes the per service options that can only be set [[client-authorization]] == CLIENT AUTHORIZATION -(Version 3 only) - Service side: To configure client authorization on the service side, the @@ -3492,14 +3603,15 @@ The following options are used for running a testing Tor network. [[TestingAuthKeySlop]] **TestingAuthKeySlop** __N__ **seconds**|**minutes**|**hours** + [[TestingBridgeBootstrapDownloadInitialDelay]] **TestingBridgeBootstrapDownloadInitialDelay** __N__:: - Initial delay in seconds for when clients should download each bridge descriptor when they - have just started, or when they can not contact any of their bridges. + Initial delay in seconds for how long clients should wait before + downloading a bridge descriptor for a new bridge. Changing this requires that **TestingTorNetwork** is set. (Default: 0) [[TestingBridgeDownloadInitialDelay]] **TestingBridgeDownloadInitialDelay** __N__:: - Initial delay in seconds for when clients should download each bridge descriptor when they - know that one or more of their configured bridges are running. Changing - this requires that **TestingTorNetwork** is set. (Default: 10800) + How long to wait (in seconds) once clients have successfully + downloaded a bridge descriptor, before trying another download for + that same bridge. Changing this requires that **TestingTorNetwork** + is set. (Default: 10800) [[TestingClientConsensusDownloadInitialDelay]] **TestingClientConsensusDownloadInitialDelay** __N__:: Initial delay in seconds for when clients should download consensuses. Changing this @@ -3818,7 +3930,12 @@ __KeyDirectory__/**`secret_onion_key_ntor`** and **`secret_onion_key_ntor.old`** by clients that didn't have the new one. __DataDirectory__/**`fingerprint`**:: - Only used by servers. Contains the fingerprint of the server's identity key. + Only used by servers. Contains the fingerprint of the server's RSA + identity key. + +__DataDirectory__/**`fingerprint-ed25519`**:: + Only used by servers. Contains the fingerprint of the server's ed25519 + identity key. __DataDirectory__/**`hashed-fingerprint`**:: Only used by bridges. Contains the hashed fingerprint of the bridge's @@ -3834,7 +3951,8 @@ __DataDirectory__/**`approved-routers`**:: descriptors are accepted, but marked in the vote as not valid. If it is **!badexit**, then the authority will vote for it to receive a BadExit flag, indicating that it shouldn't be used for traffic leaving - the Tor network. + the Tor network. If it is **!middleonly**, then the authority will + vote for it to only be used in the middle of circuits. (Neither rejected nor invalid relays are included in the consensus.) __DataDirectory__/**`v3-status-votes`**:: diff --git a/doc/man/torify.1.txt b/doc/man/torify.1.txt index 46b13e18e5..30e4a42754 100644 --- a/doc/man/torify.1.txt +++ b/doc/man/torify.1.txt @@ -6,6 +6,7 @@ :man manual: Tor Manual torify(1) ========= +Tor Project, Inc. NAME ---- diff --git a/m4/ax_compiler_vendor.m4 b/m4/ax_compiler_vendor.m4 new file mode 100644 index 0000000000..73efdb0055 --- /dev/null +++ b/m4/ax_compiler_vendor.m4 @@ -0,0 +1,88 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_compiler_vendor.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_COMPILER_VENDOR +# +# DESCRIPTION +# +# Determine the vendor of the C/C++ compiler, e.g., gnu, intel, ibm, sun, +# hp, borland, comeau, dec, cray, kai, lcc, metrowerks, sgi, microsoft, +# watcom, etc. The vendor is returned in the cache variable +# $ax_cv_c_compiler_vendor for C and $ax_cv_cxx_compiler_vendor for C++. +# +# LICENSE +# +# Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu> +# Copyright (c) 2008 Matteo Frigo +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see <https://www.gnu.org/licenses/>. +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 17 + +AC_DEFUN([AX_COMPILER_VENDOR], +[AC_CACHE_CHECK([for _AC_LANG compiler vendor], ax_cv_[]_AC_LANG_ABBREV[]_compiler_vendor, + dnl Please add if possible support to ax_compiler_version.m4 + [# note: don't check for gcc first since some other compilers define __GNUC__ + vendors="intel: __ICC,__ECC,__INTEL_COMPILER + ibm: __xlc__,__xlC__,__IBMC__,__IBMCPP__ + pathscale: __PATHCC__,__PATHSCALE__ + clang: __clang__ + cray: _CRAYC + fujitsu: __FUJITSU + sdcc: SDCC, __SDCC + gnu: __GNUC__ + sun: __SUNPRO_C,__SUNPRO_CC + hp: __HP_cc,__HP_aCC + dec: __DECC,__DECCXX,__DECC_VER,__DECCXX_VER + borland: __BORLANDC__,__CODEGEARC__,__TURBOC__ + comeau: __COMO__ + kai: __KCC + lcc: __LCC__ + sgi: __sgi,sgi + microsoft: _MSC_VER + metrowerks: __MWERKS__ + watcom: __WATCOMC__ + portland: __PGI + tcc: __TINYC__ + unknown: UNKNOWN" + for ventest in $vendors; do + case $ventest in + *:) vendor=$ventest; continue ;; + *) vencpp="defined("`echo $ventest | sed 's/,/) || defined(/g'`")" ;; + esac + AC_COMPILE_IFELSE([AC_LANG_PROGRAM(,[ + #if !($vencpp) + thisisanerror; + #endif + ])], [break]) + done + ax_cv_[]_AC_LANG_ABBREV[]_compiler_vendor=`echo $vendor | cut -d: -f1` + ]) +]) diff --git a/m4/ax_compiler_version.m4 b/m4/ax_compiler_version.m4 new file mode 100644 index 0000000000..0581d1bc0f --- /dev/null +++ b/m4/ax_compiler_version.m4 @@ -0,0 +1,529 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_compiler_version.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_COMPILER_VERSION +# +# DESCRIPTION +# +# This macro retrieves the compiler version and returns it in the cache +# variable $ax_cv_c_compiler_version for C and $ax_cv_cxx_compiler_version +# for C++. +# +# Version is returned as epoch:major.minor.patchversion +# +# Epoch is used in order to have an increasing version number in case of +# marketing change. +# +# Epoch use: * borland compiler use chronologically 0turboc for turboc +# era, +# +# 1borlanc BORLANDC++ before 5, 2cppbuilder for cppbuilder era, +# 3borlancpp for return of BORLANDC++ (after version 5.5), +# 4cppbuilder for cppbuilder with year version, +# and 5xe for XE era. +# +# An empty string is returned otherwise. +# +# LICENSE +# +# Copyright (c) 2014 Bastien ROUCARIES <roucaries.bastien+autoconf@gmail.com> +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 12 + +# for intel +AC_DEFUN([_AX_COMPILER_VERSION_INTEL], + [ dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [__INTEL_COMPILER/100],, + AC_MSG_FAILURE([[[$0]] unknown intel compiler version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(__INTEL_COMPILER%100)/10],, + AC_MSG_FAILURE([[[$0]] unknown intel compiler version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [(__INTEL_COMPILER%10)],, + AC_MSG_FAILURE([[[$0]] unknown intel compiler version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# for IBM +AC_DEFUN([_AX_COMPILER_VERSION_IBM], + [ dnl + dnl check between z/OS C/C++ and XL C/C++ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([], + [ + #if defined(__COMPILER_VER__) + choke me; + #endif + ])], + [ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [__xlC__/100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler major version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [__xlC__%100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__xlC_ver__/0x100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_build, + [__xlC_ver__%0x100],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler build version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_build" + ], + [ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__xlC__%1000],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(__xlC__/10000)%10],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(__xlC__/100000)%10],, + AC_MSG_FAILURE([[[$0]] unknown IBM compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) +]) + +# for pathscale +AC_DEFUN([_AX_COMPILER_VERSION_PATHSCALE],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __PATHCC__,, + AC_MSG_FAILURE([[[$0]] unknown pathscale major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __PATHCC_MINOR__,, + AC_MSG_FAILURE([[[$0]] unknown pathscale minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__PATHCC_PATCHLEVEL__],, + AC_MSG_FAILURE([[[$0]] unknown pathscale patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# for clang +AC_DEFUN([_AX_COMPILER_VERSION_CLANG],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __clang_major__,, + AC_MSG_FAILURE([[[$0]] unknown clang major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __clang_minor__,, + AC_MSG_FAILURE([[[$0]] unknown clang minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__clang_patchlevel__],,0) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# for crayc +AC_DEFUN([_AX_COMPILER_VERSION_CRAY],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + _RELEASE,, + AC_MSG_FAILURE([[[$0]] unknown crayc release])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + _RELEASE_MINOR,, + AC_MSG_FAILURE([[[$0]] unknown crayc minor])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor" + ]) + +# for fujitsu +AC_DEFUN([_AX_COMPILER_VERSION_FUJITSU],[ + AC_COMPUTE_INT(ax_cv_[]_AC_LANG_ABBREV[]_compiler_version, + __FCC_VERSION,, + AC_MSG_FAILURE([[[$0]]unknown fujitsu release])) + ]) + +# for GNU +AC_DEFUN([_AX_COMPILER_VERSION_GNU],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __GNUC__,, + AC_MSG_FAILURE([[[$0]] unknown gcc major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __GNUC_MINOR__,, + AC_MSG_FAILURE([[[$0]] unknown gcc minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__GNUC_PATCHLEVEL__],, + AC_MSG_FAILURE([[[$0]] unknown gcc patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# For sun +AC_DEFUN([_AX_COMPILER_VERSION_SUN],[ + m4_define([_AX_COMPILER_VERSION_SUN_NUMBER], + [ + #if defined(__SUNPRO_CC) + __SUNPRO_CC + #else + __SUNPRO_C + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_until59, + !!(_AX_COMPILER_VERSION_SUN_NUMBER < 0x1000),, + AC_MSG_FAILURE([[[$0]] unknown sun release version])) + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_until59" = X1], + [dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _AX_COMPILER_VERSION_SUN_NUMBER % 0x10,, + AC_MSG_FAILURE([[[$0]] unknown sun patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x10) % 0x10,, + AC_MSG_FAILURE([[[$0]] unknown sun minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x100),, + AC_MSG_FAILURE([[[$0]] unknown sun major version])) + ], + [dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _AX_COMPILER_VERSION_SUN_NUMBER % 0x10,, + AC_MSG_FAILURE([[[$0]] unknown sun patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x100) % 0x100,, + AC_MSG_FAILURE([[[$0]] unknown sun minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_AX_COMPILER_VERSION_SUN_NUMBER / 0x1000),, + AC_MSG_FAILURE([[[$0]] unknown sun major version])) + ]) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" +]) + +AC_DEFUN([_AX_COMPILER_VERSION_HP],[ + m4_define([_AX_COMPILER_VERSION_HP_NUMBER], + [ + #if defined(__HP_cc) + __HP_cc + #else + __HP_aCC + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_untilA0121, + !!(_AX_COMPILER_VERSION_HP_NUMBER <= 1),, + AC_MSG_FAILURE([[[$0]] unknown hp release version])) + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_untilA0121" = X1], + [dnl By default output last version with this behavior. + dnl it is so old + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="01.21.00" + ], + [dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + (_AX_COMPILER_VERSION_HP_NUMBER % 100),, + AC_MSG_FAILURE([[[$0]] unknown hp release version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + ((_AX_COMPILER_VERSION_HP_NUMBER / 100)%100),, + AC_MSG_FAILURE([[[$0]] unknown hp minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + ((_AX_COMPILER_VERSION_HP_NUMBER / 10000)%100),, + AC_MSG_FAILURE([[[$0]] unknown hp major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) +]) + +AC_DEFUN([_AX_COMPILER_VERSION_DEC],[dnl + m4_define([_AX_COMPILER_VERSION_DEC_NUMBER], + [ + #if defined(__DECC_VER) + __DECC_VER + #else + __DECCXX_VER + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + (_AX_COMPILER_VERSION_DEC_NUMBER % 10000),, + AC_MSG_FAILURE([[[$0]] unknown dec release version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + ((_AX_COMPILER_VERSION_DEC_NUMBER / 100000UL)%100),, + AC_MSG_FAILURE([[[$0]] unknown dec minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + ((_AX_COMPILER_VERSION_DEC_NUMBER / 10000000UL)%100),, + AC_MSG_FAILURE([[[$0]] unknown dec major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# borland +AC_DEFUN([_AX_COMPILER_VERSION_BORLAND],[dnl + m4_define([_AX_COMPILER_VERSION_TURBOC_NUMBER], + [ + #if defined(__TURBOC__) + __TURBOC__ + #else + choke me + #endif + ]) + m4_define([_AX_COMPILER_VERSION_BORLANDC_NUMBER], + [ + #if defined(__BORLANDC__) + __BORLANDC__ + #else + __CODEGEARC__ + #endif + ]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM(, + _AX_COMPILER_VERSION_TURBOC_NUMBER)], + [dnl TURBOC + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw, + _AX_COMPILER_VERSION_TURBOC_NUMBER,, + AC_MSG_FAILURE([[[$0]] unknown turboc version])) + AS_IF( + [test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw -lt 661 || test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw -gt 1023], + [dnl compute normal version + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + _AX_COMPILER_VERSION_TURBOC_NUMBER % 0x100,, + AC_MSG_FAILURE([[[$0]] unknown turboc minor version])) + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_AX_COMPILER_VERSION_TURBOC_NUMBER/0x100)%0x100,, + AC_MSG_FAILURE([[[$0]] unknown turboc major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor"], + [dnl special version + AS_CASE([$_ax_[]_AC_LANG_ABBREV[]_compiler_version_turboc_raw], + [661],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:1.00"], + [662],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:1.01"], + [663],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="0turboc:2.00"], + [ + AC_MSG_WARN([[[$0]] unknown turboc version between 0x295 and 0x400 please report bug]) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="" + ]) + ]) + ], + # borlandc + [ + AC_COMPUTE_INT( + _ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw, + _AX_COMPILER_VERSION_BORLANDC_NUMBER,, + AC_MSG_FAILURE([[[$0]] unknown borlandc version])) + AS_CASE([$_ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw], + dnl BORLANDC++ before 5.5 + [512] ,[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:2.00"], + [1024],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.00"], + [1024],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.00"], + [1040],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:3.1"], + [1106],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:4.0"], + [1280],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:5.0"], + [1312],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="1borlanc:5.02"], + dnl C++ Builder era + [1328],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="2cppbuilder:3.0"], + [1344],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="2cppbuilder:4.0"], + dnl BORLANDC++ after 5.5 + [1360],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.5"], + [1361],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.51"], + [1378],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="3borlancpp:5.6.4"], + dnl C++ Builder with year number + [1392],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2006"], + [1424],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2007"], + [1555],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2009"], + [1569],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="4cppbuilder:2010"], + dnl XE version + [1584],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe"], + [1600],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:2"], + [1616],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:3"], + [1632],[ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="5xe:4"], + [ + AC_MSG_WARN([[[$0]] Unknown borlandc compiler version $_ax_[]_AC_LANG_ABBREV[]_compiler_version_borlandc_raw please report bug]) + ]) + ]) + ]) + +# COMO +AC_DEFUN([_AX_COMPILER_VERSION_COMEAU], + [ dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [__COMO_VERSION__%100],, + AC_MSG_FAILURE([[[$0]] unknown comeau compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(__COMO_VERSION__/100)%10],, + AC_MSG_FAILURE([[[$0]] unknown comeau compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor" + ]) + +# KAI +AC_DEFUN([_AX_COMPILER_VERSION_KAI],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__KCC_VERSION%100],, + AC_MSG_FAILURE([[[$0]] unknown kay compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(__KCC_VERSION/100)%10],, + AC_MSG_FAILURE([[[$0]] unknown kay compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(__KCC_VERSION/1000)%10],, + AC_MSG_FAILURE([[[$0]] unknown kay compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +dnl LCC +dnl LCC does not output version... + +# SGI +AC_DEFUN([_AX_COMPILER_VERSION_SGI],[ + m4_define([_AX_COMPILER_VERSION_SGI_NUMBER], + [ + #if defined(_COMPILER_VERSION) + _COMPILER_VERSION + #else + _SGI_COMPILER_VERSION + #endif + ]) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [_AX_COMPILER_VERSION_SGI_NUMBER%10],, + AC_MSG_FAILURE([[[$0]] unknown SGI compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + [(_AX_COMPILER_VERSION_SGI_NUMBER/10)%10],, + AC_MSG_FAILURE([[[$0]] unknown SGI compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + [(_AX_COMPILER_VERSION_SGI_NUMBER/100)%10],, + AC_MSG_FAILURE([[[$0]] unknown SGI compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# microsoft +AC_DEFUN([_AX_COMPILER_VERSION_MICROSOFT],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + _MSC_VER%100,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (_MSC_VER/100)%100,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler major version])) + dnl could be overridden + _ax_[]_AC_LANG_ABBREV[]_compiler_version_patch=0 + _ax_[]_AC_LANG_ABBREV[]_compiler_version_build=0 + # special case for version 6 + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major" = "X12"], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _MSC_FULL_VER%1000,, + _ax_[]_AC_LANG_ABBREV[]_compiler_version_patch=0)]) + # for version 7 + AS_IF([test "X$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major" = "X13"], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _MSC_FULL_VER%1000,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler patch version])) + ]) + # for version > 8 + AS_IF([test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_major -ge 14], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + _MSC_FULL_VER%10000,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler patch version])) + ]) + AS_IF([test $_ax_[]_AC_LANG_ABBREV[]_compiler_version_major -ge 15], + [AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_build, + _MSC_BUILD,, + AC_MSG_FAILURE([[[$0]] unknown microsoft compiler build version])) + ]) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_build" + ]) + +# for metrowerks +AC_DEFUN([_AX_COMPILER_VERSION_METROWERKS],[dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + __MWERKS__%0x100,, + AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler patch version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + (__MWERKS__/0x100)%0x10,, + AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (__MWERKS__/0x1000)%0x10,, + AC_MSG_FAILURE([[[$0]] unknown metrowerks compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# for watcom +AC_DEFUN([_AX_COMPILER_VERSION_WATCOM],[dnl + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __WATCOMC__%100,, + AC_MSG_FAILURE([[[$0]] unknown watcom compiler minor version])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + (__WATCOMC__/100)%100,, + AC_MSG_FAILURE([[[$0]] unknown watcom compiler major version])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor" + ]) + +# for PGI +AC_DEFUN([_AX_COMPILER_VERSION_PORTLAND],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + __PGIC__,, + AC_MSG_FAILURE([[[$0]] unknown pgi major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + __PGIC_MINOR__,, + AC_MSG_FAILURE([[[$0]] unknown pgi minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [__PGIC_PATCHLEVEL__],, + AC_MSG_FAILURE([[[$0]] unknown pgi patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# tcc +AC_DEFUN([_AX_COMPILER_VERSION_TCC],[ + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version=[`tcc -v | $SED 's/^[ ]*tcc[ ]\+version[ ]\+\([0-9.]\+\).*/\1/g'`] + ]) + +# for GNU +AC_DEFUN([_AX_COMPILER_VERSION_SDCC],[ + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_major, + /* avoid parse error with comments */ + #if(defined(__SDCC_VERSION_MAJOR)) + __SDCC_VERSION_MAJOR + #else + SDCC/100 + #endif + ,, + AC_MSG_FAILURE([[[$0]] unknown sdcc major])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor, + /* avoid parse error with comments */ + #if(defined(__SDCC_VERSION_MINOR)) + __SDCC_VERSION_MINOR + #else + (SDCC%100)/10 + #endif + ,, + AC_MSG_FAILURE([[[$0]] unknown sdcc minor])) + AC_COMPUTE_INT(_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch, + [ + /* avoid parse error with comments */ + #if(defined(__SDCC_VERSION_PATCH)) + __SDCC_VERSION_PATCH + #elsif(defined(_SDCC_VERSION_PATCHLEVEL)) + __SDCC_VERSION_PATCHLEVEL + #else + SDCC%10 + #endif + ],, + AC_MSG_FAILURE([[[$0]] unknown sdcc patch level])) + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version="$_ax_[]_AC_LANG_ABBREV[]_compiler_version_major.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_minor.$_ax_[]_AC_LANG_ABBREV[]_compiler_version_patch" + ]) + +# main entry point +AC_DEFUN([AX_COMPILER_VERSION],[dnl + AC_REQUIRE([AX_COMPILER_VENDOR]) + AC_REQUIRE([AC_PROG_SED]) + AC_CACHE_CHECK([for _AC_LANG compiler version], + ax_cv_[]_AC_LANG_ABBREV[]_compiler_version, + [ dnl + AS_CASE([$ax_cv_[]_AC_LANG_ABBREV[]_compiler_vendor], + [intel],[_AX_COMPILER_VERSION_INTEL], + [ibm],[_AX_COMPILER_VERSION_IBM], + [pathscale],[_AX_COMPILER_VERSION_PATHSCALE], + [clang],[_AX_COMPILER_VERSION_CLANG], + [cray],[_AX_COMPILER_VERSION_CRAY], + [fujitsu],[_AX_COMPILER_VERSION_FUJITSU], + [gnu],[_AX_COMPILER_VERSION_GNU], + [sun],[_AX_COMPILER_VERSION_SUN], + [hp],[_AX_COMPILER_VERSION_HP], + [dec],[_AX_COMPILER_VERSION_DEC], + [borland],[_AX_COMPILER_VERSION_BORLAND], + [comeau],[_AX_COMPILER_VERSION_COMEAU], + [kai],[_AX_COMPILER_VERSION_KAI], + [sgi],[_AX_COMPILER_VERSION_SGI], + [microsoft],[_AX_COMPILER_VERSION_MICROSOFT], + [metrowerks],[_AX_COMPILER_VERSION_METROWERKS], + [watcom],[_AX_COMPILER_VERSION_WATCOM], + [portland],[_AX_COMPILER_VERSION_PORTLAND], + [tcc],[_AX_COMPILER_VERSION_TCC], + [sdcc],[_AX_COMPILER_VERSION_SDCC], + [ax_cv_[]_AC_LANG_ABBREV[]_compiler_version=""]) + ]) +]) diff --git a/scripts/README b/scripts/README index 9cd6e74ac7..4cb49370f5 100644 --- a/scripts/README +++ b/scripts/README @@ -12,7 +12,7 @@ never used. maint/checkOptionDocs.pl -- Make sure that Tor options are documented in the manpage, and that the manpage only documents real Tor options. -maint/checkSpaces.pl -- Style checker for the Tor source code. Mainly checks +maint/checkSpace.pl -- Style checker for the Tor source code. Mainly checks whitespace. maint/findMergedChanges.pl -- Find a set of changes/* files that have been @@ -23,7 +23,7 @@ maint/format_changelog.py -- Flow the changelog into the proper format. maint/redox.py -- Find places that should have DOCDOC comments to indicate a need for doxygen comments, and put those comments there. -maint/updateVersions.pl -- Update the version number in the .nsi and windows +maint/update_versions.py -- Update the version number in the .nsi and windows orconfig.h files. diff --git a/scripts/build/combine_libs b/scripts/build/combine_libs index 9c87f68248..9dec483602 100755 --- a/scripts/build/combine_libs +++ b/scripts/build/combine_libs @@ -8,14 +8,19 @@ ORIGDIR="$(pwd)" trap 'cd "$ORIGDIR" && rm -rf "$TMPDIR"' 0 abspath() { - echo "$(cd "$(dirname "$1")">/dev/null && pwd)/$(basename "$1")" + echo "$(cd "$(dirname "$1")" >/dev/null && pwd)/$(basename "$1")" } -TARGET=$(abspath "$1") +apple_symdef_fix() { + # On modern macOS and iOS we need to remove the "__.SYMDEF" and "__.SYMDEF + # SORTED" before we repack the archive. + # See: tor#40683. + if [ "$(uname -s)" = "Darwin" ] ; then + find . -name "__.SYMDEF*" -delete + fi +} -#echo ORIGDIR="$ORIGDIR" -#echo AR="$AR" -#echo ARFLAGS="$AFLAGS" +TARGET=$(abspath "$1") shift @@ -24,12 +29,12 @@ for input in "$@"; do abs=$(abspath "$input") dir="$TMPDIR"/$(basename "$input" .a) mkdir "$dir" - cd "$dir">/dev/null + cd "$dir" >/dev/null "${AR:-ar}" x "$abs" done cd "$TMPDIR" >/dev/null -#echo "${AR:-ar}" "${ARFLAGS:-cru}" library.tmp.a ./*/** +apple_symdef_fix "${AR:-ar}" "${ARFLAGS:-cru}" library.tmp.a ./*/** "${RANLIB:-ranlib}" library.tmp.a mv -f library.tmp.a "$TARGET" diff --git a/scripts/ci/ci-driver.sh b/scripts/ci/ci-driver.sh index 66c8f2ec26..93d764f262 100755 --- a/scripts/ci/ci-driver.sh +++ b/scripts/ci/ci-driver.sh @@ -30,7 +30,6 @@ RUN_STAGE_TEST="${RUN_STAGE_TEST:-yes}" FATAL_WARNINGS="${FATAL_WARNINGS:-yes}" HARDENING="${HARDENING:-no}" COVERAGE="${COVERAGE:-no}" -RUST="${RUST:-no}" DOXYGEN="${DOXYGEN:-no}" ASCIIDOC="${ASCIIDOC:-no}" TRACING="${TRACING:-no}" @@ -87,6 +86,7 @@ function error() { echo "${T_BOLD}${T_RED}ERROR:${T_RESET} $*" 1>&2 } + function die() { echo "${T_BOLD}${T_RED}FATAL ERROR:${T_RESET} $*" 1>&2 @@ -159,27 +159,27 @@ function show_git_version() if [[ "${ON_GITLAB}" == "yes" ]]; then function start_section() { - local label="$1" - local stamp - stamp=$(date +%s) - printf "section_start:%s:%s\r\e[0K" "$stamp" "$label" - echo "${T_BOLD}${T_GREEN}========= $label${T_RESET}" + local label="$1" + local stamp + stamp=$(date +%s) + printf "section_start:%s:%s\r\e[0K" "$stamp" "$label" + echo "${T_BOLD}${T_GREEN}========= $label${T_RESET}" } function end_section() { - local label="$1" - local stamp - stamp=$(date +%s) - printf "section_end:%s:%s\r\e[0K" "$stamp" "$label" + local label="$1" + local stamp + stamp=$(date +%s) + printf "section_end:%s:%s\r\e[0K" "$stamp" "$label" } else function start_section() { - true + true } function end_section() { - true + true } fi @@ -193,7 +193,6 @@ yes_or_no ON_GITLAB yes_or_no FATAL_WARNINGS yes_or_no HARDENING yes_or_no COVERAGE -yes_or_no RUST yes_or_no DOXYGEN yes_or_no ASCIIDOC yes_or_no TRACING @@ -245,9 +244,6 @@ fi if [[ "$COVERAGE" == "yes" ]]; then configure_options+=("--enable-coverage") fi -if [[ "$RUST" == "yes" ]]; then - configure_options+=("--enable-rust") -fi if [[ "$ASCIIDOC" != "yes" ]]; then configure_options+=("--disable-asciidoc") fi @@ -297,19 +293,15 @@ TOR_VER_AT_LEAST_044=no # These are the currently supported Tor versions; no need to work with anything # ancient in this script. case "$TOR_VERSION" in - 0.3.*) - TOR_VER_AT_LEAST_043=no - TOR_VER_AT_LEAST_044=no - ;; - 0.4.[012].*) - TOR_VER_AT_LEAST_043=no - TOR_VER_AT_LEAST_044=no + 0.4.5.*) + TOR_VER_AT_LEAST_043=yes + TOR_VER_AT_LEAST_044=yes ;; - 0.4.3.*) + 0.4.6.*) TOR_VER_AT_LEAST_043=yes - TOR_VER_AT_LEAST_044=no + TOR_VER_AT_LEAST_044=yes ;; - *) + 0.4.7.*) TOR_VER_AT_LEAST_043=yes TOR_VER_AT_LEAST_044=yes ;; @@ -346,18 +338,18 @@ if [[ "$RUN_STAGE_CONFIGURE" = "yes" ]]; then start_section "Configure" if ! runcmd "${CI_SRCDIR}"/configure "${configure_options[@]}" ; then - error "Here is the end of config.log:" - runcmd tail config.log - die "Unable to continue" + error "Here is the end of config.log:" + runcmd tail config.log + die "Unable to continue" fi end_section "Configure" else debug "Skipping configure stage. Making sure that ${CI_BUILDDIR}/config.log exists." if [[ ! -d "${CI_BUILDDIR}" ]]; then - die "Build directory ${CI_BUILDDIR} did not exist!"; + die "Build directory ${CI_BUILDDIR} did not exist!" fi if [[ ! -f "${CI_BUILDDIR}/config.log" ]]; then - die "Tor was not configured in ${CI_BUILDDIR}!"; + die "Tor was not configured in ${CI_BUILDDIR}!" fi cp config.log "${CI_SRCDIR}"/artifacts @@ -371,26 +363,26 @@ fi if [[ "$RUN_STAGE_BUILD" = "yes" ]] ; then if [[ "$DISTCHECK" = "no" ]]; then - start_section "Build" - runcmd make "${make_options[@]}" all + start_section "Build" + runcmd make "${make_options[@]}" all cp src/app/tor "${CI_SRCDIR}"/artifacts - end_section "Build" + end_section "Build" else - export DISTCHECK_CONFIGURE_FLAGS="${configure_options[*]}" - # XXXX Set make options? - start_section Distcheck - if runcmd make "${make_options[@]}" distcheck ; then + export DISTCHECK_CONFIGURE_FLAGS="${configure_options[*]}" + # XXXX Set make options? + start_section Distcheck + if runcmd make "${make_options[@]}" distcheck ; then hooray "Distcheck was successful. Nothing further will be done." # We have to exit early here, since we can't do any other tests. cp tor-*.tar.gz "${CI_SRCDIR}"/artifacts - exit 0 - else + else error "Diagnostics:" runcmd make show-distdir-testlog || true runcmd make show-distdir-core || true die "Unable to continue." - fi - end_section Distcheck + fi + end_section Distcheck + exit 0 fi fi @@ -408,9 +400,9 @@ if [[ "${DOXYGEN}" = 'yes' ]]; then start_section Doxygen if [[ "${TOR_VER_AT_LEAST_043}" = 'yes' ]]; then if runcmd make doxygen; then - hooray "make doxygen has succeeded." + hooray "make doxygen has succeeded." else - FAILED_TESTS="${FAILED_TESTS} doxygen" + FAILED_TESTS="${FAILED_TESTS} doxygen" fi else skipping "make doxygen: doxygen is broken for Tor < 0.4.3" @@ -444,6 +436,8 @@ if [[ "${CHUTNEY}" = "yes" ]]; then start_section "Chutney" export CHUTNEY_TOR_SANDBOX=0 export CHUTNEY_ALLOW_FAILURES=2 + # Send 5MB for every verify check. + export CHUTNEY_DATA_BYTES=5000000 if runcmd make "${CHUTNEY_MAKE_TARGET}"; then hooray "Chutney tests have succeeded" else @@ -452,43 +446,43 @@ if [[ "${CHUTNEY}" = "yes" ]]; then runcmd "${CHUTNEY_PATH}"/tools/diagnostics.sh || true # XXXX These next two should be part of a make target. runcmd ls test_network_log || true - runcmd cat test_network_log || true + runcmd head -n -0 test_network_log/* || true FAILED_TESTS="${FAILED_TESTS} chutney" fi end_section "Chutney" fi if [[ "${STEM}" = "yes" ]]; then - start_section "Stem" - # 0.3.5 and onward have now disabled onion service v2 so we need to exclude - # these Stem tests from now on. - EXCLUDE_TESTS="--exclude-test control.controller.test_ephemeral_hidden_services_v2 --exclude-test control.controller.test_hidden_services_conf --exclude-test control.controller.test_with_ephemeral_hidden_services_basic_auth --exclude-test control.controller.test_without_ephemeral_hidden_services --exclude-test control.controller.test_with_ephemeral_hidden_services_basic_auth_no_credentials" - if [[ "${TOR_VER_AT_LEAST_044}" = 'yes' ]]; then - # XXXX This should probably be part of some test-stem make target. - - # Disable the check around EXCLUDE_TESTS that requires double quote. We - # need it to be expanded. - # shellcheck disable=SC2086 - if runcmd timelimit -p -t 520 -s USR1 -T 30 -S ABRT \ - python3 "${STEM_PATH}/run_tests.py" \ - --tor src/app/tor \ - --integ --test control.controller \ - $EXCLUDE_TESTS \ - --test control.base_controller \ - --test process \ - --log TRACE \ - --log-file stem.log ; then - hooray "Stem tests have succeeded" - else - error "Stem output:" - runcmd tail -1000 "${STEM_PATH}"/test/data/tor_log - runcmd grep -v "SocketClosed" stem.log | tail -1000 - FAILED_TESTS="${FAILED_TESTS} stem" - fi - else - skipping "Stem: broken with <= 0.4.3. See bug tor#40077" - fi - end_section "Stem" + start_section "Stem" + # 0.3.5 and onward have now disabled onion service v2 so we need to exclude + # these Stem tests from now on. + EXCLUDE_TESTS="--exclude-test control.controller.test_ephemeral_hidden_services_v2 --exclude-test control.controller.test_hidden_services_conf --exclude-test control.controller.test_with_ephemeral_hidden_services_basic_auth --exclude-test control.controller.test_without_ephemeral_hidden_services --exclude-test control.controller.test_with_ephemeral_hidden_services_basic_auth_no_credentials" + if [[ "${TOR_VER_AT_LEAST_044}" = 'yes' ]]; then + # XXXX This should probably be part of some test-stem make target. + + # Disable the check around EXCLUDE_TESTS that requires double quote. We + # need it to be expanded. + # shellcheck disable=SC2086 + if runcmd timelimit -p -t 520 -s USR1 -T 30 -S ABRT \ + python3 "${STEM_PATH}/run_tests.py" \ + --tor src/app/tor \ + --integ --test control.controller \ + $EXCLUDE_TESTS \ + --test control.base_controller \ + --test process \ + --log TRACE \ + --log-file stem.log ; then + hooray "Stem tests have succeeded" + else + error "Stem output:" + runcmd tail -1000 "${STEM_PATH}"/test/data/tor_log + runcmd grep -v "SocketClosed" stem.log | tail -1000 + FAILED_TESTS="${FAILED_TESTS} stem" + fi + else + skipping "Stem: broken with <= 0.4.3. See bug tor#40077" + fi + end_section "Stem" fi # TODO: Coverage diff --git a/scripts/codegen/fuzzing_include_am.py b/scripts/codegen/fuzzing_include_am.py index b52b956f81..d5d5cb0154 100755 --- a/scripts/codegen/fuzzing_include_am.py +++ b/scripts/codegen/fuzzing_include_am.py @@ -6,16 +6,18 @@ from __future__ import print_function from __future__ import unicode_literals FUZZERS = """ + address + addressPTR consensus descriptor diff diff-apply extrainfo - hsdescv2 hsdescv3 + hsdescv3-inner + hsdescv3-middle http http-connect - iptsv2 microdesc socks strops @@ -32,7 +34,6 @@ FUZZING_LDFLAG = \ @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) @TOR_LDFLAGS_libevent@ FUZZING_LIBS = \ src/test/libtor-testing.a \ - $(rust_ldadd) \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \ @TOR_LIBEVENT_LIBS@ $(TOR_LIBS_CRYPTLIB) \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@ \ @@ -47,11 +48,10 @@ oss-fuzz-prereqs: \ noinst_HEADERS += \ src/test/fuzz/fuzzing.h -LIBFUZZER = -lFuzzer LIBFUZZER_CPPFLAGS = $(FUZZING_CPPFLAGS) -DLLVM_FUZZ LIBFUZZER_CFLAGS = $(FUZZING_CFLAGS) -LIBFUZZER_LDFLAG = $(FUZZING_LDFLAG) -LIBFUZZER_LIBS = $(FUZZING_LIBS) $(LIBFUZZER) -lstdc++ +LIBFUZZER_LDFLAG = $(FUZZING_LDFLAG) -fsanitize=fuzzer +LIBFUZZER_LIBS = $(FUZZING_LIBS) -lstdc++ LIBOSS_FUZZ_CPPFLAGS = $(FUZZING_CPPFLAGS) -DLLVM_FUZZ LIBOSS_FUZZ_CFLAGS = $(FUZZING_CFLAGS) diff --git a/scripts/git/git-list-tor-branches.sh b/scripts/git/git-list-tor-branches.sh index 5a527ffc05..dd3cf154b4 100755 --- a/scripts/git/git-list-tor-branches.sh +++ b/scripts/git/git-list-tor-branches.sh @@ -8,7 +8,7 @@ SCRIPT_NAME=$(basename "$0") function usage() { - echo "$SCRIPT_NAME [-h] [-l|-s|-b|-m] [-R]" + echo "$SCRIPT_NAME [-h] [-l|-s|-b|-m] [-R|-M]" echo echo " arguments:" echo " -h: show this help text" @@ -20,6 +20,7 @@ function usage() echo " ( branch parent path suffix parent_suffix ) arrays" echo echo " -R: omit release branches." + echo " -M: omit maint branches." } # list : just a list of branch names. @@ -27,9 +28,10 @@ function usage() # suffix: write a list of suffixes. # merge: branch, upstream, path, suffix, upstream suffix. mode="list" +skip_maint_branches="no" skip_release_branches="no" -while getopts "hblmsR" opt ; do +while getopts "hblmsRM" opt ; do case "$opt" in h) usage exit 0 @@ -42,6 +44,8 @@ while getopts "hblmsR" opt ; do ;; m) mode="merge" ;; + M) skip_maint_branches="yes" + ;; R) skip_release_branches="yes" ;; *) echo "Unknown option" @@ -73,13 +77,16 @@ branch() { # location: where the branch can be found. - if [[ "$brname" == "master" ]]; then - suffix="_master" + if [[ "$brname" == "main" ]]; then + suffix="_main" location="\$GIT_PATH/\$TOR_MASTER_NAME" elif [[ "$brname" =~ ^maint- ]]; then suffix="_${brname_nodots#maint-}" location="\$GIT_PATH/\$TOR_WKT_NAME/$brname" is_maint="yes" + if [[ "$skip_maint_branches" = "yes" ]]; then + return + fi elif [[ "$brname" =~ ^release- ]]; then suffix="_r${brname_nodots#release-}" location="\$GIT_PATH/\$TOR_WKT_NAME/$brname" @@ -136,15 +143,15 @@ finish() { # List of all branches. These must be in order, from oldest to newest, with # maint before release. -branch maint-0.3.5 -branch release-0.3.5 +branch maint-0.4.5 +branch release-0.4.5 -branch maint-0.4.3 -branch release-0.4.3 +branch maint-0.4.6 +branch release-0.4.6 -branch maint-0.4.4 -branch release-0.4.4 +branch maint-0.4.7 +branch release-0.4.7 -branch master +branch main finish diff --git a/scripts/git/git-merge-forward.sh b/scripts/git/git-merge-forward.sh index 7c72f8478d..d5d663d558 100755 --- a/scripts/git/git-merge-forward.sh +++ b/scripts/git/git-merge-forward.sh @@ -12,8 +12,8 @@ function usage() echo " (default: run commands)" echo " -t: test branch mode: create new branches from the commits checked" echo " out in each maint directory. Call these branches prefix_035," - echo " prefix_040, ... , prefix_master." - echo " (default: merge forward maint-*, release-*, and master)" + echo " prefix_040, ... , prefix_main." + echo " (default: merge forward maint-*, release-*, and main)" echo " -u: in test branch mode, if a prefix_* branch already exists," echo " skip creating that branch. Use after a merge error, to" echo " restart the merge forward at the first unmerged branch." @@ -28,7 +28,7 @@ function usage() echo echo " optional:" echo " TOR_MASTER: the name of the directory containing the tor.git clone" - echo " The tor master git directory is \$GIT_PATH/\$TOR_MASTER" + echo " The primary tor git directory is \$GIT_PATH/\$TOR_MASTER" echo " (default: tor; current: $TOR_MASTER_NAME)" echo " TOR_WKT_NAME: the name of the directory containing the tor" echo " worktrees. The tor worktrees are:" @@ -45,7 +45,7 @@ function usage() # Where are all those git repositories? GIT_PATH=${TOR_FULL_GIT_PATH:-"FULL_PATH_TO_GIT_REPOSITORY_DIRECTORY"} -# The tor master git repository directory from which all the worktree have +# The main branch git repository directory from which all the worktree have # been created. TOR_MASTER_NAME=${TOR_MASTER_NAME:-"tor"} # The worktrees location (directory). @@ -106,7 +106,7 @@ DRY_RUN=0 # Controlled by the -t <test-branch-prefix> option. The test branch base # name option makes git-merge-forward.sh create new test branches: -# <tbbn>_035, <tbbn>_040, ... , <tbbn>_master, and merge forward. +# <tbbn>_035, <tbbn>_040, ... , <tbbn>_main, and merge forward. TEST_BRANCH_PREFIX= # Controlled by the -u option. The use existing option checks for existing diff --git a/scripts/git/git-pull-all.sh b/scripts/git/git-pull-all.sh index 52a5c6140c..bbe2576d8e 100755 --- a/scripts/git/git-pull-all.sh +++ b/scripts/git/git-pull-all.sh @@ -20,7 +20,7 @@ usage() echo echo " optional:" echo " TOR_MASTER: the name of the directory containing the tor.git clone" - echo " The tor master git directory is \$GIT_PATH/\$TOR_MASTER" + echo " The primary tor git directory is \$GIT_PATH/\$TOR_MASTER" echo " (default: tor; current: $TOR_MASTER_NAME)" echo " TOR_WKT_NAME: the name of the directory containing the tor" echo " worktrees. The tor worktrees are:" @@ -37,7 +37,7 @@ usage() # Where are all those git repositories? GIT_PATH=${TOR_FULL_GIT_PATH:-"FULL_PATH_TO_GIT_REPOSITORY_DIRECTORY"} -# The tor master git repository directory from which all the worktree have +# The primary tor git repository directory from which all the worktree have # been created. TOR_MASTER_NAME=${TOR_MASTER_NAME:-"tor"} # The worktrees location (directory). @@ -51,7 +51,7 @@ set -e eval "$(git-list-tor-branches.sh -b)" set +e -# The master branch path has to be the main repository thus contains the +# The main branch path has to be the main repository thus contains the # origin that will be used to fetch the updates. All the worktrees are created # from that repository. ORIGIN_PATH="$GIT_PATH/$TOR_MASTER_NAME" @@ -159,20 +159,7 @@ function goto_repo function fetch_origin { local cmd="git fetch origin" - printf " %s Fetching origin..." "$MARKER" - if [ $DRY_RUN -eq 0 ]; then - msg=$( eval "$cmd" 2>&1 ) - validate_ret $? "$msg" - else - printf "\\n %s\\n" "${IWTH}$cmd${CNRM}" - fi -} - -# Fetch tor-github pull requests. No arguments. -function fetch_tor_github -{ - local cmd="git fetch tor-github" - printf " %s Fetching tor-github..." "$MARKER" + printf "%s Fetching origin..." "$MARKER" if [ $DRY_RUN -eq 0 ]; then msg=$( eval "$cmd" 2>&1 ) validate_ret $? "$msg" @@ -185,7 +172,7 @@ function fetch_tor_github function fetch_tor_gitlab { local cmd="git fetch tor-gitlab" - printf " %s Fetching tor-gitlab..." "$MARKER" + printf "%s Fetching tor-gitlab..." "$MARKER" if [ $DRY_RUN -eq 0 ]; then msg=$( eval "$cmd" 2>&1 ) validate_ret $? "$msg" @@ -198,11 +185,10 @@ function fetch_tor_gitlab # Entry point # ############### -# First, fetch tor-github. +# Get into our origin repository. goto_repo "$ORIGIN_PATH" -fetch_tor_github -# Then tor-gitlab +# First, fetch tor-gitlab fetch_tor_gitlab # Then, fetch the origin. diff --git a/scripts/git/git-push-all.sh b/scripts/git/git-push-all.sh index 558ea8d01c..e5c16e615f 100755 --- a/scripts/git/git-push-all.sh +++ b/scripts/git/git-push-all.sh @@ -21,10 +21,10 @@ function usage() echo " -r: push to remote-name, rather than the default upstream remote." echo " (default: $DEFAULT_UPSTREAM_REMOTE, current: $UPSTREAM_REMOTE)" echo " -t: test branch mode: push test branches to remote-name. Pushes" - echo " branches prefix_035, prefix_040, ... , prefix_master." - echo " (default: push maint-*, release-*, and master)" + echo " branches prefix_035, prefix_040, ... , prefix_main." + echo " (default: push maint-*, release-*, and main)" echo " -s: push branches whose tips match upstream maint, release, or" - echo " master branches. The default is to skip these branches," + echo " main branches. The default is to skip these branches," echo " because they do not contain any new code. Use -s to test for" echo " CI environment failures, using code that previously passed CI." echo " (default: skip; current: $CURRENT_PUSH_SAME matching branches)" @@ -45,7 +45,7 @@ function usage() echo " (default: use the current directory for pushes;" echo " current: $TOR_FULL_GIT_PATH)" echo " TOR_MASTER: the name of the directory containing the tor.git clone" - echo " The tor master git directory is \$GIT_PATH/\$TOR_MASTER" + echo " The primary tor git directory is \$GIT_PATH/\$TOR_MASTER" echo " (default: tor; current: $TOR_MASTER_NAME)" echo echo " TOR_UPSTREAM_REMOTE_NAME: the default upstream remote." @@ -55,9 +55,9 @@ function usage() echo " Overridden by <git push options> after --." echo " (default: git push --atomic; current: $GIT_PUSH)" echo " TOR_PUSH_SAME: push branches whose tips match upstream maint," - echo " release, or master branches. Inverted by -s." + echo " release, or main branches. Inverted by -s." echo " (default: skip; current: $CURRENT_PUSH_SAME matching branches)" - echo " TOR_PUSH_DELAY: pushes the master and maint branches separately," + echo " TOR_PUSH_DELAY: pushes the main and maint branches separately," echo " so that CI runs in a sensible order." echo " (default: push all branches immediately; current: $PUSH_DELAY)" echo " we recommend that you set these env vars in your ~/.profile" @@ -71,7 +71,7 @@ set -e # Don't change this configuration - set the env vars in your .profile # -# The tor master git repository directory from which all the worktree have +# The primary tor git repository directory from which all the worktree have # been created. TOR_MASTER_NAME=${TOR_MASTER_NAME:-"tor"} # Which directory do we push from? @@ -87,7 +87,7 @@ UPSTREAM_REMOTE=${DEFAULT_UPSTREAM_REMOTE} # Add a delay between pushes, so CI runs on the most important branches first PUSH_DELAY=${TOR_PUSH_DELAY:-0} # Push (1) or skip (0) test branches that are the same as an upstream -# maint/master branch. Push if you are testing that the CI environment still +# maint/main branch. Push if you are testing that the CI environment still # works on old code, skip if you are testing new code in the branch. # Default: skip unchanged branches. # Inverted by the -s option. @@ -99,7 +99,7 @@ PUSH_SAME=${TOR_PUSH_SAME:-0} # Controlled by the -t <test-branch-prefix> option. The test branch prefix # option makes git-merge-forward.sh create new test branches: -# <tbp>_035, <tbp>_040, ... , <tbp>_master, and merge each branch forward into +# <tbp>_035, <tbp>_040, ... , <tbp>_main, and merge each branch forward into # the next one. TEST_BRANCH_PREFIX= @@ -213,7 +213,7 @@ if [ "$TEST_BRANCH_PREFIX" ]; then # upstream branches (they have already been tested) UPSTREAM_SKIP_SAME_AS="$UPSTREAM_BRANCHES $DEFAULT_UPSTREAM_BRANCHES" else - # Skip the local maint-*, release-*, master branches that are the same as the + # Skip the local maint-*, release-*, main branches that are the same as the # current upstream branches, but ignore the default upstream # (we want to update a non-default remote, even if it matches the default) UPSTREAM_SKIP_SAME_AS="$UPSTREAM_BRANCHES" @@ -264,8 +264,8 @@ if [ "$PUSH_DELAY" -le 0 ]; then else # Push the branches in optimal CI order, with a delay between each push PUSH_BRANCHES=$(echo "$PUSH_BRANCHES" | tr " " "\\n" | sort -V) - MASTER_BRANCH=$(echo "$PUSH_BRANCHES" | tr " " "\\n" | grep master) \ - || true # Skipped master branch + MASTER_BRANCH=$(echo "$PUSH_BRANCHES" | tr " " "\\n" | grep main$) \ + || true # Skipped main branch if [ -z "$TEST_BRANCH_PREFIX" ]; then MAINT_BRANCHES=$(echo "$PUSH_BRANCHES" | tr " " "\\n" | grep maint) \ || true # Skipped all maint branches @@ -273,7 +273,7 @@ else tr "\\n" " ") || true # Skipped all release branches else # Actually test branches based on maint branches - MAINT_BRANCHES=$(echo "$PUSH_BRANCHES" | tr " " "\\n" | grep -v master) \ + MAINT_BRANCHES=$(echo "$PUSH_BRANCHES" | tr " " "\\n" | grep -v main$) \ || true # Skipped all maint test branches # No release branches RELEASE_BRANCHES= @@ -295,9 +295,9 @@ else # shellcheck disable=SC2086 for b in $MASTER_BRANCH $MAINT_BRANCHES; do $GIT_PUSH "$@" "$UPSTREAM_REMOTE" "$b" - # If we are pushing more than one branch, delay. - # In the unlikely scenario where we are pushing maint without master, - # or maint without release, there may be an extra delay + # If we are pushing more than one branch, delay. In the unlikely scenario + # where we are pushing maint branches without the main branch, or maint + # without release, there may be an extra delay if [ "$MAINT_BRANCHES" ] || [ "$RELEASE_BRANCHES" ]; then sleep "$PUSH_DELAY" fi diff --git a/scripts/git/git-setup-dirs.sh b/scripts/git/git-setup-dirs.sh index 5a9ae41cbd..c502f74f58 100755 --- a/scripts/git/git-setup-dirs.sh +++ b/scripts/git/git-setup-dirs.sh @@ -22,7 +22,7 @@ function usage() echo echo " optional:" echo " TOR_MASTER: the name of the directory containing the tor.git clone" - echo " The tor master git directory is \$GIT_PATH/\$TOR_MASTER" + echo " The primary tor git directory is \$GIT_PATH/\$TOR_MASTER" echo " (default: tor; current: $TOR_MASTER_NAME)" echo " TOR_WKT_NAME: the name of the directory containing the tor" echo " worktrees. The tor worktrees are:" @@ -65,7 +65,7 @@ function usage() # Where are all those git repositories? GIT_PATH=${TOR_FULL_GIT_PATH:-"FULL_PATH_TO_GIT_REPOSITORY_DIRECTORY"} -# The tor master git repository directory from which all the worktree have +# The primary tor git repository directory from which all the worktree have # been created. TOR_MASTER_NAME=${TOR_MASTER_NAME:-"tor"} # The worktrees location (directory). @@ -102,7 +102,7 @@ set -e eval "$(git-list-tor-branches.sh -b)" set +e -# The master branch path has to be the main repository thus contains the +# The main branch path has to be the main repository thus contains the # origin that will be used to fetch the updates. All the worktrees are created # from that repository. ORIGIN_PATH="$GIT_PATH/$TOR_MASTER_NAME" @@ -519,11 +519,11 @@ for ((i=0; i<COUNT; i++)); do repo_path=${!WORKTREE[$i]:1:1} printf "%s Handling branch %s\\n" "$MARKER" "${BYEL}$branch${CNRM}" - # We cloned the repository, and master is the default branch - if [ "$branch" = "master" ]; then - if [ "$TOR_MASTER_NAME" != "master" ]; then - # Set up a master link in the worktree directory - make_symlink "$repo_path" "$GIT_PATH/$TOR_WKT_NAME/master" + # We cloned the repository, and main is the default branch + if [ "$branch" = "main" ]; then + if [ "$TOR_MASTER_NAME" != "main" ]; then + # Set up a main branch link in the worktree directory + make_symlink "$repo_path" "$GIT_PATH/$TOR_WKT_NAME/main" fi else # git makes worktree directories if they don't exist diff --git a/scripts/git/post-merge.git-hook b/scripts/git/post-merge.git-hook index eae4f999e7..b458630d26 100755 --- a/scripts/git/post-merge.git-hook +++ b/scripts/git/post-merge.git-hook @@ -36,8 +36,8 @@ check_for_script_update() { } cur_branch=$(git rev-parse --abbrev-ref HEAD) -if [ "$cur_branch" != "master" ]; then - echo "post-merge: Not a master branch. Skipping." +if [ "$cur_branch" != "main" ]; then + echo "post-merge: Not a main branch. Skipping." exit 0 fi diff --git a/scripts/git/pre-push.git-hook b/scripts/git/pre-push.git-hook index f0a3a250ec..0f016df592 100755 --- a/scripts/git/pre-push.git-hook +++ b/scripts/git/pre-push.git-hook @@ -2,9 +2,9 @@ # git pre-push hook script to: # 0) Call the pre-commit hook, if it is available -# 1) prevent "fixup!" and "squash!" commit from ending up in master, release-* +# 1) prevent "fixup!" and "squash!" commit from ending up in main, release-* # or maint-* -# 2) Disallow pushing branches other than master, release-* +# 2) Disallow pushing branches other than main, release-* # and maint-* to origin (e.g. gitweb.torproject.org) # # To install this script, copy it into .git/hooks/pre-push path in your @@ -39,7 +39,7 @@ remote_name=$(git remote --verbose | grep "$2" | awk '{print $1}' | head -n 1) ref_is_upstream_branch() { - if [ "$1" == "refs/heads/master" ] || + if [ "$1" == "refs/heads/main" ] || [[ "$1" == refs/heads/release-* ]] || [[ "$1" == refs/heads/maint-* ]]; then return 1 @@ -54,8 +54,8 @@ do : else if [ "$remote_sha" = $z40 ]; then - # New branch, examine commits not in master - range="master...$local_sha" + # New branch, examine commits not in main + range="main...$local_sha" else # Update to existing branch, examine new commits range="$remote_sha..$local_sha" diff --git a/scripts/maint/checkOptionDocs.pl.in b/scripts/maint/checkOptionDocs.pl.in index bb8008c2e8..2d4a7884f5 100644 --- a/scripts/maint/checkOptionDocs.pl.in +++ b/scripts/maint/checkOptionDocs.pl.in @@ -43,7 +43,7 @@ open(F, "@abs_top_srcdir@/doc/man/tor.1.txt") or die; while (<F>) { if (m!^(?:\[\[([A-za-z0-9_]+)\]\] *)?\*\*([A-Za-z0-9_]+)\*\*!) { $manPageOptions{$2} = 1; - print "Missing an anchor: $2\n" unless (defined $1 or $2 eq 'tor'); + print "Missing an anchor: $2\n" unless (defined $1 or $2 eq 'tor'); } } close F; diff --git a/scripts/maint/checkShellScripts.sh b/scripts/maint/checkShellScripts.sh index 0a423be29e..f7e260bbd2 100755 --- a/scripts/maint/checkShellScripts.sh +++ b/scripts/maint/checkShellScripts.sh @@ -41,7 +41,6 @@ rm -f "$TOPLEVEL/contrib/dist/suse/tor.sh" "$TOPLEVEL/contrib/dist/tor.sh" find "$TOPLEVEL/contrib" "$TOPLEVEL/doc" "$TOPLEVEL/scripts" "$TOPLEVEL/src" \ -name "*.sh" \ -not -path "$TOPLEVEL/src/ext/*" \ - -not -path "$TOPLEVEL/src/rust/registry/*" \ -exec shellcheck {} + # Check scripts that aren't named *.sh diff --git a/scripts/maint/checkSpace.pl b/scripts/maint/checkSpace.pl index 857ce6f6f1..8ecbf414cf 100755 --- a/scripts/maint/checkSpace.pl +++ b/scripts/maint/checkSpace.pl @@ -7,13 +7,13 @@ my $found = 0; my $COLON_POS = 10; sub msg { - $found = 1; - my $v = shift; - $v =~ /^\s*([^:]+):(.*)$/; - chomp(my $errtype = $1); - my $rest = $2; - my $padding = ' ' x ($COLON_POS - length $errtype); - print "$padding$errtype:$rest\n"; + $found = 1; + my $v = shift; + $v =~ /^\s*([^:]+):(.*)$/; + chomp(my $errtype = $1); + my $rest = $2; + my $padding = ' ' x ($COLON_POS - length $errtype); + print "$padding$errtype:$rest\n"; } my $C = 0; diff --git a/scripts/maint/check_config_macros.pl b/scripts/maint/check_config_macros.pl index bcde2beccc..1398b9984a 100755 --- a/scripts/maint/check_config_macros.pl +++ b/scripts/maint/check_config_macros.pl @@ -7,7 +7,7 @@ my @macros = (); open(F, 'orconfig.h.in'); while(<F>) { if (/^#undef +([A-Za-z0-9_]*)/) { - push @macros, $1; + push @macros, $1; } } close F; @@ -15,6 +15,6 @@ close F; for my $m (@macros) { my $s = `git grep '$m' src`; if ($s eq '') { - print "Unused: $m\n"; + print "Unused: $m\n"; } } diff --git a/scripts/maint/code-format.sh b/scripts/maint/code-format.sh index d8f597d70d..5998e96f68 100755 --- a/scripts/maint/code-format.sh +++ b/scripts/maint/code-format.sh @@ -160,11 +160,17 @@ if [[ $GITIDX = 1 ]]; then # partially staged. note "Stashing unstaged changes" git stash -q --keep-index + # For some reasons, shellcheck is not seeing that we can call this + # function from the trap below. + # shellcheck disable=SC2317 function restoregit() { note "Restoring git state" git stash pop -q } else + # For some reasons, shellcheck is not seeing that we can call this + # function from the trap below. + # shellcheck disable=SC2317 function restoregit() { true } diff --git a/scripts/maint/findMergedChanges.pl b/scripts/maint/findMergedChanges.pl index d6c4105b74..427f2b111d 100755 --- a/scripts/maint/findMergedChanges.pl +++ b/scripts/maint/findMergedChanges.pl @@ -9,7 +9,7 @@ sub nChanges { # requires perl 5.8. Avoids shell issues if we ever get a changes # file named by the parents of Little Johnny Tables. open F, "-|", "git", "log", "--no-merges", "--pretty=format:%H", $branches, "--", $fname - or die "$!"; + or die "$!"; my @changes = <F>; return scalar @changes } @@ -22,13 +22,13 @@ Usage: findMergedChanges.pl [--merged/--unmerged/--weird/--list] [--branch=<branchname] [--head=<branchname>] changes/* A change is "merged" if it has ever been merged to release-0.2.4 and it has had -no subsequent changes in master. +no subsequent changes in main. A change is "unmerged" if it has never been merged to release-0.2.4 and it -has had changes in master. +has had changes in main. A change is "weird" if it has been merged to release-0.2.4 and it *has* had -subsequent changes in master. +subsequent changes in main. Suggested application: findMergedChanges.pl --merged changes/* | xargs -n 1 git rm @@ -37,18 +37,18 @@ EOF } my $target_branch = "origin/release-0.2.4"; -my $head = "origin/master"; +my $head = "origin/main"; while (@ARGV and $ARGV[0] =~ /^--/) { my $flag = shift @ARGV; if ($flag =~ /^--(weird|merged|unmerged|list)/) { - $look_for_type = $1; + $look_for_type = $1; } elsif ($flag =~ /^--branch=(\S+)/) { $target_branch = $1; } elsif ($flag =~ /^--head=(\S+)/) { $head = $1; } else { - die "Unrecognized flag $flag"; + die "Unrecognized flag $flag"; } } @@ -58,16 +58,16 @@ for my $changefile (@ARGV) { my $type; if ($n_merged != 0 and $n_postmerged == 0) { - $type = "merged"; + $type = "merged"; } elsif ($n_merged == 0 and $n_postmerged != 0) { - $type = "unmerged"; + $type = "unmerged"; } else { - $type = "weird"; + $type = "weird"; } if ($type eq $look_for_type) { - print "$changefile\n"; + print "$changefile\n"; } elsif ($look_for_type eq 'list') { - printf "% 8s: %s\n", $type, $changefile; + printf "% 8s: %s\n", $type, $changefile; } } diff --git a/scripts/maint/format_changelog.py b/scripts/maint/format_changelog.py index 93ab56e257..32b47ffcbb 100755 --- a/scripts/maint/format_changelog.py +++ b/scripts/maint/format_changelog.py @@ -424,7 +424,7 @@ def bug_html(m): try: disp_prefix, url_prefix = ISSUE_PREFIX_MAP[prefix] except KeyError: - print("Can't figure out URL for {}{}".formt(prefix,bugno), + print("Can't figure out URL for {}{}".format(prefix,bugno), file=sys.stderr) return "{} {}{}".format(kind, prefix, bugno) diff --git a/scripts/maint/gen_ccls_file.sh b/scripts/maint/gen_ccls_file.sh index 899e4e9603..04e31d22a8 100755 --- a/scripts/maint/gen_ccls_file.sh +++ b/scripts/maint/gen_ccls_file.sh @@ -15,6 +15,17 @@ CCLS_FILE=".ccls" PRIVATE_DEFS=$(grep -r --include \*.h "_PRIVATE" | grep "#ifdef" | cut -d' ' -f2 | sort | uniq) echo "clang" > "$CCLS_FILE" + +# Add these include so the ccls server can properly check new files that are +# not in the compile_commands.json yet +{ + echo "-I." + echo "-I./src" + echo "-I./src/ext" + echo "-I./src/ext/trunnel" +} >> "$CCLS_FILE" + +# Add all defines (-D). for p in $PRIVATE_DEFS; do - echo "-D$p" >> "$CCLS_FILE" + echo "-D$p" >> "$CCLS_FILE" done diff --git a/scripts/maint/geoip/README.geoip b/scripts/maint/geoip/README.geoip new file mode 100644 index 0000000000..0ed94b2276 --- /dev/null +++ b/scripts/maint/geoip/README.geoip @@ -0,0 +1,25 @@ +To generate new geoip files, you'll need to install the +libloc/"location" tool provided by https://location.ipfire.org/. +I personally build it with: + + ./configure CFLAGS='-g -O2' --disable-perl --without-systemd --prefix=/opt/libloc + make + make install + +Then (after adjusting PATH and PYTHONPATH) you can get the latest +dump with: + + location update + location dump geoip-dump.txt + +And transform it into geoip files with + + cargo run --release -- -i geoip-dump.txt + + +============================== + +Note that the current version "0.1.9" of rangemap has a performance +bug, making this tool quite slow. Previous versions had a +correctness bug that made the output needlessly long. With luck, +there will soon be a fast correct rangemap version.
\ No newline at end of file diff --git a/scripts/maint/geoip/geoip-db-tool/.gitignore b/scripts/maint/geoip/geoip-db-tool/.gitignore new file mode 100644 index 0000000000..eb5a316cbd --- /dev/null +++ b/scripts/maint/geoip/geoip-db-tool/.gitignore @@ -0,0 +1 @@ +target diff --git a/scripts/maint/geoip/geoip-db-tool/Cargo.lock b/scripts/maint/geoip/geoip-db-tool/Cargo.lock new file mode 100644 index 0000000000..ba610d4fc3 --- /dev/null +++ b/scripts/maint/geoip/geoip-db-tool/Cargo.lock @@ -0,0 +1,110 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +[[package]] +name = "argh" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91792f088f87cdc7a2cfb1d617fa5ea18d7f1dc22ef0e1b5f82f3157cdc522be" +dependencies = [ + "argh_derive", + "argh_shared", +] + +[[package]] +name = "argh_derive" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4eb0c0c120ad477412dc95a4ce31e38f2113e46bd13511253f79196ca68b067" +dependencies = [ + "argh_shared", + "heck", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "argh_shared" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "781f336cc9826dbaddb9754cb5db61e64cab4f69668bd19dcc4a0394a86f4cb1" + +[[package]] +name = "geoip-db-tool" +version = "0.1.0" +dependencies = [ + "argh", + "ipnetwork", + "rangemap", +] + +[[package]] +name = "heck" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87cbf45460356b7deeb5e3415b5563308c0a9b057c85e12b06ad551f98d0a6ac" +dependencies = [ + "unicode-segmentation", +] + +[[package]] +name = "ipnetwork" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02c3eaab3ac0ede60ffa41add21970a7df7d91772c03383aac6c2c3d53cc716b" +dependencies = [ + "serde", +] + +[[package]] +name = "proc-macro2" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71" +dependencies = [ + "unicode-xid", +] + +[[package]] +name = "quote" +version = "1.0.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3d0b9745dc2debf507c8422de05d7226cc1f0644216dfdfead988f9b1ab32a7" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rangemap" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90531bef860f96441c4cb74a1e43c281cd1366143928f944546ef0b1c60392b0" + +[[package]] +name = "serde" +version = "1.0.123" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "92d5161132722baa40d802cc70b15262b98258453e85e5d1d365c757c73869ae" + +[[package]] +name = "syn" +version = "1.0.60" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c700597eca8a5a762beb35753ef6b94df201c81cca676604f547495a0d7f0081" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + +[[package]] +name = "unicode-segmentation" +version = "1.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0d2e7be6ae3a5fa87eed5fb451aff96f2573d2694942e40543ae0bbe19c796" + +[[package]] +name = "unicode-xid" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564" diff --git a/scripts/maint/geoip/geoip-db-tool/Cargo.toml b/scripts/maint/geoip/geoip-db-tool/Cargo.toml new file mode 100644 index 0000000000..8c794ca058 --- /dev/null +++ b/scripts/maint/geoip/geoip-db-tool/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "geoip-db-tool" +version = "0.1.0" +authors = ["Nick Mathewson <nickm@torproject.org>"] +edition = "2018" +license = "MIT OR Apache-2.0" +publish = false + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +ipnetwork= "0.17.0" +rangemap = "0.1.10" +argh = "0.1.4" diff --git a/scripts/maint/geoip/geoip-db-tool/src/db.rs b/scripts/maint/geoip/geoip-db-tool/src/db.rs new file mode 100644 index 0000000000..316182d823 --- /dev/null +++ b/scripts/maint/geoip/geoip-db-tool/src/db.rs @@ -0,0 +1,138 @@ +/// Code to parse a dump file +use std::collections::HashMap; +use std::convert::TryInto; +use std::iter::Peekable; + +use super::{AsBlock, NetBlock}; + +pub struct BlockReader<I> +where + I: Iterator<Item = std::io::Result<String>>, +{ + iter: Peekable<I>, +} + +pub enum AnyBlock { + NetBlock(NetBlock), + AsBlock(AsBlock), + OtherBlock, +} + +impl<I> BlockReader<I> +where + I: Iterator<Item = std::io::Result<String>>, +{ + pub fn new(iter: I) -> Self { + BlockReader { + iter: iter.peekable(), + } + } + + /// Extract the initial header from the file. + pub fn extract_header(&mut self) -> String { + let mut res: String = "".to_string(); + + while let Some(Ok(line)) = self.iter.peek() { + if !line.starts_with('#') { + break; + } + res.push_str(line.as_str()); + res.push('\n'); + let _ = self.iter.next(); + } + + res + } + + /// Extract the next empty-line-delimited block from the file. + /// + /// This isn't terribly efficient, but it's "fast enough". + fn get_block(&mut self) -> Option<std::io::Result<AnyBlock>> { + let mut kv = HashMap::new(); + + while let Some(line) = self.iter.next() { + //dbg!(&line); + if let Err(e) = line { + return Some(Err(e)); + } + let line_orig = line.unwrap(); + let line = line_orig.splitn(2, '#').next().unwrap().trim(); + if line.is_empty() { + if kv.is_empty() { + continue; + } else { + break; + } + } + let kwds: Vec<_> = line.splitn(2, ':').collect(); + if kwds.len() != 2 { + return None; // XXXX handle the error better. + } + kv.insert(kwds[0].trim().to_string(), kwds[1].trim().to_string()); + } + + if kv.is_empty() { + return None; + } + + if let Some(name) = kv.remove("name") { + // This is an AS block. + let asn = kv.get("aut-num").unwrap(); // XXXX handle error better + assert!(asn.starts_with("AS")); + let asn = asn[2..].parse().unwrap(); + return Some(Ok(AnyBlock::AsBlock(AsBlock { name, asn }))); + } + + let net = if let Some(net) = kv.get("net") { + net.parse().unwrap() //XXXX handle the error better. + } else { + return Some(Ok(AnyBlock::OtherBlock)); + }; + + let asn = if let Some(asn) = kv.get("aut-num") { + asn.parse().ok() + } else { + None + }; + + let cc = if let Some(country) = kv.get("country") { + assert!(country.as_bytes().len() == 2); + country.as_bytes()[0..2].try_into().unwrap() + } else { + *b"??" + }; + + fn is_true(v: Option<&String>) -> bool { + match v { + Some(s) => s == "true", + None => false, + } + } + + let is_anon_proxy = is_true(kv.get("is-anonymous-proxy")); + let is_anycast = is_true(kv.get("is-anycast-proxy")); + let is_satellite = is_true(kv.get("is-satellite-provider")); + + Some(Ok(AnyBlock::NetBlock(NetBlock { + net, + asn, + cc, + is_anon_proxy, + is_anycast, + is_satellite, + }))) + } +} + +impl<I> Iterator for BlockReader<I> +where + I: Iterator<Item = std::io::Result<String>>, +{ + type Item = AnyBlock; + fn next(&mut self) -> Option<Self::Item> { + match self.get_block() { + Some(Ok(b)) => Some(b), + _ => None, + } + } +} diff --git a/scripts/maint/geoip/geoip-db-tool/src/main.rs b/scripts/maint/geoip/geoip-db-tool/src/main.rs new file mode 100644 index 0000000000..9a22598a35 --- /dev/null +++ b/scripts/maint/geoip/geoip-db-tool/src/main.rs @@ -0,0 +1,239 @@ +/// A basic tool to convert IPFire Location dumps into the CSV formats that Tor +/// expects. +mod db; + +use argh::FromArgs; +use ipnetwork::IpNetwork; +use rangemap::RangeInclusiveMap; + +use std::fs::File; +use std::io::{BufRead, BufReader, BufWriter, Write}; +use std::net::{IpAddr, Ipv6Addr}; +use std::num::NonZeroU32; +use std::path::PathBuf; + +fn default_ipv4_path() -> PathBuf { + "./geoip".into() +} +fn default_ipv6_path() -> PathBuf { + "./geoip6".into() +} + +#[derive(FromArgs)] +/// Convert an IPFire Location dump into CSV geoip files. +struct Args { + /// where to store the IPv4 geoip output + #[argh(option, default = "default_ipv4_path()", short = '4')] + output_ipv4: PathBuf, + + /// where to store the IPv6 geoip6 output + #[argh(option, default = "default_ipv6_path()", short = '6')] + output_ipv6: PathBuf, + + /// where to find the dump file + #[argh(option, short = 'i')] + input: PathBuf, + + /// whether to include AS information in our output + #[argh(switch)] + include_asn: bool, + + /// where to store the AS map. + #[argh(option)] + output_asn: Option<PathBuf>, +} + +/// Represents a network block from running `location dump`. +#[derive(Debug, Clone)] +pub struct NetBlock { + pub net: IpNetwork, + pub cc: [u8; 2], + pub asn: Option<NonZeroU32>, + pub is_anon_proxy: bool, + pub is_anycast: bool, + pub is_satellite: bool, +} + +/// Represents an AS definition from running `location dump`. +#[derive(Debug, Clone, Ord, PartialOrd, Eq, PartialEq)] +pub struct AsBlock { + pub asn: NonZeroU32, + pub name: String, +} + +impl PartialEq for NetBlock { + fn eq(&self, other: &Self) -> bool { + self.net == other.net + } +} + +/// We define network blocks as being sorted first from largest to smallest, +/// then by address. +impl Ord for NetBlock { + fn cmp(&self, other: &Self) -> std::cmp::Ordering { + self.net + .prefix() + .cmp(&other.net.prefix()) + .then_with(|| self.net.network().cmp(&other.net.network())) + } +} + +impl PartialOrd for NetBlock { + fn partial_cmp(&self, other: &Self) -> Option<std::cmp::Ordering> { + Some(self.cmp(other)) + } +} + +impl Eq for NetBlock {} + +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +struct NetDefn { + cc: [u8; 2], + asn: Option<NonZeroU32>, +} + +impl NetBlock { + fn into_defn(self, include_asn: bool) -> NetDefn { + if include_asn { + NetDefn { + cc: self.cc, + asn: self.asn, + } + } else { + NetDefn { + cc: self.cc, + asn: None, + } + } + } +} + +impl NetDefn { + fn cc(&self) -> &str { + std::str::from_utf8(&self.cc).unwrap() + } + fn asn(&self) -> u32 { + match self.asn { + Some(v) => v.into(), + None => 0, + } + } +} + +const PROLOGUE: &str = "\ +# This file has been converted from the IPFire Location database +# using Tor's geoip-db-tool. For more information on the data, see +# https://location.ipfire.org/. +# +# Below is the header from the original export: +# +"; + +/// Read an input file in the `location dump` format, and write CSV ipv4 and ipv6 files. +/// +/// This code tries to be "efficient enough"; most of the logic is handled by +/// using the rangemap crate. +fn convert(args: Args) -> std::io::Result<()> { + let input = args.input.as_path(); + let output_v4 = args.output_ipv4.as_path(); + let output_v6 = args.output_ipv6.as_path(); + let include_asn = args.include_asn; + + let f = File::open(input)?; + let f = BufReader::new(f); + let mut blocks = Vec::new(); + let mut networks = Vec::new(); + + let mut reader = db::BlockReader::new(f.lines()); + let hdr = reader.extract_header(); + // Read blocks, and then sort them by specificity and address. + for nb in reader { + match nb { + db::AnyBlock::AsBlock(a) => networks.push(a), + db::AnyBlock::NetBlock(n) => blocks.push(n), + _ => {} + } + } + blocks.sort(); + + // Convert the sorted blocks into a map from address ranges into + // country codes. + // + // Note that since we have sorted the blocks from least to most specific, + // we will be puttting them into the maps in the right order, so that the + // most specific rule "wins". + // + // We use u32 and u128 as the index types for these RangeInclusiveMaps, + // so that we don't need to implement a step function for IpAddr. + let mut v4map: RangeInclusiveMap<u32, NetDefn, _> = RangeInclusiveMap::new(); + let mut v6map: RangeInclusiveMap<u128, NetDefn, _> = RangeInclusiveMap::new(); + + let mut n = 0usize; + let num_blocks = blocks.len(); + for nb in blocks { + n += 1; + if n % 100000 == 0 { + println!("{}/{}", n, num_blocks); + } + let start = nb.net.network(); + let end = nb.net.broadcast(); + match (start, end) { + (IpAddr::V4(a), IpAddr::V4(b)) => { + v4map.insert(a.into()..=b.into(), nb.into_defn(include_asn)); + } + (IpAddr::V6(a), IpAddr::V6(b)) => { + v6map.insert(a.into()..=b.into(), nb.into_defn(include_asn)); + } + (_, _) => panic!("network started and ended in different families!?"), + } + } + + // Write the ranges out to the appropriate files, in order. + let mut v4 = BufWriter::new(File::create(output_v4)?); + let mut v6 = BufWriter::new(File::create(output_v6)?); + + v4.write_all(PROLOGUE.as_bytes())?; + v4.write_all(hdr.as_bytes())?; + for (r, defn) in v4map.iter() { + let a: u32 = *r.start(); + let b: u32 = *r.end(); + if include_asn { + writeln!(&mut v4, "{},{},{},{}", a, b, defn.cc(), defn.asn())?; + } else { + writeln!(&mut v4, "{},{},{}", a, b, defn.cc())?; + } + } + + v6.write_all(PROLOGUE.as_bytes())?; + v6.write_all(hdr.as_bytes())?; + for (r, defn) in v6map.iter() { + let a: Ipv6Addr = (*r.start()).into(); + let b: Ipv6Addr = (*r.end()).into(); + if include_asn { + writeln!(&mut v6, "{},{},{},{}", a, b, defn.cc(), defn.asn())?; + } else { + writeln!(&mut v6, "{},{},{}", a, b, defn.cc())?; + } + } + + // The documentation says you should always flush a BufWriter. + v4.flush()?; + v6.flush()?; + + if let Some(output_asn) = args.output_asn { + networks.sort(); + let mut asn = BufWriter::new(File::create(output_asn)?); + for net in networks { + writeln!(&mut asn, "{},{}", net.asn, net.name)?; + } + asn.flush()?; + } + + Ok(()) +} + +fn main() -> std::io::Result<()> { + let args: Args = argh::from_env(); + + convert(args) +} diff --git a/scripts/maint/geoip/update_and_commit_geoip.sh b/scripts/maint/geoip/update_and_commit_geoip.sh new file mode 100755 index 0000000000..a83f82433e --- /dev/null +++ b/scripts/maint/geoip/update_and_commit_geoip.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +set -e + +CMDDIR=$(cd "$(dirname "$0")" && pwd) + +if [ ! -e "./src/config/geoip" ] ; then + echo "Run this from inside the root dir of your oldest LTS repository" + exit 1 +fi + +if [ -n "$(git status --untracked-files=no --porcelain)" ]; then + echo "Working directory is not clean." + exit 1 +fi + +TOPDIR=$(pwd) +cd "./src/config/" +"${CMDDIR}/update_geoip.sh" +cd "${TOPDIR}" + +DASH_DATE=$(date -u +"%Y-%m-%d") +SLASH_DATE=$(date -u +"%Y/%m/%d") +CHANGESFILE="changes/geoip-$DASH_DATE" + +cat > "$CHANGESFILE" <<EOF + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, + as retrieved on ${SLASH_DATE}. +EOF + +git add "$CHANGESFILE" + +git commit -a -m "Update geoip files to match ipfire location db, $SLASH_DATE." diff --git a/scripts/maint/geoip/update_geoip.sh b/scripts/maint/geoip/update_geoip.sh new file mode 100755 index 0000000000..743683ab62 --- /dev/null +++ b/scripts/maint/geoip/update_geoip.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +set -e + +DIR=$(cd "$(dirname "$0")" && pwd) +TMP=$(mktemp -d) + +location --quiet update +location dump "$TMP/geoip-dump.txt" + +OLDDIR=$(pwd) +cd "$DIR/geoip-db-tool/" +cargo build --release +cd "$OLDDIR" + +"$DIR/geoip-db-tool/target/release/geoip-db-tool" -i "$TMP/geoip-dump.txt" diff --git a/scripts/maint/practracker/includes.py b/scripts/maint/practracker/includes.py index a5ee728824..46630d987f 100755 --- a/scripts/maint/practracker/includes.py +++ b/scripts/maint/practracker/includes.py @@ -40,11 +40,13 @@ def warn(msg): print(msg, file=sys.stderr) def fname_is_c(fname): - """ Return true iff 'fname' is the name of a file that we should - search for possibly disallowed #include directives. """ - if fname.endswith(".h") or fname.endswith(".c"): + """ + Return true if 'fname' is the name of a file that we should + search for possibly disallowed #include directives. + """ + if fname.endswith((".c", ".h")): bname = os.path.basename(fname) - return not (bname.startswith(".") or bname.startswith("#")) + return not bname.startswith((".", "#")) else: return False diff --git a/scripts/maint/practracker/test_practracker.sh b/scripts/maint/practracker/test_practracker.sh index e29b9106de..bb734ad9cd 100755 --- a/scripts/maint/practracker/test_practracker.sh +++ b/scripts/maint/practracker/test_practracker.sh @@ -1,15 +1,15 @@ #!/bin/sh -# Fail if any subprocess fails unexpectedly +# Fail this script if any subprocess fails unexpectedly. set -e umask 077 unset TOR_DISABLE_PRACTRACKER TMPDIR="" -clean () { +clean() { if [ -n "$TMPDIR" ] && [ -d "$TMPDIR" ]; then - rm -rf "$TMPDIR" + rm -rf "$TMPDIR" fi } trap clean EXIT HUP INT TERM @@ -27,7 +27,7 @@ PRACTRACKER_DIR="scripts/maint/practracker" TMPDIR="$(mktemp -d -t pracktracker.test.XXXXXX)" if test -z "${TMPDIR}" || test ! -d "${TMPDIR}" ; then echo >&2 "mktemp failed." - exit 1; + exit 1 fi DATA="${PRACTRACKER_DIR}/testdata" @@ -43,6 +43,7 @@ run_practracker() { --terse \ "${DATA}/" "$@" || echo "practracker exit status: $?" } + compare() { # we can't use cmp because we need to use -b for windows diff -b -u "$@" > "${TMPDIR}/test-diff" || true diff --git a/scripts/maint/practracker/util.py b/scripts/maint/practracker/util.py index c52ca2fbbf..6ab10a8de7 100644 --- a/scripts/maint/practracker/util.py +++ b/scripts/maint/practracker/util.py @@ -7,8 +7,7 @@ import os # We don't want to run metrics for unittests, automatically-generated C files, # external libraries or git leftovers. -EXCLUDE_SOURCE_DIRS = {"src/test/", "src/trunnel/", "src/rust/", - "src/ext/" } +EXCLUDE_SOURCE_DIRS = {"src/test/", "src/trunnel/", "src/ext/" } EXCLUDE_FILES = {"orconfig.h"} diff --git a/scripts/maint/run_calltool.sh b/scripts/maint/run_calltool.sh index b0268322f4..025a49cd03 100755 --- a/scripts/maint/run_calltool.sh +++ b/scripts/maint/run_calltool.sh @@ -5,8 +5,8 @@ set -e if test "x$CALLTOOL_PATH" != "x"; then - PYTHONPATH="${CALLTOOL_PATH}:${PYTHONPATH}" - export PYTHONPATH + PYTHONPATH="${CALLTOOL_PATH}:${PYTHONPATH}" + export PYTHONPATH fi mkdir -p callgraph @@ -14,8 +14,8 @@ mkdir -p callgraph SUBITEMS="fn_graph fn_invgraph fn_scc fn_scc_weaklinks module_graph module_invgraph module_scc module_scc_weaklinks" for calculation in $SUBITEMS; do - echo "======== $calculation" - python -m calltool "$calculation" > callgraph/"$calculation" + echo "======== $calculation" + python -m calltool "$calculation" > callgraph/"$calculation" done cat <<EOF > callgraph/README diff --git a/scripts/maint/updateRustDependencies.sh b/scripts/maint/updateRustDependencies.sh deleted file mode 100755 index 6d0587351f..0000000000 --- a/scripts/maint/updateRustDependencies.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env bash -# -# Copyright (c) 2018 The Tor Project, Inc. -# Copyright (c) 2018 isis agora lovecruft -# See LICENSE for license information -# -# updateRustDependencies.sh -# ------------------------- -# Update our vendored Rust dependencies, either adding/removing -# dependencies and/or upgrading current dependencies to newer -# versions. -# -# To use this script, first add your dependencies, exactly specifying -# their versions, into the appropriate *crate-level* Cargo.toml in -# src/rust/ (i.e. *not* /src/rust/Cargo.toml, but instead the one for -# your crate). -# -# Next, run this script. Then, go into src/ext/rust and commit the -# changes to the tor-rust-dependencies repo. - -set -e - -HERE=$(dirname "$(realpath "$0")") -TOPLEVEL=$(dirname "$(dirname "$HERE")") -TOML="$TOPLEVEL/src/rust/Cargo.toml" -VENDORED="$TOPLEVEL/src/ext/rust/crates" -CARGO=$(command -v cargo) - -if ! test -f "$TOML" ; then - printf "Error: Couldn't find workspace Cargo.toml in expected location: %s\\n" "$TOML" -fi - -if ! test -d "$VENDORED" ; then - printf "Error: Couldn't find directory for Rust dependencies! Expected location: %s\\n" "$VENDORED" -fi - -if test -z "$CARGO" ; then - printf "Error: cargo must be installed and in your \$PATH\\n" -fi - -if test -z "$(cargo --list | grep vendor)" ; then - printf "Error: cargo-vendor not installed\\n" -fi - -$CARGO vendor -v --locked --explicit-version --no-delete --sync "$TOML" "$VENDORED" diff --git a/src/app/config/config.c b/src/app/config/config.c index f8a140ad9f..e02bcf0387 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -103,8 +103,6 @@ #include "feature/relay/routermode.h" #include "feature/relay/relay_config.h" #include "feature/relay/transport_config.h" -#include "feature/rend/rendclient.h" -#include "feature/rend/rendservice.h" #include "lib/geoip/geoip.h" #include "feature/stats/geoip_stats.h" #include "lib/compress/compress.h" @@ -195,6 +193,7 @@ static const config_abbrev_t option_abbrevs_[] = { PLURAL(AuthDirBadDirCC), PLURAL(AuthDirBadExitCC), PLURAL(AuthDirInvalidCC), + PLURAL(AuthDirMiddleOnlyCC), PLURAL(AuthDirRejectCC), PLURAL(EntryNode), PLURAL(ExcludeNode), @@ -333,6 +332,8 @@ static const config_var_t option_vars_[] = { V(AuthDirBadExitCCs, CSV, ""), V(AuthDirInvalid, LINELIST, NULL), V(AuthDirInvalidCCs, CSV, ""), + V(AuthDirMiddleOnly, LINELIST, NULL), + V(AuthDirMiddleOnlyCCs, CSV, ""), V(AuthDirReject, LINELIST, NULL), V(AuthDirRejectCCs, CSV, ""), OBSOLETE("AuthDirRejectUnlisted"), @@ -354,6 +355,7 @@ static const config_var_t option_vars_[] = { V(CacheDirectoryGroupReadable, AUTOBOOL, "auto"), V(CellStatistics, BOOL, "0"), V(PaddingStatistics, BOOL, "1"), + V(OverloadStatistics, BOOL, "1"), V(LearnCircuitBuildTimeout, BOOL, "1"), V(CircuitBuildTimeout, INTERVAL, "0"), OBSOLETE("CircuitIdleTimeout"), @@ -424,23 +426,11 @@ static const config_var_t option_vars_[] = { OBSOLETE("DynamicDHGroups"), VPORT(DNSPort), OBSOLETE("DNSListenAddress"), - V(DormantClientTimeout, INTERVAL, "24 hours"), - V(DormantTimeoutDisabledByIdleStreams, BOOL, "1"), + V(DormantClientTimeout, INTERVAL, "24 hours"), + V(DormantTimeoutEnabled, BOOL, "1"), + V(DormantTimeoutDisabledByIdleStreams, BOOL, "1"), V(DormantOnFirstStartup, BOOL, "0"), V(DormantCanceledByStartup, BOOL, "0"), - /* DoS circuit creation options. */ - V(DoSCircuitCreationEnabled, AUTOBOOL, "auto"), - V(DoSCircuitCreationMinConnections, POSINT, "0"), - V(DoSCircuitCreationRate, POSINT, "0"), - V(DoSCircuitCreationBurst, POSINT, "0"), - V(DoSCircuitCreationDefenseType, INT, "0"), - V(DoSCircuitCreationDefenseTimePeriod, INTERVAL, "0"), - /* DoS connection options. */ - V(DoSConnectionEnabled, AUTOBOOL, "auto"), - V(DoSConnectionMaxConcurrentCount, POSINT, "0"), - V(DoSConnectionDefenseType, INT, "0"), - /* DoS single hop client options. */ - V(DoSRefuseSingleHopClientRendezvous, AUTOBOOL, "auto"), V(DownloadExtraInfo, BOOL, "0"), V(TestingEnableConnBwEvent, BOOL, "0"), V(TestingEnableCellStatsEvent, BOOL, "0"), @@ -498,12 +488,13 @@ static const config_var_t option_vars_[] = { V(MainloopStats, BOOL, "0"), V(HashedControlPassword, LINELIST, NULL), OBSOLETE("HidServDirectoryV2"), + OBSOLETE("HiddenServiceAuthorizeClient"), + OBSOLETE("HidServAuth"), VAR("HiddenServiceDir", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceDirGroupReadable", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceOptions",LINELIST_V, RendConfigLines, NULL), VAR("HiddenServicePort", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceVersion",LINELIST_S, RendConfigLines, NULL), - VAR("HiddenServiceAuthorizeClient",LINELIST_S,RendConfigLines, NULL), VAR("HiddenServiceAllowUnknownPorts",LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceMaxStreams",LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceMaxStreamsCloseCircuit",LINELIST_S, RendConfigLines, NULL), @@ -517,7 +508,6 @@ static const config_var_t option_vars_[] = { VAR("HiddenServiceOnionBalanceInstance", LINELIST_S, RendConfigLines, NULL), VAR("HiddenServiceStatistics", BOOL, HiddenServiceStatistics_option, "1"), - V(HidServAuth, LINELIST, NULL), V(ClientOnionAuthDir, FILENAME, NULL), OBSOLETE("CloseHSClientCircuitsImmediatelyOnTimeout"), OBSOLETE("CloseHSServiceRendCircuitsImmediatelyOnTimeout"), @@ -559,7 +549,7 @@ static const config_var_t option_vars_[] = { V(MaxConsensusAgeForDiffs, INTERVAL, "0 seconds"), VAR("MaxMemInQueues", MEMUNIT, MaxMemInQueues_raw, "0"), OBSOLETE("MaxOnionsPending"), - V(MaxOnionQueueDelay, MSEC_INTERVAL, "1750 msec"), + V(MaxOnionQueueDelay, MSEC_INTERVAL, "0"), V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"), VPORT(MetricsPort), V(MetricsPortPolicy, LINELIST, NULL), @@ -629,11 +619,12 @@ static const config_var_t option_vars_[] = { V(ConnectionPadding, AUTOBOOL, "auto"), V(RefuseUnknownExits, AUTOBOOL, "auto"), V(CircuitPadding, BOOL, "1"), + V(ReconfigDropsBridgeDescs, BOOL, "0"), V(ReducedCircuitPadding, BOOL, "0"), V(RejectPlaintextPorts, CSV, ""), V(RelayBandwidthBurst, MEMUNIT, "0"), V(RelayBandwidthRate, MEMUNIT, "0"), - V(RendPostPeriod, INTERVAL, "1 hour"), + V(RendPostPeriod, INTERVAL, "1 hour"), /* Used internally. */ V(RephistTrackTime, INTERVAL, "24 hours"), V_IMMUTABLE(RunAsDaemon, BOOL, "0"), V(ReducedExitPolicy, BOOL, "0"), @@ -681,8 +672,11 @@ static const config_var_t option_vars_[] = { VAR("UseEntryGuards", BOOL, UseEntryGuards_option, "1"), OBSOLETE("UseEntryGuardsAsDirGuards"), V(UseGuardFraction, AUTOBOOL, "auto"), + V(VanguardsLiteEnabled, AUTOBOOL, "auto"), V(UseMicrodescriptors, AUTOBOOL, "auto"), OBSOLETE("UseNTorHandshake"), + VAR("__AlwaysCongestionControl", BOOL, AlwaysCongestionControl, "0"), + VAR("__SbwsExit", BOOL, SbwsExit, "0"), V_IMMUTABLE(User, STRING, NULL), OBSOLETE("UserspaceIOCPBuffers"), OBSOLETE("V1AuthoritativeDirectory"), @@ -2104,7 +2098,7 @@ options_act,(const or_options_t *old_options)) return -1; } - if (rend_non_anonymous_mode_enabled(options)) { + if (hs_service_non_anonymous_mode_enabled(options)) { log_warn(LD_GENERAL, "This copy of Tor was compiled or configured to run " "in a non-anonymous mode. It will provide NO ANONYMITY."); } @@ -2322,6 +2316,8 @@ options_act,(const or_options_t *old_options)) } if (transition_affects_guards) { + if (options->ReconfigDropsBridgeDescs) + routerlist_drop_bridge_descriptors(); if (guards_update_all()) { abandon_circuits = 1; } @@ -2446,6 +2442,8 @@ typedef enum { static const struct { /** The string that the user has to provide. */ const char *name; + /** Optional short name. */ + const char *short_name; /** Does this option accept an argument? */ takes_argument_t takes_argument; /** If not CMD_RUN_TOR, what should Tor do when it starts? */ @@ -2453,7 +2451,8 @@ static const struct { /** If nonzero, set the quiet level to this. 1 is "hush", 2 is "quiet" */ int quiet; } CMDLINE_ONLY_OPTIONS[] = { - { .name="-f", + { .name="--torrc-file", + .short_name="-f", .takes_argument=ARGUMENT_NECESSARY }, { .name="--allow-missing-torrc" }, { .name="--defaults-torrc", @@ -2467,6 +2466,7 @@ static const struct { .command=CMD_DUMP_CONFIG, .quiet=QUIET_SILENT }, { .name="--list-fingerprint", + .takes_argument=ARGUMENT_OPTIONAL, .command=CMD_LIST_FINGERPRINT }, { .name="--keygen", .command=CMD_KEYGEN }, @@ -2495,10 +2495,8 @@ static const struct { { .name="--library-versions", .command=CMD_IMMEDIATE, .quiet=QUIET_HUSH }, - { .name="-h", - .command=CMD_IMMEDIATE, - .quiet=QUIET_HUSH }, { .name="--help", + .short_name="-h", .command=CMD_IMMEDIATE, .quiet=QUIET_HUSH }, { .name="--list-torrc-options", @@ -2542,7 +2540,9 @@ config_parse_commandline(int argc, char **argv, int ignore_errors) bool is_a_command = false; for (j = 0; CMDLINE_ONLY_OPTIONS[j].name != NULL; ++j) { - if (!strcmp(argv[i], CMDLINE_ONLY_OPTIONS[j].name)) { + if (!strcmp(argv[i], CMDLINE_ONLY_OPTIONS[j].name) || + (CMDLINE_ONLY_OPTIONS[j].short_name && + !strcmp(argv[i], CMDLINE_ONLY_OPTIONS[j].short_name))) { is_cmdline = 1; want_arg = CMDLINE_ONLY_OPTIONS[j].takes_argument; if (CMDLINE_ONLY_OPTIONS[j].command != CMD_RUN_TOR) { @@ -2585,8 +2585,11 @@ config_parse_commandline(int argc, char **argv, int ignore_errors) parsed_cmdline_free(result); return NULL; } - } else if (want_arg == ARGUMENT_OPTIONAL && is_last) { + } else if (want_arg == ARGUMENT_OPTIONAL && + /* optional arguments may never start with '-'. */ + (is_last || argv[i+1][0] == '-')) { arg = tor_strdup(""); + want_arg = ARGUMENT_NONE; // prevent skipping the next flag. } else { arg = (want_arg != ARGUMENT_NONE) ? tor_strdup(argv[i+1]) : tor_strdup(""); @@ -2685,7 +2688,7 @@ print_usage(void) printf( "Copyright (c) 2001-2004, Roger Dingledine\n" "Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson\n" -"Copyright (c) 2007-2020, The Tor Project, Inc.\n\n" +"Copyright (c) 2007-2021, The Tor Project, Inc.\n\n" "tor -f <torrc> [args]\n" "See man page for options, or https://www.torproject.org/ for " "documentation.\n"); @@ -3210,7 +3213,7 @@ options_validate_single_onion(or_options_t *options, char **msg) } /* Now that we've checked that the two options are consistent, we can safely - * call the rend_service_* functions that abstract these options. */ + * call the hs_service_* functions that abstract these options. */ /* If you run an anonymous client with an active Single Onion service, the * client loses anonymity. */ @@ -3219,13 +3222,13 @@ options_validate_single_onion(or_options_t *options, char **msg) options->NATDPort_set || options->DNSPort_set || options->HTTPTunnelPort_set); - if (rend_service_non_anonymous_mode_enabled(options) && client_port_set) { + if (hs_service_non_anonymous_mode_enabled(options) && client_port_set) { REJECT("HiddenServiceNonAnonymousMode is incompatible with using Tor as " "an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or " "revert HiddenServiceNonAnonymousMode to 0."); } - if (rend_service_allow_non_anonymous_connection(options) + if (hs_service_allow_non_anonymous_connection(options) && options->UseEntryGuards) { /* Single Onion services only use entry guards when uploading descriptors; * all other connections are one-hop. Further, Single Onions causes the @@ -3275,7 +3278,7 @@ options_validate_cb(const void *old_options_, void *options_, char **msg) } #else /* defined(HAVE_SYS_UN_H) */ if (options->ControlSocketsGroupWritable && !options->ControlSocket) { - *msg = tor_strdup("Setting ControlSocketGroupWritable without setting " + *msg = tor_strdup("Setting ControlSocketsGroupWritable without setting " "a ControlSocket makes no sense."); return -1; } @@ -3575,7 +3578,7 @@ options_validate_cb(const void *old_options_, void *options_, char **msg) if (!(options->UseEntryGuards) && (options->RendConfigLines != NULL) && - !rend_service_allow_non_anonymous_connection(options)) { + !hs_service_allow_non_anonymous_connection(options)) { log_warn(LD_CONFIG, "UseEntryGuards is disabled, but you have configured one or more " "hidden services on this Tor instance. Your hidden services " @@ -3618,7 +3621,7 @@ options_validate_cb(const void *old_options_, void *options_, char **msg) } /* Single Onion Services: non-anonymous hidden services */ - if (rend_service_non_anonymous_mode_enabled(options)) { + if (hs_service_non_anonymous_mode_enabled(options)) { log_warn(LD_CONFIG, "HiddenServiceNonAnonymousMode is set. Every hidden service on " "this tor instance is NON-ANONYMOUS. If " @@ -4318,16 +4321,21 @@ find_torrc_filename(const config_line_t *cmd_arg, char *fname=NULL; const config_line_t *p_index; const char *fname_opt = defaults_file ? "--defaults-torrc" : "-f"; + const char *fname_long_opt = defaults_file ? "--defaults-torrc" : + "--torrc-file"; const char *ignore_opt = defaults_file ? NULL : "--ignore-missing-torrc"; + const char *keygen_opt = "--keygen"; if (defaults_file) *ignore_missing_torrc = 1; for (p_index = cmd_arg; p_index; p_index = p_index->next) { - if (!strcmp(p_index->key, fname_opt)) { + // options_init_from_torrc ensures only the short or long name is present + if (!strcmp(p_index->key, fname_opt) || + !strcmp(p_index->key, fname_long_opt)) { if (fname) { log_warn(LD_CONFIG, "Duplicate %s options on command line.", - fname_opt); + p_index->key); tor_free(fname); } fname = expand_filename(p_index->value); @@ -4340,7 +4348,8 @@ find_torrc_filename(const config_line_t *cmd_arg, } *using_default_fname = 0; - } else if (ignore_opt && !strcmp(p_index->key,ignore_opt)) { + } else if ((ignore_opt && !strcmp(p_index->key, ignore_opt)) || + (keygen_opt && !strcmp(p_index->key, keygen_opt))) { *ignore_missing_torrc = 1; } } @@ -4487,6 +4496,25 @@ options_init_from_torrc(int argc, char **argv) if (config_line_find(cmdline_only_options, "--version")) { printf("Tor version %s.\n",get_version()); + printf("Tor is running on %s with Libevent %s, " + "%s %s, Zlib %s, Liblzma %s, Libzstd %s and %s %s as libc.\n", + get_uname(), + tor_libevent_get_version_str(), + crypto_get_library_name(), + crypto_get_library_version_string(), + tor_compress_supports_method(ZLIB_METHOD) ? + tor_compress_version_str(ZLIB_METHOD) : "N/A", + tor_compress_supports_method(LZMA_METHOD) ? + tor_compress_version_str(LZMA_METHOD) : "N/A", + tor_compress_supports_method(ZSTD_METHOD) ? + tor_compress_version_str(ZSTD_METHOD) : "N/A", + tor_libc_get_name() ? + tor_libc_get_name() : "Unknown", + tor_libc_get_version_str()); + printf("Tor compiled with %s version %s\n", + strcmp(COMPILER_VENDOR, "gnu") == 0? + COMPILER:COMPILER_VENDOR, COMPILER_VERSION); + return 1; } @@ -4511,6 +4539,16 @@ options_init_from_torrc(int argc, char **argv) } else { cf_defaults = load_torrc_from_disk(cmdline_only_options, 1); const config_line_t *f_line = config_line_find(cmdline_only_options, "-f"); + const config_line_t *f_line_long = config_line_find(cmdline_only_options, + "--torrc-file"); + if (f_line && f_line_long) { + log_err(LD_CONFIG, "-f and --torrc-file cannot be used together."); + retval = -1; + goto err; + } else if (f_line_long) { + f_line = f_line_long; + } + const int read_torrc_from_stdin = (f_line != NULL && strcmp(f_line->value, "-") == 0); @@ -4803,7 +4841,7 @@ addressmap_register_auto(const char *from, const char *to, } addressmap_register(from, tor_strdup(to), expires, addrmap_source, - from_wildcard, to_wildcard); + from_wildcard, to_wildcard, 0); return 0; } @@ -4950,9 +4988,9 @@ options_init_logs(const or_options_t *old_options, const or_options_t *options, if (!validate_only) { add_syslog_log(severity, options->SyslogIdentityTag); } -#else +#else /* !defined(HAVE_SYSLOG_H) */ log_warn(LD_CONFIG, "The android logging API is no longer supported."); -#endif +#endif /* defined(HAVE_SYSLOG_H) */ goto cleanup; } } @@ -5439,6 +5477,77 @@ pt_parse_transport_line(const or_options_t *options, return r; } +/** + * Parse a flag describing an extra dirport for a directory authority. + * + * Right now, the supported format is exactly: + * `{upload,download,voting}=http://[IP:PORT]/`. + * Other URL schemes, and other suffixes, might be supported in the future. + * + * Only call this function if `flag` starts with one of the above strings. + * + * Return 0 on success, and -1 on failure. + * + * If `ds` is provided, then add any parsed dirport to `ds`. If `ds` is NULL, + * take no action other than parsing. + **/ +static int +parse_dirauth_dirport(dir_server_t *ds, const char *flag) +{ + tor_assert(flag); + + auth_dirport_usage_t usage; + + if (!strcasecmpstart(flag, "upload=")) { + usage = AUTH_USAGE_UPLOAD; + } else if (!strcasecmpstart(flag, "download=")) { + usage = AUTH_USAGE_DOWNLOAD; + } else if (!strcasecmpstart(flag, "vote=")) { + usage = AUTH_USAGE_VOTING; + } else { + // We shouldn't get called with a flag that we don't recognize. + tor_assert_nonfatal_unreached(); + return -1; + } + + const char *eq = strchr(flag, '='); + tor_assert(eq); + const char *target = eq + 1; + + // Find the part inside the http://{....}/ + if (strcmpstart(target, "http://")) { + log_warn(LD_CONFIG, "Unsupported URL scheme in authority flag %s", flag); + return -1; + } + const char *addr = target + strlen("http://"); + + const char *eos = strchr(addr, '/'); + size_t addr_len; + if (eos && strcmp(eos, "/")) { + log_warn(LD_CONFIG, "Unsupported URL prefix in authority flag %s", flag); + return -1; + } else if (eos) { + addr_len = eos - addr; + } else { + addr_len = strlen(addr); + } + + // Finally, parse the addr:port part. + char *addr_string = tor_strndup(addr, addr_len); + tor_addr_port_t dirport; + memset(&dirport, 0, sizeof(dirport)); + int rv = tor_addr_port_parse(LOG_WARN, addr_string, + &dirport.addr, &dirport.port, -1); + if (ds != NULL && rv == 0) { + trusted_dir_server_add_dirport(ds, usage, &dirport); + } else if (rv == -1) { + log_warn(LD_CONFIG, "Unable to parse address in authority flag %s",flag); + } + + tor_free(addr_string); + return rv; +} + /** Read the contents of a DirAuthority line from <b>line</b>. If * <b>validate_only</b> is 0, and the line is well-formed, and it * shares any bits with <b>required_type</b> or <b>required_type</b> @@ -5459,6 +5568,7 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, char v3_digest[DIGEST_LEN]; dirinfo_type_t type = 0; double weight = 1.0; + smartlist_t *extra_dirports = smartlist_new(); memset(v3_digest, 0, sizeof(v3_digest)); @@ -5527,6 +5637,12 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, } ipv6_addrport_ptr = &ipv6_addrport; } + } else if (!strcasecmpstart(flag, "upload=") || + !strcasecmpstart(flag, "download=") || + !strcasecmpstart(flag, "vote=")) { + // We'll handle these after creating the authority object. + smartlist_add(extra_dirports, flag); + flag = NULL; // prevent double-free. } else { log_warn(LD_CONFIG, "Unrecognized flag '%s' on DirAuthority line", flag); @@ -5570,6 +5686,13 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, goto err; } + if (validate_only) { + SMARTLIST_FOREACH_BEGIN(extra_dirports, const char *, cp) { + if (parse_dirauth_dirport(NULL, cp) < 0) + goto err; + } SMARTLIST_FOREACH_END(cp); + } + if (!validate_only && (!required_type || required_type & type)) { dir_server_t *ds; if (required_type) @@ -5581,16 +5704,23 @@ parse_dir_authority_line(const char *line, dirinfo_type_t required_type, ipv6_addrport_ptr, digest, v3_digest, type, weight))) goto err; + + SMARTLIST_FOREACH_BEGIN(extra_dirports, const char *, cp) { + if (parse_dirauth_dirport(ds, cp) < 0) + goto err; + } SMARTLIST_FOREACH_END(cp); dir_server_add(ds); } r = 0; goto done; - err: + err: r = -1; - done: + done: + SMARTLIST_FOREACH(extra_dirports, char*, s, tor_free(s)); + smartlist_free(extra_dirports); SMARTLIST_FOREACH(items, char*, s, tor_free(s)); smartlist_free(items); tor_free(addrport); @@ -6032,7 +6162,7 @@ port_parse_config(smartlist_t *out, tor_free(addrtmp); } else { /* Try parsing integer port before address, because, who knows? - "9050" might be a valid address. */ + * "9050" might be a valid address. */ port = (int) tor_parse_long(addrport, 10, 0, 65535, &ok, NULL); if (ok) { tor_addr_copy(&addr, &default_addr); diff --git a/src/app/config/config.h b/src/app/config/config.h index ee78d1e0f7..de198e203d 100644 --- a/src/app/config/config.h +++ b/src/app/config/config.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 440c987365..290a2bb9b4 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -293,6 +293,13 @@ struct or_options_t { * disabled. */ int CircuitPadding; + /** Boolean: if true, then this client will discard cached bridge + * descriptors on a setconf or other config change that impacts guards + * or bridges (see options_transition_affects_guards() for exactly which + * config changes trigger it). Useful for tools that test bridge + * reachability by fetching fresh descriptors. */ + int ReconfigDropsBridgeDescs; + /** Boolean: if true, then this client will only use circuit padding * algorithms that are known to use a low amount of overhead. If false, * we will use all available circuit padding algorithms. @@ -336,7 +343,7 @@ struct or_options_t { /* Makes hidden service clients and servers non-anonymous on this tor * instance. Allows the non-anonymous HiddenServiceSingleHopMode. Enables * non-anonymous behaviour in the hidden service protocol. - * Use rend_service_non_anonymous_mode_enabled() instead of using this option + * Use hs_service_non_anonymous_mode_enabled() instead of using this option * directly. */ int HiddenServiceNonAnonymousMode; @@ -428,9 +435,6 @@ struct or_options_t { int NumCPUs; /**< How many CPUs should we try to use? */ struct config_line_t *RendConfigLines; /**< List of configuration lines * for rendezvous services. */ - struct config_line_t *HidServAuth; /**< List of configuration lines for - * client-side authorizations for hidden - * services */ char *ClientOnionAuthDir; /**< Directory to keep client * onion service authorization secret keys */ char *ContactInfo; /**< Contact info to be published in the directory. */ @@ -495,6 +499,9 @@ struct or_options_t { struct smartlist_t *NodeFamilySets; struct config_line_t *AuthDirBadExit; /**< Address policy for descriptors to * mark as bad exits. */ + /** Address policy for descriptors to mark as only suitable for the + * middle position in circuits. */ + struct config_line_t *AuthDirMiddleOnly; struct config_line_t *AuthDirReject; /**< Address policy for descriptors to * reject. */ struct config_line_t *AuthDirInvalid; /**< Address policy for descriptors to @@ -508,6 +515,7 @@ struct or_options_t { */ struct smartlist_t *AuthDirBadExitCCs; struct smartlist_t *AuthDirInvalidCCs; + struct smartlist_t *AuthDirMiddleOnlyCCs; struct smartlist_t *AuthDirRejectCCs; /**@}*/ @@ -590,6 +598,15 @@ struct or_options_t { * If 0, use value from NumEntryGuards. */ int NumPrimaryGuards; /**< How many primary guards do we want? */ + /** Boolean: Switch to toggle the vanguards-lite subsystem */ + int VanguardsLiteEnabled; + + /** Boolean: Switch to override consensus to enable congestion control */ + int AlwaysCongestionControl; + + /** Boolean: Switch to specify this is an sbws measurement exit */ + int SbwsExit; + int RephistTrackTime; /**< How many seconds do we keep rephist info? */ /** Should we always fetch our dir info on the mirror schedule (which * means directly from the authorities) no matter our other config? */ @@ -677,6 +694,9 @@ struct or_options_t { /** If true, include statistics file contents in extra-info documents. */ int ExtraInfoStatistics; + /** If true, include overload statistics in extra-info documents. */ + int OverloadStatistics; + /** If true, do not believe anybody who tells us that a domain resolves * to an internal address, or that an internal address has a PTR mapping. * Helps avoid some cross-site attacks. */ @@ -1031,40 +1051,18 @@ struct or_options_t { */ int DisableSignalHandlers; - /** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */ - int DoSCircuitCreationEnabled; - /** Minimum concurrent connection needed from one single address before any - * defense is used. */ - int DoSCircuitCreationMinConnections; - /** Circuit rate used to refill the token bucket. */ - int DoSCircuitCreationRate; - /** Maximum allowed burst of circuits. Reaching that value, the address is - * detected as malicious and a defense might be used. */ - int DoSCircuitCreationBurst; - /** When an address is marked as malicious, what defense should be used - * against it. See the dos_cc_defense_type_t enum. */ - int DoSCircuitCreationDefenseType; - /** For how much time (in seconds) the defense is applicable for a malicious - * address. A random time delta is added to the defense time of an address - * which will be between 1 second and half of this value. */ - int DoSCircuitCreationDefenseTimePeriod; - - /** Autobool: Is the DoS connection mitigation subsystem enabled? */ - int DoSConnectionEnabled; - /** Maximum concurrent connection allowed per address. */ - int DoSConnectionMaxConcurrentCount; - /** When an address is reaches the maximum count, what defense should be - * used against it. See the dos_conn_defense_type_t enum. */ - int DoSConnectionDefenseType; - - /** Autobool: Do we refuse single hop client rendezvous? */ - int DoSRefuseSingleHopClientRendezvous; - /** Interval: how long without activity does it take for a client * to become dormant? **/ int DormantClientTimeout; + /** + * Boolean: If enabled, then we consider the timeout when deciding whether + * to be dormant. If not enabled, then only the SIGNAL ACTIVE/DORMANT + * controls can change our status. + **/ + int DormantTimeoutEnabled; + /** Boolean: true if having an idle stream is sufficient to prevent a client * from becoming dormant. **/ diff --git a/src/app/config/or_state_st.h b/src/app/config/or_state_st.h index 807f546169..3f2d78d8cd 100644 --- a/src/app/config/or_state_st.h +++ b/src/app/config/or_state_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/quiet_level.c b/src/app/config/quiet_level.c index e04faaef3a..4a5f595144 100644 --- a/src/app/config/quiet_level.c +++ b/src/app/config/quiet_level.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/quiet_level.h b/src/app/config/quiet_level.h index 3a630b90e7..6b20284ced 100644 --- a/src/app/config/quiet_level.h +++ b/src/app/config/quiet_level.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/resolve_addr.c b/src/app/config/resolve_addr.c index 86db6ba680..09d4b800f6 100644 --- a/src/app/config/resolve_addr.c +++ b/src/app/config/resolve_addr.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -343,6 +343,18 @@ get_address_from_config(const or_options_t *options, int warn_severity, * used, custom authorities must be defined else it is a fatal error. * Furthermore, if the Address was resolved to an internal interface, we * stop immediately. */ + if (ret == ERR_ADDRESS_IS_INTERNAL) { + static bool logged_once = false; + if (!logged_once) { + log_warn(LD_CONFIG, "Address set with an internal address. Tor will " + "not work unless custom directory authorities " + "are defined (AlternateDirAuthority). It is also " + "possible to use an internal address if " + "PublishServerDescriptor is set to 0 and " + "AssumeReachable(IPv6) to 1."); + logged_once = true; + } + } tor_free(*hostname_out); return FN_RET_BAIL; } @@ -852,4 +864,4 @@ resolve_addr_reset_suggested(int family) tor_addr_make_unspec(&last_suggested_addrs[af_to_idx(family)]); } -#endif /* TOR_UNIT_TESTS */ +#endif /* defined(TOR_UNIT_TESTS) */ diff --git a/src/app/config/resolve_addr.h b/src/app/config/resolve_addr.h index 919d5d42cc..9a3846dfcb 100644 --- a/src/app/config/resolve_addr.h +++ b/src/app/config/resolve_addr.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -61,7 +61,7 @@ void resolve_addr_reset_suggested(int family); #endif /* TOR_UNIT_TESTS */ -#endif /* RESOLVE_ADDR_PRIVATE */ +#endif /* defined(RESOLVE_ADDR_PRIVATE) */ -#endif /* TOR_CONFIG_RESOLVE_ADDR_H */ +#endif /* !defined(TOR_CONFIG_RESOLVE_ADDR_H) */ diff --git a/src/app/config/statefile.c b/src/app/config/statefile.c index 22b15fcf24..c33468c20f 100644 --- a/src/app/config/statefile.c +++ b/src/app/config/statefile.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/statefile.h b/src/app/config/statefile.h index 89b10560f3..bffb8c444d 100644 --- a/src/app/config/statefile.h +++ b/src/app/config/statefile.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/config/tor_cmdline_mode.h b/src/app/config/tor_cmdline_mode.h index 30a339a438..989050b1b1 100644 --- a/src/app/config/tor_cmdline_mode.h +++ b/src/app/config/tor_cmdline_mode.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/include.am b/src/app/include.am index 8bb315fff1..5494d904a3 100644 --- a/src/app/include.am +++ b/src/app/include.am @@ -17,7 +17,6 @@ src_app_tor_SOURCES = src/app/main/tor_main.c src_app_tor_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \ @TOR_LDFLAGS_libevent@ @TOR_STATIC_LDFLAGS@ src_app_tor_LDADD = libtor.a \ - $(rust_ldadd) \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ $(TOR_LIBS_CRYPTLIB) \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \ @CURVE25519_LIBS@ @TOR_SYSTEMD_LIBS@ \ @@ -28,7 +27,7 @@ src_app_tor_cov_SOURCES = $(src_app_tor_SOURCES) src_app_tor_cov_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_app_tor_cov_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) src_app_tor_cov_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \ - @TOR_LDFLAGS_libevent@ @TOR_STATIC_LDFALGS@ + @TOR_LDFLAGS_libevent@ @TOR_STATIC_LDFLAGS@ src_app_tor_cov_LDADD = src/test/libtor-testing.a \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ $(TOR_LIBS_CRYPTLIB) \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ \ diff --git a/src/app/main/main.c b/src/app/main/main.c index 5043caedb6..838e129d04 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -27,6 +27,8 @@ #include "core/or/channel.h" #include "core/or/channelpadding.h" #include "core/or/circuitpadding.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_flow.h" #include "core/or/circuitlist.h" #include "core/or/command.h" #include "core/or/connection_or.h" @@ -44,6 +46,7 @@ #include "feature/dirparse/routerparse.h" #include "feature/hibernate/hibernate.h" #include "feature/hs/hs_dos.h" +#include "feature/hs/hs_service.h" #include "feature/nodelist/authcert.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/routerlist.h" @@ -51,13 +54,12 @@ #include "feature/relay/ext_orport.h" #include "feature/relay/routerkeys.h" #include "feature/relay/routermode.h" -#include "feature/rend/rendcache.h" -#include "feature/rend/rendservice.h" #include "feature/stats/predict_ports.h" #include "feature/stats/bwhist.h" #include "feature/stats/rephist.h" #include "lib/compress/compress.h" #include "lib/buf/buffers.h" +#include "lib/crypt_ops/crypto_format.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_s2k.h" #include "lib/net/resolve.h" @@ -100,12 +102,6 @@ #include <systemd/sd-daemon.h> #endif /* defined(HAVE_SYSTEMD) */ -#ifdef HAVE_RUST -// helper function defined in Rust to output a log message indicating if tor is -// running with Rust enabled. See src/rust/tor_util -void rust_log_welcome_string(void); -#endif - /********* PROTOTYPES **********/ static void dumpmemusage(int severity); @@ -309,7 +305,7 @@ process_win32_console_ctrl(DWORD ctrl_type) activate_signal(SIGINT); return TRUE; } -#endif +#endif /* defined(_WIN32) */ /** * Write current memory usage information to the log. @@ -425,7 +421,6 @@ dumpstats(int severity) dumpmemusage(severity); rep_hist_dump_stats(now,severity); - rend_service_dump_stats(severity); hs_service_dump_stats(severity); } @@ -515,7 +510,7 @@ handle_signals(void) * to handle control signals like Ctrl+C in the console, we can use this to * simulate the SIGINT signal */ if (enabled) SetConsoleCtrlHandler(process_win32_console_ctrl, TRUE); -#endif +#endif /* defined(_WIN32) */ } /* Cause the signal handler for signal_num to be called in the event loop. */ @@ -551,7 +546,6 @@ tor_init(int argc, char *argv[]) rep_hist_init(); bwhist_init(); /* Initialize the service cache. */ - rend_cache_init(); addressmap_init(); /* Init the client dns cache. Do it always, since it's * cheap. */ @@ -611,10 +605,6 @@ tor_init(int argc, char *argv[]) tor_compress_log_init_warnings(); } -#ifdef HAVE_RUST - rust_log_welcome_string(); -#endif /* defined(HAVE_RUST) */ - /* Warn _if_ the tracing subsystem is built in. */ tracing_log_warning(); @@ -632,6 +622,8 @@ tor_init(int argc, char *argv[]) * until we get a consensus */ channelpadding_new_consensus_params(NULL); circpad_new_consensus_params(NULL); + congestion_control_new_consensus_params(NULL); + flow_control_new_consensus_params(NULL); /* Initialize circuit padding to defaults+torrc until we get a consensus */ circpad_machines_init(); @@ -734,29 +726,52 @@ tor_remove_file(const char *filename) static int do_list_fingerprint(void) { - char buf[FINGERPRINT_LEN+1]; + const or_options_t *options = get_options(); + const char *arg = options->command_arg; + char rsa[FINGERPRINT_LEN + 1]; crypto_pk_t *k; - const char *nickname = get_options()->Nickname; + const ed25519_public_key_t *edkey; + const char *nickname = options->Nickname; sandbox_disable_getaddrinfo_cache(); - if (!server_mode(get_options())) { + + bool show_rsa = !strcmp(arg, "") || !strcmp(arg, "rsa"); + bool show_ed25519 = !strcmp(arg, "ed25519"); + if (!show_rsa && !show_ed25519) { + log_err(LD_GENERAL, + "If you give a key type, you must specify 'rsa' or 'ed25519'. Exiting."); + return -1; + } + + if (!server_mode(options)) { log_err(LD_GENERAL, "Clients don't have long-term identity keys. Exiting."); return -1; } tor_assert(nickname); if (init_keys() < 0) { - log_err(LD_GENERAL,"Error initializing keys; exiting."); + log_err(LD_GENERAL, "Error initializing keys; exiting."); return -1; } if (!(k = get_server_identity_key())) { - log_err(LD_GENERAL,"Error: missing identity key."); + log_err(LD_GENERAL, "Error: missing RSA identity key."); return -1; } - if (crypto_pk_get_fingerprint(k, buf, 1)<0) { - log_err(LD_BUG, "Error computing fingerprint"); + if (crypto_pk_get_fingerprint(k, rsa, 1) < 0) { + log_err(LD_BUG, "Error computing RSA fingerprint"); return -1; } - printf("%s %s\n", nickname, buf); + if (!(edkey = get_master_identity_key())) { + log_err(LD_GENERAL,"Error: missing ed25519 identity key."); + return -1; + } + if (show_rsa) { + printf("%s %s\n", nickname, rsa); + } + if (show_ed25519) { + char ed25519[ED25519_BASE64_LEN + 1]; + digest256_to_base64(ed25519, (const char *) edkey->pubkey); + printf("%s %s\n", nickname, ed25519); + } return 0; } @@ -907,8 +922,11 @@ sandbox_init_filter(void) if (options->BridgeAuthoritativeDir) OPEN_DATADIR_SUFFIX("networkstatus-bridges", ".tmp"); - if (authdir_mode(options)) + if (authdir_mode(options)) { OPEN_DATADIR("approved-routers"); + OPEN_DATADIR_SUFFIX("my-consensus-microdesc", ".tmp"); + OPEN_DATADIR_SUFFIX("my-consensus-ns", ".tmp"); + } if (options->ServerDNSResolvConfFile) sandbox_cfg_allow_open_filename(&cfg, @@ -986,6 +1004,11 @@ sandbox_init_filter(void) if (options->BridgeAuthoritativeDir) RENAME_SUFFIX("networkstatus-bridges", ".tmp"); + if (authdir_mode(options)) { + RENAME_SUFFIX("my-consensus-microdesc", ".tmp"); + RENAME_SUFFIX("my-consensus-ns", ".tmp"); + } + #define STAT_DATADIR(name) \ sandbox_cfg_allow_stat_filename(&cfg, get_datadir_fname(name)) @@ -1091,6 +1114,7 @@ sandbox_init_filter(void) OPEN_DATADIR2_SUFFIX("stats", "buffer-stats", ".tmp"); OPEN_DATADIR2_SUFFIX("stats", "conn-stats", ".tmp"); OPEN_DATADIR2_SUFFIX("stats", "hidserv-stats", ".tmp"); + OPEN_DATADIR2_SUFFIX("stats", "hidserv-v3-stats", ".tmp"); OPEN_DATADIR("approved-routers"); OPEN_DATADIR_SUFFIX("fingerprint", ".tmp"); @@ -1116,6 +1140,7 @@ sandbox_init_filter(void) RENAME_SUFFIX2("stats", "buffer-stats", ".tmp"); RENAME_SUFFIX2("stats", "conn-stats", ".tmp"); RENAME_SUFFIX2("stats", "hidserv-stats", ".tmp"); + RENAME_SUFFIX2("stats", "hidserv-v3-stats", ".tmp"); RENAME_SUFFIX("hashed-fingerprint", ".tmp"); RENAME_SUFFIX("router-stability", ".tmp"); @@ -1320,6 +1345,13 @@ tor_run_main(const tor_main_configuration_t *tor_cfg) pubsub_connect(); if (get_options()->Sandbox && get_options()->command == CMD_RUN_TOR) { +#ifdef ENABLE_FRAGILE_HARDENING + log_warn(LD_CONFIG, "Sandbox is enabled but this Tor was built using " + "fragile compiler hardening. The sandbox may be unable to filter " + "requests to open files and directories and its overall " + "effectiveness will be reduced."); +#endif + sandbox_cfg_t* cfg = sandbox_init_filter(); if (sandbox_init(cfg)) { diff --git a/src/app/main/main.h b/src/app/main/main.h index e6ed978c61..a8fa0959ab 100644 --- a/src/app/main/main.h +++ b/src/app/main/main.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/main/ntmain.c b/src/app/main/ntmain.c index 5dc0edd591..9f2f52fb2e 100644 --- a/src/app/main/ntmain.c +++ b/src/app/main/ntmain.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -500,7 +500,8 @@ nt_service_command_line(int *using_default_torrc) if (!strcmp(backup_argv[i], "--options") || !strcmp(backup_argv[i], "-options")) { while (++i < backup_argc) { - if (!strcmp(backup_argv[i], "-f")) + if (!strcmp(backup_argv[i], "-f") || + !strcmp(backup_argv[i], "--torrc-file")) *using_default_torrc = 0; smartlist_add(sl, backup_argv[i]); } diff --git a/src/app/main/ntmain.h b/src/app/main/ntmain.h index c2d6e23da7..46c4625b77 100644 --- a/src/app/main/ntmain.h +++ b/src/app/main/ntmain.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/main/risky_options.c b/src/app/main/risky_options.c index 747dda766b..ed9eeca224 100644 --- a/src/app/main/risky_options.c +++ b/src/app/main/risky_options.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/main/risky_options.h b/src/app/main/risky_options.h index 4548ae3efb..f94dd15faa 100644 --- a/src/app/main/risky_options.h +++ b/src/app/main/risky_options.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -14,4 +14,4 @@ extern const char risky_option_list[]; -#endif +#endif /* !defined(TOR_RISKY_OPTIONS_H) */ diff --git a/src/app/main/shutdown.c b/src/app/main/shutdown.c index 4a556333db..a6065db5da 100644 --- a/src/app/main/shutdown.c +++ b/src/app/main/shutdown.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -45,8 +45,6 @@ #include "feature/nodelist/routerlist.h" #include "feature/relay/ext_orport.h" #include "feature/relay/relay_config.h" -#include "feature/rend/rendcache.h" -#include "feature/rend/rendclient.h" #include "feature/stats/bwhist.h" #include "feature/stats/geoip_stats.h" #include "feature/stats/rephist.h" @@ -119,8 +117,6 @@ tor_free_all(int postfork) networkstatus_free_all(); addressmap_free_all(); dirserv_free_all(); - rend_cache_free_all(); - rend_service_authorization_free_all(); rep_hist_free_all(); bwhist_free_all(); circuit_free_all(); diff --git a/src/app/main/shutdown.h b/src/app/main/shutdown.h index 623ae9525b..035ced8467 100644 --- a/src/app/main/shutdown.h +++ b/src/app/main/shutdown.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/main/subsysmgr.c b/src/app/main/subsysmgr.c index 349803cd46..ad2bf95700 100644 --- a/src/app/main/subsysmgr.c +++ b/src/app/main/subsysmgr.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/main/subsysmgr.h b/src/app/main/subsysmgr.h index ae0b3df469..e5ff7e2b2b 100644 --- a/src/app/main/subsysmgr.h +++ b/src/app/main/subsysmgr.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/app/main/subsystem_list.c b/src/app/main/subsystem_list.c index cb79909e69..0333077164 100644 --- a/src/app/main/subsystem_list.c +++ b/src/app/main/subsystem_list.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -14,6 +14,7 @@ #include "lib/cc/torint.h" #include "core/mainloop/mainloop_sys.h" +#include "core/or/dos_sys.h" #include "core/or/or_sys.h" #include "feature/control/btrack_sys.h" #include "lib/compress/compress_sys.h" @@ -64,6 +65,7 @@ const subsys_fns_t *tor_subsystems[] = { &sys_mainloop, &sys_or, + &sys_dos, &sys_relay, &sys_hs, diff --git a/src/app/main/tor_main.c b/src/app/main/tor_main.c index 0ee03fd5e9..d12b6cb425 100644 --- a/src/app/main/tor_main.c +++ b/src/app/main/tor_main.c @@ -1,6 +1,6 @@ /* Copyright 2001-2004 Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/config/README b/src/config/README index cb2debb88f..4553325e57 100644 --- a/src/config/README +++ b/src/config/README @@ -33,3 +33,32 @@ torrc.sample.in: most people shouldn't mess with. +============================== + +On the geoip format: + +Our geoip files are line-oriented. Any empty line, or line starting +with a #, is ignored. + +All other lines are composed of three comma-separated values: +START,END,CC. For the geoip file, START and END are IPv4 addresses +as expressed as 32-bit integers (such as 3325256709 to represent +198.51.100.5). For the geoip6 file, START and END are IPv6 +addresses, with no brackets. In both cases CC is a two-character +country code. + +The semantic meaning of a line START,END,CC is that all addresses +between START and END _inclusive_ should be mapped to the country code +CC. + +We guarantee that all entries within these files are disjoint -- +that is, there is no address that is matched by more than one +line. We also guarantee that all entries within these files are +sorted in numerically ascending order by address. + +Thus, one effective search algorithm here is to perform a binary +search on all the entries in the file. + +Note that there _are_ "gaps" in these databases: not every possible +address maps to a country code. In those cases, Tor reports the +country as ??. diff --git a/src/config/mmdb-convert.py b/src/config/mmdb-convert.py deleted file mode 100644 index 4acfea6c0e..0000000000 --- a/src/config/mmdb-convert.py +++ /dev/null @@ -1,471 +0,0 @@ -#!/usr/bin/python - -# This software has been dedicated to the public domain under the CC0 -# public domain dedication. -# -# To the extent possible under law, the person who associated CC0 -# with mmdb-convert.py has waived all copyright and related or -# neighboring rights to mmdb-convert.py. -# -# You should have received a copy of the CC0 legalcode along with this -# work in doc/cc0.txt. If not, see -# <https://creativecommons.org/publicdomain/zero/1.0/>. - -# Nick Mathewson is responsible for this kludge, but takes no -# responsibility for it. - -"""This kludge is meant to - parse mmdb files in sufficient detail to dump out the old format - that Tor expects. It's also meant to be pure-python. - - When given a simplicity/speed tradeoff, it opts for simplicity. - - You will not understand the code without understanding the MaxMind-DB - file format. It is specified at: - https://github.com/maxmind/MaxMind-DB/blob/master/MaxMind-DB-spec.md. - - This isn't so much tested. When it breaks, you get to keep both - pieces. -""" - -# Future imports for Python 2.7, mandatory in 3.0 -from __future__ import division -from __future__ import print_function -from __future__ import unicode_literals - -import struct -import bisect -import socket -import binascii -import sys -import time - -METADATA_MARKER = b'\xab\xcd\xefMaxMind.com' - -# Here's some python2/python3 junk. Better solutions wanted. -try: - ord(b"1"[0]) -except TypeError: - def byte_to_int(b): - "convert a single element of a bytestring to an integer." - return b -else: - byte_to_int = ord - -# Here's some more python2/python3 junk. Better solutions wanted. -try: - str(b"a", "utf8") -except TypeError: - bytesToStr = str -else: - def bytesToStr(b): - "convert a bytestring in utf8 to a string." - return str(b, 'utf8') - -def to_int(s): - "Parse a big-endian integer from bytestring s." - result = 0 - for c in s: - result *= 256 - result += byte_to_int(c) - return result - -def to_int24(s): - "Parse a pair of big-endian 24-bit integers from bytestring s." - a, b, c = struct.unpack("!HHH", s) - return ((a <<8)+(b>>8)), (((b&0xff)<<16)+c) - -def to_int32(s): - "Parse a pair of big-endian 32-bit integers from bytestring s." - a, b = struct.unpack("!LL", s) - return a, b - -def to_int28(s): - "Parse a pair of big-endian 28-bit integers from bytestring s." - a, b = struct.unpack("!LL", s + b'\x00') - return (((a & 0xf0) << 20) + (a >> 8)), ((a & 0x0f) << 24) + (b >> 8) - -class Tree(object): - "Holds a node in the tree" - def __init__(self, left, right): - self.left = left - self.right = right - -def resolve_tree(tree, data): - """Fill in the left_item and right_item fields for all values in the tree - so that they point to another Tree, or to a Datum, or to None.""" - d = Datum(None, None, None, None) - def resolve_item(item): - "Helper: resolve a single index." - if item < len(tree): - return tree[item] - elif item == len(tree): - return None - else: - d.pos = (item - len(tree) - 16) - p = bisect.bisect_left(data, d) - assert data[p].pos == d.pos - return data[p] - - for t in tree: - t.left_item = resolve_item(t.left) - t.right_item = resolve_item(t.right) - -def parse_search_tree(s, record_size): - """Given a bytestring and a record size in bits, parse the tree. - Return a list of nodes.""" - record_bytes = (record_size*2) // 8 - nodes = [] - p = 0 - try: - to_leftright = { 24: to_int24, - 28: to_int28, - 32: to_int32 }[ record_size ] - except KeyError: - raise NotImplementedError("Unsupported record size in bits: %d" % - record_size) - while p < len(s): - left, right = to_leftright(s[p:p+record_bytes]) - p += record_bytes - - nodes.append( Tree(left, right ) ) - - return nodes - -class Datum(object): - """Holds a single entry from the Data section""" - def __init__(self, pos, kind, ln, data): - self.pos = pos # Position of this record within data section - self.kind = kind # Type of this record. one of TP_* - self.ln = ln # Length field, which might be overloaded. - self.data = data # Raw bytes data. - self.children = None # Used for arrays and maps. - - def __repr__(self): - return "Datum(%r,%r,%r,%r)" % (self.pos, self.kind, self.ln, self.data) - - # Comparison functions used for bsearch - def __lt__(self, other): - return self.pos < other.pos - - def __gt__(self, other): - return self.pos > other.pos - - def __eq__(self, other): - return self.pos == other.pos - - def build_maps(self): - """If this is a map or array, fill in its 'map' field if it's a map, - and the 'map' field of all its children.""" - - if not hasattr(self, 'nChildren'): - return - - if self.kind == TP_ARRAY: - del self.nChildren - for c in self.children: - c.build_maps() - - elif self.kind == TP_MAP: - del self.nChildren - self.map = {} - for i in range(0, len(self.children), 2): - k = self.children[i].deref() - v = self.children[i+1].deref() - v.build_maps() - if k.kind != TP_UTF8: - raise ValueError("Bad dictionary key type %d"% k.kind) - self.map[bytesToStr(k.data)] = v - - def int_val(self): - """If this is an integer type, return its value""" - assert self.kind in (TP_UINT16, TP_UINT32, TP_UINT64, - TP_UINT128, TP_SINT32) - i = to_int(self.data) - if self.kind == TP_SINT32: - if i & 0x80000000: - i = i - 0x100000000 - return i - - def deref(self): - """If this value is a pointer, return its pointed-to-value. Chase - through multiple layers of pointers if need be. If this isn't - a pointer, return it.""" - n = 0 - s = self - while s.kind == TP_PTR: - s = s.ptr - n += 1 - assert n < 100 - return s - -def resolve_pointers(data): - """Fill in the ptr field of every pointer in data.""" - search = Datum(None, None, None, None) - for d in data: - if d.kind == TP_PTR: - search.pos = d.ln - p = bisect.bisect_left(data, search) - assert data[p].pos == d.ln - d.ptr = data[p] - -TP_PTR = 1 -TP_UTF8 = 2 -TP_DBL = 3 -TP_BYTES = 4 -TP_UINT16 = 5 -TP_UINT32 = 6 -TP_MAP = 7 -TP_SINT32 = 8 -TP_UINT64 = 9 -TP_UINT128 = 10 -TP_ARRAY = 11 -TP_DCACHE = 12 -TP_END = 13 -TP_BOOL = 14 -TP_FLOAT = 15 - -def get_type_and_len(s): - """Data parsing helper: decode the type value and much-overloaded 'length' - field for the value starting at s. Return a 3-tuple of type, length, - and number of bytes used to encode type-plus-length.""" - c = byte_to_int(s[0]) - tp = c >> 5 - skip = 1 - if tp == 0: - tp = byte_to_int(s[1])+7 - skip = 2 - ln = c & 31 - - # I'm sure I don't know what they were thinking here... - if tp == TP_PTR: - len_len = (ln >> 3) + 1 - if len_len < 4: - ln &= 7 - ln <<= len_len * 8 - else: - ln = 0 - ln += to_int(s[skip:skip+len_len]) - ln += (0, 0, 2048, 526336, 0)[len_len] - skip += len_len - elif ln >= 29: - len_len = ln - 28 - ln = to_int(s[skip:skip+len_len]) - ln += (0, 29, 285, 65821)[len_len] - skip += len_len - - return tp, ln, skip - -# Set of types for which 'length' doesn't mean length. -IGNORE_LEN_TYPES = set([ - TP_MAP, # Length is number of key-value pairs that follow. - TP_ARRAY, # Length is number of members that follow. - TP_PTR, # Length is index to pointed-to data element. - TP_BOOL, # Length is 0 or 1. - TP_DCACHE, # Length is number of members that follow -]) - -def parse_data_section(s): - """Given a data section encoded in a bytestring, return a list of - Datum items.""" - - # Stack of possibly nested containers. We use the 'nChildren' member of - # the last one to tell how many more items nest directly inside. - stack = [] - - # List of all items, including nested ones. - data = [] - - # Byte index within the data section. - pos = 0 - - while s: - tp, ln, skip = get_type_and_len(s) - if tp in IGNORE_LEN_TYPES: - real_len = 0 - else: - real_len = ln - - d = Datum(pos, tp, ln, s[skip:skip+real_len]) - data.append(d) - pos += skip+real_len - s = s[skip+real_len:] - - if stack: - stack[-1].children.append(d) - stack[-1].nChildren -= 1 - if stack[-1].nChildren == 0: - del stack[-1] - - if d.kind == TP_ARRAY: - d.nChildren = d.ln - d.children = [] - stack.append(d) - elif d.kind == TP_MAP: - d.nChildren = d.ln * 2 - d.children = [] - stack.append(d) - - return data - -def parse_mm_file(s): - """Parse a MaxMind-DB file.""" - try: - metadata_ptr = s.rindex(METADATA_MARKER) - except ValueError: - raise ValueError("No metadata!") - - metadata = parse_data_section(s[metadata_ptr+len(METADATA_MARKER):]) - - if metadata[0].kind != TP_MAP: - raise ValueError("Bad map") - - metadata[0].build_maps() - mm = metadata[0].map - - tree_size = (((mm['record_size'].int_val() * 2) // 8 ) * - mm['node_count'].int_val()) - - if s[tree_size:tree_size+16] != b'\x00'*16: - raise ValueError("Missing section separator!") - - tree = parse_search_tree(s[:tree_size], mm['record_size'].int_val()) - - data = parse_data_section(s[tree_size+16:metadata_ptr]) - - resolve_pointers(data) - resolve_tree(tree, data) - - for d in data: - d.build_maps() - - return metadata, tree, data - -def format_datum(datum): - """Given a Datum at a leaf of the tree, return the string that we should - write as its value. - - We first try country->iso_code which is the two-character ISO 3166-1 - country code of the country where MaxMind believes the end user is - located. If there's no such key, we try registered_country->iso_code - which is the country in which the ISP has registered the IP address. - Without falling back to registered_country, we'd leave out all ranges - that MaxMind thinks belong to anonymous proxies, because those ranges - don't contain country but only registered_country. In short: let's - fill all A1 entries with what ARIN et. al think. - """ - try: - return bytesToStr(datum.map['country'].map['iso_code'].data) - except KeyError: - pass - try: - return bytesToStr(datum.map['registered_country'].map['iso_code'].data) - except KeyError: - pass - return None - -IPV4_PREFIX = "0"*96 - -def dump_item_ipv4(entries, prefix, val): - """Dump the information for an IPv4 address to entries, where 'prefix' - is a string holding a binary prefix for the address, and 'val' is the - value to dump. If the prefix is not an IPv4 address (it does not start - with 96 bits of 0), then print nothing. - """ - if not prefix.startswith(IPV4_PREFIX): - return - prefix = prefix[96:] - v = int(prefix, 2) - shift = 32 - len(prefix) - lo = v << shift - hi = ((v+1) << shift) - 1 - entries.append((lo, hi, val)) - -def fmt_item_ipv4(entry): - """Format an IPv4 range with lo and hi addresses in decimal form.""" - return "%d,%d,%s\n"%(entry[0], entry[1], entry[2]) - -def fmt_ipv6_addr(v): - """Given a 128-bit integer representing an ipv6 address, return a - string for that ipv6 address.""" - return socket.inet_ntop(socket.AF_INET6, binascii.unhexlify("%032x"%v)) - -def fmt_item_ipv6(entry): - """Format an IPv6 range with lo and hi addresses in hex form.""" - return "%s,%s,%s\n"%(fmt_ipv6_addr(entry[0]), - fmt_ipv6_addr(entry[1]), - entry[2]) - -IPV4_MAPPED_IPV6_PREFIX = "0"*80 + "1"*16 -IPV6_6TO4_PREFIX = "0010000000000010" -TEREDO_IPV6_PREFIX = "0010000000000001" + "0"*16 - -def dump_item_ipv6(entries, prefix, val): - """Dump the information for an IPv6 address prefix to entries, where - 'prefix' is a string holding a binary prefix for the address, - and 'val' is the value to dump. If the prefix is an IPv4 address - (starts with 96 bits of 0), is an IPv4-mapped IPv6 address - (::ffff:0:0/96), or is in the 6to4 mapping subnet (2002::/16), then - print nothing. - """ - if prefix.startswith(IPV4_PREFIX) or \ - prefix.startswith(IPV4_MAPPED_IPV6_PREFIX) or \ - prefix.startswith(IPV6_6TO4_PREFIX) or \ - prefix.startswith(TEREDO_IPV6_PREFIX): - return - v = int(prefix, 2) - shift = 128 - len(prefix) - lo = v << shift - hi = ((v+1) << shift) - 1 - entries.append((lo, hi, val)) - -def dump_tree(entries, node, dump_item, prefix=""): - """Walk the tree rooted at 'node', and call dump_item on the - format_datum output of every leaf of the tree.""" - - if isinstance(node, Tree): - dump_tree(entries, node.left_item, dump_item, prefix+"0") - dump_tree(entries, node.right_item, dump_item, prefix+"1") - elif isinstance(node, Datum): - assert node.kind == TP_MAP - code = format_datum(node) - if code: - dump_item(entries, prefix, code) - else: - assert node == None - -GEOIP_FILE_HEADER = """\ -# Last updated based on %s Maxmind GeoLite2 Country -# wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.mmdb.gz -# gunzip GeoLite2-Country.mmdb.gz -# python mmdb-convert.py GeoLite2-Country.mmdb -""" - -def write_geoip_file(filename, metadata, the_tree, dump_item, fmt_item): - """Write the entries in the_tree to filename.""" - entries = [] - dump_tree(entries, the_tree[0], dump_item) - fobj = open(filename, 'w') - - build_epoch = metadata[0].map['build_epoch'].int_val() - fobj.write(GEOIP_FILE_HEADER % - time.strftime('%B %-d %Y', time.gmtime(build_epoch))) - - unwritten = None - for entry in entries: - if not unwritten: - unwritten = entry - elif unwritten[1] + 1 == entry[0] and unwritten[2] == entry[2]: - unwritten = (unwritten[0], entry[1], unwritten[2]) - else: - fobj.write(fmt_item(unwritten)) - unwritten = entry - if unwritten: - fobj.write(fmt_item(unwritten)) - fobj.close() - -content = open(sys.argv[1], 'rb').read() -metadata, the_tree, _ = parse_mm_file(content) - -write_geoip_file('geoip', metadata, the_tree, dump_item_ipv4, fmt_item_ipv4) -write_geoip_file('geoip6', metadata, the_tree, dump_item_ipv6, fmt_item_ipv6) diff --git a/src/config/torrc.minimal.in-staging b/src/config/torrc.minimal.in-staging index 7f43cd324e..667ab294b4 100644 --- a/src/config/torrc.minimal.in-staging +++ b/src/config/torrc.minimal.in-staging @@ -224,4 +224,4 @@ ## mechanisms like https://bridges.torproject.org/. If you want to run ## a private bridge, for example because you'll give out your bridge ## address manually to your friends, uncomment this line: -#PublishServerDescriptor 0 +#BridgeDistribution none diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in index 5d593871dd..edc30d043c 100644 --- a/src/config/torrc.sample.in +++ b/src/config/torrc.sample.in @@ -239,7 +239,7 @@ ## mechanisms like https://bridges.torproject.org/. If you want to run ## a private bridge, for example because you'll give out your bridge ## address manually to your friends, uncomment this line: -#PublishServerDescriptor 0 +#BridgeDistribution none ## Configuration options can be imported from files or folders using the %include ## option with the value being a path. This path can have wildcards. Wildcards are diff --git a/src/core/crypto/hs_ntor.c b/src/core/crypto/hs_ntor.c index 07bcdc566c..67da65d8bc 100644 --- a/src/core/crypto/hs_ntor.c +++ b/src/core/crypto/hs_ntor.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** \file hs_ntor.c diff --git a/src/core/crypto/hs_ntor.h b/src/core/crypto/hs_ntor.h index 9a975dd83f..d5913f6562 100644 --- a/src/core/crypto/hs_ntor.h +++ b/src/core/crypto/hs_ntor.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/crypto/include.am b/src/core/crypto/include.am index 28b7e22905..2d53b3cb0b 100644 --- a/src/core/crypto/include.am +++ b/src/core/crypto/include.am @@ -5,6 +5,7 @@ LIBTOR_APP_A_SOURCES += \ src/core/crypto/onion_crypto.c \ src/core/crypto/onion_fast.c \ src/core/crypto/onion_ntor.c \ + src/core/crypto/onion_ntor_v3.c \ src/core/crypto/onion_tap.c \ src/core/crypto/relay_crypto.c @@ -14,5 +15,6 @@ noinst_HEADERS += \ src/core/crypto/onion_crypto.h \ src/core/crypto/onion_fast.h \ src/core/crypto/onion_ntor.h \ + src/core/crypto/onion_ntor_v3.h \ src/core/crypto/onion_tap.h \ src/core/crypto/relay_crypto.h diff --git a/src/core/crypto/onion_crypto.c b/src/core/crypto/onion_crypto.c index 1f34be1cc1..81e4e1b078 100644 --- a/src/core/crypto/onion_crypto.c +++ b/src/core/crypto/onion_crypto.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -35,14 +35,28 @@ #include "core/crypto/onion_crypto.h" #include "core/crypto/onion_fast.h" #include "core/crypto/onion_ntor.h" +#include "core/crypto/onion_ntor_v3.h" #include "core/crypto/onion_tap.h" #include "feature/relay/router.h" #include "lib/crypt_ops/crypto_dh.h" #include "lib/crypt_ops/crypto_util.h" +#include "feature/relay/routerkeys.h" +#include "core/or/congestion_control_common.h" + +#include "core/or/circuitbuild.h" #include "core/or/crypt_path_st.h" #include "core/or/extend_info_st.h" +#include "trunnel/congestion_control.h" +#include "trunnel/extension.h" + +static const uint8_t NTOR3_CIRC_VERIFICATION[] = "circuit extend"; +static const size_t NTOR3_CIRC_VERIFICATION_LEN = 14; + +#define NTOR3_VERIFICATION_ARGS \ + NTOR3_CIRC_VERIFICATION, NTOR3_CIRC_VERIFICATION_LEN + /** Return a new server_onion_keys_t object with all of the keys * and other info we might need to do onion handshakes. (We make a copy of * our keys for each cpuworker to avoid race conditions with the main thread, @@ -52,6 +66,7 @@ server_onion_keys_new(void) { server_onion_keys_t *keys = tor_malloc_zero(sizeof(server_onion_keys_t)); memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN); + ed25519_pubkey_copy(&keys->my_ed_identity, get_master_identity_key()); dup_onion_keys(&keys->onion_key, &keys->last_onion_key); keys->curve25519_key_map = construct_ntor_key_map(); keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t)); @@ -91,6 +106,9 @@ onion_handshake_state_release(onion_handshake_state_t *state) ntor_handshake_state_free(state->u.ntor); state->u.ntor = NULL; break; + case ONION_HANDSHAKE_TYPE_NTOR_V3: + ntor3_handshake_state_free(state->u.ntor3); + break; default: /* LCOV_EXCL_START * This state should not even exist. */ @@ -103,19 +121,23 @@ onion_handshake_state_release(onion_handshake_state_t *state) /** Perform the first step of a circuit-creation handshake of type <b>type</b> * (one of ONION_HANDSHAKE_TYPE_*): generate the initial "onion skin" in - * <b>onion_skin_out</b>, and store any state information in <b>state_out</b>. + * <b>onion_skin_out</b> with length of up to <b>onion_skin_out_maxlen</b>, + * and store any state information in <b>state_out</b>. * Return -1 on failure, and the length of the onionskin on acceptance. */ int onion_skin_create(int type, const extend_info_t *node, onion_handshake_state_t *state_out, - uint8_t *onion_skin_out) + uint8_t *onion_skin_out, + size_t onion_skin_out_maxlen) { int r = -1; switch (type) { case ONION_HANDSHAKE_TYPE_TAP: + if (onion_skin_out_maxlen < TAP_ONIONSKIN_CHALLENGE_LEN) + return -1; if (!node->onion_key) return -1; @@ -133,7 +155,9 @@ onion_skin_create(int type, r = CREATE_FAST_LEN; break; case ONION_HANDSHAKE_TYPE_NTOR: - if (!extend_info_supports_ntor(node)) + if (onion_skin_out_maxlen < NTOR_ONIONSKIN_LEN) + return -1; + if (!extend_info_supports_ntor(node)) return -1; if (onion_skin_ntor_create((const uint8_t*)node->identity_digest, &node->curve25519_onion_key, @@ -143,6 +167,37 @@ onion_skin_create(int type, r = NTOR_ONIONSKIN_LEN; break; + case ONION_HANDSHAKE_TYPE_NTOR_V3: + if (!extend_info_supports_ntor_v3(node)) + return -1; + if (ed25519_public_key_is_zero(&node->ed_identity)) + return -1; + size_t msg_len = 0; + uint8_t *msg = NULL; + if (client_circ_negotiation_message(node, &msg, &msg_len) < 0) + return -1; + uint8_t *onion_skin = NULL; + size_t onion_skin_len = 0; + int status = onion_skin_ntor3_create( + &node->ed_identity, + &node->curve25519_onion_key, + NTOR3_VERIFICATION_ARGS, + msg, msg_len, /* client message */ + &state_out->u.ntor3, + &onion_skin, &onion_skin_len); + tor_free(msg); + if (status < 0) { + return -1; + } + if (onion_skin_len > onion_skin_out_maxlen) { + tor_free(onion_skin); + return -1; + } + memcpy(onion_skin_out, onion_skin, onion_skin_len); + tor_free(onion_skin); + r = (int) onion_skin_len; + break; + default: /* LCOV_EXCL_START * We should never try to create an impossible handshake type. */ @@ -158,6 +213,50 @@ onion_skin_create(int type, return r; } +/** + * Takes a param request message from the client, compares it to our + * consensus parameters, and creates a reply message and output + * parameters. + * + * This function runs in a worker thread, so it can only inspect + * arguments and local variables. + * + * Returns 0 if successful. + * Returns -1 on parsing, parameter failure, or reply creation failure. + */ +static int +negotiate_v3_ntor_server_circ_params(const uint8_t *param_request_msg, + size_t param_request_len, + const circuit_params_t *our_ns_params, + circuit_params_t *params_out, + uint8_t **resp_msg_out, + size_t *resp_msg_len_out) +{ + int ret; + + /* Parse request. */ + ret = congestion_control_parse_ext_request(param_request_msg, + param_request_len); + if (ret < 0) { + goto err; + } + params_out->cc_enabled = ret && our_ns_params->cc_enabled; + + /* Build the response. */ + ret = congestion_control_build_ext_response(our_ns_params, params_out, + resp_msg_out, resp_msg_len_out); + if (ret < 0) { + goto err; + } + params_out->sendme_inc_cells = our_ns_params->sendme_inc_cells; + + /* Success. */ + ret = 0; + + err: + return ret; +} + /* This is the maximum value for keys_out_len passed to * onion_skin_server_handshake, plus 16. We can make it bigger if needed: * It just defines how many bytes to stack-allocate. */ @@ -174,14 +273,20 @@ int onion_skin_server_handshake(int type, const uint8_t *onion_skin, size_t onionskin_len, const server_onion_keys_t *keys, + const circuit_params_t *our_ns_params, uint8_t *reply_out, + size_t reply_out_maxlen, uint8_t *keys_out, size_t keys_out_len, - uint8_t *rend_nonce_out) + uint8_t *rend_nonce_out, + circuit_params_t *params_out) { int r = -1; + memset(params_out, 0, sizeof(*params_out)); switch (type) { case ONION_HANDSHAKE_TYPE_TAP: + if (reply_out_maxlen < TAP_ONIONSKIN_REPLY_LEN) + return -1; if (onionskin_len != TAP_ONIONSKIN_CHALLENGE_LEN) return -1; if (onion_skin_TAP_server_handshake((const char*)onion_skin, @@ -193,6 +298,8 @@ onion_skin_server_handshake(int type, memcpy(rend_nonce_out, reply_out+DH1024_KEY_LEN, DIGEST_LEN); break; case ONION_HANDSHAKE_TYPE_FAST: + if (reply_out_maxlen < CREATED_FAST_LEN) + return -1; if (onionskin_len != CREATE_FAST_LEN) return -1; if (fast_server_handshake(onion_skin, reply_out, keys_out, keys_out_len)<0) @@ -201,6 +308,8 @@ onion_skin_server_handshake(int type, memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN); break; case ONION_HANDSHAKE_TYPE_NTOR: + if (reply_out_maxlen < NTOR_REPLY_LEN) + return -1; if (onionskin_len < NTOR_ONIONSKIN_LEN) return -1; { @@ -223,6 +332,71 @@ onion_skin_server_handshake(int type, r = NTOR_REPLY_LEN; } break; + case ONION_HANDSHAKE_TYPE_NTOR_V3: { + size_t keys_tmp_len = keys_out_len + DIGEST_LEN; + tor_assert(keys_tmp_len <= MAX_KEYS_TMP_LEN); + uint8_t keys_tmp[MAX_KEYS_TMP_LEN]; + uint8_t *client_msg = NULL; + size_t client_msg_len = 0; + uint8_t *reply_msg = NULL; + size_t reply_msg_len = 0; + + ntor3_server_handshake_state_t *state = NULL; + + if (onion_skin_ntor3_server_handshake_part1( + keys->curve25519_key_map, + keys->junk_keypair, + &keys->my_ed_identity, + onion_skin, onionskin_len, + NTOR3_VERIFICATION_ARGS, + &client_msg, &client_msg_len, + &state) < 0) { + return -1; + } + + if (negotiate_v3_ntor_server_circ_params(client_msg, + client_msg_len, + our_ns_params, + params_out, + &reply_msg, + &reply_msg_len) < 0) { + ntor3_server_handshake_state_free(state); + tor_free(client_msg); + return -1; + } + tor_free(client_msg); + + uint8_t *server_handshake = NULL; + size_t server_handshake_len = 0; + if (onion_skin_ntor3_server_handshake_part2( + state, + NTOR3_VERIFICATION_ARGS, + reply_msg, reply_msg_len, + &server_handshake, &server_handshake_len, + keys_tmp, keys_tmp_len) < 0) { + tor_free(reply_msg); + ntor3_server_handshake_state_free(state); + return -1; + } + tor_free(reply_msg); + + if (server_handshake_len > reply_out_maxlen) { + tor_free(server_handshake); + ntor3_server_handshake_state_free(state); + return -1; + } + + memcpy(keys_out, keys_tmp, keys_out_len); + memcpy(rend_nonce_out, keys_tmp+keys_out_len, DIGEST_LEN); + memcpy(reply_out, server_handshake, server_handshake_len); + memwipe(keys_tmp, 0, keys_tmp_len); + memwipe(server_handshake, 0, server_handshake_len); + tor_free(server_handshake); + ntor3_server_handshake_state_free(state); + + r = (int) server_handshake_len; + } + break; default: /* LCOV_EXCL_START * We should have rejected this far before this point */ @@ -235,6 +409,44 @@ onion_skin_server_handshake(int type, return r; } +/** + * Takes a param response message from the exit, compares it to our + * consensus parameters for sanity, and creates output parameters + * if sane. + * + * Returns -1 on parsing or insane params, 0 if success. + */ +static int +negotiate_v3_ntor_client_circ_params(const uint8_t *param_response_msg, + size_t param_response_len, + circuit_params_t *params_out) +{ + int ret = congestion_control_parse_ext_response(param_response_msg, + param_response_len, + params_out); + if (ret < 0) { + return -1; + } + + /* If congestion control came back enabled, but we didn't ask for it + * because the consensus said no, close the circuit. + * + * This is a fatal error condition for the circuit, because it either + * means that congestion control was disabled by the consensus + * during the handshake, or the exit decided to send us an unsolicited + * congestion control response. + * + * In either case, we cannot proceed on this circuit, and must try a + * new one. + */ + if (ret && !congestion_control_enabled()) { + return -1; + } + params_out->cc_enabled = ret; + + return 0; +} + /** Perform the final (client-side) step of a circuit-creation handshake of * type <b>type</b>, using our state in <b>handshake_state</b> and the * server's response in <b>reply</b>. On success, generate <b>keys_out_len</b> @@ -249,11 +461,14 @@ onion_skin_client_handshake(int type, const uint8_t *reply, size_t reply_len, uint8_t *keys_out, size_t keys_out_len, uint8_t *rend_authenticator_out, + circuit_params_t *params_out, const char **msg_out) { if (handshake_state->tag != type) return -1; + memset(params_out, 0, sizeof(*params_out)); + switch (type) { case ONION_HANDSHAKE_TYPE_TAP: if (reply_len != TAP_ONIONSKIN_REPLY_LEN) { @@ -303,6 +518,39 @@ onion_skin_client_handshake(int type, tor_free(keys_tmp); } return 0; + case ONION_HANDSHAKE_TYPE_NTOR_V3: { + size_t keys_tmp_len = keys_out_len + DIGEST_LEN; + uint8_t *keys_tmp = tor_malloc(keys_tmp_len); + uint8_t *server_msg = NULL; + size_t server_msg_len = 0; + int r = onion_ntor3_client_handshake( + handshake_state->u.ntor3, + reply, reply_len, + NTOR3_VERIFICATION_ARGS, + keys_tmp, keys_tmp_len, + &server_msg, &server_msg_len); + if (r < 0) { + tor_free(keys_tmp); + tor_free(server_msg); + return -1; + } + + if (negotiate_v3_ntor_client_circ_params(server_msg, + server_msg_len, + params_out) < 0) { + tor_free(keys_tmp); + tor_free(server_msg); + return -1; + } + tor_free(server_msg); + + memcpy(keys_out, keys_tmp, keys_out_len); + memcpy(rend_authenticator_out, keys_tmp + keys_out_len, DIGEST_LEN); + memwipe(keys_tmp, 0, keys_tmp_len); + tor_free(keys_tmp); + + return 0; + } default: log_warn(LD_BUG, "called with unknown handshake state type %d", type); tor_fragile_assert(); diff --git a/src/core/crypto/onion_crypto.h b/src/core/crypto/onion_crypto.h index 2665d326a3..cb0188ff54 100644 --- a/src/core/crypto/onion_crypto.h +++ b/src/core/crypto/onion_crypto.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -12,8 +12,11 @@ #ifndef TOR_ONION_CRYPTO_H #define TOR_ONION_CRYPTO_H +#include "lib/crypt_ops/crypto_ed25519.h" + typedef struct server_onion_keys_t { uint8_t my_identity[DIGEST_LEN]; + ed25519_public_key_t my_ed_identity; crypto_pk_t *onion_key; crypto_pk_t *last_onion_key; struct di_digest256_map_t *curve25519_key_map; @@ -22,21 +25,37 @@ typedef struct server_onion_keys_t { void onion_handshake_state_release(onion_handshake_state_t *state); +/** + * Parameters negotiated as part of a circuit handshake. + */ +typedef struct circuit_params_t { + /** Is true if congestion control is enabled in consensus or param, + * as per congestion_control_enabled() result. */ + bool cc_enabled; + /** The number of cells in a sendme increment. Only used if cc_enabled=1. */ + uint8_t sendme_inc_cells; +} circuit_params_t; + int onion_skin_create(int type, const extend_info_t *node, onion_handshake_state_t *state_out, - uint8_t *onion_skin_out); + uint8_t *onion_skin_out, + size_t onion_skin_out_maxlen); int onion_skin_server_handshake(int type, const uint8_t *onion_skin, size_t onionskin_len, const server_onion_keys_t *keys, + const circuit_params_t *ns_params, uint8_t *reply_out, + size_t reply_out_maxlen, uint8_t *keys_out, size_t key_out_len, - uint8_t *rend_nonce_out); + uint8_t *rend_nonce_out, + circuit_params_t *negotiated_params_out); int onion_skin_client_handshake(int type, const onion_handshake_state_t *handshake_state, const uint8_t *reply, size_t reply_len, uint8_t *keys_out, size_t key_out_len, uint8_t *rend_authenticator_out, + circuit_params_t *negotiated_params_out, const char **msg_out); server_onion_keys_t *server_onion_keys_new(void); diff --git a/src/core/crypto/onion_fast.c b/src/core/crypto/onion_fast.c index d760549325..4e454fd402 100644 --- a/src/core/crypto/onion_fast.c +++ b/src/core/crypto/onion_fast.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/crypto/onion_fast.h b/src/core/crypto/onion_fast.h index da983a56d9..742e2ef7d4 100644 --- a/src/core/crypto/onion_fast.h +++ b/src/core/crypto/onion_fast.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/crypto/onion_ntor.c b/src/core/crypto/onion_ntor.c index 5a77230d02..092fced1cb 100644 --- a/src/core/crypto/onion_ntor.c +++ b/src/core/crypto/onion_ntor.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/crypto/onion_ntor.h b/src/core/crypto/onion_ntor.h index 9473409e40..82eb6c3ad9 100644 --- a/src/core/crypto/onion_ntor.h +++ b/src/core/crypto/onion_ntor.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/crypto/onion_ntor_v3.c b/src/core/crypto/onion_ntor_v3.c new file mode 100644 index 0000000000..491c69cf8d --- /dev/null +++ b/src/core/crypto/onion_ntor_v3.c @@ -0,0 +1,760 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file onion_ntor_v3.c + * @brief Implements the version 3 ntor handshake as first specified in + * proposal 332. + * + * The v3 ntor handshake differs from the earlier versions (ntor and hs-ntor) + * primarily in that it allows the client to send an authenticated encrypted + * message as part of its onion skin, and allows the relay to send and + * encrypted authenticated reply as part of its response. + * + * It also takes a "verification string" -- the handshake cannot succeed + * unless both parties use the same value for their verification stream. + **/ + +#define ONION_NTOR_V3_PRIVATE + +#include "orconfig.h" +#include "core/crypto/onion_ntor_v3.h" + +#include "lib/arch/bytes.h" +#include "lib/crypt_ops/crypto_digest.h" +#include "lib/crypt_ops/crypto_rand.h" +#include "lib/crypt_ops/crypto_util.h" +#include "lib/ctime/di_ops.h" +#include "lib/log/util_bug.h" + +#include <string.h> + +/* Parameters used to keep the outputs of this handshake from colliding with + * others. These are defined in the specification. */ +#define PROTOID "ntor3-curve25519-sha3_256-1" +#define TWEAK(A) (PROTOID ":" A) + +#define T_MSGKDF TWEAK("kdf_phase1") +#define T_MSGMAC TWEAK("msg_mac") +#define T_KEY_SEED TWEAK("key_seed") +#define T_VERIFY TWEAK("verify") +#define T_FINAL TWEAK("kdf_final") +#define T_AUTH TWEAK("auth_final") + +/** + * Add @a len bytes of @a data as input to the provided @a xof. + * + * (This is provided just for abbreviation). + **/ +#define xof_add(xof, data, len) crypto_xof_add_bytes((xof), (data), (len)) +/** + * Add @a len bytes of @a data as input to the provided @a xof, + * prefixed with an encoding of the length. + * + * This is equivalent to ENCAP(data) in the spec. + **/ +static void +xof_add_encap(crypto_xof_t *xof, const uint8_t *data, size_t len) +{ + uint64_t len64 = tor_htonll(len); + xof_add(xof, (uint8_t *)(&len64), 8); + xof_add(xof, data, len); +} +/** + * Add an encapsulated tweak to the provided xof. + **/ +#define xof_add_tweak(d, s) xof_add_encap((d), (const uint8_t *)(s), strlen(s)) + +/** + * Add @a len bytes of @a data to the provided @a digest. + * + * This is provided as an abbreviation, and to get the types right. + **/ +static void +d_add(crypto_digest_t *digest, const uint8_t *data, size_t len) +{ + crypto_digest_add_bytes(digest, (const char *)data, len); +} +/** + * Add @a len bytes of @a data to the provided @a digest, prefixed + * with the encoded length. + * + * This is equivalent to ENCAP(data) from the spec. + **/ +static void +d_add_encap(crypto_digest_t *digest, const uint8_t *data, size_t len) +{ + uint64_t len64 = tor_htonll(len); + d_add(digest, (const uint8_t *)(&len64), 8); + d_add(digest, data, len); +} +/** + * Add an encapsulated tweak to the provided digest. + **/ +#define d_add_tweak(d, s) d_add_encap((d), (const uint8_t *)(s), strlen(s)) + +/** + * Helper: copy @a len bytes of @a data onto *@a ptr, and advance @a ptr + * forward by @a len bytes. + * + * Asserts that @a ptr will not be advanced beyond @a endptr. + **/ +static void +push(uint8_t **ptr, const uint8_t *endptr, const uint8_t *data, size_t len) +{ + size_t remaining = endptr - *ptr; + tor_assert(len <= remaining); + memcpy(*ptr, data, len); + *ptr += len; +} + +/** + * Helper: Drop storage held by @a state, after wiping it. + **/ +void +ntor3_handshake_state_free_(ntor3_handshake_state_t *state) +{ + if (!state) + return; + + memwipe(state, 0, sizeof(*state)); + tor_free(state); +} + +/** + * Perform a client-side v3 ntor handshake with a given relay. + * + * As inputs this function takes the relay's Ed25519 identity (@a relay_id), + * the relay's current ntor onion key (@a relay_key), a verification string + * (@a verification_len bytes at @a verification), and a message to send + * as part of the handshake (@a message_len bytes at @a message). + * + * The message will be encrypted and authenticated to the relay, but will not + * receive the same forward secrecy as the rest of the handshake. We should + * not put any super-confidential data in it. + * + * The handshake will only succeed if the relay uses the same verification + * string as we are using. + * + * As outputs, this function returns 0 on success and -1 on failure. On + * success, it sets @a onion_skin_out and @a onion_skin_len_out to a newly + * allocated handshake message that the client can send as part of its CREATE2 + * or EXTEND2 cell. It also sets it sets @a handshake_state_out to a newly + * allocated handshake state object; the client needs to use this object to + * process the relay's eventual reply. + **/ +int +onion_skin_ntor3_create(const ed25519_public_key_t *relay_id, + const curve25519_public_key_t *relay_key, + const uint8_t *verification, + const size_t verification_len, + const uint8_t *message, + const size_t message_len, + ntor3_handshake_state_t **handshake_state_out, + uint8_t **onion_skin_out, + size_t *onion_skin_len_out) +{ + curve25519_keypair_t client_keypair; + if (curve25519_keypair_generate(&client_keypair, 0) < 0) { + return -1; + } + int r = onion_skin_ntor3_create_nokeygen( + &client_keypair, + relay_id, + relay_key, + verification, + verification_len, + message, + message_len, + handshake_state_out, + onion_skin_out, + onion_skin_len_out); + memwipe(&client_keypair, 0, sizeof(client_keypair)); + return r; +} + +/** + * Like onion_skin_ntor3_create, but do not generate a new ephemeral keypair. + * Instead, take the ephemeral keypair (x,X) from @a client_keypair. + * + * (Having a separate function for this lets us test the code for correct + * behavior.) + **/ +STATIC int +onion_skin_ntor3_create_nokeygen( + const curve25519_keypair_t *client_keypair, + const ed25519_public_key_t *relay_id, + const curve25519_public_key_t *relay_key, + const uint8_t *verification, + const size_t verification_len, + const uint8_t *message, + const size_t message_len, + ntor3_handshake_state_t **handshake_state_out, + uint8_t **onion_skin_out, + size_t *onion_skin_len_out) +{ + *handshake_state_out = NULL; + *onion_skin_out = NULL; + *onion_skin_len_out = 0; + + // Set up the handshake state object. + *handshake_state_out = tor_malloc_zero(sizeof(ntor3_handshake_state_t)); + memcpy(&(*handshake_state_out)->client_keypair, client_keypair, + sizeof(*client_keypair)); + memcpy(&(*handshake_state_out)->relay_id, relay_id, sizeof(*relay_id)); + memcpy(&(*handshake_state_out)->relay_key, relay_key, sizeof(*relay_key)); + + // Perform the first DH handshake. + curve25519_handshake((*handshake_state_out)->bx, + &client_keypair->seckey, relay_key); + if (safe_mem_is_zero((*handshake_state_out)->bx, CURVE25519_OUTPUT_LEN)) { + // Okay to return early here, since our behavior here doesn't + // cause a visible timing sidechannel. + return -1; + } + + // Compute phase1_keys. + uint8_t enc_key[CIPHER256_KEY_LEN]; + uint8_t mac_key[DIGEST256_LEN]; + { + crypto_xof_t *xof = crypto_xof_new(); + // secret_input_phase1 = Bx | ID | X | B | PROTOID | ENCAP(VER) + xof_add_tweak(xof, T_MSGKDF); + xof_add(xof, (*handshake_state_out)->bx, CURVE25519_OUTPUT_LEN); + xof_add(xof, relay_id->pubkey, ED25519_PUBKEY_LEN); + xof_add(xof, client_keypair->pubkey.public_key, CURVE25519_PUBKEY_LEN); + xof_add(xof, relay_key->public_key, CURVE25519_PUBKEY_LEN); + xof_add(xof, (const uint8_t *)PROTOID, strlen(PROTOID)); + xof_add_encap(xof, verification, verification_len); + crypto_xof_squeeze_bytes(xof, enc_key, sizeof(enc_key)); + crypto_xof_squeeze_bytes(xof, mac_key, sizeof(mac_key)); + crypto_xof_free(xof); + } + + // Compute encrypted message. + uint8_t *encrypted_message = tor_memdup(message, message_len); + { + crypto_cipher_t *c = + crypto_cipher_new_with_bits((const char *)enc_key, 256); + crypto_cipher_crypt_inplace(c, (char *)encrypted_message, message_len); + crypto_cipher_free(c); + } + + // Compute the MAC value. + { + crypto_digest_t *m = crypto_digest256_new(DIGEST_SHA3_256); + d_add_tweak(m, T_MSGMAC); + d_add_encap(m, mac_key, sizeof(mac_key)); + d_add(m, relay_id->pubkey, ED25519_PUBKEY_LEN); + d_add(m, relay_key->public_key, CURVE25519_PUBKEY_LEN); + d_add(m, client_keypair->pubkey.public_key, CURVE25519_PUBKEY_LEN); + d_add(m, encrypted_message, message_len); + crypto_digest_get_digest(m, + (char *)(*handshake_state_out)->msg_mac, + DIGEST256_LEN); + crypto_digest_free(m); + } + + // Build the onionskin. + *onion_skin_len_out = (ED25519_PUBKEY_LEN + CURVE25519_PUBKEY_LEN*2 + + DIGEST256_LEN + message_len); + *onion_skin_out = tor_malloc(*onion_skin_len_out); + { + uint8_t *ptr = *onion_skin_out, *end = ptr + *onion_skin_len_out; + + push(&ptr, end, relay_id->pubkey, ED25519_PUBKEY_LEN); + push(&ptr, end, relay_key->public_key, CURVE25519_PUBKEY_LEN); + push(&ptr, end, client_keypair->pubkey.public_key, CURVE25519_PUBKEY_LEN); + push(&ptr, end, encrypted_message, message_len); + push(&ptr, end, (*handshake_state_out)->msg_mac, DIGEST256_LEN); + tor_assert(ptr == end); + } + + memwipe(&enc_key, 0, sizeof(enc_key)); + memwipe(&mac_key, 0, sizeof(mac_key)); + memwipe(encrypted_message, 0, message_len); + tor_free(encrypted_message); + + return 0; +} + +/** + * Complete a client-side v3 ntor handshake. + * + * Takes a @a handshake_state returned earlier by `onion_skin_ntor3_create()`, + * and the relay's reply to that handshake (@a reply_len bytes at @a + * handshake_reply). Also takes a verification string (@a verification_len + * bytes at @a verification). + * + * Returns 0 on success and -1 on failure. On success, generates @a key_len + * bytes of key material into the provided @a keys_out buffer, and sets @a + * message_out to the message that the relay sent in reply to our message (and + * sets @a message_out_len to that message's length). + **/ +int +onion_ntor3_client_handshake(const ntor3_handshake_state_t *handshake_state, + const uint8_t *handshake_reply, + size_t reply_len, + const uint8_t *verification, + size_t verification_len, + uint8_t *keys_out, + size_t keys_out_len, + uint8_t **message_out, + size_t *message_len_out) +{ + *message_out = NULL; + *message_len_out = 0; + + int problems = 0; + + // Parse the relay's message. + curve25519_public_key_t relay_Y; + uint8_t relay_auth[DIGEST256_LEN]; + size_t encrypted_msg_len; + const uint8_t *encrypted_msg; + { + if (reply_len < CURVE25519_PUBKEY_LEN + DIGEST256_LEN) { + // Okay to return early here, since the message is completely + // ill-formed, so we can't leak anything. + ++problems; + goto done; + } + encrypted_msg_len = reply_len - (CURVE25519_PUBKEY_LEN + DIGEST256_LEN); + + memcpy(&relay_Y.public_key, handshake_reply, CURVE25519_PUBKEY_LEN); + handshake_reply += CURVE25519_PUBKEY_LEN; + memcpy(&relay_auth, handshake_reply, DIGEST256_LEN); + handshake_reply += DIGEST256_LEN; + encrypted_msg = handshake_reply; + } + + // Finish the second diffie hellman handshake. + uint8_t yx[CURVE25519_OUTPUT_LEN]; + curve25519_handshake(yx, &handshake_state->client_keypair.seckey, &relay_Y); + problems |= safe_mem_is_zero(yx, sizeof(yx)); + + // Compute two tweaked hashes of secret_input. + uint8_t key_seed[DIGEST256_LEN], verify[DIGEST256_LEN]; + { + crypto_digest_t *ks = crypto_digest256_new(DIGEST_SHA3_256); + crypto_digest_t *v = crypto_digest256_new(DIGEST_SHA3_256); + d_add_tweak(ks, T_KEY_SEED); + d_add_tweak(v, T_VERIFY); +#define ADD2(s,len) STMT_BEGIN { \ + d_add(ks, (s),(len)); d_add(v, (s), (len)); \ + } STMT_END +#define ADD2_ENCAP(s,len) STMT_BEGIN { \ + d_add_encap(ks, (s),(len)); d_add_encap(v, (s), (len)); \ + } STMT_END + + ADD2(yx, sizeof(yx)); + ADD2(handshake_state->bx, sizeof(handshake_state->bx)); + ADD2(handshake_state->relay_id.pubkey, ED25519_PUBKEY_LEN); + ADD2(handshake_state->relay_key.public_key, CURVE25519_PUBKEY_LEN); + ADD2(handshake_state->client_keypair.pubkey.public_key, + CURVE25519_PUBKEY_LEN); + ADD2(relay_Y.public_key, CURVE25519_PUBKEY_LEN); + ADD2((const uint8_t *)PROTOID, strlen(PROTOID)); + ADD2_ENCAP(verification, verification_len); + + crypto_digest_get_digest(ks, (char*) key_seed, DIGEST256_LEN); + crypto_digest_get_digest(v, (char*) verify, DIGEST256_LEN); + crypto_digest_free(ks); + crypto_digest_free(v); + } + + // compute expected auth value. + uint8_t auth_computed[DIGEST256_LEN]; + { + crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA3_256); + d_add_tweak(d, T_AUTH); + d_add(d, verify, sizeof(verify)); + d_add(d, handshake_state->relay_id.pubkey, ED25519_PUBKEY_LEN); + d_add(d, handshake_state->relay_key.public_key, CURVE25519_PUBKEY_LEN); + d_add(d, relay_Y.public_key, CURVE25519_PUBKEY_LEN); + d_add(d, handshake_state->client_keypair.pubkey.public_key, + CURVE25519_PUBKEY_LEN); + d_add(d, handshake_state->msg_mac, DIGEST256_LEN); + d_add_encap(d, encrypted_msg, encrypted_msg_len); + d_add(d, (const uint8_t*)PROTOID, strlen(PROTOID)); + d_add(d, (const uint8_t*)"Server", strlen("Server")); + crypto_digest_get_digest(d, (char *)auth_computed, DIGEST256_LEN); + crypto_digest_free(d); + } + + // Check authentication value. + problems |= tor_memneq(auth_computed, relay_auth, DIGEST256_LEN); + + // Compute keystream, decrypt message, and return. + *message_out = tor_malloc(encrypted_msg_len); + *message_len_out = encrypted_msg_len; + uint8_t enc_key[CIPHER256_KEY_LEN]; + { + crypto_xof_t *xof = crypto_xof_new(); + xof_add_tweak(xof, T_FINAL); + xof_add(xof, key_seed, sizeof(key_seed)); + crypto_xof_squeeze_bytes(xof, enc_key, sizeof(enc_key)); + crypto_xof_squeeze_bytes(xof, (uint8_t *)keys_out, keys_out_len); + crypto_xof_free(xof); + + crypto_cipher_t *c = + crypto_cipher_new_with_bits((const char *)enc_key, 256); + crypto_cipher_decrypt(c, (char *)*message_out, + (const char *)encrypted_msg, encrypted_msg_len); + crypto_cipher_free(c); + } + + done: + memwipe(&relay_Y, 0, sizeof(relay_Y)); + memwipe(&relay_auth, 0, sizeof(relay_auth)); + memwipe(&yx, 0, sizeof(yx)); + memwipe(key_seed, 0, sizeof(key_seed)); + memwipe(verify, 0, sizeof(verify)); + memwipe(enc_key, 0, sizeof(enc_key)); + if (problems) { + if (*message_out) { + memwipe(*message_out, 0, *message_len_out); + tor_free(*message_out); // Sets it to NULL. + } + *message_len_out = 0; + crypto_rand((char*)keys_out, keys_out_len); // In case bad code uses it. + return -1; + } + + return 0; +} + +/** + * Wipe a server handshake state, and release the storage it holds. + **/ +void +ntor3_server_handshake_state_free_(ntor3_server_handshake_state_t *state) +{ + if (state == NULL) + return; + + memwipe(state, 0, sizeof(ntor3_server_handshake_state_t)); + tor_free(state); +} + +/** + * As a relay, start handling a client's v3 ntor handshake. + * + * This function performs the _first half_ of the handshake, up to the point + * where the client's message is decoded. After calling it, the relay should + * decide how and whether to reply to the client's message, compose its reply, + * and call `onion_skin_ntor3_server_handshake_part2`. + * + * It takes as input a map of the relay's known onion keys in @a private_keys, + * along with a fake @a junk_key to use if there is a complete mismatch. It + * takes the relay's ed25519 identity in @a my_id, along with the client's + * handshake message (@a client_handshake_len bytes in @a client_handshake), + * and a verification string (@a verification_len bytes in @a verification). + * + * Return 0 on success, and -1 on failure. On success, sets @a + * client_message_out to a newly allocated string holding the plaintext of the + * message that the client sent as part of its handshake, and @a + * client_message_out_len to its length. Also sets @a state_out to a newly + * allocated state object holding the intermediate computation for this + * handshake. + **/ +int +onion_skin_ntor3_server_handshake_part1( + const di_digest256_map_t *private_keys, + const curve25519_keypair_t *junk_key, + const ed25519_public_key_t *my_id, + const uint8_t *client_handshake, + size_t client_handshake_len, + const uint8_t *verification, + size_t verification_len, + uint8_t **client_message_out, + size_t *client_message_len_out, + ntor3_server_handshake_state_t **state_out) +{ + *client_message_out = NULL; + *client_message_len_out = 0; + *state_out = NULL; + + int problems = 0; + + // Initialize state. + (*state_out) = tor_malloc_zero(sizeof(ntor3_server_handshake_state_t)); + memcpy(&(*state_out)->my_id, my_id, sizeof(*my_id)); + + const uint8_t *wanted_id; // [ED25519_PUBKEY_LEN] + const uint8_t *wanted_key; // [CURVE25519_PUBKEY_LEN] + const uint8_t *encrypted_message; + size_t encrypted_message_len; + // Unpack the client handshake. + { + const uint8_t *ptr = client_handshake; + const uint8_t *end = ptr + client_handshake_len; + + if (client_handshake_len < + ED25519_PUBKEY_LEN + CURVE25519_PUBKEY_LEN * 2 + DIGEST256_LEN) { + // Okay to end early; the client knows this is unparseable already. + ++problems; + goto done; + } + wanted_id = ptr; + ptr += ED25519_PUBKEY_LEN; + wanted_key = ptr; + ptr += CURVE25519_PUBKEY_LEN; + memcpy((*state_out)->client_key.public_key, ptr, CURVE25519_PUBKEY_LEN); + ptr += CURVE25519_PUBKEY_LEN; + size_t remaining = (end-ptr); + if (BUG(remaining < DIGEST256_LEN)) { + // Okay to end early; this is a bug. + ++problems; + goto done; + } + encrypted_message = ptr; + encrypted_message_len = remaining - DIGEST256_LEN; + ptr += encrypted_message_len; + remaining = (end-ptr); + tor_assert(remaining == DIGEST256_LEN); + memcpy((*state_out)->msg_mac, ptr, DIGEST256_LEN); + } + + // Check the identity. + problems |= tor_memneq(my_id->pubkey, wanted_id, ED25519_PUBKEY_LEN); + + // Find the correct keypair. + const curve25519_keypair_t *keypair = + dimap_search(private_keys, wanted_key, (void *)junk_key); + tor_assert(keypair); + memcpy(&(*state_out)->my_key, &keypair->pubkey, + sizeof(curve25519_public_key_t)); + + // Do the first diffie hellman handshake. + curve25519_handshake((*state_out)->xb, + &keypair->seckey, &(*state_out)->client_key); + problems |= safe_mem_is_zero((*state_out)->xb, CURVE25519_OUTPUT_LEN); + + // Derive the encryption and mac keys + uint8_t enc_key[CIPHER256_KEY_LEN], mac_key[DIGEST256_LEN]; + { + crypto_xof_t *xof = crypto_xof_new(); + xof_add_tweak(xof, T_MSGKDF); + xof_add(xof, (*state_out)->xb, CURVE25519_OUTPUT_LEN); + xof_add(xof, wanted_id, ED25519_PUBKEY_LEN); + xof_add(xof, (*state_out)->client_key.public_key, CURVE25519_PUBKEY_LEN); + xof_add(xof, keypair->pubkey.public_key, CURVE25519_PUBKEY_LEN); + xof_add(xof, (const uint8_t *)PROTOID, strlen(PROTOID)); + xof_add_encap(xof, verification, verification_len); + crypto_xof_squeeze_bytes(xof, enc_key, sizeof(enc_key)); + crypto_xof_squeeze_bytes(xof, mac_key, sizeof(mac_key)); + crypto_xof_free(xof); + } + + // Check the MAC. + uint8_t computed_mac[DIGEST256_LEN]; + { + crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA3_256); + d_add_tweak(d, T_MSGMAC); + d_add_encap(d, mac_key, sizeof(mac_key)); + d_add(d, my_id->pubkey, ED25519_PUBKEY_LEN); + d_add(d, keypair->pubkey.public_key, CURVE25519_PUBKEY_LEN); + d_add(d, (*state_out)->client_key.public_key, CURVE25519_PUBKEY_LEN); + d_add(d, encrypted_message, encrypted_message_len); + crypto_digest_get_digest(d, (char *)computed_mac, DIGEST256_LEN); + crypto_digest_free(d); + } + + problems |= tor_memneq((*state_out)->msg_mac, computed_mac, DIGEST256_LEN); + + // Decrypt the message. + *client_message_out = tor_malloc(encrypted_message_len); + *client_message_len_out = encrypted_message_len; + { + crypto_cipher_t *c = + crypto_cipher_new_with_bits((const char *)enc_key, 256); + crypto_cipher_decrypt(c, (char *)*client_message_out, + (const char *)encrypted_message, + encrypted_message_len); + crypto_cipher_free(c); + } + + done: + memwipe(enc_key, 0, sizeof(enc_key)); + memwipe(mac_key, 0, sizeof(mac_key)); + memwipe(computed_mac, 0, sizeof(computed_mac)); + if (problems) { + if (*client_message_out) { + memwipe(*client_message_out, 0, *client_message_len_out); + tor_free(*client_message_out); // Sets it to NULL. + } + *client_message_len_out = 0; + ntor3_server_handshake_state_free(*state_out); + return -1; + } + + return 0; +} + +/** + * Finish the relay side of an ntor v3 handshake. + * + * The relay calls this function after it has decided to respond to the + * client's original encrypted message. This function receives the relay's + * message in @a server_message and its length in @a server_message_len, and + * completes the handshake. + * + * Returns 0 on success and -1 on failure. On success, stores the newly + * allocated handshake for the relay to send in @a handshake_out, and its + * length in @a handshake_len_out. Stores @a keys_out_len bytes of generated + * keys in the provided buffer at @a keys_out. + **/ +int +onion_skin_ntor3_server_handshake_part2( + const ntor3_server_handshake_state_t *state, + const uint8_t *verification, + size_t verification_len, + const uint8_t *server_message, + size_t server_message_len, + uint8_t **handshake_out, + size_t *handshake_len_out, + uint8_t *keys_out, + size_t keys_out_len) +{ + curve25519_keypair_t relay_keypair; + if (curve25519_keypair_generate(&relay_keypair, 0) < 0) { + return -1; + } + int r = onion_skin_ntor3_server_handshake_part2_nokeygen( + &relay_keypair, + state, + verification, + verification_len, + server_message, + server_message_len, + handshake_out, + handshake_len_out, + keys_out, + keys_out_len); + memwipe(&relay_keypair, 0, sizeof(relay_keypair)); + return r; +} + +/** + * Like `onion_skin_ntor3_server_handshake_part2`, but do not generate + * an ephemeral (y,Y) keypair. + * + * Instead, this function takes that keypair as @a relay_keypair_y. + * + * (Having a separate function for this lets us test the code for correct + * behavior.) + **/ +STATIC int +onion_skin_ntor3_server_handshake_part2_nokeygen( + const curve25519_keypair_t *relay_keypair_y, + const ntor3_server_handshake_state_t *state, + const uint8_t *verification, + size_t verification_len, + const uint8_t *server_message, + size_t server_message_len, + uint8_t **handshake_out, + size_t *handshake_len_out, + uint8_t *keys_out, + size_t keys_out_len) +{ + *handshake_out = NULL; + *handshake_len_out = 0; + + int problems = 0; + + // Second diffie-hellman handshake. + uint8_t xy[CURVE25519_OUTPUT_LEN]; + curve25519_handshake(xy, &relay_keypair_y->seckey, &state->client_key); + problems |= safe_mem_is_zero(xy, sizeof(xy)); + + // Compute two tweaked hashes of secret_input. + uint8_t key_seed[DIGEST256_LEN], verify[DIGEST256_LEN]; + { + crypto_digest_t *ks = crypto_digest256_new(DIGEST_SHA3_256); + crypto_digest_t *v = crypto_digest256_new(DIGEST_SHA3_256); + d_add_tweak(ks, T_KEY_SEED); + d_add_tweak(v, T_VERIFY); + ADD2(xy, sizeof(xy)); + ADD2(state->xb, sizeof(state->xb)); + ADD2(state->my_id.pubkey, ED25519_PUBKEY_LEN); + ADD2(state->my_key.public_key, CURVE25519_PUBKEY_LEN); + ADD2(state->client_key.public_key, CURVE25519_PUBKEY_LEN); + ADD2(relay_keypair_y->pubkey.public_key, CURVE25519_PUBKEY_LEN); + ADD2((const uint8_t *)PROTOID, strlen(PROTOID)); + ADD2_ENCAP(verification, verification_len); + crypto_digest_get_digest(ks, (char*) key_seed, DIGEST256_LEN); + crypto_digest_get_digest(v, (char*) verify, DIGEST256_LEN); + crypto_digest_free(ks); + crypto_digest_free(v); + } + + // Compute enc_key and keystream. + uint8_t enc_key[CIPHER256_KEY_LEN]; + { + crypto_xof_t *xof = crypto_xof_new(); + xof_add_tweak(xof, T_FINAL); + xof_add(xof, key_seed, sizeof(key_seed)); + crypto_xof_squeeze_bytes(xof, enc_key, sizeof(enc_key)); + crypto_xof_squeeze_bytes(xof, keys_out, keys_out_len); + crypto_xof_free(xof); + } + + // Encrypt message. + uint8_t *encrypted_message = tor_memdup(server_message, server_message_len); + { + crypto_cipher_t *c = + crypto_cipher_new_with_bits((const char *)enc_key, 256); + crypto_cipher_crypt_inplace( + c, (char *)encrypted_message, server_message_len); + crypto_cipher_free(c); + } + + // Compute AUTH digest. + uint8_t auth[DIGEST256_LEN]; + { + crypto_digest_t *d = crypto_digest256_new(DIGEST_SHA3_256); + d_add_tweak(d, T_AUTH); + d_add(d, verify, sizeof(verify)); + d_add(d, state->my_id.pubkey, ED25519_PUBKEY_LEN); + d_add(d, state->my_key.public_key, CURVE25519_PUBKEY_LEN); + d_add(d, relay_keypair_y->pubkey.public_key, CURVE25519_PUBKEY_LEN); + d_add(d, state->client_key.public_key, CURVE25519_PUBKEY_LEN); + d_add(d, state->msg_mac, DIGEST256_LEN); + d_add_encap(d, encrypted_message, server_message_len); + d_add(d, (const uint8_t*)PROTOID, strlen(PROTOID)); + d_add(d, (const uint8_t*)"Server", strlen("Server")); + crypto_digest_get_digest(d, (char *)auth, DIGEST256_LEN); + crypto_digest_free(d); + } + + // Compose the reply. + *handshake_len_out = CURVE25519_PUBKEY_LEN + DIGEST256_LEN + + server_message_len; + *handshake_out = tor_malloc(*handshake_len_out); + uint8_t *ptr = *handshake_out, *end = ptr + *handshake_len_out; + push(&ptr, end, relay_keypair_y->pubkey.public_key, CURVE25519_PUBKEY_LEN); + push(&ptr, end, auth, sizeof(auth)); + push(&ptr, end, encrypted_message, server_message_len); + tor_assert(ptr == end); + + // Clean up and return. + memwipe(xy, 0, sizeof(xy)); + memwipe(key_seed, 0, sizeof(key_seed)); + memwipe(verify, 0, sizeof(verify)); + memwipe(enc_key, 0, sizeof(enc_key)); + memwipe(encrypted_message, 0, server_message_len); + tor_free(encrypted_message); + + if (problems) { + memwipe(*handshake_out, 0, *handshake_len_out); + tor_free(*handshake_out); // Sets it to NULL. + *handshake_len_out = 0; + crypto_rand((char*)keys_out, keys_out_len); // In case bad code uses it. + return -1; + } + return 0; +} diff --git a/src/core/crypto/onion_ntor_v3.h b/src/core/crypto/onion_ntor_v3.h new file mode 100644 index 0000000000..4449eb237d --- /dev/null +++ b/src/core/crypto/onion_ntor_v3.h @@ -0,0 +1,140 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file onion_ntor_v3.h + * @brief Header for core/crypto/onion_ntor_v3.c + **/ + +#ifndef TOR_CORE_CRYPTO_ONION_NTOR_V3_H +#define TOR_CORE_CRYPTO_ONION_NTOR_V3_H + +#include "lib/cc/torint.h" +#include "lib/testsupport/testsupport.h" +#include "lib/crypt_ops/crypto_cipher.h" +#include "lib/crypt_ops/crypto_curve25519.h" +#include "lib/crypt_ops/crypto_ed25519.h" +#include "lib/malloc/malloc.h" + +/** + * Client-side state held while an ntor v3 handshake is in progress. + **/ +typedef struct ntor3_handshake_state_t ntor3_handshake_state_t; + +/** + * Server-side state held while the relay is handling a client's + * encapsulated message, before replying to the v3 handshake. + **/ +typedef struct ntor3_server_handshake_state_t ntor3_server_handshake_state_t; + +void ntor3_handshake_state_free_(ntor3_handshake_state_t *st); +#define ntor3_handshake_state_free(ptr) \ + FREE_AND_NULL(ntor3_handshake_state_t, ntor3_handshake_state_free_, (ptr)) +void ntor3_server_handshake_state_free_(ntor3_server_handshake_state_t *st); +#define ntor3_server_handshake_state_free(ptr) \ + FREE_AND_NULL(ntor3_server_handshake_state_t, \ + ntor3_server_handshake_state_free_, (ptr)) + +int onion_skin_ntor3_create(const ed25519_public_key_t *relay_id, + const curve25519_public_key_t *relay_key, + const uint8_t *verification, + const size_t verification_len, + const uint8_t *message, + const size_t message_len, + ntor3_handshake_state_t **handshake_state_out, + uint8_t **onion_skin_out, + size_t *onion_skin_len_out); + +int onion_ntor3_client_handshake( + const ntor3_handshake_state_t *handshake_state, + const uint8_t *handshake_reply, + size_t reply_len, + const uint8_t *verification, + size_t verification_len, + uint8_t *keys_out, + size_t keys_out_len, + uint8_t **message_out, + size_t *message_len_out); + +struct di_digest256_map_t; +int onion_skin_ntor3_server_handshake_part1( + const struct di_digest256_map_t *private_keys, + const curve25519_keypair_t *junk_key, + const ed25519_public_key_t *my_id, + const uint8_t *client_handshake, + size_t client_handshake_len, + const uint8_t *verification, + size_t verification_len, + uint8_t **client_message_out, + size_t *client_message_len_out, + ntor3_server_handshake_state_t **state_out); + +int onion_skin_ntor3_server_handshake_part2( + const ntor3_server_handshake_state_t *state, + const uint8_t *verification, + size_t verification_len, + const uint8_t *server_message, + size_t server_message_len, + uint8_t **handshake_out, + size_t *handshake_len_out, + uint8_t *keys_out, + size_t keys_out_len); + +#ifdef ONION_NTOR_V3_PRIVATE +struct ntor3_handshake_state_t { + /** Ephemeral (x,X) keypair. */ + curve25519_keypair_t client_keypair; + /** Relay's ed25519 identity key (ID) */ + ed25519_public_key_t relay_id; + /** Relay's public key (B) */ + curve25519_public_key_t relay_key; + /** Shared secret (Bx). */ + uint8_t bx[CURVE25519_OUTPUT_LEN]; + /** MAC of the client's encrypted message data (MAC) */ + uint8_t msg_mac[DIGEST256_LEN]; +}; + +struct ntor3_server_handshake_state_t { + /** Relay's ed25519 identity key (ID) */ + ed25519_public_key_t my_id; + /** Relay's public key (B) */ + curve25519_public_key_t my_key; + /** Client's public ephemeral key (X). */ + curve25519_public_key_t client_key; + + /** Shared secret (Xb) */ + uint8_t xb[CURVE25519_OUTPUT_LEN]; + /** MAC of the client's encrypted message data */ + uint8_t msg_mac[DIGEST256_LEN]; +}; + +STATIC int onion_skin_ntor3_create_nokeygen( + const curve25519_keypair_t *client_keypair, + const ed25519_public_key_t *relay_id, + const curve25519_public_key_t *relay_key, + const uint8_t *verification, + const size_t verification_len, + const uint8_t *message, + const size_t message_len, + ntor3_handshake_state_t **handshake_state_out, + uint8_t **onion_skin_out, + size_t *onion_skin_len_out); + +STATIC int onion_skin_ntor3_server_handshake_part2_nokeygen( + const curve25519_keypair_t *relay_keypair_y, + const ntor3_server_handshake_state_t *state, + const uint8_t *verification, + size_t verification_len, + const uint8_t *server_message, + size_t server_message_len, + uint8_t **handshake_out, + size_t *handshake_len_out, + uint8_t *keys_out, + size_t keys_out_len); + +#endif + +#endif /* !defined(TOR_CORE_CRYPTO_ONION_NTOR_V3_H) */ diff --git a/src/core/crypto/onion_tap.c b/src/core/crypto/onion_tap.c index 119f55f206..08ec3ec936 100644 --- a/src/core/crypto/onion_tap.c +++ b/src/core/crypto/onion_tap.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/crypto/onion_tap.h b/src/core/crypto/onion_tap.h index 78174b1fab..341270c981 100644 --- a/src/core/crypto/onion_tap.h +++ b/src/core/crypto/onion_tap.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/crypto/relay_crypto.c b/src/core/crypto/relay_crypto.c index 3e6167e0e1..92075d7118 100644 --- a/src/core/crypto/relay_crypto.c +++ b/src/core/crypto/relay_crypto.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/crypto/relay_crypto.h b/src/core/crypto/relay_crypto.h index 5e36c7678c..6256a100d7 100644 --- a/src/core/crypto/relay_crypto.h +++ b/src/core/crypto/relay_crypto.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index c827af7a9a..cf25213cb1 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -106,7 +106,6 @@ #include "feature/relay/dns.h" #include "feature/relay/ext_orport.h" #include "feature/relay/routermode.h" -#include "feature/rend/rendclient.h" #include "feature/rend/rendcommon.h" #include "feature/stats/connstats.h" #include "feature/stats/rephist.h" @@ -118,6 +117,7 @@ #include "lib/cc/ctassert.h" #include "lib/sandbox/sandbox.h" #include "lib/net/buffers_net.h" +#include "lib/net/address.h" #include "lib/tls/tortls.h" #include "lib/evloop/compat_libevent.h" #include "lib/compress/compress.h" @@ -147,6 +147,8 @@ #include "feature/nodelist/routerinfo_st.h" #include "core/or/socks_request_st.h" +#include "core/or/congestion_control_flow.h" + /** * On Windows and Linux we cannot reliably bind() a socket to an * address and port if: 1) There's already a socket bound to wildcard @@ -251,13 +253,13 @@ CONST_TO_LISTENER_CONN(const connection_t *c) } size_t -connection_get_inbuf_len(connection_t *conn) +connection_get_inbuf_len(const connection_t *conn) { return conn->inbuf ? buf_datalen(conn->inbuf) : 0; } size_t -connection_get_outbuf_len(connection_t *conn) +connection_get_outbuf_len(const connection_t *conn) { return conn->outbuf ? buf_datalen(conn->outbuf) : 0; } @@ -588,7 +590,6 @@ or_connection_new(int type, int socket_family) /* If we aren't told an address for this connection, we should * presume it isn't local, and should be rate-limited. */ TO_CONN(or_conn)->always_rate_limit_as_remote = 1; - connection_or_set_ext_or_identifier(or_conn); } return or_conn; @@ -613,6 +614,11 @@ entry_connection_new(int type, int socket_family) entry_conn->entry_cfg.ipv4_traffic = 1; else if (socket_family == AF_INET6) entry_conn->entry_cfg.ipv6_traffic = 1; + + /* Initialize the read token bucket to the maximum value which is the same as + * no rate limiting. */ + token_bucket_rw_init(&ENTRY_TO_EDGE_CONN(entry_conn)->bucket, INT32_MAX, + INT32_MAX, monotime_coarse_get_stamp()); return entry_conn; } @@ -624,6 +630,10 @@ edge_connection_new(int type, int socket_family) edge_connection_t *edge_conn = tor_malloc_zero(sizeof(edge_connection_t)); tor_assert(type == CONN_TYPE_EXIT); connection_init(time(NULL), TO_CONN(edge_conn), type, socket_family); + /* Initialize the read token bucket to the maximum value which is the same as + * no rate limiting. */ + token_bucket_rw_init(&edge_conn->bucket, INT32_MAX, INT32_MAX, + monotime_coarse_get_stamp()); return edge_conn; } @@ -647,6 +657,9 @@ listener_connection_new(int type, int socket_family) listener_connection_t *listener_conn = tor_malloc_zero(sizeof(listener_connection_t)); connection_init(time(NULL), TO_CONN(listener_conn), type, socket_family); + /* Listener connections aren't accounted for with note_connection() so do + * this explicitly so to count them. */ + rep_hist_note_conn_opened(false, type, socket_family); return listener_conn; } @@ -898,7 +911,6 @@ connection_free_minimal(connection_t *conn) } } if (CONN_IS_EDGE(conn)) { - rend_data_free(TO_EDGE_CONN(conn)->rend_data); hs_ident_edge_conn_free(TO_EDGE_CONN(conn)->hs_ident); } if (conn->type == CONN_TYPE_CONTROL) { @@ -927,7 +939,6 @@ connection_free_minimal(connection_t *conn) tor_compress_free(dir_conn->compress_state); dir_conn_clear_spool(dir_conn); - rend_data_free(dir_conn->rend_data); hs_ident_dir_conn_free(dir_conn->hs_ident); if (dir_conn->guard_state) { /* Cancel before freeing, if it's still there. */ @@ -948,8 +959,6 @@ connection_free_minimal(connection_t *conn) connection_or_clear_identity(TO_OR_CONN(conn)); } if (conn->type == CONN_TYPE_OR || conn->type == CONN_TYPE_EXT_OR) { - connection_or_remove_from_ext_or_id_map(TO_OR_CONN(conn)); - tor_free(TO_OR_CONN(conn)->ext_or_conn_id); tor_free(TO_OR_CONN(conn)->ext_or_auth_correct_client_hash); tor_free(TO_OR_CONN(conn)->ext_or_transport); } @@ -1152,6 +1161,10 @@ connection_mark_for_close_internal_, (connection_t *conn, * the number of seconds since last successful write, so * we get our whole 15 seconds */ conn->timestamp_last_write_allowed = time(NULL); + + /* Note the connection close. */ + rep_hist_note_conn_closed(conn->from_listener, conn->type, + conn->socket_family); } /** Find each connection that has hold_open_until_flushed set to @@ -1243,11 +1256,9 @@ create_unix_sockaddr(const char *listenaddress, char **readable_address, } #endif /* defined(HAVE_SYS_UN_H) || defined(RUNNING_DOXYGEN) */ -/** Warn that an accept or a connect has failed because we're running out of - * TCP sockets we can use on current system. Rate-limit these warnings so - * that we don't spam the log. */ +/* Log a rate-limited warning about resource exhaustion */ static void -warn_too_many_conns(void) +warn_about_resource_exhaution(void) { #define WARN_TOO_MANY_CONNS_INTERVAL (6*60*60) static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CONNS_INTERVAL); @@ -1262,6 +1273,17 @@ warn_too_many_conns(void) } } +/** + * A socket failed from file descriptor exhaustion. + * + * Note down file descriptor exhaustion and log a warning. */ +static inline void +socket_failed_from_fd_exhaustion(void) +{ + rep_hist_note_overload(OVERLOAD_FD_EXHAUSTED); + warn_about_resource_exhaution(); +} + #ifdef HAVE_SYS_UN_H #define UNIX_SOCKET_PURPOSE_CONTROL_SOCKET 0 @@ -1477,7 +1499,7 @@ connection_listener_new(const struct sockaddr *listensockaddr, if (!SOCKET_OK(s)) { int e = tor_socket_errno(s); if (ERRNO_IS_RESOURCE_LIMIT(e)) { - warn_too_many_conns(); + socket_failed_from_fd_exhaustion(); /* * We'll call the OOS handler at the error exit, so set the * exhaustion flag for it. @@ -1603,7 +1625,7 @@ connection_listener_new(const struct sockaddr *listensockaddr, if (! SOCKET_OK(s)) { int e = tor_socket_errno(s); if (ERRNO_IS_RESOURCE_LIMIT(e)) { - warn_too_many_conns(); + socket_failed_from_fd_exhaustion(); /* * We'll call the OOS handler at the error exit, so set the * exhaustion flag for it. @@ -1718,13 +1740,6 @@ connection_listener_new(const struct sockaddr *listensockaddr, } } - /* Force IPv4 and IPv6 traffic on for non-SOCKSPorts. - * Forcing options on isn't a good idea, see #32994 and #33607. */ - if (type != CONN_TYPE_AP_LISTENER) { - lis_conn->entry_cfg.ipv4_traffic = 1; - lis_conn->entry_cfg.ipv6_traffic = 1; - } - if (connection_add(conn) < 0) { /* no space, forget it */ log_warn(LD_NET,"connection_add for listener failed. Giving up."); goto err; @@ -1923,7 +1938,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) connection_check_oos(get_n_open_sockets(), 0); return 0; } else if (ERRNO_IS_RESOURCE_LIMIT(e)) { - warn_too_many_conns(); + socket_failed_from_fd_exhaustion(); /* Exhaustion; tell the OOS handler */ connection_check_oos(get_n_open_sockets(), 1); return 0; @@ -1984,6 +1999,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) log_notice(LD_APP, "Denying socks connection from untrusted address %s.", fmt_and_decorate_addr(&addr)); + rep_hist_note_conn_rejected(new_type, conn->socket_family); tor_close_socket(news); return 0; } @@ -1993,6 +2009,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) if (dir_policy_permits_address(&addr) == 0) { log_notice(LD_DIRSERV,"Denying dir connection from address %s.", fmt_and_decorate_addr(&addr)); + rep_hist_note_conn_rejected(new_type, conn->socket_family); tor_close_socket(news); return 0; } @@ -2001,6 +2018,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) /* Assess with the connection DoS mitigation subsystem if this address * can open a new connection. */ if (dos_conn_addr_get_defense_type(&addr) == DOS_CONN_DEFENSE_CLOSE) { + rep_hist_note_conn_rejected(new_type, conn->socket_family); tor_close_socket(news); return 0; } @@ -2051,6 +2069,9 @@ connection_handle_listener_read(connection_t *conn, int new_type) tor_assert(0); }; + /* We are receiving this connection. */ + newconn->from_listener = 1; + if (connection_add(newconn) < 0) { /* no space, forget it */ connection_free(newconn); return 0; /* no need to tear down the parent */ @@ -2062,7 +2083,7 @@ connection_handle_listener_read(connection_t *conn, int new_type) return 0; } - note_connection(true /* inbound */, conn->socket_family); + note_connection(true /* inbound */, newconn); return 0; } @@ -2186,7 +2207,7 @@ connection_connect_sockaddr,(connection_t *conn, */ *socket_error = tor_socket_errno(s); if (ERRNO_IS_RESOURCE_LIMIT(*socket_error)) { - warn_too_many_conns(); + socket_failed_from_fd_exhaustion(); connection_check_oos(get_n_open_sockets(), 1); } else { log_warn(LD_NET,"Error creating network socket: %s", @@ -2208,6 +2229,30 @@ connection_connect_sockaddr,(connection_t *conn, */ connection_check_oos(get_n_open_sockets(), 0); + /* From ip(7): Inform the kernel to not reserve an ephemeral port when using + * bind(2) with a port number of 0. The port will later be automatically + * chosen at connect(2) time, in a way that allows sharing a source port as + * long as the 4-tuple is unique. + * + * This is needed for relays using OutboundBindAddresses because the port + * value in the bind address is set to 0. */ +#ifdef IP_BIND_ADDRESS_NO_PORT + static int try_ip_bind_address_no_port = 1; + if (bindaddr && try_ip_bind_address_no_port && + setsockopt(s, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &(int){1}, sizeof(int))) { + if (errno == EINVAL) { + log_notice(LD_NET, "Tor was built with support for " + "IP_BIND_ADDRESS_NO_PORT, but the current kernel " + "doesn't support it. This might cause Tor to run out " + "of ephemeral ports more quickly."); + try_ip_bind_address_no_port = 0; + } else { + log_warn(LD_NET, "Error setting IP_BIND_ADDRESS_NO_PORT on new " + "connection: %s", tor_socket_strerror(errno)); + } + } +#endif + if (bindaddr && bind(s, bindaddr, bindaddr_len) < 0) { *socket_error = tor_socket_errno(s); log_warn(LD_NET,"Error binding network socket: %s", @@ -2235,7 +2280,7 @@ connection_connect_sockaddr,(connection_t *conn, } } - note_connection(false /* outbound */, conn->socket_family); + note_connection(false /* outbound */, conn); /* it succeeded. we're connected. */ log_fn(inprogress ? LOG_DEBUG : LOG_INFO, LD_NET, @@ -3246,7 +3291,7 @@ retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol) * we hit those, bail early so tor can stop. */ if (!new_conn) { log_warn(LD_NET, "Unable to create listener port: %s:%d", - fmt_addr(&r->new_port->addr), r->new_port->port); + fmt_and_decorate_addr(&r->new_port->addr), r->new_port->port); retval = -1; break; } @@ -3265,7 +3310,8 @@ retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol) * any configured port. Kill 'em. */ SMARTLIST_FOREACH_BEGIN(listeners, connection_t *, conn) { log_notice(LD_NET, "Closing no-longer-configured %s on %s:%d", - conn_type_to_string(conn->type), conn->address, conn->port); + conn_type_to_string(conn->type), + fmt_and_decorate_addr(&conn->addr), conn->port); connection_close_immediate(conn); connection_mark_for_close(conn); } SMARTLIST_FOREACH_END(conn); @@ -3427,6 +3473,16 @@ connection_bucket_read_limit(connection_t *conn, time_t now) int priority = conn->type != CONN_TYPE_DIR; ssize_t conn_bucket = -1; size_t global_bucket_val = token_bucket_rw_get_read(&global_bucket); + if (global_bucket_val == 0) { + /* We reached our global read limit: count this as an overload. + * + * The token bucket is always initialized (see connection_bucket_init() and + * options_validate_relay_bandwidth()) and hence we can assume that if the + * token ever hits zero, it's a limit that got popped and not the bucket + * being uninitialized. + */ + rep_hist_note_overload(OVERLOAD_READ); + } if (connection_speaks_cells(conn)) { or_connection_t *or_conn = TO_OR_CONN(conn); @@ -3435,6 +3491,19 @@ connection_bucket_read_limit(connection_t *conn, time_t now) base = get_cell_network_size(or_conn->wide_circ_ids); } + /* Edge connection have their own read bucket due to flow control being able + * to set a rate limit for them. However, for exit connections, we still need + * to honor the global bucket as well. */ + if (CONN_IS_EDGE(conn)) { + const edge_connection_t *edge_conn = CONST_TO_EDGE_CONN(conn); + conn_bucket = token_bucket_rw_get_read(&edge_conn->bucket); + if (conn->type == CONN_TYPE_EXIT) { + /* Decide between our limit and the global one. */ + goto end; + } + return conn_bucket; + } + if (!connection_is_rate_limited(conn)) { /* be willing to read on local conns even if our buckets are empty */ return conn_bucket>=0 ? conn_bucket : 1<<14; @@ -3445,6 +3514,7 @@ connection_bucket_read_limit(connection_t *conn, time_t now) global_bucket_val = MIN(global_bucket_val, relayed); } + end: return connection_bucket_get_share(base, priority, global_bucket_val, conn_bucket); } @@ -3457,6 +3527,11 @@ connection_bucket_write_limit(connection_t *conn, time_t now) int priority = conn->type != CONN_TYPE_DIR; size_t conn_bucket = buf_datalen(conn->outbuf); size_t global_bucket_val = token_bucket_rw_get_write(&global_bucket); + if (global_bucket_val == 0) { + /* We reached our global write limit: We should count this as an overload. + * See above function for more information */ + rep_hist_note_overload(OVERLOAD_WRITE); + } if (!connection_is_rate_limited(conn)) { /* be willing to write to local conns even if our buckets are empty */ @@ -3617,6 +3692,13 @@ connection_buckets_decrement(connection_t *conn, time_t now, record_num_bytes_transferred_impl(conn, now, num_read, num_written); + /* Edge connection need to decrement the read side of the bucket used by our + * congestion control. */ + if (CONN_IS_EDGE(conn) && num_read > 0) { + edge_connection_t *edge_conn = TO_EDGE_CONN(conn); + token_bucket_rw_dec(&edge_conn->bucket, num_read, 0); + } + if (!connection_is_rate_limited(conn)) return; /* local IPs are free */ @@ -3670,14 +3752,16 @@ connection_write_bw_exhausted(connection_t *conn, bool is_global_bw) void connection_consider_empty_read_buckets(connection_t *conn) { + int is_global = 1; const char *reason; - if (!connection_is_rate_limited(conn)) + if (CONN_IS_EDGE(conn) && + token_bucket_rw_get_read(&TO_EDGE_CONN(conn)->bucket) <= 0) { + reason = "edge connection read bucket exhausted. Pausing."; + is_global = false; + } else if (!connection_is_rate_limited(conn)) { return; /* Always okay. */ - - int is_global = 1; - - if (token_bucket_rw_get_read(&global_bucket) <= 0) { + } else if (token_bucket_rw_get_read(&global_bucket) <= 0) { reason = "global read bucket exhausted. Pausing."; } else if (connection_counts_as_relayed_traffic(conn, approx_time()) && token_bucket_rw_get_read(&global_relayed_bucket) <= 0) { @@ -3687,8 +3771,9 @@ connection_consider_empty_read_buckets(connection_t *conn) token_bucket_rw_get_read(&TO_OR_CONN(conn)->bucket) <= 0) { reason = "connection read bucket exhausted. Pausing."; is_global = false; - } else + } else { return; /* all good, no need to stop it */ + } LOG_FN_CONN(conn, (LOG_DEBUG, LD_NET, "%s", reason)); connection_read_bw_exhausted(conn, is_global); @@ -3792,6 +3877,10 @@ connection_bucket_refill_single(connection_t *conn, uint32_t now_ts) or_connection_t *or_conn = TO_OR_CONN(conn); token_bucket_rw_refill(&or_conn->bucket, now_ts); } + + if (CONN_IS_EDGE(conn)) { + token_bucket_rw_refill(&TO_EDGE_CONN(conn)->bucket, now_ts); + } } /** @@ -4529,9 +4618,9 @@ connection_handle_write_impl(connection_t *conn, int force) !dont_stop_writing) { /* it's done flushing */ if (connection_finished_flushing(conn) < 0) { /* already marked */ - return -1; + goto err; } - return 0; + goto done; } /* Call even if result is 0, since the global write bucket may @@ -4541,7 +4630,17 @@ connection_handle_write_impl(connection_t *conn, int force) if (n_read > 0 && connection_is_reading(conn)) connection_consider_empty_read_buckets(conn); + done: + /* If this is an edge connection with congestion control, check to see + * if it is time to send an xon */ + if (conn_uses_flow_control(conn)) { + flow_control_decide_xon(TO_EDGE_CONN(conn), n_written); + } + return 0; + + err: + return -1; } /* DOCDOC connection_handle_write */ @@ -4812,34 +4911,6 @@ connection_get_by_type_nonlinked,(int type)) CONN_GET_TEMPLATE(conn, conn->type == type && !conn->linked); } -/** Return a connection of type <b>type</b> that has rendquery equal - * to <b>rendquery</b>, and that is not marked for close. If state - * is non-zero, conn must be of that state too. - */ -connection_t * -connection_get_by_type_state_rendquery(int type, int state, - const char *rendquery) -{ - tor_assert(type == CONN_TYPE_DIR || - type == CONN_TYPE_AP || type == CONN_TYPE_EXIT); - tor_assert(rendquery); - - CONN_GET_TEMPLATE(conn, - (conn->type == type && - (!state || state == conn->state)) && - ( - (type == CONN_TYPE_DIR && - TO_DIR_CONN(conn)->rend_data && - !rend_cmp_service_ids(rendquery, - rend_data_get_address(TO_DIR_CONN(conn)->rend_data))) - || - (CONN_IS_EDGE(conn) && - TO_EDGE_CONN(conn)->rend_data && - !rend_cmp_service_ids(rendquery, - rend_data_get_address(TO_EDGE_CONN(conn)->rend_data))) - )); -} - /** Return a new smartlist of dir_connection_t * from get_connection_array() * that satisfy conn_test on connection_t *conn_var, and dirconn_test on * dir_connection_t *dirconn_var. conn_var must be of CONN_TYPE_DIR and not @@ -5829,7 +5900,6 @@ connection_free_all(void) /* Unlink everything from the identity map. */ connection_or_clear_identity_map(); - connection_or_clear_ext_or_id_map(); /* Clear out our list of broken connections */ clear_broken_connection_map(0); @@ -5866,7 +5936,8 @@ clock_skew_warning, (const connection_t *conn, long apparent_skew, int trusted, char *ext_source = NULL, *warn = NULL; format_time_interval(dbuf, sizeof(dbuf), apparent_skew); if (conn) - tor_asprintf(&ext_source, "%s:%s:%d", source, conn->address, conn->port); + tor_asprintf(&ext_source, "%s:%s:%d", source, + fmt_and_decorate_addr(&conn->addr), conn->port); else ext_source = tor_strdup(source); log_fn(trusted ? LOG_WARN : LOG_INFO, domain, diff --git a/src/core/mainloop/connection.h b/src/core/mainloop/connection.h index 9dab28c3d9..8b378b15a4 100644 --- a/src/core/mainloop/connection.h +++ b/src/core/mainloop/connection.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -274,8 +274,8 @@ void connection_buf_add_compress(const char *string, size_t len, struct dir_connection_t *conn, int done); void connection_buf_add_buf(struct connection_t *conn, struct buf_t *buf); -size_t connection_get_inbuf_len(struct connection_t *conn); -size_t connection_get_outbuf_len(struct connection_t *conn); +size_t connection_get_inbuf_len(const struct connection_t *conn); +size_t connection_get_outbuf_len(const struct connection_t *conn); struct connection_t *connection_get_by_global_id(uint64_t id); struct connection_t *connection_get_by_type(int type); diff --git a/src/core/mainloop/cpuworker.c b/src/core/mainloop/cpuworker.c index 2ae7e9aaf2..39d4899075 100644 --- a/src/core/mainloop/cpuworker.c +++ b/src/core/mainloop/cpuworker.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -21,6 +21,8 @@ #include "core/or/channel.h" #include "core/or/circuitlist.h" #include "core/or/connection_or.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_flow.h" #include "app/config/config.h" #include "core/mainloop/cpuworker.h" #include "lib/crypt_ops/crypto_rand.h" @@ -30,6 +32,7 @@ #include "feature/relay/onion_queue.h" #include "feature/stats/rephist.h" #include "feature/relay/router.h" +#include "feature/nodelist/networkstatus.h" #include "lib/evloop/workqueue.h" #include "core/crypto/onion_crypto.h" @@ -73,8 +76,42 @@ worker_state_free_void(void *arg) static replyqueue_t *replyqueue = NULL; static threadpool_t *threadpool = NULL; -static int total_pending_tasks = 0; -static int max_pending_tasks = 128; +static uint32_t total_pending_tasks = 0; +static uint32_t max_pending_tasks = 128; + +/** Return the consensus parameter max pending tasks per CPU. */ +static uint32_t +get_max_pending_tasks_per_cpu(const networkstatus_t *ns) +{ +/* Total voodoo. Can we make this more sensible? Maybe, that is why we made it + * a consensus parameter so our future self can figure out this magic. */ +#define MAX_PENDING_TASKS_PER_CPU_DEFAULT 64 +#define MAX_PENDING_TASKS_PER_CPU_MIN 1 +#define MAX_PENDING_TASKS_PER_CPU_MAX INT32_MAX + + return networkstatus_get_param(ns, "max_pending_tasks_per_cpu", + MAX_PENDING_TASKS_PER_CPU_DEFAULT, + MAX_PENDING_TASKS_PER_CPU_MIN, + MAX_PENDING_TASKS_PER_CPU_MAX); +} + +/** Set the max pending tasks per CPU worker. This uses the consensus to check + * for the allowed number per CPU. The ns parameter can be NULL as in that no + * consensus is available at the time of setting this value. */ +static void +set_max_pending_tasks(const networkstatus_t *ns) +{ + max_pending_tasks = + get_num_cpus(get_options()) * get_max_pending_tasks_per_cpu(ns); +} + +/** Called when the consensus has changed. */ +void +cpuworker_consensus_has_changed(const networkstatus_t *ns) +{ + tor_assert(ns); + set_max_pending_tasks(ns); +} /** Initialize the cpuworker subsystem. It is OK to call this more than once * during Tor's lifetime. @@ -104,8 +141,17 @@ cpu_init(void) tor_assert(r == 0); } - /* Total voodoo. Can we make this more sensible? */ - max_pending_tasks = get_num_cpus(get_options()) * 64; + set_max_pending_tasks(NULL); +} + +/** Return the number of threads configured for our CPU worker. */ +unsigned int +cpuworker_get_n_threads(void) +{ + if (!threadpool) { + return 0; + } + return threadpool_get_n_threads(threadpool); } /** Magic numbers to make sure our cpuworker_requests don't grow any @@ -126,6 +172,11 @@ typedef struct cpuworker_request_t { /** A create cell for the cpuworker to process. */ create_cell_t create_cell; + /** + * A copy of this relay's consensus params that are relevant to + * the circuit, for use in negotiation. */ + circuit_params_t circ_ns_params; + /* Turn the above into a tagged union if needed. */ } cpuworker_request_t; @@ -158,6 +209,8 @@ typedef struct cpuworker_reply_t { uint8_t keys[CPATH_KEY_MATERIAL_LEN]; /** Input to use for authenticating introduce1 cells. */ uint8_t rend_auth_material[DIGEST_LEN]; + /** Negotiated circuit parameters. */ + circuit_params_t circ_params; } cpuworker_reply_t; typedef struct cpuworker_job_u_t { @@ -379,6 +432,18 @@ cpuworker_onion_handshake_replyfn(void *work_) goto done_processing; } + /* If the client asked for congestion control, if our consensus parameter + * allowed it to negotiate as enabled, allocate a congestion control obj. */ + if (rpl.circ_params.cc_enabled) { + if (get_options()->SbwsExit) { + TO_CIRCUIT(circ)->ccontrol = congestion_control_new(&rpl.circ_params, + CC_PATH_SBWS); + } else { + TO_CIRCUIT(circ)->ccontrol = congestion_control_new(&rpl.circ_params, + CC_PATH_EXIT); + } + } + if (onionskin_answer(circ, &rpl.created_cell, (const char*)rpl.keys, sizeof(rpl.keys), @@ -387,6 +452,7 @@ cpuworker_onion_handshake_replyfn(void *work_) circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL); goto done_processing; } + log_debug(LD_OR,"onionskin_answer succeeded. Yay."); done_processing: @@ -425,9 +491,12 @@ cpuworker_onion_handshake_threadfn(void *state_, void *work_) n = onion_skin_server_handshake(cc->handshake_type, cc->onionskin, cc->handshake_len, onion_keys, + &req.circ_ns_params, cell_out->reply, + sizeof(cell_out->reply), rpl.keys, CPATH_KEY_MATERIAL_LEN, - rpl.rend_auth_material); + rpl.rend_auth_material, + &rpl.circ_params); if (n < 0) { /* failure */ log_debug(LD_OR,"onion_skin_server_handshake failed."); @@ -450,6 +519,7 @@ cpuworker_onion_handshake_threadfn(void *state_, void *work_) } rpl.success = 1; } + rpl.magic = CPUWORKER_REPLY_MAGIC; if (req.timed) { struct timeval tv_diff; @@ -550,6 +620,11 @@ assign_onionskin_to_cpuworker(or_circuit_t *circ, if (should_time) tor_gettimeofday(&req.started_at); + /* Copy the current cached consensus params relevant to + * circuit negotiation into the CPU worker context */ + req.circ_ns_params.cc_enabled = congestion_control_enabled(); + req.circ_ns_params.sendme_inc_cells = congestion_control_sendme_inc(); + job = tor_malloc_zero(sizeof(cpuworker_job_t)); job->circ = circ; memcpy(&job->u.request, &req, sizeof(req)); diff --git a/src/core/mainloop/cpuworker.h b/src/core/mainloop/cpuworker.h index 7e71961750..9eee287c1f 100644 --- a/src/core/mainloop/cpuworker.h +++ b/src/core/mainloop/cpuworker.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -12,8 +12,13 @@ #ifndef TOR_CPUWORKER_H #define TOR_CPUWORKER_H +#include "feature/nodelist/networkstatus_st.h" + void cpu_init(void); void cpuworkers_rotate_keyinfo(void); + +void cpuworker_consensus_has_changed(const networkstatus_t *ns); + struct workqueue_entry_t; enum workqueue_reply_t; enum workqueue_priority_t; @@ -33,5 +38,7 @@ void cpuworker_log_onionskin_overhead(int severity, int onionskin_type, const char *onionskin_type_name); void cpuworker_cancel_circ_handshake(or_circuit_t *circ); +unsigned int cpuworker_get_n_threads(void); + #endif /* !defined(TOR_CPUWORKER_H) */ diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c index 77ab6f26c8..526f8c37af 100644 --- a/src/core/mainloop/mainloop.c +++ b/src/core/mainloop/mainloop.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -91,8 +91,6 @@ #include "feature/relay/routerkeys.h" #include "feature/relay/routermode.h" #include "feature/relay/selftest.h" -#include "feature/rend/rendcache.h" -#include "feature/rend/rendservice.h" #include "feature/stats/geoip_stats.h" #include "feature/stats/predict_ports.h" #include "feature/stats/connstats.h" @@ -643,6 +641,13 @@ connection_start_reading,(connection_t *conn)) if (connection_should_read_from_linked_conn(conn)) connection_start_reading_from_linked_conn(conn); } else { + if (CONN_IS_EDGE(conn) && TO_EDGE_CONN(conn)->xoff_received) { + /* We should not get called here if we're waiting for an XON, but + * belt-and-suspenders */ + log_info(LD_NET, + "Request to start reading on an edgeconn blocked with XOFF"); + return; + } if (event_add(conn->read_event, NULL)) log_warn(LD_NET, "Error from libevent setting read event state for %d " "to watched: %s", @@ -1148,7 +1153,7 @@ directory_info_has_arrived(time_t now, int from_cache, int suppress_logs) if (server_mode(options) && !net_is_disabled() && !from_cache && (have_completed_a_circuit() || !any_predicted_circuits(now))) - router_do_reachability_checks(1, 1); + router_do_reachability_checks(); } /** Perform regular maintenance tasks for a single connection. This @@ -1224,7 +1229,7 @@ run_connection_housekeeping(int i, time_t now) * mark it now. */ log_info(LD_OR, "Expiring non-used OR connection to fd %d (%s:%d) [Too old].", - (int)conn->s, conn->address, conn->port); + (int)conn->s, fmt_and_decorate_addr(&conn->addr), conn->port); if (conn->state == OR_CONN_STATE_CONNECTING) connection_or_connect_failed(TO_OR_CONN(conn), END_OR_CONN_REASON_TIMEOUT, @@ -1234,7 +1239,7 @@ run_connection_housekeeping(int i, time_t now) if (past_keepalive) { /* We never managed to actually get this connection open and happy. */ log_info(LD_OR,"Expiring non-open OR connection to fd %d (%s:%d).", - (int)conn->s,conn->address, conn->port); + (int)conn->s, fmt_and_decorate_addr(&conn->addr), conn->port); connection_or_close_normally(TO_OR_CONN(conn), 0); } } else if (we_are_hibernating() && @@ -1244,7 +1249,7 @@ run_connection_housekeeping(int i, time_t now) * flush.*/ log_info(LD_OR,"Expiring non-used OR connection to fd %d (%s:%d) " "[Hibernating or exiting].", - (int)conn->s,conn->address, conn->port); + (int)conn->s, fmt_and_decorate_addr(&conn->addr), conn->port); connection_or_close_normally(TO_OR_CONN(conn), 1); } else if (!have_any_circuits && now - or_conn->idle_timeout >= @@ -1252,7 +1257,7 @@ run_connection_housekeeping(int i, time_t now) log_info(LD_OR,"Expiring non-used OR connection %"PRIu64" to fd %d " "(%s:%d) [no circuits for %d; timeout %d; %scanonical].", (chan->global_identifier), - (int)conn->s, conn->address, conn->port, + (int)conn->s, fmt_and_decorate_addr(&conn->addr), conn->port, (int)(now - chan->timestamp_last_had_circuits), or_conn->idle_timeout, or_conn->is_canonical ? "" : "non"); @@ -1264,14 +1269,14 @@ run_connection_housekeeping(int i, time_t now) log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL, "Expiring stuck OR connection to fd %d (%s:%d). (%d bytes to " "flush; %d seconds since last write)", - (int)conn->s, conn->address, conn->port, + (int)conn->s, fmt_and_decorate_addr(&conn->addr), conn->port, (int)connection_get_outbuf_len(conn), (int)(now-conn->timestamp_last_write_allowed)); connection_or_close_normally(TO_OR_CONN(conn), 0); } else if (past_keepalive && !connection_get_outbuf_len(conn)) { /* send a padding cell */ log_fn(LOG_DEBUG,LD_OR,"Sending keepalive to (%s:%d)", - conn->address, conn->port); + fmt_and_decorate_addr(&conn->addr), conn->port); memset(&cell,0,sizeof(cell_t)); cell.command = CELL_PADDING; connection_or_write_cell_to_buf(&cell, or_conn); @@ -1295,6 +1300,7 @@ signewnym_impl(time_t now) circuit_mark_all_dirty_circs_as_unusable(); addressmap_clear_transient(); hs_client_purge_state(); + purge_vanguards_lite(); time_of_last_signewnym = now; signewnym_is_pending = 0; @@ -1372,6 +1378,7 @@ CALLBACK(save_state); CALLBACK(write_stats_file); CALLBACK(control_per_second_events); CALLBACK(second_elapsed); +CALLBACK(manage_vglite); #undef CALLBACK @@ -1394,6 +1401,9 @@ STATIC periodic_event_item_t mainloop_periodic_events[] = { CALLBACK(second_elapsed, NET_PARTICIPANT, FL(RUN_ON_DISABLE)), + /* Update vanguards-lite once per hour, if we have networking */ + CALLBACK(manage_vglite, NET_PARTICIPANT, FL(NEED_NET)), + /* XXXX Do we have a reason to do this on a callback? Does it do any good at * all? For now, if we're dormant, we can let our listeners decay. */ CALLBACK(retry_listeners, NET_PARTICIPANT, FL(NEED_NET)), @@ -1468,8 +1478,7 @@ get_my_roles(const or_options_t *options) int is_relay = server_mode(options); int is_dirauth = authdir_mode_v3(options); int is_bridgeauth = authdir_mode_bridge(options); - int is_hidden_service = !!hs_service_get_num_services() || - !!rend_num_services(); + int is_hidden_service = !!hs_service_get_num_services(); int is_dirserver = dir_server_mode(options); int sending_control_events = control_any_per_second_event_enabled(); @@ -1665,6 +1674,21 @@ mainloop_schedule_shutdown(int delay_sec) mainloop_event_schedule(scheduled_shutdown_ev, &delay_tv); } +/** + * Update vanguards-lite layer2 nodes, once every 15 minutes + */ +static int +manage_vglite_callback(time_t now, const or_options_t *options) +{ + (void)now; + (void)options; +#define VANGUARDS_LITE_INTERVAL (15*60) + + maintain_layer2_guards(); + + return VANGUARDS_LITE_INTERVAL; +} + /** Perform regular maintenance tasks. This function gets run once per * second. */ @@ -1823,10 +1847,16 @@ check_network_participation_callback(time_t now, const or_options_t *options) goto found_activity; } + /* If we aren't allowed to become dormant, then participation doesn't + matter */ + if (! options->DormantTimeoutEnabled) { + goto found_activity; + } + /* If we're running an onion service, we can't become dormant. */ /* XXXX this would be nice to change, so that we can be dormant with a * service. */ - if (hs_service_get_num_services() || rend_num_services()) { + if (hs_service_get_num_services()) { goto found_activity; } @@ -1937,7 +1967,11 @@ write_stats_file_callback(time_t now, const or_options_t *options) next_time_to_write_stats_files = next_write; } if (options->HiddenServiceStatistics) { - time_t next_write = rep_hist_hs_stats_write(now); + time_t next_write = rep_hist_hs_stats_write(now, false); + if (next_write && next_write < next_time_to_write_stats_files) + next_time_to_write_stats_files = next_write; + + next_write = rep_hist_hs_stats_write(now, true); if (next_write && next_write < next_time_to_write_stats_files) next_time_to_write_stats_files = next_write; } @@ -2009,7 +2043,6 @@ clean_caches_callback(time_t now, const or_options_t *options) { /* Remove old information from rephist and the rend cache. */ rep_history_clean(now - options->RephistTrackTime); - rend_cache_clean(now, REND_CACHE_TYPE_SERVICE); hs_cache_clean_as_client(now); hs_cache_clean_as_dir(now); microdesc_cache_rebuild(NULL, 0); @@ -2028,7 +2061,6 @@ rend_cache_failure_clean_callback(time_t now, const or_options_t *options) /* We don't keep entries that are more than five minutes old so we try to * clean it as soon as we can since we want to make sure the client waits * as little as possible for reachability reasons. */ - rend_cache_failure_clean(now); hs_cache_client_intro_state_clean(now); return 30; } diff --git a/src/core/mainloop/mainloop.h b/src/core/mainloop/mainloop.h index 1ddfec2162..98d0b3a058 100644 --- a/src/core/mainloop/mainloop.h +++ b/src/core/mainloop/mainloop.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/mainloop/mainloop_pubsub.c b/src/core/mainloop/mainloop_pubsub.c index 0e982d4c40..1e72ada5f0 100644 --- a/src/core/mainloop/mainloop_pubsub.c +++ b/src/core/mainloop/mainloop_pubsub.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/mainloop/mainloop_pubsub.h b/src/core/mainloop/mainloop_pubsub.h index 3698fd8d03..481e0cd585 100644 --- a/src/core/mainloop/mainloop_pubsub.h +++ b/src/core/mainloop/mainloop_pubsub.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/mainloop/mainloop_state_st.h b/src/core/mainloop/mainloop_state_st.h index 5649b536f9..461f0220d3 100644 --- a/src/core/mainloop/mainloop_state_st.h +++ b/src/core/mainloop/mainloop_state_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/mainloop/mainloop_sys.c b/src/core/mainloop/mainloop_sys.c index 884bae1c59..b50053fce9 100644 --- a/src/core/mainloop/mainloop_sys.c +++ b/src/core/mainloop/mainloop_sys.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/mainloop/mainloop_sys.h b/src/core/mainloop/mainloop_sys.h index b3ade33cd1..2fc2d85fc9 100644 --- a/src/core/mainloop/mainloop_sys.h +++ b/src/core/mainloop/mainloop_sys.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/mainloop/netstatus.c b/src/core/mainloop/netstatus.c index 7367c68219..b833149151 100644 --- a/src/core/mainloop/netstatus.c +++ b/src/core/mainloop/netstatus.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -154,6 +154,9 @@ netstatus_load_from_state(const mainloop_state_t *state, time_t now) last_activity = now; participating_on_network = true; } + if (! get_options()->DormantTimeoutEnabled) { + participating_on_network = true; + } reset_user_activity(last_activity); } diff --git a/src/core/mainloop/netstatus.h b/src/core/mainloop/netstatus.h index 5f54e54553..d2070fb87a 100644 --- a/src/core/mainloop/netstatus.h +++ b/src/core/mainloop/netstatus.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/mainloop/periodic.c b/src/core/mainloop/periodic.c index 29cf8c4831..36ffabfc48 100644 --- a/src/core/mainloop/periodic.c +++ b/src/core/mainloop/periodic.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ +/* Copyright (c) 2015-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/mainloop/periodic.h b/src/core/mainloop/periodic.h index de556a6bdb..be62b77f23 100644 --- a/src/core/mainloop/periodic.h +++ b/src/core/mainloop/periodic.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ +/* Copyright (c) 2015-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/addr_policy_st.h b/src/core/or/addr_policy_st.h index 08d16ee616..4ced25f708 100644 --- a/src/core/or/addr_policy_st.h +++ b/src/core/or/addr_policy_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/address_set.c b/src/core/or/address_set.c index 9bd3cc0f2d..909876d615 100644 --- a/src/core/or/address_set.c +++ b/src/core/or/address_set.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/address_set.h b/src/core/or/address_set.h index b4d94b65a9..3c5b55cf5f 100644 --- a/src/core/or/address_set.h +++ b/src/core/or/address_set.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/cell_queue_st.h b/src/core/or/cell_queue_st.h index 0681dba1b8..30a4d028fa 100644 --- a/src/core/or/cell_queue_st.h +++ b/src/core/or/cell_queue_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/cell_st.h b/src/core/or/cell_st.h index a640d6a456..77e12c0c2c 100644 --- a/src/core/or/cell_st.h +++ b/src/core/or/cell_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/channel.c b/src/core/or/channel.c index 1ac029c152..c46fa93e58 100644 --- a/src/core/or/channel.c +++ b/src/core/or/channel.c @@ -1,4 +1,4 @@ -/* * Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* * Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -71,12 +71,12 @@ #include "core/or/relay.h" #include "core/or/scheduler.h" #include "feature/client/entrynodes.h" +#include "feature/hs/hs_service.h" #include "feature/nodelist/dirlist.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerlist.h" #include "feature/relay/router.h" -#include "feature/rend/rendservice.h" #include "feature/stats/geoip_stats.h" #include "feature/stats/rephist.h" #include "lib/evloop/timers.h" @@ -1897,7 +1897,7 @@ channel_do_open_actions(channel_t *chan) if (!get_options()->ConnectionPadding) { /* Disable if torrc disabled */ channelpadding_disable_padding_on_channel(chan); - } else if (rend_service_allow_non_anonymous_connection(get_options()) && + } else if (hs_service_allow_non_anonymous_connection(get_options()) && !networkstatus_get_param(NULL, CHANNELPADDING_SOS_PARAM, CHANNELPADDING_SOS_DEFAULT, 0, 1)) { @@ -2629,24 +2629,42 @@ channel_dump_statistics, (channel_t *chan, int severity)) circuitmux_num_circuits(chan->cmux) : 0); /* Describe timestamps */ - tor_log(severity, LD_GENERAL, - " * Channel %"PRIu64 " was last used by a " - "client at %"PRIu64 " (%"PRIu64 " seconds ago)", - (chan->global_identifier), - (uint64_t)(chan->timestamp_client), - (uint64_t)(now - chan->timestamp_client)); - tor_log(severity, LD_GENERAL, - " * Channel %"PRIu64 " last received a cell " - "at %"PRIu64 " (%"PRIu64 " seconds ago)", - (chan->global_identifier), - (uint64_t)(chan->timestamp_recv), - (uint64_t)(now - chan->timestamp_recv)); - tor_log(severity, LD_GENERAL, - " * Channel %"PRIu64 " last transmitted a cell " - "at %"PRIu64 " (%"PRIu64 " seconds ago)", - (chan->global_identifier), - (uint64_t)(chan->timestamp_xmit), - (uint64_t)(now - chan->timestamp_xmit)); + if (chan->timestamp_client == 0) { + tor_log(severity, LD_GENERAL, + " * Channel %"PRIu64 " was never used by a " + "client", (chan->global_identifier)); + } else { + tor_log(severity, LD_GENERAL, + " * Channel %"PRIu64 " was last used by a " + "client at %"PRIu64 " (%"PRIu64 " seconds ago)", + (chan->global_identifier), + (uint64_t)(chan->timestamp_client), + (uint64_t)(now - chan->timestamp_client)); + } + if (chan->timestamp_recv == 0) { + tor_log(severity, LD_GENERAL, + " * Channel %"PRIu64 " never received a cell", + (chan->global_identifier)); + } else { + tor_log(severity, LD_GENERAL, + " * Channel %"PRIu64 " last received a cell " + "at %"PRIu64 " (%"PRIu64 " seconds ago)", + (chan->global_identifier), + (uint64_t)(chan->timestamp_recv), + (uint64_t)(now - chan->timestamp_recv)); + } + if (chan->timestamp_xmit == 0) { + tor_log(severity, LD_GENERAL, + " * Channel %"PRIu64 " never transmitted a cell", + (chan->global_identifier)); + } else { + tor_log(severity, LD_GENERAL, + " * Channel %"PRIu64 " last transmitted a cell " + "at %"PRIu64 " (%"PRIu64 " seconds ago)", + (chan->global_identifier), + (uint64_t)(chan->timestamp_xmit), + (uint64_t)(now - chan->timestamp_xmit)); + } /* Describe counters and rates */ tor_log(severity, LD_GENERAL, diff --git a/src/core/or/channel.h b/src/core/or/channel.h index a1517aee37..cd867477d1 100644 --- a/src/core/or/channel.h +++ b/src/core/or/channel.h @@ -1,4 +1,4 @@ -/* * Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* * Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/channelpadding.c b/src/core/or/channelpadding.c index d4c19491ac..1f559f6c42 100644 --- a/src/core/or/channelpadding.c +++ b/src/core/or/channelpadding.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -27,8 +27,8 @@ #include "feature/relay/router.h" #include "feature/relay/routermode.h" #include "lib/time/compat_time.h" -#include "feature/rend/rendservice.h" #include "lib/evloop/timers.h" +#include "feature/hs/hs_service.h" #include "core/or/cell_st.h" #include "core/or/or_connection_st.h" @@ -744,7 +744,7 @@ channelpadding_decide_to_pad_channel(channel_t *chan) return CHANNELPADDING_WONTPAD; } - if (rend_service_allow_non_anonymous_connection(options) && + if (hs_service_allow_non_anonymous_connection(options) && !consensus_nf_pad_single_onion) { /* If the consensus just changed values, this channel may still * think padding is enabled. Negotiate it off. */ diff --git a/src/core/or/channelpadding.h b/src/core/or/channelpadding.h index 9246988cdc..23f4210ab7 100644 --- a/src/core/or/channelpadding.h +++ b/src/core/or/channelpadding.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c index dd5e42c47f..9db8e2392d 100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@ -1,4 +1,4 @@ -/* * Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* * Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -64,6 +64,7 @@ #include "trunnel/netinfo.h" #include "core/or/channelpadding.h" #include "core/or/extendinfo.h" +#include "core/or/congestion_control_common.h" #include "core/or/cell_st.h" #include "core/or/cell_queue_st.h" @@ -72,7 +73,7 @@ #include "core/or/or_handshake_state_st.h" #include "feature/nodelist/routerinfo_st.h" #include "core/or/var_cell_st.h" -#include "src/feature/relay/relay_find_addr.h" +#include "feature/relay/relay_find_addr.h" #include "lib/tls/tortls.h" #include "lib/tls/x509.h" @@ -793,7 +794,7 @@ channel_tls_num_cells_writeable_method(channel_t *chan) cell_network_size = get_cell_network_size(tlschan->conn->wide_circ_ids); outbuf_len = connection_get_outbuf_len(TO_CONN(tlschan->conn)); /* Get the number of cells */ - n = CEIL_DIV(OR_CONN_HIGHWATER - outbuf_len, cell_network_size); + n = CEIL_DIV(or_conn_highwatermark() - outbuf_len, cell_network_size); if (n < 0) n = 0; #if SIZEOF_SIZE_T > SIZEOF_INT if (n > INT_MAX) n = INT_MAX; diff --git a/src/core/or/channeltls.h b/src/core/or/channeltls.h index e7010a51fc..67dee94847 100644 --- a/src/core/or/channeltls.h +++ b/src/core/or/channeltls.h @@ -1,4 +1,4 @@ -/* * Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* * Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/circuit_st.h b/src/core/or/circuit_st.h index 35d214ce08..be6429438a 100644 --- a/src/core/or/circuit_st.h +++ b/src/core/or/circuit_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -22,6 +22,7 @@ struct hs_token_t; struct circpad_machine_spec_t; struct circpad_machine_runtime_t; +struct congestion_control_t; /** Number of padding state machines on a circuit. */ #define CIRCPAD_MAX_MACHINES (2) @@ -244,6 +245,9 @@ struct circuit_t { * that STOP commands actually correspond to the current machine, * and not a previous one. */ uint32_t padding_machine_ctr; + + /** Congestion control fields */ + struct congestion_control_t *ccontrol; }; #endif /* !defined(CIRCUIT_ST_H) */ diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index 78501c0aa2..511df4112b 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -69,10 +69,10 @@ #include "feature/relay/router.h" #include "feature/relay/routermode.h" #include "feature/relay/selftest.h" -#include "feature/rend/rendcommon.h" #include "feature/stats/predict_ports.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/trace/events.h" +#include "core/or/congestion_control_common.h" #include "core/or/cell_st.h" #include "core/or/cpath_build_state_st.h" @@ -82,6 +82,9 @@ #include "core/or/or_circuit_st.h" #include "core/or/origin_circuit_st.h" +#include "trunnel/extension.h" +#include "trunnel/congestion_control.h" + static int circuit_send_first_onion_skin(origin_circuit_t *circ); static int circuit_build_no_more_hops(origin_circuit_t *circ); static int circuit_send_intermediate_onion_skin(origin_circuit_t *circ, @@ -842,7 +845,13 @@ circuit_pick_create_handshake(uint8_t *cell_type_out, * using the TAP handshake, and CREATE2 otherwise. */ if (extend_info_supports_ntor(ei)) { *cell_type_out = CELL_CREATE2; - *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR; + /* Only use ntor v3 with exits that support congestion control, + * and only when it is enabled. */ + if (ei->exit_supports_congestion_control && + congestion_control_enabled()) + *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR_V3; + else + *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR; } else { /* XXXX030 Remove support for deciding to use TAP and EXTEND. */ *cell_type_out = CELL_CREATE; @@ -996,7 +1005,8 @@ circuit_send_first_onion_skin(origin_circuit_t *circ) len = onion_skin_create(cc.handshake_type, circ->cpath->extend_info, &circ->cpath->handshake_state, - cc.onionskin); + cc.onionskin, + sizeof(cc.onionskin)); if (len < 0) { log_warn(LD_CIRC,"onion_skin_create (first hop) failed."); return - END_CIRC_REASON_INTERNAL; @@ -1078,7 +1088,7 @@ circuit_build_no_more_hops(origin_circuit_t *circ) clear_broken_connection_map(1); if (server_mode(options) && !router_all_orports_seem_reachable(options)) { - router_do_reachability_checks(1, 1); + router_do_reachability_checks(); } } @@ -1143,7 +1153,8 @@ circuit_send_intermediate_onion_skin(origin_circuit_t *circ, len = onion_skin_create(ec.create_cell.handshake_type, hop->extend_info, &hop->handshake_state, - ec.create_cell.onionskin); + ec.create_cell.onionskin, + sizeof(ec.create_cell.onionskin)); if (len < 0) { log_warn(LD_CIRC,"onion_skin_create failed."); return - END_CIRC_REASON_INTERNAL; @@ -1241,6 +1252,7 @@ circuit_finish_handshake(origin_circuit_t *circ, } tor_assert(hop->state == CPATH_STATE_AWAITING_KEYS); + circuit_params_t params; { const char *msg = NULL; if (onion_skin_client_handshake(hop->handshake_state.tag, @@ -1248,6 +1260,7 @@ circuit_finish_handshake(origin_circuit_t *circ, reply->reply, reply->handshake_len, (uint8_t*)keys, sizeof(keys), (uint8_t*)hop->rend_circ_nonce, + ¶ms, &msg) < 0) { if (msg) log_warn(LD_CIRC,"onion_skin_client_handshake failed: %s", msg); @@ -1261,6 +1274,40 @@ circuit_finish_handshake(origin_circuit_t *circ, return -END_CIRC_REASON_TORPROTOCOL; } + if (params.cc_enabled) { + int circ_len = circuit_get_cpath_len(circ); + + if (circ_len == DEFAULT_ROUTE_LEN && + circuit_get_cpath_hop(circ, DEFAULT_ROUTE_LEN) == hop) { + hop->ccontrol = congestion_control_new(¶ms, CC_PATH_EXIT); + } else if (circ_len == SBWS_ROUTE_LEN && + circuit_get_cpath_hop(circ, SBWS_ROUTE_LEN) == hop) { + hop->ccontrol = congestion_control_new(¶ms, CC_PATH_SBWS); + } else { + if (circ_len > DEFAULT_ROUTE_LEN) { + /* This can happen for unknown reasons; cannibalization codepaths + * don't seem able to do it, so there is some magic way that hops can + * still get added. Perhaps some cases of circuit pre-build that change + * purpose? */ + log_info(LD_CIRC, + "Unexpected path length %d for exit circuit %d, purpose %d", + circ_len, circ->global_identifier, + TO_CIRCUIT(circ)->purpose); + hop->ccontrol = congestion_control_new(¶ms, CC_PATH_EXIT); + } else { + /* This is likely directory requests, which should block on orconn + * before congestion control, but lets give them the lower sbws + * param set anyway just in case. */ + log_info(LD_CIRC, + "Unexpected path length %d for exit circuit %d, purpose %d", + circ_len, circ->global_identifier, + TO_CIRCUIT(circ)->purpose); + + hop->ccontrol = congestion_control_new(¶ms, CC_PATH_SBWS); + } + } + } + hop->state = CPATH_STATE_OPEN; log_info(LD_CIRC,"Finished building circuit hop:"); circuit_log_path(LOG_INFO,LD_CIRC,circ); @@ -1339,16 +1386,13 @@ circuit_truncated(origin_circuit_t *circ, int reason) * CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) * * - A hidden service connecting to a rendezvous point, which the - * client picked (CIRCUIT_PURPOSE_S_CONNECT_REND, via - * rend_service_receive_introduction() and - * rend_service_relaunch_rendezvous) + * client picked (CIRCUIT_PURPOSE_S_CONNECT_REND. * * There are currently two situations where we picked the exit node * ourselves, making DEFAULT_ROUTE_LEN a safe circuit length: * * - We are a hidden service connecting to an introduction point - * (CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, via - * rend_service_launch_establish_intro()) + * (CIRCUIT_PURPOSE_S_ESTABLISH_INTRO). * * - We are a router testing its own reachabiity * (CIRCUIT_PURPOSE_TESTING, via router_do_reachability_checks()) @@ -1363,7 +1407,9 @@ route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei) int routelen = DEFAULT_ROUTE_LEN; int known_purpose = 0; - if (circuit_should_use_vanguards(purpose)) { + /* If we're using L3 vanguards, we need longer paths for onion services */ + if (circuit_purpose_is_hidden_service(purpose) && + get_options()->HSLayer3Nodes) { /* Clients want an extra hop for rends to avoid linkability. * Services want it for intro points to avoid publishing their * layer3 guards. They want it for hsdir posts to use @@ -1378,14 +1424,6 @@ route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei) purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) return routelen+1; - /* If we only have Layer2 vanguards, then we do not need - * the extra hop for linkabilty reasons (see below). - * This means all hops can be of the form: - * S/C - G - L2 - M - R/HSDir/I - */ - if (get_options()->HSLayer2Nodes && !get_options()->HSLayer3Nodes) - return routelen+1; - /* For connections to hsdirs, clients want two extra hops * when using layer3 guards, to avoid linkability. * Same goes for intro points. Note that the route len @@ -1404,16 +1442,14 @@ route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei) return routelen; switch (purpose) { - /* These two purposes connect to a router that we chose, so - * DEFAULT_ROUTE_LEN is safe. */ - case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO: - /* hidden service connecting to introduction point */ + /* These purposes connect to a router that we chose, so DEFAULT_ROUTE_LEN + * is safe: */ case CIRCUIT_PURPOSE_TESTING: /* router reachability testing */ known_purpose = 1; break; - /* These three purposes connect to a router that someone else + /* These purposes connect to a router that someone else * might have chosen, so add an extra hop to protect anonymity. */ case CIRCUIT_PURPOSE_C_GENERAL: case CIRCUIT_PURPOSE_C_HSDIR_GET: @@ -1423,6 +1459,9 @@ route_len_for_purpose(uint8_t purpose, extend_info_t *exit_ei) /* client connecting to introduction point */ case CIRCUIT_PURPOSE_S_CONNECT_REND: /* hidden service connecting to rendezvous point */ + case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO: + /* hidden service connecting to intro point. In this case we want an extra + hop to avoid linkability attacks by the introduction point. */ known_purpose = 1; routelen++; break; @@ -2023,7 +2062,7 @@ cpath_build_state_to_crn_ipv6_extend_flag(const cpath_build_state_t *state, } /** Decide a suitable length for circ's cpath, and pick an exit - * router (or use <b>exit</b> if provided). Store these in the + * router (or use <b>exit_ei</b> if provided). Store these in the * cpath. * * If <b>is_hs_v3_rp_circuit</b> is set, then this exit should be suitable to @@ -2038,7 +2077,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei, if (state->onehop_tunnel) { log_debug(LD_CIRC, "Launching a one-hop circuit for dir tunnel%s.", - (rend_allow_non_anonymous_connection(get_options()) ? + (hs_service_allow_non_anonymous_connection(get_options()) ? ", or intro or rendezvous connection" : "")); state->desired_path_len = 1; } else { @@ -2068,7 +2107,10 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei, log_warn(LD_CIRC,"Failed to choose an exit server"); return -1; } - exit_ei = extend_info_from_node(node, state->onehop_tunnel); + exit_ei = extend_info_from_node(node, state->onehop_tunnel, + /* for_exit_use */ + !state->is_internal && TO_CIRCUIT(circ)->purpose == + CIRCUIT_PURPOSE_C_GENERAL); if (BUG(exit_ei == NULL)) return -1; } @@ -2076,7 +2118,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei, return 0; } -/** Give <b>circ</b> a new exit destination to <b>exit</b>, and add a +/** Give <b>circ</b> a new exit destination to <b>exit_ei</b>, and add a * hop to the cpath reflecting this. Don't send the next extend cell -- * the caller will do this if it wants to. */ @@ -2118,8 +2160,6 @@ circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit_ei) return -1; } - // XXX: Should cannibalized circuits be dirty or not? Not easy to say.. - return 0; } @@ -2265,8 +2305,14 @@ middle_node_must_be_vanguard(const or_options_t *options, return 0; } - /* If we have sticky L2 nodes, and this is an L2 pick, use vanguards */ - if (options->HSLayer2Nodes && cur_len == 1) { + /* Don't even bother if the feature is disabled */ + if (!vanguards_lite_is_enabled()) { + return 0; + } + + /* If we are a hidden service circuit, always use either vanguards-lite + * or HSLayer2Nodes for 2nd hop. */ + if (cur_len == 1) { return 1; } @@ -2290,7 +2336,8 @@ pick_vanguard_middle_node(const or_options_t *options, /* Pick the right routerset based on the current hop */ if (cur_len == 1) { - vanguard_routerset = options->HSLayer2Nodes; + vanguard_routerset = options->HSLayer2Nodes ? + options->HSLayer2Nodes : get_layer2_guards(); } else if (cur_len == 2) { vanguard_routerset = options->HSLayer3Nodes; } else { @@ -2299,6 +2346,10 @@ pick_vanguard_middle_node(const or_options_t *options, return NULL; } + if (BUG(!vanguard_routerset)) { + return NULL; + } + node = pick_restricted_middle_node(flags, vanguard_routerset, options->ExcludeNodes, excluded, cur_len+1); @@ -2455,7 +2506,7 @@ onion_extend_cpath(origin_circuit_t *circ) primary address, for potentially connecting to an IPv6 OR port. Servers always want the primary (IPv4) address. */ int client = (server_mode(get_options()) == 0); - info = extend_info_from_node(r, client); + info = extend_info_from_node(r, client, false); /* Clients can fail to find an allowed address */ tor_assert_nonfatal(info || client); } @@ -2463,13 +2514,24 @@ onion_extend_cpath(origin_circuit_t *circ) const node_t *r = choose_good_middle_server(purpose, state, circ->cpath, cur_len); if (r) { - info = extend_info_from_node(r, 0); + info = extend_info_from_node(r, 0, false); } } if (!info) { - log_warn(LD_CIRC,"Failed to find node for hop #%d of our path. Discarding " - "this circuit.", cur_len+1); + /* This can happen on first startup, possibly due to insufficient relays + * downloaded to pick vanguards-lite layer2 nodes, or other ephemeral + * reasons. It only happens briefly, is hard to reproduce, and then goes + * away for ever. :/ */ + if (!router_have_minimum_dir_info()) { + log_info(LD_CIRC, + "Failed to find node for hop #%d of our path. Discarding " + "this circuit.", cur_len+1); + } else { + log_notice(LD_CIRC, + "Failed to find node for hop #%d of our path. Discarding " + "this circuit.", cur_len+1); + } return -1; } @@ -2573,3 +2635,25 @@ circuit_upgrade_circuits_from_guard_wait(void) smartlist_free(to_upgrade); } + +/** + * Try to generate a circuit-negotiation message for communication with a + * given relay. Assumes we are using ntor v3, or some later version that + * supports parameter negotiatoin. + * + * On success, return 0 and pass back a message in the `out` parameters. + * Otherwise, return -1. + **/ +int +client_circ_negotiation_message(const extend_info_t *ei, + uint8_t **msg_out, + size_t *msg_len_out) +{ + tor_assert(ei && msg_out && msg_len_out); + + if (!ei->exit_supports_congestion_control) { + return -1; + } + + return congestion_control_build_ext_request(msg_out, msg_len_out); +} diff --git a/src/core/or/circuitbuild.h b/src/core/or/circuitbuild.h index 0cd1eb4f45..a66c611132 100644 --- a/src/core/or/circuitbuild.h +++ b/src/core/or/circuitbuild.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -64,6 +64,10 @@ circuit_deliver_create_cell,(circuit_t *circ, const struct create_cell_t *create_cell, int relayed)); +int client_circ_negotiation_message(const extend_info_t *ei, + uint8_t **msg_out, + size_t *msg_len_out); + #ifdef CIRCUITBUILD_PRIVATE STATIC circid_t get_unique_circ_id_by_chan(channel_t *chan); STATIC int new_route_len(uint8_t purpose, extend_info_t *exit_ei, diff --git a/src/core/or/circuitlist.c b/src/core/or/circuitlist.c index bd36683880..50dc2ee338 100644 --- a/src/core/or/circuitlist.c +++ b/src/core/or/circuitlist.c @@ -1,7 +1,7 @@ /* Copyright 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -43,7 +43,6 @@ * For hidden services, we need to be able to look up introduction point * circuits and rendezvous circuits by cookie, key, etc. These are * currently handled with linear searches in - * circuit_get_ready_rend_circuit_by_rend_data(), * circuit_get_next_by_pk_and_purpose(), and with hash lookups in * circuit_get_rendezvous() and circuit_get_intro_point(). * @@ -65,6 +64,7 @@ #include "core/or/circuitpadding.h" #include "core/or/crypt_path.h" #include "core/or/extendinfo.h" +#include "core/or/status.h" #include "core/or/trace_probes_circuit.h" #include "core/mainloop/connection.h" #include "app/config/config.h" @@ -77,6 +77,7 @@ #include "feature/dircommon/directory.h" #include "feature/client/entrynodes.h" #include "core/mainloop/mainloop.h" +#include "feature/hs/hs_cache.h" #include "feature/hs/hs_circuit.h" #include "feature/hs/hs_circuitmap.h" #include "feature/hs/hs_ident.h" @@ -88,7 +89,6 @@ #include "core/or/policies.h" #include "core/or/relay.h" #include "core/crypto/relay_crypto.h" -#include "feature/rend/rendclient.h" #include "feature/rend/rendcommon.h" #include "feature/stats/predict_ports.h" #include "feature/stats/bwhist.h" @@ -101,6 +101,9 @@ #include "lib/compress/compress_zlib.h" #include "lib/compress/compress_zstd.h" #include "lib/buf/buffers.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_st.h" +#include "lib/math/stats.h" #include "core/or/ocirc_event.h" @@ -135,7 +138,6 @@ static smartlist_t *circuits_pending_other_guards = NULL; * circuit_mark_for_close and which are waiting for circuit_about_to_free. */ static smartlist_t *circuits_pending_close = NULL; -static void cpath_ref_decref(crypt_path_reference_t *cpath_ref); static void circuit_about_to_free_atexit(circuit_t *circ); static void circuit_about_to_free(circuit_t *circ); @@ -147,6 +149,13 @@ static void circuit_about_to_free(circuit_t *circ); */ static int any_opened_circs_cached_val = 0; +/** Moving average of the cc->cwnd from each closed circuit. */ +double cc_stats_circ_close_cwnd_ma = 0; +/** Moving average of the cc->cwnd from each closed slow-start circuit. */ +double cc_stats_circ_close_ss_cwnd_ma = 0; + +uint64_t cc_stats_circs_closed = 0; + /********* END VARIABLES ************/ /* Implement circuit handle helpers. */ @@ -1145,6 +1154,8 @@ circuit_free_(circuit_t *circ) * hs identifier is freed. */ hs_circ_cleanup_on_free(circ); + congestion_control_free(circ->ccontrol); + if (CIRCUIT_IS_ORIGIN(circ)) { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); mem = ocirc; @@ -1163,8 +1174,6 @@ circuit_free_(circuit_t *circ) if (ocirc->build_state) { extend_info_free(ocirc->build_state->chosen_exit); - cpath_free(ocirc->build_state->pending_final_cpath); - cpath_ref_decref(ocirc->build_state->service_pending_final_cpath_ref); } tor_free(ocirc->build_state); @@ -1177,7 +1186,6 @@ circuit_free_(circuit_t *circ) circuit_clear_cpath(ocirc); crypto_pk_free(ocirc->intro_key); - rend_data_free(ocirc->rend_data); /* Finally, free the identifier of the circuit and nullify it so multiple * cleanup will work. */ @@ -1354,18 +1362,6 @@ circuit_free_all(void) HT_CLEAR(chan_circid_map, &chan_circid_map); } -/** Release a crypt_path_reference_t*, which may be NULL. */ -static void -cpath_ref_decref(crypt_path_reference_t *cpath_ref) -{ - if (cpath_ref != NULL) { - if (--(cpath_ref->refcount) == 0) { - cpath_free(cpath_ref->cpath); - tor_free(cpath_ref); - } - } -} - /** A helper function for circuit_dump_by_conn() below. Log a bunch * of information about circuit <b>circ</b>. */ @@ -1684,37 +1680,6 @@ circuit_unlink_all_from_channel(channel_t *chan, int reason) smartlist_free(detached); } -/** Return a circ such that - * - circ-\>rend_data-\>onion_address is equal to - * <b>rend_data</b>-\>onion_address, - * - circ-\>rend_data-\>rend_cookie is equal to - * <b>rend_data</b>-\>rend_cookie, and - * - circ-\>purpose is equal to CIRCUIT_PURPOSE_C_REND_READY. - * - * Return NULL if no such circuit exists. - */ -origin_circuit_t * -circuit_get_ready_rend_circ_by_rend_data(const rend_data_t *rend_data) -{ - SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) { - if (!circ->marked_for_close && - circ->purpose == CIRCUIT_PURPOSE_C_REND_READY) { - origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); - if (ocirc->rend_data == NULL) { - continue; - } - if (!rend_cmp_service_ids(rend_data_get_address(rend_data), - rend_data_get_address(ocirc->rend_data)) && - tor_memeq(ocirc->rend_data->rend_cookie, - rend_data->rend_cookie, - REND_COOKIE_LEN)) - return ocirc; - } - } - SMARTLIST_FOREACH_END(circ); - return NULL; -} - /** Return the first introduction circuit originating from the global circuit * list after <b>start</b> or at the start of the list if <b>start</b> is * NULL. Return NULL if no circuit is found. @@ -1811,14 +1776,10 @@ circuit_get_next_service_rp_circ(origin_circuit_t *start) } /** Return the first circuit originating here in global_circuitlist after - * <b>start</b> whose purpose is <b>purpose</b>, and where <b>digest</b> (if - * set) matches the private key digest of the rend data associated with the - * circuit. Return NULL if no circuit is found. If <b>start</b> is NULL, - * begin at the start of the list. - */ + * <b>start</b> whose purpose is <b>purpose</b>. Return NULL if no circuit is + * found. If <b>start</b> is NULL, begin at the start of the list. */ origin_circuit_t * -circuit_get_next_by_pk_and_purpose(origin_circuit_t *start, - const uint8_t *digest, uint8_t purpose) +circuit_get_next_by_purpose(origin_circuit_t *start, uint8_t purpose) { int idx; smartlist_t *lst = circuit_get_global_list(); @@ -1830,7 +1791,6 @@ circuit_get_next_by_pk_and_purpose(origin_circuit_t *start, for ( ; idx < smartlist_len(lst); ++idx) { circuit_t *circ = smartlist_get(lst, idx); - origin_circuit_t *ocirc; if (circ->marked_for_close) continue; @@ -1841,12 +1801,7 @@ circuit_get_next_by_pk_and_purpose(origin_circuit_t *start, if (BUG(!CIRCUIT_PURPOSE_IS_ORIGIN(circ->purpose))) { break; } - ocirc = TO_ORIGIN_CIRCUIT(circ); - if (!digest) - return ocirc; - if (rend_circuit_pk_digest_eq(ocirc, digest)) { - return ocirc; - } + return TO_ORIGIN_CIRCUIT(circ); } return NULL; } @@ -2279,6 +2234,26 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, int line, /* Notify the HS subsystem that this circuit is closing. */ hs_circ_cleanup_on_close(circ); + /* Update stats. */ + if (circ->ccontrol) { + if (circ->ccontrol->in_slow_start) { + /* If we are in slow start, only count the ss cwnd if we've sent + * enough data to get RTT measurements such that we have a min + * and a max RTT, and they are not the same. This prevents us from + * averaging and reporting unused and low-use circuits here */ + if (circ->ccontrol->max_rtt_usec != circ->ccontrol->min_rtt_usec) { + cc_stats_circ_close_ss_cwnd_ma = + stats_update_running_avg(cc_stats_circ_close_ss_cwnd_ma, + circ->ccontrol->cwnd); + } + } else { + cc_stats_circ_close_cwnd_ma = + stats_update_running_avg(cc_stats_circ_close_cwnd_ma, + circ->ccontrol->cwnd); + } + cc_stats_circs_closed++; + } + if (circuits_pending_close == NULL) circuits_pending_close = smartlist_new(); @@ -2401,6 +2376,12 @@ circuit_about_to_free(circuit_t *circ) circuitmux_detach_circuit(or_circ->p_chan->cmux, circ); circuit_set_p_circid_chan(or_circ, 0, NULL); } + + if (or_circ->n_cells_discarded_at_end) { + time_t age = approx_time() - circ->timestamp_created.tv_sec; + note_circ_closed_for_unrecognized_cells( + age, or_circ->n_cells_discarded_at_end); + } } else { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); edge_connection_t *conn; @@ -2644,8 +2625,10 @@ conns_compare_by_buffer_age_(const void **a_, const void **b_) /** We're out of memory for cells, having allocated <b>current_allocation</b> * bytes' worth. Kill the 'worst' circuits until we're under - * FRACTION_OF_DATA_TO_RETAIN_ON_OOM of our maximum usage. */ -void + * FRACTION_OF_DATA_TO_RETAIN_ON_OOM of our maximum usage. + * + * Return the number of bytes removed. */ +size_t circuits_handle_oom(size_t current_allocation) { smartlist_t *circlist; @@ -2655,6 +2638,7 @@ circuits_handle_oom(size_t current_allocation) size_t mem_recovered=0; int n_circuits_killed=0; int n_dirconns_killed=0; + int n_edgeconns_killed = 0; uint32_t now_ts; log_notice(LD_GENERAL, "We're low on memory (cell queues total alloc:" " %"TOR_PRIuSZ" buffer total alloc: %" TOR_PRIuSZ "," @@ -2670,13 +2654,12 @@ circuits_handle_oom(size_t current_allocation) tor_zlib_get_total_allocation(), tor_zstd_get_total_allocation(), tor_lzma_get_total_allocation(), - rend_cache_get_total_allocation()); - + hs_cache_get_total_allocation()); { size_t mem_target = (size_t)(get_options()->MaxMemInQueues * FRACTION_OF_DATA_TO_RETAIN_ON_OOM); if (current_allocation <= mem_target) - return; + return 0; mem_to_recover = current_allocation - mem_target; } @@ -2722,12 +2705,19 @@ circuits_handle_oom(size_t current_allocation) if (conn_age < circ->age_tmp) { break; } - if (conn->type == CONN_TYPE_DIR && conn->linked_conn == NULL) { + /* Also consider edge connections so we don't accumulate bytes on the + * outbuf due to a malicious destination holding off the read on us. */ + if ((conn->type == CONN_TYPE_DIR && conn->linked_conn == NULL) || + CONN_IS_EDGE(conn)) { if (!conn->marked_for_close) connection_mark_for_close(conn); mem_recovered += single_conn_free_bytes(conn); - ++n_dirconns_killed; + if (conn->type == CONN_TYPE_DIR) { + ++n_dirconns_killed; + } else { + ++n_edgeconns_killed; + } if (mem_recovered >= mem_to_recover) goto done_recovering_mem; @@ -2755,14 +2745,16 @@ circuits_handle_oom(size_t current_allocation) } SMARTLIST_FOREACH_END(circ); done_recovering_mem: - log_notice(LD_GENERAL, "Removed %"TOR_PRIuSZ" bytes by killing %d circuits; " "%d circuits remain alive. Also killed %d non-linked directory " - "connections.", + "connections. Killed %d edge connections", mem_recovered, n_circuits_killed, smartlist_len(circlist) - n_circuits_killed, - n_dirconns_killed); + n_dirconns_killed, + n_edgeconns_killed); + + return mem_recovered; } /** Verify that circuit <b>c</b> has all of its invariants diff --git a/src/core/or/circuitlist.h b/src/core/or/circuitlist.h index bd4a117e26..541a708de2 100644 --- a/src/core/or/circuitlist.h +++ b/src/core/or/circuitlist.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -60,9 +60,7 @@ * to becoming open, or they are open and have sent the * establish_rendezvous cell but haven't received an ack. * circuits that are c_rend_ready are open and have received a - * rend ack, but haven't heard from the service yet. if they have a - * buildstate->pending_final_cpath then they're expecting a - * cell from the service, else they're not. + * rend ack, but haven't heard from the service yet. * circuits that are c_rend_ready_intro_acked are open, and * some intro circ has sent its intro and received an ack. * circuits that are c_rend_joined are open, have heard from @@ -163,6 +161,11 @@ ((p) == CIRCUIT_PURPOSE_C_GENERAL || \ (p) == CIRCUIT_PURPOSE_C_HSDIR_GET) +/** Stats. */ +extern double cc_stats_circ_close_cwnd_ma; +extern double cc_stats_circ_close_ss_cwnd_ma; +extern uint64_t cc_stats_circs_closed; + /** Convert a circuit_t* to a pointer to the enclosing or_circuit_t. Assert * if the cast is impossible. */ or_circuit_t *TO_OR_CIRCUIT(circuit_t *); @@ -207,10 +210,8 @@ int circuit_id_in_use_on_channel(circid_t circ_id, channel_t *chan); circuit_t *circuit_get_by_edge_conn(edge_connection_t *conn); void circuit_unlink_all_from_channel(channel_t *chan, int reason); origin_circuit_t *circuit_get_by_global_id(uint32_t id); -origin_circuit_t *circuit_get_ready_rend_circ_by_rend_data( - const rend_data_t *rend_data); -origin_circuit_t *circuit_get_next_by_pk_and_purpose(origin_circuit_t *start, - const uint8_t *digest, uint8_t purpose); +origin_circuit_t *circuit_get_next_by_purpose(origin_circuit_t *start, + uint8_t purpose); origin_circuit_t *circuit_get_next_intro_circ(const origin_circuit_t *start, bool want_client_circ); origin_circuit_t *circuit_get_next_service_rp_circ(origin_circuit_t *start); @@ -236,7 +237,7 @@ int circuit_count_pending_on_channel(channel_t *chan); MOCK_DECL(void, assert_circuit_ok,(const circuit_t *c)); void circuit_free_all(void); -void circuits_handle_oom(size_t current_allocation); +size_t circuits_handle_oom(size_t current_allocation); void circuit_clear_testing_cell_stats(circuit_t *circ); diff --git a/src/core/or/circuitmux.c b/src/core/or/circuitmux.c index be54ae6ec6..6f8761ca39 100644 --- a/src/core/or/circuitmux.c +++ b/src/core/or/circuitmux.c @@ -1,4 +1,4 @@ -/* * Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* * Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/circuitmux.h b/src/core/or/circuitmux.h index 5e41ccc6ca..502b248f28 100644 --- a/src/core/or/circuitmux.h +++ b/src/core/or/circuitmux.h @@ -1,4 +1,4 @@ -/* * Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* * Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/circuitmux_ewma.c b/src/core/or/circuitmux_ewma.c index 0dcd22e8a7..adf256ab05 100644 --- a/src/core/or/circuitmux_ewma.c +++ b/src/core/or/circuitmux_ewma.c @@ -1,4 +1,4 @@ -/* * Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* * Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -45,7 +45,10 @@ /*** EWMA parameter #defines ***/ /** How long does a tick last (seconds)? */ -#define EWMA_TICK_LEN 10 +#define EWMA_TICK_LEN_DEFAULT 10 +#define EWMA_TICK_LEN_MIN 1 +#define EWMA_TICK_LEN_MAX 600 +static int ewma_tick_len = EWMA_TICK_LEN_DEFAULT; /** The default per-tick scale factor, if it hasn't been overridden by a * consensus or a configuration setting. zero means "disabled". */ @@ -148,7 +151,7 @@ cell_ewma_get_tick(void) monotime_coarse_get(&now); int32_t msec_diff = monotime_coarse_diff_msec32(&start_of_current_tick, &now); - return current_tick_num + msec_diff / (1000*EWMA_TICK_LEN); + return current_tick_num + msec_diff / (1000*ewma_tick_len); } /** @@ -527,15 +530,15 @@ cell_ewma_get_current_tick_and_fraction(double *remainder_out) monotime_coarse_get(&now); int32_t msec_diff = monotime_coarse_diff_msec32(&start_of_current_tick, &now); - if (msec_diff > (1000*EWMA_TICK_LEN)) { - unsigned ticks_difference = msec_diff / (1000*EWMA_TICK_LEN); + if (msec_diff > (1000*ewma_tick_len)) { + unsigned ticks_difference = msec_diff / (1000*ewma_tick_len); monotime_coarse_add_msec(&start_of_current_tick, &start_of_current_tick, - ticks_difference * 1000 * EWMA_TICK_LEN); + ticks_difference * 1000 * ewma_tick_len); current_tick_num += ticks_difference; - msec_diff %= 1000*EWMA_TICK_LEN; + msec_diff %= 1000*ewma_tick_len; } - *remainder_out = ((double)msec_diff) / (1.0e3 * EWMA_TICK_LEN); + *remainder_out = ((double)msec_diff) / (1.0e3 * ewma_tick_len); return current_tick_num; } @@ -605,15 +608,20 @@ cmux_ewma_set_options(const or_options_t *options, /* Both options and consensus can be NULL. This assures us to either get a * valid configured value or the default one. */ halflife = get_circuit_priority_halflife(options, consensus, &source); + ewma_tick_len = networkstatus_get_param(consensus, + "CircuitPriorityTickSecs", + EWMA_TICK_LEN_DEFAULT, + EWMA_TICK_LEN_MIN, + EWMA_TICK_LEN_MAX); /* convert halflife into halflife-per-tick. */ - halflife /= EWMA_TICK_LEN; + halflife /= ewma_tick_len; /* compute per-tick scale factor. */ ewma_scale_factor = exp(LOG_ONEHALF / halflife); log_info(LD_OR, "Enabled cell_ewma algorithm because of value in %s; " "scale factor is %f per %d seconds", - source, ewma_scale_factor, EWMA_TICK_LEN); + source, ewma_scale_factor, ewma_tick_len); } /** Return the multiplier necessary to convert the value of a cell sent in diff --git a/src/core/or/circuitmux_ewma.h b/src/core/or/circuitmux_ewma.h index e41cf9e0f0..93805532ef 100644 --- a/src/core/or/circuitmux_ewma.h +++ b/src/core/or/circuitmux_ewma.h @@ -1,4 +1,4 @@ -/* * Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* * Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c index 6dfe94de01..99dc5f9d83 100644 --- a/src/core/or/circuitpadding.c +++ b/src/core/or/circuitpadding.c @@ -2967,6 +2967,8 @@ signed_error_t circpad_handle_padding_negotiate(circuit_t *circ, cell_t *cell) { int retval = 0; + /* Should we send back a STOP cell? */ + bool respond_with_stop = true; circpad_negotiate_t *negotiate; if (CIRCUIT_IS_ORIGIN(circ)) { @@ -2992,6 +2994,12 @@ circpad_handle_padding_negotiate(circuit_t *circ, cell_t *cell) negotiate->machine_type, negotiate->machine_ctr); goto done; } + + /* If we reached this point we received a STOP command from an old or + unknown machine. Don't reply with our own STOP since there is no one to + handle it on the other end */ + respond_with_stop = false; + if (negotiate->machine_ctr <= circ->padding_machine_ctr) { log_info(LD_CIRC, "Received STOP command for old machine %u, ctr %u", negotiate->machine_type, negotiate->machine_ctr); @@ -3023,10 +3031,13 @@ circpad_handle_padding_negotiate(circuit_t *circ, cell_t *cell) retval = -1; done: - circpad_padding_negotiated(circ, negotiate->machine_type, - negotiate->command, - (retval == 0) ? CIRCPAD_RESPONSE_OK : CIRCPAD_RESPONSE_ERR, - negotiate->machine_ctr); + if (respond_with_stop) { + circpad_padding_negotiated(circ, negotiate->machine_type, + negotiate->command, + (retval == 0) ? CIRCPAD_RESPONSE_OK : CIRCPAD_RESPONSE_ERR, + negotiate->machine_ctr); + } + circpad_negotiate_free(negotiate); return retval; diff --git a/src/core/or/circuitpadding.h b/src/core/or/circuitpadding.h index 3d2929cf74..306d178684 100644 --- a/src/core/or/circuitpadding.h +++ b/src/core/or/circuitpadding.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017-2020, The Tor Project, Inc. */ + * Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/circuitstats.c b/src/core/or/circuitstats.c index 51bd9e1208..f55771c79e 100644 --- a/src/core/or/circuitstats.c +++ b/src/core/or/circuitstats.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -34,8 +34,6 @@ #include "lib/crypt_ops/crypto_rand.h" #include "core/mainloop/mainloop.h" #include "feature/nodelist/networkstatus.h" -#include "feature/rend/rendclient.h" -#include "feature/rend/rendservice.h" #include "feature/relay/router.h" #include "app/config/statefile.h" #include "core/or/circuitlist.h" @@ -44,6 +42,7 @@ #include "lib/time/tvdiff.h" #include "lib/encoding/confline.h" #include "feature/dirauth/authmode.h" +#include "feature/hs/hs_service.h" #include "feature/relay/relay_periodic.h" #include "core/or/crypt_path_st.h" @@ -146,8 +145,8 @@ circuit_build_times_disabled_(const or_options_t *options, * * If we fix both of these issues someday, we should test * these modes with LearnCircuitBuildTimeout on again. */ - int single_onion_disabled = rend_service_allow_non_anonymous_connection( - options); + int single_onion_disabled = hs_service_allow_non_anonymous_connection( + options); if (consensus_disabled || config_disabled || dirauth_disabled || state_disabled || single_onion_disabled) { @@ -203,10 +202,10 @@ circuit_build_times_max_timeouts(void) * Retrieve and bounds-check the cbtnummodes consensus parameter. * * Effect: This value governs how many modes to use in the weighted - * average calculation of Pareto parameter Xm. A value of 3 introduces - * some bias (2-5% of CDF) under ideal conditions, but allows for better - * performance in the event that a client chooses guard nodes of radically - * different performance characteristics. + * average calculation of Pareto parameter Xm. Analysis of pairs of + * geographically near, far, and mixed guaeds has shown that a value of + * 10 introduces some allows for the actual timeout rate to be within + * 2-7% of the cutoff quantile, for quantiles between 60-80%. */ static int32_t circuit_build_times_default_num_xm_modes(void) @@ -851,58 +850,49 @@ circuit_build_times_create_histogram(const circuit_build_times_t *cbt, * Return the Pareto start-of-curve parameter Xm. * * Because we are not a true Pareto curve, we compute this as the - * weighted average of the N most frequent build time bins. N is either - * 1 if we don't have enough circuit build time data collected, or - * determined by the consensus parameter cbtnummodes (default 3). + * weighted average of the 10 most frequent build time bins. This + * heuristic allowed for the actual timeout rate to be closest + * to the chosen quantile cutoff, for quantiles 60-80%, out of + * many variant approaches (see #40157 for analysis). */ -static build_time_t +STATIC build_time_t circuit_build_times_get_xm(circuit_build_times_t *cbt) { - build_time_t i, nbins; + build_time_t nbins = 0; build_time_t *nth_max_bin; - int32_t bin_counts=0; - build_time_t ret = 0; - uint32_t *histogram = circuit_build_times_create_histogram(cbt, &nbins); - int n=0; + build_time_t xm_total = 0; + build_time_t Xm = 0; + int32_t xm_counts=0; int num_modes = circuit_build_times_default_num_xm_modes(); + uint32_t *histogram = circuit_build_times_create_histogram(cbt, &nbins); tor_assert(nbins > 0); tor_assert(num_modes > 0); - // Only use one mode if < 1000 buildtimes. Not enough data - // for multiple. - if (cbt->total_build_times < CBT_NCIRCUITS_TO_OBSERVE) - num_modes = 1; - nth_max_bin = tor_calloc(num_modes, sizeof(build_time_t)); - /* Determine the N most common build times */ - for (i = 0; i < nbins; i++) { - if (histogram[i] >= histogram[nth_max_bin[0]]) { - nth_max_bin[0] = i; - } - - for (n = 1; n < num_modes; n++) { - if (histogram[i] >= histogram[nth_max_bin[n]] && - (!histogram[nth_max_bin[n-1]] - || histogram[i] < histogram[nth_max_bin[n-1]])) { + /* Determine the N most common build times, by selecting the + * nth largest mode, counting it, and removing it from the histogram. */ + for (int n = 0; n < num_modes; n++) { + /* Get nth mode */ + for (build_time_t i = 0; i < nbins; i++) { + if (histogram[i] > histogram[nth_max_bin[n]]) { nth_max_bin[n] = i; } } - } - for (n = 0; n < num_modes; n++) { - bin_counts += histogram[nth_max_bin[n]]; - ret += CBT_BIN_TO_MS(nth_max_bin[n])*histogram[nth_max_bin[n]]; - log_info(LD_CIRC, "Xm mode #%d: %u %u", n, CBT_BIN_TO_MS(nth_max_bin[n]), - histogram[nth_max_bin[n]]); + /* Update average */ + xm_counts += histogram[nth_max_bin[n]]; + xm_total += CBT_BIN_TO_MS(nth_max_bin[n])*histogram[nth_max_bin[n]]; + + /* Prevent from re-counting this value */ + histogram[nth_max_bin[n]] = 0; } - /* bin_counts can become zero if all of our last CBT_NCIRCUITS_TO_OBSERVE + /* xm_counts can become zero if all of our last CBT_NCIRCUITS_TO_OBSERVE * circuits were abandoned before they completed. This shouldn't happen, * though. We should have reset/re-learned a lower timeout first. */ - if (bin_counts == 0) { - ret = 0; + if (xm_counts == 0) { log_warn(LD_CIRC, "No valid circuit build time data out of %d times, %u modes, " "have_timeout=%d, %lfms", cbt->total_build_times, num_modes, @@ -910,15 +900,13 @@ circuit_build_times_get_xm(circuit_build_times_t *cbt) goto done; } - tor_assert(bin_counts > 0); - - ret /= bin_counts; + Xm = xm_total / xm_counts; done: tor_free(histogram); tor_free(nth_max_bin); - return ret; + return Xm; } /** @@ -1008,43 +996,6 @@ circuit_build_times_shuffle_and_store_array(circuit_build_times_t *cbt, } /** - * Filter old synthetic timeouts that were created before the - * new right-censored Pareto calculation was deployed. - * - * Once all clients before 0.2.1.13-alpha are gone, this code - * will be unused. - */ -static int -circuit_build_times_filter_timeouts(circuit_build_times_t *cbt) -{ - int num_filtered=0, i=0; - double timeout_rate = 0; - build_time_t max_timeout = 0; - - timeout_rate = circuit_build_times_timeout_rate(cbt); - max_timeout = (build_time_t)cbt->close_ms; - - for (i = 0; i < CBT_NCIRCUITS_TO_OBSERVE; i++) { - if (cbt->circuit_build_times[i] > max_timeout) { - build_time_t replaced = cbt->circuit_build_times[i]; - num_filtered++; - cbt->circuit_build_times[i] = CBT_BUILD_ABANDONED; - - log_debug(LD_CIRC, "Replaced timeout %d with %d", replaced, - cbt->circuit_build_times[i]); - } - } - - log_info(LD_CIRC, - "We had %d timeouts out of %d build times, " - "and filtered %d above the max of %u", - (int)(cbt->total_build_times*timeout_rate), - cbt->total_build_times, num_filtered, max_timeout); - - return num_filtered; -} - -/** * Load histogram from <b>state</b>, shuffling the resulting array * after we do so. Use this result to estimate parameters and * calculate the timeout. @@ -1169,10 +1120,6 @@ circuit_build_times_parse_state(circuit_build_times_t *cbt, circuit_build_times_set_timeout(cbt); - if (!state->CircuitBuildAbandonedCount && cbt->total_build_times) { - circuit_build_times_filter_timeouts(cbt); - } - done: tor_free(loaded_times); return err ? -1 : 0; @@ -1193,7 +1140,6 @@ circuit_build_times_update_alpha(circuit_build_times_t *cbt) build_time_t *x=cbt->circuit_build_times; double a = 0; int n=0,i=0,abandoned_count=0; - build_time_t max_time=0; /* https://en.wikipedia.org/wiki/Pareto_distribution#Parameter_estimation */ /* We sort of cheat here and make our samples slightly more pareto-like @@ -1213,14 +1159,13 @@ circuit_build_times_update_alpha(circuit_build_times_t *cbt) if (x[i] < cbt->Xm) { a += tor_mathlog(cbt->Xm); + n++; } else if (x[i] == CBT_BUILD_ABANDONED) { abandoned_count++; } else { a += tor_mathlog(x[i]); - if (x[i] > max_time) - max_time = x[i]; + n++; } - n++; } /* @@ -1229,30 +1174,23 @@ circuit_build_times_update_alpha(circuit_build_times_t *cbt) * performs this same check, and resets state if it hits it. If we * hit it at runtime, something serious has gone wrong. */ - if (n!=cbt->total_build_times) { + if (n!=cbt->total_build_times-abandoned_count) { log_err(LD_CIRC, "Discrepancy in build times count: %d vs %d", n, cbt->total_build_times); } - tor_assert(n==cbt->total_build_times); - - if (max_time <= 0) { - /* This can happen if Xm is actually the *maximum* value in the set. - * It can also happen if we've abandoned every single circuit somehow. - * In either case, tell the caller not to compute a new build timeout. */ - log_warn(LD_BUG, - "Could not determine largest build time (%d). " - "Xm is %dms and we've abandoned %d out of %d circuits.", max_time, - cbt->Xm, abandoned_count, n); - return 0; - } - - a += abandoned_count*tor_mathlog(max_time); + tor_assert_nonfatal(n==cbt->total_build_times-abandoned_count); + /* This is the "Maximum Likelihood Estimator" for parameter alpha of a Pareto + * Distribution. See: + * https://en.wikipedia.org/wiki/Pareto_distribution#Estimation_of_parameters + * + * The division in the estimator is done with subtraction outside the ln(), + * with the sum occurring in the for loop above. + * + * This done is to avoid the precision issues of logs of small values. + */ a -= n*tor_mathlog(cbt->Xm); - // Estimator comes from Eq #4 in: - // "Bayesian estimation based on trimmed samples from Pareto populations" - // by Arturo J. Fernández. We are right-censored only. - a = (n-abandoned_count)/a; + a = n/a; cbt->alpha = a; @@ -1661,9 +1599,8 @@ circuit_build_times_network_check_changed(circuit_build_times_t *cbt) log_notice(LD_CIRC, "Your network connection speed appears to have changed. Resetting " - "timeout to %lds after %d timeouts and %d buildtimes.", - tor_lround(cbt->timeout_ms/1000), timeout_count, - total_build_times); + "timeout to %ldms after %d timeouts and %d buildtimes.", + tor_lround(cbt->timeout_ms), timeout_count, total_build_times); return 1; } @@ -1829,7 +1766,7 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt) return; if (cbt->timeout_ms < circuit_build_times_min_timeout()) { - log_info(LD_CIRC, "Set buildtimeout to low value %fms. Setting to %dms", + log_notice(LD_CIRC, "Set buildtimeout to low value %fms. Setting to %dms", cbt->timeout_ms, circuit_build_times_min_timeout()); cbt->timeout_ms = circuit_build_times_min_timeout(); if (cbt->close_ms < cbt->timeout_ms) { @@ -1847,9 +1784,9 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt) log_info(LD_CIRC, "Based on %d circuit times, it looks like we don't need to " "wait so long for circuits to finish. We will now assume a " - "circuit is too slow to use after waiting %ld seconds.", + "circuit is too slow to use after waiting %ld milliseconds.", cbt->total_build_times, - tor_lround(cbt->timeout_ms/1000)); + tor_lround(cbt->timeout_ms)); log_info(LD_CIRC, "Circuit timeout data: %fms, %fms, Xm: %d, a: %f, r: %f", cbt->timeout_ms, cbt->close_ms, cbt->Xm, cbt->alpha, @@ -1858,18 +1795,18 @@ circuit_build_times_set_timeout(circuit_build_times_t *cbt) log_info(LD_CIRC, "Based on %d circuit times, it looks like we need to wait " "longer for circuits to finish. We will now assume a " - "circuit is too slow to use after waiting %ld seconds.", + "circuit is too slow to use after waiting %ld milliseconds.", cbt->total_build_times, - tor_lround(cbt->timeout_ms/1000)); + tor_lround(cbt->timeout_ms)); log_info(LD_CIRC, "Circuit timeout data: %fms, %fms, Xm: %d, a: %f, r: %f", cbt->timeout_ms, cbt->close_ms, cbt->Xm, cbt->alpha, timeout_rate); } else { log_info(LD_CIRC, - "Set circuit build timeout to %lds (%fms, %fms, Xm: %d, a: %f," + "Set circuit build timeout to %ldms (%fms, %fms, Xm: %d, a: %f," " r: %f) based on %d circuit times", - tor_lround(cbt->timeout_ms/1000), + tor_lround(cbt->timeout_ms), cbt->timeout_ms, cbt->close_ms, cbt->Xm, cbt->alpha, timeout_rate, cbt->total_build_times); } diff --git a/src/core/or/circuitstats.h b/src/core/or/circuitstats.h index 930e0a9ba3..c175f7e4a0 100644 --- a/src/core/or/circuitstats.h +++ b/src/core/or/circuitstats.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -56,10 +56,10 @@ void circuit_build_times_reset(circuit_build_times_t *cbt); #define CBT_NCIRCUITS_TO_OBSERVE 1000 /** Width of the histogram bins in milliseconds */ -#define CBT_BIN_WIDTH ((build_time_t)50) +#define CBT_BIN_WIDTH ((build_time_t)10) /** Number of modes to use in the weighted-avg computation of Xm */ -#define CBT_DEFAULT_NUM_XM_MODES 3 +#define CBT_DEFAULT_NUM_XM_MODES 10 #define CBT_MIN_NUM_XM_MODES 1 #define CBT_MAX_NUM_XM_MODES 20 @@ -79,7 +79,7 @@ void circuit_build_times_reset(circuit_build_times_t *cbt); * How long to wait before actually closing circuits that take too long to * build in terms of CDF quantile. */ -#define CBT_DEFAULT_CLOSE_QUANTILE 95 +#define CBT_DEFAULT_CLOSE_QUANTILE 99 #define CBT_MIN_CLOSE_QUANTILE CBT_MIN_QUANTILE_CUTOFF #define CBT_MAX_CLOSE_QUANTILE CBT_MAX_QUANTILE_CUTOFF @@ -120,8 +120,8 @@ double circuit_build_times_quantile_cutoff(void); #define CBT_MAX_TEST_FREQUENCY INT32_MAX /** Lowest allowable value for CircuitBuildTimeout in milliseconds */ -#define CBT_DEFAULT_TIMEOUT_MIN_VALUE (1500) -#define CBT_MIN_TIMEOUT_MIN_VALUE 500 +#define CBT_DEFAULT_TIMEOUT_MIN_VALUE (CBT_BIN_WIDTH) +#define CBT_MIN_TIMEOUT_MIN_VALUE CBT_BIN_WIDTH #define CBT_MAX_TIMEOUT_MIN_VALUE INT32_MAX /** Initial circuit build timeout in milliseconds */ @@ -142,6 +142,7 @@ STATIC int circuit_build_times_update_alpha(circuit_build_times_t *cbt); /* Network liveness functions */ STATIC int circuit_build_times_network_check_changed( circuit_build_times_t *cbt); +STATIC build_time_t circuit_build_times_get_xm(circuit_build_times_t *cbt); #endif /* defined(CIRCUITSTATS_PRIVATE) */ #ifdef TOR_UNIT_TESTS diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c index 059e43ec47..dbeea10821 100644 --- a/src/core/or/circuituse.c +++ b/src/core/or/circuituse.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -58,9 +58,6 @@ #include "feature/nodelist/routerlist.h" #include "feature/relay/routermode.h" #include "feature/relay/selftest.h" -#include "feature/rend/rendclient.h" -#include "feature/rend/rendcommon.h" -#include "feature/rend/rendservice.h" #include "feature/stats/predict_ports.h" #include "lib/math/fp.h" #include "lib/time/tvdiff.h" @@ -84,16 +81,6 @@ static int circuit_matches_with_rend_stream(const edge_connection_t *edge_conn, const origin_circuit_t *origin_circ) { - /* Check if this is a v2 rendezvous circ/stream */ - if ((edge_conn->rend_data && !origin_circ->rend_data) || - (!edge_conn->rend_data && origin_circ->rend_data) || - (edge_conn->rend_data && origin_circ->rend_data && - rend_cmp_service_ids(rend_data_get_address(edge_conn->rend_data), - rend_data_get_address(origin_circ->rend_data)))) { - /* this circ is not for this conn */ - return 0; - } - /* Check if this is a v3 rendezvous circ/stream */ if ((edge_conn->hs_ident && !origin_circ->hs_ident) || (!edge_conn->hs_ident && origin_circ->hs_ident) || @@ -146,11 +133,6 @@ circuit_is_acceptable(const origin_circuit_t *origin_circ, return 0; } - /* If this is a timed-out hidden service circuit, skip it. */ - if (origin_circ->hs_circ_has_timed_out) { - return 0; - } - if (purpose == CIRCUIT_PURPOSE_C_GENERAL || purpose == CIRCUIT_PURPOSE_C_HSDIR_GET || purpose == CIRCUIT_PURPOSE_S_HSDIR_POST || @@ -347,7 +329,6 @@ circuit_get_best(const entry_connection_t *conn, { origin_circuit_t *best=NULL; struct timeval now; - int intro_going_on_but_too_old = 0; tor_assert(conn); @@ -366,15 +347,6 @@ circuit_get_best(const entry_connection_t *conn, continue; origin_circ = TO_ORIGIN_CIRCUIT(circ); - /* Log an info message if we're going to launch a new intro circ in - * parallel */ - if (purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT && - !must_be_open && origin_circ->hs_circ_has_timed_out && - !circ->marked_for_close) { - intro_going_on_but_too_old = 1; - continue; - } - if (!circuit_is_acceptable(origin_circ,conn,must_be_open,purpose, need_uptime,need_internal, (time_t)now.tv_sec)) continue; @@ -387,11 +359,6 @@ circuit_get_best(const entry_connection_t *conn, } SMARTLIST_FOREACH_END(circ); - if (!best && intro_going_on_but_too_old) - log_info(LD_REND|LD_CIRC, "There is an intro circuit being created " - "right now, but it has already taken quite a while. Starting " - "one in parallel."); - return best; } @@ -463,8 +430,9 @@ circuit_expire_building(void) * circuit_build_times_get_initial_timeout() if we haven't computed * custom timeouts yet */ struct timeval general_cutoff, begindir_cutoff, fourhop_cutoff, - close_cutoff, extremely_old_cutoff, hs_extremely_old_cutoff, - cannibalized_cutoff, c_intro_cutoff, s_intro_cutoff, stream_cutoff; + close_cutoff, extremely_old_cutoff, + cannibalized_cutoff, c_intro_cutoff, s_intro_cutoff, stream_cutoff, + c_rend_ready_cutoff; const or_options_t *options = get_options(); struct timeval now; cpath_build_state_t *build_state; @@ -544,13 +512,19 @@ circuit_expire_building(void) /* Server intro circs have an extra round trip */ SET_CUTOFF(s_intro_cutoff, get_circuit_build_timeout_ms() * (9/6.0) + 1000); + /* For circuit purpose set to: CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED. + * + * The cutoff of such circuit is very high because we end up in this state if + * once the INTRODUCE_ACK is received which could be before the service + * receives the INTRODUCE2 cell. The worst case is a full 3-hop latency + * (intro -> service), 4-hop circuit creation latency (service -> RP), and + * finally a 7-hop latency for the RENDEZVOUS2 cell to arrive (service -> + * client). */ + SET_CUTOFF(c_rend_ready_cutoff, get_circuit_build_timeout_ms() * 3 + 1000); + SET_CUTOFF(close_cutoff, get_circuit_build_close_time_ms()); SET_CUTOFF(extremely_old_cutoff, get_circuit_build_close_time_ms()*2 + 1000); - SET_CUTOFF(hs_extremely_old_cutoff, - MAX(get_circuit_build_close_time_ms()*2 + 1000, - options->SocksTimeout * 1000)); - bool fixed_time = circuit_build_times_disabled(get_options()); SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *,victim) { @@ -581,8 +555,12 @@ circuit_expire_building(void) cutoff = c_intro_cutoff; else if (victim->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) cutoff = s_intro_cutoff; - else if (victim->purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND) - cutoff = stream_cutoff; + else if (victim->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) { + /* Service connecting to a rendezvous point is a four hop circuit. We set + * it explicitly here because this function is a clusterf***. */ + cutoff = fourhop_cutoff; + } else if (victim->purpose == CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED) + cutoff = c_rend_ready_cutoff; else if (victim->purpose == CIRCUIT_PURPOSE_PATH_BIAS_TESTING) cutoff = close_cutoff; else if (TO_ORIGIN_CIRCUIT(victim)->has_opened && @@ -593,9 +571,6 @@ circuit_expire_building(void) else cutoff = general_cutoff; - if (TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out) - cutoff = hs_extremely_old_cutoff; - if (timercmp(&victim->timestamp_began, &cutoff, OP_GT)) continue; /* it's still young, leave it alone */ @@ -689,8 +664,7 @@ circuit_expire_building(void) /* c_rend_ready circs measure age since timestamp_dirty, * because that's set when they switch purposes */ - if (TO_ORIGIN_CIRCUIT(victim)->rend_data || - TO_ORIGIN_CIRCUIT(victim)->hs_ident || + if (TO_ORIGIN_CIRCUIT(victim)->hs_ident || victim->timestamp_dirty > cutoff.tv_sec) continue; break; @@ -768,51 +742,29 @@ circuit_expire_building(void) } } - /* If this is a hidden service client circuit which is far enough along in - * connecting to its destination, and we haven't already flagged it as - * 'timed out', flag it so we'll launch another intro or rend circ, but - * don't mark it for close yet. - * - * (Circs flagged as 'timed out' are given a much longer timeout - * period above, so we won't close them in the next call to - * circuit_expire_building.) */ - if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) { - switch (victim->purpose) { - case CIRCUIT_PURPOSE_C_REND_READY: - /* We only want to spare a rend circ iff it has been specified in an - * INTRODUCE1 cell sent to a hidden service. */ - if (!hs_circ_is_rend_sent_in_intro1(CONST_TO_ORIGIN_CIRCUIT(victim))) { - break; - } - FALLTHROUGH; - case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT: - case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED: - /* If we have reached this line, we want to spare the circ for now. */ - log_info(LD_CIRC,"Marking circ %u (state %d:%s, purpose %d) " - "as timed-out HS circ", - (unsigned)victim->n_circ_id, - victim->state, circuit_state_to_string(victim->state), - victim->purpose); - TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out = 1; + /* Special checks for onion service circuits. */ + switch (victim->purpose) { + case CIRCUIT_PURPOSE_C_REND_READY: + /* We only want to spare a rend circ iff it has been specified in an + * INTRODUCE1 cell sent to a hidden service. */ + if (hs_circ_is_rend_sent_in_intro1(CONST_TO_ORIGIN_CIRCUIT(victim))) { continue; - default: - break; } - } - - /* If this is a service-side rendezvous circuit which is far - * enough along in connecting to its destination, consider sparing - * it. */ - if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out) && - victim->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) { - log_info(LD_CIRC,"Marking circ %u (state %d:%s, purpose %d) " - "as timed-out HS circ; relaunching rendezvous attempt.", + break; + case CIRCUIT_PURPOSE_S_CONNECT_REND: + /* The connection to the rendezvous point has timed out, close it and + * retry if possible. */ + log_info(LD_CIRC,"Rendezvous circ %u (state %d:%s, purpose %d) " + "as timed-out, closing it. Relaunching rendezvous attempt.", (unsigned)victim->n_circ_id, victim->state, circuit_state_to_string(victim->state), victim->purpose); - TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out = 1; - hs_circ_retry_service_rendezvous_point(TO_ORIGIN_CIRCUIT(victim)); - continue; + /* We'll close as a timeout the victim circuit. The rendezvous point + * won't keep both circuits, it only keeps the newest (for the same + * cookie). */ + break; + default: + break; } if (victim->n_chan) @@ -897,7 +849,7 @@ circuit_log_ancient_one_hop_circuits(int age) continue; /* Single Onion Services deliberately make long term one-hop intro * and rendezvous connections. Don't log the established ones. */ - if (rend_service_allow_non_anonymous_connection(options) && + if (hs_service_allow_non_anonymous_connection(options) && (circ->purpose == CIRCUIT_PURPOSE_S_INTRO || circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED)) continue; @@ -1142,7 +1094,7 @@ needs_exit_circuits(time_t now, int *needs_uptime, int *needs_capacity) STATIC int needs_hs_server_circuits(time_t now, int num_uptime_internal) { - if (!rend_num_services() && !hs_service_get_num_services()) { + if (!hs_service_get_num_services()) { /* No services, we don't need anything. */ goto no_need; } @@ -1218,25 +1170,6 @@ needs_circuits_for_build(int num) return 0; } -/** - * Launch the appropriate type of predicted circuit for hidden - * services, depending on our options. - */ -static void -circuit_launch_predicted_hs_circ(int flags) -{ - /* K.I.S.S. implementation of bug #23101: If we are using - * vanguards or pinned middles, pre-build a specific purpose - * for HS circs. */ - if (circuit_should_use_vanguards(CIRCUIT_PURPOSE_HS_VANGUARDS)) { - circuit_launch(CIRCUIT_PURPOSE_HS_VANGUARDS, flags); - } else { - /* If no vanguards, then no HS-specific prebuilt circuits are needed. - * Normal GENERAL circs are fine */ - circuit_launch(CIRCUIT_PURPOSE_C_GENERAL, flags); - } -} - /** Determine how many circuits we have open that are clean, * Make sure it's enough for all the upcoming behaviors we predict we'll have. * But put an upper bound on the total number of circuits. @@ -1290,7 +1223,7 @@ circuit_predict_and_launch_new(void) "Have %d clean circs (%d internal), need another internal " "circ for my hidden service.", num, num_internal); - circuit_launch_predicted_hs_circ(flags); + circuit_launch(CIRCUIT_PURPOSE_HS_VANGUARDS, flags); return; } @@ -1309,7 +1242,10 @@ circuit_predict_and_launch_new(void) " another hidden service circ.", num, num_uptime_internal, num_internal); - circuit_launch_predicted_hs_circ(flags); + /* Always launch vanguards purpose circuits for HS clients, + * for vanguards-lite. This prevents us from cannibalizing + * to build these circuits (and thus not use vanguards). */ + circuit_launch(CIRCUIT_PURPOSE_HS_VANGUARDS, flags); return; } @@ -1661,8 +1597,9 @@ circuit_testing_opened(origin_circuit_t *circ) } else if (circuit_enough_testing_circs()) { router_perform_bandwidth_test(NUM_PARALLEL_TESTING_CIRCS, time(NULL)); have_performed_bandwidth_test = 1; - } else - router_do_reachability_checks(1, 0); + } else { + router_do_reachability_checks(); + } } /** A testing circuit has failed to build. Take whatever stats we want. */ @@ -2014,14 +1951,6 @@ circuit_purpose_is_hs_vanguards(const uint8_t purpose) return (purpose == CIRCUIT_PURPOSE_HS_VANGUARDS); } -/** Return true iff the given circuit is an HS v2 circuit. */ -bool -circuit_is_hs_v2(const circuit_t *circ) -{ - return (CIRCUIT_IS_ORIGIN(circ) && - (CONST_TO_ORIGIN_CIRCUIT(circ)->rend_data != NULL)); -} - /** Return true iff the given circuit is an HS v3 circuit. */ bool circuit_is_hs_v3(const circuit_t *circ) @@ -2043,16 +1972,12 @@ circuit_is_hs_v3(const circuit_t *circ) int circuit_should_use_vanguards(uint8_t purpose) { - const or_options_t *options = get_options(); - - /* Only hidden service circuits use vanguards */ - if (!circuit_purpose_is_hidden_service(purpose)) - return 0; - - /* Pinned middles are effectively vanguards */ - if (options->HSLayer2Nodes || options->HSLayer3Nodes) + /* All hidden service circuits use either vanguards or + * vanguards-lite. */ + if (circuit_purpose_is_hidden_service(purpose)) return 1; + /* Everything else is a normal circuit */ return 0; } @@ -2090,13 +2015,11 @@ circuit_should_cannibalize_to_build(uint8_t purpose_to_build, return 0; } - /* For vanguards, the server-side intro circ is not cannibalized - * because we pre-build 4 hop HS circuits, and it only needs a 3 hop - * circuit. It is also long-lived, so it is more important that - * it have lower latency than get built fast. + /* The server-side intro circ is not cannibalized because it only + * needs a 3 hop circuit. It is also long-lived, so it is more + * important that it have lower latency than get built fast. */ - if (circuit_should_use_vanguards(purpose_to_build) && - purpose_to_build == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) { + if (purpose_to_build == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) { return 0; } @@ -2448,19 +2371,12 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn, extend_info = hs_client_get_random_intro_from_edge(edge_conn); if (!extend_info) { log_info(LD_REND, "No intro points: re-fetching service descriptor."); - if (edge_conn->rend_data) { - rend_client_refetch_v2_renddesc(edge_conn->rend_data); - } else { - hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk); - } + hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk); connection_ap_mark_as_waiting_for_renddesc(conn); return 0; } - log_info(LD_REND,"Chose %s as intro point for '%s'.", - extend_info_describe(extend_info), - (edge_conn->rend_data) ? - safe_str_client(rend_data_get_address(edge_conn->rend_data)) : - "service"); + log_info(LD_REND,"Chose %s as intro point for service", + extend_info_describe(extend_info)); } /* If we have specified a particular exit node for our @@ -2477,7 +2393,8 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn, /* We might want to connect to an IPv6 bridge for loading descriptors so we use the preferred address rather than the primary. */ - extend_info = extend_info_from_node(r, conn->want_onehop ? 1 : 0); + extend_info = extend_info_from_node(r, conn->want_onehop ? 1 : 0, + desired_circuit_purpose == CIRCUIT_PURPOSE_C_GENERAL); if (!extend_info) { log_warn(LD_CIRC,"Could not make a one-hop connection to %s. " "Discarding this circuit.", conn->chosen_exit_name); @@ -2512,7 +2429,9 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn, digest, NULL, /* Ed25519 ID */ NULL, NULL, /* onion keys */ - &addr, conn->socks_request->port); + &addr, conn->socks_request->port, + NULL, + false); } else { /* ! (want_onehop && conn->chosen_exit_name[0] == '$') */ /* We will need an onion key for the router, and we * don't have one. Refuse or relax requirements. */ @@ -2584,10 +2503,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn, rep_hist_note_used_internal(time(NULL), need_uptime, 1); if (circ) { const edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn); - if (edge_conn->rend_data) { - /* write the service_id into circ */ - circ->rend_data = rend_data_dup(edge_conn->rend_data); - } else if (edge_conn->hs_ident) { + if (edge_conn->hs_ident) { circ->hs_ident = hs_ident_circuit_new(&edge_conn->hs_ident->identity_pk); } @@ -2733,6 +2649,13 @@ consider_recording_trackhost(const entry_connection_t *conn, const or_options_t *options = get_options(); char *new_address = NULL; char fp[HEX_DIGEST_LEN+1]; + uint64_t stream_id = 0; + + if (BUG(!conn)) { + return; + } + + stream_id = ENTRY_TO_CONN(conn)->global_identifier; /* Search the addressmap for this conn's destination. */ /* If they're not in the address map.. */ @@ -2756,7 +2679,7 @@ consider_recording_trackhost(const entry_connection_t *conn, addressmap_register(conn->socks_request->address, new_address, time(NULL) + options->TrackHostExitsExpire, - ADDRMAPSRC_TRACKEXIT, 0, 0); + ADDRMAPSRC_TRACKEXIT, 0, 0, stream_id); } /** Attempt to attach the connection <b>conn</b> to <b>circ</b>, and send a @@ -2796,8 +2719,9 @@ connection_ap_handshake_attach_chosen_circuit(entry_connection_t *conn, tor_assert(conn->socks_request); if (conn->socks_request->command == SOCKS_COMMAND_CONNECT) { - if (!conn->use_begindir) + if (!conn->use_begindir) { consider_recording_trackhost(conn, circ); + } if (connection_ap_handshake_send_begin(conn) < 0) return -1; } else { @@ -2826,13 +2750,9 @@ connection_ap_get_nonrend_circ_purpose(const entry_connection_t *conn) if (base_conn->linked_conn && base_conn->linked_conn->type == CONN_TYPE_DIR) { /* Set a custom purpose for hsdir activity */ - if (base_conn->linked_conn->purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2 || - base_conn->linked_conn->purpose == DIR_PURPOSE_UPLOAD_HSDESC) { + if (base_conn->linked_conn->purpose == DIR_PURPOSE_UPLOAD_HSDESC) { return CIRCUIT_PURPOSE_S_HSDIR_POST; - } else if (base_conn->linked_conn->purpose - == DIR_PURPOSE_FETCH_RENDDESC_V2 || - base_conn->linked_conn->purpose - == DIR_PURPOSE_FETCH_HSDESC) { + } else if (base_conn->linked_conn->purpose == DIR_PURPOSE_FETCH_HSDESC) { return CIRCUIT_PURPOSE_C_HSDIR_GET; } } diff --git a/src/core/or/circuituse.h b/src/core/or/circuituse.h index 028fe4aa48..c737ff1c9d 100644 --- a/src/core/or/circuituse.h +++ b/src/core/or/circuituse.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -76,7 +76,6 @@ bool circuit_purpose_is_hs_client(const uint8_t purpose); bool circuit_purpose_is_hs_service(const uint8_t purpose); bool circuit_purpose_is_hs_vanguards(const uint8_t purpose); -bool circuit_is_hs_v2(const circuit_t *circ); bool circuit_is_hs_v3(const circuit_t *circ); int circuit_should_use_vanguards(uint8_t); diff --git a/src/core/or/command.c b/src/core/or/command.c index a8b93dc9a0..cad7a173b6 100644 --- a/src/core/or/command.c +++ b/src/core/or/command.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -331,6 +331,13 @@ command_process_create_cell(cell_t *cell, channel_t *chan) return; } + /* Mark whether this circuit used TAP in case we need to use this + * information for onion service statistics later on. */ + if (create_cell->handshake_type == ONION_HANDSHAKE_TYPE_FAST || + create_cell->handshake_type == ONION_HANDSHAKE_TYPE_TAP) { + circ->used_legacy_circuit_handshake = true; + } + if (!channel_is_client(chan)) { /* remember create types we've seen, but don't remember them from * clients, to be extra conservative about client statistics. */ @@ -353,15 +360,19 @@ command_process_create_cell(cell_t *cell, channel_t *chan) uint8_t rend_circ_nonce[DIGEST_LEN]; int len; created_cell_t created_cell; + circuit_params_t params; memset(&created_cell, 0, sizeof(created_cell)); len = onion_skin_server_handshake(ONION_HANDSHAKE_TYPE_FAST, create_cell->onionskin, create_cell->handshake_len, NULL, + NULL, created_cell.reply, + sizeof(created_cell.reply), keys, CPATH_KEY_MATERIAL_LEN, - rend_circ_nonce); + rend_circ_nonce, + ¶ms); tor_free(create_cell); if (len < 0) { log_warn(LD_OR,"Failed to generate key material. Closing."); @@ -556,7 +567,7 @@ command_process_relay_cell(cell_t *cell, channel_t *chan) } if ((reason = circuit_receive_relay_cell(cell, circ, direction)) < 0) { - log_fn(LOG_PROTOCOL_WARN,LD_PROTOCOL,"circuit_receive_relay_cell " + log_fn(LOG_DEBUG,LD_PROTOCOL,"circuit_receive_relay_cell " "(%s) failed. Closing.", direction==CELL_DIRECTION_OUT?"forward":"backward"); /* Always emit a bandwidth event for closed circs */ @@ -587,11 +598,27 @@ command_process_relay_cell(cell_t *cell, channel_t *chan) } /* If this is a cell in an RP circuit, count it as part of the - hidden service stats */ + onion service stats */ if (options->HiddenServiceStatistics && !CIRCUIT_IS_ORIGIN(circ) && - TO_OR_CIRCUIT(circ)->circuit_carries_hs_traffic_stats) { - rep_hist_seen_new_rp_cell(); + CONST_TO_OR_CIRCUIT(circ)->circuit_carries_hs_traffic_stats) { + /** We need to figure out of this is a v2 or v3 RP circuit to count it + * appropriately. v2 services always use the TAP legacy handshake to + * connect to the RP; we use this feature to distinguish between v2/v3. */ + bool is_v2 = false; + if (CONST_TO_OR_CIRCUIT(circ)->used_legacy_circuit_handshake) { + is_v2 = true; + } else if (CONST_TO_OR_CIRCUIT(circ)->rend_splice) { + /* If this is a client->RP circuit we need to check the spliced circuit + * (which is the service->RP circuit) to see if it was using TAP and + * hence if it's a v2 circuit. That's because client->RP circuits can + * still use ntor even on v2; but service->RP will always use TAP. */ + const or_circuit_t *splice = CONST_TO_OR_CIRCUIT(circ)->rend_splice; + if (splice->used_legacy_circuit_handshake) { + is_v2 = true; + } + } + rep_hist_seen_new_rp_cell(is_v2); } } diff --git a/src/core/or/command.h b/src/core/or/command.h index 14ebb4a339..dfe363d53c 100644 --- a/src/core/or/command.h +++ b/src/core/or/command.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/congestion_control_common.c b/src/core/or/congestion_control_common.c new file mode 100644 index 0000000000..f5b7740bed --- /dev/null +++ b/src/core/or/congestion_control_common.c @@ -0,0 +1,1570 @@ +/* Copyright (c) 2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_common.c + * \brief Common code used by all congestion control algorithms. + */ + +#define TOR_CONGESTION_CONTROL_COMMON_PRIVATE + +#include "core/or/or.h" + +#include "core/crypto/onion_crypto.h" +#include "core/or/circuitlist.h" +#include "core/or/crypt_path.h" +#include "core/or/or_circuit_st.h" +#include "core/or/origin_circuit_st.h" +#include "core/or/channel.h" +#include "core/mainloop/connection.h" +#include "core/or/sendme.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_vegas.h" +#include "core/or/congestion_control_nola.h" +#include "core/or/congestion_control_westwood.h" +#include "core/or/congestion_control_st.h" +#include "core/or/trace_probes_cc.h" +#include "lib/time/compat_time.h" +#include "feature/nodelist/networkstatus.h" +#include "app/config/config.h" + +#include "trunnel/congestion_control.h" +#include "trunnel/extension.h" + +/* Consensus parameter defaults. + * + * More details for each of the parameters can be found in proposal 324, + * section 6.5 including tuning notes. */ +#define SENDME_INC_DFLT (TLS_RECORD_MAX_CELLS) +#define CIRCWINDOW_INIT (4*SENDME_INC_DFLT) + +#define CC_ALG_DFLT (CC_ALG_SENDME) +#define CC_ALG_DFLT_ALWAYS (CC_ALG_VEGAS) + +#define CWND_INC_DFLT (TLS_RECORD_MAX_CELLS) +#define CWND_INC_PCT_SS_DFLT (100) +#define CWND_INC_RATE_DFLT (1) + +#define CWND_MIN_DFLT (2*SENDME_INC_DFLT) +#define CWND_MAX_DFLT (INT32_MAX) + +#define BWE_SENDME_MIN_DFLT (5) + +#define N_EWMA_CWND_PCT_DFLT (50) +#define N_EWMA_MAX_DFLT (10) +#define N_EWMA_SS_DFLT (2) + +#define RTT_RESET_PCT_DFLT (100) + +/* BDP algorithms for each congestion control algorithms use the piecewise + * estimattor. See section 3.1.4 of proposal 324. */ +#define WESTWOOD_BDP_ALG BDP_ALG_PIECEWISE +#define VEGAS_BDP_MIX_ALG BDP_ALG_PIECEWISE +#define NOLA_BDP_ALG BDP_ALG_PIECEWISE + +/* Indicate OR connection buffer limitations used to stop or start accepting + * cells in its outbuf. + * + * These watermarks are historical to tor in a sense that they've been used + * almost from the genesis point. And were likely defined to fit the bounds of + * TLS records of 16KB which would be around 32 cells. + * + * These are defaults of the consensus parameter "orconn_high" and "orconn_low" + * values. */ +#define OR_CONN_HIGHWATER_DFLT (32*1024) +#define OR_CONN_LOWWATER_DFLT (16*1024) + +/* Low and high values of circuit cell queue sizes. They are used to tell when + * to start or stop reading on the streams attached on the circuit. + * + * These are defaults of the consensus parameters "cellq_high" and "cellq_low". + */ +#define CELL_QUEUE_LOW_DFLT (10) +#define CELL_QUEUE_HIGH_DFLT (256) + +static uint64_t congestion_control_update_circuit_rtt(congestion_control_t *, + uint64_t); +static bool congestion_control_update_circuit_bdp(congestion_control_t *, + const circuit_t *, + const crypt_path_t *, + uint64_t, uint64_t); +/* For unit tests */ +void congestion_control_set_cc_enabled(void); + +/* Number of times the RTT value was reset. For MetricsPort. */ +static uint64_t num_rtt_reset; + +/* Number of times the clock was stalled. For MetricsPort. */ +static uint64_t num_clock_stalls; + +/* Consensus parameters cached. The non static ones are extern. */ +static uint32_t cwnd_max = CWND_MAX_DFLT; +int32_t cell_queue_high = CELL_QUEUE_HIGH_DFLT; +int32_t cell_queue_low = CELL_QUEUE_LOW_DFLT; +uint32_t or_conn_highwater = OR_CONN_HIGHWATER_DFLT; +uint32_t or_conn_lowwater = OR_CONN_LOWWATER_DFLT; +uint8_t cc_sendme_inc = SENDME_INC_DFLT; +static cc_alg_t cc_alg = CC_ALG_DFLT; + +/** + * Number of cwnd worth of sendme acks to smooth RTT and BDP with, + * using N_EWMA */ +static uint8_t n_ewma_cwnd_pct; + +/** + * Maximum number N for the N-count EWMA averaging of RTT and BDP. + */ +static uint8_t n_ewma_max; + +/** + * Maximum number N for the N-count EWMA averaging of RTT in Slow Start. + */ +static uint8_t n_ewma_ss; + +/** + * Minimum number of sendmes before we begin BDP estimates + */ +static uint8_t bwe_sendme_min; + +/** + * Percentage of the current RTT to use when reseting the minimum RTT + * for a circuit. (RTT is reset when the cwnd hits cwnd_min). + */ +static uint8_t rtt_reset_pct; + +/** Metric to count the number of congestion control circuits **/ +uint64_t cc_stats_circs_created = 0; + +/** Return the number of RTT reset that have been done. */ +uint64_t +congestion_control_get_num_rtt_reset(void) +{ + return num_rtt_reset; +} + +/** Return the number of clock stalls that have been done. */ +uint64_t +congestion_control_get_num_clock_stalls(void) +{ + return num_clock_stalls; +} + +/** + * Update global congestion control related consensus parameter values, + * every consensus update. + */ +void +congestion_control_new_consensus_params(const networkstatus_t *ns) +{ +#define CELL_QUEUE_HIGH_MIN (1) +#define CELL_QUEUE_HIGH_MAX (1000) + cell_queue_high = networkstatus_get_param(ns, "cellq_high", + CELL_QUEUE_HIGH_DFLT, + CELL_QUEUE_HIGH_MIN, + CELL_QUEUE_HIGH_MAX); + +#define CELL_QUEUE_LOW_MIN (1) +#define CELL_QUEUE_LOW_MAX (1000) + cell_queue_low = networkstatus_get_param(ns, "cellq_low", + CELL_QUEUE_LOW_DFLT, + CELL_QUEUE_LOW_MIN, + CELL_QUEUE_LOW_MAX); + +#define OR_CONN_HIGHWATER_MIN (CELL_PAYLOAD_SIZE) +#define OR_CONN_HIGHWATER_MAX (INT32_MAX) + or_conn_highwater = + networkstatus_get_param(ns, "orconn_high", + OR_CONN_HIGHWATER_DFLT, + OR_CONN_HIGHWATER_MIN, + OR_CONN_HIGHWATER_MAX); + +#define OR_CONN_LOWWATER_MIN (CELL_PAYLOAD_SIZE) +#define OR_CONN_LOWWATER_MAX (INT32_MAX) + or_conn_lowwater = + networkstatus_get_param(ns, "orconn_low", + OR_CONN_LOWWATER_DFLT, + OR_CONN_LOWWATER_MIN, + OR_CONN_LOWWATER_MAX); + +#define CWND_MAX_MIN 500 +#define CWND_MAX_MAX (INT32_MAX) + cwnd_max = + networkstatus_get_param(NULL, "cc_cwnd_max", + CWND_MAX_DFLT, + CWND_MAX_MIN, + CWND_MAX_MAX); + +#define RTT_RESET_PCT_MIN (0) +#define RTT_RESET_PCT_MAX (100) + rtt_reset_pct = + networkstatus_get_param(NULL, "cc_rtt_reset_pct", + RTT_RESET_PCT_DFLT, + RTT_RESET_PCT_MIN, + RTT_RESET_PCT_MAX); + +#define SENDME_INC_MIN 1 +#define SENDME_INC_MAX (255) + cc_sendme_inc = + networkstatus_get_param(NULL, "cc_sendme_inc", + SENDME_INC_DFLT, + SENDME_INC_MIN, + SENDME_INC_MAX); + +#define CC_ALG_MIN 0 +#define CC_ALG_MAX (NUM_CC_ALGS-1) + cc_alg = + networkstatus_get_param(NULL, "cc_alg", + CC_ALG_DFLT, + CC_ALG_MIN, + CC_ALG_MAX); + +#define BWE_SENDME_MIN_MIN 2 +#define BWE_SENDME_MIN_MAX (20) + bwe_sendme_min = + networkstatus_get_param(NULL, "cc_bwe_min", + BWE_SENDME_MIN_DFLT, + BWE_SENDME_MIN_MIN, + BWE_SENDME_MIN_MAX); + +#define N_EWMA_CWND_PCT_MIN 1 +#define N_EWMA_CWND_PCT_MAX (255) + n_ewma_cwnd_pct = + networkstatus_get_param(NULL, "cc_ewma_cwnd_pct", + N_EWMA_CWND_PCT_DFLT, + N_EWMA_CWND_PCT_MIN, + N_EWMA_CWND_PCT_MAX); + +#define N_EWMA_MAX_MIN 2 +#define N_EWMA_MAX_MAX (INT32_MAX) + n_ewma_max = + networkstatus_get_param(NULL, "cc_ewma_max", + N_EWMA_MAX_DFLT, + N_EWMA_MAX_MIN, + N_EWMA_MAX_MAX); + +#define N_EWMA_SS_MIN 2 +#define N_EWMA_SS_MAX (INT32_MAX) + n_ewma_ss = + networkstatus_get_param(NULL, "cc_ewma_ss", + N_EWMA_SS_DFLT, + N_EWMA_SS_MIN, + N_EWMA_SS_MAX); +} + +/** + * Set congestion control parameters on a circuit's congestion + * control object based on values from the consensus. + * + * cc_alg is the negotiated congestion control algorithm. + * + * sendme_inc is the number of packaged cells that a sendme cell + * acks. This parameter will come from circuit negotiation. + */ +static void +congestion_control_init_params(congestion_control_t *cc, + const circuit_params_t *params, + cc_path_t path) +{ + const or_options_t *opts = get_options(); + cc->sendme_inc = params->sendme_inc_cells; + +#define CWND_INIT_MIN SENDME_INC_DFLT +#define CWND_INIT_MAX (10000) + cc->cwnd = + networkstatus_get_param(NULL, "cc_cwnd_init", + CIRCWINDOW_INIT, + CWND_INIT_MIN, + CWND_INIT_MAX); + +#define CWND_INC_PCT_SS_MIN 1 +#define CWND_INC_PCT_SS_MAX (500) + cc->cwnd_inc_pct_ss = + networkstatus_get_param(NULL, "cc_cwnd_inc_pct_ss", + CWND_INC_PCT_SS_DFLT, + CWND_INC_PCT_SS_MIN, + CWND_INC_PCT_SS_MAX); + +#define CWND_INC_MIN 1 +#define CWND_INC_MAX (1000) + cc->cwnd_inc = + networkstatus_get_param(NULL, "cc_cwnd_inc", + CWND_INC_DFLT, + CWND_INC_MIN, + CWND_INC_MAX); + +#define CWND_INC_RATE_MIN 1 +#define CWND_INC_RATE_MAX (250) + cc->cwnd_inc_rate = + networkstatus_get_param(NULL, "cc_cwnd_inc_rate", + CWND_INC_RATE_DFLT, + CWND_INC_RATE_MIN, + CWND_INC_RATE_MAX); + +#define CWND_MIN_MIN SENDME_INC_DFLT +#define CWND_MIN_MAX (1000) + cc->cwnd_min = + networkstatus_get_param(NULL, "cc_cwnd_min", + CWND_MIN_DFLT, + CWND_MIN_MIN, + CWND_MIN_MAX); + + /* If the consensus says to use OG sendme, but torrc has + * always-enabled, use the default "always" alg (vegas), + * else use cached conensus alg. */ + if (cc_alg == CC_ALG_SENDME && opts->AlwaysCongestionControl) { + cc->cc_alg = CC_ALG_DFLT_ALWAYS; + } else { + cc->cc_alg = cc_alg; + } + + bdp_alg_t default_bdp_alg = 0; + + switch (cc->cc_alg) { + case CC_ALG_WESTWOOD: + default_bdp_alg = WESTWOOD_BDP_ALG; + break; + case CC_ALG_VEGAS: + default_bdp_alg = VEGAS_BDP_MIX_ALG; + break; + case CC_ALG_NOLA: + default_bdp_alg = NOLA_BDP_ALG; + break; + case CC_ALG_SENDME: + default: + tor_fragile_assert(); + return; // No alg-specific params + } + + cc->bdp_alg = + networkstatus_get_param(NULL, "cc_bdp_alg", + default_bdp_alg, + 0, + NUM_BDP_ALGS-1); + + /* Algorithm-specific parameters */ + if (cc->cc_alg == CC_ALG_WESTWOOD) { + congestion_control_westwood_set_params(cc); + } else if (cc->cc_alg == CC_ALG_VEGAS) { + congestion_control_vegas_set_params(cc, path); + } else if (cc->cc_alg == CC_ALG_NOLA) { + congestion_control_nola_set_params(cc); + } +} + +/** Returns true if congestion control is enabled in the most recent + * consensus, or if __AlwaysCongestionControl is set to true. + * + * Note that this function (and many many other functions) should not + * be called from the CPU worker threads when handling congestion + * control negotiation. Relevant values are marshaled into the + * `circuit_params_t` struct, in order to be used in worker threads + * without touching global state. Use those values in CPU worker + * threads, instead of calling this function. + * + * The danger is still present, in your time, as it was in ours. + */ +bool +congestion_control_enabled(void) +{ + const or_options_t *opts = NULL; + + tor_assert_nonfatal_once(in_main_thread()); + + opts = get_options(); + + /* If the user has set "__AlwaysCongesttionControl", + * then always try to negotiate congestion control, regardless + * of consensus param. This is to be used for testing and sbws. + * + * Note that we do *not* allow disabling congestion control + * if the consensus says to use it, as this is bad for queueing + * and fairness. */ + if (opts->AlwaysCongestionControl) + return 1; + + return cc_alg != CC_ALG_SENDME; +} + +/** + * For unit tests only: set the cached consensus cc alg to + * specified value. + */ +void +congestion_control_set_cc_enabled(void) +{ + cc_alg = CC_ALG_VEGAS; +} + +/** + * Allocate and initialize fields in congestion control object. + * + * cc_alg is the negotiated congestion control algorithm. + * + * sendme_inc is the number of packaged cells that a sendme cell + * acks. This parameter will come from circuit negotiation. + */ +static void +congestion_control_init(congestion_control_t *cc, + const circuit_params_t *params, + cc_path_t path) +{ + cc->sendme_pending_timestamps = smartlist_new(); + cc->sendme_arrival_timestamps = smartlist_new(); + + cc->in_slow_start = 1; + congestion_control_init_params(cc, params, path); + + cc->next_cc_event = CWND_UPDATE_RATE(cc); +} + +/** Allocate and initialize a new congestion control object */ +congestion_control_t * +congestion_control_new(const circuit_params_t *params, cc_path_t path) +{ + congestion_control_t *cc = tor_malloc_zero(sizeof(congestion_control_t)); + + congestion_control_init(cc, params, path); + + cc_stats_circs_created++; + + return cc; +} + +/** + * Free a congestion control object and its associated state. + */ +void +congestion_control_free_(congestion_control_t *cc) +{ + if (!cc) + return; + + SMARTLIST_FOREACH(cc->sendme_pending_timestamps, uint64_t *, t, tor_free(t)); + SMARTLIST_FOREACH(cc->sendme_arrival_timestamps, uint64_t *, t, tor_free(t)); + smartlist_free(cc->sendme_pending_timestamps); + smartlist_free(cc->sendme_arrival_timestamps); + + tor_free(cc); +} + +/** + * Enqueue a u64 timestamp to the end of a queue of timestamps. + */ +static inline void +enqueue_timestamp(smartlist_t *timestamps_u64, uint64_t timestamp_usec) +{ + uint64_t *timestamp_ptr = tor_malloc(sizeof(uint64_t)); + *timestamp_ptr = timestamp_usec; + + smartlist_add(timestamps_u64, timestamp_ptr); +} + +/** + * Peek at the head of a smartlist queue of u64 timestamps. + */ +static inline uint64_t +peek_timestamp(const smartlist_t *timestamps_u64_usecs) +{ + uint64_t *timestamp_ptr = smartlist_get(timestamps_u64_usecs, 0); + + if (BUG(!timestamp_ptr)) { + log_err(LD_CIRC, "Congestion control timestamp list became empty!"); + return 0; + } + + return *timestamp_ptr; +} + +/** + * Dequeue a u64 monotime usec timestamp from the front of a + * smartlist of pointers to 64. + */ +static inline uint64_t +dequeue_timestamp(smartlist_t *timestamps_u64_usecs) +{ + uint64_t *timestamp_ptr = smartlist_get(timestamps_u64_usecs, 0); + uint64_t timestamp_u64; + + if (BUG(!timestamp_ptr)) { + log_err(LD_CIRC, "Congestion control timestamp list became empty!"); + return 0; + } + + timestamp_u64 = *timestamp_ptr; + smartlist_del_keeporder(timestamps_u64_usecs, 0); + tor_free(timestamp_ptr); + + return timestamp_u64; +} + +/** + * Returns the number N of N-count EWMA, for averaging RTT and BDP over + * N SENDME acks. + * + * This N is bracketed between a divisor of the number of acks in a CWND + * and a max value. It is always at least 2. + */ +static inline uint64_t +n_ewma_count(const congestion_control_t *cc) +{ + uint64_t ewma_cnt = 0; + + if (cc->in_slow_start) { + /* In slow-start, we check the Vegas condition every sendme, + * so much lower ewma counts are needed. */ + ewma_cnt = n_ewma_ss; + } else { + /* After slow-start, we check the Vegas condition only once per + * CWND, so it is better to average over longer periods. */ + ewma_cnt = MIN(CWND_UPDATE_RATE(cc)*n_ewma_cwnd_pct/100, + n_ewma_max); + } + ewma_cnt = MAX(ewma_cnt, 2); + return ewma_cnt; +} + +/** + * Get a package window from either old sendme logic, or congestion control. + * + * A package window is how many cells you can still send. + */ +int +congestion_control_get_package_window(const circuit_t *circ, + const crypt_path_t *cpath) +{ + int package_window; + congestion_control_t *cc; + + tor_assert(circ); + + if (cpath) { + package_window = cpath->package_window; + cc = cpath->ccontrol; + } else { + package_window = circ->package_window; + cc = circ->ccontrol; + } + + if (!cc) { + return package_window; + } else { + /* Inflight can be above cwnd if cwnd was just reduced */ + if (cc->inflight > cc->cwnd) + return 0; + /* In the extremely unlikely event that cwnd-inflight is larger than + * INT32_MAX, just return that cap, so old code doesn't explode. */ + else if (cc->cwnd - cc->inflight > INT32_MAX) + return INT32_MAX; + else + return (int)(cc->cwnd - cc->inflight); + } +} + +/** + * Returns the number of cells that are acked by every sendme. + */ +int +sendme_get_inc_count(const circuit_t *circ, const crypt_path_t *layer_hint) +{ + int sendme_inc = CIRCWINDOW_INCREMENT; + congestion_control_t *cc = NULL; + + if (layer_hint) { + cc = layer_hint->ccontrol; + } else { + cc = circ->ccontrol; + } + + if (cc) { + sendme_inc = cc->sendme_inc; + } + + return sendme_inc; +} + +/** Return true iff the next cell we send will result in the other endpoint + * sending a SENDME. + * + * We are able to know that because the package or inflight window value minus + * one cell (the possible SENDME cell) should be a multiple of the + * cells-per-sendme increment value (set via consensus parameter, negotiated + * for the circuit, and passed in as sendme_inc). + * + * This function is used when recording a cell digest and this is done quite + * low in the stack when decrypting or encrypting a cell. The window is only + * updated once the cell is actually put in the outbuf. + */ +bool +circuit_sent_cell_for_sendme(const circuit_t *circ, + const crypt_path_t *layer_hint) +{ + congestion_control_t *cc; + int window; + + tor_assert(circ); + + if (layer_hint) { + window = layer_hint->package_window; + cc = layer_hint->ccontrol; + } else { + window = circ->package_window; + cc = circ->ccontrol; + } + + /* If we are using congestion control and the alg is not + * old-school 'fixed', then use cc->inflight to determine + * when sendmes will be sent */ + if (cc) { + if (!cc->inflight) + return false; + + /* This check must be +1 because this function is called *before* + * inflight is incremented for the sent cell */ + if ((cc->inflight+1) % cc->sendme_inc != 0) + return false; + + return true; + } + + /* At the start of the window, no SENDME will be expected. */ + if (window == CIRCWINDOW_START) { + return false; + } + + /* Are we at the limit of the increment and if not, we don't expect next + * cell is a SENDME. + * + * We test against the window minus 1 because when we are looking if the + * next cell is a SENDME, the window (either package or deliver) hasn't been + * decremented just yet so when this is called, we are currently processing + * the "window - 1" cell. + */ + if (((window - 1) % CIRCWINDOW_INCREMENT) != 0) { + return false; + } + + /* Next cell is expected to be a SENDME. */ + return true; +} + +/** + * Call-in to tell congestion control code that this circuit sent a cell. + * + * This updates the 'inflight' counter, and if this is a cell that will + * cause the other end to send a SENDME, record the current time in a list + * of pending timestamps, so that we can later compute the circuit RTT when + * the SENDME comes back. */ +void +congestion_control_note_cell_sent(congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *cpath) +{ + tor_assert(circ); + tor_assert(cc); + + /* Is this the last cell before a SENDME? The idea is that if the + * package_window reaches a multiple of the increment, after this cell, we + * should expect a SENDME. Note that this function must be called *before* + * we account for the sent cell. */ + if (!circuit_sent_cell_for_sendme(circ, cpath)) { + cc->inflight++; + return; + } + + cc->inflight++; + + /* Record this cell time for RTT computation when SENDME arrives */ + enqueue_timestamp(cc->sendme_pending_timestamps, + monotime_absolute_usec()); +} + +/** + * Returns true if any edge connections are active. + * + * We need to know this so that we can stop computing BDP if the + * edges are not sending on the circuit. + */ +static int +circuit_has_active_streams(const circuit_t *circ, + const crypt_path_t *layer_hint) +{ + const edge_connection_t *streams; + + if (CIRCUIT_IS_ORIGIN(circ)) { + streams = CONST_TO_ORIGIN_CIRCUIT(circ)->p_streams; + } else { + streams = CONST_TO_OR_CIRCUIT(circ)->n_streams; + } + + /* Check linked list of streams */ + for (const edge_connection_t *conn = streams; conn != NULL; + conn = conn->next_stream) { + if (conn->base_.marked_for_close) + continue; + + if (!layer_hint || conn->cpath_layer == layer_hint) { + if (connection_get_inbuf_len(TO_CONN(conn)) > 0) { + log_info(LD_CIRC, "CC: More in edge inbuf..."); + return 1; + } + + /* If we did not reach EOF on this read, there's more */ + if (!TO_CONN(conn)->inbuf_reached_eof) { + log_info(LD_CIRC, "CC: More on edge conn..."); + return 1; + } + + if (TO_CONN(conn)->linked_conn) { + if (connection_get_inbuf_len(TO_CONN(conn)->linked_conn) > 0) { + log_info(LD_CIRC, "CC: More in linked inbuf..."); + return 1; + } + + /* If there is a linked conn, and *it* did not each EOF, + * there's more */ + if (!TO_CONN(conn)->linked_conn->inbuf_reached_eof) { + log_info(LD_CIRC, "CC: More on linked conn..."); + return 1; + } + } + } + } + + return 0; +} + +/** + * Upon receipt of a SENDME, pop the oldest timestamp off the timestamp + * list, and use this to update RTT. + * + * Returns true if circuit estimates were successfully updated, false + * otherwise. + */ +bool +congestion_control_update_circuit_estimates(congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint) +{ + uint64_t now_usec = monotime_absolute_usec(); + + /* Update RTT first, then BDP. BDP needs fresh RTT */ + uint64_t curr_rtt_usec = congestion_control_update_circuit_rtt(cc, now_usec); + return congestion_control_update_circuit_bdp(cc, circ, layer_hint, now_usec, + curr_rtt_usec); +} + +/** + * Returns true if we have enough time data to use heuristics + * to compare RTT to a baseline. + */ +static bool +time_delta_should_use_heuristics(const congestion_control_t *cc) +{ + /* If we have exited slow start and also have an EWMA RTT, we + * should have processed at least a cwnd worth of RTTs */ + if (!cc->in_slow_start && cc->ewma_rtt_usec) { + return true; + } + + /* If we managed to get enough acks to estimate a SENDME BDP, then + * we have enough to estimate clock jumps relative to a baseline, + * too. (This is at least 'cc_bwe_min' acks). */ + if (cc->bdp[BDP_ALG_SENDME_RATE]) { + return true; + } + + /* Not enough data to estimate clock jumps */ + return false; +} + +static bool is_monotime_clock_broken = false; + +/** + * Returns true if the monotime delta is 0, or is significantly + * different than the previous delta. Either case indicates + * that the monotime time source stalled or jumped. + * + * Also caches the clock state in the is_monotime_clock_broken flag, + * so we can also provide a is_monotime_clock_reliable() function, + * used by flow control rate timing. + */ +static bool +time_delta_stalled_or_jumped(const congestion_control_t *cc, + uint64_t old_delta, uint64_t new_delta) +{ +#define DELTA_DISCREPENCY_RATIO_MAX 5000 + /* If we have a 0 new_delta, that is definitely a monotime stall */ + if (new_delta == 0) { + static ratelim_t stall_info_limit = RATELIM_INIT(60); + log_fn_ratelim(&stall_info_limit, LOG_INFO, LD_CIRC, + "Congestion control cannot measure RTT due to monotime stall."); + + is_monotime_clock_broken = true; + return true; + } + + /* + * For the heuristic cases, we need at least a few timestamps, + * to average out any previous partial stalls or jumps. So until + * that point, let's just assume its OK. + */ + if (!time_delta_should_use_heuristics(cc)) { + return false; + } + + /* If old_delta is significantly larger than new_delta, then + * this means that the monotime clock could have recently + * stopped moving forward. However, use the cache for this + * value, because it may also be caused by network activity, + * or by a previous clock jump that was not detected. + * + * So if we have not gotten a 0-delta recently, we will + * still allow this new low RTT, but just yell about it. */ + if (old_delta > new_delta * DELTA_DISCREPENCY_RATIO_MAX) { + static ratelim_t dec_notice_limit = RATELIM_INIT(300); + log_fn_ratelim(&dec_notice_limit, LOG_NOTICE, LD_CIRC, + "Sudden decrease in circuit RTT (%"PRIu64" vs %"PRIu64 + "), likely due to clock jump.", + new_delta/1000, old_delta/1000); + + return is_monotime_clock_broken; + } + + /* If new_delta is significantly larger than old_delta, then + * this means that the monotime clock suddenly jumped forward. + * However, do not cache this value, because it may also be caused + * by network activity. + */ + if (new_delta > old_delta * DELTA_DISCREPENCY_RATIO_MAX) { + static ratelim_t dec_notice_limit = RATELIM_INIT(300); + log_fn_ratelim(&dec_notice_limit, LOG_PROTOCOL_WARN, LD_CIRC, + "Sudden increase in circuit RTT (%"PRIu64" vs %"PRIu64 + "), likely due to clock jump or suspended remote endpoint.", + new_delta/1000, old_delta/1000); + + return true; + } + + /* All good! Update cached status, too */ + is_monotime_clock_broken = false; + + return false; +} + +/** + * Is the monotime clock stalled according to any circuits? + */ +bool +is_monotime_clock_reliable(void) +{ + return !is_monotime_clock_broken; +} + +/** + * Called when we get a SENDME. Updates circuit RTT by pulling off a + * timestamp of when we sent the CIRCWINDOW_INCREMENT-th cell from + * the queue of such timestamps, and comparing that to current time. + * + * Also updates min, max, and EWMA of RTT. + * + * Returns the current circuit RTT in usecs, or 0 if it could not be + * measured (due to clock jump, stall, etc). + */ +static uint64_t +congestion_control_update_circuit_rtt(congestion_control_t *cc, + uint64_t now_usec) +{ + uint64_t rtt, ewma_cnt; + uint64_t sent_at_timestamp; + + tor_assert(cc); + + /* Get the time that we sent the cell that resulted in the other + * end sending this sendme. Use this to calculate RTT */ + sent_at_timestamp = dequeue_timestamp(cc->sendme_pending_timestamps); + + rtt = now_usec - sent_at_timestamp; + + /* Do not update RTT at all if it looks fishy */ + if (time_delta_stalled_or_jumped(cc, cc->ewma_rtt_usec, rtt)) { + num_clock_stalls++; /* Accounting */ + return 0; + } + + ewma_cnt = n_ewma_count(cc); + + cc->ewma_rtt_usec = n_count_ewma(rtt, cc->ewma_rtt_usec, ewma_cnt); + + if (rtt > cc->max_rtt_usec) { + cc->max_rtt_usec = rtt; + } + + if (cc->min_rtt_usec == 0) { + // If we do not have a min_rtt yet, use current ewma + cc->min_rtt_usec = cc->ewma_rtt_usec; + } else if (cc->cwnd == cc->cwnd_min && !cc->in_slow_start) { + // Raise min rtt if cwnd hit cwnd_min. This gets us out of a wedge state + // if we hit cwnd_min due to an abnormally low rtt. + uint64_t new_rtt = percent_max_mix(cc->ewma_rtt_usec, cc->min_rtt_usec, + rtt_reset_pct); + + static ratelim_t rtt_notice_limit = RATELIM_INIT(300); + log_fn_ratelim(&rtt_notice_limit, LOG_NOTICE, LD_CIRC, + "Resetting circ RTT from %"PRIu64" to %"PRIu64" due to low cwnd", + cc->min_rtt_usec/1000, new_rtt/1000); + + cc->min_rtt_usec = new_rtt; + num_rtt_reset++; /* Accounting */ + } else if (cc->ewma_rtt_usec < cc->min_rtt_usec) { + // Using the EWMA for min instead of current RTT helps average out + // effects from other conns + cc->min_rtt_usec = cc->ewma_rtt_usec; + } + + return rtt; +} + +/** + * Called when we get a SENDME. Updates the bandwidth-delay-product (BDP) + * estimates of a circuit. Several methods of computing BDP are used, + * depending on scenario. While some congestion control algorithms only + * use one of these methods, we update them all because it's quick and easy. + * + * - now_usec is the current monotime in usecs. + * - curr_rtt_usec is the current circuit RTT in usecs. It may be 0 if no + * RTT could bemeasured. + * + * Returns true if we were able to update BDP, false otherwise. + */ +static bool +congestion_control_update_circuit_bdp(congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint, + uint64_t now_usec, + uint64_t curr_rtt_usec) +{ + int chan_q = 0; + unsigned int blocked_on_chan = 0; + uint64_t timestamp_usec; + uint64_t sendme_rate_bdp = 0; + + tor_assert(cc); + + if (CIRCUIT_IS_ORIGIN(circ)) { + /* origin circs use n_chan */ + chan_q = circ->n_chan_cells.n; + blocked_on_chan = circ->streams_blocked_on_n_chan; + } else { + /* Both onion services and exits use or_circuit and p_chan */ + chan_q = CONST_TO_OR_CIRCUIT(circ)->p_chan_cells.n; + blocked_on_chan = circ->streams_blocked_on_p_chan; + } + + /* If we have no EWMA RTT, it is because monotime has been stalled + * or messed up the entire time so far. Set our BDP estimates directly + * to current cwnd */ + if (!cc->ewma_rtt_usec) { + uint64_t cwnd = cc->cwnd; + + tor_assert_nonfatal(cc->cwnd <= cwnd_max); + + /* If the channel is blocked, keep subtracting off the chan_q + * until we hit the min cwnd. */ + if (blocked_on_chan) { + /* Cast is fine because we're less than int32 */ + if (chan_q >= (int64_t)cwnd) { + log_notice(LD_CIRC, + "Clock stall with large chanq: %d %"PRIu64, chan_q, cwnd); + cwnd = cc->cwnd_min; + } else { + cwnd = MAX(cwnd - chan_q, cc->cwnd_min); + } + cc->blocked_chan = 1; + } else { + cc->blocked_chan = 0; + } + + cc->bdp[BDP_ALG_CWND_RTT] = cwnd; + cc->bdp[BDP_ALG_INFLIGHT_RTT] = cwnd; + cc->bdp[BDP_ALG_SENDME_RATE] = cwnd; + cc->bdp[BDP_ALG_PIECEWISE] = cwnd; + + static ratelim_t dec_notice_limit = RATELIM_INIT(300); + log_fn_ratelim(&dec_notice_limit, LOG_NOTICE, LD_CIRC, + "Our clock has been stalled for the entire lifetime of a circuit. " + "Performance may be sub-optimal."); + + return blocked_on_chan; + } + + /* Congestion window based BDP will respond to changes in RTT only, and is + * relative to cwnd growth. It is useful for correcting for BDP + * overestimation, but if BDP is higher than the current cwnd, it will + * underestimate it. + * + * We multiply here first to avoid precision issues from min_RTT being + * close to ewma RTT. Since all fields are u64, there is plenty of + * room here to multiply first. + */ + cc->bdp[BDP_ALG_CWND_RTT] = cc->cwnd*cc->min_rtt_usec/cc->ewma_rtt_usec; + + /* + * If we have no pending streams, we do not have enough data to fill + * the BDP, so preserve our old estimates but do not make any more. + */ + if (!blocked_on_chan && !circuit_has_active_streams(circ, layer_hint)) { + log_info(LD_CIRC, + "CC: Streams drained. Spare package window: %"PRIu64 + ", no BDP update", cc->cwnd - cc->inflight); + + /* Clear SENDME timestamps; they will be wrong with intermittent data */ + SMARTLIST_FOREACH(cc->sendme_arrival_timestamps, uint64_t *, t, + tor_free(t)); + smartlist_clear(cc->sendme_arrival_timestamps); + } else if (curr_rtt_usec && is_monotime_clock_reliable()) { + /* Sendme-based BDP will quickly measure BDP in much less than + * a cwnd worth of data when in use (in 2-10 SENDMEs). + * + * But if the link goes idle, it will be vastly lower than true BDP. Hence + * we only compute it if we have either pending stream data, or streams + * are still blocked on the channel queued data. + * + * We also do not compute it if we do not have a current RTT passed in, + * because that means that monotime is currently stalled or just jumped. + */ + enqueue_timestamp(cc->sendme_arrival_timestamps, now_usec); + + if (smartlist_len(cc->sendme_arrival_timestamps) >= bwe_sendme_min) { + /* If we have more sendmes than fit in a cwnd, trim the list. + * Those are not acurrately measuring throughput, if cwnd is + * currently smaller than BDP */ + while (smartlist_len(cc->sendme_arrival_timestamps) > + bwe_sendme_min && + (uint64_t)smartlist_len(cc->sendme_arrival_timestamps) > + n_ewma_count(cc)) { + (void)dequeue_timestamp(cc->sendme_arrival_timestamps); + } + int sendme_cnt = smartlist_len(cc->sendme_arrival_timestamps); + + /* Calculate SENDME_BWE_COUNT pure average */ + timestamp_usec = peek_timestamp(cc->sendme_arrival_timestamps); + uint64_t delta = now_usec - timestamp_usec; + + /* In Shadow, the time delta between acks can be 0 if there is no + * network activity between them. Only update BDP if the delta is + * non-zero. */ + if (delta > 0) { + /* The acked data is in sendme_cnt-1 chunks, because we are counting + * the data that is processed by the other endpoint *between* all of + * these sendmes. There's one less gap between the sendmes than the + * number of sendmes. */ + uint64_t cells = (sendme_cnt-1)*cc->sendme_inc; + + /* The bandwidth estimate is cells/delta, which when multiplied + * by min RTT obtains the BDP. However, we multiply first to + * avoid precision issues with the RTT being close to delta in size. */ + sendme_rate_bdp = cells*cc->min_rtt_usec/delta; + + /* Calculate BDP_EWMA_COUNT N-EWMA */ + cc->bdp[BDP_ALG_SENDME_RATE] = + n_count_ewma(sendme_rate_bdp, cc->bdp[BDP_ALG_SENDME_RATE], + n_ewma_count(cc)); + } + } + + /* In-flight BDP will cause the cwnd to drift down when underutilized. + * It is most useful when the local OR conn is blocked, so we only + * compute it if we're utilized. */ + cc->bdp[BDP_ALG_INFLIGHT_RTT] = + (cc->inflight - chan_q)*cc->min_rtt_usec/ + MAX(cc->ewma_rtt_usec, curr_rtt_usec); + } else { + /* We can still update inflight with just an EWMA RTT, but only + * if there is data flowing */ + cc->bdp[BDP_ALG_INFLIGHT_RTT] = + (cc->inflight - chan_q)*cc->min_rtt_usec/cc->ewma_rtt_usec; + } + + /* The orconn is blocked; use smaller of inflight vs SENDME */ + if (blocked_on_chan) { + log_info(LD_CIRC, "CC: Streams blocked on circ channel. Chanq: %d", + chan_q); + + /* A blocked channel is an immediate congestion signal, but it still + * happens only once per cwnd */ + if (!cc->blocked_chan) { + cc->next_cc_event = 0; + cc->blocked_chan = 1; + } + + if (cc->bdp[BDP_ALG_SENDME_RATE]) { + cc->bdp[BDP_ALG_PIECEWISE] = MIN(cc->bdp[BDP_ALG_INFLIGHT_RTT], + cc->bdp[BDP_ALG_SENDME_RATE]); + } else { + cc->bdp[BDP_ALG_PIECEWISE] = cc->bdp[BDP_ALG_INFLIGHT_RTT]; + } + } else { + /* If we were previously blocked, emit a new congestion event + * now that we are unblocked, to re-evaluate cwnd */ + if (cc->blocked_chan) { + cc->blocked_chan = 0; + cc->next_cc_event = 0; + log_info(LD_CIRC, "CC: Streams un-blocked on circ channel. Chanq: %d", + chan_q); + } + + cc->bdp[BDP_ALG_PIECEWISE] = MAX(cc->bdp[BDP_ALG_SENDME_RATE], + cc->bdp[BDP_ALG_CWND_RTT]); + } + + /* We can end up with no piecewise value if we didn't have either + * a SENDME estimate or enough data for an inflight estimate. + * It also happens on the very first sendme, since we need two + * to get a BDP. In these cases, use the cwnd method. */ + if (!cc->bdp[BDP_ALG_PIECEWISE]) { + cc->bdp[BDP_ALG_PIECEWISE] = cc->bdp[BDP_ALG_CWND_RTT]; + log_info(LD_CIRC, "CC: No piecewise BDP. Using %"PRIu64, + cc->bdp[BDP_ALG_PIECEWISE]); + } + + if (cc->next_cc_event == 0) { + if (CIRCUIT_IS_ORIGIN(circ)) { + log_info(LD_CIRC, + "CC: Circuit %d " + "SENDME RTT: %"PRIu64", %"PRIu64", %"PRIu64", %"PRIu64", " + "BDP estimates: " + "%"PRIu64", " + "%"PRIu64", " + "%"PRIu64", " + "%"PRIu64", " + "%"PRIu64". ", + CONST_TO_ORIGIN_CIRCUIT(circ)->global_identifier, + cc->min_rtt_usec/1000, + curr_rtt_usec/1000, + cc->ewma_rtt_usec/1000, + cc->max_rtt_usec/1000, + cc->bdp[BDP_ALG_INFLIGHT_RTT], + cc->bdp[BDP_ALG_CWND_RTT], + sendme_rate_bdp, + cc->bdp[BDP_ALG_SENDME_RATE], + cc->bdp[BDP_ALG_PIECEWISE] + ); + } else { + log_info(LD_CIRC, + "CC: Circuit %"PRIu64":%d " + "SENDME RTT: %"PRIu64", %"PRIu64", %"PRIu64", %"PRIu64", " + "%"PRIu64", " + "%"PRIu64", " + "%"PRIu64", " + "%"PRIu64", " + "%"PRIu64". ", + CONST_TO_OR_CIRCUIT(circ)->p_chan->global_identifier, + CONST_TO_OR_CIRCUIT(circ)->p_circ_id, + cc->min_rtt_usec/1000, + curr_rtt_usec/1000, + cc->ewma_rtt_usec/1000, + cc->max_rtt_usec/1000, + cc->bdp[BDP_ALG_INFLIGHT_RTT], + cc->bdp[BDP_ALG_CWND_RTT], + sendme_rate_bdp, + cc->bdp[BDP_ALG_SENDME_RATE], + cc->bdp[BDP_ALG_PIECEWISE] + ); + } + } + + /* We updated BDP this round if either we had a blocked channel, or + * the curr_rtt_usec was not 0. */ + bool ret = (blocked_on_chan || curr_rtt_usec != 0); + if (ret) { + tor_trace(TR_SUBSYS(cc), TR_EV(bdp_update), circ, cc, curr_rtt_usec, + sendme_rate_bdp); + } + return ret; +} + +/** + * Dispatch the sendme to the appropriate congestion control algorithm. + */ +int +congestion_control_dispatch_cc_alg(congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint) +{ + int ret = -END_CIRC_REASON_INTERNAL; + switch (cc->cc_alg) { + case CC_ALG_WESTWOOD: + ret = congestion_control_westwood_process_sendme(cc, circ, layer_hint); + break; + + case CC_ALG_VEGAS: + ret = congestion_control_vegas_process_sendme(cc, circ, layer_hint); + break; + + case CC_ALG_NOLA: + ret = congestion_control_nola_process_sendme(cc, circ, layer_hint); + break; + + case CC_ALG_SENDME: + default: + tor_assert(0); + } + + if (cc->cwnd > cwnd_max) { + static ratelim_t cwnd_limit = RATELIM_INIT(60); + log_fn_ratelim(&cwnd_limit, LOG_NOTICE, LD_CIRC, + "Congestion control cwnd %"PRIu64" exceeds max %d, clamping.", + cc->cwnd, cwnd_max); + cc->cwnd = cwnd_max; + } + + return ret; +} + +/** + * Build an extension field request to negotiate congestion control. + * + * If congestion control is enabled, field TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST + * is created in msg_out. It is a single 0-length field that signifies that we + * want to use congestion control. The length of msg_out is provided via + * msg_len_out. + * + * If congestion control is not enabled, a payload with 0 extensions is created + * and returned. + * + * If there is a failure building the request, -1 is returned, else 0. + * + * *msg_out must be freed if the return value is 0. + */ +int +congestion_control_build_ext_request(uint8_t **msg_out, size_t *msg_len_out) +{ + uint8_t *request = NULL; + trn_extension_t *ext = NULL; + trn_extension_field_t *field = NULL; + + ext = trn_extension_new(); + + /* With congestion control enabled, add the request, else it is an empty + * request in the payload. */ + + if (congestion_control_enabled()) { + /* Build the extension field that will hold the CC field. */ + field = trn_extension_field_new(); + trn_extension_field_set_field_type(field, + TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST); + + /* No payload indicating a request to use congestion control. */ + trn_extension_field_set_field_len(field, 0); + + /* Build final extension. */ + trn_extension_add_fields(ext, field); + trn_extension_set_num(ext, 1); + } + + /* Encode extension. */ + ssize_t ret = trn_extension_encoded_len(ext); + if (BUG(ret < 0)) { + goto err; + } + size_t request_len = ret; + request = tor_malloc_zero(request_len); + ret = trn_extension_encode(request, request_len, ext); + if (BUG(ret < 0)) { + tor_free(request); + goto err; + } + *msg_out = request; + *msg_len_out = request_len; + + /* Free everything, we've encoded the request now. */ + ret = 0; + + err: + trn_extension_free(ext); + return (int)ret; +} + +/** + * Parse a congestion control ntorv3 request payload for extensions. + * + * On parsing failure, -1 is returned. + * + * If congestion control request is present, return 1. If it is not present, + * return 0. + * + * WARNING: Called from CPU worker! Must not access any global state. + */ +int +congestion_control_parse_ext_request(const uint8_t *msg, const size_t msg_len) +{ + ssize_t ret = 0; + trn_extension_t *ext = NULL; + size_t num_fields = 0; + + /* Parse extension from payload. */ + ret = trn_extension_parse(&ext, msg, msg_len); + if (ret < 0) { + goto end; + } + + /* No extension implies no support for congestion control. In this case, we + * simply return 0 to indicate CC is disabled. */ + if ((num_fields = trn_extension_get_num(ext)) == 0) { + ret = 0; + goto end; + } + + /* Go over all fields. If any field is TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST, + * then congestion control is enabled. Ignore unknown fields. */ + for (size_t f = 0; f < num_fields; f++) { + const trn_extension_field_t *field = trn_extension_get_fields(ext, f); + if (field == NULL) { + ret = -1; + goto end; + } + + /* For congestion control to be enabled, we only need the field type. */ + if (trn_extension_field_get_field_type(field) == + TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST) { + ret = 1; + break; + } + } + + end: + trn_extension_free(ext); + return (int)ret; +} + +/** + * Given our observed parameters for circuits and congestion control, + * as well as the parameters for the resulting circuit, build a response + * payload using extension fields into *msg_out, with length specified in + * *msg_out_len. + * + * If congestion control will be enabled, the extension field for + * TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE will contain the sendme_inc value. + * + * If congestion control won't be enabled, an extension payload with 0 + * fields will be created. + * + * Return 0 if an extension payload was created in *msg_out, and -1 on + * error. + * + * *msg_out must be freed if the return value is 0. + * + * WARNING: Called from CPU worker! Must not access any global state. + */ +int +congestion_control_build_ext_response(const circuit_params_t *our_params, + const circuit_params_t *circ_params, + uint8_t **msg_out, size_t *msg_len_out) +{ + ssize_t ret; + uint8_t *request = NULL; + trn_extension_t *ext = NULL; + trn_extension_field_t *field = NULL; + trn_extension_field_cc_t *cc_field = NULL; + + tor_assert(our_params); + tor_assert(circ_params); + tor_assert(msg_out); + tor_assert(msg_len_out); + + ext = trn_extension_new(); + + if (circ_params->cc_enabled) { + /* Build the extension field that will hold the CC field. */ + field = trn_extension_field_new(); + trn_extension_field_set_field_type(field, + TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE); + + /* Build the congestion control field response. */ + cc_field = trn_extension_field_cc_new(); + trn_extension_field_cc_set_sendme_inc(cc_field, + our_params->sendme_inc_cells); + + ret = trn_extension_field_cc_encoded_len(cc_field); + if (BUG(ret <= 0)) { + trn_extension_field_free(field); + goto err; + } + size_t field_len = ret; + trn_extension_field_set_field_len(field, field_len); + trn_extension_field_setlen_field(field, field_len); + + uint8_t *field_array = trn_extension_field_getarray_field(field); + ret = trn_extension_field_cc_encode(field_array, + trn_extension_field_getlen_field(field), cc_field); + if (BUG(ret <= 0)) { + trn_extension_field_free(field); + goto err; + } + + /* Build final extension. */ + trn_extension_add_fields(ext, field); + trn_extension_set_num(ext, 1); + } + + /* Encode extension. */ + ret = trn_extension_encoded_len(ext); + if (BUG(ret < 0)) { + goto err; + } + size_t request_len = ret; + request = tor_malloc_zero(request_len); + ret = trn_extension_encode(request, request_len, ext); + if (BUG(ret < 0)) { + tor_free(request); + goto err; + } + *msg_out = request; + *msg_len_out = request_len; + + /* We've just encoded the extension, clean everything. */ + ret = 0; + + err: + trn_extension_free(ext); + trn_extension_field_cc_free(cc_field); + return (int)ret; +} + +/** Return true iff the given sendme increment is within the acceptable + * margins. */ +bool +congestion_control_validate_sendme_increment(uint8_t sendme_inc) +{ + /* We will only accept this response (and this circuit) if sendme_inc + * is within a factor of 2 of our consensus value. We should not need + * to change cc_sendme_inc much, and if we do, we can spread out those + * changes over smaller increments once every 4 hours. Exits that + * violate this range should just not be used. */ +#define MAX_SENDME_INC_NEGOTIATE_FACTOR 2 + + if (sendme_inc == 0) + return false; + + if (sendme_inc > + MAX_SENDME_INC_NEGOTIATE_FACTOR * congestion_control_sendme_inc() || + sendme_inc < + congestion_control_sendme_inc() / MAX_SENDME_INC_NEGOTIATE_FACTOR) { + return false; + } + return true; +} + +/** Return 1 if CC is enabled which also will set the SENDME increment into our + * params_out. Return 0 if CC is disabled. Else, return -1 on error. */ +int +congestion_control_parse_ext_response(const uint8_t *msg, + const size_t msg_len, + circuit_params_t *params_out) +{ + ssize_t ret = 0; + size_t num_fields = 0; + trn_extension_t *ext = NULL; + trn_extension_field_cc_t *cc_field = NULL; + + /* We will only accept this response (and this circuit) if sendme_inc + * is within a factor of 2 of our consensus value. We should not need + * to change cc_sendme_inc much, and if we do, we can spread out those + * changes over smaller increments once every 4 hours. Exits that + * violate this range should just not be used. */ +#define MAX_SENDME_INC_NEGOTIATE_FACTOR 2 + + /* Parse extension from payload. */ + ret = trn_extension_parse(&ext, msg, msg_len); + if (ret < 0) { + goto end; + } + + if ((num_fields = trn_extension_get_num(ext)) == 0) { + ret = 0; + goto end; + } + + /* Go over all fields. If any field is TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE, + * then congestion control is enabled. Ignore unknown fields. */ + for (size_t f = 0; f < num_fields; f++) { + const trn_extension_field_t *field = trn_extension_get_fields(ext, f); + if (field == NULL) { + ret = -1; + goto end; + } + + /* Only examine TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE; ignore other fields */ + if (trn_extension_field_get_field_type(field) == + TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE) { + + /* Parse the field into the congestion control field. */ + ret = trn_extension_field_cc_parse(&cc_field, + trn_extension_field_getconstarray_field(field), + trn_extension_field_getlen_field(field)); + if (ret < 0) { + goto end; + } + + uint8_t sendme_inc_cells = + trn_extension_field_cc_get_sendme_inc(cc_field); + if (!congestion_control_validate_sendme_increment(sendme_inc_cells)) { + ret = -1; + goto end; + } + + /* All good. Get value and break */ + params_out->sendme_inc_cells = sendme_inc_cells; + ret = 1; + break; + } + } + + end: + trn_extension_free(ext); + trn_extension_field_cc_free(cc_field); + + return (int)ret; +} + +/** + * Returns a formatted string of fields containing congestion + * control information, for the CIRC_BW control port event. + * + * An origin circuit can have a ccontrol object directly on it, + * if it is an onion service, or onion client. Exit-bound clients + * will have the ccontrol on the cpath associated with their exit + * (the last one in the cpath list). + * + * WARNING: This function does not support leaky-pipe topology. It + * is to be used for control port information only. + */ +char * +congestion_control_get_control_port_fields(const origin_circuit_t *circ) +{ + const congestion_control_t *ccontrol = NULL; + char *ret = NULL; + int len; + + if (TO_CIRCUIT(circ)->ccontrol) { + ccontrol = TO_CIRCUIT(circ)->ccontrol; + } else if (circ->cpath && circ->cpath->prev->ccontrol) { + /* Get ccontrol for last hop (exit) if it exists */ + ccontrol = circ->cpath->prev->ccontrol; + } + + if (!ccontrol) + return NULL; + + len = tor_asprintf(&ret, + " SS=%d CWND=%"PRIu64" RTT=%"PRIu64" MIN_RTT=%"PRIu64, + ccontrol->in_slow_start, ccontrol->cwnd, + ccontrol->ewma_rtt_usec/1000, + ccontrol->min_rtt_usec/1000); + if (len < 0) { + log_warn(LD_BUG, "Unable to format event for controller."); + return NULL; + } + + return ret; +} diff --git a/src/core/or/congestion_control_common.h b/src/core/or/congestion_control_common.h new file mode 100644 index 0000000000..fa8f67bb8b --- /dev/null +++ b/src/core/or/congestion_control_common.h @@ -0,0 +1,190 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_common.h + * \brief Public APIs for congestion control + **/ + +#ifndef TOR_CONGESTION_CONTROL_COMMON_H +#define TOR_CONGESTION_CONTROL_COMMON_H + +#include "core/crypto/onion_crypto.h" +#include "core/or/crypt_path_st.h" +#include "core/or/circuit_st.h" + +/* The maximum whole number of cells that can fit in a + * full TLS record. This is 31. */ +#define TLS_RECORD_MAX_CELLS ((16 * 1024) / CELL_MAX_NETWORK_SIZE) + +typedef struct congestion_control_t congestion_control_t; + +/** + * Specifies the path type to help choose congestion control + * parameters. Since these paths are different lengths, they + * will need different queue parameters. */ +typedef enum { + CC_PATH_EXIT = 0, + CC_PATH_ONION = 1, + CC_PATH_ONION_SOS = 2, + CC_PATH_ONION_VG = 3, + CC_PATH_SBWS = 4, +} cc_path_t; + +/** The length of a path for sbws measurement */ +#define SBWS_ROUTE_LEN 2 + +/** Wrapper for the free function, set the CC pointer to NULL after free */ +#define congestion_control_free(cc) \ + FREE_AND_NULL(congestion_control_t, congestion_control_free_, cc) + +void congestion_control_free_(congestion_control_t *cc); + +struct circuit_params_t; +congestion_control_t *congestion_control_new( + const struct circuit_params_t *params, + cc_path_t path); + +int congestion_control_dispatch_cc_alg(congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint); + +void congestion_control_note_cell_sent(congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *cpath); + +bool congestion_control_update_circuit_estimates(congestion_control_t *, + const circuit_t *, + const crypt_path_t *); + +int congestion_control_get_package_window(const circuit_t *, + const crypt_path_t *); + +int sendme_get_inc_count(const circuit_t *, const crypt_path_t *); +bool circuit_sent_cell_for_sendme(const circuit_t *, const crypt_path_t *); +bool is_monotime_clock_reliable(void); + +void congestion_control_new_consensus_params(const networkstatus_t *ns); + +bool congestion_control_enabled(void); + +int congestion_control_build_ext_request(uint8_t **msg_out, + size_t *msg_len_out); +int congestion_control_parse_ext_request(const uint8_t *msg, + const size_t msg_len); +int congestion_control_build_ext_response(const circuit_params_t *our_params, + const circuit_params_t *circ_params, + uint8_t **msg_out, + size_t *msg_len_out); +int congestion_control_parse_ext_response(const uint8_t *msg, + const size_t msg_len, + circuit_params_t *params_out); +bool congestion_control_validate_sendme_increment(uint8_t sendme_inc); +char *congestion_control_get_control_port_fields(const origin_circuit_t *); + +uint64_t congestion_control_get_num_rtt_reset(void); +uint64_t congestion_control_get_num_clock_stalls(void); + +extern uint64_t cc_stats_circs_created; + +/* Ugh, C.. these are private. Use the getter instead, when + * external to the congestion control code. */ +extern uint32_t or_conn_highwater; +extern uint32_t or_conn_lowwater; +extern int32_t cell_queue_high; +extern int32_t cell_queue_low; +extern uint8_t cc_sendme_inc; + +/** Stop writing on an orconn when its outbuf is this large */ +static inline uint32_t +or_conn_highwatermark(void) +{ + return or_conn_highwater; +} + +/** Resume writing on an orconn when its outbuf is less than this */ +static inline uint32_t +or_conn_lowwatermark(void) +{ + return or_conn_lowwater; +} + +/** Stop reading on edge connections when we have this many cells + * waiting on the appropriate queue. */ +static inline int32_t +cell_queue_highwatermark(void) +{ + return cell_queue_high; +} + +/** Start reading from edge connections again when we get down to this many + * cells. */ +static inline int32_t +cell_queue_lowwatermark(void) +{ + return cell_queue_low; +} + +/** Returns the sendme inc rate cached from the most recent consensus */ +static inline uint8_t +congestion_control_sendme_inc(void) +{ + return cc_sendme_inc; +} + +/** + * Compute an N-count EWMA, aka N-EWMA. N-EWMA is defined as: + * EWMA = alpha*value + (1-alpha)*EWMA_prev + * with alpha = 2/(N+1). + * + * This works out to: + * EWMA = value*2/(N+1) + EMA_prev*(N-1)/(N+1) + * = (value*2 + EWMA_prev*(N-1))/(N+1) + */ +static inline uint64_t +n_count_ewma(uint64_t curr, uint64_t prev, uint64_t N) +{ + if (prev == 0) + return curr; + else + return (2*curr + (N-1)*prev)/(N+1); +} + +/** + * Helper function that gives us a percentile weighted-average between + * two values. The pct_max argument specifies the percentage weight of the + * maximum of a and b, when computing this weighted-average. + * + * This also allows this function to be used as either MIN() or a MAX() + * by this parameterization. It is MIN() when pct_max==0; + * it is MAX() when pct_max==100; it is avg() when pct_max==50; it is a + * weighted-average for values in between. + */ +static inline uint64_t +percent_max_mix(uint64_t a, uint64_t b, uint8_t pct_max) +{ + uint64_t max = MAX(a, b); + uint64_t min = MIN(a, b); + + if (BUG(pct_max > 100)) { + return max; + } + + return pct_max*max/100 + (100-pct_max)*min/100; +} + +/* Private section starts. */ +#ifdef TOR_CONGESTION_CONTROL_PRIVATE + +/* + * Unit tests declaractions. + */ +#ifdef TOR_UNIT_TESTS + +void congestion_control_set_cc_enabled(void); + +#endif /* defined(TOR_UNIT_TESTS) */ + +#endif /* defined(TOR_CONGESTION_CONTROL_PRIVATE) */ + +#endif /* !defined(TOR_CONGESTION_CONTROL_COMMON_H) */ diff --git a/src/core/or/congestion_control_flow.c b/src/core/or/congestion_control_flow.c new file mode 100644 index 0000000000..90b1927ef9 --- /dev/null +++ b/src/core/or/congestion_control_flow.c @@ -0,0 +1,751 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_flow.c + * \brief Code that implements flow control for congestion controlled + * circuits. + */ + +#define TOR_CONGESTION_CONTROL_FLOW_PRIVATE + +#include "core/or/or.h" + +#include "core/or/relay.h" +#include "core/mainloop/connection.h" +#include "core/or/connection_edge.h" +#include "core/mainloop/mainloop.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_flow.h" +#include "core/or/congestion_control_st.h" +#include "core/or/circuitlist.h" +#include "core/or/trace_probes_cc.h" +#include "feature/nodelist/networkstatus.h" +#include "trunnel/flow_control_cells.h" +#include "feature/control/control_events.h" +#include "lib/math/stats.h" + +#include "core/or/connection_st.h" +#include "core/or/cell_st.h" +#include "app/config/config.h" + +/** Cache consensus parameters */ +static uint32_t xoff_client; +static uint32_t xoff_exit; + +static uint32_t xon_change_pct; +static uint32_t xon_ewma_cnt; +static uint32_t xon_rate_bytes; + +/** Metricsport stats */ +uint64_t cc_stats_flow_num_xoff_sent; +uint64_t cc_stats_flow_num_xon_sent; +double cc_stats_flow_xoff_outbuf_ma = 0; +double cc_stats_flow_xon_outbuf_ma = 0; + +/* In normal operation, we can get a burst of up to 32 cells before returning + * to libevent to flush the outbuf. This is a heuristic from hardcoded values + * and strange logic in connection_bucket_get_share(). */ +#define MAX_EXPECTED_CELL_BURST 32 + +/* The following three are for dropmark rate limiting. They define when we + * scale down our XON, XOFF, and xmit byte counts. Early scaling is beneficial + * because it limits the ability of spurious XON/XOFF to be sent after large + * amounts of data without XON/XOFF. At these limits, after 10MB of data (or + * more), an adversary can only inject (log2(10MB)-log2(200*500))*100 ~= 1000 + * cells of fake XOFF/XON before the xmit byte count will be halved enough to + * triggering a limit. */ +#define XON_COUNT_SCALE_AT 200 +#define XOFF_COUNT_SCALE_AT 200 +#define ONE_MEGABYTE (UINT64_C(1) << 20) +#define TOTAL_XMIT_SCALE_AT (10 * ONE_MEGABYTE) + +/** + * Return the congestion control object of the given edge connection. + * + * Returns NULL if the edge connection doesn't have a cpath_layer or not + * attached to a circuit. But also if the cpath_layer or circuit doesn't have a + * congestion control object. + */ +static inline const congestion_control_t * +edge_get_ccontrol(const edge_connection_t *edge) +{ + congestion_control_t *ccontrol = NULL; + + if (edge->on_circuit && edge->on_circuit->ccontrol) { + ccontrol = edge->on_circuit->ccontrol; + } else if (edge->cpath_layer && edge->cpath_layer->ccontrol) { + ccontrol = edge->cpath_layer->ccontrol; + } + + return ccontrol; +} + +/** + * Update global congestion control related consensus parameter values, every + * consensus update. + * + * More details for each of the parameters can be found in proposal 324, + * section 6.5 including tuning notes. + */ +void +flow_control_new_consensus_params(const networkstatus_t *ns) +{ +#define CC_XOFF_CLIENT_DFLT 500 +#define CC_XOFF_CLIENT_MIN 1 +#define CC_XOFF_CLIENT_MAX 10000 + xoff_client = networkstatus_get_param(ns, "cc_xoff_client", + CC_XOFF_CLIENT_DFLT, + CC_XOFF_CLIENT_MIN, + CC_XOFF_CLIENT_MAX)*RELAY_PAYLOAD_SIZE; + +#define CC_XOFF_EXIT_DFLT 500 +#define CC_XOFF_EXIT_MIN 1 +#define CC_XOFF_EXIT_MAX 10000 + xoff_exit = networkstatus_get_param(ns, "cc_xoff_exit", + CC_XOFF_EXIT_DFLT, + CC_XOFF_EXIT_MIN, + CC_XOFF_EXIT_MAX)*RELAY_PAYLOAD_SIZE; + +#define CC_XON_CHANGE_PCT_DFLT 25 +#define CC_XON_CHANGE_PCT_MIN 1 +#define CC_XON_CHANGE_PCT_MAX 99 + xon_change_pct = networkstatus_get_param(ns, "cc_xon_change_pct", + CC_XON_CHANGE_PCT_DFLT, + CC_XON_CHANGE_PCT_MIN, + CC_XON_CHANGE_PCT_MAX); + +#define CC_XON_RATE_BYTES_DFLT (500) +#define CC_XON_RATE_BYTES_MIN (1) +#define CC_XON_RATE_BYTES_MAX (5000) + xon_rate_bytes = networkstatus_get_param(ns, "cc_xon_rate", + CC_XON_RATE_BYTES_DFLT, + CC_XON_RATE_BYTES_MIN, + CC_XON_RATE_BYTES_MAX)*RELAY_PAYLOAD_SIZE; + +#define CC_XON_EWMA_CNT_DFLT (2) +#define CC_XON_EWMA_CNT_MIN (2) +#define CC_XON_EWMA_CNT_MAX (100) + xon_ewma_cnt = networkstatus_get_param(ns, "cc_xon_ewma_cnt", + CC_XON_EWMA_CNT_DFLT, + CC_XON_EWMA_CNT_MIN, + CC_XON_EWMA_CNT_MAX); +} + +/** + * Send an XOFF for this stream, and note that we sent one + */ +static void +circuit_send_stream_xoff(edge_connection_t *stream) +{ + xoff_cell_t xoff; + uint8_t payload[CELL_PAYLOAD_SIZE]; + ssize_t xoff_size; + + memset(&xoff, 0, sizeof(xoff)); + memset(payload, 0, sizeof(payload)); + + xoff_cell_set_version(&xoff, 0); + + if ((xoff_size = xoff_cell_encode(payload, CELL_PAYLOAD_SIZE, &xoff)) < 0) { + log_warn(LD_BUG, "Failed to encode xon cell"); + return; + } + + if (connection_edge_send_command(stream, RELAY_COMMAND_XOFF, + (char*)payload, (size_t)xoff_size) == 0) { + stream->xoff_sent = true; + cc_stats_flow_num_xoff_sent++; + + /* If this is an entry conn, notify control port */ + if (TO_CONN(stream)->type == CONN_TYPE_AP) { + control_event_stream_status(TO_ENTRY_CONN(TO_CONN(stream)), + STREAM_EVENT_XOFF_SENT, + 0); + } + } +} + +/** + * Compute the recent drain rate (write rate) for this edge + * connection and return it, in KB/sec (1000 bytes/sec). + * + * Returns 0 if the monotime clock is busted. + */ +static inline uint32_t +compute_drain_rate(const edge_connection_t *stream) +{ + if (BUG(!is_monotime_clock_reliable())) { + log_warn(LD_BUG, "Computing drain rate with stalled monotime clock"); + return 0; + } + + uint64_t delta = monotime_absolute_usec() - stream->drain_start_usec; + + if (delta == 0) { + log_warn(LD_BUG, "Computing stream drain rate with zero time delta"); + return 0; + } + + /* Overflow checks */ + if (stream->prev_drained_bytes > INT32_MAX/1000 || /* Intermediate */ + stream->prev_drained_bytes/delta > INT32_MAX/1000) { /* full value */ + return INT32_MAX; + } + + /* kb/sec = bytes/usec * 1000 usec/msec * 1000 msec/sec * kb/1000bytes */ + return MAX(1, (uint32_t)(stream->prev_drained_bytes * 1000)/delta); +} + +/** + * Send an XON for this stream, with appropriate advisory rate information. + * + * Reverts the xoff sent status, and stores the rate information we sent, + * in case it changes. + */ +static void +circuit_send_stream_xon(edge_connection_t *stream) +{ + xon_cell_t xon; + uint8_t payload[CELL_PAYLOAD_SIZE]; + ssize_t xon_size; + + memset(&xon, 0, sizeof(xon)); + memset(payload, 0, sizeof(payload)); + + xon_cell_set_version(&xon, 0); + xon_cell_set_kbps_ewma(&xon, stream->ewma_drain_rate); + + if ((xon_size = xon_cell_encode(payload, CELL_PAYLOAD_SIZE, &xon)) < 0) { + log_warn(LD_BUG, "Failed to encode xon cell"); + return; + } + + /* Store the advisory rate information, to send advisory updates if + * it changes */ + stream->ewma_rate_last_sent = stream->ewma_drain_rate; + + if (connection_edge_send_command(stream, RELAY_COMMAND_XON, (char*)payload, + (size_t)xon_size) == 0) { + /* Revert the xoff sent status, so we can send another one if need be */ + stream->xoff_sent = false; + + cc_stats_flow_num_xon_sent++; + + /* If it's an entry conn, notify control port */ + if (TO_CONN(stream)->type == CONN_TYPE_AP) { + control_event_stream_status(TO_ENTRY_CONN(TO_CONN(stream)), + STREAM_EVENT_XON_SENT, + 0); + } + } +} + +/** + * Process a stream XOFF, parsing it, and then stopping reading on + * the edge connection. + * + * Record that we have received an xoff, so we know not to resume + * reading on this edge conn until we get an XON. + * + * Returns false if the XOFF did not validate; true if it does. + */ +bool +circuit_process_stream_xoff(edge_connection_t *conn, + const crypt_path_t *layer_hint, + const cell_t *cell) +{ + (void)cell; + bool retval = true; + + if (BUG(!conn)) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Got XOFF on invalid stream?"); + return false; + } + + /* Make sure this XOFF came from the right hop */ + if (layer_hint && layer_hint != conn->cpath_layer) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Got XOFF from wrong hop."); + return false; + } + + if (edge_get_ccontrol(conn) == NULL) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Got XOFF for non-congestion control circuit"); + return false; + } + + if (conn->xoff_received) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Got multiple XOFF on connection"); + return false; + } + + /* If we are near the max, scale everything down */ + if (conn->num_xoff_recv == XOFF_COUNT_SCALE_AT) { + log_info(LD_EDGE, "Scaling down for XOFF count: %d %d %d", + conn->total_bytes_xmit, + conn->num_xoff_recv, + conn->num_xon_recv); + conn->total_bytes_xmit /= 2; + conn->num_xoff_recv /= 2; + conn->num_xon_recv /= 2; + } + + conn->num_xoff_recv++; + + /* Client-side check to make sure that XOFF is not sent too early, + * for dropmark attacks. The main sidechannel risk is early cells, + * but we also check to make sure that we have not received more XOFFs + * than could have been generated by the bytes we sent. + */ + if (TO_CONN(conn)->type == CONN_TYPE_AP || conn->hs_ident != NULL) { + uint32_t limit = 0; + if (conn->hs_ident) + limit = xoff_client; + else + limit = xoff_exit; + + if (conn->total_bytes_xmit < limit*conn->num_xoff_recv) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Got extra XOFF for bytes sent. Got %d, expected max %d", + conn->num_xoff_recv, conn->total_bytes_xmit/limit); + /* We still process this, because the only dropmark defenses + * in C tor are via the vanguards addon's use of the read valid + * cells. So just signal that we think this is not valid protocol + * data and proceed. */ + retval = false; + } + } + + log_info(LD_EDGE, "Got XOFF!"); + connection_stop_reading(TO_CONN(conn)); + conn->xoff_received = true; + + /* If this is an entry conn, notify control port */ + if (TO_CONN(conn)->type == CONN_TYPE_AP) { + control_event_stream_status(TO_ENTRY_CONN(TO_CONN(conn)), + STREAM_EVENT_XOFF_RECV, + 0); + } + + return retval; +} + +/** + * Process a stream XON, and if it validates, clear the xoff + * flag and resume reading on this edge connection. + * + * Also, use provided rate information to rate limit + * reading on this edge (or packagaing from it onto + * the circuit), to avoid XON/XOFF chatter. + * + * Returns true if the XON validates, false otherwise. + */ +bool +circuit_process_stream_xon(edge_connection_t *conn, + const crypt_path_t *layer_hint, + const cell_t *cell) +{ + xon_cell_t *xon; + bool retval = true; + + if (BUG(!conn)) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Got XON on invalid stream?"); + return false; + } + + /* Make sure this XON came from the right hop */ + if (layer_hint && layer_hint != conn->cpath_layer) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Got XON from wrong hop."); + return false; + } + + if (edge_get_ccontrol(conn) == NULL) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Got XON for non-congestion control circuit"); + return false; + } + + if (xon_cell_parse(&xon, cell->payload+RELAY_HEADER_SIZE, + CELL_PAYLOAD_SIZE-RELAY_HEADER_SIZE) < 0) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Received malformed XON cell."); + return false; + } + + /* If we are near the max, scale everything down */ + if (conn->num_xon_recv == XON_COUNT_SCALE_AT) { + log_info(LD_EDGE, "Scaling down for XON count: %d %d %d", + conn->total_bytes_xmit, + conn->num_xoff_recv, + conn->num_xon_recv); + conn->total_bytes_xmit /= 2; + conn->num_xoff_recv /= 2; + conn->num_xon_recv /= 2; + } + + conn->num_xon_recv++; + + /* Client-side check to make sure that XON is not sent too early, + * for dropmark attacks. The main sidechannel risk is early cells, + * but we also check to see that we did not get more XONs than make + * sense for the number of bytes we sent. + */ + if (TO_CONN(conn)->type == CONN_TYPE_AP || conn->hs_ident != NULL) { + uint32_t limit = 0; + + if (conn->hs_ident) + limit = MIN(xoff_client, xon_rate_bytes); + else + limit = MIN(xoff_exit, xon_rate_bytes); + + if (conn->total_bytes_xmit < limit*conn->num_xon_recv) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Got extra XON for bytes sent. Got %d, expected max %d", + conn->num_xon_recv, conn->total_bytes_xmit/limit); + + /* We still process this, because the only dropmark defenses + * in C tor are via the vanguards addon's use of the read valid + * cells. So just signal that we think this is not valid protocol + * data and proceed. */ + retval = false; + } + } + + log_info(LD_EDGE, "Got XON: %d", xon->kbps_ewma); + + /* Adjust the token bucket of this edge connection with the drain rate in + * the XON. Rate is in bytes from kilobit (kpbs). */ + uint64_t rate = ((uint64_t) xon_cell_get_kbps_ewma(xon) * 1000); + if (rate == 0 || INT32_MAX < rate) { + /* No rate. */ + rate = INT32_MAX; + } + token_bucket_rw_adjust(&conn->bucket, (uint32_t) rate, (uint32_t) rate); + + if (conn->xoff_received) { + /* Clear the fact that we got an XOFF, so that this edge can + * start and stop reading normally */ + conn->xoff_received = false; + connection_start_reading(TO_CONN(conn)); + } + + /* If this is an entry conn, notify control port */ + if (TO_CONN(conn)->type == CONN_TYPE_AP) { + control_event_stream_status(TO_ENTRY_CONN(TO_CONN(conn)), + STREAM_EVENT_XON_RECV, + 0); + } + + xon_cell_free(xon); + + return retval; +} + +/** + * Called from sendme_stream_data_received(), when data arrives + * from a circuit to our edge's outbuf, to decide if we need to send + * an XOFF. + * + * Returns the amount of cells remaining until the buffer is full, at + * which point it sends an XOFF, and returns 0. + * + * Returns less than 0 if we have queued more than a congestion window + * worth of data and need to close the circuit. + */ +int +flow_control_decide_xoff(edge_connection_t *stream) +{ + size_t total_buffered = connection_get_outbuf_len(TO_CONN(stream)); + uint32_t buffer_limit_xoff = 0; + + if (BUG(edge_get_ccontrol(stream) == NULL)) { + log_err(LD_BUG, "Flow control called for non-congestion control circuit"); + return -1; + } + + /* Onion services and clients are typically localhost edges, so they + * need different buffering limits than exits do */ + if (TO_CONN(stream)->type == CONN_TYPE_AP || stream->hs_ident != NULL) { + buffer_limit_xoff = xoff_client; + } else { + buffer_limit_xoff = xoff_exit; + } + + if (total_buffered > buffer_limit_xoff) { + if (!stream->xoff_sent) { + log_info(LD_EDGE, "Sending XOFF: %"TOR_PRIuSZ" %d", + total_buffered, buffer_limit_xoff); + tor_trace(TR_SUBSYS(cc), TR_EV(flow_decide_xoff_sending), stream); + + cc_stats_flow_xoff_outbuf_ma = + stats_update_running_avg(cc_stats_flow_xoff_outbuf_ma, + total_buffered); + + circuit_send_stream_xoff(stream); + + /* Clear the drain rate. It is considered wrong if we + * got all the way to XOFF */ + stream->ewma_drain_rate = 0; + } + } + + /* If the outbuf has accumulated more than the expected burst limit of + * cells, then assume it is not draining, and call decide_xon. We must + * do this because writes only happen when the socket unblocks, so + * may not otherwise notice accumulation of data in the outbuf for + * advisory XONs. */ + if (total_buffered > MAX_EXPECTED_CELL_BURST*RELAY_PAYLOAD_SIZE) { + flow_control_decide_xon(stream, 0); + } + + /* Flow control always takes more data; we rely on the oomkiller to + * handle misbehavior. */ + return 0; +} + +/** + * Returns true if the stream's drain rate has changed significantly. + * + * Returns false if the monotime clock is stalled, or if we have + * no previous drain rate information. + */ +static bool +stream_drain_rate_changed(const edge_connection_t *stream) +{ + if (!is_monotime_clock_reliable()) { + return false; + } + + if (!stream->ewma_rate_last_sent) { + return false; + } + + if (stream->ewma_drain_rate > + (100+(uint64_t)xon_change_pct)*stream->ewma_rate_last_sent/100) { + return true; + } + + if (stream->ewma_drain_rate < + (100-(uint64_t)xon_change_pct)*stream->ewma_rate_last_sent/100) { + return true; + } + + return false; +} + +/** + * Called whenever we drain an edge connection outbuf by writing on + * its socket, to decide if it is time to send an xon. + * + * The n_written parameter tells us how many bytes we have written + * this time, which is used to compute the advisory drain rate fields. + */ +void +flow_control_decide_xon(edge_connection_t *stream, size_t n_written) +{ + size_t total_buffered = connection_get_outbuf_len(TO_CONN(stream)); + + /* Bounds check the number of drained bytes, and scale */ + if (stream->drained_bytes >= UINT32_MAX - n_written) { + /* Cut the bytes in half, and move the start time up halfway to now + * (if we have one). */ + stream->drained_bytes /= 2; + + if (stream->drain_start_usec) { + uint64_t now = monotime_absolute_usec(); + + stream->drain_start_usec = now - (now-stream->drain_start_usec)/2; + } + } + + /* Accumulate drained bytes since last rate computation */ + stream->drained_bytes += n_written; + + tor_trace(TR_SUBSYS(cc), TR_EV(flow_decide_xon), stream, n_written); + + /* Check for bad monotime clock and bytecount wrap */ + if (!is_monotime_clock_reliable()) { + /* If the monotime clock ever goes wrong, the safest thing to do + * is just clear our short-term rate info and wait for the clock to + * become reliable again.. */ + stream->drain_start_usec = 0; + stream->drained_bytes = 0; + } else { + /* If we have no drain start timestamp, and we still have + * remaining buffer, start the buffering counter */ + if (!stream->drain_start_usec && total_buffered > 0) { + log_debug(LD_EDGE, "Began edge buffering: %d %d %"TOR_PRIuSZ, + stream->ewma_rate_last_sent, + stream->ewma_drain_rate, + total_buffered); + tor_trace(TR_SUBSYS(cc), TR_EV(flow_decide_xon_drain_start), + stream); + stream->drain_start_usec = monotime_absolute_usec(); + stream->drained_bytes = 0; + } + } + + if (stream->drain_start_usec) { + /* If we have spent enough time in a queued state, update our drain + * rate. */ + if (stream->drained_bytes > xon_rate_bytes) { + /* No previous drained bytes means it is the first time we are computing + * it so use the value we just drained onto the socket as a baseline. It + * won't be accurate but it will be a start towards the right value. + * + * We have to do this in order to have a drain rate else we could be + * sending a drain rate of 0 in an XON which would be undesirable and + * basically like sending an XOFF. */ + if (stream->prev_drained_bytes == 0) { + stream->prev_drained_bytes = stream->drained_bytes; + } + uint32_t drain_rate = compute_drain_rate(stream); + /* Once the drain rate has been computed, note how many bytes we just + * drained so it can be used at the next calculation. We do this here + * because it gets reset once the rate is changed. */ + stream->prev_drained_bytes = stream->drained_bytes; + + if (drain_rate) { + stream->ewma_drain_rate = + (uint32_t)n_count_ewma(drain_rate, + stream->ewma_drain_rate, + xon_ewma_cnt); + log_debug(LD_EDGE, "Updating drain rate: %d %d %"TOR_PRIuSZ, + drain_rate, + stream->ewma_drain_rate, + total_buffered); + tor_trace(TR_SUBSYS(cc), TR_EV(flow_decide_xon_drain_update), + stream, drain_rate); + /* Reset recent byte counts. This prevents us from sending advisory + * XONs more frequent than every xon_rate_bytes. */ + stream->drained_bytes = 0; + stream->drain_start_usec = 0; + } + } + } + + /* If we don't have an XOFF outstanding, consider updating an + * old rate */ + if (!stream->xoff_sent) { + if (stream_drain_rate_changed(stream)) { + /* If we are still buffering and the rate changed, update + * advisory XON */ + log_info(LD_EDGE, "Sending rate-change XON: %d %d %"TOR_PRIuSZ, + stream->ewma_rate_last_sent, + stream->ewma_drain_rate, + total_buffered); + tor_trace(TR_SUBSYS(cc), TR_EV(flow_decide_xon_rate_change), stream); + + cc_stats_flow_xon_outbuf_ma = + stats_update_running_avg(cc_stats_flow_xon_outbuf_ma, + total_buffered); + + circuit_send_stream_xon(stream); + } + } else if (total_buffered == 0) { + log_info(LD_EDGE, "Sending XON: %d %d %"TOR_PRIuSZ, + stream->ewma_rate_last_sent, + stream->ewma_drain_rate, + total_buffered); + tor_trace(TR_SUBSYS(cc), TR_EV(flow_decide_xon_partial_drain), stream); + circuit_send_stream_xon(stream); + } + + /* If the buffer has fully emptied, clear the drain timestamp, + * so we can total only bytes drained while outbuf is 0. */ + if (total_buffered == 0) { + stream->drain_start_usec = 0; + + /* After we've spent 'xon_rate_bytes' with the queue fully drained, + * double any rate we sent. */ + if (stream->drained_bytes >= xon_rate_bytes && + stream->ewma_rate_last_sent) { + stream->ewma_drain_rate = MIN(INT32_MAX, 2*stream->ewma_drain_rate); + + log_debug(LD_EDGE, + "Queue empty for xon_rate_limit bytes: %d %d", + stream->ewma_rate_last_sent, + stream->ewma_drain_rate); + tor_trace(TR_SUBSYS(cc), TR_EV(flow_decide_xon_drain_doubled), stream); + /* Resetting the drained bytes count. We need to keep its value as a + * previous so the drain rate calculation takes into account what was + * actually drain the last time. */ + stream->prev_drained_bytes = stream->drained_bytes; + stream->drained_bytes = 0; + } + } + + return; +} + +/** + * Note that we packaged some data on this stream. Used to enforce + * client-side dropmark limits + */ +void +flow_control_note_sent_data(edge_connection_t *stream, size_t len) +{ + /* If we are near the max, scale everything down */ + if (stream->total_bytes_xmit >= TOTAL_XMIT_SCALE_AT-len) { + log_info(LD_EDGE, "Scaling down for flow control xmit bytes:: %d %d %d", + stream->total_bytes_xmit, + stream->num_xoff_recv, + stream->num_xon_recv); + + stream->total_bytes_xmit /= 2; + stream->num_xoff_recv /= 2; + stream->num_xon_recv /= 2; + } + + stream->total_bytes_xmit += len; +} + +/** Returns true if an edge connection uses flow control */ +bool +edge_uses_flow_control(const edge_connection_t *stream) +{ + bool ret = (stream->on_circuit && stream->on_circuit->ccontrol) || + (stream->cpath_layer && stream->cpath_layer->ccontrol); + + /* All circuits with congestion control use flow control */ + return ret; +} + +/** + * Returns the max RTT for the circuit that carries this stream, + * as observed by congestion control. + */ +uint64_t +edge_get_max_rtt(const edge_connection_t *stream) +{ + if (stream->on_circuit && stream->on_circuit->ccontrol) + return stream->on_circuit->ccontrol->max_rtt_usec; + else if (stream->cpath_layer && stream->cpath_layer->ccontrol) + return stream->cpath_layer->ccontrol->max_rtt_usec; + + return 0; +} + +/** Returns true if a connection is an edge conn that uses flow control */ +bool +conn_uses_flow_control(connection_t *conn) +{ + bool ret = false; + + if (CONN_IS_EDGE(conn)) { + edge_connection_t *edge = TO_EDGE_CONN(conn); + + if (edge_uses_flow_control(edge)) { + ret = true; + } + } + + return ret; +} + diff --git a/src/core/or/congestion_control_flow.h b/src/core/or/congestion_control_flow.h new file mode 100644 index 0000000000..5c735cce23 --- /dev/null +++ b/src/core/or/congestion_control_flow.h @@ -0,0 +1,54 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_flow.h + * \brief APIs for stream flow control on congestion controlled circuits. + **/ + +#ifndef TOR_CONGESTION_CONTROL_FLOW_H +#define TOR_CONGESTION_CONTROL_FLOW_H + +#include "core/or/crypt_path_st.h" +#include "core/or/circuit_st.h" +#include "core/or/edge_connection_st.h" + +void flow_control_new_consensus_params(const struct networkstatus_t *); + +bool circuit_process_stream_xoff(edge_connection_t *conn, + const crypt_path_t *layer_hint, + const cell_t *cell); +bool circuit_process_stream_xon(edge_connection_t *conn, + const crypt_path_t *layer_hint, + const cell_t *cell); + +int flow_control_decide_xoff(edge_connection_t *stream); +void flow_control_decide_xon(edge_connection_t *stream, size_t n_written); + +void flow_control_note_sent_data(edge_connection_t *stream, size_t len); + +bool edge_uses_flow_control(const edge_connection_t *stream); + +bool conn_uses_flow_control(connection_t *stream); + +uint64_t edge_get_max_rtt(const edge_connection_t *); + +/** Metricsport externs */ +extern uint64_t cc_stats_flow_num_xoff_sent; +extern uint64_t cc_stats_flow_num_xon_sent; +extern double cc_stats_flow_xoff_outbuf_ma; +extern double cc_stats_flow_xon_outbuf_ma; + +/* Private section starts. */ +#ifdef TOR_CONGESTION_CONTROL_FLOW_PRIVATE + +/* + * Unit tests declaractions. + */ +#ifdef TOR_UNIT_TESTS + +#endif /* defined(TOR_UNIT_TESTS) */ + +#endif /* defined(TOR_CONGESTION_CONTROL_FLOW_PRIVATE) */ + +#endif /* !defined(TOR_CONGESTION_CONTROL_FLOW_H) */ diff --git a/src/core/or/congestion_control_nola.c b/src/core/or/congestion_control_nola.c new file mode 100644 index 0000000000..d8ad69a78c --- /dev/null +++ b/src/core/or/congestion_control_nola.c @@ -0,0 +1,139 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_nola.c + * \brief Code that implements the TOR_NOLA congestion control algorithm + * from Proposal #324. + */ + +#define TOR_CONGESTION_CONTROL_NOLA_PRIVATE + +#include "core/or/or.h" + +#include "core/or/crypt_path.h" +#include "core/or/or_circuit_st.h" +#include "core/or/sendme.h" +#include "core/or/congestion_control_st.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_nola.h" +#include "core/or/circuituse.h" +#include "core/or/circuitlist.h" +#include "core/or/origin_circuit_st.h" +#include "core/or/channel.h" +#include "feature/nodelist/networkstatus.h" +#include "feature/control/control_events.h" + +#define NOLA_BDP_OVERSHOOT 100 + +/** + * Cache NOLA consensus parameters. + */ +void +congestion_control_nola_set_params(congestion_control_t *cc) +{ + tor_assert(cc->cc_alg == CC_ALG_NOLA); + + cc->nola_params.bdp_overshoot = + networkstatus_get_param(NULL, "cc_nola_overshoot", + NOLA_BDP_OVERSHOOT, + 0, + 1000); +} + +/** +* Process a SENDME and update the congestion window according to the +* rules specified in TOR_NOLA of Proposal #324. +* +* TOR_NOLA updates the congestion window to match the current +* BDP estimate, every sendme. Because this can result in downward +* drift, a fixed overhead is added to the BDP estimate. This will +* cause some queuing, but ensures that the algorithm always uses +* the full BDP. +* +* To handle the case where the local orconn blocks, TOR_NOLA uses +* the 'piecewise' BDP estimate, which uses more a conservative BDP +* estimate method when blocking occurs, but a more aggressive BDP +* estimate when there is no local blocking. This minimizes local +* client queues. +*/ +int +congestion_control_nola_process_sendme(congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint) +{ + tor_assert(cc && cc->cc_alg == CC_ALG_NOLA); + tor_assert(circ); + + if (cc->next_cc_event) + cc->next_cc_event--; + + /* If we get a congestion event, the only thing NOLA + * does is note this as if we exited slow-start + * (which for NOLA just means we finished our ICW). */ + if (cc->next_cc_event == 0) { + if (cc->in_slow_start) { + cc->in_slow_start = 0; + + /* We need to report that slow start has exited ASAP, + * for sbws bandwidth measurement. */ + if (CIRCUIT_IS_ORIGIN(circ)) { + /* We must discard const here because the event modifies fields :/ */ + control_event_circ_bandwidth_used_for_circ( + TO_ORIGIN_CIRCUIT((circuit_t*)circ)); + } + } + } + + /* If we did not successfully update BDP, we must return. Otherwise, + * NOLA can drift downwards */ + if (!congestion_control_update_circuit_estimates(cc, circ, layer_hint)) { + cc->inflight = cc->inflight - cc->sendme_inc; + return 0; + } + + /* We overshoot the BDP by the cwnd_inc param amount, because BDP + * may otherwise drift down. This helps us probe for more capacity. + * But there is no sense to do it if the local channel is blocked. */ + if (cc->blocked_chan) + cc->cwnd = cc->bdp[cc->bdp_alg]; + else + cc->cwnd = cc->bdp[cc->bdp_alg] + cc->nola_params.bdp_overshoot; + + /* cwnd can never fall below 1 increment */ + cc->cwnd = MAX(cc->cwnd, cc->cwnd_min); + + if (CIRCUIT_IS_ORIGIN(circ)) { + log_info(LD_CIRC, + "CC TOR_NOLA: Circuit %d " + "CWND: %"PRIu64", " + "INFL: %"PRIu64", " + "NCCE: %"PRIu16", " + "SS: %d", + CONST_TO_ORIGIN_CIRCUIT(circ)->global_identifier, + cc->cwnd, + cc->inflight, + cc->next_cc_event, + cc->in_slow_start + ); + } else { + log_info(LD_CIRC, + "CC TOR_NOLA: Circuit %"PRIu64":%d " + "CWND: %"PRIu64", " + "INFL: %"PRIu64", " + "NCCE: %"PRIu16", " + "SS: %d", + CONST_TO_OR_CIRCUIT(circ)->p_chan->global_identifier, + CONST_TO_OR_CIRCUIT(circ)->p_circ_id, + cc->cwnd, + cc->inflight, + cc->next_cc_event, + cc->in_slow_start + ); + } + + /* Update inflight with ack */ + cc->inflight = cc->inflight - cc->sendme_inc; + + return 0; +} diff --git a/src/core/or/congestion_control_nola.h b/src/core/or/congestion_control_nola.h new file mode 100644 index 0000000000..9c7d6e0635 --- /dev/null +++ b/src/core/or/congestion_control_nola.h @@ -0,0 +1,33 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_nola.h + * \brief Private-ish APIs for the TOR_NOLA congestion control algorithm + **/ + +#ifndef TOR_CONGESTION_CONTROL_NOLA_H +#define TOR_CONGESTION_CONTROL_NOLA_H + +#include "core/or/crypt_path_st.h" +#include "core/or/circuit_st.h" + +/* Processing SENDME cell. */ +int congestion_control_nola_process_sendme(struct congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint); +void congestion_control_nola_set_params(struct congestion_control_t *cc); + +/* Private section starts. */ +#ifdef TOR_CONGESTION_CONTROL_NOLA_PRIVATE + +/* + * Unit tests declaractions. + */ +#ifdef TOR_UNIT_TESTS + +#endif /* defined(TOR_UNIT_TESTS) */ + +#endif /* defined(TOR_CONGESTION_CONTROL_NOLA_PRIVATE) */ + +#endif /* !defined(TOR_CONGESTION_CONTROL_NOLA_H) */ diff --git a/src/core/or/congestion_control_st.h b/src/core/or/congestion_control_st.h new file mode 100644 index 0000000000..0cc4e43938 --- /dev/null +++ b/src/core/or/congestion_control_st.h @@ -0,0 +1,276 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_st.h + * \brief Structure definitions for congestion control. + **/ + +#ifndef CONGESTION_CONTROL_ST_H +#define CONGESTION_CONTROL_ST_H + +#include "core/or/crypt_path_st.h" +#include "core/or/circuit_st.h" + +/** Signifies which sendme algorithm to use */ +typedef enum { + /** OG Tor fixed-sized circ and stream windows. It sucks, but it is important + * to make sure that the new algs can compete with the old garbage. */ + CC_ALG_SENDME = 0, + + /** + * Prop#324 TOR_WESTWOOD - Deliberately aggressive. Westwood may not even + * converge to fairness in some cases because max RTT will also increase + * on congestion, which boosts the Westwood RTT congestion threshold. So it + * can cause runaway queue bloat, which may or may not lead to a robot + * uprising... Ok that's Westworld, not Westwood. Still, we need to test + * Vegas and NOLA against something more aggressive to ensure they do not + * starve in the presence of cheaters. We also need to make sure cheaters + * trigger the oomkiller in those cases. + */ + CC_ALG_WESTWOOD = 1, + + /** + * Prop#324 TOR_VEGAS - TCP Vegas-style BDP tracker. Because Vegas backs off + * whenever it detects queue delay, it can be beaten out by more aggressive + * algs. However, in live network testing, it seems to do just fine against + * current SENDMEs. It outperforms Westwood and does not stall. */ + CC_ALG_VEGAS = 2, + + /** + * Prop#324: TOR_NOLA - NOLA looks the BDP right in the eye and uses it + * immediately as CWND. No slow start, no other congestion signals, no delay, + * no bullshit. Like TOR_VEGAS, it also uses aggressive BDP estimates, to + * avoid out-competition. It seems a bit better throughput than Vegas, + * but its agressive BDP and rapid updates may lead to more queue latency. */ + CC_ALG_NOLA = 3, +} cc_alg_t; + +/* Total number of CC algs in cc_alg_t enum */ +#define NUM_CC_ALGS (CC_ALG_NOLA+1) + +/** Signifies how we estimate circuit BDP */ +typedef enum { + /* CWND-based BDP will respond to changes in RTT only, and is relative + * to cwnd growth. So in slow-start, this will under-estimate BDP */ + BDP_ALG_CWND_RTT = 0, + + /* Sendme-based BDP will quickly measure BDP in less than + * a cwnd worth of data when in use. So it should be good for slow-start. + * But if the link goes idle, it will be vastly lower than true BDP. Thus, + * this estimate gets reset when the cwnd is not fully utilized. */ + BDP_ALG_SENDME_RATE = 1, + + /* Inflight BDP is similar to the cwnd estimator, except it uses + * packets inflight minus local circuit queues instead of current cwnd. + * Because it is strictly less than or equal to the cwnd, it will cause + * the cwnd to drift downward. It is only used if the local OR connection + * is blocked. */ + BDP_ALG_INFLIGHT_RTT = 2, + + /* The Piecewise BDP estimator uses the CWND estimator before there + * are sufficient SENDMEs to calculate the SENDME estimator. At that + * point, it uses the SENDME estimator, unless the local OR connection + * becomes blocked. In that case, it switches to the inflight estimator. */ + BDP_ALG_PIECEWISE = 3, + +} bdp_alg_t; + +/** Total number of BDP algs in bdp_alg_t enum */ +#define NUM_BDP_ALGS (BDP_ALG_PIECEWISE+1) + +/** Westwood algorithm parameters */ +struct westwood_params_t { + /** Cwnd backoff multiplier upon congestion (as percent) */ + uint8_t cwnd_backoff_m; + /** Max RTT backoff multiplier upon congestion (as percent) */ + uint8_t rtt_backoff_m; + + /** Threshold between min and max RTT, to signal congestion (percent) */ + uint8_t rtt_thresh; + + /** + * If true, use minimum of BDP and backoff multiplication in backoff. + * If false, use maximum of BDP and backoff multiplication in backoff. */ + bool min_backoff; +}; + +/** Vegas algorithm parameters. */ +struct vegas_params_t { + /** The slow-start cwnd cap for RFC3742 */ + uint32_t ss_cwnd_cap; + /** The maximum slow-start cwnd */ + uint32_t ss_cwnd_max; + /** The queue use allowed before we exit slow start */ + uint16_t gamma; + /** The queue use below which we increment cwnd */ + uint16_t alpha; + /** The queue use above which we decrement cwnd */ + uint16_t beta; + /** The queue use at which we cap cwnd in steady state */ + uint16_t delta; + /** Weighted average (percent) between cwnd estimator and + * piecewise estimator. */ + uint8_t bdp_mix_pct; +}; + +/** NOLA consensus params */ +struct nola_params_t { + /** How many cells to add to BDP estimate to obtain cwnd */ + uint16_t bdp_overshoot; +}; + +/** Fields common to all congestion control algorithms */ +struct congestion_control_t { + /** + * Smartlist of uint64_t monotime usec timestamps of when we sent a data + * cell that is pending a sendme. FIFO queue that is managed similar to + * sendme_last_digests. */ + smartlist_t *sendme_pending_timestamps; + + /** + * Smartlist of uint64_t monotime timestamp of when sendme's arrived. + * FIFO queue that is managed similar to sendme_last_digests. + * Used to estimate circuitbandwidth and BDP. */ + smartlist_t *sendme_arrival_timestamps; + + /** RTT time data for congestion control. */ + uint64_t ewma_rtt_usec; + uint64_t min_rtt_usec; + uint64_t max_rtt_usec; + + /* BDP estimates by algorithm */ + uint64_t bdp[NUM_BDP_ALGS]; + + /** Congestion window */ + uint64_t cwnd; + + /** Number of cells in-flight (sent but awaiting SENDME ack). */ + uint64_t inflight; + + /** + * For steady-state: the number of sendme acks until we will acknowledge + * a congestion event again. It starts out as the number of sendme acks + * in a congestion window and is decremented each ack. When this reaches + * 0, it means we should examine our congestion algorithm conditions. + * In this way, we only react to one congestion event per congestion window. + * + * It is also reset to 0 immediately whenever the circuit's orconn is + * blocked, and when a previously blocked orconn is unblocked. + */ + uint16_t next_cc_event; + + /** Counts down until we process a cwnd worth of SENDME acks. + * Used to track full cwnd status. */ + uint16_t next_cwnd_event; + + /** Are we in slow start? */ + bool in_slow_start; + + /** Has the cwnd become full since last cwnd update? */ + bool cwnd_full; + + /** Is the local channel blocked on us? That's a congestion signal */ + bool blocked_chan; + + /* The following parameters are cached from consensus values upon + * circuit setup. */ + + /** Percent of cwnd to increment by during slow start */ + uint16_t cwnd_inc_pct_ss; + + /** Number of cells to increment cwnd by during steady state */ + uint16_t cwnd_inc; + + /** Minimum congestion window (must be at least sendme_inc) */ + uint16_t cwnd_min; + + /** + * Number of times per congestion window to update based on congestion + * signals */ + uint8_t cwnd_inc_rate; + + /** + * Number of cells to ack with every sendme. Taken from consensus parameter + * and negotiation during circuit setup. */ + uint8_t sendme_inc; + + /** Which congestion control algorithm to use. Taken from + * consensus parameter and negotiation during circuit setup. */ + cc_alg_t cc_alg; + + /** Which algorithm to estimate circuit bandwidth with. Taken from + * consensus parameter during circuit setup. */ + bdp_alg_t bdp_alg; + + /** Algorithm-specific parameters. The specific struct that is used + * depends upon the algorithm selected by the cc_alg parameter. + * These should not be accessed anywhere other than the algorithm-specific + * files. */ + union { + struct westwood_params_t westwood_params; + struct vegas_params_t vegas_params; + struct nola_params_t nola_params; + }; +}; + +/** + * Returns the number of sendme acks we will receive before we update cwnd. + * + * Congestion control literature recommends only one update of cwnd per + * cwnd worth of acks. However, we can also tune this to be more frequent + * by increasing the 'cc_cwnd_inc_rate' consensus parameter. This tuning + * only applies after slow start. + * + * If this returns 0 due to high cwnd_inc_rate, the calling code will + * update every sendme ack. + */ +static inline uint64_t CWND_UPDATE_RATE(const struct congestion_control_t *cc) +{ + /* We add cwnd_inc_rate*sendme_inc/2 to round to nearest integer number + * of acks */ + + if (cc->in_slow_start) { + return 1; + } else { + return ((cc->cwnd + cc->cwnd_inc_rate*cc->sendme_inc/2) + / (cc->cwnd_inc_rate*cc->sendme_inc)); + } +} + +/** + * Gives us the number of SENDMEs in a CWND, rounded. + */ +static inline uint64_t SENDME_PER_CWND(const struct congestion_control_t *cc) +{ + /* We add cwnd_inc_rate*sendme_inc/2 to round to nearest integer number + * of acks */ + return ((cc->cwnd + cc->sendme_inc/2)/cc->sendme_inc); +} + +/** + * Returns the amount to increment the congestion window each update, + * during slow start. + * + * Congestion control literature recommends either doubling the cwnd + * every cwnd during slow start, or some similar exponential growth + * (such as 50% more every cwnd, for Vegas). + * + * This is controlled by a consensus parameter 'cwnd_inc_pct_ss', which + * allows us to specify the percent of the current consensus window + * to update by. + */ +static inline uint64_t CWND_INC_SS(const struct congestion_control_t *cc) +{ + return (cc->cwnd_inc_pct_ss*cc->cwnd/100); +} + +/** + * Returns the amount to increment (and for Vegas, also decrement) the + * congestion window by, every update period. + * + * This is controlled by the cc_cwnd_inc consensus parameter. + */ +#define CWND_INC(cc) ((cc)->cwnd_inc) + +#endif /* !defined(CONGESTION_CONTROL_ST_H) */ diff --git a/src/core/or/congestion_control_vegas.c b/src/core/or/congestion_control_vegas.c new file mode 100644 index 0000000000..b82c685d51 --- /dev/null +++ b/src/core/or/congestion_control_vegas.c @@ -0,0 +1,619 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_vegas.c + * \brief Code that implements the TOR_VEGAS congestion control algorithm + * from Proposal #324. + */ + +#define TOR_CONGESTION_CONTROL_VEGAS_PRIVATE + +#include "core/or/or.h" + +#include "core/or/crypt_path.h" +#include "core/or/or_circuit_st.h" +#include "core/or/sendme.h" +#include "core/or/congestion_control_st.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_vegas.h" +#include "core/or/circuitlist.h" +#include "core/or/circuituse.h" +#include "core/or/origin_circuit_st.h" +#include "core/or/channel.h" +#include "feature/nodelist/networkstatus.h" +#include "feature/control/control_events.h" +#include "lib/math/stats.h" + +#define OUTBUF_CELLS (2*TLS_RECORD_MAX_CELLS) + +#define SS_CWND_MAX_DFLT (5000) + +/* sbws circs are two hops, so params are based on 2 outbufs of cells */ +#define VEGAS_ALPHA_SBWS_DFLT (2*OUTBUF_CELLS-TLS_RECORD_MAX_CELLS) +#define VEGAS_BETA_SBWS_DFLT (2*OUTBUF_CELLS+TLS_RECORD_MAX_CELLS) +#define VEGAS_GAMMA_SBWS_DFLT (2*OUTBUF_CELLS) +#define VEGAS_DELTA_SBWS_DFLT (4*OUTBUF_CELLS) +#define VEGAS_SSCAP_SBWS_DFLT (400) + +/* Exits are three hops, so params are based on 3 outbufs of cells */ +#define VEGAS_ALPHA_EXIT_DFLT (2*OUTBUF_CELLS) +#define VEGAS_BETA_EXIT_DFLT (4*OUTBUF_CELLS) +#define VEGAS_GAMMA_EXIT_DFLT (3*OUTBUF_CELLS) +#define VEGAS_DELTA_EXIT_DFLT (6*OUTBUF_CELLS) +#define VEGAS_SSCAP_EXIT_DFLT (500) + +/* Onion rends are six hops, so params are based on 6 outbufs of cells */ +#define VEGAS_ALPHA_ONION_DFLT (3*OUTBUF_CELLS) +#define VEGAS_BETA_ONION_DFLT (7*OUTBUF_CELLS) +#define VEGAS_GAMMA_ONION_DFLT (5*OUTBUF_CELLS) +#define VEGAS_DELTA_ONION_DFLT (9*OUTBUF_CELLS) +#define VEGAS_SSCAP_ONION_DFLT (600) + +/** + * Number of sendme_incs between cwnd and inflight for cwnd to be + * still considered full */ +#define VEGAS_CWND_FULL_GAP_DFLT (1) +static int cc_vegas_cwnd_full_gap = VEGAS_CWND_FULL_GAP_DFLT; + +/** + * If the cwnd becomes less than this percent full at any point, + * we declare it not full immediately. + */ +#define VEGAS_CWND_FULL_MINPCT_DFLT (75) +static int cc_vegas_cwnd_full_minpct = VEGAS_CWND_FULL_MINPCT_DFLT; + +/** + * Param to decide when to reset the cwnd. + */ +#define VEGAS_CWND_FULL_PER_CWND_DFLT (1) +static int cc_cwnd_full_per_cwnd = VEGAS_CWND_FULL_PER_CWND_DFLT; + +/** Moving average of the cc->cwnd from each circuit exiting slowstart. */ +double cc_stats_vegas_exit_ss_cwnd_ma = 0; +double cc_stats_vegas_exit_ss_bdp_ma = 0; +double cc_stats_vegas_exit_ss_inc_ma = 0; +double cc_stats_vegas_gamma_drop_ma = 0; +double cc_stats_vegas_delta_drop_ma = 0; +double cc_stats_vegas_ss_csig_blocked_ma = 0; +double cc_stats_vegas_csig_blocked_ma = 0; +double cc_stats_vegas_csig_alpha_ma = 0; +double cc_stats_vegas_csig_beta_ma = 0; +double cc_stats_vegas_csig_delta_ma = 0; + +double cc_stats_vegas_ss_queue_ma = 0; +double cc_stats_vegas_queue_ma = 0; +double cc_stats_vegas_bdp_ma = 0; + +/** Stats on how many times we reached "delta" param. */ +uint64_t cc_stats_vegas_above_delta = 0; +/** Stats on how many times we reached "ss_cwnd_max" param. */ +uint64_t cc_stats_vegas_above_ss_cwnd_max = 0; +uint64_t cc_stats_vegas_below_ss_inc_floor = 0; +uint64_t cc_stats_vegas_circ_exited_ss = 0; + +/** + * The original TCP Vegas congestion window BDP estimator. + */ +static inline uint64_t +vegas_bdp(const congestion_control_t *cc) +{ + return cc->bdp[BDP_ALG_CWND_RTT]; +} + +/** + * Cache Vegas consensus parameters. + */ +void +congestion_control_vegas_set_params(congestion_control_t *cc, + cc_path_t path) +{ + tor_assert(cc->cc_alg == CC_ALG_VEGAS); + const char *alpha_str = NULL, *beta_str = NULL, *gamma_str = NULL; + const char *delta_str = NULL, *sscap_str = NULL; + int alpha, beta, gamma, delta, ss_cwnd_cap; + + switch (path) { + case CC_PATH_SBWS: + alpha_str = "cc_vegas_alpha_sbws"; + beta_str = "cc_vegas_beta_sbws"; + gamma_str = "cc_vegas_gamma_sbws"; + delta_str = "cc_vegas_delta_sbws"; + sscap_str = "cc_sscap_sbws"; + alpha = VEGAS_ALPHA_SBWS_DFLT; + beta = VEGAS_BETA_SBWS_DFLT; + gamma = VEGAS_GAMMA_SBWS_DFLT; + delta = VEGAS_DELTA_SBWS_DFLT; + ss_cwnd_cap = VEGAS_SSCAP_SBWS_DFLT; + break; + case CC_PATH_EXIT: + case CC_PATH_ONION_SOS: + alpha_str = "cc_vegas_alpha_exit"; + beta_str = "cc_vegas_beta_exit"; + gamma_str = "cc_vegas_gamma_exit"; + delta_str = "cc_vegas_delta_exit"; + sscap_str = "cc_sscap_exit"; + alpha = VEGAS_ALPHA_EXIT_DFLT; + beta = VEGAS_BETA_EXIT_DFLT; + gamma = VEGAS_GAMMA_EXIT_DFLT; + delta = VEGAS_DELTA_EXIT_DFLT; + ss_cwnd_cap = VEGAS_SSCAP_EXIT_DFLT; + break; + case CC_PATH_ONION: + case CC_PATH_ONION_VG: + alpha_str = "cc_vegas_alpha_onion"; + beta_str = "cc_vegas_beta_onion"; + gamma_str = "cc_vegas_gamma_onion"; + delta_str = "cc_vegas_delta_onion"; + sscap_str = "cc_sscap_onion"; + alpha = VEGAS_ALPHA_ONION_DFLT; + beta = VEGAS_BETA_ONION_DFLT; + gamma = VEGAS_GAMMA_ONION_DFLT; + delta = VEGAS_DELTA_ONION_DFLT; + ss_cwnd_cap = VEGAS_SSCAP_ONION_DFLT; + break; + default: + tor_assert(0); + break; + } + + cc->vegas_params.ss_cwnd_cap = + networkstatus_get_param(NULL, sscap_str, + ss_cwnd_cap, + 100, + INT32_MAX); + + cc->vegas_params.ss_cwnd_max = + networkstatus_get_param(NULL, "cc_ss_max", + SS_CWND_MAX_DFLT, + 500, + INT32_MAX); + + cc->vegas_params.alpha = + networkstatus_get_param(NULL, alpha_str, + alpha, + 0, + 1000); + + cc->vegas_params.beta = + networkstatus_get_param(NULL, beta_str, + beta, + 0, + 1000); + + cc->vegas_params.gamma = + networkstatus_get_param(NULL, gamma_str, + gamma, + 0, + 1000); + + cc->vegas_params.delta = + networkstatus_get_param(NULL, delta_str, + delta, + 0, + INT32_MAX); + + cc_vegas_cwnd_full_minpct = + networkstatus_get_param(NULL, "cc_cwnd_full_minpct", + VEGAS_CWND_FULL_MINPCT_DFLT, + 0, + 100); + + cc_vegas_cwnd_full_gap = + networkstatus_get_param(NULL, "cc_cwnd_full_gap", + VEGAS_CWND_FULL_GAP_DFLT, + 0, + INT16_MAX); + + cc_cwnd_full_per_cwnd = + networkstatus_get_param(NULL, "cc_cwnd_full_per_cwnd", + VEGAS_CWND_FULL_PER_CWND_DFLT, + 0, + 1); +} + +/** + * Common log function for tracking all vegas state. + */ +static void +congestion_control_vegas_log(const circuit_t *circ, + const congestion_control_t *cc) +{ + uint64_t queue_use = cc->cwnd - vegas_bdp(cc); + + if (CIRCUIT_IS_ORIGIN(circ) && + circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED) { + log_info(LD_CIRC, + "CC: TOR_VEGAS Onion Circuit %d " + "RTT: %"PRIu64", %"PRIu64", %"PRIu64", " + "CWND: %"PRIu64", " + "INFL: %"PRIu64", " + "VBDP: %"PRIu64", " + "QUSE: %"PRIu64", " + "BWE: %"PRIu64", " + "SS: %d", + CONST_TO_ORIGIN_CIRCUIT(circ)->global_identifier, + cc->min_rtt_usec/1000, + cc->ewma_rtt_usec/1000, + cc->max_rtt_usec/1000, + cc->cwnd, + cc->inflight, + vegas_bdp(cc), + queue_use, + cc->cwnd*CELL_MAX_NETWORK_SIZE*1000/ + MAX(cc->min_rtt_usec,cc->ewma_rtt_usec), + cc->in_slow_start + ); + } else { + log_info(LD_CIRC, + "CC: TOR_VEGAS " + "RTT: %"PRIu64", %"PRIu64", %"PRIu64", " + "CWND: %"PRIu64", " + "INFL: %"PRIu64", " + "VBDP: %"PRIu64", " + "QUSE: %"PRIu64", " + "BWE: %"PRIu64", " + "SS: %d", + cc->min_rtt_usec/1000, + cc->ewma_rtt_usec/1000, + cc->max_rtt_usec/1000, + cc->cwnd, + cc->inflight, + vegas_bdp(cc), + queue_use, + cc->cwnd*CELL_MAX_NETWORK_SIZE*1000/ + MAX(cc->min_rtt_usec,cc->ewma_rtt_usec), + cc->in_slow_start + ); + } +} + +/** + * Implements RFC3742: Limited Slow Start. + * https://datatracker.ietf.org/doc/html/rfc3742#section-2 + */ +static inline uint64_t +rfc3742_ss_inc(const congestion_control_t *cc) +{ + if (cc->cwnd <= cc->vegas_params.ss_cwnd_cap) { + /* If less than the cap, round and always grow by at least 1 sendme_inc. */ + return ((uint64_t)cc->cwnd_inc_pct_ss*cc->sendme_inc + 50)/100; + } else { + // K = int(cwnd/(0.5 max_ssthresh)); + // => K = 2*cwnd/max_ssthresh + // cwnd += int(MSS/K); + // => cwnd += MSS*max_ssthresh/(2*cwnd) + // Return at least 1 for inc. + return MAX( + ((uint64_t)cc->sendme_inc*cc->vegas_params.ss_cwnd_cap + cc->cwnd)/ + (2*cc->cwnd), + 1); + } +} + +/** + * Exit Vegas slow start. + * + * This function sets our slow-start state to 0, and emits logs + * and control port information signifying end of slow start. + * It also schedules the next CWND update for steady-state. + */ +static void +congestion_control_vegas_exit_slow_start(const circuit_t *circ, + congestion_control_t *cc) +{ + congestion_control_vegas_log(circ, cc); + cc->in_slow_start = 0; + congestion_control_vegas_log(circ, cc); + + /* Update metricsport metrics */ + cc_stats_vegas_exit_ss_cwnd_ma = + stats_update_running_avg(cc_stats_vegas_exit_ss_cwnd_ma, + cc->cwnd); + cc_stats_vegas_exit_ss_bdp_ma = + stats_update_running_avg(cc_stats_vegas_exit_ss_bdp_ma, + vegas_bdp(cc)); + cc_stats_vegas_exit_ss_inc_ma = + stats_update_running_avg(cc_stats_vegas_exit_ss_inc_ma, + rfc3742_ss_inc(cc)); + cc_stats_vegas_circ_exited_ss++; + + /* We need to report that slow start has exited ASAP, + * for sbws bandwidth measurement. */ + if (CIRCUIT_IS_ORIGIN(circ)) { + /* We must discard const here because the event modifies fields :/ */ + control_event_circ_bandwidth_used_for_circ( + TO_ORIGIN_CIRCUIT((circuit_t*)circ)); + } +} + +/** + * Returns true if the congestion window is considered full. + * + * We allow a number of sendme_incs gap in case buffering issues + * with edge conns cause the window to occasionally be not quite + * full. This can happen if several SENDMEs arrive before we + * return to the eventloop to fill the inbuf on edge connections. + */ +static inline bool +cwnd_became_full(const congestion_control_t *cc) +{ + if (cc->inflight + cc_vegas_cwnd_full_gap*cc->sendme_inc >= cc->cwnd) { + return true; + } else { + return false; + } +} + +/** + * Returns true if the congestion window is no longer full. + * + * This functions as a low watermark, below which we stop + * allowing cwnd increments. + */ +static inline bool +cwnd_became_nonfull(const congestion_control_t *cc) +{ + /* Use multiply form to avoid division */ + if (100*cc->inflight < cc_vegas_cwnd_full_minpct * cc->cwnd) { + return true; + } else { + return false; + } +} + +/** + * Decide if it is time to reset the cwnd_full status. + * + * If cc_cwnd_full_per_cwnd=1, we reset cwnd_full once per congestion + * window, ie: + * next_cwnd_event == SENDME_PER_CWND(cc) + * + * Otherwise, we reset cwnd_full whenever there is an update of + * the congestion window, ie: + * next_cc_event == CWND_UPDATE_RATE(cc) + */ +static inline bool +cwnd_full_reset(const congestion_control_t *cc) +{ + if (cc_cwnd_full_per_cwnd) { + return (cc->next_cwnd_event == SENDME_PER_CWND(cc)); + } else { + return (cc->next_cc_event == CWND_UPDATE_RATE(cc)); + } +} + +/** + * Process a SENDME and update the congestion window according to the + * rules specified in TOR_VEGAS of Proposal #324. + * + * Essentially, this algorithm attempts to measure queue lengths on + * the circuit by subtracting the bandwidth-delay-product estimate + * from the current congestion window. + * + * If the congestion window is larger than the bandwidth-delay-product, + * then data is assumed to be queuing. We reduce the congestion window + * in that case. + * + * If the congestion window is smaller than the bandwidth-delay-product, + * then there is spare bandwidth capacity on the circuit. We increase the + * congestion window in that case. + * + * The congestion window is updated only once every congestion window worth of + * packets, even if the signal persists. It is also updated whenever the + * upstream orcon blocks, or unblocks. This minimizes local client queues. + */ +int +congestion_control_vegas_process_sendme(congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint) +{ + uint64_t queue_use; + + tor_assert(cc && cc->cc_alg == CC_ALG_VEGAS); + tor_assert(circ); + + /* Update ack counter until next congestion signal event is allowed */ + if (cc->next_cc_event) + cc->next_cc_event--; + + /* Update ack counter until a full cwnd is processed */ + if (cc->next_cwnd_event) + cc->next_cwnd_event--; + + /* Compute BDP and RTT. If we did not update, don't run the alg */ + if (!congestion_control_update_circuit_estimates(cc, circ, layer_hint)) { + cc->inflight = cc->inflight - cc->sendme_inc; + return 0; + } + + /* The queue use is the amount in which our cwnd is above BDP; + * if it is below, then 0 queue use. */ + if (vegas_bdp(cc) > cc->cwnd) + queue_use = 0; // This should not happen anymore.. + else + queue_use = cc->cwnd - vegas_bdp(cc); + + /* Update the full state */ + if (cwnd_became_full(cc)) + cc->cwnd_full = 1; + else if (cwnd_became_nonfull(cc)) + cc->cwnd_full = 0; + + if (cc->in_slow_start) { + if (queue_use < cc->vegas_params.gamma && !cc->blocked_chan) { + /* If the congestion window is not fully in use, skip any + * increment of cwnd in slow start */ + if (cc->cwnd_full) { + /* Get the "Limited Slow Start" increment */ + uint64_t inc = rfc3742_ss_inc(cc); + cc->cwnd += inc; + + // Check if inc is less than what we would do in steady-state + // avoidance. Note that this is likely never to happen + // in practice, but we keep this block and the metrics to make + // sure. + if (inc*SENDME_PER_CWND(cc) <= CWND_INC(cc)*cc->cwnd_inc_rate) { + congestion_control_vegas_exit_slow_start(circ, cc); + + cc_stats_vegas_below_ss_inc_floor++; + + /* We exited slow start without being blocked */ + cc_stats_vegas_ss_csig_blocked_ma = + stats_update_running_avg(cc_stats_vegas_ss_csig_blocked_ma, + 0); + } + } + } else { + uint64_t old_cwnd = cc->cwnd; + + /* Congestion signal: Set cwnd to gamma threshhold */ + cc->cwnd = vegas_bdp(cc) + cc->vegas_params.gamma; + + /* Compute the percentage we experience a blocked csig vs RTT sig */ + if (cc->blocked_chan) { + cc_stats_vegas_ss_csig_blocked_ma = + stats_update_running_avg(cc_stats_vegas_ss_csig_blocked_ma, + 100); + } else { + uint64_t cwnd_diff = (old_cwnd > cc->cwnd ? old_cwnd - cc->cwnd : 0); + + cc_stats_vegas_ss_csig_blocked_ma = + stats_update_running_avg(cc_stats_vegas_ss_csig_blocked_ma, + 0); + + /* Account the amount we reduced the cwnd by for the gamma cutoff */ + cc_stats_vegas_gamma_drop_ma = + stats_update_running_avg(cc_stats_vegas_gamma_drop_ma, + cwnd_diff); + } + + congestion_control_vegas_exit_slow_start(circ, cc); + } + + if (cc->cwnd >= cc->vegas_params.ss_cwnd_max) { + cc->cwnd = cc->vegas_params.ss_cwnd_max; + congestion_control_vegas_exit_slow_start(circ, cc); + cc_stats_vegas_above_ss_cwnd_max++; + } + + cc_stats_vegas_ss_queue_ma = + stats_update_running_avg(cc_stats_vegas_ss_queue_ma, + queue_use); + /* After slow start, We only update once per window */ + } else if (cc->next_cc_event == 0) { + if (queue_use > cc->vegas_params.delta) { + uint64_t old_cwnd = cc->cwnd; + uint64_t cwnd_diff; + + /* If we are above the delta threshhold, drop cwnd down to the + * delta threshhold. */ + cc->cwnd = vegas_bdp(cc) + cc->vegas_params.delta - CWND_INC(cc); + + /* Account the amount we reduced the cwnd by for the gamma cutoff */ + cwnd_diff = (old_cwnd > cc->cwnd ? old_cwnd - cc->cwnd : 0); + cc_stats_vegas_delta_drop_ma = + stats_update_running_avg(cc_stats_vegas_delta_drop_ma, + cwnd_diff); + + cc_stats_vegas_above_delta++; + + /* Percentage metrics: Add 100% delta, 0 for other two */ + cc_stats_vegas_csig_alpha_ma = + stats_update_running_avg(cc_stats_vegas_csig_alpha_ma, + 0); + cc_stats_vegas_csig_beta_ma = + stats_update_running_avg(cc_stats_vegas_csig_beta_ma, + 0); + cc_stats_vegas_csig_delta_ma = + stats_update_running_avg(cc_stats_vegas_csig_delta_ma, + 100); + } else if (queue_use > cc->vegas_params.beta || cc->blocked_chan) { + cc->cwnd -= CWND_INC(cc); + + /* Compute the percentage we experience a blocked csig vs RTT sig */ + if (cc->blocked_chan) { + cc_stats_vegas_csig_blocked_ma = + stats_update_running_avg(cc_stats_vegas_csig_blocked_ma, + 100); + } else { + cc_stats_vegas_csig_blocked_ma = + stats_update_running_avg(cc_stats_vegas_csig_blocked_ma, + 0); + } + + /* Percentage counters: Add 100% beta, 0 for other two */ + cc_stats_vegas_csig_alpha_ma = + stats_update_running_avg(cc_stats_vegas_csig_alpha_ma, + 0); + cc_stats_vegas_csig_beta_ma = + stats_update_running_avg(cc_stats_vegas_csig_beta_ma, + 100); + cc_stats_vegas_csig_delta_ma = + stats_update_running_avg(cc_stats_vegas_csig_delta_ma, + 0); + } else if (cc->cwnd_full && + queue_use < cc->vegas_params.alpha) { + cc->cwnd += CWND_INC(cc); + + /* Percentage counters: Add 100% alpha, 0 for other two */ + cc_stats_vegas_csig_alpha_ma = + stats_update_running_avg(cc_stats_vegas_csig_alpha_ma, + 100); + cc_stats_vegas_csig_beta_ma = + stats_update_running_avg(cc_stats_vegas_csig_beta_ma, + 0); + cc_stats_vegas_csig_delta_ma = + stats_update_running_avg(cc_stats_vegas_csig_delta_ma, + 0); + } else { + /* Percentage counters: No signal this round. Add 0% to all */ + cc_stats_vegas_csig_alpha_ma = + stats_update_running_avg(cc_stats_vegas_csig_alpha_ma, + 0); + cc_stats_vegas_csig_beta_ma = + stats_update_running_avg(cc_stats_vegas_csig_beta_ma, + 0); + cc_stats_vegas_csig_delta_ma = + stats_update_running_avg(cc_stats_vegas_csig_delta_ma, + 0); + } + + /* cwnd can never fall below 1 increment */ + cc->cwnd = MAX(cc->cwnd, cc->cwnd_min); + + congestion_control_vegas_log(circ, cc); + + /* Update metrics */ + cc_stats_vegas_queue_ma = + stats_update_running_avg(cc_stats_vegas_queue_ma, + queue_use); + cc_stats_vegas_bdp_ma = + stats_update_running_avg(cc_stats_vegas_bdp_ma, + vegas_bdp(cc)); + + /* Log if we're above the ss_cap */ + if (cc->cwnd >= cc->vegas_params.ss_cwnd_max) { + log_info(LD_CIRC, + "CC: TOR_VEGAS above ss_max in steady state for circ %d: %"PRIu64, + circ->purpose, cc->cwnd); + } + } + + /* Reset event counters */ + if (cc->next_cwnd_event == 0) { + cc->next_cwnd_event = SENDME_PER_CWND(cc); + } + if (cc->next_cc_event == 0) { + cc->next_cc_event = CWND_UPDATE_RATE(cc); + } + + /* Decide if enough time has passed to reset the cwnd utilization */ + if (cwnd_full_reset(cc)) + cc->cwnd_full = 0; + + /* Update inflight with ack */ + cc->inflight = cc->inflight - cc->sendme_inc; + + return 0; +} diff --git a/src/core/or/congestion_control_vegas.h b/src/core/or/congestion_control_vegas.h new file mode 100644 index 0000000000..84070664c8 --- /dev/null +++ b/src/core/or/congestion_control_vegas.h @@ -0,0 +1,55 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_vegas.h + * \brief Private-ish APIs for the TOR_VEGAS congestion control algorithm + **/ + +#ifndef TOR_CONGESTION_CONTROL_VEGAS_H +#define TOR_CONGESTION_CONTROL_VEGAS_H + +#include "core/or/crypt_path_st.h" +#include "core/or/circuit_st.h" + +extern double cc_stats_vegas_exit_ss_cwnd_ma; +extern double cc_stats_vegas_exit_ss_bdp_ma; +extern double cc_stats_vegas_exit_ss_inc_ma; +extern double cc_stats_vegas_gamma_drop_ma; +extern double cc_stats_vegas_delta_drop_ma; +extern double cc_stats_vegas_ss_csig_blocked_ma; +extern double cc_stats_vegas_csig_blocked_ma; +extern uint64_t cc_stats_vegas_above_delta; +extern uint64_t cc_stats_vegas_above_ss_cwnd_max; + +extern double cc_stats_vegas_csig_alpha_ma; +extern double cc_stats_vegas_csig_beta_ma; +extern double cc_stats_vegas_csig_delta_ma; + +extern double cc_stats_vegas_ss_queue_ma; +extern double cc_stats_vegas_queue_ma; +extern double cc_stats_vegas_bdp_ma; + +extern uint64_t cc_stats_vegas_below_ss_inc_floor; +extern uint64_t cc_stats_vegas_circ_exited_ss; + +/* Processing SENDME cell. */ +int congestion_control_vegas_process_sendme(struct congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint); +void congestion_control_vegas_set_params(struct congestion_control_t *cc, + cc_path_t path); + +/* Private section starts. */ +#ifdef TOR_CONGESTION_CONTROL_VEGAS_PRIVATE + +/* + * Unit tests declaractions. + */ +#ifdef TOR_UNIT_TESTS + +#endif /* defined(TOR_UNIT_TESTS) */ + +#endif /* defined(TOR_CONGESTION_CONTROL_VEGAS_PRIVATE) */ + +#endif /* !defined(TOR_CONGESTION_CONTROL_VEGAS_H) */ diff --git a/src/core/or/congestion_control_westwood.c b/src/core/or/congestion_control_westwood.c new file mode 100644 index 0000000000..d28ddf3442 --- /dev/null +++ b/src/core/or/congestion_control_westwood.c @@ -0,0 +1,241 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_westwood.c + * \brief Code that implements the TOR_WESTWOOD congestion control algorithm + * from Proposal #324. + */ + +#define TOR_CONGESTION_CONTROL_WESTWOOD_PRIVATE + +#include "core/or/or.h" + +#include "core/or/crypt_path.h" +#include "core/or/or_circuit_st.h" +#include "core/or/sendme.h" +#include "core/or/congestion_control_st.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_westwood.h" +#include "core/or/circuitlist.h" +#include "core/or/circuituse.h" +#include "core/or/origin_circuit_st.h" +#include "core/or/channel.h" +#include "feature/nodelist/networkstatus.h" +#include "feature/control/control_events.h" + +#define USEC_ONE_MS (1000) + +#define WESTWOOD_CWND_BACKOFF_M 75 +#define WESTWOOD_RTT_BACKOFF_M 100 +#define WESTWOOD_RTT_THRESH 33 +#define WESTWOOD_MIN_BACKOFF 0 + +/** + * Cache westwood consensus parameters. + */ +void +congestion_control_westwood_set_params(congestion_control_t *cc) +{ + tor_assert(cc->cc_alg == CC_ALG_WESTWOOD); + + cc->westwood_params.cwnd_backoff_m = + networkstatus_get_param(NULL, "cc_westwood_cwnd_m", + WESTWOOD_CWND_BACKOFF_M, + 0, + 100); + + cc->westwood_params.rtt_backoff_m = + networkstatus_get_param(NULL, "cc_westwood_rtt_m", + WESTWOOD_RTT_BACKOFF_M, + 50, + 100); + + cc->westwood_params.rtt_thresh = + networkstatus_get_param(NULL, "cc_westwood_rtt_thresh", + WESTWOOD_RTT_THRESH, + 0, + 100); + + cc->westwood_params.min_backoff = + networkstatus_get_param(NULL, "cc_westwood_min_backoff", + WESTWOOD_MIN_BACKOFF, + 0, + 1); +} + +/** + * Return the RTT threshold that signals congestion. + * + * Computed from the threshold parameter that specifies a + * percent between the min and max RTT observed so far. + */ +static inline uint64_t +westwood_rtt_signal(const congestion_control_t *cc) +{ + return ((100 - cc->westwood_params.rtt_thresh)*cc->min_rtt_usec + + cc->westwood_params.rtt_thresh*(cc)->max_rtt_usec)/100; +} + +/** + * Compute a backoff to reduce the max RTT. + * + * This may be necessary to ensure that westwood does not have + * a runaway condition where congestion inflates the max RTT, which + * inflates the congestion threshold. That cannot happen with one + * Westwood instance, but it may happen in aggregate. Hence, this is + * a safety parameter, in case we need it. + */ +static inline uint64_t +westwood_rtt_max_backoff(const congestion_control_t *cc) +{ + return cc->min_rtt_usec + + (cc->westwood_params.rtt_backoff_m * + (cc->max_rtt_usec - cc->min_rtt_usec))/100; +} + +/** + * Returns true if the circuit is experiencing congestion, as per + * TOR_WESTWOOD rules. + */ +static inline bool +westwood_is_congested(const congestion_control_t *cc) +{ + /* If the local channel is blocked, that is always congestion */ + if (cc->blocked_chan) + return true; + + /* If the min RTT is within 1ms of the signal, then there is not enough + * range in RTTs to signify congestion. Treat that as not congested. */ + if (westwood_rtt_signal(cc) < cc->min_rtt_usec || + westwood_rtt_signal(cc) - cc->min_rtt_usec < USEC_ONE_MS) + return false; + + /* If the EWMA-smoothed RTT exceeds the westwood RTT threshold, + * then it is congestion. */ + if (cc->ewma_rtt_usec > westwood_rtt_signal(cc)) + return true; + + return false; +} + +/** + * Process a SENDME and update the congestion window according to the + * rules specified in TOR_WESTWOOD of Proposal #324. + * + * Essentially, this algorithm uses a threshold of 'rtt_thresh', which + * is a midpoint between the min and max RTT. If the RTT exceeds this + * threshold, then queue delay due to congestion is assumed to be present, + * and the algorithm reduces the congestion window. If the RTT is below the + * threshold, the circuit is not congested (ie: queue delay is low), and we + * increase the congestion window. + * + * The congestion window is updated only once every congestion window worth of + * packets, even if the signal persists. It is also updated whenever the + * upstream orcon blocks, or unblocks. This minimizes local client queues. + */ +int +congestion_control_westwood_process_sendme(congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint) +{ + tor_assert(cc && cc->cc_alg == CC_ALG_WESTWOOD); + tor_assert(circ); + + /* Update ack counter until next congestion signal event is allowed */ + if (cc->next_cc_event) + cc->next_cc_event--; + + /* If we were unable to update our circuit estimates, Westwood must + * *not* update its cwnd, otherwise it could run to infinity, or to 0. + * Just update inflight from the sendme and return. */ + if (!congestion_control_update_circuit_estimates(cc, circ, layer_hint)) { + cc->inflight = cc->inflight - cc->sendme_inc; + return 0; + } + + /* We only update anything once per window */ + if (cc->next_cc_event == 0) { + if (!westwood_is_congested(cc)) { + if (cc->in_slow_start) { + cc->cwnd = MAX(cc->cwnd + CWND_INC_SS(cc), + cc->bdp[cc->bdp_alg]); + } else { + cc->cwnd = cc->cwnd + CWND_INC(cc); + } + } else { + if (cc->westwood_params.min_backoff) + cc->cwnd = MIN(cc->cwnd*cc->westwood_params.cwnd_backoff_m/100, + cc->bdp[cc->bdp_alg]); + else + cc->cwnd = MAX(cc->cwnd*cc->westwood_params.cwnd_backoff_m/100, + cc->bdp[cc->bdp_alg]); + + cc->in_slow_start = 0; + + // Because Westwood's congestion can runaway and boost max rtt, + // which increases its congestion signal, we backoff the max rtt + // too. + cc->max_rtt_usec = westwood_rtt_max_backoff(cc); + + log_info(LD_CIRC, "CC: TOR_WESTWOOD congestion. New max RTT: %"PRIu64, + cc->max_rtt_usec/1000); + + /* We need to report that slow start has exited ASAP, + * for sbws bandwidth measurement. */ + if (CIRCUIT_IS_ORIGIN(circ)) { + /* We must discard const here because the event modifies fields :/ */ + control_event_circ_bandwidth_used_for_circ( + TO_ORIGIN_CIRCUIT((circuit_t*)circ)); + } + } + + /* cwnd can never fall below 1 increment */ + cc->cwnd = MAX(cc->cwnd, cc->cwnd_min); + + /* Schedule next update */ + cc->next_cc_event = CWND_UPDATE_RATE(cc); + + if (CIRCUIT_IS_ORIGIN(circ)) { + log_info(LD_CIRC, + "CC: TOR_WESTWOOD Circuit %d " + "CWND: %"PRIu64", " + "INFL: %"PRIu64", " + "NCCE: %"PRIu16", " + "WRTT: %"PRIu64", " + "WSIG: %"PRIu64", " + "SS: %d", + CONST_TO_ORIGIN_CIRCUIT(circ)->global_identifier, + cc->cwnd, + cc->inflight, + cc->next_cc_event, + cc->ewma_rtt_usec/1000, + westwood_rtt_signal(cc)/1000, + cc->in_slow_start + ); + } else { + log_info(LD_CIRC, + "CC: TOR_WESTWOOD Circuit %"PRIu64":%d " + "CWND: %"PRIu64", " + "INFL: %"PRIu64", " + "NCCE: %"PRIu16", " + "WRTT: %"PRIu64", " + "WSIG: %"PRIu64", " + "SS: %d", + CONST_TO_OR_CIRCUIT(circ)->p_chan->global_identifier, + CONST_TO_OR_CIRCUIT(circ)->p_circ_id, + cc->cwnd, + cc->inflight, + cc->next_cc_event, + cc->ewma_rtt_usec/1000, + westwood_rtt_signal(cc)/1000, + cc->in_slow_start + ); + } + } + + /* Update inflight with ack */ + cc->inflight = cc->inflight - cc->sendme_inc; + + return 0; +} diff --git a/src/core/or/congestion_control_westwood.h b/src/core/or/congestion_control_westwood.h new file mode 100644 index 0000000000..c6fd596df4 --- /dev/null +++ b/src/core/or/congestion_control_westwood.h @@ -0,0 +1,33 @@ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file congestion_control_westwood.h + * \brief Private-ish APIs for the TOR_WESTWOOD congestion control algorithm + **/ + +#ifndef TOR_CONGESTION_CONTROL_WESTWOOD_H +#define TOR_CONGESTION_CONTROL_WESTWOOD_H + +#include "core/or/crypt_path_st.h" +#include "core/or/circuit_st.h" + +/* Processing SENDME cell. */ +int congestion_control_westwood_process_sendme(struct congestion_control_t *cc, + const circuit_t *circ, + const crypt_path_t *layer_hint); +void congestion_control_westwood_set_params(struct congestion_control_t *cc); + +/* Private section starts. */ +#ifdef TOR_CONGESTION_CONTROL_WESTWOOD_PRIVATE + +/* + * Unit tests declaractions. + */ +#ifdef TOR_UNIT_TESTS + +#endif /* defined(TOR_UNIT_TESTS) */ + +#endif /* defined(TOR_CONGESTION_CONTROL_WESTWOOD_PRIVATE) */ + +#endif /* !defined(TOR_CONGESTION_CONTROL_WESTWOOD_H) */ diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 504980c9fd..7dd0935b47 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -69,6 +69,8 @@ #include "core/or/circuituse.h" #include "core/or/circuitpadding.h" #include "core/or/connection_edge.h" +#include "core/or/congestion_control_flow.h" +#include "core/or/circuitstats.h" #include "core/or/connection_or.h" #include "core/or/extendinfo.h" #include "core/or/policies.h" @@ -96,9 +98,7 @@ #include "feature/relay/dns.h" #include "feature/relay/router.h" #include "feature/relay/routermode.h" -#include "feature/rend/rendclient.h" #include "feature/rend/rendcommon.h" -#include "feature/rend/rendservice.h" #include "feature/stats/predict_ports.h" #include "feature/stats/rephist.h" #include "lib/buf/buffers.h" @@ -166,6 +166,7 @@ static int connection_ap_process_natd(entry_connection_t *conn); static int connection_exit_connect_dir(edge_connection_t *exitconn); static int consider_plaintext_ports(entry_connection_t *conn, uint16_t port); static int connection_ap_supports_optimistic_data(const entry_connection_t *); +static bool network_reentry_is_allowed(void); /** * Cast a `connection_t *` to an `edge_connection_t *`. @@ -252,24 +253,9 @@ connection_mark_unattached_ap_,(entry_connection_t *conn, int endreason, int line, const char *file)) { connection_t *base_conn = ENTRY_TO_CONN(conn); - edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn); tor_assert(base_conn->type == CONN_TYPE_AP); ENTRY_TO_EDGE_CONN(conn)->edge_has_sent_end = 1; /* no circ yet */ - /* If this is a rendezvous stream and it is failing without ever - * being attached to a circuit, assume that an attempt to connect to - * the destination hidden service has just ended. - * - * XXXX This condition doesn't limit to only streams failing - * without ever being attached. That sloppiness should be harmless, - * but we should fix it someday anyway. */ - if ((edge_conn->on_circuit != NULL || edge_conn->edge_has_sent_end) && - connection_edge_is_rendezvous_stream(edge_conn)) { - if (edge_conn->rend_data) { - rend_client_note_connection_attempt_ended(edge_conn->rend_data); - } - } - if (base_conn->marked_for_close) { /* This call will warn as appropriate. */ connection_mark_for_close_(base_conn, line, file); @@ -646,20 +632,39 @@ connection_half_edge_add(const edge_connection_t *conn, half_conn->stream_id = conn->stream_id; - // How many sendme's should I expect? - half_conn->sendmes_pending = - (STREAMWINDOW_START-conn->package_window)/STREAMWINDOW_INCREMENT; - // Is there a connected cell pending? half_conn->connected_pending = conn->base_.state == AP_CONN_STATE_CONNECT_WAIT; - /* Data should only arrive if we're not waiting on a resolved cell. - * It can arrive after waiting on connected, because of optimistic - * data. */ - if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) { - // How many more data cells can arrive on this id? - half_conn->data_pending = conn->deliver_window; + if (edge_uses_flow_control(conn)) { + /* If the edge uses the new congestion control flow control, we must use + * time-based limits on half-edge activity. */ + uint64_t timeout_usec = (uint64_t)(get_circuit_build_timeout_ms()*1000); + half_conn->used_ccontrol = 1; + + /* If this is an onion service circuit, double the CBT as an approximate + * value for the other half of the circuit */ + if (conn->hs_ident) { + timeout_usec *= 2; + } + + /* The stream should stop seeing any use after the larger of the circuit + * RTT and the overall circuit build timeout */ + half_conn->end_ack_expected_usec = MAX(timeout_usec, + edge_get_max_rtt(conn)) + + monotime_absolute_usec(); + } else { + // How many sendme's should I expect? + half_conn->sendmes_pending = + (STREAMWINDOW_START-conn->package_window)/STREAMWINDOW_INCREMENT; + + /* Data should only arrive if we're not waiting on a resolved cell. + * It can arrive after waiting on connected, because of optimistic + * data. */ + if (conn->base_.state != AP_CONN_STATE_RESOLVE_WAIT) { + // How many more data cells can arrive on this id? + half_conn->data_pending = conn->deliver_window; + } } insert_at = smartlist_bsearch_idx(circ->half_streams, &half_conn->stream_id, @@ -720,6 +725,12 @@ connection_half_edge_is_valid_data(const smartlist_t *half_conns, if (!half) return 0; + if (half->used_ccontrol) { + if (monotime_absolute_usec() > half->end_ack_expected_usec) + return 0; + return 1; + } + if (half->data_pending > 0) { half->data_pending--; return 1; @@ -772,6 +783,10 @@ connection_half_edge_is_valid_sendme(const smartlist_t *half_conns, if (!half) return 0; + /* congestion control edges don't use sendmes */ + if (half->used_ccontrol) + return 0; + if (half->sendmes_pending > 0) { half->sendmes_pending--; return 1; @@ -1301,15 +1316,6 @@ connection_ap_rescan_and_attach_pending(void) connection_ap_attach_pending(1); } -#ifdef DEBUGGING_17659 -#define UNMARK() do { \ - entry_conn->marked_pending_circ_line = 0; \ - entry_conn->marked_pending_circ_file = 0; \ - } while (0) -#else /* !defined(DEBUGGING_17659) */ -#define UNMARK() do { } while (0) -#endif /* defined(DEBUGGING_17659) */ - /** Tell any AP streams that are listed as waiting for a new circuit to try * again. If there is an available circuit for a stream, attach it. Otherwise, * launch a new circuit. @@ -1338,21 +1344,18 @@ connection_ap_attach_pending(int retry) connection_t *conn = ENTRY_TO_CONN(entry_conn); tor_assert(conn && entry_conn); if (conn->marked_for_close) { - UNMARK(); continue; } if (conn->magic != ENTRY_CONNECTION_MAGIC) { log_warn(LD_BUG, "%p has impossible magic value %u.", entry_conn, (unsigned)conn->magic); - UNMARK(); continue; } if (conn->state != AP_CONN_STATE_CIRCUIT_WAIT) { - log_warn(LD_BUG, "%p is no longer in circuit_wait. Its current state " - "is %s. Why is it on pending_entry_connections?", - entry_conn, - conn_state_to_string(conn->type, conn->state)); - UNMARK(); + /* The connection_ap_handshake_attach_circuit() call, for onion service, + * can lead to more than one connections in the "pending" list to change + * state and so it is OK to get here. Ignore it because this connection + * won't be in pending_entry_connections list after this point. */ continue; } @@ -1377,7 +1380,6 @@ connection_ap_attach_pending(int retry) /* If we got here, then we either closed the connection, or * we attached it. */ - UNMARK(); } SMARTLIST_FOREACH_END(entry_conn); smartlist_free(pending); @@ -1448,7 +1450,6 @@ connection_ap_mark_as_non_pending_circuit(entry_connection_t *entry_conn) { if (PREDICT_UNLIKELY(NULL == pending_entry_connections)) return; - UNMARK(); smartlist_remove(pending_entry_connections, entry_conn); } @@ -1962,14 +1963,14 @@ connection_ap_handshake_rewrite(entry_connection_t *conn, } } -/** We just received a SOCKS request in <b>conn</b> to an onion address of type - * <b>addresstype</b>. Start connecting to the onion service. */ +/** We just received a SOCKS request in <b>conn</b> to a v3 onion. Start + * connecting to the onion service. */ static int connection_ap_handle_onion(entry_connection_t *conn, socks_request_t *socks, - origin_circuit_t *circ, - hostname_type_t addresstype) + origin_circuit_t *circ) { + int retval; time_t now = approx_time(); connection_t *base_conn = ENTRY_TO_CONN(conn); @@ -2005,102 +2006,38 @@ connection_ap_handle_onion(entry_connection_t *conn, return -1; } - /* Interface: Regardless of HS version after the block below we should have - set onion_address, rend_cache_lookup_result, and descriptor_is_usable. */ - const char *onion_address = NULL; - int rend_cache_lookup_result = -ENOENT; int descriptor_is_usable = 0; - if (addresstype == ONION_V2_HOSTNAME) { /* it's a v2 hidden service */ - rend_cache_entry_t *entry = NULL; - /* Look up if we have client authorization configured for this hidden - * service. If we do, associate it with the rend_data. */ - rend_service_authorization_t *client_auth = - rend_client_lookup_service_authorization(socks->address); - - const uint8_t *cookie = NULL; - rend_auth_type_t auth_type = REND_NO_AUTH; - if (client_auth) { - log_info(LD_REND, "Using previously configured client authorization " - "for hidden service request."); - auth_type = client_auth->auth_type; - cookie = client_auth->descriptor_cookie; - } + /* Create HS conn identifier with HS pubkey */ + hs_ident_edge_conn_t *hs_conn_ident = + tor_malloc_zero(sizeof(hs_ident_edge_conn_t)); - /* Fill in the rend_data field so we can start doing a connection to - * a hidden service. */ - rend_data_t *rend_data = ENTRY_TO_EDGE_CONN(conn)->rend_data = - rend_data_client_create(socks->address, NULL, (char *) cookie, - auth_type); - if (rend_data == NULL) { - return -1; - } - onion_address = rend_data_get_address(rend_data); - log_info(LD_REND,"Got a hidden service request for ID '%s'", - safe_str_client(onion_address)); - - rend_cache_lookup_result = rend_cache_lookup_entry(onion_address,-1, - &entry); - if (!rend_cache_lookup_result && entry) { - descriptor_is_usable = rend_client_any_intro_points_usable(entry); - } - } else { /* it's a v3 hidden service */ - tor_assert(addresstype == ONION_V3_HOSTNAME); - const hs_descriptor_t *cached_desc = NULL; - int retval; - /* Create HS conn identifier with HS pubkey */ - hs_ident_edge_conn_t *hs_conn_ident = - tor_malloc_zero(sizeof(hs_ident_edge_conn_t)); - - retval = hs_parse_address(socks->address, &hs_conn_ident->identity_pk, - NULL, NULL); - if (retval < 0) { - log_warn(LD_GENERAL, "failed to parse hs address"); - tor_free(hs_conn_ident); - return -1; - } - ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident; - - onion_address = socks->address; - - /* Check the v3 desc cache */ - cached_desc = hs_cache_lookup_as_client(&hs_conn_ident->identity_pk); - if (cached_desc) { - rend_cache_lookup_result = 0; - descriptor_is_usable = - hs_client_any_intro_points_usable(&hs_conn_ident->identity_pk, - cached_desc); - log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.", - (descriptor_is_usable) ? "usable" : "unusable", - safe_str_client(onion_address), - (descriptor_is_usable) ? "Not fetching." : "Refetching."); - } else { - rend_cache_lookup_result = -ENOENT; - } + retval = hs_parse_address(socks->address, &hs_conn_ident->identity_pk, + NULL, NULL); + if (retval < 0) { + log_warn(LD_GENERAL, "failed to parse hs address"); + tor_free(hs_conn_ident); + return -1; } + ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident; - /* Lookup the given onion address. If invalid, stop right now. - * Otherwise, we might have it in the cache or not. */ + /* Check the v3 desc cache */ + const hs_descriptor_t *cached_desc = NULL; unsigned int refetch_desc = 0; - if (rend_cache_lookup_result < 0) { - switch (-rend_cache_lookup_result) { - case EINVAL: - /* We should already have rejected this address! */ - log_warn(LD_BUG,"Invalid service name '%s'", - safe_str_client(onion_address)); - connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); - return -1; - case ENOENT: - /* We didn't have this; we should look it up. */ - log_info(LD_REND, "No descriptor found in our cache for %s. Fetching.", - safe_str_client(onion_address)); - refetch_desc = 1; - break; - default: - log_warn(LD_BUG, "Unknown cache lookup error %d", - rend_cache_lookup_result); - return -1; - } + cached_desc = hs_cache_lookup_as_client(&hs_conn_ident->identity_pk); + if (cached_desc) { + descriptor_is_usable = + hs_client_any_intro_points_usable(&hs_conn_ident->identity_pk, + cached_desc); + log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.", + (descriptor_is_usable) ? "usable" : "unusable", + safe_str_client(socks->address), + (descriptor_is_usable) ? "Not fetching." : "Refetching."); + } else { + /* We couldn't find this descriptor; we should look it up. */ + log_info(LD_REND, "No descriptor found in our cache for %s. Fetching.", + safe_str_client(socks->address)); + refetch_desc = 1; } /* Help predict that we'll want to do hidden service circuits in the @@ -2115,33 +2052,25 @@ connection_ap_handle_onion(entry_connection_t *conn, edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn); connection_ap_mark_as_non_pending_circuit(conn); base_conn->state = AP_CONN_STATE_RENDDESC_WAIT; - if (addresstype == ONION_V2_HOSTNAME) { - tor_assert(edge_conn->rend_data); - rend_client_refetch_v2_renddesc(edge_conn->rend_data); - /* Whatever the result of the refetch, we don't go further. */ + tor_assert(edge_conn->hs_ident); + /* Attempt to fetch the hsv3 descriptor. Check the retval to see how it + * went and act accordingly. */ + int ret = hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk); + switch (ret) { + case HS_CLIENT_FETCH_MISSING_INFO: + /* Keeping the connection in descriptor wait state is fine because + * once we get enough dirinfo or a new live consensus, the HS client + * subsystem is notified and every connection in that state will + * trigger a fetch for the service key. */ + case HS_CLIENT_FETCH_LAUNCHED: + case HS_CLIENT_FETCH_PENDING: + case HS_CLIENT_FETCH_HAVE_DESC: return 0; - } else { - tor_assert(addresstype == ONION_V3_HOSTNAME); - tor_assert(edge_conn->hs_ident); - /* Attempt to fetch the hsv3 descriptor. Check the retval to see how it - * went and act accordingly. */ - int ret = hs_client_refetch_hsdesc(&edge_conn->hs_ident->identity_pk); - switch (ret) { - case HS_CLIENT_FETCH_MISSING_INFO: - /* Keeping the connection in descriptor wait state is fine because - * once we get enough dirinfo or a new live consensus, the HS client - * subsystem is notified and every connection in that state will - * trigger a fetch for the service key. */ - case HS_CLIENT_FETCH_LAUNCHED: - case HS_CLIENT_FETCH_PENDING: - case HS_CLIENT_FETCH_HAVE_DESC: - return 0; - case HS_CLIENT_FETCH_ERROR: - case HS_CLIENT_FETCH_NO_HSDIRS: - case HS_CLIENT_FETCH_NOT_ALLOWED: - /* Can't proceed further and better close the SOCKS request. */ - return -1; - } + case HS_CLIENT_FETCH_ERROR: + case HS_CLIENT_FETCH_NO_HSDIRS: + case HS_CLIENT_FETCH_NOT_ALLOWED: + /* Can't proceed further and better close the SOCKS request. */ + return -1; } } @@ -2216,7 +2145,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, } /* If this is a .exit hostname, strip off the .name.exit part, and - * see whether we're willing to connect there, and and otherwise handle the + * see whether we're willing to connect there, and otherwise handle the * .exit address. * * We'll set chosen_exit_name and/or close the connection as appropriate. @@ -2320,7 +2249,7 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, } /* Now, we handle everything that isn't a .onion address. */ - if (addresstype != ONION_V2_HOSTNAME && addresstype != ONION_V3_HOSTNAME) { + if (addresstype != ONION_V3_HOSTNAME) { /* Not a hidden-service request. It's either a hostname or an IP, * possibly with a .exit that we stripped off. We're going to check * if we're allowed to connect/resolve there, and then launch the @@ -2506,6 +2435,25 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, * address. */ conn->entry_cfg.ipv6_traffic = 0; } + + /* Next, yet another check: we know it's a direct IP address. Is it + * the IP address of a known relay and its ORPort, or of a directory + * authority and its OR or Dir Port? If so, and if a consensus param + * says to, then exit relays will refuse this request (see ticket + * 2667 for details). Let's just refuse it locally right now, to + * save time and network load but also to give the user a more + * useful log message. */ + if (!network_reentry_is_allowed() && + nodelist_reentry_contains(&addr, socks->port)) { + log_warn(LD_APP, "Not attempting connection to %s:%d because " + "the network would reject it. Are you trying to send " + "Tor traffic over Tor? This traffic can be harmful to " + "the Tor network. If you really need it, try using " + "a bridge as a workaround.", + safe_str_client(socks->address), socks->port); + connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); + return -1; + } } } @@ -2586,24 +2534,9 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, return 0; } else { /* If we get here, it's a request for a .onion address! */ - tor_assert(addresstype == ONION_V2_HOSTNAME || - addresstype == ONION_V3_HOSTNAME); + tor_assert(addresstype == ONION_V3_HOSTNAME); tor_assert(!automap); - - if (addresstype == ONION_V2_HOSTNAME) { - static bool log_once = false; - if (!log_once) { - log_warn(LD_PROTOCOL, - "Warning! You've just connected to a v2 onion address. These " - "addresses are deprecated for security reasons, and are no " - "longer supported in Tor. Please encourage the site operator " - "to upgrade. For more information see " - "https://blog.torproject.org/v2-deprecation-timeline"); - log_once = true; - } - } - - return connection_ap_handle_onion(conn, socks, circ, addresstype); + return connection_ap_handle_onion(conn, socks, circ); } return 0; /* unreached but keeps the compiler happy */ @@ -3540,22 +3473,30 @@ tell_controller_about_resolved_result(entry_connection_t *conn, int ttl, time_t expires) { + uint64_t stream_id = 0; + + if (BUG(!conn)) { + return; + } + + stream_id = ENTRY_TO_CONN(conn)->global_identifier; + expires = time(NULL) + ttl; if (answer_type == RESOLVED_TYPE_IPV4 && answer_len >= 4) { char *cp = tor_dup_ip(ntohl(get_uint32(answer))); if (cp) control_event_address_mapped(conn->socks_request->address, - cp, expires, NULL, 0); + cp, expires, NULL, 0, stream_id); tor_free(cp); } else if (answer_type == RESOLVED_TYPE_HOSTNAME && answer_len < 256) { char *cp = tor_strndup(answer, answer_len); control_event_address_mapped(conn->socks_request->address, - cp, expires, NULL, 0); + cp, expires, NULL, 0, stream_id); tor_free(cp); } else { control_event_address_mapped(conn->socks_request->address, "<error>", time(NULL)+ttl, - "error=yes", 0); + "error=yes", 0, stream_id); } } @@ -3902,13 +3843,7 @@ handle_hs_exit_conn(circuit_t *circ, edge_connection_t *conn) conn->base_.address = tor_strdup("(rendezvous)"); conn->base_.state = EXIT_CONN_STATE_CONNECTING; - /* The circuit either has an hs identifier for v3+ or a rend_data for legacy - * service. */ - if (origin_circ->rend_data) { - conn->rend_data = rend_data_dup(origin_circ->rend_data); - tor_assert(connection_edge_is_rendezvous_stream(conn)); - ret = rend_service_set_connection_addr_port(conn, origin_circ); - } else if (origin_circ->hs_ident) { + if (origin_circ->hs_ident) { /* Setup the identifier to be the one for the circuit service. */ conn->hs_ident = hs_ident_edge_conn_new(&origin_circ->hs_ident->identity_pk); @@ -4200,6 +4135,9 @@ connection_exit_begin_resolve(cell_t *cell, or_circuit_t *circ) if (rh.length > RELAY_PAYLOAD_SIZE) return -1; + /* Note the RESOLVE stream as seen. */ + rep_hist_note_exit_stream(RELAY_COMMAND_RESOLVE); + /* This 'dummy_conn' only exists to remember the stream ID * associated with the resolve request; and to make the * implementation of dns.c more uniform. (We really only need to @@ -4287,6 +4225,7 @@ connection_exit_connect(edge_connection_t *edge_conn) log_info(LD_EXIT,"%s failed exit policy%s. Closing.", connection_describe(conn), why_failed_exit_policy); + rep_hist_note_conn_rejected(conn->type, conn->socket_family); connection_edge_end(edge_conn, END_STREAM_REASON_EXITPOLICY); circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn); connection_free(conn); @@ -4314,12 +4253,17 @@ connection_exit_connect(edge_connection_t *edge_conn) nodelist_reentry_contains(&conn->addr, conn->port)) { log_info(LD_EXIT, "%s tried to connect back to a known relay address. " "Closing.", connection_describe(conn)); + rep_hist_note_conn_rejected(conn->type, conn->socket_family); connection_edge_end(edge_conn, END_STREAM_REASON_CONNECTREFUSED); circuit_detach_stream(circuit_get_by_edge_conn(edge_conn), edge_conn); connection_free(conn); return; } + /* Note the BEGIN stream as seen. We do this after the Exit policy check in + * order to only account for valid streams. */ + rep_hist_note_exit_stream(RELAY_COMMAND_BEGIN); + #ifdef HAVE_SYS_UN_H if (conn->socket_family != AF_UNIX) { #else @@ -4415,6 +4359,9 @@ connection_exit_connect_dir(edge_connection_t *exitconn) log_info(LD_EXIT, "Opening local connection for anonymized directory exit"); + /* Note the BEGIN_DIR stream as seen. */ + rep_hist_note_exit_stream(RELAY_COMMAND_BEGIN_DIR); + exitconn->base_.state = EXIT_CONN_STATE_OPEN; dirconn = dir_connection_new(tor_addr_family(&exitconn->base_.addr)); @@ -4471,10 +4418,8 @@ int connection_edge_is_rendezvous_stream(const edge_connection_t *conn) { tor_assert(conn); - /* It should not be possible to set both of these structs */ - tor_assert_nonfatal(!(conn->rend_data && conn->hs_ident)); - if (conn->rend_data || conn->hs_ident) { + if (conn->hs_ident) { return 1; } return 0; diff --git a/src/core/or/connection_edge.h b/src/core/or/connection_edge.h index 802ca071cd..1816f2a463 100644 --- a/src/core/or/connection_edge.h +++ b/src/core/or/connection_edge.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -80,7 +80,6 @@ typedef enum hostname_type_t { BAD_HOSTNAME, EXIT_HOSTNAME, NORMAL_HOSTNAME, - ONION_V2_HOSTNAME, ONION_V3_HOSTNAME, } hostname_type_t; diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c index 3b380c6145..dd93628654 100644 --- a/src/core/or/connection_or.c +++ b/src/core/or/connection_or.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -65,7 +65,9 @@ #include "core/or/scheduler.h" #include "feature/nodelist/torcert.h" #include "core/or/channelpadding.h" +#include "core/or/congestion_control_common.h" #include "feature/dirauth/authmode.h" +#include "feature/hs/hs_service.h" #include "core/or/cell_st.h" #include "core/or/cell_queue_st.h" @@ -639,7 +641,7 @@ connection_or_flushed_some(or_connection_t *conn) /* If we're under the low water mark, add cells until we're just over the * high water mark. */ datalen = connection_get_outbuf_len(TO_CONN(conn)); - if (datalen < OR_CONN_LOWWATER) { + if (datalen < or_conn_lowwatermark()) { /* Let the scheduler know */ scheduler_channel_wants_writes(TLS_CHAN_TO_BASE(conn->chan)); } @@ -663,9 +665,9 @@ connection_or_num_cells_writeable(or_connection_t *conn) * used to trigger when to start writing after we've stopped. */ datalen = connection_get_outbuf_len(TO_CONN(conn)); - if (datalen < OR_CONN_HIGHWATER) { + if (datalen < or_conn_highwatermark()) { cell_network_size = get_cell_network_size(conn->wide_circ_ids); - n = CEIL_DIV(OR_CONN_HIGHWATER - datalen, cell_network_size); + n = CEIL_DIV(or_conn_highwatermark() - datalen, cell_network_size); } return n; @@ -690,6 +692,11 @@ connection_or_finished_flushing(or_connection_t *conn) /* PROXY_HAPROXY gets connected by receiving an ack. */ if (conn->proxy_type == PROXY_HAPROXY) { tor_assert(TO_CONN(conn)->proxy_state == PROXY_HAPROXY_WAIT_FOR_FLUSH); + IF_BUG_ONCE(buf_datalen(TO_CONN(conn)->inbuf) != 0) { + /* This should be impossible; we're not even reading. */ + connection_or_close_for_error(conn, 0); + return -1; + } TO_CONN(conn)->proxy_state = PROXY_CONNECTED; if (connection_tls_start_handshake(conn, 0) < 0) { @@ -1317,6 +1324,13 @@ note_or_connect_failed(const or_connection_t *or_conn) tor_assert(or_conn); + if (or_conn->potentially_used_for_bootstrapping) { + /* Don't cache connection failures for connections we initiated ourself. + * If these direct connections fail, we're supposed to recognize that + * the destination is down and stop trying. See ticket 40499. */ + return; + } + ocf = or_connect_failure_find(or_conn); if (ocf == NULL) { ocf = or_connect_failure_new(or_conn); @@ -1982,7 +1996,8 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn->identity_digest); const int is_authority_fingerprint = router_digest_is_trusted_dir( conn->identity_digest); - const int non_anonymous_mode = rend_non_anonymous_mode_enabled(options); + const int non_anonymous_mode = + hs_service_non_anonymous_mode_enabled(options); int severity; const char *extra_log = ""; diff --git a/src/core/or/connection_or.h b/src/core/or/connection_or.h index 8cbe8c028b..2132f9a072 100644 --- a/src/core/or/connection_or.h +++ b/src/core/or/connection_or.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/connection_st.h b/src/core/or/connection_st.h index 082420c4bc..d3a230daa0 100644 --- a/src/core/or/connection_st.h +++ b/src/core/or/connection_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -87,6 +87,10 @@ struct connection_t { /** True iff we've called connection_close_immediate() on this linked * connection. */ unsigned int linked_conn_is_closed:1; + /** True iff this connection was opened from a listener and thus we've + * recevied this connection. Else, it means we've initiated an outbound + * connection. */ + unsigned int from_listener:1; /** CONNECT/SOCKS proxy client handshake state (for outgoing connections). */ unsigned int proxy_state:4; diff --git a/src/core/or/cpath_build_state_st.h b/src/core/or/cpath_build_state_st.h index eb8e97edc5..2dc682de81 100644 --- a/src/core/or/cpath_build_state_st.h +++ b/src/core/or/cpath_build_state_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -30,11 +30,6 @@ struct cpath_build_state_t { * These are for encrypted dir conns that exit to this router, not * for arbitrary exits from the circuit. */ unsigned int onehop_tunnel : 1; - /** The crypt_path_t to append after rendezvous: used for rendezvous. */ - crypt_path_t *pending_final_cpath; - /** A ref-counted reference to the crypt_path_t to append after - * rendezvous; used on the service side. */ - crypt_path_reference_t *service_pending_final_cpath_ref; /** How many times has building a circuit for this task failed? */ int failure_count; /** At what time should we give up on this task? */ diff --git a/src/core/or/crypt_path.c b/src/core/or/crypt_path.c index e1bbd81251..7673bc306f 100644 --- a/src/core/or/crypt_path.c +++ b/src/core/or/crypt_path.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019-2020, The Tor Project, Inc. */ + * Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -15,10 +15,6 @@ * some more effort: * * - circuit_list_path_impl() - * - Functions dealing with cpaths in HSv2 create_rend_cpath() and - * create_rend_cpath_legacy() - * - The cpath related parts of rend_service_receive_introduction() and - * rend_client_send_introduction(). **/ #define CRYPT_PATH_PRIVATE @@ -31,6 +27,7 @@ #include "core/or/circuitbuild.h" #include "core/or/circuitlist.h" #include "core/or/extendinfo.h" +#include "core/or/congestion_control_common.h" #include "lib/crypt_ops/crypto_dh.h" #include "lib/crypt_ops/crypto_util.h" @@ -169,6 +166,7 @@ cpath_free(crypt_path_t *victim) onion_handshake_state_release(&victim->handshake_state); crypto_dh_free(victim->rend_dh_handshake_state); extend_info_free(victim->extend_info); + congestion_control_free(victim->ccontrol); memwipe(victim, 0xBB, sizeof(crypt_path_t)); /* poison memory */ tor_free(victim); diff --git a/src/core/or/crypt_path_reference_st.h b/src/core/or/crypt_path_reference_st.h index 71f9cb8c36..b5f7ce3b84 100644 --- a/src/core/or/crypt_path_reference_st.h +++ b/src/core/or/crypt_path_reference_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/crypt_path_st.h b/src/core/or/crypt_path_st.h index 2b69728a6d..fdc6b6fbb2 100644 --- a/src/core/or/crypt_path_st.h +++ b/src/core/or/crypt_path_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -21,14 +21,19 @@ struct fast_handshake_state_t; struct ntor_handshake_state_t; struct crypto_dh_t; struct onion_handshake_state_t { + /** One of `ONION_HANDSHAKE_TYPE_*`. Determines which member of the union + * is accessible. */ uint16_t tag; union { struct fast_handshake_state_t *fast; struct crypto_dh_t *tap; struct ntor_handshake_state_t *ntor; + struct ntor3_handshake_state_t *ntor3; } u; }; +struct congestion_control_t; + /** Macro to encapsulate private members of a struct. * * Renames 'x' to 'x_crypt_path_private_field'. @@ -80,6 +85,9 @@ struct crypt_path_t { int deliver_window; /**< How many cells are we willing to deliver originating * at this step? */ + /** Congestion control info */ + struct congestion_control_t *ccontrol; + /*********************** Private members ****************************/ /** Private member: Cryptographic state used for encrypting and diff --git a/src/core/or/destroy_cell_queue_st.h b/src/core/or/destroy_cell_queue_st.h index aa28289be5..224c82ad9d 100644 --- a/src/core/or/destroy_cell_queue_st.h +++ b/src/core/or/destroy_cell_queue_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/dos.c b/src/core/or/dos.c index 41bf303ffe..5bf7d148d7 100644 --- a/src/core/or/dos.c +++ b/src/core/or/dos.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* @@ -23,7 +23,9 @@ #include "lib/crypt_ops/crypto_rand.h" #include "core/or/dos.h" +#include "core/or/dos_sys.h" +#include "core/or/dos_options_st.h" #include "core/or/or_connection_st.h" /* @@ -47,6 +49,7 @@ static int32_t dos_cc_defense_time_period; /* Keep some stats for the heartbeat so we can report out. */ static uint64_t cc_num_rejected_cells; static uint32_t cc_num_marked_addrs; +static uint32_t cc_num_marked_addrs_max_queue; /* * Concurrent connection denial of service mitigation. @@ -61,9 +64,18 @@ static unsigned int dos_conn_enabled = 0; * They are initialized with the hardcoded default values. */ static uint32_t dos_conn_max_concurrent_count; static dos_conn_defense_type_t dos_conn_defense_type; +static uint32_t dos_conn_connect_rate = DOS_CONN_CONNECT_RATE_DEFAULT; +static uint32_t dos_conn_connect_burst = DOS_CONN_CONNECT_BURST_DEFAULT; +static int32_t dos_conn_connect_defense_time_period = + DOS_CONN_CONNECT_DEFENSE_TIME_PERIOD_DEFAULT; /* Keep some stats for the heartbeat so we can report out. */ static uint64_t conn_num_addr_rejected; +static uint64_t conn_num_addr_connect_rejected; + +/** Consensus parameter: How many times a client IP is allowed to hit the + * circ_max_cell_queue_size_out limit before being marked. */ +static uint32_t dos_num_circ_max_outq; /* * General interface of the denial of service mitigation subsystem. @@ -72,13 +84,29 @@ static uint64_t conn_num_addr_rejected; /* Keep stats for the heartbeat. */ static uint64_t num_single_hop_client_refused; +/** Return the consensus parameter for the outbound circ_max_cell_queue_size + * limit. */ +static uint32_t +get_param_dos_num_circ_max_outq(const networkstatus_t *ns) +{ +#define DOS_NUM_CIRC_MAX_OUTQ_DEFAULT 3 +#define DOS_NUM_CIRC_MAX_OUTQ_MIN 0 +#define DOS_NUM_CIRC_MAX_OUTQ_MAX INT32_MAX + + /* Update the circuit max cell queue size from the consensus. */ + return networkstatus_get_param(ns, "dos_num_circ_max_outq", + DOS_NUM_CIRC_MAX_OUTQ_DEFAULT, + DOS_NUM_CIRC_MAX_OUTQ_MIN, + DOS_NUM_CIRC_MAX_OUTQ_MAX); +} + /* Return true iff the circuit creation mitigation is enabled. We look at the * consensus for this else a default value is returned. */ MOCK_IMPL(STATIC unsigned int, get_param_cc_enabled, (const networkstatus_t *ns)) { - if (get_options()->DoSCircuitCreationEnabled != -1) { - return get_options()->DoSCircuitCreationEnabled; + if (dos_get_options()->DoSCircuitCreationEnabled != -1) { + return dos_get_options()->DoSCircuitCreationEnabled; } return !!networkstatus_get_param(ns, "DoSCircuitCreationEnabled", @@ -90,8 +118,8 @@ get_param_cc_enabled, (const networkstatus_t *ns)) STATIC uint32_t get_param_cc_min_concurrent_connection(const networkstatus_t *ns) { - if (get_options()->DoSCircuitCreationMinConnections) { - return get_options()->DoSCircuitCreationMinConnections; + if (dos_get_options()->DoSCircuitCreationMinConnections) { + return dos_get_options()->DoSCircuitCreationMinConnections; } return networkstatus_get_param(ns, "DoSCircuitCreationMinConnections", DOS_CC_MIN_CONCURRENT_CONN_DEFAULT, @@ -104,8 +132,8 @@ static uint32_t get_param_cc_circuit_rate(const networkstatus_t *ns) { /* This is in seconds. */ - if (get_options()->DoSCircuitCreationRate) { - return get_options()->DoSCircuitCreationRate; + if (dos_get_options()->DoSCircuitCreationRate) { + return dos_get_options()->DoSCircuitCreationRate; } return networkstatus_get_param(ns, "DoSCircuitCreationRate", DOS_CC_CIRCUIT_RATE_DEFAULT, @@ -117,8 +145,8 @@ get_param_cc_circuit_rate(const networkstatus_t *ns) STATIC uint32_t get_param_cc_circuit_burst(const networkstatus_t *ns) { - if (get_options()->DoSCircuitCreationBurst) { - return get_options()->DoSCircuitCreationBurst; + if (dos_get_options()->DoSCircuitCreationBurst) { + return dos_get_options()->DoSCircuitCreationBurst; } return networkstatus_get_param(ns, "DoSCircuitCreationBurst", DOS_CC_CIRCUIT_BURST_DEFAULT, @@ -129,8 +157,8 @@ get_param_cc_circuit_burst(const networkstatus_t *ns) static uint32_t get_param_cc_defense_type(const networkstatus_t *ns) { - if (get_options()->DoSCircuitCreationDefenseType) { - return get_options()->DoSCircuitCreationDefenseType; + if (dos_get_options()->DoSCircuitCreationDefenseType) { + return dos_get_options()->DoSCircuitCreationDefenseType; } return networkstatus_get_param(ns, "DoSCircuitCreationDefenseType", DOS_CC_DEFENSE_TYPE_DEFAULT, @@ -143,8 +171,8 @@ static int32_t get_param_cc_defense_time_period(const networkstatus_t *ns) { /* Time in seconds. */ - if (get_options()->DoSCircuitCreationDefenseTimePeriod) { - return get_options()->DoSCircuitCreationDefenseTimePeriod; + if (dos_get_options()->DoSCircuitCreationDefenseTimePeriod) { + return dos_get_options()->DoSCircuitCreationDefenseTimePeriod; } return networkstatus_get_param(ns, "DoSCircuitCreationDefenseTimePeriod", DOS_CC_DEFENSE_TIME_PERIOD_DEFAULT, @@ -156,8 +184,8 @@ get_param_cc_defense_time_period(const networkstatus_t *ns) MOCK_IMPL(STATIC unsigned int, get_param_conn_enabled, (const networkstatus_t *ns)) { - if (get_options()->DoSConnectionEnabled != -1) { - return get_options()->DoSConnectionEnabled; + if (dos_get_options()->DoSConnectionEnabled != -1) { + return dos_get_options()->DoSConnectionEnabled; } return !!networkstatus_get_param(ns, "DoSConnectionEnabled", DOS_CONN_ENABLED_DEFAULT, 0, 1); @@ -168,8 +196,8 @@ get_param_conn_enabled, (const networkstatus_t *ns)) STATIC uint32_t get_param_conn_max_concurrent_count(const networkstatus_t *ns) { - if (get_options()->DoSConnectionMaxConcurrentCount) { - return get_options()->DoSConnectionMaxConcurrentCount; + if (dos_get_options()->DoSConnectionMaxConcurrentCount) { + return dos_get_options()->DoSConnectionMaxConcurrentCount; } return networkstatus_get_param(ns, "DoSConnectionMaxConcurrentCount", DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT, @@ -180,14 +208,55 @@ get_param_conn_max_concurrent_count(const networkstatus_t *ns) static uint32_t get_param_conn_defense_type(const networkstatus_t *ns) { - if (get_options()->DoSConnectionDefenseType) { - return get_options()->DoSConnectionDefenseType; + if (dos_get_options()->DoSConnectionDefenseType) { + return dos_get_options()->DoSConnectionDefenseType; } return networkstatus_get_param(ns, "DoSConnectionDefenseType", DOS_CONN_DEFENSE_TYPE_DEFAULT, DOS_CONN_DEFENSE_NONE, DOS_CONN_DEFENSE_MAX); } +/* Return the connection connect rate parameters either from the configuration + * file or, if not found, consensus parameter. */ +static uint32_t +get_param_conn_connect_rate(const networkstatus_t *ns) +{ + if (dos_get_options()->DoSConnectionConnectRate) { + return dos_get_options()->DoSConnectionConnectRate; + } + return networkstatus_get_param(ns, "DoSConnectionConnectRate", + DOS_CONN_CONNECT_RATE_DEFAULT, + 1, INT32_MAX); +} + +/* Return the connection connect burst parameters either from the + * configuration file or, if not found, consensus parameter. */ +STATIC uint32_t +get_param_conn_connect_burst(const networkstatus_t *ns) +{ + if (dos_get_options()->DoSConnectionConnectBurst) { + return dos_get_options()->DoSConnectionConnectBurst; + } + return networkstatus_get_param(ns, "DoSConnectionConnectBurst", + DOS_CONN_CONNECT_BURST_DEFAULT, + 1, INT32_MAX); +} + +/* Return the connection connect defense time period from the configuration + * file or, if not found, the consensus parameter. */ +static int32_t +get_param_conn_connect_defense_time_period(const networkstatus_t *ns) +{ + /* Time in seconds. */ + if (dos_get_options()->DoSConnectionConnectDefenseTimePeriod) { + return dos_get_options()->DoSConnectionConnectDefenseTimePeriod; + } + return networkstatus_get_param(ns, "DoSConnectionConnectDefenseTimePeriod", + DOS_CONN_CONNECT_DEFENSE_TIME_PERIOD_DEFAULT, + DOS_CONN_CONNECT_DEFENSE_TIME_PERIOD_MIN, + INT32_MAX); +} + /* Set circuit creation parameters located in the consensus or their default * if none are present. Called at initialization or when the consensus * changes. */ @@ -206,6 +275,13 @@ set_dos_parameters(const networkstatus_t *ns) dos_conn_enabled = get_param_conn_enabled(ns); dos_conn_max_concurrent_count = get_param_conn_max_concurrent_count(ns); dos_conn_defense_type = get_param_conn_defense_type(ns); + dos_conn_connect_rate = get_param_conn_connect_rate(ns); + dos_conn_connect_burst = get_param_conn_connect_burst(ns); + dos_conn_connect_defense_time_period = + get_param_conn_connect_defense_time_period(ns); + + /* Circuit. */ + dos_num_circ_max_outq = get_param_dos_num_circ_max_outq(ns); } /* Free everything for the circuit creation DoS mitigation subsystem. */ @@ -347,7 +423,7 @@ cc_has_exhausted_circuits(const dos_client_stats_t *stats) { tor_assert(stats); return stats->cc_stats.circuit_bucket == 0 && - stats->concurrent_count >= dos_cc_min_concurrent_conn; + stats->conn_stats.concurrent_count >= dos_cc_min_concurrent_conn; } /* Mark client address by setting a timestamp in the stats object which tells @@ -403,6 +479,20 @@ cc_channel_addr_is_marked(channel_t *chan) /* Concurrent connection private API. */ +/* Mark client connection stats by setting a timestamp which tells us until + * when it is marked as positively detected. */ +static void +conn_mark_client(conn_client_stats_t *stats) +{ + tor_assert(stats); + + /* We add a random offset of a maximum of half the defense time so it is + * less predictable and thus more difficult to game. */ + stats->marked_until_ts = + approx_time() + dos_conn_connect_defense_time_period + + crypto_rand_int_range(1, dos_conn_connect_defense_time_period / 2); +} + /* Free everything for the connection DoS mitigation subsystem. */ static void conn_free_all(void) @@ -422,6 +512,63 @@ conn_consensus_has_changed(const networkstatus_t *ns) } } +/** Called when a new client connection has arrived. The following will update + * the client connection statistics. + * + * The addr is used for logging purposes only. + * + * If the connect counter reaches its limit, it is marked. */ +static void +conn_update_on_connect(conn_client_stats_t *stats, const tor_addr_t *addr) +{ + tor_assert(stats); + tor_assert(addr); + + /* Update concurrent count for this new connect. */ + stats->concurrent_count++; + + /* Refill connect connection count. */ + token_bucket_ctr_refill(&stats->connect_count, (uint32_t) approx_time()); + + /* Decrement counter for this new connection. */ + if (token_bucket_ctr_get(&stats->connect_count) > 0) { + token_bucket_ctr_dec(&stats->connect_count, 1); + } + + /* Assess connect counter. Mark it if counter is down to 0 and we haven't + * marked it before or it was reset. This is to avoid to re-mark it over and + * over again extending continuously the blocked time. */ + if (token_bucket_ctr_get(&stats->connect_count) == 0 && + stats->marked_until_ts == 0) { + conn_mark_client(stats); + } + + log_debug(LD_DOS, "Client address %s has now %u concurrent connections. " + "Remaining %" TOR_PRIuSZ "/sec connections are allowed.", + fmt_addr(addr), stats->concurrent_count, + token_bucket_ctr_get(&stats->connect_count)); +} + +/** Called when a client connection is closed. The following will update + * the client connection statistics. + * + * The addr is used for logging purposes only. */ +static void +conn_update_on_close(conn_client_stats_t *stats, const tor_addr_t *addr) +{ + /* Extra super duper safety. Going below 0 means an underflow which could + * lead to most likely a false positive. In theory, this should never happen + * but lets be extra safe. */ + if (BUG(stats->concurrent_count == 0)) { + return; + } + + stats->concurrent_count--; + log_debug(LD_DOS, "Client address %s has lost a connection. Concurrent " + "connections are now at %u", + fmt_addr(addr), stats->concurrent_count); +} + /* General private API */ /* Return true iff we have at least one DoS detection enabled. This is used to @@ -434,6 +581,48 @@ dos_is_enabled(void) /* Circuit creation public API. */ +/** Return the number of rejected circuits. */ +uint64_t +dos_get_num_cc_rejected(void) +{ + return cc_num_rejected_cells; +} + +/** Return the number of marked addresses. */ +uint32_t +dos_get_num_cc_marked_addr(void) +{ + return cc_num_marked_addrs; +} + +/** Return the number of marked addresses due to max queue limit reached. */ +uint32_t +dos_get_num_cc_marked_addr_maxq(void) +{ + return cc_num_marked_addrs_max_queue; +} + +/** Return number of concurrent connections rejected. */ +uint64_t +dos_get_num_conn_addr_rejected(void) +{ + return conn_num_addr_rejected; +} + +/** Return the number of connection rejected. */ +uint64_t +dos_get_num_conn_addr_connect_rejected(void) +{ + return conn_num_addr_connect_rejected; +} + +/** Return the number of single hop refused. */ +uint64_t +dos_get_num_single_hop_refused(void) +{ + return num_single_hop_client_refused; +} + /* Called when a CREATE cell is received from the given channel. */ void dos_cc_new_create_cell(channel_t *chan) @@ -547,9 +736,20 @@ dos_conn_addr_get_defense_type(const tor_addr_t *addr) goto end; } + /* Is this address marked as making too many client connections? */ + if (entry->dos_stats.conn_stats.marked_until_ts >= approx_time()) { + conn_num_addr_connect_rejected++; + return dos_conn_defense_type; + } + /* Reset it to 0 here so that if the marked timestamp has expired that is + * we've gone beyond it, we have to reset it so the detection can mark it + * again in the future. */ + entry->dos_stats.conn_stats.marked_until_ts = 0; + /* Need to be above the maximum concurrent connection count to trigger a * defense. */ - if (entry->dos_stats.concurrent_count > dos_conn_max_concurrent_count) { + if (entry->dos_stats.conn_stats.concurrent_count > + dos_conn_max_concurrent_count) { conn_num_addr_rejected++; return dos_conn_defense_type; } @@ -574,7 +774,7 @@ dos_geoip_entry_about_to_free(const clientmap_entry_t *geoip_ent) /* The count is down to 0 meaning no connections right now, we can safely * clear the geoip entry from the cache. */ - if (geoip_ent->dos_stats.concurrent_count == 0) { + if (geoip_ent->dos_stats.conn_stats.concurrent_count == 0) { goto end; } @@ -595,6 +795,85 @@ dos_geoip_entry_about_to_free(const clientmap_entry_t *geoip_ent) return; } +/** A new geoip client entry has been allocated, initialize its DoS object. */ +void +dos_geoip_entry_init(clientmap_entry_t *geoip_ent) +{ + tor_assert(geoip_ent); + + /* Initialize the connection count counter with the rate and burst + * parameters taken either from configuration or consensus. + * + * We do this even if the DoS connection detection is not enabled because it + * can be enabled at runtime and these counters need to be valid. */ + token_bucket_ctr_init(&geoip_ent->dos_stats.conn_stats.connect_count, + dos_conn_connect_rate, dos_conn_connect_burst, + (uint32_t) approx_time()); +} + +/** Note that the given channel has sent outbound the maximum amount of cell + * allowed on the next channel. */ +void +dos_note_circ_max_outq(const channel_t *chan) +{ + tor_addr_t addr; + clientmap_entry_t *entry; + + tor_assert(chan); + + /* Skip everything if circuit creation defense is disabled. */ + if (!dos_cc_enabled) { + goto end; + } + + /* Must be a client connection else we ignore. */ + if (!channel_is_client(chan)) { + goto end; + } + /* Without an IP address, nothing can work. */ + if (!channel_get_addr_if_possible(chan, &addr)) { + goto end; + } + + /* We are only interested in client connection from the geoip cache. */ + entry = geoip_lookup_client(&addr, NULL, GEOIP_CLIENT_CONNECT); + if (entry == NULL) { + goto end; + } + + /* Is the client marked? If yes, just ignore. */ + if (entry->dos_stats.cc_stats.marked_until_ts >= approx_time()) { + goto end; + } + + /* If max outq parameter is 0, it means disabled, just ignore. */ + if (dos_num_circ_max_outq == 0) { + goto end; + } + + entry->dos_stats.num_circ_max_cell_queue_size++; + + /* This is the detection. If we have reached the maximum amount of times a + * client IP is allowed to reach this limit, mark client. */ + if (entry->dos_stats.num_circ_max_cell_queue_size >= + dos_num_circ_max_outq) { + /* Only account for this marked address if this is the first time we block + * it else our counter is inflated with non unique entries. */ + if (entry->dos_stats.cc_stats.marked_until_ts == 0) { + cc_num_marked_addrs_max_queue++; + } + log_info(LD_DOS, "Detected outbound max circuit queue from addr: %s", + fmt_addr(&addr)); + cc_mark_client(&entry->dos_stats.cc_stats); + + /* Reset after being marked so once unmarked, we start back clean. */ + entry->dos_stats.num_circ_max_cell_queue_size = 0; + } + + end: + return; +} + /* Note down that we've just refused a single hop client. This increments a * counter later used for the heartbeat. */ void @@ -613,8 +892,8 @@ dos_should_refuse_single_hop_client(void) return 0; } - if (get_options()->DoSRefuseSingleHopClientRendezvous != -1) { - return get_options()->DoSRefuseSingleHopClientRendezvous; + if (dos_get_options()->DoSRefuseSingleHopClientRendezvous != -1) { + return dos_get_options()->DoSRefuseSingleHopClientRendezvous; } return (int) networkstatus_get_param(NULL, @@ -626,55 +905,57 @@ dos_should_refuse_single_hop_client(void) void dos_log_heartbeat(void) { - char *conn_msg = NULL; - char *cc_msg = NULL; - char *single_hop_client_msg = NULL; - char *circ_stats_msg = NULL; - char *hs_dos_intro2_msg = NULL; + smartlist_t *elems = smartlist_new(); /* Stats number coming from relay.c append_cell_to_circuit_queue(). */ - tor_asprintf(&circ_stats_msg, - " %" PRIu64 " circuits killed with too many cells.", - stats_n_circ_max_cell_reached); + smartlist_add_asprintf(elems, + "%" PRIu64 " circuits killed with too many cells", + stats_n_circ_max_cell_reached); if (dos_cc_enabled) { - tor_asprintf(&cc_msg, - " %" PRIu64 " circuits rejected," - " %" PRIu32 " marked addresses.", - cc_num_rejected_cells, cc_num_marked_addrs); + smartlist_add_asprintf(elems, + "%" PRIu64 " circuits rejected, " + "%" PRIu32 " marked addresses, " + "%" PRIu32 " marked addresses for max queue", + cc_num_rejected_cells, cc_num_marked_addrs, + cc_num_marked_addrs_max_queue); + } else { + smartlist_add_asprintf(elems, "[DoSCircuitCreationEnabled disabled]"); } if (dos_conn_enabled) { - tor_asprintf(&conn_msg, - " %" PRIu64 " connections closed.", - conn_num_addr_rejected); + smartlist_add_asprintf(elems, + "%" PRIu64 " same address concurrent " + "connections rejected", conn_num_addr_rejected); + smartlist_add_asprintf(elems, + "%" PRIu64 " connections rejected", + conn_num_addr_connect_rejected); + } else { + smartlist_add_asprintf(elems, "[DoSConnectionEnabled disabled]"); } if (dos_should_refuse_single_hop_client()) { - tor_asprintf(&single_hop_client_msg, - " %" PRIu64 " single hop clients refused.", - num_single_hop_client_refused); + smartlist_add_asprintf(elems, + "%" PRIu64 " single hop clients refused", + num_single_hop_client_refused); + } else { + smartlist_add_asprintf(elems, + "[DoSRefuseSingleHopClientRendezvous disabled]"); } /* HS DoS stats. */ - tor_asprintf(&hs_dos_intro2_msg, - " %" PRIu64 " INTRODUCE2 rejected.", - hs_dos_get_intro2_rejected_count()); + smartlist_add_asprintf(elems, + "%" PRIu64 " INTRODUCE2 rejected", + hs_dos_get_intro2_rejected_count()); + + char *msg = smartlist_join_strings(elems, ", ", 0, NULL); log_notice(LD_HEARTBEAT, - "DoS mitigation since startup:%s%s%s%s%s", - circ_stats_msg, - (cc_msg != NULL) ? cc_msg : " [cc not enabled]", - (conn_msg != NULL) ? conn_msg : " [conn not enabled]", - (single_hop_client_msg != NULL) ? single_hop_client_msg : "", - (hs_dos_intro2_msg != NULL) ? hs_dos_intro2_msg : ""); - - tor_free(conn_msg); - tor_free(cc_msg); - tor_free(single_hop_client_msg); - tor_free(circ_stats_msg); - tor_free(hs_dos_intro2_msg); - return; + "Heartbeat: DoS mitigation since startup: %s.", msg); + + tor_free(msg); + SMARTLIST_FOREACH(elems, char *, e, tor_free(e)); + smartlist_free(elems); } /* Called when a new client connection has been established on the given @@ -709,11 +990,11 @@ dos_new_client_conn(or_connection_t *or_conn, const char *transport_name) goto end; } - entry->dos_stats.concurrent_count++; + /* Update stats from this new connect. */ + conn_update_on_connect(&entry->dos_stats.conn_stats, + &TO_CONN(or_conn)->addr); + or_conn->tracked_for_dos_mitigation = 1; - log_debug(LD_DOS, "Client address %s has now %u concurrent connections.", - fmt_addr(&TO_CONN(or_conn)->addr), - entry->dos_stats.concurrent_count); end: return; @@ -743,18 +1024,8 @@ dos_close_client_conn(const or_connection_t *or_conn) goto end; } - /* Extra super duper safety. Going below 0 means an underflow which could - * lead to most likely a false positive. In theory, this should never happen - * but lets be extra safe. */ - if (BUG(entry->dos_stats.concurrent_count == 0)) { - goto end; - } - - entry->dos_stats.concurrent_count--; - log_debug(LD_DOS, "Client address %s has lost a connection. Concurrent " - "connections are now at %u", - fmt_addr(&TO_CONN(or_conn)->addr), - entry->dos_stats.concurrent_count); + /* Update stats from this new close. */ + conn_update_on_close(&entry->dos_stats.conn_stats, &TO_CONN(or_conn)->addr); end: return; diff --git a/src/core/or/dos.h b/src/core/or/dos.h index b3eca058b8..4a2227f132 100644 --- a/src/core/or/dos.h +++ b/src/core/or/dos.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* @@ -9,7 +9,11 @@ #ifndef TOR_DOS_H #define TOR_DOS_H -/* Structure that keeps stats of client connection per-IP. */ +#include "core/or/or.h" + +#include "lib/evloop/token_bucket.h" + +/* Structure that keeps stats of circuit creation per client connection IP. */ typedef struct cc_client_stats_t { /* Number of allocated circuits remaining for this address. It is * decremented every time a new circuit is seen for this client address and @@ -28,17 +32,35 @@ typedef struct cc_client_stats_t { time_t marked_until_ts; } cc_client_stats_t; +/* Structure that keeps stats of client connection per-IP. */ +typedef struct conn_client_stats_t { + /* Concurrent connection count from the specific address. 2^32 - 1 is most + * likely way too big for the amount of allowed file descriptors. */ + uint32_t concurrent_count; + + /* Connect count from the specific address. We use a token bucket here to + * track the rate and burst of connections from the same IP address.*/ + token_bucket_ctr_t connect_count; + + /* The client address attempted too many connections, per the connect_count + * rules, and thus is marked so defense(s) can be applied. It is + * synchronized using the approx_time(). */ + time_t marked_until_ts; +} conn_client_stats_t; + /* This object is a top level object that contains everything related to the * per-IP client DoS mitigation. Because it is per-IP, it is used in the geoip * clientmap_entry_t object. */ typedef struct dos_client_stats_t { - /* Concurrent connection count from the specific address. 2^32 is most - * likely way too big for the amount of allowed file descriptors. */ - uint32_t concurrent_count; + /* Client connection statistics. */ + conn_client_stats_t conn_stats; /* Circuit creation statistics. This is only used if the circuit creation * subsystem has been enabled (dos_cc_enabled). */ cc_client_stats_t cc_stats; + + /** Number of times the circ_max_cell_queue_size limit has been reached. */ + uint32_t num_circ_max_cell_queue_size; } dos_client_stats_t; /* General API. */ @@ -51,6 +73,7 @@ void dos_free_all(void); void dos_consensus_has_changed(const networkstatus_t *ns); int dos_enabled(void); void dos_log_heartbeat(void); +void dos_geoip_entry_init(struct clientmap_entry_t *geoip_ent); void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent); void dos_new_client_conn(or_connection_t *or_conn, @@ -59,6 +82,14 @@ void dos_close_client_conn(const or_connection_t *or_conn); int dos_should_refuse_single_hop_client(void); void dos_note_refuse_single_hop_client(void); +void dos_note_circ_max_outq(const channel_t *chan); + +uint32_t dos_get_num_cc_marked_addr(void); +uint32_t dos_get_num_cc_marked_addr_maxq(void); +uint64_t dos_get_num_cc_rejected(void); +uint64_t dos_get_num_conn_addr_rejected(void); +uint64_t dos_get_num_conn_addr_connect_rejected(void); +uint64_t dos_get_num_single_hop_refused(void); /* * Circuit creation DoS mitigation subsystemn interface. @@ -102,6 +133,16 @@ dos_cc_defense_type_t dos_cc_get_defense_type(channel_t *chan); #define DOS_CONN_MAX_CONCURRENT_COUNT_DEFAULT 100 /* DoSConnectionDefenseType maps to the dos_conn_defense_type_t enum. */ #define DOS_CONN_DEFENSE_TYPE_DEFAULT DOS_CONN_DEFENSE_CLOSE +/* DoSConnectionConnectRate default. Per second. */ +#define DOS_CONN_CONNECT_RATE_DEFAULT 20 +/* DoSConnectionConnectBurst default. Per second. */ +#define DOS_CONN_CONNECT_BURST_DEFAULT 40 +/* DoSConnectionConnectDefenseTimePeriod default. Set to 24 hours. */ +#define DOS_CONN_CONNECT_DEFENSE_TIME_PERIOD_DEFAULT (24 * 60 * 60) +/* DoSCircuitCreationDefenseTimePeriod minimum value. Because we add a random + * offset to the marked timestamp, we need the minimum value to be non zero. + * We consider that 10 seconds is an acceptable lower bound. */ +#define DOS_CONN_CONNECT_DEFENSE_TIME_PERIOD_MIN (10) /* Type of defense that we can use for the concurrent connection DoS * mitigation. */ @@ -125,6 +166,7 @@ STATIC uint32_t get_param_conn_max_concurrent_count( STATIC uint32_t get_param_cc_circuit_burst(const networkstatus_t *ns); STATIC uint32_t get_param_cc_min_concurrent_connection( const networkstatus_t *ns); +STATIC uint32_t get_param_conn_connect_burst(const networkstatus_t *ns); STATIC uint64_t get_circuit_rate_per_second(void); STATIC void cc_stats_refill_bucket(cc_client_stats_t *stats, diff --git a/src/core/or/dos_config.c b/src/core/or/dos_config.c new file mode 100644 index 0000000000..9457b0224e --- /dev/null +++ b/src/core/or/dos_config.c @@ -0,0 +1,29 @@ +/* Copyright (c) 2021-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file dos_config.c + * @brief Code to interpret the user's configuration of DoS module. + **/ + +#include "core/or/dos_config.h" +#include "core/or/dos_options_st.h" + +/* Declare the options field table for dos_options */ +#define CONF_CONTEXT TABLE +#include "core/or/dos_options.inc" +#undef CONF_CONTEXT + +/** Magic number for dos_options_t. */ +#define DOS_OPTIONS_MAGIC 0x91716151 + +/** + * Declare the configuration options for the dos module. + **/ +const config_format_t dos_options_fmt = { + .size = sizeof(dos_options_t), + .magic = { "dos_options_t", + DOS_OPTIONS_MAGIC, + offsetof(dos_options_t, magic) }, + .vars = dos_options_t_vars, +}; diff --git a/src/core/or/dos_config.h b/src/core/or/dos_config.h new file mode 100644 index 0000000000..3fc5bb5293 --- /dev/null +++ b/src/core/or/dos_config.h @@ -0,0 +1,16 @@ +/* Copyright (c) 2021-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file dos_config.h + * @brief Header for core/or/dos_config.c + **/ + +#ifndef TOR_CORE_OR_DOS_CONFIG_H +#define TOR_CORE_OR_DOS_CONFIG_H + +#include "lib/conf/conftypes.h" + +extern const struct config_format_t dos_options_fmt; + +#endif /* !defined(TOR_CORE_OR_DOS_CONFIG_H) */ diff --git a/src/core/or/dos_options.inc b/src/core/or/dos_options.inc new file mode 100644 index 0000000000..9baa7a35b8 --- /dev/null +++ b/src/core/or/dos_options.inc @@ -0,0 +1,59 @@ +/* Copyright (c) 2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file dos_options.inc + * @brief Declare configuration options for the DoS module. + **/ + +BEGIN_CONF_STRUCT(dos_options_t) + +/** Autobool: Is the DoS connection mitigation subsystem enabled? */ +CONF_VAR(DoSConnectionEnabled, AUTOBOOL, 0, "auto") + +/** Autobool: Is the circuit creation DoS mitigation subsystem enabled? */ +CONF_VAR(DoSCircuitCreationEnabled, AUTOBOOL, 0, "auto") + +/** Minimum concurrent connection needed from one single address before any + * defense is used. */ +CONF_VAR(DoSCircuitCreationMinConnections, POSINT, 0, "0") + +/** Circuit rate used to refill the token bucket. */ +CONF_VAR(DoSCircuitCreationRate, POSINT, 0, "0") + +/** Maximum allowed burst of circuits. Reaching that value, the address is + * detected as malicious and a defense might be used. */ +CONF_VAR(DoSCircuitCreationBurst, POSINT, 0, "0") + +/** When an address is marked as malicious, what defense should be used + * against it. See the dos_cc_defense_type_t enum. */ +CONF_VAR(DoSCircuitCreationDefenseType, INT, 0, "0") + +/** For how much time (in seconds) the defense is applicable for a malicious + * address. A random time delta is added to the defense time of an address + * which will be between 1 second and half of this value. */ +CONF_VAR(DoSCircuitCreationDefenseTimePeriod, INTERVAL, 0, "0") + +/** Maximum concurrent connection allowed per address. */ +CONF_VAR(DoSConnectionMaxConcurrentCount, POSINT, 0, "0") + +/** When an address is reaches the maximum count, what defense should be + * used against it. See the dos_conn_defense_type_t enum. */ +CONF_VAR(DoSConnectionDefenseType, INT, 0, "0") + +/** Autobool: Do we refuse single hop client rendezvous? */ +CONF_VAR(DoSRefuseSingleHopClientRendezvous, AUTOBOOL, 0, "auto") + +/** Allowed burst of client connection allowed per address. */ +CONF_VAR(DoSConnectionConnectBurst, POSINT, 0, "0") + +/** Allowed rate of client connection allowed per address. */ +CONF_VAR(DoSConnectionConnectRate, POSINT, 0, "0") + +/** For how much time (in seconds) the connection connect rate defense is +* applicable for a malicious address. A random time delta is added to the +* defense time of an address which will be between 1 second and half of this +* value. */ +CONF_VAR(DoSConnectionConnectDefenseTimePeriod, INTERVAL, 0, "0") + +END_CONF_STRUCT(dos_options_t) diff --git a/src/core/or/dos_options_st.h b/src/core/or/dos_options_st.h new file mode 100644 index 0000000000..1cbe87da03 --- /dev/null +++ b/src/core/or/dos_options_st.h @@ -0,0 +1,20 @@ +/* Copyright (c) 2021-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file dos_options_st.h + * @brief Structure dos_options_t to hold options for the DoS subsystem. + **/ + +#ifndef TOR_CORE_OR_DOS_OPTIONS_ST_H +#define TOR_CORE_OR_DOS_OPTIONS_ST_H + +#include "lib/conf/confdecl.h" + +#define CONF_CONTEXT STRUCT +#include "core/or/dos_options.inc" +#undef CONF_CONTEXT + +typedef struct dos_options_t dos_options_t; + +#endif /* !defined(TOR_CORE_OR_DOS_OPTIONS_ST_H) */ diff --git a/src/core/or/dos_sys.c b/src/core/or/dos_sys.c new file mode 100644 index 0000000000..03a9ee9140 --- /dev/null +++ b/src/core/or/dos_sys.c @@ -0,0 +1,60 @@ +/* Copyright (c) 2021-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file dos_sys.c + * @brief Subsystem definitions for DOS module. + **/ + +#include "core/or/or.h" + +#include "lib/subsys/subsys.h" + +#include "core/or/dos_config.h" +#include "core/or/dos_sys.h" + +#include "core/or/dos_options_st.h" + +static const dos_options_t *global_dos_options; + +static int +subsys_dos_initialize(void) +{ + return 0; +} + +static void +subsys_dos_shutdown(void) +{ + global_dos_options = NULL; +} + +const dos_options_t * +dos_get_options(void) +{ + tor_assert(global_dos_options); + return global_dos_options; +} + +static int +dos_set_options(void *arg) +{ + dos_options_t *opts = arg; + global_dos_options = opts; + return 0; +} + +const struct subsys_fns_t sys_dos = { + SUBSYS_DECLARE_LOCATION(), + + .name = "dos", + .supported = true, + .level = DOS_SUBSYS_LEVEL, + + .initialize = subsys_dos_initialize, + .shutdown = subsys_dos_shutdown, + + /* Configuration Options. */ + .options_format = &dos_options_fmt, + .set_options = dos_set_options, +}; diff --git a/src/core/or/dos_sys.h b/src/core/or/dos_sys.h new file mode 100644 index 0000000000..8a5364fba5 --- /dev/null +++ b/src/core/or/dos_sys.h @@ -0,0 +1,25 @@ +/* Copyright (c) 2021-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file dos_sys.h + * @brief Header for core/or/dos_sys.c + **/ + +#ifndef TOR_CORE_OR_DOS_SYS_H +#define TOR_CORE_OR_DOS_SYS_H + +struct dos_options_t; +const struct dos_options_t *dos_get_options(void); + +extern const struct subsys_fns_t sys_dos; + +/** + * Subsystem level for the metrics system. + * + * Defined here so that it can be shared between the real and stub + * definitions. + **/ +#define DOS_SUBSYS_LEVEL (21) + +#endif /* !defined(TOR_CORE_OR_DOS_SYS_H) */ diff --git a/src/core/or/edge_connection_st.h b/src/core/or/edge_connection_st.h index 9b2f031b9d..942991f139 100644 --- a/src/core/or/edge_connection_st.h +++ b/src/core/or/edge_connection_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -15,6 +15,7 @@ #include "core/or/or.h" #include "core/or/connection_st.h" +#include "lib/evloop/token_bucket.h" /** Subtype of connection_t for an "edge connection" -- that is, an entry (ap) * connection, or an exit. */ @@ -33,9 +34,6 @@ struct edge_connection_t { /** A pointer to which node in the circ this conn exits at. Set for AP * connections and for hidden service exit connections. */ struct crypt_path_t *cpath_layer; - /** What rendezvous service are we querying for (if an AP) or providing (if - * an exit)? */ - rend_data_t *rend_data; /* Hidden service connection identifier for edge connections. Used by the HS * client-side code to identify client SOCKS connections and by the @@ -76,6 +74,60 @@ struct edge_connection_t { * that's going away and being used on channels instead. We still tag * edge connections with dirreq_id from circuits, so it's copied here. */ uint64_t dirreq_id; + + /* The following are flow control fields */ + + /** Used for rate limiting the read side of this edge connection when + * congestion control is enabled on its circuit. The XON cell ewma_drain_rate + * parameter is used to set the bucket limits. */ + token_bucket_rw_t bucket; + + /** + * Monotime timestamp of the last time we sent a flow control message + * for this edge, used to compute advisory rates */ + uint64_t drain_start_usec; + + /** + * Number of bytes written since we either emptied our buffers, + * or sent an advisory drate rate. Can wrap, buf if so, + * we must reset the usec timestamp above. (Or make this u64, idk). + */ + uint32_t drained_bytes; + uint32_t prev_drained_bytes; + + /** + * N_EWMA of the drain rate of writes on this edge conn + * while buffers were present. + */ + uint32_t ewma_drain_rate; + + /** + * The ewma drain rate the last time we sent an xon. + */ + uint32_t ewma_rate_last_sent; + + /** + * The following fields are used to count the total bytes sent on this + * stream, and compare them to the number of XON and XOFFs received, so + * that clients can check rate limits of XOFF/XON to prevent dropmark + * attacks. */ + uint32_t total_bytes_xmit; + + /** Number of XOFFs received */ + uint8_t num_xoff_recv; + + /** Number of XONs received */ + uint8_t num_xon_recv; + + /** + * Flag that tells us if an XOFF has been sent; cleared when we send an XON. + * Used to avoid sending multiple */ + uint8_t xoff_sent : 1; + + /** Flag that tells us if an XOFF has been received; cleared when we get + * an XON. Used to ensure that this edge keeps reads on its edge socket + * disabled. */ + uint8_t xoff_received : 1; }; #endif /* !defined(EDGE_CONNECTION_ST_H) */ diff --git a/src/core/or/entry_connection_st.h b/src/core/or/entry_connection_st.h index 495ffd85dd..500de7521b 100644 --- a/src/core/or/entry_connection_st.h +++ b/src/core/or/entry_connection_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/entry_port_cfg_st.h b/src/core/or/entry_port_cfg_st.h index ef1095086d..05c2f4a0be 100644 --- a/src/core/or/entry_port_cfg_st.h +++ b/src/core/or/entry_port_cfg_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/extend_info_st.h b/src/core/or/extend_info_st.h index 757c6a1771..2ab0beb7e6 100644 --- a/src/core/or/extend_info_st.h +++ b/src/core/or/extend_info_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -38,6 +38,10 @@ struct extend_info_t { crypto_pk_t *onion_key; /** Ntor onion key for this hop. */ curve25519_public_key_t curve25519_onion_key; + /** True if this hop is to be used as an _exit_, + * and it also supports supports NtorV3 _and_ negotiation + * of congestion control parameters */ + bool exit_supports_congestion_control; }; #endif /* !defined(EXTEND_INFO_ST_H) */ diff --git a/src/core/or/extendinfo.c b/src/core/or/extendinfo.c index 22e5b664bb..ca623f09ce 100644 --- a/src/core/or/extendinfo.c +++ b/src/core/or/extendinfo.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -35,7 +35,9 @@ extend_info_new(const char *nickname, const ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const curve25519_public_key_t *ntor_key, - const tor_addr_t *addr, uint16_t port) + const tor_addr_t *addr, uint16_t port, + const protover_summary_flags_t *pv, + bool for_exit_use) { extend_info_t *info = tor_malloc_zero(sizeof(extend_info_t)); if (rsa_id_digest) @@ -56,6 +58,12 @@ extend_info_new(const char *nickname, if (addr) { extend_info_add_orport(info, addr, port); } + + if (pv && for_exit_use) { + info->exit_supports_congestion_control = + pv->supports_congestion_control; + } + return info; } @@ -89,7 +97,8 @@ extend_info_add_orport(extend_info_t *ei, * and IP version config. **/ extend_info_t * -extend_info_from_node(const node_t *node, int for_direct_connect) +extend_info_from_node(const node_t *node, int for_direct_connect, + bool for_exit) { crypto_pk_t *rsa_pubkey = NULL; extend_info_t *info = NULL; @@ -149,7 +158,9 @@ extend_info_from_node(const node_t *node, int for_direct_connect) rsa_pubkey, curve_pubkey, &ap.addr, - ap.port); + ap.port, + &node->ri->pv, + for_exit); } else if (valid_addr && node->rs && node->md) { info = extend_info_new(node->rs->nickname, node->identity, @@ -157,7 +168,9 @@ extend_info_from_node(const node_t *node, int for_direct_connect) rsa_pubkey, curve_pubkey, &ap.addr, - ap.port); + ap.port, + &node->rs->pv, + for_exit); } crypto_pk_free(rsa_pubkey); @@ -210,6 +223,15 @@ extend_info_supports_ntor(const extend_info_t* ei) CURVE25519_PUBKEY_LEN); } +/** Return true if we can use the Ntor v3 handshake with `ei` */ +int +extend_info_supports_ntor_v3(const extend_info_t *ei) +{ + tor_assert(ei); + return extend_info_supports_ntor(ei) && + ei->exit_supports_congestion_control; +} + /* Does ei have an onion key which it would prefer to use? * Currently, we prefer ntor keys*/ int diff --git a/src/core/or/extendinfo.h b/src/core/or/extendinfo.h index 0049dd0189..6d1f20597b 100644 --- a/src/core/or/extendinfo.h +++ b/src/core/or/extendinfo.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -17,8 +17,11 @@ extend_info_t *extend_info_new(const char *nickname, const struct ed25519_public_key_t *ed_id, crypto_pk_t *onion_key, const struct curve25519_public_key_t *ntor_key, - const tor_addr_t *addr, uint16_t port); -extend_info_t *extend_info_from_node(const node_t *r, int for_direct_connect); + const tor_addr_t *addr, uint16_t port, + const struct protover_summary_flags_t *pv, + bool for_exit_use); +extend_info_t *extend_info_from_node(const node_t *r, int for_direct_connect, + bool for_exit); extend_info_t *extend_info_dup(extend_info_t *info); void extend_info_free_(extend_info_t *info); #define extend_info_free(info) \ @@ -26,6 +29,7 @@ void extend_info_free_(extend_info_t *info); int extend_info_addr_is_allowed(const tor_addr_t *addr); int extend_info_supports_tap(const extend_info_t* ei); int extend_info_supports_ntor(const extend_info_t* ei); +int extend_info_supports_ntor_v3(const extend_info_t *ei); int extend_info_has_preferred_onion_key(const extend_info_t* ei); bool extend_info_has_orport(const extend_info_t *ei, const tor_addr_t *addr, uint16_t port); diff --git a/src/core/or/half_edge_st.h b/src/core/or/half_edge_st.h index c6b6e518fc..642d8e1ea5 100644 --- a/src/core/or/half_edge_st.h +++ b/src/core/or/half_edge_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -31,6 +31,18 @@ typedef struct half_edge_t { * our deliver window */ int data_pending; + /** + * Monotime timestamp of when the other end should have successfully + * shut down the stream and stop sending data, based on the larger + * of circuit RTT and CBT. Used if 'used_ccontrol' is true, to expire + * the half_edge at this monotime timestamp. */ + uint64_t end_ack_expected_usec; + + /** + * Did this edge use congestion control? If so, use + * timer instead of pending data approach */ + int used_ccontrol : 1; + /** Is there a connected cell pending? */ int connected_pending : 1; } half_edge_t; diff --git a/src/core/or/include.am b/src/core/or/include.am index 7c42268c46..b08f8509cc 100644 --- a/src/core/or/include.am +++ b/src/core/or/include.am @@ -18,6 +18,8 @@ LIBTOR_APP_A_SOURCES += \ src/core/or/connection_edge.c \ src/core/or/connection_or.c \ src/core/or/dos.c \ + src/core/or/dos_config.c \ + src/core/or/dos_sys.c \ src/core/or/extendinfo.c \ src/core/or/onion.c \ src/core/or/ocirc_event.c \ @@ -26,13 +28,17 @@ LIBTOR_APP_A_SOURCES += \ src/core/or/orconn_event.c \ src/core/or/policies.c \ src/core/or/protover.c \ - src/core/or/protover_rust.c \ src/core/or/reasons.c \ src/core/or/relay.c \ src/core/or/scheduler.c \ src/core/or/scheduler_kist.c \ src/core/or/scheduler_vanilla.c \ src/core/or/sendme.c \ + src/core/or/congestion_control_common.c \ + src/core/or/congestion_control_vegas.c \ + src/core/or/congestion_control_nola.c \ + src/core/or/congestion_control_westwood.c \ + src/core/or/congestion_control_flow.c \ src/core/or/status.c \ src/core/or/versions.c @@ -55,6 +61,7 @@ noinst_HEADERS += \ src/core/or/circuitpadding_machines.h \ src/core/or/circuituse.h \ src/core/or/command.h \ + src/core/or/congestion_control_st.h \ src/core/or/connection_edge.h \ src/core/or/connection_or.h \ src/core/or/connection_st.h \ @@ -64,6 +71,10 @@ noinst_HEADERS += \ src/core/or/crypt_path_st.h \ src/core/or/destroy_cell_queue_st.h \ src/core/or/dos.h \ + src/core/or/dos_config.h \ + src/core/or/dos_options.inc \ + src/core/or/dos_options_st.h \ + src/core/or/dos_sys.h \ src/core/or/edge_connection_st.h \ src/core/or/extendinfo.h \ src/core/or/half_edge_st.h \ @@ -71,6 +82,7 @@ noinst_HEADERS += \ src/core/or/entry_port_cfg_st.h \ src/core/or/extend_info_st.h \ src/core/or/listener_connection_st.h \ + src/core/or/lttng_cc.inc \ src/core/or/lttng_circuit.inc \ src/core/or/onion.h \ src/core/or/or.h \ @@ -91,6 +103,11 @@ noinst_HEADERS += \ src/core/or/relay_crypto_st.h \ src/core/or/scheduler.h \ src/core/or/sendme.h \ + src/core/or/congestion_control_flow.h \ + src/core/or/congestion_control_common.h \ + src/core/or/congestion_control_vegas.h \ + src/core/or/congestion_control_nola.h \ + src/core/or/congestion_control_westwood.h \ src/core/or/server_port_cfg_st.h \ src/core/or/socks_request_st.h \ src/core/or/status.h \ @@ -100,7 +117,9 @@ noinst_HEADERS += \ if USE_TRACING_INSTRUMENTATION_LTTNG LIBTOR_APP_A_SOURCES += \ + src/core/or/trace_probes_cc.c \ src/core/or/trace_probes_circuit.c noinst_HEADERS += \ + src/core/or/trace_probes_cc.h \ src/core/or/trace_probes_circuit.h endif diff --git a/src/core/or/listener_connection_st.h b/src/core/or/listener_connection_st.h index 78175ea061..5cc3fa2afd 100644 --- a/src/core/or/listener_connection_st.h +++ b/src/core/or/listener_connection_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/lttng_cc.inc b/src/core/or/lttng_cc.inc new file mode 100644 index 0000000000..de06fa026f --- /dev/null +++ b/src/core/or/lttng_cc.inc @@ -0,0 +1,166 @@ +/* Copyright (c) 2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file lttng_cc.inc + * \brief LTTng tracing probe declaration for the congestion control subsystem. + * It is in this .inc file due to the non C standard syntax and the way + * we guard the header with the LTTng specific + * TRACEPOINT_HEADER_MULTI_READ. + **/ + +#include "orconfig.h" + +/* We only build the following if LTTng instrumentation has been enabled. */ +#ifdef USE_TRACING_INSTRUMENTATION_LTTNG + +/* The following defines are LTTng-UST specific. */ +#undef TRACEPOINT_PROVIDER +#define TRACEPOINT_PROVIDER tor_cc + +#undef TRACEPOINT_INCLUDE +#define TRACEPOINT_INCLUDE "./src/core/or/lttng_cc.inc" + +#if !defined(LTTNG_CC_INC) || defined(TRACEPOINT_HEADER_MULTI_READ) +#define LTTNG_CC_INC + +#include <lttng/tracepoint.h> + +/* + * Flow Control + */ + +/* Emitted every time the flow_control_decide_xon() function is called. */ +TRACEPOINT_EVENT(tor_cc, flow_decide_xon, + TP_ARGS(const edge_connection_t *, stream, size_t, n_written), + TP_FIELDS( + ctf_integer(uint64_t, stream_id, TO_CONN(stream)->global_identifier) + ctf_integer(size_t, written_bytes, n_written) + ctf_integer(uint32_t, drained_bytes_current, stream->drained_bytes) + ctf_integer(uint32_t, drained_bytes_previous, stream->prev_drained_bytes) + ctf_integer(uint32_t, ewma_drain_rate_last, stream->ewma_rate_last_sent) + ctf_integer(uint32_t, ewma_drain_rate_current, stream->ewma_drain_rate) + ctf_integer(size_t, outbuf_len, + connection_get_outbuf_len(TO_CONN(stream))) + ) +) + +/* Emitted when flow control starts measuring the drain rate. */ +TRACEPOINT_EVENT(tor_cc, flow_decide_xon_drain_start, + TP_ARGS(const edge_connection_t *, stream), + TP_FIELDS( + ctf_integer(uint64_t, stream_id, TO_CONN(stream)->global_identifier) + ctf_integer(uint32_t, drained_bytes_current, stream->drained_bytes) + ctf_integer(uint32_t, drained_bytes_previous, stream->prev_drained_bytes) + ctf_integer(uint32_t, ewma_drain_rate_last, stream->ewma_rate_last_sent) + ctf_integer(uint32_t, ewma_drain_rate_current, stream->ewma_drain_rate) + ctf_integer(size_t, outbuf_len, + connection_get_outbuf_len(TO_CONN(stream))) + ) +) + +/* Emitted when the drain rate is updated. The new_drain_rate value is what was + * just computed. */ +TRACEPOINT_EVENT(tor_cc, flow_decide_xon_drain_update, + TP_ARGS(const edge_connection_t *, stream, uint32_t, drain_rate), + TP_FIELDS( + ctf_integer(uint64_t, stream_id, TO_CONN(stream)->global_identifier) + ctf_integer(uint32_t, drained_bytes_current, stream->drained_bytes) + ctf_integer(uint32_t, drained_bytes_previous, stream->prev_drained_bytes) + ctf_integer(uint32_t, new_drain_rate, drain_rate) + ctf_integer(uint32_t, ewma_drain_rate_last, stream->ewma_rate_last_sent) + ctf_integer(uint32_t, ewma_drain_rate_current, stream->ewma_drain_rate) + ctf_integer(size_t, outbuf_len, + connection_get_outbuf_len(TO_CONN(stream))) + ) +) + +/* Emitted when an XON cell is sent due to a notice in a drain rate change. */ +TRACEPOINT_EVENT(tor_cc, flow_decide_xon_rate_change, + TP_ARGS(const edge_connection_t *, stream), + TP_FIELDS( + ctf_integer(uint64_t, stream_id, TO_CONN(stream)->global_identifier) + ctf_integer(uint32_t, drained_bytes_current, stream->drained_bytes) + ctf_integer(uint32_t, drained_bytes_previous, stream->prev_drained_bytes) + ctf_integer(uint32_t, ewma_drain_rate_last, stream->ewma_rate_last_sent) + ctf_integer(uint32_t, ewma_drain_rate_current, stream->ewma_drain_rate) + ctf_integer(size_t, outbuf_len, + connection_get_outbuf_len(TO_CONN(stream))) + ) +) + +/* Emitted when an XON cell is sent because we partially or fully drained the + * edge connection buffer. */ +TRACEPOINT_EVENT(tor_cc, flow_decide_xon_partial_drain, + TP_ARGS(const edge_connection_t *, stream), + TP_FIELDS( + ctf_integer(uint64_t, stream_id, TO_CONN(stream)->global_identifier) + ctf_integer(uint32_t, drained_bytes_current, stream->drained_bytes) + ctf_integer(uint32_t, drained_bytes_previous, stream->prev_drained_bytes) + ctf_integer(uint32_t, ewma_drain_rate_last, stream->ewma_rate_last_sent) + ctf_integer(uint32_t, ewma_drain_rate_current, stream->ewma_drain_rate) + ctf_integer(size_t, outbuf_len, + connection_get_outbuf_len(TO_CONN(stream))) + ) +) + +/* Emitted when we double the drain rate which is an attempt to see if we can + * speed things up. */ +TRACEPOINT_EVENT(tor_cc, flow_decide_xon_drain_doubled, + TP_ARGS(const edge_connection_t *, stream), + TP_FIELDS( + ctf_integer(uint64_t, stream_id, TO_CONN(stream)->global_identifier) + ctf_integer(uint32_t, drained_bytes_current, stream->drained_bytes) + ctf_integer(uint32_t, drained_bytes_previous, stream->prev_drained_bytes) + ctf_integer(uint32_t, ewma_drain_rate_last, stream->ewma_rate_last_sent) + ctf_integer(uint32_t, ewma_drain_rate_current, stream->ewma_drain_rate) + ctf_integer(size_t, outbuf_len, + connection_get_outbuf_len(TO_CONN(stream))) + ) +) + +/* XOFF */ + +/* Emitted when we send an XOFF cell. */ +TRACEPOINT_EVENT(tor_cc, flow_decide_xoff_sending, + TP_ARGS(const edge_connection_t *, stream), + TP_FIELDS( + ctf_integer(uint64_t, stream_id, TO_CONN(stream)->global_identifier) + ctf_integer(uint32_t, drained_bytes_current, stream->drained_bytes) + ctf_integer(uint32_t, drained_bytes_previous, stream->prev_drained_bytes) + ctf_integer(uint32_t, ewma_drain_rate_last, stream->ewma_rate_last_sent) + ctf_integer(uint32_t, ewma_drain_rate_current, stream->ewma_drain_rate) + ctf_integer(size_t, outbuf_len, + connection_get_outbuf_len(TO_CONN(stream))) + ) +) + +/* + * Congestion Control + */ + +/* Emitted when the BDP value has been updated. */ +TRACEPOINT_EVENT(tor_cc, bdp_update, + TP_ARGS(const circuit_t *, circ, const congestion_control_t *, cc, + uint64_t, curr_rtt_usec, uint64_t, sendme_rate_bdp), + TP_FIELDS( + ctf_integer(uint64_t, circuit_ptr, circ) + ctf_integer(uint32_t, n_circ_id, circ->n_circ_id) + ctf_integer(uint64_t, min_rtt_usec, cc->min_rtt_usec) + ctf_integer(uint64_t, curr_rtt_usec, curr_rtt_usec) + ctf_integer(uint64_t, ewma_rtt_usec, cc->ewma_rtt_usec) + ctf_integer(uint64_t, max_rtt_usec, cc->max_rtt_usec) + ctf_integer(uint64_t, bdp_inflight_rtt, cc->bdp[BDP_ALG_INFLIGHT_RTT]) + ctf_integer(uint64_t, bdp_cwnd_rtt, cc->bdp[BDP_ALG_CWND_RTT]) + ctf_integer(uint64_t, bdp_sendme_rate, cc->bdp[BDP_ALG_SENDME_RATE]) + ctf_integer(uint64_t, bdp_piecewise, cc->bdp[BDP_ALG_PIECEWISE]) + ctf_integer(uint64_t, sendme_rate_bdp, sendme_rate_bdp) + ) +) + +#endif /* LTTNG_CC_INC || TRACEPOINT_HEADER_MULTI_READ */ + +/* Must be included after the probes declaration. */ +#include <lttng/tracepoint-event.h> + +#endif /* USE_TRACING_INSTRUMENTATION_LTTNG */ diff --git a/src/core/or/ocirc_event.c b/src/core/or/ocirc_event.c index fa16459175..4e432b1d84 100644 --- a/src/core/or/ocirc_event.c +++ b/src/core/or/ocirc_event.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/ocirc_event.h b/src/core/or/ocirc_event.h index 10307a3664..e9a98929e1 100644 --- a/src/core/or/ocirc_event.h +++ b/src/core/or/ocirc_event.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/onion.c b/src/core/or/onion.c index a3b5c6922d..0bdd2a6d35 100644 --- a/src/core/or/onion.c +++ b/src/core/or/onion.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -88,6 +88,10 @@ check_create_cell(const create_cell_t *cell, int unknown_ok) if (cell->handshake_len != NTOR_ONIONSKIN_LEN) return -1; break; + case ONION_HANDSHAKE_TYPE_NTOR_V3: + /* ntor v3 has variable length fields that are checked + * elsewhere. Fall through to always valid here. */ + break; default: if (! unknown_ok) return -1; @@ -521,6 +525,11 @@ create_cell_format_impl(cell_t *cell_out, const create_cell_t *cell_in, switch (cell_in->cell_type) { case CELL_CREATE: + if (BUG(cell_in->handshake_type == ONION_HANDSHAKE_TYPE_NTOR_V3)) { + log_warn(LD_BUG, "Create cells cannot contain ntorv3."); + return -1; + } + if (cell_in->handshake_type == ONION_HANDSHAKE_TYPE_NTOR) { memcpy(p, NTOR_CREATE_MAGIC, 16); p += 16; @@ -619,6 +628,11 @@ extend_cell_format(uint8_t *command_out, uint16_t *len_out, switch (cell_in->cell_type) { case RELAY_COMMAND_EXTEND: { + if (BUG(cell_in->create_cell.handshake_type == + ONION_HANDSHAKE_TYPE_NTOR_V3)) { + log_warn(LD_BUG, "Extend cells cannot contain ntorv3!"); + return -1; + } *command_out = RELAY_COMMAND_EXTEND; *len_out = 6 + TAP_ONIONSKIN_CHALLENGE_LEN + DIGEST_LEN; set_uint32(p, tor_addr_to_ipv4n(&cell_in->orport_ipv4.addr)); diff --git a/src/core/or/onion.h b/src/core/or/onion.h index 0dac21ab6b..bba2e38411 100644 --- a/src/core/or/onion.h +++ b/src/core/or/onion.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/or.h b/src/core/or/or.h index d80c41371e..dc8f516f0a 100644 --- a/src/core/or/or.h +++ b/src/core/or/or.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -210,6 +210,9 @@ struct curve25519_public_key_t; #define RELAY_COMMAND_PADDING_NEGOTIATE 41 #define RELAY_COMMAND_PADDING_NEGOTIATED 42 +#define RELAY_COMMAND_XOFF 43 +#define RELAY_COMMAND_XON 44 + /* Reasons why an OR connection is closed. */ #define END_OR_CONN_REASON_DONE 1 #define END_OR_CONN_REASON_REFUSED 2 /* connection refused */ @@ -328,70 +331,11 @@ struct curve25519_public_key_t; * passed through from a destroy or truncate cell. */ #define END_CIRC_REASON_FLAG_REMOTE 512 -/** Length of 'y' portion of 'y.onion' URL. */ -#define REND_SERVICE_ID_LEN_BASE32 16 - -/** Length of 'y.onion' including '.onion' URL. */ -#define REND_SERVICE_ADDRESS_LEN (16+1+5) - -/** Length of a binary-encoded rendezvous service ID. */ -#define REND_SERVICE_ID_LEN 10 - -/** Time period for which a v2 descriptor will be valid. */ -#define REND_TIME_PERIOD_V2_DESC_VALIDITY (24*60*60) - -/** Time period within which two sets of v2 descriptors will be uploaded in - * parallel. */ -#define REND_TIME_PERIOD_OVERLAPPING_V2_DESCS (60*60) - -/** Number of non-consecutive replicas (i.e. distributed somewhere - * in the ring) for a descriptor. */ -#define REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS 2 - -/** Number of consecutive replicas for a descriptor. */ -#define REND_NUMBER_OF_CONSECUTIVE_REPLICAS 3 - -/** Length of v2 descriptor ID (32 base32 chars = 160 bits). */ +/** Length of v2 descriptor ID (32 base32 chars = 160 bits). + * + * XXX: It is still used by v3 code but should be renamed or maybe removed. */ #define REND_DESC_ID_V2_LEN_BASE32 BASE32_DIGEST_LEN -/** Length of the base32-encoded secret ID part of versioned hidden service - * descriptors. */ -#define REND_SECRET_ID_PART_LEN_BASE32 BASE32_DIGEST_LEN - -/** Length of the base32-encoded hash of an introduction point's - * identity key. */ -#define REND_INTRO_POINT_ID_LEN_BASE32 BASE32_DIGEST_LEN - -/** Length of the descriptor cookie that is used for client authorization - * to hidden services. */ -#define REND_DESC_COOKIE_LEN 16 - -/** Length of the base64-encoded descriptor cookie that is used for - * exchanging client authorization between hidden service and client. */ -#define REND_DESC_COOKIE_LEN_BASE64 22 - -/** Length of client identifier in encrypted introduction points for hidden - * service authorization type 'basic'. */ -#define REND_BASIC_AUTH_CLIENT_ID_LEN 4 - -/** Multiple of the number of clients to which the real number of clients - * is padded with fake clients for hidden service authorization type - * 'basic'. */ -#define REND_BASIC_AUTH_CLIENT_MULTIPLE 16 - -/** Length of client entry consisting of client identifier and encrypted - * session key for hidden service authorization type 'basic'. */ -#define REND_BASIC_AUTH_CLIENT_ENTRY_LEN (REND_BASIC_AUTH_CLIENT_ID_LEN \ - + CIPHER_KEY_LEN) - -/** Maximum size of v2 hidden service descriptors. */ -#define REND_DESC_MAX_SIZE (20 * 1024) - -/** Legal characters for use in authorized client names for a hidden - * service. */ -#define REND_LEGAL_CLIENTNAME_CHARACTERS \ - "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+-_" - /** Maximum length of authorized client names for a hidden service. */ #define REND_CLIENTNAME_MAX_LEN 16 @@ -402,71 +346,10 @@ struct curve25519_public_key_t; /** Client authorization type that a hidden service performs. */ typedef enum rend_auth_type_t { REND_NO_AUTH = 0, - REND_BASIC_AUTH = 1, - REND_STEALTH_AUTH = 2, + REND_V3_AUTH = 1, /* Dummy flag to allow adding v3 services on the + * control port */ } rend_auth_type_t; -/** Client-side configuration of authorization for a hidden service. */ -typedef struct rend_service_authorization_t { - uint8_t descriptor_cookie[REND_DESC_COOKIE_LEN]; - char onion_address[REND_SERVICE_ADDRESS_LEN+1]; - rend_auth_type_t auth_type; -} rend_service_authorization_t; - -/** Client- and server-side data that is used for hidden service connection - * establishment. Not all fields contain data depending on where this struct - * is used. */ -typedef struct rend_data_t { - /* Hidden service protocol version of this base object. */ - uint32_t version; - - /** List of HSDir fingerprints on which this request has been sent to. This - * contains binary identity digest of the directory of size DIGEST_LEN. */ - smartlist_t *hsdirs_fp; - - /** Rendezvous cookie used by both, client and service. */ - char rend_cookie[REND_COOKIE_LEN]; - - /** Number of streams associated with this rendezvous circuit. */ - int nr_streams; -} rend_data_t; - -typedef struct rend_data_v2_t { - /* Rendezvous base data. */ - rend_data_t base_; - - /** Onion address (without the .onion part) that a client requests. */ - char onion_address[REND_SERVICE_ID_LEN_BASE32+1]; - - /** Descriptor ID for each replicas computed from the onion address. If - * the onion address is empty, this array MUST be empty. We keep them so - * we know when to purge our entry in the last hsdir request table. */ - char descriptor_id[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS][DIGEST_LEN]; - - /** (Optional) descriptor cookie that is used by a client. */ - char descriptor_cookie[REND_DESC_COOKIE_LEN]; - - /** Authorization type for accessing a service used by a client. */ - rend_auth_type_t auth_type; - - /** Descriptor ID for a client request. The control port command HSFETCH - * uses this. It's set if the descriptor query should only use this - * descriptor ID. */ - char desc_id_fetch[DIGEST_LEN]; - - /** Hash of the hidden service's PK used by a service. */ - char rend_pk_digest[DIGEST_LEN]; -} rend_data_v2_t; - -/* From a base rend_data_t object <b>d</d>, return the v2 object. */ -static inline -rend_data_v2_t *TO_REND_DATA_V2(const rend_data_t *d) -{ - tor_assert(d); - tor_assert(d->version == 2); - return DOWNCAST(rend_data_v2_t, d); -} - /* Stub because we can't include hs_ident.h. */ struct hs_ident_edge_conn_t; struct hs_ident_dir_conn_t; @@ -711,18 +594,6 @@ typedef struct or_handshake_state_t or_handshake_state_t; /** Length of Extended ORPort connection identifier. */ #define EXT_OR_CONN_ID_LEN DIGEST_LEN /* 20 */ -/* - * OR_CONN_HIGHWATER and OR_CONN_LOWWATER moved from connection_or.c so - * channeltls.c can see them too. - */ - -/** When adding cells to an OR connection's outbuf, keep adding until the - * outbuf is at least this long, or we run out of cells. */ -#define OR_CONN_HIGHWATER (32*1024) - -/** Add cells to an OR connection's outbuf whenever the outbuf's data length - * drops below this size. */ -#define OR_CONN_LOWWATER (16*1024) typedef struct connection_t connection_t; typedef struct control_connection_t control_connection_t; @@ -861,6 +732,9 @@ typedef struct protover_summary_flags_t { * negotiate hs circuit setup padding. Requires Padding=2. */ unsigned int supports_hs_setup_padding : 1; + /** True iff this router supports congestion control. + * Requires both FlowCtrl=2 *and* Relay=4 */ + unsigned int supports_congestion_control : 1; } protover_summary_flags_t; typedef struct routerinfo_t routerinfo_t; @@ -919,7 +793,8 @@ typedef enum { #define ONION_HANDSHAKE_TYPE_TAP 0x0000 #define ONION_HANDSHAKE_TYPE_FAST 0x0001 #define ONION_HANDSHAKE_TYPE_NTOR 0x0002 -#define MAX_ONION_HANDSHAKE_TYPE 0x0002 +#define ONION_HANDSHAKE_TYPE_NTOR_V3 0x0003 +#define MAX_ONION_HANDSHAKE_TYPE 0x0003 typedef struct onion_handshake_state_t onion_handshake_state_t; typedef struct relay_crypto_t relay_crypto_t; @@ -1065,15 +940,9 @@ typedef struct vote_timing_t vote_timing_t; typedef struct microdesc_cache_t microdesc_cache_t; -/********************************* rendcommon.c ***************************/ - -typedef struct rend_authorized_client_t rend_authorized_client_t; -typedef struct rend_encoded_v2_service_descriptor_t - rend_encoded_v2_service_descriptor_t; - /** The maximum number of non-circuit-build-timeout failures a hidden * service client will tolerate while trying to build a circuit to an - * introduction point. See also rend_intro_point_t.unreachable_count. */ + * introduction point. */ #define MAX_INTRO_POINT_REACHABILITY_FAILURES 5 /** The minimum and maximum number of distinct INTRODUCE2 cells which a @@ -1102,9 +971,6 @@ typedef struct rend_encoded_v2_service_descriptor_t * lifetime so this is a hard limit on the amount of time we do that. */ #define MAX_INTRO_POINT_CIRCUIT_RETRIES 3 -typedef struct rend_intro_point_t rend_intro_point_t; -typedef struct rend_service_descriptor_t rend_service_descriptor_t; - /********************************* routerlist.c ***************************/ typedef struct dir_server_t dir_server_t; diff --git a/src/core/or/or_circuit_st.h b/src/core/or/or_circuit_st.h index 4e17b1c143..11695ec301 100644 --- a/src/core/or/or_circuit_st.h +++ b/src/core/or/or_circuit_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef OR_CIRCUIT_ST_H @@ -52,6 +52,10 @@ struct or_circuit_t { /** Stores KH for the handshake. */ char rend_circ_nonce[DIGEST_LEN];/* KH in tor-spec.txt */ + /** Number of cells which we have discarded because of having no next hop, + * despite not recognizing the cell. */ + uint32_t n_cells_discarded_at_end; + /** How many more relay_early cells can we send on this circuit, according * to the specification? */ unsigned int remaining_relay_early_cells : 4; @@ -63,6 +67,12 @@ struct or_circuit_t { * statistics. */ unsigned int circuit_carries_hs_traffic_stats : 1; + /** True iff this circuit was made with a CREATE_FAST cell, or a CREATE[2] + * cell with a TAP handshake. If this is the case and this is a rend circuit, + * this is a v2 circuit, otherwise if this is a rend circuit it's a v3 + * circuit. */ + bool used_legacy_circuit_handshake; + /** Number of cells that were removed from circuit queue; reset every * time when writing buffer stats to disk. */ uint32_t processed_cells; @@ -87,4 +97,3 @@ struct or_circuit_t { }; #endif /* !defined(OR_CIRCUIT_ST_H) */ - diff --git a/src/core/or/or_connection_st.h b/src/core/or/or_connection_st.h index d99aaaefad..aceed4d2c4 100644 --- a/src/core/or/or_connection_st.h +++ b/src/core/or/or_connection_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -26,8 +26,6 @@ struct or_connection_t { * if the other side hasn't shown us a valid identity key. */ char identity_digest[DIGEST_LEN]; - /** Extended ORPort connection identifier. */ - char *ext_or_conn_id; /** This is the ClientHash value we expect to receive from the * client during the Extended ORPort authentication protocol. We * compute it upon receiving the ClientNoce from the client, and we diff --git a/src/core/or/or_handshake_certs_st.h b/src/core/or/or_handshake_certs_st.h index 31755f04a1..59e187b8c4 100644 --- a/src/core/or/or_handshake_certs_st.h +++ b/src/core/or/or_handshake_certs_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/or_handshake_state_st.h b/src/core/or/or_handshake_state_st.h index 050404046d..fffd2f0a12 100644 --- a/src/core/or/or_handshake_state_st.h +++ b/src/core/or/or_handshake_state_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/or_periodic.c b/src/core/or/or_periodic.c index 4dfdce14ca..b01790feac 100644 --- a/src/core/or/or_periodic.c +++ b/src/core/or/or_periodic.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/or_periodic.h b/src/core/or/or_periodic.h index 080573a838..bc1488506c 100644 --- a/src/core/or/or_periodic.h +++ b/src/core/or/or_periodic.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/or_sys.c b/src/core/or/or_sys.c index 73c6087dce..d724066276 100644 --- a/src/core/or/or_sys.c +++ b/src/core/or/or_sys.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/or_sys.h b/src/core/or/or_sys.h index 7ee56c8682..f6a66352fc 100644 --- a/src/core/or/or_sys.h +++ b/src/core/or/or_sys.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/orconn_event.c b/src/core/or/orconn_event.c index c30e2dd22f..ad2dac02ae 100644 --- a/src/core/or/orconn_event.c +++ b/src/core/or/orconn_event.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/orconn_event.h b/src/core/or/orconn_event.h index 2653b20d6e..7e1c679e32 100644 --- a/src/core/or/orconn_event.h +++ b/src/core/or/orconn_event.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/origin_circuit_st.h b/src/core/or/origin_circuit_st.h index ca7c4b1bef..73b971f72d 100644 --- a/src/core/or/origin_circuit_st.h +++ b/src/core/or/origin_circuit_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -128,9 +128,6 @@ struct origin_circuit_t { */ crypt_path_t *cpath; - /** Holds all rendezvous data on either client or service side. */ - rend_data_t *rend_data; - /** Holds hidden service identifier on either client or service side. This * is for both introduction and rendezvous circuit. */ struct hs_ident_circuit_t *hs_ident; @@ -208,34 +205,10 @@ struct origin_circuit_t { * (in host byte order) for response comparison. */ uint32_t pathbias_probe_nonce; - /** Set iff this is a hidden-service circuit which has timed out - * according to our current circuit-build timeout, but which has - * been kept around because it might still succeed in connecting to - * its destination, and which is not a fully-connected rendezvous - * circuit. - * - * (We clear this flag for client-side rendezvous circuits when they - * are 'joined' to the other side's rendezvous circuit, so that - * connection_ap_handshake_attach_circuit can put client streams on - * the circuit. We also clear this flag for service-side rendezvous - * circuits when they are 'joined' to a client's rend circ, but only - * for symmetry with the client case. Client-side introduction - * circuits are closed when we get a joined rend circ, and - * service-side introduction circuits never have this flag set.) */ - unsigned int hs_circ_has_timed_out : 1; - /** Set iff this circuit has been given a relaxed timeout because * no circuits have opened. Used to prevent spamming logs. */ unsigned int relaxed_timeout : 1; - /** Set iff this is a service-side rendezvous circuit for which a - * new connection attempt has been launched. We consider launching - * a new service-side rend circ to a client when the previous one - * fails; now that we don't necessarily close a service-side rend - * circ when we launch a new one to the same client, this flag keeps - * us from launching two retries for the same failed rend circ. */ - unsigned int hs_service_side_rend_circ_has_been_relaunched : 1; - /** What commands were sent over this circuit that decremented the * RELAY_EARLY counter? This is for debugging task 878. */ uint8_t relay_early_commands[MAX_RELAY_EARLY_CELLS_PER_CIRCUIT]; diff --git a/src/core/or/policies.c b/src/core/or/policies.c index 5f578d9b1a..a53849b4d0 100644 --- a/src/core/or/policies.c +++ b/src/core/or/policies.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -59,6 +59,9 @@ static smartlist_t *authdir_invalid_policy = NULL; /** Policy that addresses for incoming router descriptors must <b>not</b> * match in order to not be marked as BadExit. */ static smartlist_t *authdir_badexit_policy = NULL; +/** Policy that addresses for incoming router descriptors must <b>not</b> + * match in order to not be marked as MiddleOnly. */ +static smartlist_t *authdir_middleonly_policy = NULL; /** Parsed addr_policy_t describing which addresses we believe we can start * circuits at. */ @@ -1119,6 +1122,17 @@ authdir_policy_badexit_address(const tor_addr_t *addr, uint16_t port) return addr_is_in_cc_list(addr, get_options()->AuthDirBadExitCCs); } +/** Return 1 if <b>addr</b>:<b>port</b> should be marked as MiddleOnly, + * based on <b>authdir_middleonly_policy</b>. Else return 0. + */ +int +authdir_policy_middleonly_address(const tor_addr_t *addr, uint16_t port) +{ + if (!addr_policy_permits_tor_addr(addr, port, authdir_middleonly_policy)) + return 1; + return addr_is_in_cc_list(addr, get_options()->AuthDirMiddleOnlyCCs); +} + #define REJECT(arg) \ STMT_BEGIN *msg = tor_strdup(arg); goto err; STMT_END @@ -1173,6 +1187,9 @@ validate_addr_policies(const or_options_t *options, char **msg) if (parse_addr_policy(options->AuthDirBadExit, &addr_policy, ADDR_POLICY_REJECT)) REJECT("Error in AuthDirBadExit entry."); + if (parse_addr_policy(options->AuthDirMiddleOnly, &addr_policy, + ADDR_POLICY_REJECT)) + REJECT("Error in AuthDirMiddleOnly entry."); if (parse_addr_policy(options->ReachableAddresses, &addr_policy, ADDR_POLICY_ACCEPT)) @@ -1266,6 +1283,9 @@ policies_parse_from_options(const or_options_t *options) if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit", &authdir_badexit_policy, ADDR_POLICY_REJECT) < 0) ret = -1; + if (load_policy_from_option(options->AuthDirMiddleOnly, "AuthDirMiddleOnly", + &authdir_middleonly_policy, ADDR_POLICY_REJECT) < 0) + ret = -1; if (parse_metrics_port_policy(options) < 0) { ret = -1; } @@ -3112,6 +3132,8 @@ policies_free_all(void) authdir_invalid_policy = NULL; addr_policy_list_free(authdir_badexit_policy); authdir_badexit_policy = NULL; + addr_policy_list_free(authdir_middleonly_policy); + authdir_middleonly_policy = NULL; if (!HT_EMPTY(&policy_root)) { policy_map_ent_t **ent; diff --git a/src/core/or/policies.h b/src/core/or/policies.h index 17bd7c869f..e11e1d0ff5 100644 --- a/src/core/or/policies.h +++ b/src/core/or/policies.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -106,6 +106,7 @@ int metrics_policy_permits_address(const tor_addr_t *addr); int authdir_policy_permits_address(const tor_addr_t *addr, uint16_t port); int authdir_policy_valid_address(const tor_addr_t *addr, uint16_t port); int authdir_policy_badexit_address(const tor_addr_t *addr, uint16_t port); +int authdir_policy_middleonly_address(const tor_addr_t *addr, uint16_t port); int validate_addr_policies(const or_options_t *options, char **msg); void policy_expand_private(smartlist_t **policy); diff --git a/src/core/or/port_cfg_st.h b/src/core/or/port_cfg_st.h index f8ff6f8cc8..839309ebc6 100644 --- a/src/core/or/port_cfg_st.h +++ b/src/core/or/port_cfg_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/protover.c b/src/core/or/protover.c index d45246cb83..4cd6510da7 100644 --- a/src/core/or/protover.c +++ b/src/core/or/protover.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -28,8 +28,6 @@ #include "core/or/versions.h" #include "lib/tls/tortls.h" -#ifndef HAVE_RUST - static const smartlist_t *get_supported_protocol_list(void); static int protocol_list_contains(const smartlist_t *protos, protocol_type_t pr, uint32_t ver); @@ -387,6 +385,46 @@ protocol_list_supports_protocol_or_later(const char *list, /* * XXX START OF HAZARDOUS ZONE XXX */ +/* All protocol version that this relay version supports. */ +#define PR_CONS_V "1-2" +#define PR_DESC_V "1-2" +#define PR_DIRCACHE_V "2" +#define PR_FLOWCTRL_V "1-2" +#define PR_HSDIR_V "2" +#define PR_HSINTRO_V "4-5" +#define PR_HSREND_V "1-2" +#define PR_LINK_V "1-5" +#ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS +#define PR_LINKAUTH_V "1,3" +#else +#define PR_LINKAUTH_V "3" +#endif +#define PR_MICRODESC_V "1-2" +#define PR_PADDING_V "2" +#define PR_RELAY_V "1-4" + +/** Return the string containing the supported version for the given protocol + * type. */ +const char * +protover_get_supported(const protocol_type_t type) +{ + switch (type) { + case PRT_CONS: return PR_CONS_V; + case PRT_DESC: return PR_DESC_V; + case PRT_DIRCACHE: return PR_DIRCACHE_V; + case PRT_FLOWCTRL: return PR_FLOWCTRL_V; + case PRT_HSDIR: return PR_HSDIR_V; + case PRT_HSINTRO: return PR_HSINTRO_V; + case PRT_HSREND: return PR_HSREND_V; + case PRT_LINK: return PR_LINK_V; + case PRT_LINKAUTH: return PR_LINKAUTH_V; + case PRT_MICRODESC: return PR_MICRODESC_V; + case PRT_PADDING: return PR_PADDING_V; + case PRT_RELAY: return PR_RELAY_V; + default: + tor_assert_unreached(); + } +} /** Return the canonical string containing the list of protocols * that we support. @@ -433,22 +471,18 @@ protover_get_supported_protocols(void) */ return - "Cons=1-2 " - "Desc=1-2 " - "DirCache=2 " - "FlowCtrl=1 " - "HSDir=2 " - "HSIntro=4-5 " - "HSRend=1-2 " - "Link=1-5 " -#ifdef HAVE_WORKING_TOR_TLS_GET_TLSSECRETS - "LinkAuth=1,3 " -#else - "LinkAuth=3 " -#endif - "Microdesc=1-2 " - "Padding=2 " - "Relay=1-3"; + "Cons=" PR_CONS_V " " + "Desc=" PR_DESC_V " " + "DirCache=" PR_DIRCACHE_V " " + "FlowCtrl=" PR_FLOWCTRL_V " " + "HSDir=" PR_HSDIR_V " " + "HSIntro=" PR_HSINTRO_V " " + "HSRend=" PR_HSREND_V " " + "Link=" PR_LINK_V " " + "LinkAuth=" PR_LINKAUTH_V " " + "Microdesc=" PR_MICRODESC_V " " + "Padding=" PR_PADDING_V " " + "Relay=" PR_RELAY_V; } /* @@ -548,7 +582,7 @@ trailing_zeros(uint64_t x) x>>=1; } return i; -#endif +#endif /* defined(__GNUC__) */ } /** @@ -855,5 +889,3 @@ protover_free_all(void) supported_protocol_list = NULL; } } - -#endif /* !defined(HAVE_RUST) */ diff --git a/src/core/or/protover.h b/src/core/or/protover.h index e557278d63..8f15c02fb2 100644 --- a/src/core/or/protover.h +++ b/src/core/or/protover.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -35,6 +35,8 @@ struct smartlist_t; /** The protover version number where relays can consider IPv6 connections * canonical */ #define PROTOVER_RELAY_CANONICAL_IPV6 3 +/** The protover version number where relays can accept ntorv3 */ +#define PROTOVER_RELAY_NTOR_V3 4 /** The protover version number that signifies HSv3 intro point support */ #define PROTOVER_HS_INTRO_V3 4 @@ -51,6 +53,9 @@ struct smartlist_t; /** The protover that signals support for HS circuit setup padding machines */ #define PROTOVER_HS_SETUP_PADDING 2 +/** The protover that signals support for congestion control */ +#define PROTOVER_FLOWCTRL_CC 2 + /** List of recognized subprotocols. */ /// C_RUST_COUPLED: src/rust/protover/ffi.rs `translate_to_rust` /// C_RUST_COUPLED: src/rust/protover/protover.rs `Proto` @@ -70,6 +75,7 @@ typedef enum protocol_type_t { } protocol_type_t; bool protover_list_is_invalid(const char *s); +const char *protover_get_supported(const protocol_type_t type); int protover_all_supported(const char *s, char **missing); int protover_is_supported_here(protocol_type_t pr, uint32_t ver); const char *protover_get_supported_protocols(void); @@ -103,13 +109,13 @@ typedef struct proto_entry_t { uint64_t bitmask; } proto_entry_t; -#if !defined(HAVE_RUST) && defined(TOR_UNIT_TESTS) +#if defined(TOR_UNIT_TESTS) STATIC struct smartlist_t *parse_protocol_list(const char *s); STATIC char *encode_protocol_list(const struct smartlist_t *sl); STATIC const char *protocol_type_to_str(protocol_type_t pr); STATIC int str_to_protocol_type(const char *s, protocol_type_t *pr_out); STATIC void proto_entry_free_(proto_entry_t *entry); -#endif /* !defined(HAVE_RUST) && defined(TOR_UNIT_TESTS) */ +#endif /* defined(TOR_UNIT_TESTS) */ #define proto_entry_free(entry) \ FREE_AND_NULL(proto_entry_t, proto_entry_free_, (entry)) diff --git a/src/core/or/protover_rust.c b/src/core/or/protover_rust.c deleted file mode 100644 index 99f3aa7f69..0000000000 --- a/src/core/or/protover_rust.c +++ /dev/null @@ -1,34 +0,0 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/* - * \file protover_rust.c - * \brief Provide a C wrapper for functions exposed in /src/rust/protover, - * and safe translation/handling between the Rust/C boundary. - */ - -#include "core/or/or.h" -#include "core/or/protover.h" - -#ifdef HAVE_RUST - -/* Define for compatibility, used in main.c */ -void -protover_free_all(void) -{ -} - -int protover_contains_long_protocol_names_(const char *s); - -/** - * Return true if the unparsed protover in <b>s</b> would contain a protocol - * name longer than MAX_PROTOCOL_NAME_LENGTH, and false otherwise. - */ -bool -protover_list_is_invalid(const char *s) -{ - return protover_contains_long_protocol_names_(s) != 0; -} - -#endif /* defined(HAVE_RUST) */ - diff --git a/src/core/or/reasons.c b/src/core/or/reasons.c index 708f43a689..379f274b27 100644 --- a/src/core/or/reasons.c +++ b/src/core/or/reasons.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/reasons.h b/src/core/or/reasons.h index 2e534aab73..41327a3491 100644 --- a/src/core/or/reasons.h +++ b/src/core/or/reasons.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/relay.c b/src/core/or/relay.c index 66b906bfd5..39a7b783ab 100644 --- a/src/core/or/relay.c +++ b/src/core/or/relay.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -78,12 +78,12 @@ #include "core/or/reasons.h" #include "core/or/relay.h" #include "core/crypto/relay_crypto.h" -#include "feature/rend/rendcache.h" #include "feature/rend/rendcommon.h" #include "feature/nodelist/describe.h" #include "feature/nodelist/routerlist.h" #include "core/or/scheduler.h" #include "feature/hs/hs_metrics.h" +#include "feature/stats/rephist.h" #include "core/or/cell_st.h" #include "core/or/cell_queue_st.h" @@ -97,6 +97,8 @@ #include "feature/nodelist/routerinfo_st.h" #include "core/or/socks_request_st.h" #include "core/or/sendme.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_flow.h" static edge_connection_t *relay_lookup_conn(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, @@ -115,13 +117,6 @@ static void adjust_exit_policy_from_exitpolicy_failure(origin_circuit_t *circ, node_t *node, const tor_addr_t *addr); -/** Stop reading on edge connections when we have this many cells - * waiting on the appropriate queue. */ -#define CELL_QUEUE_HIGHWATER_SIZE 256 -/** Start reading from edge connections again when we get down to this many - * cells. */ -#define CELL_QUEUE_LOWWATER_SIZE 64 - /** Stats: how many relay cells have originated at this hop, or have * been relayed onward (not recognized at this hop)? */ @@ -133,6 +128,7 @@ uint64_t stats_n_relay_cells_delivered = 0; /** Stats: how many circuits have we closed due to the cell queue limit being * reached (see append_cell_to_circuit_queue()) */ uint64_t stats_n_circ_max_cell_reached = 0; +uint64_t stats_n_circ_max_cell_outq_reached = 0; /** * Update channel usage state based on the type of relay cell and @@ -338,8 +334,17 @@ circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, } return 0; } - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Didn't recognize cell, but circ stops here! Closing circ."); + if (BUG(CIRCUIT_IS_ORIGIN(circ))) { + /* Should be impossible at this point. */ + return -END_CIRC_REASON_TORPROTOCOL; + } + or_circuit_t *or_circ = TO_OR_CIRCUIT(circ); + if (++or_circ->n_cells_discarded_at_end == 1) { + time_t seconds_open = approx_time() - circ->timestamp_created.tv_sec; + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Didn't recognize a cell, but circ stops here! Closing circuit. " + "It was created %ld seconds ago.", (long)seconds_open); + } return -END_CIRC_REASON_TORPROTOCOL; } @@ -498,7 +503,7 @@ relay_header_unpack(relay_header_t *dest, const uint8_t *src) } /** Convert the relay <b>command</b> into a human-readable string. */ -static const char * +const char * relay_command_to_string(uint8_t command) { static char buf[64]; @@ -1574,6 +1579,7 @@ process_sendme_cell(const relay_header_t *rh, const cell_t *cell, } /* Stream level SENDME cell. */ + // TODO: Turn this off for cc_alg=1,2,3; use XON/XOFF instead ret = sendme_process_stream_level(conn, circ, rh->length); if (ret < 0) { /* Means we need to close the circuit with reason ret. */ @@ -1738,6 +1744,44 @@ handle_relay_cell_command(cell_t *cell, circuit_t *circ, } return 0; + case RELAY_COMMAND_XOFF: + if (!conn) { + if (CIRCUIT_IS_ORIGIN(circ)) { + origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); + if (relay_crypt_from_last_hop(ocirc, layer_hint) && + connection_half_edge_is_valid_data(ocirc->half_streams, + rh->stream_id)) { + circuit_read_valid_data(ocirc, rh->length); + } + } + return 0; + } + + if (circuit_process_stream_xoff(conn, layer_hint, cell)) { + if (CIRCUIT_IS_ORIGIN(circ)) { + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length); + } + } + return 0; + case RELAY_COMMAND_XON: + if (!conn) { + if (CIRCUIT_IS_ORIGIN(circ)) { + origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); + if (relay_crypt_from_last_hop(ocirc, layer_hint) && + connection_half_edge_is_valid_data(ocirc->half_streams, + rh->stream_id)) { + circuit_read_valid_data(ocirc, rh->length); + } + } + return 0; + } + + if (circuit_process_stream_xon(conn, layer_hint, cell)) { + if (CIRCUIT_IS_ORIGIN(circ)) { + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length); + } + } + return 0; case RELAY_COMMAND_END: reason = rh->length > 0 ? get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC; @@ -2091,6 +2135,7 @@ void circuit_reset_sendme_randomness(circuit_t *circ) { circ->have_sent_sufficiently_random_cell = 0; + // XXX: do we need to change this check for congestion control? circ->send_randomness_after_n_cells = CIRCWINDOW_INCREMENT / 2 + crypto_fast_rng_get_uint(get_thread_fast_rng(), CIRCWINDOW_INCREMENT / 2); } @@ -2284,7 +2329,7 @@ connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, } /* Handle the stream-level SENDME package window. */ - if (sendme_note_stream_data_packaged(conn) < 0) { + if (sendme_note_stream_data_packaged(conn, length) < 0) { connection_stop_reading(TO_CONN(conn)); log_debug(domain,"conn->package_window reached 0."); circuit_consider_stop_edge_reading(circ, cpath_layer); @@ -2350,15 +2395,16 @@ circuit_resume_edge_reading_helper(edge_connection_t *first_conn, /* How many cells do we have space for? It will be the minimum of * the number needed to exhaust the package window, and the minimum * needed to fill the cell queue. */ - max_to_package = circ->package_window; + + max_to_package = congestion_control_get_package_window(circ, layer_hint); if (CIRCUIT_IS_ORIGIN(circ)) { cells_on_queue = circ->n_chan_cells.n; } else { or_circuit_t *or_circ = TO_OR_CIRCUIT(circ); cells_on_queue = or_circ->p_chan_cells.n; } - if (CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue < max_to_package) - max_to_package = CELL_QUEUE_HIGHWATER_SIZE - cells_on_queue; + if (cell_queue_highwatermark() - cells_on_queue < max_to_package) + max_to_package = cell_queue_highwatermark() - cells_on_queue; /* Once we used to start listening on the streams in the order they * appeared in the linked list. That leads to starvation on the @@ -2398,7 +2444,8 @@ circuit_resume_edge_reading_helper(edge_connection_t *first_conn, /* Activate reading starting from the chosen stream */ for (conn=chosen_stream; conn; conn = conn->next_stream) { /* Start reading for the streams starting from here */ - if (conn->base_.marked_for_close || conn->package_window <= 0) + if (conn->base_.marked_for_close || conn->package_window <= 0 || + conn->xoff_received) continue; if (!layer_hint || conn->cpath_layer == layer_hint) { connection_start_reading(TO_CONN(conn)); @@ -2409,7 +2456,8 @@ circuit_resume_edge_reading_helper(edge_connection_t *first_conn, } /* Go back and do the ones we skipped, circular-style */ for (conn = first_conn; conn != chosen_stream; conn = conn->next_stream) { - if (conn->base_.marked_for_close || conn->package_window <= 0) + if (conn->base_.marked_for_close || conn->package_window <= 0 || + conn->xoff_received) continue; if (!layer_hint || conn->cpath_layer == layer_hint) { connection_start_reading(TO_CONN(conn)); @@ -2495,7 +2543,7 @@ circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint) or_circuit_t *or_circ = TO_OR_CIRCUIT(circ); log_debug(domain,"considering circ->package_window %d", circ->package_window); - if (circ->package_window <= 0) { + if (congestion_control_get_package_window(circ, layer_hint) <= 0) { log_debug(domain,"yes, not-at-origin. stopped."); for (conn = or_circ->n_streams; conn; conn=conn->next_stream) connection_stop_reading(TO_CONN(conn)); @@ -2506,7 +2554,7 @@ circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint) /* else, layer hint is defined, use it */ log_debug(domain,"considering layer_hint->package_window %d", layer_hint->package_window); - if (layer_hint->package_window <= 0) { + if (congestion_control_get_package_window(circ, layer_hint) <= 0) { log_debug(domain,"yes, at-origin. stopped."); for (conn = TO_ORIGIN_CIRCUIT(circ)->p_streams; conn; conn=conn->next_stream) { @@ -2722,18 +2770,25 @@ cell_queues_get_total_allocation(void) /** The time at which we were last low on memory. */ static time_t last_time_under_memory_pressure = 0; +/** Statistics on how many bytes were removed by the OOM per type. */ +uint64_t oom_stats_n_bytes_removed_dns = 0; +uint64_t oom_stats_n_bytes_removed_cell = 0; +uint64_t oom_stats_n_bytes_removed_geoip = 0; +uint64_t oom_stats_n_bytes_removed_hsdir = 0; + /** Check whether we've got too much space used for cells. If so, * call the OOM handler and return 1. Otherwise, return 0. */ STATIC int cell_queues_check_size(void) { + size_t removed = 0; time_t now = time(NULL); size_t alloc = cell_queues_get_total_allocation(); alloc += half_streams_get_total_allocation(); alloc += buf_get_total_allocation(); alloc += tor_compress_get_total_allocation(); - const size_t rend_cache_total = rend_cache_get_total_allocation(); - alloc += rend_cache_total; + const size_t hs_cache_total = hs_cache_get_total_allocation(); + alloc += hs_cache_total; const size_t geoip_client_cache_total = geoip_client_cache_total_allocation(); alloc += geoip_client_cache_total; @@ -2742,26 +2797,36 @@ cell_queues_check_size(void) if (alloc >= get_options()->MaxMemInQueues_low_threshold) { last_time_under_memory_pressure = approx_time(); if (alloc >= get_options()->MaxMemInQueues) { + /* Note this overload down */ + rep_hist_note_overload(OVERLOAD_GENERAL); + /* If we're spending over 20% of the memory limit on hidden service * descriptors, free them until we're down to 10%. Do the same for geoip * client cache. */ - if (rend_cache_total > get_options()->MaxMemInQueues / 5) { + if (hs_cache_total > get_options()->MaxMemInQueues / 5) { const size_t bytes_to_remove = - rend_cache_total - (size_t)(get_options()->MaxMemInQueues / 10); - alloc -= hs_cache_handle_oom(now, bytes_to_remove); + hs_cache_total - (size_t)(get_options()->MaxMemInQueues / 10); + removed = hs_cache_handle_oom(now, bytes_to_remove); + oom_stats_n_bytes_removed_hsdir += removed; + alloc -= removed; } if (geoip_client_cache_total > get_options()->MaxMemInQueues / 5) { const size_t bytes_to_remove = geoip_client_cache_total - (size_t)(get_options()->MaxMemInQueues / 10); - alloc -= geoip_client_cache_handle_oom(now, bytes_to_remove); + removed = geoip_client_cache_handle_oom(now, bytes_to_remove); + oom_stats_n_bytes_removed_geoip += removed; + alloc -= removed; } if (dns_cache_total > get_options()->MaxMemInQueues / 5) { const size_t bytes_to_remove = dns_cache_total - (size_t)(get_options()->MaxMemInQueues / 10); - alloc -= dns_cache_handle_oom(now, bytes_to_remove); + removed = dns_cache_handle_oom(now, bytes_to_remove); + oom_stats_n_bytes_removed_dns += removed; + alloc -= removed; } - circuits_handle_oom(alloc); + removed = circuits_handle_oom(alloc); + oom_stats_n_bytes_removed_cell += removed; return 1; } } @@ -3059,7 +3124,7 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max)) /* Is the cell queue low enough to unblock all the streams that are waiting * to write to this circuit? */ - if (streams_blocked && queue->n <= CELL_QUEUE_LOWWATER_SIZE) + if (streams_blocked && queue->n <= cell_queue_lowwatermark()) set_streams_blocked_on_circ(circ, chan, 0, 0); /* unblock streams */ /* If n_flushed < max still, loop around and pick another circuit */ @@ -3071,6 +3136,9 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max)) /* Minimum value is the maximum circuit window size. * + * This value is set to a lower bound we believe is reasonable with congestion + * control and basic network tunning parameters. + * * SENDME cells makes it that we can control how many cells can be inflight on * a circuit from end to end. This logic makes it that on any circuit cell * queue, we have a maximum of cells possible. @@ -3093,12 +3161,12 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max)) * DoS memory pressure so the default size is a middle ground between not * having any limit and having a very restricted one. This is why we can also * control it through a consensus parameter. */ -#define RELAY_CIRC_CELL_QUEUE_SIZE_MIN CIRCWINDOW_START_MAX +#define RELAY_CIRC_CELL_QUEUE_SIZE_MIN 50 /* We can't have a consensus parameter above this value. */ #define RELAY_CIRC_CELL_QUEUE_SIZE_MAX INT32_MAX /* Default value is set to a large value so we can handle padding cells - * properly which aren't accounted for in the SENDME window. Default is 50000 - * allowed cells in the queue resulting in ~25MB. */ + * properly which aren't accounted for in the SENDME window. Default is 2500 + * allowed cells in the queue resulting in ~1MB. */ #define RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT \ (50 * RELAY_CIRC_CELL_QUEUE_SIZE_MIN) @@ -3106,6 +3174,33 @@ channel_flush_from_first_active_circuit, (channel_t *chan, int max)) * every new consensus and controlled by a parameter. */ static int32_t max_circuit_cell_queue_size = RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT; +/** Maximum number of cell on an outbound circuit queue. This is updated at + * every new consensus and controlled by a parameter. This default is incorrect + * and won't be used at all except in unit tests. */ +static int32_t max_circuit_cell_queue_size_out = + RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT; + +/** Return consensus parameter "circ_max_cell_queue_size". The given ns can be + * NULL. */ +static uint32_t +get_param_max_circuit_cell_queue_size(const networkstatus_t *ns) +{ + return networkstatus_get_param(ns, "circ_max_cell_queue_size", + RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT, + RELAY_CIRC_CELL_QUEUE_SIZE_MIN, + RELAY_CIRC_CELL_QUEUE_SIZE_MAX); +} + +/** Return consensus parameter "circ_max_cell_queue_size_out". The given ns can + * be NULL. */ +static uint32_t +get_param_max_circuit_cell_queue_size_out(const networkstatus_t *ns) +{ + return networkstatus_get_param(ns, "circ_max_cell_queue_size_out", + get_param_max_circuit_cell_queue_size(ns), + RELAY_CIRC_CELL_QUEUE_SIZE_MIN, + RELAY_CIRC_CELL_QUEUE_SIZE_MAX); +} /* Called when the consensus has changed. At this stage, the global consensus * object has NOT been updated. It is called from @@ -3117,10 +3212,9 @@ relay_consensus_has_changed(const networkstatus_t *ns) /* Update the circuit max cell queue size from the consensus. */ max_circuit_cell_queue_size = - networkstatus_get_param(ns, "circ_max_cell_queue_size", - RELAY_CIRC_CELL_QUEUE_SIZE_DEFAULT, - RELAY_CIRC_CELL_QUEUE_SIZE_MIN, - RELAY_CIRC_CELL_QUEUE_SIZE_MAX); + get_param_max_circuit_cell_queue_size(ns); + max_circuit_cell_queue_size_out = + get_param_max_circuit_cell_queue_size_out(ns); } /** Add <b>cell</b> to the queue of <b>circ</b> writing to <b>chan</b> @@ -3137,6 +3231,7 @@ append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, { or_circuit_t *orcirc = NULL; cell_queue_t *queue; + int32_t max_queue_size; int streams_blocked; int exitward; if (circ->marked_for_close) @@ -3146,13 +3241,22 @@ append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, if (exitward) { queue = &circ->n_chan_cells; streams_blocked = circ->streams_blocked_on_n_chan; + max_queue_size = max_circuit_cell_queue_size_out; } else { orcirc = TO_OR_CIRCUIT(circ); queue = &orcirc->p_chan_cells; streams_blocked = circ->streams_blocked_on_p_chan; + max_queue_size = max_circuit_cell_queue_size; } - if (PREDICT_UNLIKELY(queue->n >= max_circuit_cell_queue_size)) { + if (PREDICT_UNLIKELY(queue->n >= max_queue_size)) { + /* This DoS defense only applies at the Guard as in the p_chan is likely + * a client IP attacking the network. */ + if (exitward && CIRCUIT_IS_ORCIRC(circ)) { + stats_n_circ_max_cell_outq_reached++; + dos_note_circ_max_outq(CONST_TO_OR_CIRCUIT(circ)->p_chan); + } + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "%s circuit has %d cells in its queue, maximum allowed is %d. " "Closing circuit for safety reasons.", @@ -3177,7 +3281,7 @@ append_cell_to_circuit_queue(circuit_t *circ, channel_t *chan, /* If we have too many cells on the circuit, we should stop reading from * the edge streams for a while. */ - if (!streams_blocked && queue->n >= CELL_QUEUE_HIGHWATER_SIZE) + if (!streams_blocked && queue->n >= cell_queue_highwatermark()) set_streams_blocked_on_circ(circ, chan, 1, 0); /* block streams */ if (streams_blocked && fromstream) { diff --git a/src/core/or/relay.h b/src/core/or/relay.h index 31bed0e01b..3a1f3b0ae5 100644 --- a/src/core/or/relay.h +++ b/src/core/or/relay.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -15,8 +15,13 @@ extern uint64_t stats_n_relay_cells_relayed; extern uint64_t stats_n_relay_cells_delivered; extern uint64_t stats_n_circ_max_cell_reached; +extern uint64_t stats_n_circ_max_cell_outq_reached; + +const char *relay_command_to_string(uint8_t command); void relay_consensus_has_changed(const networkstatus_t *ns); +uint32_t relay_get_param_max_circuit_cell_queue_size( + const networkstatus_t *ns); int circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, cell_direction_t cell_direction); size_t cell_queues_get_total_allocation(void); @@ -49,6 +54,11 @@ extern uint64_t stats_n_data_bytes_packaged; extern uint64_t stats_n_data_cells_received; extern uint64_t stats_n_data_bytes_received; +extern uint64_t oom_stats_n_bytes_removed_dns; +extern uint64_t oom_stats_n_bytes_removed_cell; +extern uint64_t oom_stats_n_bytes_removed_geoip; +extern uint64_t oom_stats_n_bytes_removed_hsdir; + void dump_cell_pool_usage(int severity); size_t packed_cell_mem_cost(void); diff --git a/src/core/or/relay_crypto_st.h b/src/core/or/relay_crypto_st.h index d92f486a90..32ff86235a 100644 --- a/src/core/or/relay_crypto_st.h +++ b/src/core/or/relay_crypto_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/scheduler.c b/src/core/or/scheduler.c index 18f11487d9..e1096eee14 100644 --- a/src/core/or/scheduler.c +++ b/src/core/or/scheduler.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/core/or/scheduler.h b/src/core/or/scheduler.h index 82df2b0b0f..7d3c6f7390 100644 --- a/src/core/or/scheduler.h +++ b/src/core/or/scheduler.h @@ -1,4 +1,4 @@ -/* * Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* * Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/scheduler_kist.c b/src/core/or/scheduler_kist.c index 8c6a7bd1d1..52bc62f1b4 100644 --- a/src/core/or/scheduler_kist.c +++ b/src/core/or/scheduler_kist.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -465,9 +465,17 @@ MOCK_IMPL(int, channel_should_write_to_kernel, MOCK_IMPL(void, channel_write_to_kernel, (channel_t *chan)) { tor_assert(chan); + + /* This is possible because a channel might have an outbuf table entry even + * though it has no more cells in its outbuf. Just move on. */ + size_t outbuf_len = channel_outbuf_length(chan); + if (outbuf_len == 0) { + return; + } + log_debug(LD_SCHED, "Writing %lu bytes to kernel for chan %" PRIu64, - (unsigned long)channel_outbuf_length(chan), - chan->global_identifier); + (unsigned long) outbuf_len, chan->global_identifier); + /* Note that 'connection_handle_write()' may change the scheduler state of * the channel during the scheduling loop with * 'connection_or_flushed_some()' -> 'scheduler_channel_wants_writes()'. diff --git a/src/core/or/scheduler_vanilla.c b/src/core/or/scheduler_vanilla.c index d862ff8710..345cae4c38 100644 --- a/src/core/or/scheduler_vanilla.c +++ b/src/core/or/scheduler_vanilla.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/sendme.c b/src/core/or/sendme.c index 9cad245b29..90f4dfcf05 100644 --- a/src/core/or/sendme.c +++ b/src/core/or/sendme.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -21,6 +21,8 @@ #include "core/or/or_circuit_st.h" #include "core/or/relay.h" #include "core/or/sendme.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_flow.h" #include "feature/nodelist/networkstatus.h" #include "lib/ctime/di_ops.h" #include "trunnel/sendme_cell.h" @@ -64,13 +66,6 @@ pop_first_cell_digest(const circuit_t *circ) return NULL; } - /* More cell digest than the SENDME window is never suppose to happen. The - * cell should have been rejected before reaching this point due to its - * package_window down to 0 leading to a circuit close. Scream loudly but - * still pop the element so we don't memory leak. */ - tor_assert_nonfatal(smartlist_len(circ->sendme_last_digests) <= - CIRCWINDOW_START_MAX / CIRCWINDOW_INCREMENT); - circ_digest = smartlist_get(circ->sendme_last_digests, 0); smartlist_del_keeporder(circ->sendme_last_digests, 0); return circ_digest; @@ -334,17 +329,18 @@ record_cell_digest_on_circ(circuit_t *circ, const uint8_t *sendme_digest) /** Return true iff the next cell for the given cell window is expected to be * a SENDME. * - * We are able to know that because the package or deliver window value minus - * one cell (the possible SENDME cell) should be a multiple of the increment - * window value. */ -static bool -circuit_sendme_cell_is_next(int window) + * We are able to know that because the package or inflight window value minus + * one cell (the possible SENDME cell) should be a multiple of the + * cells-per-sendme increment value (set via consensus parameter, negotiated + * for the circuit, and passed in as sendme_inc). + * + * This function is used when recording a cell digest and this is done quite + * low in the stack when decrypting or encrypting a cell. The window is only + * updated once the cell is actually put in the outbuf. + */ +STATIC bool +circuit_sendme_cell_is_next(int deliver_window, int sendme_inc) { - /* At the start of the window, no SENDME will be expected. */ - if (window == CIRCWINDOW_START) { - return false; - } - /* Are we at the limit of the increment and if not, we don't expect next * cell is a SENDME. * @@ -353,10 +349,12 @@ circuit_sendme_cell_is_next(int window) * decremented just yet so when this is called, we are currently processing * the "window - 1" cell. * - * This function is used when recording a cell digest and this is done quite - * low in the stack when decrypting or encrypting a cell. The window is only - * updated once the cell is actually put in the outbuf. */ - if (((window - 1) % CIRCWINDOW_INCREMENT) != 0) { + * Because deliver_window starts at CIRCWINDOW_START and counts down, + * to get the actual number of received cells for this check, we must + * first convert to receieved cells, or the modulus operator will fail. + */ + tor_assert(deliver_window <= CIRCWINDOW_START); + if (((CIRCWINDOW_START - (deliver_window - 1)) % sendme_inc) != 0) { return false; } @@ -378,6 +376,10 @@ sendme_connection_edge_consider_sending(edge_connection_t *conn) int log_domain = TO_CONN(conn)->type == CONN_TYPE_AP ? LD_APP : LD_EXIT; + /* If we use flow control, we do not send stream sendmes */ + if (edge_uses_flow_control(conn)) + goto end; + /* Don't send it if we still have data to deliver. */ if (connection_outbuf_too_full(TO_CONN(conn))) { goto end; @@ -419,15 +421,16 @@ sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint) { bool sent_one_sendme = false; const uint8_t *digest; + int sendme_inc = sendme_get_inc_count(circ, layer_hint); while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <= - CIRCWINDOW_START - CIRCWINDOW_INCREMENT) { + CIRCWINDOW_START - sendme_inc) { log_debug(LD_CIRC,"Queuing circuit sendme."); if (layer_hint) { - layer_hint->deliver_window += CIRCWINDOW_INCREMENT; + layer_hint->deliver_window += sendme_inc; digest = cpath_get_sendme_digest(layer_hint); } else { - circ->deliver_window += CIRCWINDOW_INCREMENT; + circ->deliver_window += sendme_inc; digest = relay_crypto_get_sendme_digest(&TO_OR_CIRCUIT(circ)->crypto); } if (send_circuit_level_sendme(circ, layer_hint, digest) < 0) { @@ -448,6 +451,9 @@ sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint) * the length of the SENDME cell payload (excluding the header). The * cell_payload is the payload. * + * This function validates the SENDME's digest, and then dispatches to + * the appropriate congestion control algorithm in use on the circuit. + * * Return 0 on success (the SENDME is valid and the package window has * been updated properly). * @@ -460,6 +466,7 @@ sendme_process_circuit_level(crypt_path_t *layer_hint, { tor_assert(circ); tor_assert(cell_payload); + congestion_control_t *cc; /* Validate the SENDME cell. Depending on the version, different validation * can be done. An invalid SENDME requires us to close the circuit. */ @@ -467,6 +474,36 @@ sendme_process_circuit_level(crypt_path_t *layer_hint, return -END_CIRC_REASON_TORPROTOCOL; } + /* origin circuits need to count valid sendmes as valid protocol data */ + if (CIRCUIT_IS_ORIGIN(circ)) { + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), cell_payload_len); + } + + // Get CC + if (layer_hint) { + cc = layer_hint->ccontrol; + } else { + cc = circ->ccontrol; + } + + /* If there is no CC object, assume fixed alg */ + if (!cc) { + return sendme_process_circuit_level_impl(layer_hint, circ); + } + + return congestion_control_dispatch_cc_alg(cc, circ, layer_hint); +} + +/** + * Process a SENDME for Tor's original fixed window circuit-level flow control. + * Updates the package_window and ensures that it does not exceed the max. + * + * Returns -END_CIRC_REASON_TORPROTOCOL if the max is exceeded, otherwise + * returns 0. + */ +int +sendme_process_circuit_level_impl(crypt_path_t *layer_hint, circuit_t *circ) +{ /* If we are the origin of the circuit, we are the Client so we use the * layer hint (the Exit hop) for the package window tracking. */ if (CIRCUIT_IS_ORIGIN(circ)) { @@ -486,10 +523,6 @@ sendme_process_circuit_level(crypt_path_t *layer_hint, layer_hint->package_window += CIRCWINDOW_INCREMENT; log_debug(LD_APP, "circ-level sendme at origin, packagewindow %d.", layer_hint->package_window); - - /* We count circuit-level sendme's as valid delivered data because they - * are rate limited. */ - circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), cell_payload_len); } else { /* We aren't the origin of this circuit so we are the Exit and thus we * track the package window with the circuit object. */ @@ -525,6 +558,12 @@ sendme_process_stream_level(edge_connection_t *conn, circuit_t *circ, tor_assert(conn); tor_assert(circ); + if (edge_uses_flow_control(conn)) { + log_fn(LOG_PROTOCOL_WARN, LD_EDGE, + "Congestion control got stream sendme"); + return -END_CIRC_REASON_TORPROTOCOL; + } + /* Don't allow the other endpoint to request more than our maximum (i.e. * initial) stream SENDME window worth of data. Well-behaved stock clients * will not request more than this max (as per the check in the while loop @@ -582,7 +621,12 @@ int sendme_stream_data_received(edge_connection_t *conn) { tor_assert(conn); - return --conn->deliver_window; + + if (edge_uses_flow_control(conn)) { + return flow_control_decide_xoff(conn); + } else { + return --conn->deliver_window; + } } /* Called when a relay DATA cell is packaged on the given circuit. If @@ -592,34 +636,56 @@ int sendme_note_circuit_data_packaged(circuit_t *circ, crypt_path_t *layer_hint) { int package_window, domain; + congestion_control_t *cc; tor_assert(circ); - if (CIRCUIT_IS_ORIGIN(circ)) { - /* Client side. */ - tor_assert(layer_hint); - --layer_hint->package_window; - package_window = layer_hint->package_window; + if (layer_hint) { + cc = layer_hint->ccontrol; domain = LD_APP; } else { - /* Exit side. */ - tor_assert(!layer_hint); - --circ->package_window; - package_window = circ->package_window; + cc = circ->ccontrol; domain = LD_EXIT; } - log_debug(domain, "Circuit package_window now %d.", package_window); - return package_window; + if (cc) { + congestion_control_note_cell_sent(cc, circ, layer_hint); + } else { + /* Fixed alg uses package_window and must update it */ + + if (CIRCUIT_IS_ORIGIN(circ)) { + /* Client side. */ + tor_assert(layer_hint); + --layer_hint->package_window; + package_window = layer_hint->package_window; + } else { + /* Exit side. */ + tor_assert(!layer_hint); + --circ->package_window; + package_window = circ->package_window; + } + log_debug(domain, "Circuit package_window now %d.", package_window); + } + + /* Return appropriate number designating how many cells can still be sent */ + return congestion_control_get_package_window(circ, layer_hint); } /* Called when a relay DATA cell is packaged for the given edge connection * conn. Update the package window and return its new value. */ int -sendme_note_stream_data_packaged(edge_connection_t *conn) +sendme_note_stream_data_packaged(edge_connection_t *conn, size_t len) { tor_assert(conn); + if (edge_uses_flow_control(conn)) { + flow_control_note_sent_data(conn, len); + if (conn->xoff_received) + return -1; + else + return 1; + } + --conn->package_window; log_debug(LD_APP, "Stream package_window now %d.", conn->package_window); return conn->package_window; @@ -631,20 +697,14 @@ sendme_note_stream_data_packaged(edge_connection_t *conn) void sendme_record_cell_digest_on_circ(circuit_t *circ, crypt_path_t *cpath) { - int package_window; uint8_t *sendme_digest; tor_assert(circ); - package_window = circ->package_window; - if (cpath) { - package_window = cpath->package_window; - } - /* Is this the last cell before a SENDME? The idea is that if the * package_window reaches a multiple of the increment, after this cell, we * should expect a SENDME. */ - if (!circuit_sendme_cell_is_next(package_window)) { + if (!circuit_sent_cell_for_sendme(circ, cpath)) { return; } @@ -670,7 +730,8 @@ sendme_record_received_cell_digest(circuit_t *circ, crypt_path_t *cpath) /* Only record if the next cell is expected to be a SENDME. */ if (!circuit_sendme_cell_is_next(cpath ? cpath->deliver_window : - circ->deliver_window)) { + circ->deliver_window, + sendme_get_inc_count(circ, cpath))) { return; } @@ -692,8 +753,7 @@ sendme_record_sending_cell_digest(circuit_t *circ, crypt_path_t *cpath) tor_assert(circ); /* Only record if the next cell is expected to be a SENDME. */ - if (!circuit_sendme_cell_is_next(cpath ? cpath->package_window : - circ->package_window)) { + if (!circuit_sent_cell_for_sendme(circ, cpath)) { goto end; } diff --git a/src/core/or/sendme.h b/src/core/or/sendme.h index 05d37ec3bb..bc1daef23d 100644 --- a/src/core/or/sendme.h +++ b/src/core/or/sendme.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -22,6 +22,7 @@ void sendme_circuit_consider_sending(circuit_t *circ, int sendme_process_circuit_level(crypt_path_t *layer_hint, circuit_t *circ, const uint8_t *cell_payload, uint16_t cell_payload_len); +int sendme_process_circuit_level_impl(crypt_path_t *, circuit_t *); int sendme_process_stream_level(edge_connection_t *conn, circuit_t *circ, uint16_t cell_body_len); @@ -32,7 +33,7 @@ int sendme_circuit_data_received(circuit_t *circ, crypt_path_t *layer_hint); /* Update package window functions. */ int sendme_note_circuit_data_packaged(circuit_t *circ, crypt_path_t *layer_hint); -int sendme_note_stream_data_packaged(edge_connection_t *conn); +int sendme_note_stream_data_packaged(edge_connection_t *conn, size_t len); /* Record cell digest on circuit. */ void sendme_record_cell_digest_on_circ(circuit_t *circ, crypt_path_t *cpath); @@ -72,6 +73,8 @@ STATIC ssize_t build_cell_payload_v1(const uint8_t *cell_digest, STATIC bool sendme_is_valid(const circuit_t *circ, const uint8_t *cell_payload, size_t cell_payload_len); +STATIC bool circuit_sendme_cell_is_next(int deliver_window, + int sendme_inc); #endif /* defined(TOR_UNIT_TESTS) */ diff --git a/src/core/or/server_port_cfg_st.h b/src/core/or/server_port_cfg_st.h index 69cdb29cbc..64c96679e8 100644 --- a/src/core/or/server_port_cfg_st.h +++ b/src/core/or/server_port_cfg_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/socks_request_st.h b/src/core/or/socks_request_st.h index 4bcdb48b92..98e5283474 100644 --- a/src/core/or/socks_request_st.h +++ b/src/core/or/socks_request_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/status.c b/src/core/or/status.c index 00a88a3178..11912ffc25 100644 --- a/src/core/or/status.c +++ b/src/core/or/status.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -30,6 +30,7 @@ #include "app/config/statefile.h" #include "feature/hs/hs_stats.h" #include "feature/hs/hs_service.h" +#include "core/or/connection_st.h" #include "core/or/dos.h" #include "feature/stats/geoip_stats.h" @@ -105,10 +106,9 @@ log_onion_service_stats(void) } log_notice(LD_HEARTBEAT, - "Our onion service%s received %u v2 and %u v3 INTRODUCE2 cells " + "Heartbeat: Our onion service%s received %u v3 INTRODUCE2 cells " "and attempted to launch %d rendezvous circuits.", num_services == 1 ? "" : "s", - hs_stats_get_n_introduce2_v2_cells(), hs_stats_get_n_introduce2_v3_cells(), hs_stats_get_n_rendezvous_launches()); } @@ -131,21 +131,49 @@ static unsigned n_outgoing_ipv6; * heartbeat message. **/ void -note_connection(bool inbound, int family) +note_connection(bool inbound, const connection_t *conn) { - if (family == AF_INET) { + if (conn->socket_family == AF_INET) { if (inbound) { ++n_incoming_ipv4; } else { ++n_outgoing_ipv4; } - } else if (family == AF_INET6) { + } else if (conn->socket_family == AF_INET6) { if (inbound) { ++n_incoming_ipv6; } else { ++n_outgoing_ipv6; } } + + rep_hist_note_conn_opened(inbound, conn->type, conn->socket_family); +} + +/** + * @name Counters for unrecognized cells + * + * Track cells that we drop because they are unrecognized and we have + * nobody to send them to. + **/ +/**@{*/ +static unsigned n_circs_closed_for_unrecognized_cells; +static uint64_t n_unrecognized_cells_discarded; +static uint64_t n_secs_on_circs_with_unrecognized_cells; +/**@}*/ + +/** + * Note that a circuit has closed @a n_seconds after having been created, + * because of one or more unrecognized cells. Also note the number of + * unrecognized cells @a n_cells. + */ +void +note_circ_closed_for_unrecognized_cells(time_t n_seconds, uint32_t n_cells) +{ + ++n_circs_closed_for_unrecognized_cells; + n_unrecognized_cells_discarded += n_cells; + if (n_seconds >= 0) + n_secs_on_circs_with_unrecognized_cells += (uint64_t) n_seconds; } /** Log a "heartbeat" message describing Tor's status and history so that the @@ -241,6 +269,23 @@ log_heartbeat(time_t now) (main_loop_idle_count)); } + if (n_circs_closed_for_unrecognized_cells) { + double avg_time_alive = ((double) n_secs_on_circs_with_unrecognized_cells) + / n_circs_closed_for_unrecognized_cells; + double avg_cells = ((double) n_unrecognized_cells_discarded) + / n_circs_closed_for_unrecognized_cells; + log_fn(LOG_NOTICE, LD_HEARTBEAT, + "Since our last heartbeat, %u circuits were closed because of " + "unrecognized cells while we were the last hop. On average, each " + "one was alive for %lf seconds, and had %lf unrecognized cells.", + n_circs_closed_for_unrecognized_cells, + avg_time_alive, + avg_cells); + n_circs_closed_for_unrecognized_cells = 0; + n_unrecognized_cells_discarded = 0; + n_secs_on_circs_with_unrecognized_cells = 0; + } + /** Now, if we are an HS service, log some stats about our usage */ log_onion_service_stats(); diff --git a/src/core/or/status.h b/src/core/or/status.h index 271e0dbc9a..55492d24da 100644 --- a/src/core/or/status.h +++ b/src/core/or/status.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -11,7 +11,10 @@ #include "lib/testsupport/testsupport.h" -void note_connection(bool inbound, int family); +void note_connection(bool inbound, const connection_t *conn); +void note_circ_closed_for_unrecognized_cells(time_t n_seconds, + uint32_t n_cells); + int log_heartbeat(time_t now); #ifdef STATUS_PRIVATE diff --git a/src/core/or/tor_version_st.h b/src/core/or/tor_version_st.h index 46644c5eb8..0c8dc11b14 100644 --- a/src/core/or/tor_version_st.h +++ b/src/core/or/tor_version_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/trace_probes_cc.c b/src/core/or/trace_probes_cc.c new file mode 100644 index 0000000000..b0ca23e208 --- /dev/null +++ b/src/core/or/trace_probes_cc.c @@ -0,0 +1,34 @@ +/* Copyright (c) 2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file trace_probes_cc.c + * \brief Tracepoint provider source file for the cc subsystem. Probes + * are generated within this C file for LTTng-UST + **/ + +#include "orconfig.h" + +/* + * Following section is specific to LTTng-UST. + */ +#ifdef USE_TRACING_INSTRUMENTATION_LTTNG + +/* Header files that the probes need. */ +#include "core/or/or.h" +#include "core/or/channel.h" +#include "core/or/circuit_st.h" +#include "core/or/circuitlist.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_st.h" +#include "core/or/connection_st.h" +#include "core/or/edge_connection_st.h" +#include "core/or/or_circuit_st.h" +#include "core/or/origin_circuit_st.h" + +#define TRACEPOINT_DEFINE +#define TRACEPOINT_CREATE_PROBES + +#include "core/or/trace_probes_cc.h" + +#endif /* defined(USE_TRACING_INSTRUMENTATION_LTTNG) */ diff --git a/src/core/or/trace_probes_cc.h b/src/core/or/trace_probes_cc.h new file mode 100644 index 0000000000..1f87528723 --- /dev/null +++ b/src/core/or/trace_probes_cc.h @@ -0,0 +1,22 @@ +/* Copyright (c) 2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file trace_probes_cc.c + * \brief The tracing probes for the congestion control subsystem. + * Currently, only LTTng-UST probes are available. + **/ + +#ifndef TOR_TRACE_PROBES_CC_H +#define TOR_TRACE_PROBES_CC_H + +#include "lib/trace/events.h" + +/* We only build the following if LTTng instrumentation has been enabled. */ +#ifdef USE_TRACING_INSTRUMENTATION_LTTNG + +#include "core/or/lttng_cc.inc" + +#endif /* USE_TRACING_INSTRUMENTATION_LTTNG */ + +#endif /* !defined(TOR_TRACE_PROBES_CC_H) */ diff --git a/src/core/or/trace_probes_circuit.c b/src/core/or/trace_probes_circuit.c index b186ffda7f..4ee5a97dff 100644 --- a/src/core/or/trace_probes_circuit.c +++ b/src/core/or/trace_probes_circuit.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -25,6 +25,6 @@ #define TRACEPOINT_DEFINE #define TRACEPOINT_CREATE_PROBES -#include "trace_probes_circuit.h" +#include "core/or/trace_probes_circuit.h" -#endif /* USE_TRACING_INSTRUMENTATION_LTTNG */ +#endif /* defined(USE_TRACING_INSTRUMENTATION_LTTNG) */ diff --git a/src/core/or/trace_probes_circuit.h b/src/core/or/trace_probes_circuit.h index 59f53c324a..4ddc46365f 100644 --- a/src/core/or/trace_probes_circuit.h +++ b/src/core/or/trace_probes_circuit.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -19,4 +19,4 @@ #endif /* USE_TRACING_INSTRUMENTATION_LTTNG */ -#endif /* TOR_TRACE_PROBES_CIRCUIT_H */ +#endif /* !defined(TOR_TRACE_PROBES_CIRCUIT_H) */ diff --git a/src/core/or/var_cell_st.h b/src/core/or/var_cell_st.h index caf64c63a5..7a5bc9581b 100644 --- a/src/core/or/var_cell_st.h +++ b/src/core/or/var_cell_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/or/versions.c b/src/core/or/versions.c index 5dfe0c2cc9..9913b3ee31 100644 --- a/src/core/or/versions.c +++ b/src/core/or/versions.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -482,6 +482,12 @@ memoize_protover_summary(protover_summary_flags_t *out, protocol_list_supports_protocol(protocols, PRT_PADDING, PROTOVER_HS_SETUP_PADDING); + out->supports_congestion_control = + protocol_list_supports_protocol(protocols, PRT_FLOWCTRL, + PROTOVER_FLOWCTRL_CC) && + protocol_list_supports_protocol(protocols, PRT_RELAY, + PROTOVER_RELAY_NTOR_V3); + protover_summary_flags_t *new_cached = tor_memdup(out, sizeof(*out)); cached = strmap_set(protover_summary_map, protocols, new_cached); tor_assert(!cached); diff --git a/src/core/or/versions.h b/src/core/or/versions.h index 75dc17f9c7..4c4c22cb41 100644 --- a/src/core/or/versions.h +++ b/src/core/or/versions.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_cell.c b/src/core/proto/proto_cell.c index 5c1a2c24d7..2bee0a820f 100644 --- a/src/core/proto/proto_cell.c +++ b/src/core/proto/proto_cell.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_cell.h b/src/core/proto/proto_cell.h index 0e9cfbfed3..bf2b8ec3c6 100644 --- a/src/core/proto/proto_cell.h +++ b/src/core/proto/proto_cell.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_control0.c b/src/core/proto/proto_control0.c index 323b37c539..ee26df01a4 100644 --- a/src/core/proto/proto_control0.c +++ b/src/core/proto/proto_control0.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_control0.h b/src/core/proto/proto_control0.h index 561bf00d19..c2a42c34c7 100644 --- a/src/core/proto/proto_control0.h +++ b/src/core/proto/proto_control0.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_ext_or.c b/src/core/proto/proto_ext_or.c index 23fc2393b7..d2789f809f 100644 --- a/src/core/proto/proto_ext_or.c +++ b/src/core/proto/proto_ext_or.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_ext_or.h b/src/core/proto/proto_ext_or.h index 3408599fb7..68f2d46993 100644 --- a/src/core/proto/proto_ext_or.h +++ b/src/core/proto/proto_ext_or.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_haproxy.c b/src/core/proto/proto_haproxy.c index 9129fc55bf..b082ef99e0 100644 --- a/src/core/proto/proto_haproxy.c +++ b/src/core/proto/proto_haproxy.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define PROTO_HAPROXY_PRIVATE diff --git a/src/core/proto/proto_haproxy.h b/src/core/proto/proto_haproxy.h index 63c164e1a1..b1b7b06566 100644 --- a/src/core/proto/proto_haproxy.h +++ b/src/core/proto/proto_haproxy.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_PROTO_HAPROXY_H diff --git a/src/core/proto/proto_http.c b/src/core/proto/proto_http.c index ef4b897fcc..8997eb6942 100644 --- a/src/core/proto/proto_http.c +++ b/src/core/proto/proto_http.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_http.h b/src/core/proto/proto_http.h index e0c5135346..e77347999b 100644 --- a/src/core/proto/proto_http.h +++ b/src/core/proto/proto_http.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index 97863d389e..07177c418a 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/core/proto/proto_socks.h b/src/core/proto/proto_socks.h index f3af0d988e..814af0c67b 100644 --- a/src/core/proto/proto_socks.h +++ b/src/core/proto/proto_socks.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/ext/ed25519/donna/test-ticks.h b/src/ext/ed25519/donna/test-ticks.h index 0103e03dde..16cec9ba92 100644 --- a/src/ext/ed25519/donna/test-ticks.h +++ b/src/ext/ed25519/donna/test-ticks.h @@ -13,7 +13,7 @@ get_ticks(void) { __asm__ __volatile__("rdtsc" : "=a" (lo), "=d" (hi)); return ((uint64_t)lo | ((uint64_t)hi << 32)); #else - need rdtsc for this compiler + #error need rdtsc for this compiler #endif #elif defined(OS_SOLARIS) return (uint64_t)gethrtime(); @@ -35,7 +35,7 @@ get_ticks(void) { t = ((uint64_t)t2.tv_usec << 32) | (uint64_t)t2.tv_sec; return t; #else - need ticks for this platform + #error need ticks for this platform #endif } diff --git a/src/ext/rust b/src/ext/rust deleted file mode 160000 -Subproject aa37fb84fb829902e83ca11a7244bbc6b86b809 diff --git a/src/feature/api/tor_api.c b/src/feature/api/tor_api.c index 531793301e..88e91ebfd5 100644 --- a/src/feature/api/tor_api.c +++ b/src/feature/api/tor_api.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -18,9 +18,9 @@ // Include this after the above headers, to insure that they don't // depend on anything else. #include "orconfig.h" +#include "lib/cc/compat_compiler.h" #include "lib/cc/torint.h" #include "feature/api/tor_api_internal.h" -#include "lib/cc/compat_compiler.h" #include <stdio.h> #include <stdlib.h> @@ -39,7 +39,9 @@ #include "lib/net/socketpair.h" #define raw_socketpair tor_ersatz_socketpair #define raw_closesocket closesocket +#if !defined(HAVE_SNPRINTF) #define snprintf _snprintf +#endif #else /* !defined(_WIN32) */ #define raw_socketpair socketpair #define raw_closesocket close diff --git a/src/feature/api/tor_api.h b/src/feature/api/tor_api.h index e9993bb0d5..4391c77c5a 100644 --- a/src/feature/api/tor_api.h +++ b/src/feature/api/tor_api.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/api/tor_api_internal.h b/src/feature/api/tor_api_internal.h index d52b2caf44..5075922676 100644 --- a/src/feature/api/tor_api_internal.h +++ b/src/feature/api/tor_api_internal.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/client/addressmap.c b/src/feature/client/addressmap.c index e5bf2cc49c..8c3fb9a418 100644 --- a/src/feature/client/addressmap.c +++ b/src/feature/client/addressmap.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -576,7 +576,7 @@ void addressmap_register(const char *address, char *new_address, time_t expires, addressmap_entry_source_t source, const int wildcard_addr, - const int wildcard_new_addr) + const int wildcard_new_addr, uint64_t stream_id) { addressmap_entry_t *ent; @@ -626,7 +626,8 @@ addressmap_register(const char *address, char *new_address, time_t expires, log_info(LD_CONFIG, "Addressmap: (re)mapped '%s' to '%s'", safe_str_client(address), safe_str_client(ent->new_address)); - control_event_address_mapped(address, ent->new_address, expires, NULL, 1); + control_event_address_mapped(address, ent->new_address, + expires, NULL, 1, stream_id); } /** An attempt to resolve <b>address</b> failed at some OR. @@ -680,11 +681,15 @@ client_dns_set_addressmap_impl(entry_connection_t *for_conn, int ttl) { char *extendedaddress=NULL, *extendedval=NULL; - (void)for_conn; + uint64_t stream_id = 0; tor_assert(address); tor_assert(name); + if (for_conn) { + stream_id = ENTRY_TO_CONN(for_conn)->global_identifier; + } + if (ttl<0) ttl = DEFAULT_DNS_TTL; else @@ -705,7 +710,7 @@ client_dns_set_addressmap_impl(entry_connection_t *for_conn, "%s", name); } addressmap_register(extendedaddress, extendedval, - time(NULL) + ttl, ADDRMAPSRC_DNS, 0, 0); + time(NULL) + ttl, ADDRMAPSRC_DNS, 0, 0, stream_id); tor_free(extendedaddress); } @@ -1043,7 +1048,7 @@ addressmap_register_virtual_address(int type, char *new_address) log_info(LD_APP, "Registering map from %s to %s", *addrp, new_address); if (vent_needs_to_be_added) strmap_set(virtaddress_reversemap, new_address, vent); - addressmap_register(*addrp, new_address, 2, ADDRMAPSRC_AUTOMAP, 0, 0); + addressmap_register(*addrp, new_address, 2, ADDRMAPSRC_AUTOMAP, 0, 0, 0); /* FFFF register corresponding reverse mapping. */ diff --git a/src/feature/client/addressmap.h b/src/feature/client/addressmap.h index 7f1024e09a..54d3628a53 100644 --- a/src/feature/client/addressmap.h +++ b/src/feature/client/addressmap.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -36,7 +36,7 @@ int addressmap_have_mapping(const char *address, int update_timeout); void addressmap_register(const char *address, char *new_address, time_t expires, addressmap_entry_source_t source, const int address_wildcard, - const int new_address_wildcard); + const int new_address_wildcard, uint64_t stream_id); int parse_virtual_addr_network(const char *val, sa_family_t family, int validate_only, char **msg); diff --git a/src/feature/client/bridges.c b/src/feature/client/bridges.c index 96c3497c6f..9e36d26929 100644 --- a/src/feature/client/bridges.c +++ b/src/feature/client/bridges.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -943,9 +943,17 @@ rewrite_node_address_for_bridge(const bridge_info_t *bridge, node_t *node) } /** We just learned a descriptor for a bridge. See if that - * digest is in our entry guard list, and add it if not. */ + * digest is in our entry guard list, and add it if not. Schedule the + * next fetch for a long time from now, and initiate any follow-up + * activities like continuing to bootstrap. + * + * <b>from_cache</b> * tells us whether we fetched it from disk (else + * the network) + * + * <b>desc_is_new</b> tells us if we preferred it to the old version we + * had, if any. */ void -learned_bridge_descriptor(routerinfo_t *ri, int from_cache) +learned_bridge_descriptor(routerinfo_t *ri, int from_cache, int desc_is_new) { tor_assert(ri); tor_assert(ri->purpose == ROUTER_PURPOSE_BRIDGE); @@ -961,12 +969,14 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) if (bridge) { /* if we actually want to use this one */ node_t *node; - /* it's here; schedule its re-fetch for a long time from now. */ if (!from_cache) { /* This schedules the re-fetch at a constant interval, which produces * a pattern of bridge traffic. But it's better than trying all * configured bridges several times in the first few minutes. */ download_status_reset(&bridge->fetch_status); + /* it's here; schedule its re-fetch for a long time from now. */ + bridge->fetch_status.next_attempt_at += + get_options()->TestingBridgeDownloadInitialDelay; } node = node_get_mutable_by_id(ri->cache_info.identity_digest); @@ -982,8 +992,10 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) entry_guard_learned_bridge_identity(&bridge->addrport_configured, (const uint8_t*)ri->cache_info.identity_digest); - log_notice(LD_DIR, "new bridge descriptor '%s' (%s): %s", ri->nickname, - from_cache ? "cached" : "fresh", router_describe(ri)); + if (desc_is_new) + log_notice(LD_DIR, "new bridge descriptor '%s' (%s): %s", + ri->nickname, + from_cache ? "cached" : "fresh", router_describe(ri)); /* If we didn't have a reachable bridge before this one, try directory * documents again. */ if (first) { diff --git a/src/feature/client/bridges.h b/src/feature/client/bridges.h index f5ecc1b76d..dd3e498a0a 100644 --- a/src/feature/client/bridges.h +++ b/src/feature/client/bridges.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -46,7 +46,8 @@ void learned_router_identity(const tor_addr_t *addr, uint16_t port, void bridge_add_from_config(struct bridge_line_t *bridge_line); void retry_bridge_descriptor_fetch_directly(const char *digest); void fetch_bridge_descriptors(const or_options_t *options, time_t now); -void learned_bridge_descriptor(routerinfo_t *ri, int from_cache); +void learned_bridge_descriptor(routerinfo_t *ri, + int from_cache, int desc_is_new); const smartlist_t *get_socks_args_by_bridge_addrport(const tor_addr_t *addr, uint16_t port); diff --git a/src/feature/client/circpathbias.c b/src/feature/client/circpathbias.c index 29264135f9..ff9e05a645 100644 --- a/src/feature/client/circpathbias.c +++ b/src/feature/client/circpathbias.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/client/circpathbias.h b/src/feature/client/circpathbias.h index 88cc982dd4..e92756ae78 100644 --- a/src/feature/client/circpathbias.h +++ b/src/feature/client/circpathbias.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/client/dnsserv.c b/src/feature/client/dnsserv.c index c1981ecde0..f0bb0af100 100644 --- a/src/feature/client/dnsserv.c +++ b/src/feature/client/dnsserv.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -65,6 +65,9 @@ evdns_server_callback(struct evdns_server_request *req, void *data_) log_info(LD_APP, "Got a new DNS request!"); + /* Receiving a request on the DNSPort counts as user activity. */ + note_user_activity(approx_time()); + req->flags |= 0x80; /* set RA */ /* First, check whether the requesting address matches our SOCKSPolicy. */ diff --git a/src/feature/client/dnsserv.h b/src/feature/client/dnsserv.h index 4011cb4e02..ef2c8420c4 100644 --- a/src/feature/client/dnsserv.h +++ b/src/feature/client/dnsserv.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index 82866ea668..e7324487da 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -132,6 +132,7 @@ #include "feature/client/entrynodes.h" #include "feature/client/transports.h" #include "feature/control/control_events.h" +#include "feature/dirclient/dlstatus.h" #include "feature/dircommon/directory.h" #include "feature/nodelist/describe.h" #include "feature/nodelist/microdesc.h" @@ -559,7 +560,7 @@ get_extreme_restriction_threshold(void) int32_t pct = networkstatus_get_param(NULL, "guard-extreme-restriction-percent", DFLT_EXTREME_RESTRICTION_PERCENT, - 1, INT32_MAX); + 1, 100); return pct / 100.0; } @@ -576,6 +577,18 @@ mark_guard_maybe_reachable(entry_guard_t *guard) guard->is_reachable = GUARD_REACHABLE_MAYBE; if (guard->is_filtered_guard) guard->is_usable_filtered_guard = 1; + + /* Check if it is a bridge and we don't have its descriptor yet */ + if (guard->bridge_addr && !guard_has_descriptor(guard)) { + /* Reset the descriptor fetch retry schedule, so it gives it another + * go soon. It's important to keep any "REACHABLE_MAYBE" bridges in + * sync with the descriptor fetch schedule, since we will refuse to + * use the network until our first primary bridges are either + * known-usable or known-unusable. See bug 40396. */ + download_status_t *dl = get_bridge_dl_status_by_id(guard->identity); + if (dl) + download_status_reset(dl); + } } /** @@ -2046,6 +2059,14 @@ entry_guard_consider_retry(entry_guard_t *guard) get_retry_schedule(guard->failing_since, now, guard->is_primary); const time_t last_attempt = guard->last_tried_to_connect; + /* Check if it is a bridge and we don't have its descriptor yet */ + if (guard->bridge_addr && !guard_has_descriptor(guard)) { + /* We want to leave the retry schedule to fetch_bridge_descriptors(), + * so we don't have two retry schedules clobbering each other. See + * bugs 40396 and 40497 for details of why we need this exception. */ + return; + } + if (BUG(last_attempt == 0) || now >= last_attempt + delay) { /* We should mark this retriable. */ @@ -2271,6 +2292,13 @@ entry_guards_note_guard_failure(guard_selection_t *gs, guard->is_primary?"primary ":"", guard->confirmed_idx>=0?"confirmed ":"", entry_guard_describe(guard)); + + /* Schedule a re-assessment of whether we have enough dir info to + * use the network. Counterintuitively, *losing* a bridge might actually + * be just what we need to *resume* using the network, if we had it in + * state GUARD_REACHABLE_MAYBE and we were stalling to learn this + * outcome. See bug 40396 for more details. */ + router_dir_info_changed(); } /** @@ -2295,6 +2323,12 @@ entry_guards_note_guard_success(guard_selection_t *gs, /* If guard was not already marked as reachable, send a GUARD UP signal */ if (guard->is_reachable != GUARD_REACHABLE_YES) { control_event_guard(guard->nickname, guard->identity, "UP"); + + /* Schedule a re-assessment of whether we have enough dir info to + * use the network. One of our guards has just moved to + * GUARD_REACHABLE_YES, so maybe we can resume using the network + * now. */ + router_dir_info_changed(); } guard->is_reachable = GUARD_REACHABLE_YES; @@ -2709,7 +2743,7 @@ entry_guards_upgrade_waiting_circuits(guard_selection_t *gs, {NONPRIMARY_GUARD_CONNECT_TIMEOUT} seconds." */ circuit_guard_state_t *state = origin_circuit_get_guard_state(circ); - if BUG((state == NULL)) + if (BUG(state == NULL)) continue; if (state->state != GUARD_CIRC_STATE_COMPLETE) continue; @@ -3538,6 +3572,11 @@ entry_guards_changed_for_guard_selection(guard_selection_t *gs) entry_guards_update_guards_in_state() */ or_state_mark_dirty(get_or_state(), when); + + /* Schedule a re-assessment of whether we have enough dir info to + * use the network. When we add or remove or disable or enable a + * guard, the decision could shift. */ + router_dir_info_changed(); } /** Our list of entry guards has changed for the default guard selection @@ -3850,7 +3889,7 @@ guards_retry_optimistic(const or_options_t *options) * Check if we are missing any crucial dirinfo for the guard subsystem to * work. Return NULL if everything went well, otherwise return a newly * allocated string with an informative error message. In the latter case, use - * the genreal descriptor information <b>using_mds</b>, <b>num_present</b> and + * the general descriptor information <b>using_mds</b>, <b>num_present</b> and * <b>num_usable</b> to improve the error message. */ char * guard_selection_get_err_str_if_dir_info_missing(guard_selection_t *gs, @@ -3930,6 +3969,263 @@ guard_selection_free_(guard_selection_t *gs) tor_free(gs); } +/**********************************************************************/ + +/** Layer2 guard subsystem (vanguards-lite) used for onion service circuits */ + +/** A simple representation of a layer2 guard. We just need its identity so + * that we feed it into a routerset, and a sampled timestamp to do expiration + * checks. */ +typedef struct layer2_guard_t { + /** Identity of the guard */ + char identity[DIGEST_LEN]; + /** When does this guard expire? (randomized timestamp) */ + time_t expire_on_date; +} layer2_guard_t; + +#define layer2_guard_free(val) \ + FREE_AND_NULL(layer2_guard_t, layer2_guard_free_, (val)) + +/** Return true if the vanguards-lite subsystem is enabled */ +bool +vanguards_lite_is_enabled(void) +{ + /* First check torrc option and then maybe also the consensus parameter. */ + const or_options_t *options = get_options(); + + /* If the option is explicitly disabled, that's the final word here */ + if (options->VanguardsLiteEnabled == 0) { + return false; + } + + /* If the option is set to auto, then check the consensus parameter */ + if (options->VanguardsLiteEnabled == -1) { + return networkstatus_get_param(NULL, "vanguards-lite-enabled", + 1, /* default to "on" */ + 0, 1); + } + + /* else it's enabled */ + tor_assert_nonfatal(options->VanguardsLiteEnabled == 1); + return options->VanguardsLiteEnabled; +} + +static void +layer2_guard_free_(layer2_guard_t *l2) +{ + if (!l2) { + return; + } + + tor_free(l2); +} + +/** Global list and routerset of L2 guards. They are both synced and they get + * updated periodically. We need both the list and the routerset: we use the + * smartlist to keep track of expiration times and the routerset is what we + * return to the users of this subsystem. */ +static smartlist_t *layer2_guards = NULL; +static routerset_t *layer2_routerset = NULL; + +/** Number of L2 guards */ +#define NUMBER_SECOND_GUARDS 4 +/** Make sure that the number of L2 guards is less than the number of + * MAX_SANE_RESTRICTED_NODES */ +CTASSERT(NUMBER_SECOND_GUARDS < 20); + +/** Lifetime of L2 guards: + * 1 to 12 days, for an average of a week using the max(x,x) distribution */ +#define MIN_SECOND_GUARD_LIFETIME (3600*24) +#define MAX_SECOND_GUARD_LIFETIME (3600*24*12) + +/** Return the number of guards our L2 guardset should have */ +static int +get_number_of_layer2_hs_guards(void) +{ + return (int) networkstatus_get_param(NULL, + "guard-hs-l2-number", + NUMBER_SECOND_GUARDS, + 1, 19); +} + +/** Return the minimum lifetime of L2 guards */ +static int +get_min_lifetime_of_layer2_hs_guards(void) +{ + return (int) networkstatus_get_param(NULL, + "guard-hs-l2-lifetime-min", + MIN_SECOND_GUARD_LIFETIME, + 1, INT32_MAX); +} + +/** Return the maximum lifetime of L2 guards */ +static int +get_max_lifetime_of_layer2_hs_guards(void) +{ + return (int) networkstatus_get_param(NULL, + "guard-hs-l2-lifetime-max", + MAX_SECOND_GUARD_LIFETIME, + 1, INT32_MAX); +} + +/** + * Sample and return a lifetime for an L2 guard. + * + * Lifetime randomized uniformly between min and max consensus params. + */ +static int +get_layer2_hs_guard_lifetime(void) +{ + int min = get_min_lifetime_of_layer2_hs_guards(); + int max = get_max_lifetime_of_layer2_hs_guards(); + + if (BUG(min >= max)) { + return min; + } + + return crypto_rand_int_range(min, max); +} + +/** Maintain the L2 guard list. Make sure the list contains enough guards, do + * expirations as necessary, and keep all the data structures of this + * subsystem synchronized */ +void +maintain_layer2_guards(void) +{ + if (!router_have_minimum_dir_info()) { + return; + } + + /* Create the list if it doesn't exist */ + if (!layer2_guards) { + layer2_guards = smartlist_new(); + } + + /* Go through the list and perform any needed expirations */ + SMARTLIST_FOREACH_BEGIN(layer2_guards, layer2_guard_t *, g) { + /* Expire based on expiration date */ + if (g->expire_on_date <= approx_time()) { + log_info(LD_GENERAL, "Removing expired Layer2 guard %s", + safe_str_client(hex_str(g->identity, DIGEST_LEN))); + // Nickname may be gone from consensus and doesn't matter anyway + control_event_guard("None", g->identity, "BAD_L2"); + layer2_guard_free(g); + SMARTLIST_DEL_CURRENT_KEEPORDER(layer2_guards, g); + continue; + } + + /* Expire if relay has left consensus */ + if (router_get_consensus_status_by_id(g->identity) == NULL) { + log_info(LD_GENERAL, "Removing missing Layer2 guard %s", + safe_str_client(hex_str(g->identity, DIGEST_LEN))); + // Nickname may be gone from consensus and doesn't matter anyway + control_event_guard("None", g->identity, "BAD_L2"); + layer2_guard_free(g); + SMARTLIST_DEL_CURRENT_KEEPORDER(layer2_guards, g); + continue; + } + } SMARTLIST_FOREACH_END(g); + + /* Find out how many guards we need to add */ + int new_guards_needed_n = + get_number_of_layer2_hs_guards() - smartlist_len(layer2_guards); + if (new_guards_needed_n <= 0) { + return; + } + + log_info(LD_GENERAL, "Adding %d guards to Layer2 routerset", + new_guards_needed_n); + + /* First gather the exclusions based on our current L2 guards */ + smartlist_t *excluded = smartlist_new(); + SMARTLIST_FOREACH_BEGIN(layer2_guards, layer2_guard_t *, g) { + /* Exclude existing L2 guard so that we don't double-pick it. + * But, it's ok if they come from the same family. */ + const node_t *existing = node_get_by_id(g->identity); + if (existing) + smartlist_add(excluded, (node_t *)existing); + } SMARTLIST_FOREACH_END(g); + + /* Add required guards to the list */ + for (int i = 0; i < new_guards_needed_n; i++) { + const node_t *choice = NULL; + const or_options_t *options = get_options(); + /* Pick Stable nodes */ + router_crn_flags_t flags = CRN_NEED_DESC|CRN_NEED_UPTIME; + choice = router_choose_random_node(excluded, options->ExcludeNodes, flags); + if (!choice) { + break; + } + + /* We found our node: create an L2 guard out of it */ + layer2_guard_t *layer2_guard = tor_malloc_zero(sizeof(layer2_guard_t)); + memcpy(layer2_guard->identity, choice->identity, DIGEST_LEN); + layer2_guard->expire_on_date = approx_time() + + get_layer2_hs_guard_lifetime(); + smartlist_add(layer2_guards, layer2_guard); + log_info(LD_GENERAL, "Adding Layer2 guard %s", + safe_str_client(hex_str(layer2_guard->identity, DIGEST_LEN))); + // Nickname can also be None here because it is looked up later + control_event_guard("None", layer2_guard->identity, + "GOOD_L2"); + /* Exclude this node so that we don't double-pick it. (Again, coming + * from the same family is ok here.) */ + smartlist_add(excluded, (node_t *)choice); + } + + /* Some cleanup */ + smartlist_free(excluded); + + /* Now that the list is up to date, synchronize the routerset */ + routerset_free(layer2_routerset); + layer2_routerset = routerset_new(); + + SMARTLIST_FOREACH_BEGIN (layer2_guards, layer2_guard_t *, g) { + routerset_parse(layer2_routerset, + hex_str(g->identity, DIGEST_LEN), + "l2 guards"); + } SMARTLIST_FOREACH_END(g); +} + +/** + * Reset vanguards-lite list(s). + * + * Used for SIGNAL NEWNYM. + */ +void +purge_vanguards_lite(void) +{ + if (!layer2_guards) + return; + + /* Go through the list and perform any needed expirations */ + SMARTLIST_FOREACH_BEGIN(layer2_guards, layer2_guard_t *, g) { + layer2_guard_free(g); + } SMARTLIST_FOREACH_END(g); + + smartlist_clear(layer2_guards); + + /* Pick new l2 guards */ + maintain_layer2_guards(); +} + +/** Return a routerset containing the L2 guards or NULL if it's not yet + * initialized. Callers must not free the routerset. Designed for use in + * pick_vanguard_middle_node() and should not be used anywhere else. Do not + * store this pointer -- any future calls to maintain_layer2_guards() and + * purge_vanguards_lite() can invalidate it. */ +const routerset_t * +get_layer2_guards(void) +{ + if (!layer2_guards) { + maintain_layer2_guards(); + } + + return layer2_routerset; +} + +/*****************************************************************************/ + /** Release all storage held by the list of entry guards and related * memory structs. */ void @@ -3946,4 +4242,15 @@ entry_guards_free_all(void) guard_contexts = NULL; } circuit_build_times_free_timeouts(get_circuit_build_times_mutable()); + + if (!layer2_guards) { + return; + } + + SMARTLIST_FOREACH_BEGIN(layer2_guards, layer2_guard_t *, g) { + layer2_guard_free(g); + } SMARTLIST_FOREACH_END(g); + + smartlist_free(layer2_guards); + routerset_free(layer2_routerset); } diff --git a/src/feature/client/entrynodes.h b/src/feature/client/entrynodes.h index 4b236dc80c..08fd7cf745 100644 --- a/src/feature/client/entrynodes.h +++ b/src/feature/client/entrynodes.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -651,4 +651,9 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw, int orig_bandwidth, uint32_t guardfraction_percentage); +bool vanguards_lite_is_enabled(void); +const routerset_t *get_layer2_guards(void); +void maintain_layer2_guards(void); +void purge_vanguards_lite(void); + #endif /* !defined(TOR_ENTRYNODES_H) */ diff --git a/src/feature/client/proxymode.c b/src/feature/client/proxymode.c index aa269ec7fb..40b4a0b929 100644 --- a/src/feature/client/proxymode.c +++ b/src/feature/client/proxymode.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/client/proxymode.h b/src/feature/client/proxymode.h index 30be08ff78..4b2d554949 100644 --- a/src/feature/client/proxymode.h +++ b/src/feature/client/proxymode.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/client/transports.c b/src/feature/client/transports.c index 4b05d55494..80903ac9e5 100644 --- a/src/feature/client/transports.c +++ b/src/feature/client/transports.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2020, The Tor Project, Inc. */ +/* Copyright (c) 2011-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -843,7 +843,7 @@ handle_methods_done(const managed_proxy_t *mp) tor_assert(mp->transports); if (smartlist_len(mp->transports) == 0) - log_notice(LD_GENERAL, "Managed proxy '%s' was spawned successfully, " + log_warn(LD_GENERAL, "Managed proxy '%s' was spawned successfully, " "but it didn't launch any pluggable transport listeners!", mp->argv[0]); @@ -903,14 +903,22 @@ handle_proxy_line(const char *line, managed_proxy_t *mp) if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS) goto err; + /* Log the error but do not kill the managed proxy. + * A proxy may contain several transports and if one + * of them is misconfigured, we still want to use + * the other transports. A managed proxy with no usable + * transports will log a warning. + * See https://gitlab.torproject.org/tpo/core/tor/-/issues/7362 + * */ parse_client_method_error(line); - goto err; + return; } else if (!strcmpstart(line, PROTO_SMETHOD_ERROR)) { if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS) goto err; + /* Log the error but do not kill the managed proxy */ parse_server_method_error(line); - goto err; + return; } else if (!strcmpstart(line, PROTO_CMETHOD)) { if (mp->conf_state != PT_PROTO_ACCEPTING_METHODS) goto err; diff --git a/src/feature/client/transports.h b/src/feature/client/transports.h index 47b118e77b..3f08beadba 100644 --- a/src/feature/client/transports.h +++ b/src/feature/client/transports.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack.c b/src/feature/control/btrack.c index 405630ecd4..73a3eb6904 100644 --- a/src/feature/control/btrack.c +++ b/src/feature/control/btrack.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack_circuit.c b/src/feature/control/btrack_circuit.c index be51b51046..2ae8558986 100644 --- a/src/feature/control/btrack_circuit.c +++ b/src/feature/control/btrack_circuit.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack_circuit.h b/src/feature/control/btrack_circuit.h index 75699450c3..12fcc89a8a 100644 --- a/src/feature/control/btrack_circuit.h +++ b/src/feature/control/btrack_circuit.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack_orconn.c b/src/feature/control/btrack_orconn.c index 104c8af230..8b1b5788d0 100644 --- a/src/feature/control/btrack_orconn.c +++ b/src/feature/control/btrack_orconn.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack_orconn.h b/src/feature/control/btrack_orconn.h index 8b3d8be37d..6f9c391e6f 100644 --- a/src/feature/control/btrack_orconn.h +++ b/src/feature/control/btrack_orconn.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack_orconn_cevent.c b/src/feature/control/btrack_orconn_cevent.c index d11be59280..525f4f5d0d 100644 --- a/src/feature/control/btrack_orconn_cevent.c +++ b/src/feature/control/btrack_orconn_cevent.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack_orconn_cevent.h b/src/feature/control/btrack_orconn_cevent.h index 8b2207721e..a95eeeb03f 100644 --- a/src/feature/control/btrack_orconn_cevent.h +++ b/src/feature/control/btrack_orconn_cevent.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack_orconn_maps.c b/src/feature/control/btrack_orconn_maps.c index a60dffb8c4..2b458d5826 100644 --- a/src/feature/control/btrack_orconn_maps.c +++ b/src/feature/control/btrack_orconn_maps.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack_orconn_maps.h b/src/feature/control/btrack_orconn_maps.h index c83b22b1e8..7183b9bc3c 100644 --- a/src/feature/control/btrack_orconn_maps.h +++ b/src/feature/control/btrack_orconn_maps.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/btrack_sys.h b/src/feature/control/btrack_sys.h index 5a157b7b54..ab660f7efb 100644 --- a/src/feature/control/btrack_sys.h +++ b/src/feature/control/btrack_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control.c b/src/feature/control/control.c index 2aebe1aac6..ac37357818 100644 --- a/src/feature/control/control.c +++ b/src/feature/control/control.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -48,8 +48,8 @@ #include "feature/control/control_cmd.h" #include "feature/control/control_events.h" #include "feature/control/control_proto.h" -#include "feature/rend/rendcommon.h" -#include "feature/rend/rendservice.h" +#include "feature/hs/hs_common.h" +#include "feature/hs/hs_service.h" #include "lib/evloop/procmon.h" #include "feature/control/control_connection_st.h" @@ -240,9 +240,7 @@ connection_control_closed(control_connection_t *conn) */ if (conn->ephemeral_onion_services) { SMARTLIST_FOREACH_BEGIN(conn->ephemeral_onion_services, char *, cp) { - if (rend_valid_v2_service_id(cp)) { - rend_service_del_ephemeral(cp); - } else if (hs_address_is_valid(cp)) { + if (hs_address_is_valid(cp)) { hs_service_del_ephemeral(cp); } else { /* An invalid .onion in our list should NEVER happen */ diff --git a/src/feature/control/control.h b/src/feature/control/control.h index f884286ec7..fc6196133b 100644 --- a/src/feature/control/control.h +++ b/src/feature/control/control.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_auth.c b/src/feature/control/control_auth.c index b60623ab5c..2af6517493 100644 --- a/src/feature/control/control_auth.c +++ b/src/feature/control/control_auth.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_auth.h b/src/feature/control/control_auth.h index d4c1dd78a7..3d2d300b5a 100644 --- a/src/feature/control/control_auth.h +++ b/src/feature/control/control_auth.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_bootstrap.c b/src/feature/control/control_bootstrap.c index d6dfdad94e..26d7b99b07 100644 --- a/src/feature/control/control_bootstrap.c +++ b/src/feature/control/control_bootstrap.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_cmd.c b/src/feature/control/control_cmd.c index a1c5e55fe1..dd0cde4f7d 100644 --- a/src/feature/control/control_cmd.c +++ b/src/feature/control/control_cmd.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -33,13 +33,11 @@ #include "feature/control/control_getinfo.h" #include "feature/control/control_proto.h" #include "feature/hs/hs_control.h" +#include "feature/hs/hs_service.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerinfo.h" #include "feature/nodelist/routerlist.h" -#include "feature/rend/rendclient.h" #include "feature/rend/rendcommon.h" -#include "feature/rend/rendparse.h" -#include "feature/rend/rendservice.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" #include "lib/encoding/confline.h" @@ -53,11 +51,8 @@ #include "feature/control/control_connection_st.h" #include "feature/nodelist/node_st.h" #include "feature/nodelist/routerinfo_st.h" -#include "feature/rend/rend_authorized_client_st.h" -#include "feature/rend/rend_encoded_v2_service_descriptor_st.h" -#include "feature/rend/rend_service_descriptor_st.h" -#include "src/app/config/statefile.h" +#include "app/config/statefile.h" static int control_setconf_helper(control_connection_t *conn, const control_cmd_args_t *args, @@ -828,7 +823,10 @@ handle_control_extendcircuit(control_connection_t *conn, first_node = zero_circ; SMARTLIST_FOREACH(nodes, const node_t *, node, { - extend_info_t *info = extend_info_from_node(node, first_node); + /* We treat every hop as an exit to try to negotiate congestion + * control, because we have no idea which hop the controller wil + * try to use for streams and when */ + extend_info_t *info = extend_info_from_node(node, first_node, true); if (!info) { tor_assert_nonfatal(first_node); log_warn(LD_CONTROL, @@ -1082,7 +1080,7 @@ static const control_cmd_syntax_t redirectstream_syntax = { .max_args = UINT_MAX, // XXX should be 3. }; -/** Called when we receive a REDIRECTSTERAM command. Try to change the target +/** Called when we receive a REDIRECTSTREAM command. Try to change the target * address of the named AP stream, and report success or failure. */ static int handle_control_redirectstream(control_connection_t *conn, @@ -1235,7 +1233,7 @@ handle_control_resolve(control_connection_t *conn, send_control_done(conn); SMARTLIST_FOREACH(failed, const char *, arg, { control_event_address_mapped(arg, arg, time(NULL), - "internal", 0); + "internal", 0, 0); }); smartlist_free(failed); @@ -1445,9 +1443,7 @@ handle_control_hsfetch(control_connection_t *conn, const control_cmd_args_t *args) { - char *desc_id = NULL; smartlist_t *hsdirs = NULL; - rend_data_t *rend_query = NULL; ed25519_public_key_t v3_pk; uint32_t version; const char *hsaddress = NULL; @@ -1483,22 +1479,6 @@ handle_control_hsfetch(control_connection_t *conn, } } - if (version == HS_VERSION_TWO) { - rend_query = rend_data_client_create(hsaddress, desc_id, NULL, - REND_NO_AUTH); - if (rend_query == NULL) { - control_write_endreply(conn, 551, "Error creating the HS query"); - goto done; - } - } - - /* Using a descriptor ID, we force the user to provide at least one - * hsdir server using the SERVER= option. */ - if (desc_id && (!hsdirs || !smartlist_len(hsdirs))) { - control_write_endreply(conn, 512, "SERVER option is required"); - goto done; - } - /* We are about to trigger HSDir fetch so send the OK now because after * that 650 event(s) are possible so better to have the 250 OK before them * to avoid out of order replies. */ @@ -1507,16 +1487,13 @@ handle_control_hsfetch(control_connection_t *conn, /* Trigger the fetch using the built rend query and possibly a list of HS * directory to use. This function ignores the client cache thus this will * always send a fetch command. */ - if (version == HS_VERSION_TWO) { - rend_client_fetch_v2_desc(rend_query, hsdirs); - } else if (version == HS_VERSION_THREE) { + if (version == HS_VERSION_THREE) { hs_control_hsfetch_command(&v3_pk, hsdirs); } done: /* Contains data pointer that we don't own thus no cleanup. */ smartlist_free(hsdirs); - rend_data_free(rend_query); return 0; } @@ -1537,7 +1514,6 @@ handle_control_hspost(control_connection_t *conn, { smartlist_t *hs_dirs = NULL; const char *encoded_desc = args->cmddata; - size_t encoded_desc_len = args->cmddata_len; const char *onion_address = NULL; const config_line_t *line; @@ -1577,49 +1553,6 @@ handle_control_hspost(control_connection_t *conn, goto done; } - /* As for HSFETCH, we no longer support v2 on the network and so we stop - * right now. Code is not removed in order to minimize the merge forward - * conflicts. */ - goto done; - - /* From this point on, it is only v2. */ - - /* parse it. */ - rend_encoded_v2_service_descriptor_t *desc = - tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t)); - desc->desc_str = tor_memdup_nulterm(encoded_desc, encoded_desc_len); - - rend_service_descriptor_t *parsed = NULL; - char *intro_content = NULL; - size_t intro_size; - size_t encoded_size; - const char *next_desc; - if (!rend_parse_v2_service_descriptor(&parsed, desc->desc_id, &intro_content, - &intro_size, &encoded_size, - &next_desc, desc->desc_str, 1)) { - /* Post the descriptor. */ - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - if (!rend_get_service_id(parsed->pk, serviceid)) { - smartlist_t *descs = smartlist_new(); - smartlist_add(descs, desc); - - /* We are about to trigger HS descriptor upload so send the OK now - * because after that 650 event(s) are possible so better to have the - * 250 OK before them to avoid out of order replies. */ - send_control_done(conn); - - /* Trigger the descriptor upload */ - directory_post_to_hs_dir(parsed, descs, hs_dirs, serviceid, 0); - smartlist_free(descs); - } - - rend_service_descriptor_free(parsed); - } else { - control_write_endreply(conn, 554, "Invalid descriptor"); - } - - tor_free(intro_content); - rend_encoded_v2_service_descriptor_free(desc); done: smartlist_free(hs_dirs); /* Contents belong to the rend service code. */ return 0; @@ -1635,18 +1568,17 @@ handle_control_hspost(control_connection_t *conn, * The port_cfgs is a list of service port. Ownership transferred to service. * The max_streams refers to the MaxStreams= key. * The max_streams_close_circuit refers to the MaxStreamsCloseCircuit key. - * The auth_type is the authentication type of the clients in auth_clients. * The ownership of that list is transferred to the service. * * On success (RSAE_OKAY), the address_out points to a newly allocated string * containing the onion address without the .onion part. On error, address_out * is untouched. */ -static hs_service_add_ephemeral_status_t +STATIC hs_service_add_ephemeral_status_t add_onion_helper_add_service(int hs_version, add_onion_secret_key_t *pk, smartlist_t *port_cfgs, int max_streams, - int max_streams_close_circuit, int auth_type, - smartlist_t *auth_clients, char **address_out) + int max_streams_close_circuit, + smartlist_t *auth_clients_v3, char **address_out) { hs_service_add_ephemeral_status_t ret; @@ -1654,17 +1586,11 @@ add_onion_helper_add_service(int hs_version, tor_assert(port_cfgs); tor_assert(address_out); - /* Version 2 is disabled. */ - (void) auth_type; - (void) auth_clients; - switch (hs_version) { - case HS_VERSION_TWO: - ret = RSAE_INTERNAL; - break; case HS_VERSION_THREE: ret = hs_service_add_ephemeral(pk->v3, port_cfgs, max_streams, - max_streams_close_circuit, address_out); + max_streams_close_circuit, + auth_clients_v3, address_out); break; default: tor_assert_unreached(); @@ -1688,7 +1614,7 @@ get_detached_onion_services(void) } static const char *add_onion_keywords[] = { - "Port", "Flags", "MaxStreams", "ClientAuth", NULL + "Port", "Flags", "MaxStreams", "ClientAuth", "ClientAuthV3", NULL }; static const control_cmd_syntax_t add_onion_syntax = { .min_args = 1, .max_args = 1, @@ -1706,22 +1632,21 @@ handle_control_add_onion(control_connection_t *conn, * material first, since there's no reason to touch that at all if any of * the other arguments are malformed. */ + rend_auth_type_t auth_type = REND_NO_AUTH; smartlist_t *port_cfgs = smartlist_new(); - smartlist_t *auth_clients = NULL; - smartlist_t *auth_created_clients = NULL; + smartlist_t *auth_clients_v3 = NULL; + smartlist_t *auth_clients_v3_str = NULL; int discard_pk = 0; int detach = 0; int max_streams = 0; int max_streams_close_circuit = 0; - rend_auth_type_t auth_type = REND_NO_AUTH; int non_anonymous = 0; const config_line_t *arg; for (arg = args->kwargs; arg; arg = arg->next) { if (!strcasecmp(arg->key, "Port")) { /* "Port=VIRTPORT[,TARGET]". */ - rend_service_port_config_t *cfg = - rend_service_parse_port_config(arg->value, ",", NULL); + hs_port_config_t *cfg = hs_parse_port_config(arg->value, ",", NULL); if (!cfg) { control_write_endreply(conn, 512, "Invalid VIRTPORT/TARGET"); goto out; @@ -1752,7 +1677,7 @@ handle_control_add_onion(control_connection_t *conn, static const char *discard_flag = "DiscardPK"; static const char *detach_flag = "Detach"; static const char *max_s_close_flag = "MaxStreamsCloseCircuit"; - static const char *basicauth_flag = "BasicAuth"; + static const char *v3auth_flag = "V3Auth"; static const char *non_anonymous_flag = "NonAnonymous"; smartlist_t *flags = smartlist_new(); @@ -1771,8 +1696,8 @@ handle_control_add_onion(control_connection_t *conn, detach = 1; } else if (!strcasecmp(flag, max_s_close_flag)) { max_streams_close_circuit = 1; - } else if (!strcasecmp(flag, basicauth_flag)) { - auth_type = REND_BASIC_AUTH; + } else if (!strcasecmp(flag, v3auth_flag)) { + auth_type = REND_V3_AUTH; } else if (!strcasecmp(flag, non_anonymous_flag)) { non_anonymous = 1; } else { @@ -1786,36 +1711,21 @@ handle_control_add_onion(control_connection_t *conn, smartlist_free(flags); if (bad) goto out; - - } else if (!strcasecmp(arg->key, "ClientAuth")) { - int created = 0; - rend_authorized_client_t *client = - add_onion_helper_clientauth(arg->value, &created, conn); - if (!client) { + } else if (!strcasecmp(arg->key, "ClientAuthV3")) { + hs_service_authorized_client_t *client_v3 = + parse_authorized_client_key(arg->value, LOG_INFO); + if (!client_v3) { + control_write_endreply(conn, 512, "Cannot decode v3 client auth key"); goto out; } - if (auth_clients != NULL) { - int bad = 0; - SMARTLIST_FOREACH_BEGIN(auth_clients, rend_authorized_client_t *, ac) { - if (strcmp(ac->client_name, client->client_name) == 0) { - bad = 1; - break; - } - } SMARTLIST_FOREACH_END(ac); - if (bad) { - control_write_endreply(conn, 512, "Duplicate name in ClientAuth"); - rend_authorized_client_free(client); - goto out; - } - } else { - auth_clients = smartlist_new(); - auth_created_clients = smartlist_new(); - } - smartlist_add(auth_clients, client); - if (created) { - smartlist_add(auth_created_clients, client); + if (auth_clients_v3 == NULL) { + auth_clients_v3 = smartlist_new(); + auth_clients_v3_str = smartlist_new(); } + + smartlist_add(auth_clients_v3, client_v3); + smartlist_add(auth_clients_v3_str, tor_strdup(arg->value)); } else { tor_assert_nonfatal_unreached(); goto out; @@ -1824,20 +1734,14 @@ handle_control_add_onion(control_connection_t *conn, if (smartlist_len(port_cfgs) == 0) { control_write_endreply(conn, 512, "Missing 'Port' argument"); goto out; - } else if (auth_type == REND_NO_AUTH && auth_clients != NULL) { + } else if (auth_type == REND_NO_AUTH && auth_clients_v3 != NULL) { control_write_endreply(conn, 512, "No auth type specified"); goto out; - } else if (auth_type != REND_NO_AUTH && auth_clients == NULL) { + } else if (auth_type != REND_NO_AUTH && auth_clients_v3 == NULL) { control_write_endreply(conn, 512, "No auth clients specified"); goto out; - } else if ((auth_type == REND_BASIC_AUTH && - smartlist_len(auth_clients) > 512) || - (auth_type == REND_STEALTH_AUTH && - smartlist_len(auth_clients) > 16)) { - control_write_endreply(conn, 512, "Too many auth clients"); - goto out; - } else if (non_anonymous != rend_service_non_anonymous_mode_enabled( - get_options())) { + } else if (non_anonymous != hs_service_non_anonymous_mode_enabled( + get_options())) { /* If we failed, and the non-anonymous flag is set, Tor must be in * anonymous hidden service mode. * The error message changes based on the current Tor config: @@ -1864,25 +1768,16 @@ handle_control_add_onion(control_connection_t *conn, goto out; } - /* Hidden service version 3 don't have client authentication support so if - * ClientAuth was given, send back an error. */ - if (hs_version == HS_VERSION_THREE && auth_clients) { - control_write_endreply(conn, 513, "ClientAuth not supported"); - goto out; - } - - /* Create the HS, using private key pk, client authentication auth_type, - * the list of auth_clients, and port config port_cfg. - * rend_service_add_ephemeral() will take ownership of pk and port_cfg, - * regardless of success/failure. - */ + /* Create the HS, using private key pk and port config port_cfg. + * hs_service_add_ephemeral() will take ownership of pk and port_cfg, + * regardless of success/failure. */ char *service_id = NULL; int ret = add_onion_helper_add_service(hs_version, &pk, port_cfgs, max_streams, - max_streams_close_circuit, auth_type, - auth_clients, &service_id); - port_cfgs = NULL; /* port_cfgs is now owned by the rendservice code. */ - auth_clients = NULL; /* so is auth_clients */ + max_streams_close_circuit, + auth_clients_v3, &service_id); + port_cfgs = NULL; /* port_cfgs is now owned by the hs_service code. */ + auth_clients_v3 = NULL; /* so is auth_clients_v3 */ switch (ret) { case RSAE_OKAY: { @@ -1903,15 +1798,9 @@ handle_control_add_onion(control_connection_t *conn, control_printf_midreply(conn, 250, "PrivateKey=%s:%s", key_new_alg, key_new_blob); } - if (auth_created_clients) { - SMARTLIST_FOREACH(auth_created_clients, rend_authorized_client_t *, ac, { - char *encoded = rend_auth_encode_cookie(ac->descriptor_cookie, - auth_type); - tor_assert(encoded); - control_printf_midreply(conn, 250, "ClientAuth=%s:%s", - ac->client_name, encoded); - memwipe(encoded, 0, strlen(encoded)); - tor_free(encoded); + if (auth_clients_v3_str) { + SMARTLIST_FOREACH(auth_clients_v3_str, char *, client_str, { + control_printf_midreply(conn, 250, "ClientAuthV3=%s", client_str); }); } @@ -1941,20 +1830,21 @@ handle_control_add_onion(control_connection_t *conn, out: if (port_cfgs) { - SMARTLIST_FOREACH(port_cfgs, rend_service_port_config_t*, p, - rend_service_port_config_free(p)); + SMARTLIST_FOREACH(port_cfgs, hs_port_config_t*, p, + hs_port_config_free(p)); smartlist_free(port_cfgs); } - - if (auth_clients) { - SMARTLIST_FOREACH(auth_clients, rend_authorized_client_t *, ac, - rend_authorized_client_free(ac)); - smartlist_free(auth_clients); + if (auth_clients_v3) { + SMARTLIST_FOREACH(auth_clients_v3, hs_service_authorized_client_t *, ac, + service_authorized_client_free(ac)); + smartlist_free(auth_clients_v3); } - if (auth_created_clients) { - // Do not free entries; they are the same as auth_clients - smartlist_free(auth_created_clients); + if (auth_clients_v3_str) { + SMARTLIST_FOREACH(auth_clients_v3_str, char *, client_str, + tor_free(client_str)); + smartlist_free(auth_clients_v3_str); } + return 0; } @@ -1978,7 +1868,6 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, control_connection_t *conn) { smartlist_t *key_args = smartlist_new(); - crypto_pk_t *pk = NULL; const char *key_new_alg = NULL; char *key_new_blob = NULL; int ret = -1; @@ -1992,27 +1881,12 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, /* The format is "KeyType:KeyBlob". */ static const char *key_type_new = "NEW"; static const char *key_type_best = "BEST"; - static const char *key_type_rsa1024 = "RSA1024"; static const char *key_type_ed25519_v3 = "ED25519-V3"; const char *key_type = smartlist_get(key_args, 0); const char *key_blob = smartlist_get(key_args, 1); - if (!strcasecmp(key_type_rsa1024, key_type)) { - /* "RSA:<Base64 Blob>" - Loading a pre-existing RSA1024 key. */ - pk = crypto_pk_base64_decode_private(key_blob, strlen(key_blob)); - if (!pk) { - control_write_endreply(conn, 512, "Failed to decode RSA key"); - goto err; - } - if (crypto_pk_num_bits(pk) != PK_BYTES*8) { - crypto_pk_free(pk); - control_write_endreply(conn, 512, "Invalid RSA key size"); - goto err; - } - decoded_key->v2 = pk; - *hs_version = HS_VERSION_TWO; - } else if (!strcasecmp(key_type_ed25519_v3, key_type)) { + if (!strcasecmp(key_type_ed25519_v3, key_type)) { /* parsing of private ed25519 key */ /* "ED25519-V3:<Base64 Blob>" - Loading a pre-existing ed25519 key. */ ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk)); @@ -2026,27 +1900,8 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, *hs_version = HS_VERSION_THREE; } else if (!strcasecmp(key_type_new, key_type)) { /* "NEW:<Algorithm>" - Generating a new key, blob as algorithm. */ - if (!strcasecmp(key_type_rsa1024, key_blob)) { - /* "RSA1024", RSA 1024 bit, also currently "BEST" by default. */ - pk = crypto_pk_new(); - if (crypto_pk_generate_key(pk)) { - control_printf_endreply(conn, 551, "Failed to generate %s key", - key_type_rsa1024); - goto err; - } - if (!discard_pk) { - if (crypto_pk_base64_encode_private(pk, &key_new_blob)) { - crypto_pk_free(pk); - control_printf_endreply(conn, 551, "Failed to encode %s key", - key_type_rsa1024); - goto err; - } - key_new_alg = key_type_rsa1024; - } - decoded_key->v2 = pk; - *hs_version = HS_VERSION_TWO; - } else if (!strcasecmp(key_type_ed25519_v3, key_blob) || - !strcasecmp(key_type_best, key_blob)) { + if (!strcasecmp(key_type_ed25519_v3, key_blob) || + !strcasecmp(key_type_best, key_blob)) { /* "ED25519-V3", ed25519 key, also currently "BEST" by default. */ ed25519_secret_key_t *sk = tor_malloc_zero(sizeof(*sk)); if (ed25519_secret_key_generate(sk, 1) < 0) { @@ -2095,68 +1950,6 @@ add_onion_helper_keyarg(const char *arg, int discard_pk, return ret; } -/** Helper function to handle parsing a ClientAuth argument to the - * ADD_ONION command. Return a new rend_authorized_client_t, or NULL - * and an optional control protocol error message on failure. The - * caller is responsible for freeing the returned auth_client. - * - * If 'created' is specified, it will be set to 1 when a new cookie has - * been generated. - * - * Note: conn is only used for writing control replies. For testing - * purposes, it can be NULL if control_write_reply() is appropriately - * mocked. - */ -STATIC rend_authorized_client_t * -add_onion_helper_clientauth(const char *arg, int *created, - control_connection_t *conn) -{ - int ok = 0; - - tor_assert(arg); - tor_assert(created); - - smartlist_t *auth_args = smartlist_new(); - rend_authorized_client_t *client = - tor_malloc_zero(sizeof(rend_authorized_client_t)); - smartlist_split_string(auth_args, arg, ":", 0, 0); - if (smartlist_len(auth_args) < 1 || smartlist_len(auth_args) > 2) { - control_write_endreply(conn, 512, "Invalid ClientAuth syntax"); - goto err; - } - client->client_name = tor_strdup(smartlist_get(auth_args, 0)); - if (smartlist_len(auth_args) == 2) { - char *decode_err_msg = NULL; - if (rend_auth_decode_cookie(smartlist_get(auth_args, 1), - client->descriptor_cookie, - NULL, &decode_err_msg) < 0) { - tor_assert(decode_err_msg); - control_write_endreply(conn, 512, decode_err_msg); - tor_free(decode_err_msg); - goto err; - } - *created = 0; - } else { - crypto_rand((char *) client->descriptor_cookie, REND_DESC_COOKIE_LEN); - *created = 1; - } - - if (!rend_valid_client_name(client->client_name)) { - control_write_endreply(conn, 512, "Invalid name in ClientAuth"); - goto err; - } - - ok = 1; - err: - SMARTLIST_FOREACH(auth_args, char *, item, tor_free(item)); - smartlist_free(auth_args); - if (!ok) { - rend_authorized_client_free(client); - client = NULL; - } - return client; -} - static const control_cmd_syntax_t del_onion_syntax = { .min_args = 1, .max_args = 1, }; @@ -2172,9 +1965,7 @@ handle_control_del_onion(control_connection_t *conn, tor_assert(smartlist_len(args) == 1); const char *service_id = smartlist_get(args, 0); - if (rend_valid_v2_service_id(service_id)) { - hs_version = HS_VERSION_TWO; - } else if (hs_address_is_valid(service_id)) { + if (hs_address_is_valid(service_id)) { hs_version = HS_VERSION_THREE; } else { control_write_endreply(conn, 512, "Malformed Onion Service id"); @@ -2205,9 +1996,6 @@ handle_control_del_onion(control_connection_t *conn, } else { int ret = -1; switch (hs_version) { - case HS_VERSION_TWO: - ret = rend_service_del_ephemeral(service_id); - break; case HS_VERSION_THREE: ret = hs_service_del_ephemeral(service_id); break; diff --git a/src/feature/control/control_cmd.h b/src/feature/control/control_cmd.h index 0ff0f0755f..8cbe70a2ed 100644 --- a/src/feature/control/control_cmd.h +++ b/src/feature/control/control_cmd.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -75,14 +75,13 @@ typedef struct control_cmd_syntax_t { } control_cmd_syntax_t; #ifdef CONTROL_CMD_PRIVATE +#include "feature/hs/hs_service.h" #include "lib/crypt_ops/crypto_ed25519.h" /* ADD_ONION secret key to create an ephemeral service. The command supports * multiple versions so this union stores the key and passes it to the HS * subsystem depending on the requested version. */ typedef union add_onion_secret_key_t { - /* Hidden service v2 secret key. */ - crypto_pk_t *v2; /* Hidden service v3 secret key. */ ed25519_secret_key_t *v3; } add_onion_secret_key_t; @@ -94,8 +93,12 @@ STATIC int add_onion_helper_keyarg(const char *arg, int discard_pk, int *hs_version, control_connection_t *conn); -STATIC rend_authorized_client_t *add_onion_helper_clientauth(const char *arg, - int *created, control_connection_t *conn); +STATIC hs_service_add_ephemeral_status_t add_onion_helper_add_service( + int hs_version, + add_onion_secret_key_t *pk, + smartlist_t *port_cfgs, int max_streams, + int max_streams_close_circuit, + smartlist_t *auth_clients_v3, char **address_out); STATIC control_cmd_args_t *control_cmd_parse_args( const char *command, diff --git a/src/feature/control/control_cmd_args_st.h b/src/feature/control/control_cmd_args_st.h index e7d064c6fe..f97be52605 100644 --- a/src/feature/control/control_cmd_args_st.h +++ b/src/feature/control/control_cmd_args_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_connection_st.h b/src/feature/control/control_connection_st.h index 9e410324e0..a4ce0da7c5 100644 --- a/src/feature/control/control_connection_st.h +++ b/src/feature/control/control_connection_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_events.c b/src/feature/control/control_events.c index 0dd52659ec..4c8cf9a425 100644 --- a/src/feature/control/control_events.c +++ b/src/feature/control/control_events.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -21,6 +21,7 @@ #include "core/or/command.h" #include "core/or/connection_edge.h" #include "core/or/connection_or.h" +#include "core/or/congestion_control_common.h" #include "core/or/reasons.h" #include "feature/control/control.h" #include "feature/control/control_events.h" @@ -819,6 +820,10 @@ control_event_stream_status(entry_connection_t *conn, stream_status_event_t tp, case STREAM_EVENT_FAILED_RETRIABLE: status = "DETACHED"; break; case STREAM_EVENT_REMAP: status = "REMAP"; break; case STREAM_EVENT_CONTROLLER_WAIT: status = "CONTROLLER_WAIT"; break; + case STREAM_EVENT_XOFF_SENT: status = "XOFF_SENT"; break; + case STREAM_EVENT_XOFF_RECV: status = "XOFF_RECV"; break; + case STREAM_EVENT_XON_SENT: status = "XON_SENT"; break; + case STREAM_EVENT_XON_RECV: status = "XON_RECV"; break; default: log_warn(LD_BUG, "Unrecognized status code %d", (int)tp); return 0; @@ -1075,10 +1080,12 @@ control_event_circ_bandwidth_used_for_circ(origin_circuit_t *ocirc) tor_gettimeofday(&now); format_iso_time_nospace_usec(tbuf, &now); + + char *ccontrol_buf = congestion_control_get_control_port_fields(ocirc); send_control_event(EVENT_CIRC_BANDWIDTH_USED, "650 CIRC_BW ID=%d READ=%lu WRITTEN=%lu TIME=%s " "DELIVERED_READ=%lu OVERHEAD_READ=%lu " - "DELIVERED_WRITTEN=%lu OVERHEAD_WRITTEN=%lu\r\n", + "DELIVERED_WRITTEN=%lu OVERHEAD_WRITTEN=%lu%s\r\n", ocirc->global_identifier, (unsigned long)ocirc->n_read_circ_bw, (unsigned long)ocirc->n_written_circ_bw, @@ -1086,11 +1093,16 @@ control_event_circ_bandwidth_used_for_circ(origin_circuit_t *ocirc) (unsigned long)ocirc->n_delivered_read_circ_bw, (unsigned long)ocirc->n_overhead_read_circ_bw, (unsigned long)ocirc->n_delivered_written_circ_bw, - (unsigned long)ocirc->n_overhead_written_circ_bw); + (unsigned long)ocirc->n_overhead_written_circ_bw, + ccontrol_buf ? ccontrol_buf : ""); + ocirc->n_written_circ_bw = ocirc->n_read_circ_bw = 0; ocirc->n_overhead_written_circ_bw = ocirc->n_overhead_read_circ_bw = 0; ocirc->n_delivered_written_circ_bw = ocirc->n_delivered_read_circ_bw = 0; + if (ccontrol_buf) + tor_free(ccontrol_buf); + return 0; } @@ -1477,31 +1489,40 @@ control_event_descriptors_changed(smartlist_t *routers) * mode of the mapping. */ int -control_event_address_mapped(const char *from, const char *to, time_t expires, - const char *error, const int cached) +control_event_address_mapped(const char *from, const char *to, + time_t expires, const char *error, + const int cached, uint64_t stream_id) { + char *stream_id_str = NULL; if (!EVENT_IS_INTERESTING(EVENT_ADDRMAP)) return 0; + if (stream_id) { + tor_asprintf(&stream_id_str, " STREAMID=%"PRIu64"", stream_id); + } + if (expires < 3 || expires == TIME_MAX) send_control_event(EVENT_ADDRMAP, "650 ADDRMAP %s %s NEVER %s%s" - "CACHED=\"%s\"\r\n", - from, to, error?error:"", error?" ":"", - cached?"YES":"NO"); + "CACHED=\"%s\"%s\r\n", + from, to, error ? error : "", error ? " " : "", + cached ? "YES" : "NO", + stream_id ? stream_id_str : ""); else { char buf[ISO_TIME_LEN+1]; char buf2[ISO_TIME_LEN+1]; format_local_iso_time(buf,expires); format_iso_time(buf2,expires); send_control_event(EVENT_ADDRMAP, - "650 ADDRMAP %s %s \"%s\"" - " %s%sEXPIRES=\"%s\" CACHED=\"%s\"\r\n", - from, to, buf, - error?error:"", error?" ":"", - buf2, cached?"YES":"NO"); + "650 ADDRMAP %s %s \"%s\" %s%sEXPIRES=\"%s\" " + "CACHED=\"%s\"%s\r\n", + from, to, buf, error ? error : "", + error ? " " : "", buf2, cached ? "YES" : "NO", + stream_id ? stream_id_str: ""); } + tor_free(stream_id_str); + return 0; } /** The network liveness has changed; this is called from circuitstats.c @@ -1921,11 +1942,8 @@ rend_auth_type_to_string(rend_auth_type_t auth_type) case REND_NO_AUTH: str = "NO_AUTH"; break; - case REND_BASIC_AUTH: - str = "BASIC_AUTH"; - break; - case REND_STEALTH_AUTH: - str = "STEALTH_AUTH"; + case REND_V3_AUTH: + str = "REND_V3_AUTH"; break; default: str = "UNKNOWN"; @@ -2054,8 +2072,6 @@ control_event_hs_descriptor_upload(const char *onion_address, /** send HS_DESC event after got response from hs directory. * * NOTE: this is an internal function used by following functions: - * control_event_hsv2_descriptor_received - * control_event_hsv2_descriptor_failed * control_event_hsv3_descriptor_failed * * So do not call this function directly. @@ -2126,82 +2142,6 @@ control_event_hs_descriptor_upload_end(const char *action, tor_free(reason_field); } -/** For an HS descriptor query <b>rend_data</b>, using the - * <b>onion_address</b> and HSDir fingerprint <b>hsdir_fp</b>, find out - * which descriptor ID in the query is the right one. - * - * Return a pointer of the binary descriptor ID found in the query's object - * or NULL if not found. */ -static const char * -get_desc_id_from_query(const rend_data_t *rend_data, const char *hsdir_fp) -{ - int replica; - const char *desc_id = NULL; - const rend_data_v2_t *rend_data_v2 = TO_REND_DATA_V2(rend_data); - - /* Possible if the fetch was done using a descriptor ID. This means that - * the HSFETCH command was used. */ - if (!tor_digest_is_zero(rend_data_v2->desc_id_fetch)) { - desc_id = rend_data_v2->desc_id_fetch; - goto end; - } - - /* Without a directory fingerprint at this stage, we can't do much. */ - if (hsdir_fp == NULL) { - goto end; - } - - /* OK, we have an onion address so now let's find which descriptor ID - * is the one associated with the HSDir fingerprint. */ - for (replica = 0; replica < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; - replica++) { - const char *digest = rend_data_get_desc_id(rend_data, replica, NULL); - - SMARTLIST_FOREACH_BEGIN(rend_data->hsdirs_fp, char *, fingerprint) { - if (tor_memcmp(fingerprint, hsdir_fp, DIGEST_LEN) == 0) { - /* Found it! This descriptor ID is the right one. */ - desc_id = digest; - goto end; - } - } SMARTLIST_FOREACH_END(fingerprint); - } - - end: - return desc_id; -} - -/** send HS_DESC RECEIVED event - * - * called when we successfully received a hidden service descriptor. - */ -void -control_event_hsv2_descriptor_received(const char *onion_address, - const rend_data_t *rend_data, - const char *hsdir_id_digest) -{ - char *desc_id_field = NULL; - const char *desc_id; - - if (BUG(!rend_data || !hsdir_id_digest || !onion_address)) { - return; - } - - desc_id = get_desc_id_from_query(rend_data, hsdir_id_digest); - if (desc_id != NULL) { - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - /* Set the descriptor ID digest to base32 so we can send it. */ - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id, - DIGEST_LEN); - /* Extra whitespace is needed before the value. */ - tor_asprintf(&desc_id_field, " %s", desc_id_base32); - } - - event_hs_descriptor_receive_end("RECEIVED", onion_address, desc_id_field, - TO_REND_DATA_V2(rend_data)->auth_type, - hsdir_id_digest, NULL); - tor_free(desc_id_field); -} - /* Send HS_DESC RECEIVED event * * Called when we successfully received a hidden service descriptor. */ @@ -2241,40 +2181,6 @@ control_event_hs_descriptor_uploaded(const char *id_digest, id_digest, NULL); } -/** Send HS_DESC event to inform controller that query <b>rend_data</b> - * failed to retrieve hidden service descriptor from directory identified by - * <b>id_digest</b>. If NULL, "UNKNOWN" is used. If <b>reason</b> is not NULL, - * add it to REASON= field. - */ -void -control_event_hsv2_descriptor_failed(const rend_data_t *rend_data, - const char *hsdir_id_digest, - const char *reason) -{ - char *desc_id_field = NULL; - const char *desc_id; - - if (BUG(!rend_data)) { - return; - } - - desc_id = get_desc_id_from_query(rend_data, hsdir_id_digest); - if (desc_id != NULL) { - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - /* Set the descriptor ID digest to base32 so we can send it. */ - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id, - DIGEST_LEN); - /* Extra whitespace is needed before the value. */ - tor_asprintf(&desc_id_field, " %s", desc_id_base32); - } - - event_hs_descriptor_receive_end("FAILED", rend_data_get_address(rend_data), - desc_id_field, - TO_REND_DATA_V2(rend_data)->auth_type, - hsdir_id_digest, reason); - tor_free(desc_id_field); -} - /** Send HS_DESC event to inform controller that the query to * <b>onion_address</b> failed to retrieve hidden service descriptor * <b>desc_id</b> from directory identified by <b>hsdir_id_digest</b>. If diff --git a/src/feature/control/control_events.h b/src/feature/control/control_events.h index 0ac233cc6e..901d2701cf 100644 --- a/src/feature/control/control_events.h +++ b/src/feature/control/control_events.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -37,7 +37,11 @@ typedef enum stream_status_event_t { STREAM_EVENT_NEW_RESOLVE = 6, STREAM_EVENT_FAILED_RETRIABLE = 7, STREAM_EVENT_REMAP = 8, - STREAM_EVENT_CONTROLLER_WAIT = 9 + STREAM_EVENT_CONTROLLER_WAIT = 9, + STREAM_EVENT_XOFF_SENT = 10, + STREAM_EVENT_XOFF_RECV = 11, + STREAM_EVENT_XON_SENT = 12, + STREAM_EVENT_XON_RECV = 13 } stream_status_event_t; /** Used to indicate the type of a buildtime event */ @@ -137,7 +141,7 @@ void control_event_logmsg_pending(void); int control_event_descriptors_changed(smartlist_t *routers); int control_event_address_mapped(const char *from, const char *to, time_t expires, const char *error, - const int cached); + const int cached, uint64_t stream_id); int control_event_my_descriptor_changed(void); int control_event_network_liveness_update(int liveness); int control_event_networkstatus_changed(smartlist_t *statuses); @@ -202,13 +206,6 @@ void control_event_hs_descriptor_upload_end(const char *action, const char *reason); void control_event_hs_descriptor_uploaded(const char *hs_dir, const char *onion_address); -/* Hidden service v2 HS_DESC specific. */ -void control_event_hsv2_descriptor_failed(const rend_data_t *rend_data, - const char *id_digest, - const char *reason); -void control_event_hsv2_descriptor_received(const char *onion_address, - const rend_data_t *rend_data, - const char *id_digest); /* Hidden service v3 HS_DESC specific. */ void control_event_hsv3_descriptor_failed(const char *onion_address, const char *desc_id, diff --git a/src/feature/control/control_fmt.c b/src/feature/control/control_fmt.c index 014427c5b5..cc8686818a 100644 --- a/src/feature/control/control_fmt.c +++ b/src/feature/control/control_fmt.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -122,15 +122,11 @@ circuit_describe_status_for_controller(origin_circuit_t *circ) } } - if (circ->rend_data != NULL || circ->hs_ident != NULL) { + if (circ->hs_ident != NULL) { char addr[HS_SERVICE_ADDR_LEN_BASE32 + 1]; const char *onion_address; - if (circ->rend_data) { - onion_address = rend_data_get_address(circ->rend_data); - } else { - hs_build_address(&circ->hs_ident->identity_pk, HS_VERSION_THREE, addr); - onion_address = addr; - } + hs_build_address(&circ->hs_ident->identity_pk, HS_VERSION_THREE, addr); + onion_address = addr; smartlist_add_asprintf(descparts, "REND_QUERY=%s", onion_address); } diff --git a/src/feature/control/control_fmt.h b/src/feature/control/control_fmt.h index f3357cfc4e..acd4be752d 100644 --- a/src/feature/control/control_fmt.h +++ b/src/feature/control/control_fmt.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_getinfo.c b/src/feature/control/control_getinfo.c index 899f188546..e6874b0cf5 100644 --- a/src/feature/control/control_getinfo.c +++ b/src/feature/control/control_getinfo.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -47,7 +47,6 @@ #include "feature/relay/router.h" #include "feature/relay/routermode.h" #include "feature/relay/selftest.h" -#include "feature/rend/rendcache.h" #include "feature/stats/geoip_stats.h" #include "feature/stats/predict_ports.h" #include "feature/stats/rephist.h" @@ -540,25 +539,14 @@ getinfo_helper_dir(control_connection_t *control_conn, hostname_type_t addr_type; question += strlen("hs/client/desc/id/"); - if (rend_valid_v2_service_id(question)) { - addr_type = ONION_V2_HOSTNAME; - } else if (hs_address_is_valid(question)) { + if (hs_address_is_valid(question)) { addr_type = ONION_V3_HOSTNAME; } else { *errmsg = "Invalid address"; return -1; } - if (addr_type == ONION_V2_HOSTNAME) { - rend_cache_entry_t *e = NULL; - if (!rend_cache_lookup_entry(question, -1, &e)) { - /* Descriptor found in cache */ - *answer = tor_strdup(e->desc); - } else { - *errmsg = "Not found in cache"; - return -1; - } - } else { + if (addr_type == ONION_V3_HOSTNAME) { ed25519_public_key_t service_pk; const char *desc; @@ -582,25 +570,14 @@ getinfo_helper_dir(control_connection_t *control_conn, hostname_type_t addr_type; question += strlen("hs/service/desc/id/"); - if (rend_valid_v2_service_id(question)) { - addr_type = ONION_V2_HOSTNAME; - } else if (hs_address_is_valid(question)) { + if (hs_address_is_valid(question)) { addr_type = ONION_V3_HOSTNAME; } else { *errmsg = "Invalid address"; return -1; } - rend_cache_entry_t *e = NULL; - if (addr_type == ONION_V2_HOSTNAME) { - if (!rend_cache_lookup_v2_desc_as_service(question, &e)) { - /* Descriptor found in cache */ - *answer = tor_strdup(e->desc); - } else { - *errmsg = "Not found in cache"; - return -1; - } - } else { + if (addr_type == ONION_V3_HOSTNAME) { ed25519_public_key_t service_pk; char *desc; diff --git a/src/feature/control/control_getinfo.h b/src/feature/control/control_getinfo.h index f61d632446..17f6352865 100644 --- a/src/feature/control/control_getinfo.h +++ b/src/feature/control/control_getinfo.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_hs.c b/src/feature/control/control_hs.c index 54b767cd0d..d1a5c0a3a9 100644 --- a/src/feature/control/control_hs.c +++ b/src/feature/control/control_hs.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2019-2020, The Tor Project, Inc. */ + * Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_hs.h b/src/feature/control/control_hs.h index 8a0cd6818d..5b1bbd2008 100644 --- a/src/feature/control/control_hs.h +++ b/src/feature/control/control_hs.h @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2019-2020, The Tor Project, Inc. */ + * Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_proto.c b/src/feature/control/control_proto.c index 98715ad9d5..319bb438b8 100644 --- a/src/feature/control/control_proto.c +++ b/src/feature/control/control_proto.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/control_proto.h b/src/feature/control/control_proto.h index 4c32b820d1..c95e1824a1 100644 --- a/src/feature/control/control_proto.h +++ b/src/feature/control/control_proto.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/getinfo_geoip.c b/src/feature/control/getinfo_geoip.c index 542f3e97f7..be89c2c641 100644 --- a/src/feature/control/getinfo_geoip.c +++ b/src/feature/control/getinfo_geoip.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/control/getinfo_geoip.h b/src/feature/control/getinfo_geoip.h index 5bc4b08414..5bd6d37191 100644 --- a/src/feature/control/getinfo_geoip.h +++ b/src/feature/control/getinfo_geoip.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/authmode.c b/src/feature/dirauth/authmode.c index 0fde7bc679..de3261096e 100644 --- a/src/feature/dirauth/authmode.c +++ b/src/feature/dirauth/authmode.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/authmode.h b/src/feature/dirauth/authmode.h index 6e6ba7f8ae..abc2aee20e 100644 --- a/src/feature/dirauth/authmode.h +++ b/src/feature/dirauth/authmode.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/bridgeauth.c b/src/feature/dirauth/bridgeauth.c index b7bf3e4e04..ade30ed6b1 100644 --- a/src/feature/dirauth/bridgeauth.c +++ b/src/feature/dirauth/bridgeauth.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/bridgeauth.h b/src/feature/dirauth/bridgeauth.h index 382d1cfcb8..dd02818987 100644 --- a/src/feature/dirauth/bridgeauth.h +++ b/src/feature/dirauth/bridgeauth.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/bwauth.c b/src/feature/dirauth/bwauth.c index ff0c78f018..90b425842a 100644 --- a/src/feature/dirauth/bwauth.c +++ b/src/feature/dirauth/bwauth.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/bwauth.h b/src/feature/dirauth/bwauth.h index 849c58e2fc..e981daf9a2 100644 --- a/src/feature/dirauth/bwauth.h +++ b/src/feature/dirauth/bwauth.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dirauth_config.c b/src/feature/dirauth/dirauth_config.c index 1ffd33e5f1..f98513ef75 100644 --- a/src/feature/dirauth/dirauth_config.c +++ b/src/feature/dirauth/dirauth_config.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -434,6 +434,11 @@ dirauth_options_validate(const void *arg, char **msg) "Recommended*Versions."); } + if (options->AuthDirVoteGuardBwThresholdFraction > 1.0 || + options->AuthDirVoteGuardBwThresholdFraction < 0.0) { + REJECT("Guard bandwdith threshold fraction is invalid."); + } + char *t; /* Call these functions to produce warnings only. */ t = format_recommended_version_list(options->RecommendedClientVersions, 1); diff --git a/src/feature/dirauth/dirauth_config.h b/src/feature/dirauth/dirauth_config.h index 9042ff8779..00e37740c4 100644 --- a/src/feature/dirauth/dirauth_config.h +++ b/src/feature/dirauth/dirauth_config.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dirauth_options.inc b/src/feature/dirauth/dirauth_options.inc index 05726b8c2f..a43ed285ce 100644 --- a/src/feature/dirauth/dirauth_options.inc +++ b/src/feature/dirauth/dirauth_options.inc @@ -27,6 +27,10 @@ CONF_VAR(AuthDirHasIPv6Connectivity, BOOL, 0, "0") * good. */ CONF_VAR(AuthDirListBadExits, BOOL, 0, "0") +/** True iff we should list middle-only relays, and vote for all other + * relays as possibly suitable for other positions. */ +CONF_VAR(AuthDirListMiddleOnly, BOOL, 0, "0") + /** Do not permit more than this number of servers per IP address. */ CONF_VAR(AuthDirMaxServersPerAddr, POSINT, 0, "2") @@ -72,6 +76,31 @@ CONF_VAR(RecommendedClientVersions, LINELIST, 0, NULL) /** Which versions of tor should we tell users to run on relays? */ CONF_VAR(RecommendedServerVersions, LINELIST, 0, NULL) +/** Relays which should be voted Guard regardless of uptime and bandwidth. */ +CONF_VAR(AuthDirVoteGuard, ROUTERSET, 0, NULL) + +/** If a relay's uptime is at least this value, then it is always considered + * stable, regardless of the rest of the network. This way we resist attacks + * where an attacker doubles the size of the network using allegedly + * high-uptime nodes, displacing all the current guards. */ +CONF_VAR(AuthDirVoteStableGuaranteeMinUptime, INTERVAL, 0, "30 days") + +/** If a relay's MTBF is at least this value, then it is always stable. See + * above. */ +CONF_VAR(AuthDirVoteStableGuaranteeMTBF, INTERVAL, 0, "5 days") + +/** A relay with at least this much weighted time known can be considered + * familiar enough to be a guard. */ +CONF_VAR(AuthDirVoteGuardGuaranteeTimeKnown, INTERVAL, 0, "8 days") + +/** A relay with sufficient WFU is around enough to be a guard. */ +CONF_VAR(AuthDirVoteGuardGuaranteeWFU, DOUBLE, 0, "0.98") + +/** The Guard flag bandwidth performance threshold fraction that is the + * fraction representing who gets the Guard flag out of all measured + * bandwidth. */ +CONF_VAR(AuthDirVoteGuardBwThresholdFraction, DOUBLE, 0, "0.75") + /** If an authority has been around for less than this amount of time, it * does not believe its reachability information is accurate. Only * altered on testing networks. */ diff --git a/src/feature/dirauth/dirauth_options_st.h b/src/feature/dirauth/dirauth_options_st.h index 02a498c054..7d5515a6e1 100644 --- a/src/feature/dirauth/dirauth_options_st.h +++ b/src/feature/dirauth/dirauth_options_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dirauth_periodic.c b/src/feature/dirauth/dirauth_periodic.c index 19e51c5a05..57d93c8ffc 100644 --- a/src/feature/dirauth/dirauth_periodic.c +++ b/src/feature/dirauth/dirauth_periodic.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dirauth_periodic.h b/src/feature/dirauth/dirauth_periodic.h index ccdda92a77..ba2455381a 100644 --- a/src/feature/dirauth/dirauth_periodic.h +++ b/src/feature/dirauth/dirauth_periodic.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dirauth_stub.c b/src/feature/dirauth/dirauth_stub.c index 9f48ce14fd..42967aa0bc 100644 --- a/src/feature/dirauth/dirauth_stub.c +++ b/src/feature/dirauth/dirauth_stub.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dirauth_sys.c b/src/feature/dirauth/dirauth_sys.c index 07c5743877..8ea5c1de8f 100644 --- a/src/feature/dirauth/dirauth_sys.c +++ b/src/feature/dirauth/dirauth_sys.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dirauth_sys.h b/src/feature/dirauth/dirauth_sys.h index c512b91b33..0d54b9d3ee 100644 --- a/src/feature/dirauth/dirauth_sys.h +++ b/src/feature/dirauth/dirauth_sys.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dircollate.c b/src/feature/dirauth/dircollate.c index 2657f53853..cd299da3ab 100644 --- a/src/feature/dirauth/dircollate.c +++ b/src/feature/dirauth/dircollate.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dircollate.h b/src/feature/dirauth/dircollate.h index 90c6bddad5..00d34fbd6e 100644 --- a/src/feature/dirauth/dircollate.h +++ b/src/feature/dirauth/dircollate.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index f2032d71f6..1bb4fd7de1 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define DIRVOTE_PRIVATE @@ -1479,6 +1479,21 @@ compute_nth_protocol_set(int n, int n_voters, const smartlist_t *votes) return result; } +/** Helper: Takes a smartlist of `const char *` flags, and a flag to remove. + * + * Removes that flag if it is present in the list. Doesn't free it. + */ +static void +remove_flag(smartlist_t *sl, const char *flag) +{ + /* We can't use smartlist_string_remove() here, since that doesn't preserve + * order, and since it frees elements from the string. */ + + int idx = smartlist_string_pos(sl, flag); + if (idx >= 0) + smartlist_del_keeporder(sl, idx); +} + /** Given a list of vote networkstatus_t in <b>votes</b>, our public * authority <b>identity_key</b>, our private authority <b>signing_key</b>, * and the number of <b>total_authorities</b> that we believe exist in our @@ -1633,6 +1648,9 @@ networkstatus_compute_consensus(smartlist_t *votes, tor_free(votesec_list); tor_free(distsec_list); } + // True if anybody is voting on the BadExit flag. + const bool badexit_flag_is_listed = + smartlist_contains_string(flags, "BadExit"); chunks = smartlist_new(); @@ -1757,26 +1775,14 @@ networkstatus_compute_consensus(smartlist_t *votes, } { - char *max_unmeasured_param = NULL; - /* XXXX Extract this code into a common function. Or don't! see #19011 */ - if (params) { - if (strcmpstart(params, "maxunmeasuredbw=") == 0) - max_unmeasured_param = params; - else - max_unmeasured_param = strstr(params, " maxunmeasuredbw="); - } - if (max_unmeasured_param) { - int ok = 0; - char *eq = strchr(max_unmeasured_param, '='); - if (eq) { - max_unmeasured_bw_kb = (uint32_t) - tor_parse_ulong(eq+1, 10, 1, UINT32_MAX, &ok, NULL); - if (!ok) { - log_warn(LD_DIR, "Bad element '%s' in max unmeasured bw param", - escaped(max_unmeasured_param)); - max_unmeasured_bw_kb = DEFAULT_MAX_UNMEASURED_BW_KB; - } - } + if (consensus_method < MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE) { + max_unmeasured_bw_kb = (int32_t) extract_param_buggy( + params, "maxunmeasuredbw", DEFAULT_MAX_UNMEASURED_BW_KB); + } else { + max_unmeasured_bw_kb = dirvote_get_intermediate_param_value( + param_list, "maxunmeasurdbw", DEFAULT_MAX_UNMEASURED_BW_KB); + if (max_unmeasured_bw_kb < 1) + max_unmeasured_bw_kb = 1; } } @@ -1936,7 +1942,7 @@ networkstatus_compute_consensus(smartlist_t *votes, const char *chosen_name = NULL; int exitsummary_disagreement = 0; int is_named = 0, is_unnamed = 0, is_running = 0, is_valid = 0; - int is_guard = 0, is_exit = 0, is_bad_exit = 0; + int is_guard = 0, is_exit = 0, is_bad_exit = 0, is_middle_only = 0; int naming_conflict = 0; int n_listing = 0; char microdesc_digest[DIGEST256_LEN]; @@ -2067,7 +2073,6 @@ networkstatus_compute_consensus(smartlist_t *votes, } /* Set the flags. */ - smartlist_add(chosen_flags, (char*)"s"); /* for the start of the line. */ SMARTLIST_FOREACH_BEGIN(flags, const char *, fl) { if (!strcmp(fl, "Named")) { if (is_named) @@ -2089,6 +2094,8 @@ networkstatus_compute_consensus(smartlist_t *votes, is_running = 1; else if (!strcmp(fl, "BadExit")) is_bad_exit = 1; + else if (!strcmp(fl, "MiddleOnly")) + is_middle_only = 1; else if (!strcmp(fl, "Valid")) is_valid = 1; } @@ -2105,6 +2112,22 @@ networkstatus_compute_consensus(smartlist_t *votes, if (!is_valid) continue; + /* Starting with consensus method 32, we handle the middle-only + * flag specially: when it is present, we clear some flags, and + * set others. */ + if (is_middle_only && consensus_method >= MIN_METHOD_FOR_MIDDLEONLY) { + remove_flag(chosen_flags, "Exit"); + remove_flag(chosen_flags, "V2Dir"); + remove_flag(chosen_flags, "Guard"); + remove_flag(chosen_flags, "HSDir"); + is_exit = is_guard = 0; + if (! is_bad_exit && badexit_flag_is_listed) { + is_bad_exit = 1; + smartlist_add(chosen_flags, (char *)"BadExit"); + smartlist_sort_strings(chosen_flags); // restore order. + } + } + /* Pick the version. */ if (smartlist_len(versions)) { sort_version_list(versions, 0); @@ -2265,6 +2288,8 @@ networkstatus_compute_consensus(smartlist_t *votes, smartlist_add_asprintf(chunks, "m %s\n", m); } /* Next line is all flags. The "\n" is missing. */ + smartlist_add_asprintf(chunks, "s%s", + smartlist_len(chosen_flags)?" ":""); smartlist_add(chunks, smartlist_join_strings(chosen_flags, " ", 0, NULL)); /* Now the version line. */ @@ -2326,38 +2351,16 @@ networkstatus_compute_consensus(smartlist_t *votes, smartlist_add_strdup(chunks, "directory-footer\n"); { - int64_t weight_scale = BW_WEIGHT_SCALE; - char *bw_weight_param = NULL; - - // Parse params, extract BW_WEIGHT_SCALE if present - // DO NOT use consensus_param_bw_weight_scale() in this code! - // The consensus is not formed yet! - /* XXXX Extract this code into a common function. Or not: #19011. */ - if (params) { - if (strcmpstart(params, "bwweightscale=") == 0) - bw_weight_param = params; - else - bw_weight_param = strstr(params, " bwweightscale="); - } - - if (bw_weight_param) { - int ok=0; - char *eq = strchr(bw_weight_param, '='); - if (eq) { - weight_scale = tor_parse_long(eq+1, 10, 1, INT32_MAX, &ok, - NULL); - if (!ok) { - log_warn(LD_DIR, "Bad element '%s' in bw weight param", - escaped(bw_weight_param)); - weight_scale = BW_WEIGHT_SCALE; - } - } else { - log_warn(LD_DIR, "Bad element '%s' in bw weight param", - escaped(bw_weight_param)); - weight_scale = BW_WEIGHT_SCALE; - } + int64_t weight_scale; + if (consensus_method < MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE) { + weight_scale = extract_param_buggy(params, "bwweightscale", + BW_WEIGHT_SCALE); + } else { + weight_scale = dirvote_get_intermediate_param_value( + param_list, "bwweightscale", BW_WEIGHT_SCALE); + if (weight_scale < 1) + weight_scale = 1; } - added_weights = networkstatus_compute_bw_weights_v10(chunks, G, M, E, D, T, weight_scale); } @@ -2459,6 +2462,53 @@ networkstatus_compute_consensus(smartlist_t *votes, return result; } +/** Extract the value of a parameter from a string encoding a list of + * parameters, badly. + * + * This is a deliberately buggy implementation, for backward compatibility + * with versions of Tor affected by #19011. Once all authorities have + * upgraded to consensus method 31 or later, then we can throw away this + * function. */ +STATIC int64_t +extract_param_buggy(const char *params, + const char *param_name, + int64_t default_value) +{ + int64_t value = default_value; + const char *param_str = NULL; + + if (params) { + char *prefix1 = NULL, *prefix2=NULL; + tor_asprintf(&prefix1, "%s=", param_name); + tor_asprintf(&prefix2, " %s=", param_name); + if (strcmpstart(params, prefix1) == 0) + param_str = params; + else + param_str = strstr(params, prefix2); + tor_free(prefix1); + tor_free(prefix2); + } + + if (param_str) { + int ok=0; + char *eq = strchr(param_str, '='); + if (eq) { + value = tor_parse_long(eq+1, 10, 1, INT32_MAX, &ok, NULL); + if (!ok) { + log_warn(LD_DIR, "Bad element '%s' in %s", + escaped(param_str), param_name); + value = default_value; + } + } else { + log_warn(LD_DIR, "Bad element '%s' in %s", + escaped(param_str), param_name); + value = default_value; + } + } + + return value; +} + /** Given a list of networkstatus_t for each vote, return a newly allocated * string containing the "package" lines for the vote. */ STATIC char * @@ -4411,6 +4461,7 @@ get_all_possible_sybil(const smartlist_t *routers) // Return the digestmap: it now contains all the possible sybils return omit_as_sybil; } + /** Given a platform string as in a routerinfo_t (possibly null), return a * newly allocated version string for a networkstatus document, or NULL if the * platform doesn't give a Tor version. */ @@ -4528,13 +4579,16 @@ routers_make_ed_keys_unique(smartlist_t *routers) } SMARTLIST_FOREACH_END(ri); } -/** Routerstatus <b>rs</b> is part of a group of routers that are on - * too narrow an IP-space. Clear out its flags since we don't want it be used +/** Routerstatus <b>rs</b> is part of a group of routers that are on too + * narrow an IP-space. Clear out its flags since we don't want it be used * because of its Sybil-like appearance. * * Leave its BadExit flag alone though, since if we think it's a bad exit, * we want to vote that way in case all the other authorities are voting * Running and Exit. + * + * Also set the Sybil flag in order to let a relay operator know that's + * why their relay hasn't been voted on. */ static void clear_status_flags_on_sybil(routerstatus_t *rs) @@ -4542,6 +4596,7 @@ clear_status_flags_on_sybil(routerstatus_t *rs) rs->is_authority = rs->is_exit = rs->is_stable = rs->is_fast = rs->is_flagged_running = rs->is_named = rs->is_valid = rs->is_hs_dir = rs->is_v2_dir = rs->is_possible_guard = 0; + rs->is_sybil = 1; /* FFFF we might want some mechanism to check later on if we * missed zeroing any flags: it's easy to add a new flag but * forget to add it to this clause. */ @@ -4556,12 +4611,14 @@ const char DIRVOTE_UNIVERSAL_FLAGS[] = "HSDir " "Stable " "StaleDesc " + "Sybil " "V2Dir " "Valid"; /** Space-separated list of all flags that we may or may not vote on, * depending on our configuration. */ const char DIRVOTE_OPTIONAL_FLAGS[] = "BadExit " + "MiddleOnly " "Running"; /** Return a new networkstatus_t* containing our current opinion. (For v3 @@ -4579,7 +4636,8 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, smartlist_t *routers, *routerstatuses; char identity_digest[DIGEST_LEN]; char signing_key_digest[DIGEST_LEN]; - const int listbadexits = d_options->AuthDirListBadExits; + const int list_bad_exits = d_options->AuthDirListBadExits; + const int list_middle_only = d_options->AuthDirListMiddleOnly; routerlist_t *rl = router_get_routerlist(); time_t now = time(NULL); time_t cutoff = now - ROUTER_MAX_AGE_TO_PUBLISH; @@ -4684,7 +4742,8 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; dirauth_set_routerstatus_from_routerinfo(rs, node, ri, now, - listbadexits); + list_bad_exits, + list_middle_only); if (ri->cache_info.signing_key_cert) { memcpy(vrs->ed25519_id, @@ -4735,7 +4794,6 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, dirserv_read_measured_bandwidths(options->V3BandwidthsFile, routerstatuses, bw_file_headers, bw_file_digest256); - } else { /* * No bandwidths file; clear the measured bandwidth cache in case we had @@ -4807,8 +4865,10 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, 0, SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); if (vote_on_reachability) smartlist_add_strdup(v3_out->known_flags, "Running"); - if (listbadexits) + if (list_bad_exits) smartlist_add_strdup(v3_out->known_flags, "BadExit"); + if (list_middle_only) + smartlist_add_strdup(v3_out->known_flags, "MiddleOnly"); smartlist_sort_strings(v3_out->known_flags); if (d_options->ConsensusParams) { diff --git a/src/feature/dirauth/dirvote.h b/src/feature/dirauth/dirvote.h index 81a7733e8c..64aaec116e 100644 --- a/src/feature/dirauth/dirvote.h +++ b/src/feature/dirauth/dirvote.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -53,7 +53,7 @@ #define MIN_SUPPORTED_CONSENSUS_METHOD 28 /** The highest consensus method that we currently support. */ -#define MAX_SUPPORTED_CONSENSUS_METHOD 30 +#define MAX_SUPPORTED_CONSENSUS_METHOD 32 /** * Lowest consensus method where microdescriptor lines are put in canonical @@ -65,6 +65,15 @@ * See #7869 */ #define MIN_METHOD_FOR_UNPADDED_NTOR_KEY 30 +/** Lowest consensus method for which we use the correct algorithm for + * extracting the bwweightscale= and maxunmeasuredbw= parameters. See #19011. + */ +#define MIN_METHOD_FOR_CORRECT_BWWEIGHTSCALE 31 + +/** Lowest consensus method for which we handle the MiddleOnly flag specially. + */ +#define MIN_METHOD_FOR_MIDDLEONLY 32 + /** Default bandwidth to clip unmeasured bandwidths to using method >= * MIN_METHOD_TO_CLIP_UNMEASURED_BW. (This is not a consensus method; do not * get confused with the above macros.) */ @@ -259,6 +268,9 @@ STATIC char *networkstatus_get_detached_signatures(smartlist_t *consensuses); STATIC microdesc_t *dirvote_create_microdescriptor(const routerinfo_t *ri, int consensus_method); +STATIC int64_t extract_param_buggy(const char *params, + const char *param_name, + int64_t default_value); #endif /* defined(DIRVOTE_PRIVATE) */ diff --git a/src/feature/dirauth/dsigs_parse.c b/src/feature/dirauth/dsigs_parse.c index d0bb931814..5ac2ff6e49 100644 --- a/src/feature/dirauth/dsigs_parse.c +++ b/src/feature/dirauth/dsigs_parse.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/dsigs_parse.h b/src/feature/dirauth/dsigs_parse.h index b25e3e0b28..656c569b3f 100644 --- a/src/feature/dirauth/dsigs_parse.h +++ b/src/feature/dirauth/dsigs_parse.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/guardfraction.c b/src/feature/dirauth/guardfraction.c index b84f804f5f..98ea04f643 100644 --- a/src/feature/dirauth/guardfraction.c +++ b/src/feature/dirauth/guardfraction.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/guardfraction.h b/src/feature/dirauth/guardfraction.h index c10fd9b7bb..1d0218eb8e 100644 --- a/src/feature/dirauth/guardfraction.h +++ b/src/feature/dirauth/guardfraction.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/keypin.c b/src/feature/dirauth/keypin.c index 21afff550a..29aefd1069 100644 --- a/src/feature/dirauth/keypin.c +++ b/src/feature/dirauth/keypin.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -58,18 +58,16 @@ * with which Ed25519 keys, and force such associations to be permanent. * * This module implements a key-pinning mechanism to ensure that it's safe - * to use RSA keys as identitifers even as we migrate to Ed25519 keys. It - * remembers, for every Ed25519 key we've seen, what the associated Ed25519 + * to use RSA keys as identifiers even as we migrate to Ed25519 keys. It + * remembers, for every Ed25519 key we've seen, what the associated RSA * key is. This way, if we see a different Ed25519 key with that RSA key, * we'll know that there's a mismatch. * - * (As of this writing, these key associations are advisory only, mostly - * because some relay operators kept mishandling their Ed25519 keys during - * the initial Ed25519 rollout. We should fix this problem, and then toggle - * the AuthDirPinKeys option.) + * As of Tor 0.3.0.2-alpha the AuthDirPinKeys option has been on, meaning + * we drop descriptors with mismatches. * * We persist these entries to disk using a simple format, where each line - * has a base64-encoded RSA SHA1 hash, then a base64-endoded Ed25519 key. + * has a base64-encoded RSA SHA1 hash, then a base64-encoded Ed25519 key. * Empty lines, malformed lines, and lines beginning with # are * ignored. Lines beginning with @ are reserved for future extensions. * diff --git a/src/feature/dirauth/keypin.h b/src/feature/dirauth/keypin.h index 881f010f0e..b94cf59d9c 100644 --- a/src/feature/dirauth/keypin.h +++ b/src/feature/dirauth/keypin.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/ns_detached_signatures_st.h b/src/feature/dirauth/ns_detached_signatures_st.h index f409431ec1..1bb5378e1d 100644 --- a/src/feature/dirauth/ns_detached_signatures_st.h +++ b/src/feature/dirauth/ns_detached_signatures_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/process_descs.c b/src/feature/dirauth/process_descs.c index a382f237c4..f1d4f49c46 100644 --- a/src/feature/dirauth/process_descs.c +++ b/src/feature/dirauth/process_descs.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -226,6 +226,8 @@ dirserv_load_fingerprint_file(void) add_status = RTR_BADEXIT; } else if (!strcasecmp(nickname, "!invalid")) { add_status = RTR_INVALID; + } else if (!strcasecmp(nickname, "!middleonly")) { + add_status = RTR_MIDDLEONLY; } /* Check if fingerprint is RSA or ed25519 by verifying it. */ @@ -402,21 +404,17 @@ dirserv_rejects_tor_version(const char *platform, static const char please_upgrade_string[] = "Tor version is insecure or unsupported. Please upgrade!"; - /* Versions before Tor 0.3.5 are unsupported. - * - * Also, reject unstable versions of 0.3.5, since (as of this writing) - * they are almost none of the network. */ - if (!tor_version_as_new_as(platform,"0.3.5.7")) { - if (msg) + /* Anything before 0.4.5.6 is unsupported. Reject them. */ + if (!tor_version_as_new_as(platform,"0.4.5.6")) { + if (msg) { *msg = please_upgrade_string; + } return true; } - /* Series between Tor 0.3.6 and 0.4.1 inclusive are unsupported. Reject - * them. 0.3.6.0-alpha-dev only existed for a short time, before it was - * renamed to 0.4.0.0-alpha-dev. */ - if (tor_version_as_new_as(platform,"0.3.6.0-alpha-dev") && - !tor_version_as_new_as(platform,"0.4.2.1-alpha")) { + /* Reject 0.4.6.x series. */ + if (tor_version_as_new_as(platform, "0.4.6.0") && + !tor_version_as_new_as(platform, "0.4.7.0-alpha-dev")) { if (msg) { *msg = please_upgrade_string; } @@ -496,6 +494,13 @@ dirserv_get_status_impl(const char *id_digest, result |= RTR_BADEXIT; } + if (authdir_policy_middleonly_address(ipv4_addr, ipv4_orport)) { + log_fn(severity, LD_DIRSERV, + "Marking '%s' as middle-only because of address '%s'", + nickname, fmt_addr(ipv4_addr)); + result |= RTR_MIDDLEONLY; + } + if (!authdir_policy_permits_address(ipv4_addr, ipv4_orport)) { log_fn(severity, LD_DIRSERV, "Rejecting '%s' because of address '%s'", nickname, fmt_addr(ipv4_addr)); @@ -630,6 +635,7 @@ dirserv_set_node_flags_from_authoritative_status(node_t *node, { node->is_valid = (authstatus & RTR_INVALID) ? 0 : 1; node->is_bad_exit = (authstatus & RTR_BADEXIT) ? 1 : 0; + node->is_middle_only = (authstatus & RTR_MIDDLEONLY) ? 1 : 0; } /** True iff <b>a</b> is more severe than <b>b</b>. */ @@ -963,6 +969,11 @@ directory_remove_invalid(void) (r & RTR_BADEXIT) ? "bad" : "good"); node->is_bad_exit = (r&RTR_BADEXIT) ? 1: 0; } + if (bool_neq((r & RTR_MIDDLEONLY), node->is_middle_only)) { + log_info(LD_DIRSERV, "Router '%s' is now %smiddle-only", description, + (r & RTR_MIDDLEONLY) ? "" : "not"); + node->is_middle_only = (r&RTR_MIDDLEONLY) ? 1: 0; + } } SMARTLIST_FOREACH_END(node); routerlist_assert_ok(rl); diff --git a/src/feature/dirauth/process_descs.h b/src/feature/dirauth/process_descs.h index 1461ab697d..a509eb1fbe 100644 --- a/src/feature/dirauth/process_descs.h +++ b/src/feature/dirauth/process_descs.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -45,7 +45,8 @@ typedef struct authdir_config_t { #define RTR_REJECT 4 /**< We will not publish this router. */ /* 8 Historically used to avoid using this as a dir. */ #define RTR_BADEXIT 16 /**< We'll tell clients not to use this as an exit. */ -/* 32 Historically used to indicade Unnamed */ +/** We'll vote to only use this router as a midpoint. */ +#define RTR_MIDDLEONLY 32 #endif /* defined(PROCESS_DESCS_PRIVATE) || defined(TOR_UNIT_TESTS) */ diff --git a/src/feature/dirauth/reachability.c b/src/feature/dirauth/reachability.c index 8717646314..9754ded133 100644 --- a/src/feature/dirauth/reachability.c +++ b/src/feature/dirauth/reachability.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/reachability.h b/src/feature/dirauth/reachability.h index 19448a67f3..74be47df66 100644 --- a/src/feature/dirauth/reachability.h +++ b/src/feature/dirauth/reachability.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/recommend_pkg.c b/src/feature/dirauth/recommend_pkg.c index 84254566c6..5d7e53c6d9 100644 --- a/src/feature/dirauth/recommend_pkg.c +++ b/src/feature/dirauth/recommend_pkg.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/recommend_pkg.h b/src/feature/dirauth/recommend_pkg.h index dcd9f8be8a..5ec031c944 100644 --- a/src/feature/dirauth/recommend_pkg.h +++ b/src/feature/dirauth/recommend_pkg.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/shared_random.c b/src/feature/dirauth/shared_random.c index e7c13787c4..72c5a79e97 100644 --- a/src/feature/dirauth/shared_random.c +++ b/src/feature/dirauth/shared_random.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/shared_random.h b/src/feature/dirauth/shared_random.h index c4e259dcdb..384e59a43d 100644 --- a/src/feature/dirauth/shared_random.h +++ b/src/feature/dirauth/shared_random.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_SHARED_RANDOM_H diff --git a/src/feature/dirauth/shared_random_state.c b/src/feature/dirauth/shared_random_state.c index c555202942..80848daee4 100644 --- a/src/feature/dirauth/shared_random_state.c +++ b/src/feature/dirauth/shared_random_state.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/shared_random_state.h b/src/feature/dirauth/shared_random_state.h index 3a34bcc3e7..0b672b18c8 100644 --- a/src/feature/dirauth/shared_random_state.h +++ b/src/feature/dirauth/shared_random_state.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/vote_microdesc_hash_st.h b/src/feature/dirauth/vote_microdesc_hash_st.h index 6870bbab2c..f8b9288507 100644 --- a/src/feature/dirauth/vote_microdesc_hash_st.h +++ b/src/feature/dirauth/vote_microdesc_hash_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index 3938b61adb..71ee03e265 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -36,24 +36,6 @@ #include "lib/container/order.h" -/** If a router's uptime is at least this value, then it is always - * considered stable, regardless of the rest of the network. This - * way we resist attacks where an attacker doubles the size of the - * network using allegedly high-uptime nodes, displacing all the - * current guards. */ -#define UPTIME_TO_GUARANTEE_STABLE (3600*24*30) -/** If a router's MTBF is at least this value, then it is always stable. - * See above. (Corresponds to about 7 days for current decay rates.) */ -#define MTBF_TO_GUARANTEE_STABLE (60*60*24*5) -/** Similarly, every node with at least this much weighted time known can be - * considered familiar enough to be a guard. Corresponds to about 20 days for - * current decay rates. - */ -#define TIME_KNOWN_TO_GUARANTEE_FAMILIAR (8*24*60*60) -/** Similarly, every node with sufficient WFU is around enough to be a guard. - */ -#define WFU_TO_GUARANTEE_GUARD (0.98) - /* Thresholds for server performance: set by * dirserv_compute_performance_thresholds, and used by * generate_v2_networkstatus */ @@ -111,13 +93,13 @@ dirserv_thinks_router_is_unreliable(time_t now, */ long uptime = real_uptime(router, now); if ((unsigned)uptime < stable_uptime && - (unsigned)uptime < UPTIME_TO_GUARANTEE_STABLE) + uptime < dirauth_get_options()->AuthDirVoteStableGuaranteeMinUptime) return 1; } else { double mtbf = rep_hist_get_stability(router->cache_info.identity_digest, now); if (mtbf < stable_mtbf && - mtbf < MTBF_TO_GUARANTEE_STABLE) + mtbf < dirauth_get_options()->AuthDirVoteStableGuaranteeMTBF) return 1; } } @@ -325,13 +307,15 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) /* (Now bandwidths is sorted.) */ if (fast_bandwidth_kb < RELAY_REQUIRED_MIN_BANDWIDTH/(2 * 1000)) fast_bandwidth_kb = bandwidths_kb[n_active/4]; + int nth = (int)(n_active * + dirauth_options->AuthDirVoteGuardBwThresholdFraction); guard_bandwidth_including_exits_kb = - third_quartile_uint32(bandwidths_kb, n_active); + find_nth_uint32(bandwidths_kb, n_active, nth); guard_tk = find_nth_long(tks, n_active, n_active/8); } - if (guard_tk > TIME_KNOWN_TO_GUARANTEE_FAMILIAR) - guard_tk = TIME_KNOWN_TO_GUARANTEE_FAMILIAR; + if (guard_tk > dirauth_options->AuthDirVoteGuardGuaranteeTimeKnown) + guard_tk = dirauth_options->AuthDirVoteGuardGuaranteeTimeKnown; { /* We can vote on a parameter for the minimum and maximum. */ @@ -379,15 +363,16 @@ dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil) } SMARTLIST_FOREACH_END(node); if (n_familiar) guard_wfu = median_double(wfus, n_familiar); - if (guard_wfu > WFU_TO_GUARANTEE_GUARD) - guard_wfu = WFU_TO_GUARANTEE_GUARD; + if (guard_wfu > dirauth_options->AuthDirVoteGuardGuaranteeWFU) + guard_wfu = dirauth_options->AuthDirVoteGuardGuaranteeWFU; enough_mtbf_info = rep_hist_have_measured_enough_stability(); if (n_active_nonexit) { + int nth = (int)(n_active_nonexit * + dirauth_options->AuthDirVoteGuardBwThresholdFraction); guard_bandwidth_excluding_exits_kb = - find_nth_uint32(bandwidths_excluding_exits_kb, - n_active_nonexit, n_active_nonexit*3/4); + find_nth_uint32(bandwidths_excluding_exits_kb, n_active_nonexit, nth); } log_info(LD_DIRSERV, @@ -457,7 +442,26 @@ dirserv_get_flag_thresholds_line(void) return result; } -/* DOCDOC running_long_enough_to_decide_unreachable */ +/** Directory authorities should avoid expressing an opinion on the + * Running flag if their own uptime is too low for the opinion to be + * accurate. They implement this step by not listing Running on the + * "known-flags" line in their vote. + * + * The default threshold is 30 minutes, because authorities do a full + * reachability sweep of the ID space every 10*128=1280 seconds + * (see REACHABILITY_TEST_CYCLE_PERIOD). + * + * For v3 dir auths, as long as some authorities express an opinion about + * Running, it's fine if a few authorities don't. There's an explicit + * check, when making the consensus, to abort if *no* authorities list + * Running as a known-flag. + * + * For the bridge authority, if it doesn't vote about Running, the + * resulting networkstatus file simply won't list any bridges as Running. + * That means the supporting tools, like bridgedb/rdsys and onionoo, need + * to be able to handle getting a bridge networkstatus document with no + * Running flags. For more details, see + * https://bugs.torproject.org/tpo/anti-censorship/rdsys/102 */ int running_long_enough_to_decide_unreachable(void) { @@ -554,6 +558,21 @@ should_publish_node_ipv6(const node_t *node, const routerinfo_t *ri, router_is_me(ri)); } +/** Set routerstatus flags based on the authority options. Same as the testing + * function but for the main network. */ +static void +dirserv_set_routerstatus_flags(routerstatus_t *rs) +{ + const dirauth_options_t *options = dirauth_get_options(); + + tor_assert(rs); + + /* Assign Guard flag to relays that can get it unconditionnaly. */ + if (routerset_contains_routerstatus(options->AuthDirVoteGuard, rs, 0)) { + rs->is_possible_guard = 1; + } +} + /** * Extract status information from <b>ri</b> and from other authority * functions and store it in <b>rs</b>, as per @@ -565,7 +584,8 @@ dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, node_t *node, const routerinfo_t *ri, time_t now, - int listbadexits) + int listbadexits, + int listmiddleonly) { const or_options_t *options = get_options(); uint32_t routerbw_kb = dirserv_get_credible_bandwidth_kb(ri); @@ -597,6 +617,14 @@ dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, /* Override rs->is_bad_exit */ rs->is_bad_exit = listbadexits && node->is_bad_exit; + /* Override rs->is_middle_only and related flags. */ + rs->is_middle_only = listmiddleonly && node->is_middle_only; + if (rs->is_middle_only) { + if (listbadexits) + rs->is_bad_exit = 1; + rs->is_exit = rs->is_possible_guard = rs->is_hs_dir = rs->is_v2_dir = 0; + } + /* Set rs->is_staledesc. */ rs->is_staledesc = (ri->cache_info.published_on + DESC_IS_STALE_INTERVAL) < now; @@ -610,6 +638,8 @@ dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, if (options->TestingTorNetwork) { dirserv_set_routerstatus_testing(rs); + } else { + dirserv_set_routerstatus_flags(rs); } } diff --git a/src/feature/dirauth/voteflags.h b/src/feature/dirauth/voteflags.h index 91f3854573..8371f1c315 100644 --- a/src/feature/dirauth/voteflags.h +++ b/src/feature/dirauth/voteflags.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -22,7 +22,8 @@ void dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, node_t *node, const routerinfo_t *ri, time_t now, - int listbadexits); + int listbadexits, + int listmiddleonly); void dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil); #endif /* defined(HAVE_MODULE_DIRAUTH) */ diff --git a/src/feature/dirauth/voting_schedule.c b/src/feature/dirauth/voting_schedule.c index efc4a0b316..3a4abca4cb 100644 --- a/src/feature/dirauth/voting_schedule.c +++ b/src/feature/dirauth/voting_schedule.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirauth/voting_schedule.h b/src/feature/dirauth/voting_schedule.h index 271bdcda33..8d13e208b7 100644 --- a/src/feature/dirauth/voting_schedule.h +++ b/src/feature/dirauth/voting_schedule.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircache/cached_dir_st.h b/src/feature/dircache/cached_dir_st.h index ede1d028da..92af3752e0 100644 --- a/src/feature/dircache/cached_dir_st.h +++ b/src/feature/dircache/cached_dir_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircache/conscache.c b/src/feature/dircache/conscache.c index 2a831aa447..66ab9712a0 100644 --- a/src/feature/dircache/conscache.c +++ b/src/feature/dircache/conscache.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircache/conscache.h b/src/feature/dircache/conscache.h index ace5908e40..b3912f3f54 100644 --- a/src/feature/dircache/conscache.h +++ b/src/feature/dircache/conscache.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircache/consdiffmgr.c b/src/feature/dircache/consdiffmgr.c index 21f536432c..9a3d4db560 100644 --- a/src/feature/dircache/consdiffmgr.c +++ b/src/feature/dircache/consdiffmgr.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -183,9 +183,9 @@ static HT_HEAD(cdm_diff_ht, cdm_diff_t) cdm_diff_ht = HT_INITIALIZER(); // diff manager becomes larger than 64. To see if the issue goes away, we // hardcode this value to 64 now while we investigate a better solution. # define CACHE_MAX_NUM 64 -#else +#else /* !defined(_WIN32) */ # define CACHE_MAX_NUM 128 -#endif +#endif /* defined(_WIN32) */ /** * Configuration for this module diff --git a/src/feature/dircache/consdiffmgr.h b/src/feature/dircache/consdiffmgr.h index 27b8165e94..6f8bfed3ee 100644 --- a/src/feature/dircache/consdiffmgr.h +++ b/src/feature/dircache/consdiffmgr.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c index 2af550a760..7319b96caf 100644 --- a/src/feature/dircache/dircache.c +++ b/src/feature/dircache/dircache.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -31,7 +31,6 @@ #include "feature/nodelist/routerlist.h" #include "feature/relay/relay_config.h" #include "feature/relay/routermode.h" -#include "feature/rend/rendcache.h" #include "feature/stats/geoip_stats.h" #include "feature/stats/rephist.h" #include "lib/compress/compress.h" @@ -1347,7 +1346,7 @@ handle_get_keys(dir_connection_t *conn, const get_handler_args_t *args) return 0; } -/** Helper function for GET /tor/hs/3/... Only for version 3. +/** Helper function for GET `/tor/hs/3/...`. Only for version 3. */ STATIC int handle_get_hs_descriptor_v3(dir_connection_t *conn, diff --git a/src/feature/dircache/dircache.h b/src/feature/dircache/dircache.h index 8e0945125d..2c90a77ae2 100644 --- a/src/feature/dircache/dircache.h +++ b/src/feature/dircache/dircache.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircache/dircache_stub.c b/src/feature/dircache/dircache_stub.c index 725c44bd4d..16da0ae4ce 100644 --- a/src/feature/dircache/dircache_stub.c +++ b/src/feature/dircache/dircache_stub.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircache/dirserv.c b/src/feature/dircache/dirserv.c index fb8db879a4..2b5349923d 100644 --- a/src/feature/dircache/dirserv.c +++ b/src/feature/dircache/dirserv.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/feature/dircache/dirserv.h b/src/feature/dircache/dirserv.h index 73a64b1b7e..cde38ff1b2 100644 --- a/src/feature/dircache/dirserv.h +++ b/src/feature/dircache/dirserv.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirclient/dir_server_st.h b/src/feature/dirclient/dir_server_st.h index 57530a571b..ac45f3787b 100644 --- a/src/feature/dirclient/dir_server_st.h +++ b/src/feature/dirclient/dir_server_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -16,6 +16,8 @@ #include "core/or/or.h" #include "feature/nodelist/routerstatus_st.h" +struct smartlist_t; + /** Represents information about a single trusted or fallback directory * server. */ struct dir_server_t { @@ -48,6 +50,10 @@ struct dir_server_t { time_t addr_current_at; /**< When was the document that we derived the * address information from published? */ + /** Authority only. Can be null. If present, a list of auth_dirport_t + * representing HTTP dirports for this authority. */ + struct smartlist_t *auth_dirports; + routerstatus_t fake_status; /**< Used when we need to pass this trusted * dir_server_t to * directory_request_set_routerstatus. diff --git a/src/feature/dirclient/dirclient.c b/src/feature/dirclient/dirclient.c index cc6c5e04f4..4e9c8e2f45 100644 --- a/src/feature/dirclient/dirclient.c +++ b/src/feature/dirclient/dirclient.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -47,10 +47,7 @@ #include "feature/relay/relay_find_addr.h" #include "feature/relay/routermode.h" #include "feature/relay/selftest.h" -#include "feature/rend/rendcache.h" -#include "feature/rend/rendclient.h" #include "feature/rend/rendcommon.h" -#include "feature/rend/rendservice.h" #include "feature/stats/predict_ports.h" #include "lib/cc/ctassert.h" @@ -67,7 +64,6 @@ #include "feature/nodelist/networkstatus_st.h" #include "feature/nodelist/node_st.h" #include "feature/nodelist/routerinfo_st.h" -#include "feature/rend/rend_service_descriptor_st.h" /** Maximum size, in bytes, for any directory object that we've downloaded. */ #define MAX_DIR_DL_SIZE ((1<<24)-1) /* 16 MB - 1 */ @@ -120,10 +116,6 @@ dir_conn_purpose_to_string(int purpose) return "status vote fetch"; case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES: return "consensus signature fetch"; - case DIR_PURPOSE_FETCH_RENDDESC_V2: - return "hidden-service v2 descriptor fetch"; - case DIR_PURPOSE_UPLOAD_RENDDESC_V2: - return "hidden-service v2 descriptor upload"; case DIR_PURPOSE_FETCH_HSDESC: return "hidden-service descriptor fetch"; case DIR_PURPOSE_UPLOAD_HSDESC: @@ -704,24 +696,6 @@ directory_choose_address_routerstatus(const routerstatus_t *status, return 0; } -/** Return true iff <b>conn</b> is the client side of a directory connection - * we launched to ourself in order to determine the reachability of our - * dir_port. */ -static int -directory_conn_is_self_reachability_test(dir_connection_t *conn) -{ - if (conn->requested_resource && - !strcmpstart(conn->requested_resource,"authority")) { - const routerinfo_t *me = router_get_my_routerinfo(); - if (me && - router_digest_is_me(conn->identity_digest) && - tor_addr_eq(&TO_CONN(conn)->addr, &me->ipv4_addr) && - me->ipv4_dirport == conn->base_.port) - return 1; - } - return 0; -} - /** Called when we are unable to complete the client's request to a directory * server due to a network error: Mark the router as down and try again if * possible. @@ -734,9 +708,6 @@ connection_dir_client_request_failed(dir_connection_t *conn) * failed. */ entry_guard_failed(&conn->guard_state); } - if (directory_conn_is_self_reachability_test(conn)) { - return; /* this was a test fetch. don't retry. */ - } if (!entry_list_is_constrained(get_options())) /* We must not set a directory to non-running for HS purposes else we end * up flagging nodes from the hashring has unusable. It doesn't have direct @@ -965,7 +936,6 @@ directory_request_new(uint8_t dir_purpose) tor_assert(dir_purpose >= DIR_PURPOSE_MIN_); tor_assert(dir_purpose <= DIR_PURPOSE_MAX_); tor_assert(dir_purpose != DIR_PURPOSE_SERVER); - tor_assert(dir_purpose != DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2); tor_assert(dir_purpose != DIR_PURPOSE_HAS_FETCHED_HSDESC); directory_request_t *result = tor_malloc_zero(sizeof(*result)); @@ -1103,21 +1073,6 @@ directory_request_add_header(directory_request_t *req, config_line_prepend(&req->additional_headers, key, val); } /** - * Set an object containing HS data to be associated with this request. Note - * that only an alias to <b>query</b> is stored, so the <b>query</b> object - * must outlive the request. - */ -void -directory_request_set_rend_query(directory_request_t *req, - const rend_data_t *query) -{ - if (query) { - tor_assert(req->dir_purpose == DIR_PURPOSE_FETCH_RENDDESC_V2 || - req->dir_purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2); - } - req->rend_query = query; -} -/** * Set an object containing HS connection identifier to be associated with * this request. Note that only an alias to <b>ident</b> is stored, so the * <b>ident</b> object must outlive the request. @@ -1179,6 +1134,7 @@ directory_request_set_routerstatus(directory_request_t *req, { req->routerstatus = status; } + /** * Helper: update the addresses, ports, and identities in <b>req</b> * from the routerstatus object in <b>req</b>. Return 0 on success. @@ -1221,7 +1177,7 @@ directory_request_set_dir_from_routerstatus(directory_request_t *req) return -1; } - /* At this point, if we are a client making a direct connection to a + /* At this point, if we are a client making a direct connection to a * directory server, we have selected a server that has at least one address * allowed by ClientUseIPv4/6 and Reachable{"",OR,Dir}Addresses. This * selection uses the preference in ClientPreferIPv6{OR,Dir}Port, if @@ -1236,6 +1192,37 @@ directory_request_set_dir_from_routerstatus(directory_request_t *req) return -1; } + /* One last thing: If we're talking to an authority, we might want to use + * a special HTTP port for it based on our purpose. + */ + if (req->indirection == DIRIND_DIRECT_CONN && status->is_authority) { + const dir_server_t *ds = router_get_trusteddirserver_by_digest( + status->identity_digest); + if (ds) { + const tor_addr_port_t *v4 = NULL; + if (authdir_mode_v3(get_options())) { + // An authority connecting to another authority should always + // prefer the VOTING usage, if one is specifically configured. + v4 = trusted_dir_server_get_dirport_exact( + ds, AUTH_USAGE_VOTING, AF_INET); + } + if (! v4) { + // Everybody else should prefer a usage dependent on their + // the dir_purpose. + auth_dirport_usage_t usage = + auth_dirport_usage_for_purpose(req->dir_purpose); + v4 = trusted_dir_server_get_dirport(ds, usage, AF_INET); + } + tor_assert_nonfatal(v4); + if (v4) { + // XXXX We could, if we wanted, also select a v6 address. But a v4 + // address must exist here, and we as a relay are required to support + // ipv4. So we just that. + tor_addr_port_copy(&use_dir_ap, v4); + } + } + } + directory_request_set_or_addr_port(req, &use_or_ap); directory_request_set_dir_addr_port(req, &use_dir_ap); directory_request_set_directory_id_digest(req, status->identity_digest); @@ -1254,7 +1241,7 @@ directory_initiate_request,(directory_request_t *request)) tor_assert_nonfatal( ! directory_request_dir_contact_info_specified(request)); if (directory_request_set_dir_from_routerstatus(request) < 0) { - return; + return; // or here XXXX } } @@ -1265,7 +1252,6 @@ directory_initiate_request,(directory_request_t *request)) const uint8_t router_purpose = request->router_purpose; const dir_indirection_t indirection = request->indirection; const char *resource = request->resource; - const rend_data_t *rend_query = request->rend_query; const hs_ident_dir_conn_t *hs_ident = request->hs_ident; circuit_guard_state_t *guard_state = request->guard_state; @@ -1301,7 +1287,7 @@ directory_initiate_request,(directory_request_t *request)) if (purpose_needs_anonymity(dir_purpose, router_purpose, resource)) { tor_assert(anonymized_connection || - rend_non_anonymous_mode_enabled(options)); + hs_service_non_anonymous_mode_enabled(options)); } /* use encrypted begindir connections for everything except relays @@ -1353,15 +1339,7 @@ directory_initiate_request,(directory_request_t *request)) /* XXXX This is a bad name for this field now. */ conn->dirconn_direct = !anonymized_connection; - /* copy rendezvous data, if any */ - if (rend_query) { - /* We can't have both v2 and v3+ identifier. */ - tor_assert_nonfatal(!hs_ident); - conn->rend_data = rend_data_dup(rend_query); - } if (hs_ident) { - /* We can't have both v2 and v3+ identifier. */ - tor_assert_nonfatal(!rend_query); conn->hs_ident = hs_ident_dir_conn_dup(hs_ident); } @@ -1378,6 +1356,8 @@ directory_initiate_request,(directory_request_t *request)) entry_guard_cancel(&guard_state); } + // XXXX This is the case where we replace. + switch (connection_connect(TO_CONN(conn), conn->base_.address, &addr, port, &socket_error)) { case -1: @@ -1696,13 +1676,6 @@ directory_send_command(dir_connection_t *conn, httpcommand = "POST"; url = tor_strdup("/tor/post/consensus-signature"); break; - case DIR_PURPOSE_FETCH_RENDDESC_V2: - tor_assert(resource); - tor_assert(strlen(resource) <= REND_DESC_ID_V2_LEN_BASE32); - tor_assert(!payload); - httpcommand = "GET"; - tor_asprintf(&url, "/tor/rendezvous2/%s", resource); - break; case DIR_PURPOSE_FETCH_HSDESC: tor_assert(resource); tor_assert(strlen(resource) <= ED25519_BASE64_LEN); @@ -1710,12 +1683,6 @@ directory_send_command(dir_connection_t *conn, httpcommand = "GET"; tor_asprintf(&url, "/tor/hs/3/%s", resource); break; - case DIR_PURPOSE_UPLOAD_RENDDESC_V2: - tor_assert(!resource); - tor_assert(payload); - httpcommand = "POST"; - url = tor_strdup("/tor/rendezvous2/publish"); - break; case DIR_PURPOSE_UPLOAD_HSDESC: tor_assert(resource); tor_assert(payload); @@ -1859,10 +1826,6 @@ static int handle_response_upload_vote(dir_connection_t *, const response_handler_args_t *); static int handle_response_upload_signatures(dir_connection_t *, const response_handler_args_t *); -static int handle_response_fetch_renddesc_v2(dir_connection_t *, - const response_handler_args_t *); -static int handle_response_upload_renddesc_v2(dir_connection_t *, - const response_handler_args_t *); static int handle_response_upload_hsdesc(dir_connection_t *, const response_handler_args_t *); @@ -2210,9 +2173,6 @@ connection_dir_client_reached_eof(dir_connection_t *conn) case DIR_PURPOSE_FETCH_MICRODESC: rv = handle_response_fetch_microdesc(conn, &args); break; - case DIR_PURPOSE_FETCH_RENDDESC_V2: - rv = handle_response_fetch_renddesc_v2(conn, &args); - break; case DIR_PURPOSE_UPLOAD_DIR: rv = handle_response_upload_dir(conn, &args); break; @@ -2222,9 +2182,6 @@ connection_dir_client_reached_eof(dir_connection_t *conn) case DIR_PURPOSE_UPLOAD_VOTE: rv = handle_response_upload_vote(conn, &args); break; - case DIR_PURPOSE_UPLOAD_RENDDESC_V2: - rv = handle_response_upload_renddesc_v2(conn, &args); - break; case DIR_PURPOSE_UPLOAD_HSDESC: rv = handle_response_upload_hsdesc(conn, &args); break; @@ -2593,8 +2550,6 @@ handle_response_fetch_desc(dir_connection_t *conn, SMARTLIST_FOREACH(which, char *, cp, tor_free(cp)); smartlist_free(which); } - if (directory_conn_is_self_reachability_test(conn)) - router_dirport_found_reachable(); return 0; } @@ -2823,153 +2778,6 @@ handle_response_fetch_hsdesc_v3(dir_connection_t *conn, } /** - * Handler function: processes a response to a request for a v2 hidden service - * descriptor. - **/ -static int -handle_response_fetch_renddesc_v2(dir_connection_t *conn, - const response_handler_args_t *args) -{ - tor_assert(conn->base_.purpose == DIR_PURPOSE_FETCH_RENDDESC_V2); - const int status_code = args->status_code; - const char *reason = args->reason; - const char *body = args->body; - const size_t body_len = args->body_len; - -#define SEND_HS_DESC_FAILED_EVENT(reason) \ - (control_event_hsv2_descriptor_failed(conn->rend_data, \ - conn->identity_digest, \ - reason)) -#define SEND_HS_DESC_FAILED_CONTENT() \ - (control_event_hs_descriptor_content( \ - rend_data_get_address(conn->rend_data), \ - conn->requested_resource, \ - conn->identity_digest, \ - NULL)) - - tor_assert(conn->rend_data); - log_info(LD_REND,"Received rendezvous descriptor (body size %d, status %d " - "(%s))", - (int)body_len, status_code, escaped(reason)); - switch (status_code) { - case 200: - { - rend_cache_entry_t *entry = NULL; - - if (rend_cache_store_v2_desc_as_client(body, - conn->requested_resource, - conn->rend_data, &entry) < 0) { - log_warn(LD_REND,"Fetching v2 rendezvous descriptor failed. " - "Retrying at another directory."); - /* We'll retry when connection_about_to_close_connection() - * cleans this dir conn up. */ - SEND_HS_DESC_FAILED_EVENT("BAD_DESC"); - SEND_HS_DESC_FAILED_CONTENT(); - } else { - char service_id[REND_SERVICE_ID_LEN_BASE32 + 1]; - /* Should never be NULL here if we found the descriptor. */ - tor_assert(entry); - rend_get_service_id(entry->parsed->pk, service_id); - - /* success. notify pending connections about this. */ - log_info(LD_REND, "Successfully fetched v2 rendezvous " - "descriptor."); - control_event_hsv2_descriptor_received(service_id, - conn->rend_data, - conn->identity_digest); - control_event_hs_descriptor_content(service_id, - conn->requested_resource, - conn->identity_digest, - body); - conn->base_.purpose = DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2; - rend_client_desc_trynow(service_id); - memwipe(service_id, 0, sizeof(service_id)); - } - break; - } - case 404: - /* Not there. We'll retry when - * connection_about_to_close_connection() cleans this conn up. */ - log_info(LD_REND,"Fetching v2 rendezvous descriptor failed: " - "Retrying at another directory."); - SEND_HS_DESC_FAILED_EVENT("NOT_FOUND"); - SEND_HS_DESC_FAILED_CONTENT(); - break; - case 400: - log_warn(LD_REND, "Fetching v2 rendezvous descriptor failed: " - "http status 400 (%s). Dirserver didn't like our " - "v2 rendezvous query? Retrying at another directory.", - escaped(reason)); - SEND_HS_DESC_FAILED_EVENT("QUERY_REJECTED"); - SEND_HS_DESC_FAILED_CONTENT(); - break; - default: - log_warn(LD_REND, "Fetching v2 rendezvous descriptor failed: " - "http status %d (%s) response unexpected while " - "fetching v2 hidden service descriptor (server %s). " - "Retrying at another directory.", - status_code, escaped(reason), - connection_describe_peer(TO_CONN(conn))); - SEND_HS_DESC_FAILED_EVENT("UNEXPECTED"); - SEND_HS_DESC_FAILED_CONTENT(); - break; - } - - return 0; -} - -/** - * Handler function: processes a response to a POST request to upload a v2 - * hidden service descriptor. - **/ -static int -handle_response_upload_renddesc_v2(dir_connection_t *conn, - const response_handler_args_t *args) -{ - tor_assert(conn->base_.purpose == DIR_PURPOSE_UPLOAD_RENDDESC_V2); - const int status_code = args->status_code; - const char *reason = args->reason; - -#define SEND_HS_DESC_UPLOAD_FAILED_EVENT(reason) \ - (control_event_hs_descriptor_upload_failed( \ - conn->identity_digest, \ - rend_data_get_address(conn->rend_data), \ - reason)) - - log_info(LD_REND,"Uploaded rendezvous descriptor (status %d " - "(%s))", - status_code, escaped(reason)); - /* Without the rend data, we'll have a problem identifying what has been - * uploaded for which service. */ - tor_assert(conn->rend_data); - switch (status_code) { - case 200: - log_info(LD_REND, - "Uploading rendezvous descriptor: finished with status " - "200 (%s)", escaped(reason)); - control_event_hs_descriptor_uploaded(conn->identity_digest, - rend_data_get_address(conn->rend_data)); - rend_service_desc_has_uploaded(conn->rend_data); - break; - case 400: - log_warn(LD_REND,"http status 400 (%s) response from dirserver " - "%s. Malformed rendezvous descriptor?", - escaped(reason), connection_describe_peer(TO_CONN(conn))); - SEND_HS_DESC_UPLOAD_FAILED_EVENT("UPLOAD_REJECTED"); - break; - default: - log_warn(LD_REND,"http status %d (%s) response unexpected (server " - "%s).", - status_code, escaped(reason), - connection_describe_peer(TO_CONN(conn))); - SEND_HS_DESC_UPLOAD_FAILED_EVENT("UNEXPECTED"); - break; - } - - return 0; -} - -/** * Handler function: processes a response to a POST request to upload an * hidden service descriptor. **/ @@ -3045,17 +2853,6 @@ connection_dir_client_refetch_hsdesc_if_needed(dir_connection_t *dir_conn) { connection_t *conn = TO_CONN(dir_conn); - /* If we were trying to fetch a v2 rend desc and did not succeed, retry as - * needed. (If a fetch is successful, the connection state is changed to - * DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 or DIR_PURPOSE_HAS_FETCHED_HSDESC to - * mark that refetching is unnecessary.) */ - if (conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2 && - dir_conn->rend_data && - rend_valid_v2_service_id( - rend_data_get_address(dir_conn->rend_data))) { - rend_client_refetch_v2_renddesc(dir_conn->rend_data); - } - /* Check for v3 rend desc fetch */ if (conn->purpose == DIR_PURPOSE_FETCH_HSDESC && dir_conn->hs_ident && diff --git a/src/feature/dirclient/dirclient.h b/src/feature/dirclient/dirclient.h index 096b197526..f233fa70d2 100644 --- a/src/feature/dirclient/dirclient.h +++ b/src/feature/dirclient/dirclient.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -74,8 +74,6 @@ void directory_request_set_payload(directory_request_t *req, size_t payload_len); void directory_request_set_if_modified_since(directory_request_t *req, time_t if_modified_since); -void directory_request_set_rend_query(directory_request_t *req, - const rend_data_t *query); void directory_request_upload_set_hs_ident(directory_request_t *req, const hs_ident_dir_conn_t *ident); void directory_request_fetch_set_hs_ident(directory_request_t *req, @@ -125,8 +123,6 @@ struct directory_request_t { size_t payload_len; /** Value to send in an if-modified-since header, or 0 for none. */ time_t if_modified_since; - /** Hidden-service-specific information v2. */ - const rend_data_t *rend_query; /** Extra headers to append to the request */ struct config_line_t *additional_headers; /** Hidden-service-specific information for v3+. */ diff --git a/src/feature/dirclient/dirclient_modes.c b/src/feature/dirclient/dirclient_modes.c index db25196213..06ed15222e 100644 --- a/src/feature/dirclient/dirclient_modes.c +++ b/src/feature/dirclient/dirclient_modes.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirclient/dirclient_modes.h b/src/feature/dirclient/dirclient_modes.h index c402207724..e525413e28 100644 --- a/src/feature/dirclient/dirclient_modes.h +++ b/src/feature/dirclient/dirclient_modes.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirclient/dlstatus.c b/src/feature/dirclient/dlstatus.c index ab3fbb8577..c21dd113b4 100644 --- a/src/feature/dirclient/dlstatus.c +++ b/src/feature/dirclient/dlstatus.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -73,15 +73,14 @@ find_dl_min_delay(const download_status_t *dls, const or_options_t *options) } } case DL_SCHED_BRIDGE: - if (options->UseBridges && num_bridges_usable(0) > 0) { - /* A bridge client that is sure that one or more of its bridges are - * running can afford to wait longer to update bridge descriptors. */ - return options->TestingBridgeDownloadInitialDelay; - } else { - /* A bridge client which might have no running bridges, must try to - * get bridge descriptors straight away. */ - return options->TestingBridgeBootstrapDownloadInitialDelay; - } + /* Be conservative here: always return the 'during bootstrap' delay + * value, so we never delay while trying to fetch descriptors + * for new bridges. Once we do succeed at fetching a descriptor + * for our bridge, we will adjust its next_attempt_at based on + * the longer "TestingBridgeDownloadInitialDelay" value. See + * learned_bridge_descriptor() for details. + */ + return options->TestingBridgeBootstrapDownloadInitialDelay; default: tor_assert(0); } diff --git a/src/feature/dirclient/dlstatus.h b/src/feature/dirclient/dlstatus.h index e5c8b756c4..e1a40ef669 100644 --- a/src/feature/dirclient/dlstatus.h +++ b/src/feature/dirclient/dlstatus.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirclient/download_status_st.h b/src/feature/dirclient/download_status_st.h index 92efcb44d0..ae73bf0230 100644 --- a/src/feature/dirclient/download_status_st.h +++ b/src/feature/dirclient/download_status_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircommon/consdiff.c b/src/feature/dircommon/consdiff.c index 9511177e2b..323f2bd576 100644 --- a/src/feature/dircommon/consdiff.c +++ b/src/feature/dircommon/consdiff.c @@ -1,5 +1,5 @@ /* Copyright (c) 2014, Daniel Martí - * Copyright (c) 2014-2020, The Tor Project, Inc. */ + * Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircommon/consdiff.h b/src/feature/dircommon/consdiff.h index c2dcb6da24..b5e90c6210 100644 --- a/src/feature/dircommon/consdiff.h +++ b/src/feature/dircommon/consdiff.h @@ -1,5 +1,5 @@ /* Copyright (c) 2014, Daniel Martí - * Copyright (c) 2014-2020, The Tor Project, Inc. */ + * Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircommon/dir_connection_st.h b/src/feature/dircommon/dir_connection_st.h index 12230e6741..e1a88a45b0 100644 --- a/src/feature/dircommon/dir_connection_st.h +++ b/src/feature/dircommon/dir_connection_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -42,9 +42,6 @@ struct dir_connection_t { /** The compression object doing on-the-fly compression for spooled data. */ struct tor_compress_state_t *compress_state; - /** What rendezvous service are we querying for? */ - rend_data_t *rend_data; - /* Hidden service connection identifier for dir connections: Used by HS client-side code to fetch HS descriptors, and by the service-side code to upload descriptors. */ diff --git a/src/feature/dircommon/directory.c b/src/feature/dircommon/directory.c index b276ac3441..6614bb065e 100644 --- a/src/feature/dircommon/directory.c +++ b/src/feature/dircommon/directory.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" @@ -68,7 +68,6 @@ * router_upload_dir_desc_to_dirservers() in router.c * upload_service_descriptor() in rendservice.c * - directory_get_from_dirserver(), called from - * rend_client_refetch_renddesc() in rendclient.c * run_scheduled_events() in main.c * do_hup() in main.c * - connection_dir_process_inbuf(), called from @@ -143,9 +142,6 @@ purpose_needs_anonymity(uint8_t dir_purpose, uint8_t router_purpose, case DIR_PURPOSE_FETCH_MICRODESC: return 0; case DIR_PURPOSE_HAS_FETCHED_HSDESC: - case DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2: - case DIR_PURPOSE_UPLOAD_RENDDESC_V2: - case DIR_PURPOSE_FETCH_RENDDESC_V2: case DIR_PURPOSE_FETCH_HSDESC: case DIR_PURPOSE_UPLOAD_HSDESC: return 1; diff --git a/src/feature/dircommon/directory.h b/src/feature/dircommon/directory.h index 2cd9c176c8..7d861682bb 100644 --- a/src/feature/dircommon/directory.h +++ b/src/feature/dircommon/directory.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -30,10 +30,7 @@ const dir_connection_t *CONST_TO_DIR_CONN(const connection_t *c); #define DIR_CONN_STATE_SERVER_WRITING 6 #define DIR_CONN_STATE_MAX_ 6 -#define DIR_PURPOSE_MIN_ 4 -/** A connection to a directory server: set after a v2 rendezvous - * descriptor is downloaded. */ -#define DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2 4 +#define DIR_PURPOSE_MIN_ 6 /** A connection to a directory server: download one or more server * descriptors. */ #define DIR_PURPOSE_FETCH_SERVERDESC 6 @@ -61,12 +58,9 @@ const dir_connection_t *CONST_TO_DIR_CONN(const connection_t *c); /** Purpose for connection at a directory server. */ #define DIR_PURPOSE_SERVER 16 -/** A connection to a hidden service directory server: upload a v2 rendezvous - * descriptor. */ -#define DIR_PURPOSE_UPLOAD_RENDDESC_V2 17 -/** A connection to a hidden service directory server: download a v2 rendezvous - * descriptor. */ -#define DIR_PURPOSE_FETCH_RENDDESC_V2 18 + +/** Value 17 and 18 were onion service v2 purposes. */ + /** A connection to a directory server: download a microdescriptor. */ #define DIR_PURPOSE_FETCH_MICRODESC 19 /** A connection to a hidden service directory: upload a v3 descriptor. */ @@ -84,7 +78,6 @@ const dir_connection_t *CONST_TO_DIR_CONN(const connection_t *c); ((p)==DIR_PURPOSE_UPLOAD_DIR || \ (p)==DIR_PURPOSE_UPLOAD_VOTE || \ (p)==DIR_PURPOSE_UPLOAD_SIGNATURES || \ - (p)==DIR_PURPOSE_UPLOAD_RENDDESC_V2 || \ (p)==DIR_PURPOSE_UPLOAD_HSDESC) /** True iff p is a purpose corresponding to onion service that is either diff --git a/src/feature/dircommon/fp_pair.c b/src/feature/dircommon/fp_pair.c index 87e1c253bd..ef6642925e 100644 --- a/src/feature/dircommon/fp_pair.c +++ b/src/feature/dircommon/fp_pair.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircommon/fp_pair.h b/src/feature/dircommon/fp_pair.h index ae71ea7b71..23e3b84ed3 100644 --- a/src/feature/dircommon/fp_pair.h +++ b/src/feature/dircommon/fp_pair.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dircommon/vote_timing_st.h b/src/feature/dircommon/vote_timing_st.h index 103d950f86..ace2ace43b 100644 --- a/src/feature/dircommon/vote_timing_st.h +++ b/src/feature/dircommon/vote_timing_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/authcert_members.h b/src/feature/dirparse/authcert_members.h index 53eab175d6..635779901b 100644 --- a/src/feature/dirparse/authcert_members.h +++ b/src/feature/dirparse/authcert_members.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/authcert_parse.c b/src/feature/dirparse/authcert_parse.c index b2460f6ace..7c74630235 100644 --- a/src/feature/dirparse/authcert_parse.c +++ b/src/feature/dirparse/authcert_parse.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/authcert_parse.h b/src/feature/dirparse/authcert_parse.h index 7f6dd1c02f..509d6ca938 100644 --- a/src/feature/dirparse/authcert_parse.h +++ b/src/feature/dirparse/authcert_parse.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/microdesc_parse.c b/src/feature/dirparse/microdesc_parse.c index 31415f3fb7..beb38bda30 100644 --- a/src/feature/dirparse/microdesc_parse.c +++ b/src/feature/dirparse/microdesc_parse.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/microdesc_parse.h b/src/feature/dirparse/microdesc_parse.h index e81126b8cd..47f52a6654 100644 --- a/src/feature/dirparse/microdesc_parse.h +++ b/src/feature/dirparse/microdesc_parse.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/ns_parse.c b/src/feature/dirparse/ns_parse.c index 138d248b08..cd3e2731be 100644 --- a/src/feature/dirparse/ns_parse.c +++ b/src/feature/dirparse/ns_parse.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -434,6 +434,8 @@ routerstatus_parse_entry_from_string(memarea_t *area, rs->is_possible_guard = 1; else if (!strcmp(tok->args[i], "BadExit")) rs->is_bad_exit = 1; + else if (!strcmp(tok->args[i], "MiddleOnly")) + rs->is_middle_only = 1; else if (!strcmp(tok->args[i], "Authority")) rs->is_authority = 1; else if (!strcmp(tok->args[i], "Unnamed") && @@ -446,6 +448,8 @@ routerstatus_parse_entry_from_string(memarea_t *area, rs->is_v2_dir = 1; } else if (!strcmp(tok->args[i], "StaleDesc")) { rs->is_staledesc = 1; + } else if (!strcmp(tok->args[i], "Sybil")) { + rs->is_sybil = 1; } } /* These are implied true by having been included in a consensus made diff --git a/src/feature/dirparse/ns_parse.h b/src/feature/dirparse/ns_parse.h index 6a1ea85c92..2b1518bb4d 100644 --- a/src/feature/dirparse/ns_parse.h +++ b/src/feature/dirparse/ns_parse.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/parsecommon.c b/src/feature/dirparse/parsecommon.c index ab465c4d7f..d7a6d65346 100644 --- a/src/feature/dirparse/parsecommon.c +++ b/src/feature/dirparse/parsecommon.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -216,7 +216,6 @@ token_check_object(memarea_t *area, const char *kwd, } break; case NEED_KEY_1024: /* There must be a 1024-bit public key. */ - case NEED_SKEY_1024: /* There must be a 1024-bit private key. */ if (tok->key && crypto_pk_num_bits(tok->key) != PK_BYTES*8) { tor_snprintf(ebuf, sizeof(ebuf), "Wrong size on key for %s: %d bits", kwd, crypto_pk_num_bits(tok->key)); @@ -228,18 +227,11 @@ token_check_object(memarea_t *area, const char *kwd, tor_snprintf(ebuf, sizeof(ebuf), "Missing public key for %s", kwd); RET_ERR(ebuf); } - if (o_syn != NEED_SKEY_1024) { - if (crypto_pk_key_is_private(tok->key)) { - tor_snprintf(ebuf, sizeof(ebuf), - "Private key given for %s, which wants a public key", kwd); - RET_ERR(ebuf); - } - } else { /* o_syn == NEED_SKEY_1024 */ - if (!crypto_pk_key_is_private(tok->key)) { - tor_snprintf(ebuf, sizeof(ebuf), - "Public key given for %s, which wants a private key", kwd); - RET_ERR(ebuf); - } + + if (crypto_pk_key_is_private(tok->key)) { + tor_snprintf(ebuf, sizeof(ebuf), + "Private key given for %s, which wants a public key", kwd); + RET_ERR(ebuf); } break; case OBJ_OK: @@ -409,15 +401,6 @@ get_next_token(memarea_t *area, tok->key = crypto_pk_asn1_decode(tok->object_body, tok->object_size); if (! tok->key) RET_ERR("Couldn't parse public key."); - } else if (!strcmp(tok->object_type, "RSA PRIVATE KEY")) { /* private key */ - if (o_syn != NEED_SKEY_1024 && o_syn != OBJ_OK) { - RET_ERR("Unexpected private key."); - } - tok->key = crypto_pk_asn1_decode_private(tok->object_body, - tok->object_size, - 1024); - if (! tok->key) - RET_ERR("Couldn't parse private key."); } *s = eol; diff --git a/src/feature/dirparse/parsecommon.h b/src/feature/dirparse/parsecommon.h index 4db9a89f13..675c5f68d5 100644 --- a/src/feature/dirparse/parsecommon.h +++ b/src/feature/dirparse/parsecommon.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -172,6 +172,7 @@ typedef enum { R3_DESC_AUTH_KEY, R3_DESC_AUTH_CLIENT, R3_ENCRYPTED, + R3_FLOW_CONTROL, R_IPO_IDENTIFIER, R_IPO_IP_ADDRESS, @@ -218,7 +219,6 @@ typedef struct directory_token_t { typedef enum { NO_OBJ, /**< No object, ever. */ NEED_OBJ, /**< Object is required. */ - NEED_SKEY_1024,/**< Object is required, and must be a 1024 bit private key */ NEED_KEY_1024, /**< Object is required, and must be a 1024 bit public key */ NEED_KEY, /**< Object is required, and must be a public key. */ OBJ_OK, /**< Object is optional. */ diff --git a/src/feature/dirparse/policy_parse.c b/src/feature/dirparse/policy_parse.c index 28cd174686..8d30410f58 100644 --- a/src/feature/dirparse/policy_parse.c +++ b/src/feature/dirparse/policy_parse.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -192,6 +192,10 @@ router_parse_addr_policy_private(directory_token_t *tok) uint16_t port_min, port_max; addr_policy_t result; + /* Safeguard: always flag non canonical because it is a stack allocated + * object and thus should not be considered a copy stored in a map. */ + result.is_canonical = 0; + arg = tok->args[0]; if (strcmpstart(arg, "private")) return NULL; diff --git a/src/feature/dirparse/policy_parse.h b/src/feature/dirparse/policy_parse.h index 7764069e66..dffeb8f5ad 100644 --- a/src/feature/dirparse/policy_parse.h +++ b/src/feature/dirparse/policy_parse.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/routerparse.c b/src/feature/dirparse/routerparse.c index 3d90c1bc91..844057c47e 100644 --- a/src/feature/dirparse/routerparse.c +++ b/src/feature/dirparse/routerparse.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/routerparse.h b/src/feature/dirparse/routerparse.h index 519044e9b0..aeb9b72e52 100644 --- a/src/feature/dirparse/routerparse.h +++ b/src/feature/dirparse/routerparse.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/sigcommon.c b/src/feature/dirparse/sigcommon.c index fb81b2da6e..96f79d5f87 100644 --- a/src/feature/dirparse/sigcommon.c +++ b/src/feature/dirparse/sigcommon.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/sigcommon.h b/src/feature/dirparse/sigcommon.h index c7f370f8e8..2e3b262f80 100644 --- a/src/feature/dirparse/sigcommon.h +++ b/src/feature/dirparse/sigcommon.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/signing.c b/src/feature/dirparse/signing.c index e420e5b6b9..44b1c79163 100644 --- a/src/feature/dirparse/signing.c +++ b/src/feature/dirparse/signing.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/signing.h b/src/feature/dirparse/signing.h index 7ca34bb14a..a55e855e9b 100644 --- a/src/feature/dirparse/signing.h +++ b/src/feature/dirparse/signing.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/dirparse/unparseable.c b/src/feature/dirparse/unparseable.c index a91148a661..e966db734a 100644 --- a/src/feature/dirparse/unparseable.c +++ b/src/feature/dirparse/unparseable.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -403,7 +403,7 @@ dump_desc_compare_fifo_entries(const void **a_v, const void **b_v) } } else { /* - * We shouldn't see this, but what the hell, NULLs precede everythin + * We shouldn't see this, but what the hell, NULLs precede everything * else */ return 1; diff --git a/src/feature/dirparse/unparseable.h b/src/feature/dirparse/unparseable.h index cff91c82cc..f8bebfc544 100644 --- a/src/feature/dirparse/unparseable.h +++ b/src/feature/dirparse/unparseable.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hibernate/hibernate.c b/src/feature/hibernate/hibernate.c index 82c33659aa..1c616ec6fe 100644 --- a/src/feature/hibernate/hibernate.c +++ b/src/feature/hibernate/hibernate.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hibernate/hibernate.h b/src/feature/hibernate/hibernate.h index 48a03e8239..6f239fc41c 100644 --- a/src/feature/hibernate/hibernate.h +++ b/src/feature/hibernate/hibernate.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c index 9c35936748..cf8e377313 100644 --- a/src/feature/hs/hs_cache.c +++ b/src/feature/hs/hs_cache.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -19,12 +19,15 @@ #include "feature/hs/hs_descriptor.h" #include "feature/nodelist/microdesc.h" #include "feature/nodelist/networkstatus.h" -#include "feature/rend/rendcache.h" +#include "feature/stats/rephist.h" #include "feature/hs/hs_cache.h" #include "feature/nodelist/networkstatus_st.h" +/* Total counter of the cache size. */ +static size_t hs_cache_total_allocation = 0; + static int cached_client_descriptor_has_expired(time_t now, const hs_cache_client_descriptor_t *cached_desc); @@ -163,7 +166,7 @@ cache_store_v3_as_dir(hs_cache_dir_descriptor_t *desc) * remove the entry we currently have from our cache so we can then * store the new one. */ remove_v3_desc_as_dir(cache_entry); - rend_cache_decrement_allocation(cache_get_dir_entry_size(cache_entry)); + hs_cache_decrement_allocation(cache_get_dir_entry_size(cache_entry)); cache_dir_desc_free(cache_entry); } /* Store the descriptor we just got. We are sure here that either we @@ -173,9 +176,12 @@ cache_store_v3_as_dir(hs_cache_dir_descriptor_t *desc) /* Update our total cache size with this entry for the OOM. This uses the * old HS protocol cache subsystem for which we are tied with. */ - rend_cache_increment_allocation(cache_get_dir_entry_size(desc)); + hs_cache_increment_allocation(cache_get_dir_entry_size(desc)); - /* XXX: Update HS statistics. We should have specific stats for v3. */ + /* Update HSv3 statistics */ + if (get_options()->HiddenServiceStatistics) { + rep_hist_hsdir_stored_maybe_new_v3_onion(desc->key); + } return 0; @@ -255,7 +261,7 @@ cache_clean_v3_as_dir(time_t now, time_t global_cutoff) /* Entry is not in the cache anymore, destroy it. */ cache_dir_desc_free(entry); /* Update our cache entry allocation size for the OOM. */ - rend_cache_decrement_allocation(entry_size); + hs_cache_decrement_allocation(entry_size); /* Logging. */ { char key_b64[BASE64_DIGEST256_LEN + 1]; @@ -332,12 +338,6 @@ hs_cache_lookup_as_dir(uint32_t version, const char *query, void hs_cache_clean_as_dir(time_t now) { - time_t cutoff; - - /* Start with v2 cache cleaning. */ - cutoff = now - rend_cache_max_entry_lifetime(); - rend_cache_clean_v2_descs_as_dir(cutoff); - /* Now, clean the v3 cache. Set the cutoff to 0 telling the cleanup function * to compute the cutoff by itself using the lifetime value. */ cache_clean_v3_as_dir(now, 0); @@ -408,7 +408,7 @@ remove_v3_desc_as_client(const hs_cache_client_descriptor_t *desc) tor_assert(desc); digest256map_remove(hs_cache_v3_client, desc->key.pubkey); /* Update cache size with this entry for the OOM handler. */ - rend_cache_decrement_allocation(cache_get_client_entry_size(desc)); + hs_cache_decrement_allocation(cache_get_client_entry_size(desc)); } /** Store a given descriptor in our cache. */ @@ -429,7 +429,7 @@ store_v3_desc_as_client(hs_cache_client_descriptor_t *desc) } digest256map_set(hs_cache_v3_client, desc->key.pubkey, desc); /* Update cache size with this entry for the OOM handler. */ - rend_cache_increment_allocation(cache_get_client_entry_size(desc)); + hs_cache_increment_allocation(cache_get_client_entry_size(desc)); } /** Query our cache and return the entry or NULL if not found or if expired. */ @@ -803,7 +803,7 @@ cache_clean_v3_as_client(time_t now) cache_client_desc_free(entry); /* Update our OOM. We didn't use the remove() function because we are in * a loop so we have to explicitly decrement. */ - rend_cache_decrement_allocation(entry_size); + hs_cache_decrement_allocation(entry_size); /* Logging. */ { char key_b64[BASE64_DIGEST256_LEN + 1]; @@ -941,8 +941,6 @@ hs_cache_remove_as_client(const ed25519_public_key_t *key) void hs_cache_clean_as_client(time_t now) { - /* Start with v2 cache cleaning. */ - rend_cache_clean(now, REND_CACHE_TYPE_CLIENT); /* Now, clean the v3 cache. Set the cutoff to 0 telling the cleanup function * to compute the cutoff by itself using the lifetime value. */ cache_clean_v3_as_client(now); @@ -959,7 +957,7 @@ hs_cache_purge_as_client(void) cache_client_desc_free(entry); /* Update our OOM. We didn't use the remove() function because we are in * a loop so we have to explicitly decrement. */ - rend_cache_decrement_allocation(entry_size); + hs_cache_decrement_allocation(entry_size); } DIGEST256MAP_FOREACH_END; log_info(LD_REND, "Hidden service client descriptor cache purged."); @@ -1081,19 +1079,16 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes) /* The algorithm is as follow. K is the oldest expected descriptor age. * - * 1) Deallocate all entries from v2 cache that are older than K hours. - * 1.1) If the amount of remove bytes has been reached, stop. - * 2) Deallocate all entries from v3 cache that are older than K hours + * 1) Deallocate all entries from v3 cache that are older than K hours * 2.1) If the amount of remove bytes has been reached, stop. - * 3) Set K = K - RendPostPeriod and repeat process until K is < 0. + * 2) Set K = K - RendPostPeriod and repeat process until K is < 0. * * This ends up being O(Kn). */ /* Set K to the oldest expected age in seconds which is the maximum - * lifetime of a cache entry. We'll use the v2 lifetime because it's much - * bigger than the v3 thus leading to cleaning older descriptors. */ - k = rend_cache_max_entry_lifetime(); + * lifetime of a cache entry. */ + k = hs_cache_max_entry_lifetime(); do { time_t cutoff; @@ -1106,9 +1101,6 @@ hs_cache_handle_oom(time_t now, size_t min_remove_bytes) /* Compute a cutoff value with K and the current time. */ cutoff = now - k; - /* Start by cleaning the v2 cache with that cutoff. */ - bytes_removed += rend_cache_clean_v2_descs_as_dir(cutoff); - if (bytes_removed < min_remove_bytes) { /* We haven't remove enough bytes so clean v3 cache. */ bytes_removed += cache_clean_v3_as_dir(now, cutoff); @@ -1157,4 +1149,45 @@ hs_cache_free_all(void) digest256map_free(hs_cache_client_intro_state, cache_client_intro_state_free_void); hs_cache_client_intro_state = NULL; + hs_cache_total_allocation = 0; +} + +/* Return total size of the cache. */ +size_t +hs_cache_get_total_allocation(void) +{ + return hs_cache_total_allocation; +} + +/** Decrement the total bytes attributed to the rendezvous cache by n. */ +void +hs_cache_decrement_allocation(size_t n) +{ + static int have_underflowed = 0; + + if (hs_cache_total_allocation >= n) { + hs_cache_total_allocation -= n; + } else { + hs_cache_total_allocation = 0; + if (! have_underflowed) { + have_underflowed = 1; + log_warn(LD_BUG, "Underflow in hs_cache_decrement_allocation"); + } + } +} + +/** Increase the total bytes attributed to the rendezvous cache by n. */ +void +hs_cache_increment_allocation(size_t n) +{ + static int have_overflowed = 0; + if (hs_cache_total_allocation <= SIZE_MAX - n) { + hs_cache_total_allocation += n; + } else { + hs_cache_total_allocation = SIZE_MAX; + if (! have_overflowed) { + have_overflowed = 1; + log_warn(LD_BUG, "Overflow in hs_cache_increment_allocation"); + } + } } diff --git a/src/feature/hs/hs_cache.h b/src/feature/hs/hs_cache.h index bb3c77f224..dd55f54ba4 100644 --- a/src/feature/hs/hs_cache.h +++ b/src/feature/hs/hs_cache.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -21,6 +21,14 @@ struct ed25519_public_key_t; /** This is the maximum time an introduction point state object can stay in the * client cache in seconds (2 mins or 120 seconds). */ #define HS_CACHE_CLIENT_INTRO_STATE_MAX_AGE (2 * 60) +/** How old do we let hidden service descriptors get before discarding + * them as too old? */ +#define HS_CACHE_MAX_AGE (2*24*60*60) +/** How wrong do we assume our clock may be when checking whether hidden + * services are too old or too new? */ +#define HS_CACHE_MAX_SKEW (24*60*60) +/** How old do we keep an intro point failure entry in the failure cache? */ +#define HS_CACHE_FAILURE_MAX_AGE (5*60) /** Introduction point state. */ typedef struct hs_cache_intro_state_t { @@ -57,7 +65,6 @@ typedef struct hs_cache_dir_descriptor_t { /** Descriptor plaintext information. Obviously, we can't decrypt the * encrypted part of the descriptor. */ hs_desc_plaintext_data_t *plaintext_data; - /** Encoded descriptor which is basically in text form. It's a NUL terminated * string thus safe to strlen(). */ char *encoded_desc; @@ -65,6 +72,13 @@ typedef struct hs_cache_dir_descriptor_t { /* Public API */ +/* Return maximum lifetime in seconds of a cache entry. */ +static inline time_t +hs_cache_max_entry_lifetime(void) +{ + return HS_CACHE_MAX_AGE + HS_CACHE_MAX_SKEW; +} + void hs_cache_init(void); void hs_cache_free_all(void); void hs_cache_clean_as_dir(time_t now); @@ -102,6 +116,10 @@ void hs_cache_client_intro_state_purge(void); bool hs_cache_client_new_auth_parse(const ed25519_public_key_t *service_pk); +size_t hs_cache_get_total_allocation(void); +void hs_cache_decrement_allocation(size_t n); +void hs_cache_increment_allocation(size_t n); + #ifdef HS_CACHE_PRIVATE #include "lib/crypt_ops/crypto_ed25519.h" diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 8bdaa4922a..490f05e54f 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -9,18 +9,19 @@ #include "core/or/or.h" #include "app/config/config.h" #include "lib/crypt_ops/crypto_util.h" -#include "feature/rend/rendservice.h" #include "feature/hs_common/replaycache.h" #include "feature/hs/hs_cell.h" #include "feature/hs/hs_ob.h" #include "core/crypto/hs_ntor.h" +#include "core/or/congestion_control_common.h" #include "core/or/origin_circuit_st.h" /* Trunnel. */ +#include "trunnel/congestion_control.h" #include "trunnel/ed25519_cert.h" -#include "trunnel/hs/cell_common.h" +#include "trunnel/extension.h" #include "trunnel/hs/cell_establish_intro.h" #include "trunnel/hs/cell_introduce1.h" #include "trunnel/hs/cell_rendezvous.h" @@ -194,37 +195,10 @@ parse_introduce2_encrypted(const uint8_t *decrypted_data, return NULL; } -/** Build a legacy ESTABLISH_INTRO cell with the given circuit nonce and RSA - * encryption key. The encoded cell is put in cell_out that MUST at least be - * of the size of RELAY_PAYLOAD_SIZE. Return the encoded cell length on - * success else a negative value and cell_out is untouched. */ -static ssize_t -build_legacy_establish_intro(const char *circ_nonce, crypto_pk_t *enc_key, - uint8_t *cell_out) -{ - ssize_t cell_len; - - tor_assert(circ_nonce); - tor_assert(enc_key); - tor_assert(cell_out); - - memwipe(cell_out, 0, RELAY_PAYLOAD_SIZE); - - cell_len = rend_service_encode_establish_intro_cell((char*)cell_out, - RELAY_PAYLOAD_SIZE, - enc_key, circ_nonce); - return cell_len; -} - /** Parse an INTRODUCE2 cell from payload of size payload_len for the given * service and circuit which are used only for logging purposes. The resulting * parsed cell is put in cell_ptr_out. * - * This function only parses prop224 INTRODUCE2 cells even when the intro point - * is a legacy intro point. That's because intro points don't actually care - * about the contents of the introduce cell. Legacy INTRODUCE cells are only - * used by the legacy system now. - * * Return 0 on success else a negative value and cell_ptr_out is untouched. */ static int parse_introduce2_cell(const hs_service_t *service, @@ -400,6 +374,26 @@ introduce1_encrypt_and_encode(trn_cell_introduce1_t *cell, tor_free(encrypted); } +/** Build and set the INTRODUCE congestion control extension in the given + * extensions. */ +static void +build_introduce_cc_extension(trn_extension_t *extensions) +{ + trn_extension_field_t *field = NULL; + + /* Build CC request extension. */ + field = trn_extension_field_new(); + trn_extension_field_set_field_type(field, + TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST); + + /* No payload indicating a request to use congestion control. */ + trn_extension_field_set_field_len(field, 0); + + /* Build final extension. */ + trn_extension_add_fields(extensions, field); + trn_extension_set_num(extensions, trn_extension_get_num(extensions) + 1); +} + /** Using the INTRODUCE1 data, setup the ENCRYPTED section in cell. This means * set it, encrypt it and encode it. */ static void @@ -407,7 +401,7 @@ introduce1_set_encrypted(trn_cell_introduce1_t *cell, const hs_cell_introduce1_data_t *data) { trn_cell_introduce_encrypted_t *enc_cell; - trn_cell_extension_t *ext; + trn_extension_t *ext; tor_assert(cell); tor_assert(data); @@ -415,10 +409,13 @@ introduce1_set_encrypted(trn_cell_introduce1_t *cell, enc_cell = trn_cell_introduce_encrypted_new(); tor_assert(enc_cell); - /* Set extension data. None are used. */ - ext = trn_cell_extension_new(); + /* Setup extension(s) if any. */ + ext = trn_extension_new(); tor_assert(ext); - trn_cell_extension_set_num(ext, 0); + /* Build congestion control extension is enabled. */ + if (data->cc_enabled) { + build_introduce_cc_extension(ext); + } trn_cell_introduce_encrypted_set_extensions(enc_cell, ext); /* Set the rendezvous cookie. */ @@ -457,28 +454,6 @@ introduce1_set_auth_key(trn_cell_introduce1_t *cell, data->auth_pk->pubkey, trn_cell_introduce1_getlen_auth_key(cell)); } -/** Set the legacy ID field in the INTRODUCE1 cell from the given data. */ -static void -introduce1_set_legacy_id(trn_cell_introduce1_t *cell, - const hs_cell_introduce1_data_t *data) -{ - tor_assert(cell); - tor_assert(data); - - if (data->is_legacy) { - uint8_t digest[DIGEST_LEN]; - if (BUG(crypto_pk_get_digest(data->legacy_key, (char *) digest) < 0)) { - return; - } - memcpy(trn_cell_introduce1_getarray_legacy_key_id(cell), - digest, trn_cell_introduce1_getlen_legacy_key_id(cell)); - } else { - /* We have to zeroed the LEGACY_KEY_ID field. */ - memset(trn_cell_introduce1_getarray_legacy_key_id(cell), 0, - trn_cell_introduce1_getlen_legacy_key_id(cell)); - } -} - /** Build and add to the given DoS cell extension the given parameter type and * value. */ static void @@ -504,20 +479,20 @@ build_establish_intro_dos_param(trn_cell_extension_dos_t *dos_ext, * possible if there is a bug.) */ static int build_establish_intro_dos_extension(const hs_service_config_t *service_config, - trn_cell_extension_t *extensions) + trn_extension_t *extensions) { ssize_t ret; size_t dos_ext_encoded_len; uint8_t *field_array; - trn_cell_extension_field_t *field = NULL; + trn_extension_field_t *field = NULL; trn_cell_extension_dos_t *dos_ext = NULL; tor_assert(service_config); tor_assert(extensions); /* We are creating a cell extension field of the type DoS. */ - field = trn_cell_extension_field_new(); - trn_cell_extension_field_set_field_type(field, + field = trn_extension_field_new(); + trn_extension_field_set_field_type(field, TRUNNEL_CELL_EXTENSION_TYPE_DOS); /* Build DoS extension field. We will put in two parameters. */ @@ -540,24 +515,23 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, } dos_ext_encoded_len = ret; /* Set length field and the field array size length. */ - trn_cell_extension_field_set_field_len(field, dos_ext_encoded_len); - trn_cell_extension_field_setlen_field(field, dos_ext_encoded_len); + trn_extension_field_set_field_len(field, dos_ext_encoded_len); + trn_extension_field_setlen_field(field, dos_ext_encoded_len); /* Encode the DoS extension into the cell extension field. */ - field_array = trn_cell_extension_field_getarray_field(field); + field_array = trn_extension_field_getarray_field(field); ret = trn_cell_extension_dos_encode(field_array, - trn_cell_extension_field_getlen_field(field), dos_ext); + trn_extension_field_getlen_field(field), dos_ext); if (BUG(ret <= 0)) { goto err; } tor_assert(ret == (ssize_t) dos_ext_encoded_len); /* Finally, encode field into the cell extension. */ - trn_cell_extension_add_fields(extensions, field); + trn_extension_add_fields(extensions, field); /* We've just add an extension field to the cell extensions so increment the * total number. */ - trn_cell_extension_set_num(extensions, - trn_cell_extension_get_num(extensions) + 1); + trn_extension_set_num(extensions, trn_extension_get_num(extensions) + 1); /* Cleanup. DoS extension has been encoded at this point. */ trn_cell_extension_dos_free(dos_ext); @@ -565,7 +539,7 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, return 0; err: - trn_cell_extension_field_free(field); + trn_extension_field_free(field); trn_cell_extension_dos_free(dos_ext); return -1; } @@ -576,18 +550,18 @@ build_establish_intro_dos_extension(const hs_service_config_t *service_config, /** Allocate and build all the ESTABLISH_INTRO cell extension. The given * extensions pointer is always set to a valid cell extension object. */ -STATIC trn_cell_extension_t * +STATIC trn_extension_t * build_establish_intro_extensions(const hs_service_config_t *service_config, const hs_service_intro_point_t *ip) { int ret; - trn_cell_extension_t *extensions; + trn_extension_t *extensions; tor_assert(service_config); tor_assert(ip); - extensions = trn_cell_extension_new(); - trn_cell_extension_set_num(extensions, 0); + extensions = trn_extension_new(); + trn_extension_set_num(extensions, 0); /* If the defense has been enabled service side (by the operator with a * torrc option) and the intro point does support it. */ @@ -608,8 +582,7 @@ build_establish_intro_extensions(const hs_service_config_t *service_config, /** Build an ESTABLISH_INTRO cell with the given circuit nonce and intro point * object. The encoded cell is put in cell_out that MUST at least be of the * size of RELAY_PAYLOAD_SIZE. Return the encoded cell length on success else - * a negative value and cell_out is untouched. This function also supports - * legacy cell creation. */ + * a negative value and cell_out is untouched. */ ssize_t hs_cell_build_establish_intro(const char *circ_nonce, const hs_service_config_t *service_config, @@ -619,22 +592,12 @@ hs_cell_build_establish_intro(const char *circ_nonce, ssize_t cell_len = -1; uint16_t sig_len = ED25519_SIG_LEN; trn_cell_establish_intro_t *cell = NULL; - trn_cell_extension_t *extensions; + trn_extension_t *extensions; tor_assert(circ_nonce); tor_assert(service_config); tor_assert(ip); - /* Quickly handle the legacy IP. */ - if (ip->base.is_only_legacy) { - tor_assert(ip->legacy_key); - cell_len = build_legacy_establish_intro(circ_nonce, ip->legacy_key, - cell_out); - tor_assert(cell_len <= RELAY_PAYLOAD_SIZE); - /* Success or not we are done here. */ - goto done; - } - /* Build the extensions, if any. */ extensions = build_establish_intro_extensions(service_config, ip); @@ -821,6 +784,31 @@ get_introduce2_keys_and_verify_mac(hs_cell_introduce2_data_t *data, return intro_keys_result; } +/** Parse the given INTRODUCE cell extension. Update the data object + * accordingly depending on the extension. */ +static void +parse_introduce_cell_extension(hs_cell_introduce2_data_t *data, + const trn_extension_field_t *field) +{ + trn_extension_field_cc_t *cc_field = NULL; + + tor_assert(data); + tor_assert(field); + + switch (trn_extension_field_get_field_type(field)) { + case TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST: + /* CC requests, enable it. */ + data->cc_enabled = 1; + data->pv.protocols_known = 1; + data->pv.supports_congestion_control = data->cc_enabled; + break; + default: + break; + } + + trn_extension_field_cc_free(cc_field); +} + /** Parse the INTRODUCE2 cell using data which contains everything we need to * do so and contains the destination buffers of information we extract and * compute from the cell. Return 0 on success else a negative value. The @@ -949,6 +937,27 @@ hs_cell_parse_introduce2(hs_cell_introduce2_data_t *data, smartlist_add(data->link_specifiers, lspec_dup); } + /* Extract any extensions. */ + const trn_extension_t *extensions = + trn_cell_introduce_encrypted_get_extensions(enc_cell); + if (extensions != NULL) { + for (size_t idx = 0; idx < trn_extension_get_num(extensions); idx++) { + const trn_extension_field_t *field = + trn_extension_getconst_fields(extensions, idx); + if (BUG(field == NULL)) { + /* The number of extensions should match the number of fields. */ + break; + } + parse_introduce_cell_extension(data, field); + } + } + + /* If the client asked for congestion control, but we don't support it, + * that's a failure. It should not have asked, based on our descriptor. */ + if (data->cc_enabled && !congestion_control_enabled()) { + goto done; + } + /* Success. */ ret = 0; log_info(LD_REND, "Valid INTRODUCE2 cell. Launching rendezvous circuit."); @@ -1008,7 +1017,7 @@ hs_cell_build_introduce1(const hs_cell_introduce1_data_t *data, { ssize_t cell_len; trn_cell_introduce1_t *cell; - trn_cell_extension_t *ext; + trn_extension_t *ext; tor_assert(data); tor_assert(cell_out); @@ -1017,14 +1026,11 @@ hs_cell_build_introduce1(const hs_cell_introduce1_data_t *data, tor_assert(cell); /* Set extension data. None are used. */ - ext = trn_cell_extension_new(); + ext = trn_extension_new(); tor_assert(ext); - trn_cell_extension_set_num(ext, 0); + trn_extension_set_num(ext, 0); trn_cell_introduce1_set_extensions(cell, ext); - /* Set the legacy ID field. */ - introduce1_set_legacy_id(cell, data); - /* Set the authentication key. */ introduce1_set_auth_key(cell, data); @@ -1067,18 +1073,6 @@ hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len) tor_assert(payload); - /* If it is a legacy IP, rend-spec.txt specifies that a ACK is 0 byte and a - * NACK is 1 byte. We can't use the legacy function for this so we have to - * do a special case. */ - if (payload_len <= 1) { - if (payload_len == 0) { - ret = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS; - } else { - ret = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID; - } - goto end; - } - if (trn_cell_introduce_ack_parse(&cell, payload, payload_len) < 0) { log_info(LD_REND, "Invalid INTRODUCE_ACK cell. Unable to parse it."); goto end; diff --git a/src/feature/hs/hs_cell.h b/src/feature/hs/hs_cell.h index 5889e7c6dd..c76a0690a8 100644 --- a/src/feature/hs/hs_cell.h +++ b/src/feature/hs/hs_cell.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -40,6 +40,8 @@ typedef struct hs_cell_introduce1_data_t { const curve25519_keypair_t *client_kp; /** Rendezvous point link specifiers. */ smartlist_t *link_specifiers; + /** Congestion control parameters. */ + unsigned int cc_enabled : 1; } hs_cell_introduce1_data_t; /** This data structure contains data that we need to parse an INTRODUCE2 cell @@ -82,6 +84,10 @@ typedef struct hs_cell_introduce2_data_t { smartlist_t *link_specifiers; /** Replay cache of the introduction point. */ replaycache_t *replay_cache; + /** Flow control negotiation parameters. */ + protover_summary_flags_t pv; + /** Congestion control parameters. */ + unsigned int cc_enabled : 1; } hs_cell_introduce2_data_t; /* Build cell API. */ @@ -115,9 +121,9 @@ void hs_cell_introduce1_data_clear(hs_cell_introduce1_data_t *data); #ifdef TOR_UNIT_TESTS -#include "trunnel/hs/cell_common.h" +#include "trunnel/extension.h" -STATIC trn_cell_extension_t * +STATIC trn_extension_t * build_establish_intro_extensions(const hs_service_config_t *service_config, const hs_service_intro_point_t *ip); diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c index eaf99cf8b2..53855d40a9 100644 --- a/src/feature/hs/hs_circuit.c +++ b/src/feature/hs/hs_circuit.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -17,6 +17,8 @@ #include "core/or/relay.h" #include "core/or/crypt_path.h" #include "core/or/extendinfo.h" +#include "core/or/congestion_control_common.h" +#include "core/crypto/onion_crypto.h" #include "feature/client/circpathbias.h" #include "feature/hs/hs_cell.h" #include "feature/hs/hs_circuit.h" @@ -28,8 +30,6 @@ #include "feature/hs/hs_service.h" #include "feature/nodelist/describe.h" #include "feature/nodelist/nodelist.h" -#include "feature/rend/rendservice.h" -#include "feature/rend/rendclient.h" #include "feature/stats/rephist.h" #include "lib/crypt_ops/crypto_dh.h" #include "lib/crypt_ops/crypto_rand.h" @@ -37,9 +37,9 @@ /* Trunnel. */ #include "trunnel/ed25519_cert.h" -#include "trunnel/hs/cell_common.h" #include "trunnel/hs/cell_establish_intro.h" +#include "core/or/congestion_control_st.h" #include "core/or/cpath_build_state_st.h" #include "core/or/crypt_path_st.h" #include "feature/nodelist/node_st.h" @@ -106,57 +106,6 @@ create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len, return cpath; } -/** We are a v2 legacy HS client: Create and return a crypt path for the hidden - * service on the other side of the rendezvous circuit <b>circ</b>. Initialize - * the crypt path crypto using the body of the RENDEZVOUS1 cell at - * <b>rend_cell_body</b> (which must be at least DH1024_KEY_LEN+DIGEST_LEN - * bytes). - */ -static crypt_path_t * -create_rend_cpath_legacy(origin_circuit_t *circ, const uint8_t *rend_cell_body) -{ - crypt_path_t *hop = NULL; - char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN]; - - /* first DH1024_KEY_LEN bytes are g^y from the service. Finish the dh - * handshake...*/ - tor_assert(circ->build_state); - tor_assert(circ->build_state->pending_final_cpath); - hop = circ->build_state->pending_final_cpath; - - tor_assert(hop->rend_dh_handshake_state); - if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, hop->rend_dh_handshake_state, - (char*)rend_cell_body, DH1024_KEY_LEN, - keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) { - log_warn(LD_GENERAL, "Couldn't complete DH handshake."); - goto err; - } - /* ... and set up cpath. */ - if (cpath_init_circuit_crypto(hop, - keys+DIGEST_LEN, sizeof(keys)-DIGEST_LEN, - 0, 0) < 0) - goto err; - - /* Check whether the digest is right... */ - if (tor_memneq(keys, rend_cell_body+DH1024_KEY_LEN, DIGEST_LEN)) { - log_warn(LD_PROTOCOL, "Incorrect digest of key material."); - goto err; - } - - /* clean up the crypto stuff we just made */ - crypto_dh_free(hop->rend_dh_handshake_state); - hop->rend_dh_handshake_state = NULL; - - goto done; - - err: - hop = NULL; - - done: - memwipe(keys, 0, sizeof(keys)); - return hop; -} - /** Append the final <b>hop</b> to the cpath of the rend <b>circ</b>, and mark * <b>circ</b> ready for use to transfer HS relay cells. */ static void @@ -177,21 +126,15 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop, hop->package_window = circuit_initial_package_window(); hop->deliver_window = CIRCWINDOW_START; - /* Now that this circuit has finished connecting to its destination, - * make sure circuit_get_open_circ_or_launch is willing to return it - * so we can actually use it. */ - circ->hs_circ_has_timed_out = 0; + /* If congestion control, transfer ccontrol onto the cpath. */ + if (TO_CIRCUIT(circ)->ccontrol) { + hop->ccontrol = TO_CIRCUIT(circ)->ccontrol; + TO_CIRCUIT(circ)->ccontrol = NULL; + } /* Append the hop to the cpath of this circuit */ cpath_extend_linked_list(&circ->cpath, hop); - /* In legacy code, 'pending_final_cpath' points to the final hop we just - * appended to the cpath. We set the original pointer to NULL so that we - * don't double free it. */ - if (circ->build_state) { - circ->build_state->pending_final_cpath = NULL; - } - /* Finally, mark circuit as ready to be used for client streams */ if (!is_service_side) { circuit_try_attaching_streams(circ); @@ -199,7 +142,7 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop, } /** For a given circuit and a service introduction point object, register the - * intro circuit to the circuitmap. This supports legacy intro point. */ + * intro circuit to the circuitmap. */ static void register_intro_circ(const hs_service_intro_point_t *ip, origin_circuit_t *circ) @@ -207,13 +150,8 @@ register_intro_circ(const hs_service_intro_point_t *ip, tor_assert(ip); tor_assert(circ); - if (ip->base.is_only_legacy) { - hs_circuitmap_register_intro_circ_v2_service_side(circ, - ip->legacy_key_digest); - } else { - hs_circuitmap_register_intro_circ_v3_service_side(circ, - &ip->auth_key_kp.pubkey); - } + hs_circuitmap_register_intro_circ_v3_service_side(circ, + &ip->auth_key_kp.pubkey); } /** Return the number of opened introduction circuit for the given circuit that @@ -473,6 +411,12 @@ launch_rendezvous_point_circuit,(const hs_service_t *service, tor_assert(circ->hs_ident); } + /* Setup congestion control if asked by the client from the INTRO cell. */ + if (data->cc_enabled) { + hs_circ_setup_congestion_control(circ, congestion_control_sendme_inc(), + service->config.is_single_onion); + } + end: extend_info_free(info); } @@ -489,16 +433,6 @@ can_relaunch_service_rendezvous_point(const origin_circuit_t *circ) /* XXX: Retrying under certain condition. This is related to #22455. */ - /* Avoid to relaunch twice a circuit to the same rendezvous point at the - * same time. */ - if (circ->hs_service_side_rend_circ_has_been_relaunched) { - log_info(LD_REND, "Rendezvous circuit to %s has already been retried. " - "Skipping retry.", - safe_str_client( - extend_info_describe(circ->build_state->chosen_exit))); - goto disallow; - } - /* We check failure_count >= hs_get_service_max_rend_failures()-1 below, and * the -1 is because we increment the failure count for our current failure * *after* this clause. */ @@ -569,6 +503,15 @@ retry_service_rendezvous_point(const origin_circuit_t *circ) new_circ->build_state->expiry_time = bstate->expiry_time; new_circ->hs_ident = hs_ident_circuit_dup(circ->hs_ident); + /* Setup congestion control if asked by the client from the INTRO cell. */ + if (TO_CIRCUIT(circ)->ccontrol) { + /* As per above, in this case, we are a full 3 hop rend, even if we're a + * single-onion service. */ + hs_circ_setup_congestion_control(new_circ, + TO_CIRCUIT(circ)->ccontrol->sendme_inc, + false); + } + done: return; } @@ -606,10 +549,6 @@ setup_introduce1_data(const hs_desc_intro_point_t *ip, /* Populate the introduce1 data object. */ memset(intro1_data, 0, sizeof(hs_cell_introduce1_data_t)); - if (ip->legacy.key != NULL) { - intro1_data->is_legacy = 1; - intro1_data->legacy_key = ip->legacy.key; - } intro1_data->auth_pk = &ip->auth_key_cert->signed_key; intro1_data->enc_pk = &ip->enc_key; intro1_data->subcredential = subcredential; @@ -619,6 +558,7 @@ setup_introduce1_data(const hs_desc_intro_point_t *ip, /* We can't rendezvous without the curve25519 onion key. */ goto end; } + /* Success, we have valid introduce data. */ ret = 0; @@ -636,8 +576,8 @@ cleanup_on_close_client_circ(circuit_t *circ) if (circuit_is_hs_v3(circ)) { hs_client_circuit_cleanup_on_close(circ); } - /* It is possible the circuit has an HS purpose but no identifier (rend_data - * or hs_ident). Thus possible that this passes through. */ + /* It is possible the circuit has an HS purpose but no identifier (hs_ident). + * Thus possible that this passes through. */ } /** Helper: cleanup function for client circuit. This is for every HS version. @@ -647,19 +587,52 @@ cleanup_on_free_client_circ(circuit_t *circ) { tor_assert(circ); - if (circuit_is_hs_v2(circ)) { - rend_client_circuit_cleanup_on_free(circ); - } else if (circuit_is_hs_v3(circ)) { + if (circuit_is_hs_v3(circ)) { hs_client_circuit_cleanup_on_free(circ); } - /* It is possible the circuit has an HS purpose but no identifier (rend_data - * or hs_ident). Thus possible that this passes through. */ + /* It is possible the circuit has an HS purpose but no identifier (hs_ident). + * Thus possible that this passes through. */ } /* ========== */ /* Public API */ /* ========== */ +/** Setup on the given circuit congestion control with the given parameters. + * + * This function assumes that congestion control is enabled on the network and + * so it is the caller responsability to make sure of it. */ +void +hs_circ_setup_congestion_control(origin_circuit_t *origin_circ, + uint8_t sendme_inc, bool is_single_onion) +{ + circuit_t *circ = NULL; + circuit_params_t circ_params = {0}; + + tor_assert(origin_circ); + + /* Ease our lives */ + circ = TO_CIRCUIT(origin_circ); + + circ_params.cc_enabled = true; + circ_params.sendme_inc_cells = sendme_inc; + + /* It is setup on the circuit in order to indicate that congestion control is + * enabled. It will be transferred to the RP crypt_path_t once the handshake + * is finalized in finalize_rend_circuit() for both client and service + * because the final hop is not available until then. */ + + if (is_single_onion) { + circ->ccontrol = congestion_control_new(&circ_params, CC_PATH_ONION_SOS); + } else { + if (get_options()->HSLayer3Nodes) { + circ->ccontrol = congestion_control_new(&circ_params, CC_PATH_ONION_VG); + } else { + circ->ccontrol = congestion_control_new(&circ_params, CC_PATH_ONION); + } + } +} + /** Return an introduction point circuit matching the given intro point object. * NULL is returned is no such circuit can be found. */ origin_circuit_t * @@ -667,12 +640,7 @@ hs_circ_service_get_intro_circ(const hs_service_intro_point_t *ip) { tor_assert(ip); - if (ip->base.is_only_legacy) { - return hs_circuitmap_get_intro_circ_v2_service_side(ip->legacy_key_digest); - } else { - return hs_circuitmap_get_intro_circ_v3_service_side( - &ip->auth_key_kp.pubkey); - } + return hs_circuitmap_get_intro_circ_v3_service_side(&ip->auth_key_kp.pubkey); } /** Return an introduction point established circuit matching the given intro @@ -685,12 +653,7 @@ hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip) tor_assert(ip); - if (ip->base.is_only_legacy) { - circ = hs_circuitmap_get_intro_circ_v2_service_side(ip->legacy_key_digest); - } else { - circ = hs_circuitmap_get_intro_circ_v3_service_side( - &ip->auth_key_kp.pubkey); - } + circ = hs_circuitmap_get_intro_circ_v3_service_side(&ip->auth_key_kp.pubkey); /* Only return circuit if it is established. */ return (circ && TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO) ? @@ -698,8 +661,7 @@ hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip) } /** Called when we fail building a rendezvous circuit at some point other than - * the last hop: launches a new circuit to the same rendezvous point. This - * supports legacy service. + * the last hop: launches a new circuit to the same rendezvous point. * * We currently relaunch connections to rendezvous points if: * - A rendezvous circuit timed out before connecting to RP. @@ -712,7 +674,7 @@ hs_circ_service_get_established_intro_circ(const hs_service_intro_point_t *ip) * - We've already retried this specific rendezvous circuit. */ void -hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ) +hs_circ_retry_service_rendezvous_point(const origin_circuit_t *circ) { tor_assert(circ); tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND); @@ -722,15 +684,9 @@ hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ) goto done; } - /* Flag the circuit that we are relaunching, to avoid to relaunch twice a - * circuit to the same rendezvous point at the same time. */ - circ->hs_service_side_rend_circ_has_been_relaunched = 1; - /* Legacy services don't have a hidden service ident. */ if (circ->hs_ident) { retry_service_rendezvous_point(circ); - } else { - rend_service_relaunch_rendezvous(circ); } done: @@ -765,9 +721,7 @@ hs_circ_launch_intro_point(hs_service_t *service, goto end; } /* We only use a one-hop path on the first attempt. If the first attempt - * fails, we use a 3-hop path for reachability / reliability. - * (Unlike v2, retries is incremented by the caller before it calls this - * function.) */ + * fails, we use a 3-hop path for reachability / reliability. */ if (direct_conn && ip->circuit_retries == 1) { circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL; } @@ -955,10 +909,8 @@ hs_circ_handle_intro_established(const hs_service_t *service, } /* Try to parse the payload into a cell making sure we do actually have a - * valid cell. For a legacy node, it's an empty payload so as long as we - * have the cell, we are good. */ - if (!ip->base.is_only_legacy && - hs_cell_parse_intro_established(payload, payload_len) < 0) { + * valid cell. */ + if (hs_cell_parse_intro_established(payload, payload_len) < 0) { log_warn(LD_REND, "Unable to parse the INTRO_ESTABLISHED cell on " "circuit %u for service %s", TO_CIRCUIT(circ)->n_circ_id, @@ -1043,6 +995,7 @@ hs_circ_handle_introduce2(const hs_service_t *service, data.payload_len = payload_len; data.link_specifiers = smartlist_new(); data.replay_cache = ip->replay_cache; + data.cc_enabled = 0; if (get_subcredential_for_handling_intro2_cell(service, &data, subcredential)) { @@ -1115,31 +1068,6 @@ hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, return 0; } -/** We are a v2 legacy HS client and we just received a RENDEZVOUS1 cell - * <b>rend_cell_body</b> on <b>circ</b>. Finish up the DH key exchange and then - * extend the crypt path of <b>circ</b> so that the hidden service is on the - * other side. */ -int -hs_circuit_setup_e2e_rend_circ_legacy_client(origin_circuit_t *circ, - const uint8_t *rend_cell_body) -{ - - if (BUG(!circuit_purpose_is_correct_for_rend( - TO_CIRCUIT(circ)->purpose, 0))) { - return -1; - } - - crypt_path_t *hop = create_rend_cpath_legacy(circ, rend_cell_body); - if (!hop) { - log_warn(LD_GENERAL, "Couldn't get v2 cpath."); - return -1; - } - - finalize_rend_circuit(circ, hop, 0); - - return 0; -} - /** Given the introduction circuit intro_circ, the rendezvous circuit * rend_circ, a descriptor intro point object ip and the service's * subcredential, send an INTRODUCE1 cell on intro_circ. @@ -1181,11 +1109,17 @@ hs_circ_send_introduce1(origin_circuit_t *intro_circ, /* We should never select an invalid rendezvous point in theory but if we * do, this function will fail to populate the introduce data. */ if (setup_introduce1_data(ip, exit_node, subcredential, &intro1_data) < 0) { - log_warn(LD_REND, "Unable to setup INTRODUCE1 data. The chosen rendezvous " + log_info(LD_REND, "Unable to setup INTRODUCE1 data. The chosen rendezvous " "point is unusable. Closing circuit."); goto close; } + /* If the rend circ was set up for congestion control, add that to the + * intro data, to signal it in an extension */ + if (TO_CIRCUIT(rend_circ)->ccontrol) { + intro1_data.cc_enabled = 1; + } + /* Final step before we encode a cell, we setup the circuit identifier which * will generate both the rendezvous cookie and client keypair for this * connection. Those are put in the ident. */ @@ -1366,6 +1300,17 @@ hs_circ_cleanup_on_repurpose(circuit_t *circ) if (circ->hs_token) { hs_circuitmap_remove_circuit(circ); } + + switch (circ->purpose) { + case CIRCUIT_PURPOSE_S_CONNECT_REND: + /* This circuit was connecting to a rendezvous point but it is being + * repurposed so we need to relaunch an attempt else the client will be + * left hanging waiting for the rendezvous. */ + hs_circ_retry_service_rendezvous_point(TO_ORIGIN_CIRCUIT(circ)); + break; + default: + break; + } } /** Return true iff the given established client rendezvous circuit was sent @@ -1384,31 +1329,20 @@ hs_circ_is_rend_sent_in_intro1(const origin_circuit_t *circ) * confirmed rendezsvous circuit but without an introduction ACK. */ tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_C_REND_READY); - /* The v2 and v3 circuit are handled differently: - * - * v2: A circ's pending_final_cpath field is non-NULL iff it is a rend circ - * and we have tried to send an INTRODUCE1 cell specifying it. Thus, if the - * pending_final_cpath field *is* NULL, then we want to not spare it. - * - * v3: When the INTRODUCE1 cell is sent, the introduction encryption public + /* When the INTRODUCE1 cell is sent, the introduction encryption public * key is copied in the rendezvous circuit hs identifier. If it is a valid * key, we know that this circuit is waiting the ACK on the introduction * circuit. We want to _not_ spare the circuit if the key was never set. */ - if (circ->rend_data) { - /* v2. */ - if (circ->build_state && circ->build_state->pending_final_cpath != NULL) { - return true; - } - } else if (circ->hs_ident) { + if (circ->hs_ident) { /* v3. */ if (curve25519_public_key_is_ok(&circ->hs_ident->intro_enc_pk)) { return true; } } else { - /* A circuit with an HS purpose without an hs_ident or rend_data in theory - * can not happen. In case, scream loudly and return false to the caller - * that the rendezvous was not sent in the INTRO1 cell. */ + /* A circuit with an HS purpose without an hs_ident in theory can not + * happen. In case, scream loudly and return false to the caller that the + * rendezvous was not sent in the INTRO1 cell. */ tor_assert_nonfatal_unreached(); } diff --git a/src/feature/hs/hs_circuit.h b/src/feature/hs/hs_circuit.h index 4dd9bf94c5..afbff7b894 100644 --- a/src/feature/hs/hs_circuit.h +++ b/src/feature/hs/hs_circuit.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -33,7 +33,7 @@ int hs_circ_launch_intro_point(hs_service_t *service, int hs_circ_launch_rendezvous_point(const hs_service_t *service, const curve25519_public_key_t *onion_key, const uint8_t *rendezvous_cookie); -void hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ); +void hs_circ_retry_service_rendezvous_point(const origin_circuit_t *circ); origin_circuit_t *hs_circ_service_get_intro_circ( const hs_service_intro_point_t *ip); @@ -69,6 +69,10 @@ int hs_circuit_setup_e2e_rend_circ_legacy_client(origin_circuit_t *circ, bool hs_circ_is_rend_sent_in_intro1(const origin_circuit_t *circ); +void hs_circ_setup_congestion_control(origin_circuit_t *origin_circ, + uint8_t sendme_inc, + bool is_single_onion); + #ifdef HS_CIRCUIT_PRIVATE struct hs_ntor_rend_cell_keys_t; diff --git a/src/feature/hs/hs_circuitmap.c b/src/feature/hs/hs_circuitmap.c index e46b008a5c..4499a00298 100644 --- a/src/feature/hs/hs_circuitmap.c +++ b/src/feature/hs/hs_circuitmap.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -273,7 +273,7 @@ hs_circuitmap_get_or_circuit(hs_token_type_t type, /**** Public relay-side getters: */ -/** Public function: Return v2 and v3 introduction circuit to this relay. +/** Public function: Return v3 introduction circuit to this relay. * Always return a newly allocated list for which it is the caller's * responsibility to free it. */ smartlist_t * @@ -286,12 +286,11 @@ hs_circuitmap_get_all_intro_circ_relay_side(void) circuit_t *circ = *iter; /* An origin circuit or purpose is wrong or the hs token is not set to be - * a v2 or v3 intro relay side type, we ignore the circuit. Else, we have + * a v3 intro relay side type, we ignore the circuit. Else, we have * a match so add it to our list. */ if (CIRCUIT_IS_ORIGIN(circ) || circ->purpose != CIRCUIT_PURPOSE_INTRO_POINT || - (circ->hs_token->type != HS_TOKEN_INTRO_V3_RELAY_SIDE && - circ->hs_token->type != HS_TOKEN_INTRO_V2_RELAY_SIDE)) { + circ->hs_token->type != HS_TOKEN_INTRO_V3_RELAY_SIDE) { continue; } smartlist_add(circuit_list, circ); @@ -312,16 +311,6 @@ hs_circuitmap_get_intro_circ_v3_relay_side( CIRCUIT_PURPOSE_INTRO_POINT); } -/** Public function: Return v2 introduction circuit to this relay with - * <b>digest</b>. Return NULL if no such circuit is found in the circuitmap. */ -or_circuit_t * -hs_circuitmap_get_intro_circ_v2_relay_side(const uint8_t *digest) -{ - return hs_circuitmap_get_or_circuit(HS_TOKEN_INTRO_V2_RELAY_SIDE, - REND_TOKEN_LEN, digest, - CIRCUIT_PURPOSE_INTRO_POINT); -} - /** Public function: Return rendezvous circuit to this relay with rendezvous * <b>cookie</b>. Return NULL if no such circuit is found in the circuitmap. */ or_circuit_t * @@ -344,16 +333,6 @@ hs_circuitmap_register_rend_circ_relay_side(or_circuit_t *circ, HS_TOKEN_REND_RELAY_SIDE, REND_TOKEN_LEN, cookie); } -/** Public function: Register v2 intro circuit with key <b>digest</b> to the - * circuitmap. */ -void -hs_circuitmap_register_intro_circ_v2_relay_side(or_circuit_t *circ, - const uint8_t *digest) -{ - hs_circuitmap_register_circuit(TO_CIRCUIT(circ), - HS_TOKEN_INTRO_V2_RELAY_SIDE, - REND_TOKEN_LEN, digest); -} /** Public function: Register v3 intro circuit with key <b>auth_key</b> to the * circuitmap. */ @@ -393,30 +372,6 @@ hs_circuitmap_get_intro_circ_v3_service_side(const return circ; } -/** Public function: Return v2 introduction circuit originating from this - * hidden service with <b>digest</b>. Return NULL if no such circuit is found - * in the circuitmap. */ -origin_circuit_t * -hs_circuitmap_get_intro_circ_v2_service_side(const uint8_t *digest) -{ - origin_circuit_t *circ = NULL; - - /* Check first for established intro circuits */ - circ = hs_circuitmap_get_origin_circuit(HS_TOKEN_INTRO_V2_SERVICE_SIDE, - REND_TOKEN_LEN, digest, - CIRCUIT_PURPOSE_S_INTRO); - if (circ) { - return circ; - } - - /* ...if nothing found, check for pending intro circs */ - circ = hs_circuitmap_get_origin_circuit(HS_TOKEN_INTRO_V2_SERVICE_SIDE, - REND_TOKEN_LEN, digest, - CIRCUIT_PURPOSE_S_ESTABLISH_INTRO); - - return circ; -} - /** Public function: Return rendezvous circuit originating from this hidden * service with rendezvous <b>cookie</b>. Return NULL if no such circuit is * found in the circuitmap. */ @@ -515,17 +470,6 @@ hs_circuitmap_get_established_rend_circ_client_side(const uint8_t *cookie) /**** Public servide-side setters: */ -/** Public function: Register v2 intro circuit with key <b>digest</b> to the - * circuitmap. */ -void -hs_circuitmap_register_intro_circ_v2_service_side(origin_circuit_t *circ, - const uint8_t *digest) -{ - hs_circuitmap_register_circuit(TO_CIRCUIT(circ), - HS_TOKEN_INTRO_V2_SERVICE_SIDE, - REND_TOKEN_LEN, digest); -} - /** Public function: Register v3 intro circuit with key <b>auth_key</b> to the * circuitmap. */ void diff --git a/src/feature/hs/hs_circuitmap.h b/src/feature/hs/hs_circuitmap.h index df3e7a6e7e..ba857e0172 100644 --- a/src/feature/hs/hs_circuitmap.h +++ b/src/feature/hs/hs_circuitmap.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -24,14 +24,10 @@ struct or_circuit_t * hs_circuitmap_get_intro_circ_v3_relay_side(const struct ed25519_public_key_t *auth_key); struct or_circuit_t * -hs_circuitmap_get_intro_circ_v2_relay_side(const uint8_t *digest); -struct or_circuit_t * hs_circuitmap_get_rend_circ_relay_side(const uint8_t *cookie); void hs_circuitmap_register_rend_circ_relay_side(struct or_circuit_t *circ, const uint8_t *cookie); -void hs_circuitmap_register_intro_circ_v2_relay_side(struct or_circuit_t *circ, - const uint8_t *digest); void hs_circuitmap_register_intro_circ_v3_relay_side(struct or_circuit_t *circ, const struct ed25519_public_key_t *auth_key); @@ -43,17 +39,12 @@ struct origin_circuit_t * hs_circuitmap_get_intro_circ_v3_service_side(const struct ed25519_public_key_t *auth_key); struct origin_circuit_t * -hs_circuitmap_get_intro_circ_v2_service_side(const uint8_t *digest); -struct origin_circuit_t * hs_circuitmap_get_rend_circ_service_side(const uint8_t *cookie); struct origin_circuit_t * hs_circuitmap_get_rend_circ_client_side(const uint8_t *cookie); struct origin_circuit_t * hs_circuitmap_get_established_rend_circ_client_side(const uint8_t *cookie); -void hs_circuitmap_register_intro_circ_v2_service_side( - struct origin_circuit_t *circ, - const uint8_t *digest); void hs_circuitmap_register_intro_circ_v3_service_side( struct origin_circuit_t *circ, const struct ed25519_public_key_t *auth_key); @@ -75,15 +66,11 @@ void hs_circuitmap_free_all(void); typedef enum { /** A rendezvous cookie on a relay (128bit)*/ HS_TOKEN_REND_RELAY_SIDE, - /** A v2 introduction point pubkey on a relay (160bit) */ - HS_TOKEN_INTRO_V2_RELAY_SIDE, /** A v3 introduction point pubkey on a relay (256bit) */ HS_TOKEN_INTRO_V3_RELAY_SIDE, /** A rendezvous cookie on a hidden service (128bit)*/ HS_TOKEN_REND_SERVICE_SIDE, - /** A v2 introduction point pubkey on a hidden service (160bit) */ - HS_TOKEN_INTRO_V2_SERVICE_SIDE, /** A v3 introduction point pubkey on a hidden service (256bit) */ HS_TOKEN_INTRO_V3_SERVICE_SIDE, diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index 6c9645f0b8..a50598d9f3 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -11,12 +11,15 @@ #include "core/or/or.h" #include "app/config/config.h" #include "core/crypto/hs_ntor.h" +#include "core/crypto/onion_crypto.h" #include "core/mainloop/connection.h" #include "core/or/circuitbuild.h" #include "core/or/circuitlist.h" #include "core/or/circuituse.h" #include "core/or/connection_edge.h" +#include "core/or/congestion_control_common.h" #include "core/or/extendinfo.h" +#include "core/or/protover.h" #include "core/or/reasons.h" #include "feature/client/circpathbias.h" #include "feature/dirclient/dirclient.h" @@ -34,7 +37,6 @@ #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerset.h" -#include "feature/rend/rendclient.h" #include "lib/crypt_ops/crypto_format.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" @@ -380,16 +382,6 @@ note_connection_attempt_succeeded(const hs_ident_edge_conn_t *hs_conn_ident) /* Remove from the hid serv cache all requests for that service so we can * query the HSDir again later on for various reasons. */ purge_hid_serv_request(&hs_conn_ident->identity_pk); - - /* The v2 subsystem cleans up the intro point time out flag at this stage. - * We don't try to do it here because we still need to keep intact the intro - * point state for future connections. Even though we are able to connect to - * the service, doesn't mean we should reset the timed out intro points. - * - * It is not possible to have successfully connected to an intro point - * present in our cache that was on error or timed out. Every entry in that - * cache have a 2 minutes lifetime so ultimately the intro point(s) state - * will be reset and thus possible to be retried. */ } /** Given the pubkey of a hidden service in <b>onion_identity_pk</b>, fetch its @@ -652,6 +644,16 @@ send_introduce1(origin_circuit_t *intro_circ, goto tran_err; } + /* Check if the rendevous circuit was setup WITHOUT congestion control but if + * it is enabled and the service supports it. This can happen, see + * setup_rendezvous_circ_congestion_control() and so close rendezvous circuit + * so another one can be created. */ + if (TO_CIRCUIT(rend_circ)->ccontrol == NULL && congestion_control_enabled() + && hs_desc_supports_congestion_control(desc)) { + circuit_mark_for_close(TO_CIRCUIT(rend_circ), END_CIRC_REASON_INTERNAL); + goto tran_err; + } + /* We need to find which intro point in the descriptor we are connected to * on intro_circ. */ ip = find_desc_intro_point_by_ident(intro_circ->hs_ident, desc); @@ -787,6 +789,45 @@ client_intro_circ_has_opened(origin_circuit_t *circ) connection_ap_attach_pending(1); } +/** Setup the congestion control parameters on the given rendezvous circuit. + * This looks at the service descriptor flow control line (if any). + * + * It is possible that we are unable to set congestion control on the circuit + * if the descriptor can't be found. In that case, the introduction circuit + * can't be opened without it so a fetch will be triggered. + * + * However, if the descriptor asks for congestion control but the RP circuit + * doesn't have it, it will be closed and a new circuit will be opened. */ +static void +setup_rendezvous_circ_congestion_control(origin_circuit_t *circ) +{ + tor_assert(circ); + + /* Setup congestion control parameters on the circuit. */ + const hs_descriptor_t *desc = + hs_cache_lookup_as_client(&circ->hs_ident->identity_pk); + if (desc == NULL) { + /* This is possible because between launching the circuit and the circuit + * ending in opened state, the descriptor could have been removed from the + * cache. In this case, we just can't setup congestion control. */ + return; + } + + /* Check if the service lists support for congestion control in its + * descriptor. If not, we don't setup congestion control. */ + if (!hs_desc_supports_congestion_control(desc)) { + return; + } + + /* If network doesn't enable it, do not setup. */ + if (!congestion_control_enabled()) { + return; + } + + hs_circ_setup_congestion_control(circ, desc->encrypted_data.sendme_inc, + desc->encrypted_data.single_onion_service); +} + /** Called when a rendezvous circuit has opened. */ static void client_rendezvous_circ_has_opened(origin_circuit_t *circ) @@ -816,6 +857,9 @@ client_rendezvous_circ_has_opened(origin_circuit_t *circ) log_info(LD_REND, "Rendezvous circuit has opened to %s.", safe_str_client(extend_info_describe(rp_ei))); + /* Setup congestion control parameters on the circuit. */ + setup_rendezvous_circ_congestion_control(circ); + /* Ignore returned value, nothing we can really do. On failure, the circuit * will be marked for close. */ hs_circ_send_establish_rendezvous(circ); @@ -1151,7 +1195,7 @@ handle_introduce_ack_success(origin_circuit_t *intro_circ) rend_circ = hs_circuitmap_get_established_rend_circ_client_side(rendezvous_cookie); if (rend_circ == NULL) { - log_warn(LD_REND, "Can't find any rendezvous circuit. Stopping"); + log_info(LD_REND, "Can't find any rendezvous circuit. Stopping"); goto end; } @@ -1920,7 +1964,7 @@ void hs_client_circuit_cleanup_on_free(const circuit_t *circ) { bool has_timed_out; - rend_intro_point_failure_t failure = INTRO_POINT_FAILURE_GENERIC; + rend_intro_point_failure_t failure = INTRO_POINT_FAILURE_UNREACHABLE; const origin_circuit_t *orig_circ = NULL; tor_assert(circ); @@ -1971,17 +2015,9 @@ hs_client_note_connection_attempt_succeeded(const edge_connection_t *conn) { tor_assert(connection_edge_is_rendezvous_stream(conn)); - if (BUG(conn->rend_data && conn->hs_ident)) { - log_warn(LD_BUG, "Stream had both rend_data and hs_ident..." - "Prioritizing hs_ident"); - } - if (conn->hs_ident) { /* It's v3: pass it to the prop224 handler */ note_connection_attempt_succeeded(conn->hs_ident); return; - } else if (conn->rend_data) { /* It's v2: pass it to the legacy handler */ - rend_client_note_connection_attempt_ended(conn->rend_data); - return; } } @@ -2107,9 +2143,7 @@ int hs_client_send_introduce1(origin_circuit_t *intro_circ, origin_circuit_t *rend_circ) { - return (intro_circ->hs_ident) ? send_introduce1(intro_circ, rend_circ) : - rend_client_send_introduction(intro_circ, - rend_circ); + return send_introduce1(intro_circ, rend_circ); } /** Called when the client circuit circ has been established. It can be either @@ -2120,21 +2154,15 @@ hs_client_circuit_has_opened(origin_circuit_t *circ) { tor_assert(circ); - /* Handle both version. v2 uses rend_data and v3 uses the hs circuit - * identifier hs_ident. Can't be both. */ switch (TO_CIRCUIT(circ)->purpose) { case CIRCUIT_PURPOSE_C_INTRODUCING: if (circ->hs_ident) { client_intro_circ_has_opened(circ); - } else { - rend_client_introcirc_has_opened(circ); } break; case CIRCUIT_PURPOSE_C_ESTABLISH_REND: if (circ->hs_ident) { client_rendezvous_circ_has_opened(circ); - } else { - rend_client_rendcirc_has_opened(circ); } break; default: @@ -2448,9 +2476,7 @@ hs_client_get_random_intro_from_edge(const edge_connection_t *edge_conn) { tor_assert(edge_conn); - return (edge_conn->hs_ident) ? - client_get_random_intro(&edge_conn->hs_ident->identity_pk) : - rend_client_get_random_intro(edge_conn->rend_data); + return client_get_random_intro(&edge_conn->hs_ident->identity_pk); } /** Called when get an INTRODUCE_ACK cell on the introduction circuit circ. @@ -2472,9 +2498,7 @@ hs_client_receive_introduce_ack(origin_circuit_t *circ, goto end; } - ret = (circ->hs_ident) ? handle_introduce_ack(circ, payload, payload_len) : - rend_client_introduction_acked(circ, payload, - payload_len); + ret = handle_introduce_ack(circ, payload, payload_len); /* For path bias: This circuit was used successfully. NACK or ACK counts. */ pathbias_mark_use_success(circ); @@ -2508,9 +2532,8 @@ hs_client_receive_rendezvous2(origin_circuit_t *circ, log_info(LD_REND, "Got RENDEZVOUS2 cell from hidden service on circuit %u.", TO_CIRCUIT(circ)->n_circ_id); - ret = (circ->hs_ident) ? handle_rendezvous2(circ, payload, payload_len) : - rend_client_receive_rendezvous(circ, payload, - payload_len); + ret = handle_rendezvous2(circ, payload, payload_len); + end: return ret; } @@ -2531,9 +2554,7 @@ hs_client_reextend_intro_circuit(origin_circuit_t *circ) tor_assert(circ); - ei = (circ->hs_ident) ? - client_get_random_intro(&circ->hs_ident->identity_pk) : - rend_client_get_random_intro(circ->rend_data); + ei = client_get_random_intro(&circ->hs_ident->identity_pk); if (ei == NULL) { log_warn(LD_REND, "No usable introduction points left. Closing."); circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_INTERNAL); @@ -2614,9 +2635,6 @@ hs_client_free_all(void) void hs_client_purge_state(void) { - /* v2 subsystem. */ - rend_client_purge_state(); - /* Cancel all descriptor fetches. Do this first so once done we are sure * that our descriptor cache won't modified. */ cancel_descriptor_fetches(); diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h index 411fa659f2..2fe955605f 100644 --- a/src/feature/hs/hs_client.h +++ b/src/feature/hs/hs_client.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c index fa27ac5223..e326581dd1 100644 --- a/src/feature/hs/hs_common.c +++ b/src/feature/hs/hs_common.c @@ -1,12 +1,10 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** * \file hs_common.c * \brief Contains code shared between different HS protocol version as well * as useful data structures and accessors used by other subsystems. - * The rendcommon.c should only contains code relating to the v2 - * protocol. **/ #define HS_COMMON_PRIVATE @@ -33,10 +31,10 @@ #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerset.h" #include "feature/rend/rendcommon.h" -#include "feature/rend/rendservice.h" #include "feature/relay/routermode.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" +#include "lib/net/resolve.h" #include "core/or/edge_connection_st.h" #include "feature/nodelist/networkstatus_st.h" @@ -57,12 +55,12 @@ static const char *str_ed25519_basepoint = #ifdef HAVE_SYS_UN_H -/** Given <b>ports</b>, a smarlist containing rend_service_port_config_t, +/** Given <b>ports</b>, a smartlist containing hs_port_config_t, * add the given <b>p</b>, a AF_UNIX port to the list. Return 0 on success * else return -ENOSYS if AF_UNIX is not supported (see function in the * #else statement below). */ static int -add_unix_port(smartlist_t *ports, rend_service_port_config_t *p) +add_unix_port(smartlist_t *ports, hs_port_config_t *p) { tor_assert(ports); tor_assert(p); @@ -76,7 +74,7 @@ add_unix_port(smartlist_t *ports, rend_service_port_config_t *p) * on success else return -ENOSYS if AF_UNIX is not supported (see function * in the #else statement below). */ static int -set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p) +set_unix_port(edge_connection_t *conn, hs_port_config_t *p) { tor_assert(conn); tor_assert(p); @@ -92,7 +90,7 @@ set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p) #else /* !defined(HAVE_SYS_UN_H) */ static int -set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p) +set_unix_port(edge_connection_t *conn, hs_port_config_t *p) { (void) conn; (void) p; @@ -100,7 +98,7 @@ set_unix_port(edge_connection_t *conn, rend_service_port_config_t *p) } static int -add_unix_port(smartlist_t *ports, rend_service_port_config_t *p) +add_unix_port(smartlist_t *ports, hs_port_config_t *p) { (void) ports; (void) p; @@ -336,258 +334,6 @@ hs_get_start_time_of_next_time_period(time_t now) return (time_t)(start_of_next_tp_in_mins * 60 + time_period_rotation_offset); } -/** Create a new rend_data_t for a specific given <b>version</b>. - * Return a pointer to the newly allocated data structure. */ -static rend_data_t * -rend_data_alloc(uint32_t version) -{ - rend_data_t *rend_data = NULL; - - switch (version) { - case HS_VERSION_TWO: - { - rend_data_v2_t *v2 = tor_malloc_zero(sizeof(*v2)); - v2->base_.version = HS_VERSION_TWO; - v2->base_.hsdirs_fp = smartlist_new(); - rend_data = &v2->base_; - break; - } - default: - tor_assert(0); - break; - } - - return rend_data; -} - -/** Free all storage associated with <b>data</b> */ -void -rend_data_free_(rend_data_t *data) -{ - if (!data) { - return; - } - /* By using our allocation function, this should always be set. */ - tor_assert(data->hsdirs_fp); - /* Cleanup the HSDir identity digest. */ - SMARTLIST_FOREACH(data->hsdirs_fp, char *, d, tor_free(d)); - smartlist_free(data->hsdirs_fp); - /* Depending on the version, cleanup. */ - switch (data->version) { - case HS_VERSION_TWO: - { - rend_data_v2_t *v2_data = TO_REND_DATA_V2(data); - tor_free(v2_data); - break; - } - default: - tor_assert(0); - } -} - -/** Allocate and return a deep copy of <b>data</b>. */ -rend_data_t * -rend_data_dup(const rend_data_t *data) -{ - rend_data_t *data_dup = NULL; - smartlist_t *hsdirs_fp = smartlist_new(); - - tor_assert(data); - tor_assert(data->hsdirs_fp); - - SMARTLIST_FOREACH(data->hsdirs_fp, char *, fp, - smartlist_add(hsdirs_fp, tor_memdup(fp, DIGEST_LEN))); - - switch (data->version) { - case HS_VERSION_TWO: - { - rend_data_v2_t *v2_data = tor_memdup(TO_REND_DATA_V2(data), - sizeof(*v2_data)); - data_dup = &v2_data->base_; - data_dup->hsdirs_fp = hsdirs_fp; - break; - } - default: - tor_assert(0); - break; - } - - return data_dup; -} - -/** Compute the descriptor ID for each HS descriptor replica and save them. A - * valid onion address must be present in the <b>rend_data</b>. - * - * Return 0 on success else -1. */ -static int -compute_desc_id(rend_data_t *rend_data) -{ - int ret = 0; - unsigned replica; - time_t now = time(NULL); - - tor_assert(rend_data); - - switch (rend_data->version) { - case HS_VERSION_TWO: - { - rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data); - /* Compute descriptor ID for each replicas. */ - for (replica = 0; replica < ARRAY_LENGTH(v2_data->descriptor_id); - replica++) { - ret = rend_compute_v2_desc_id(v2_data->descriptor_id[replica], - v2_data->onion_address, - v2_data->descriptor_cookie, - now, replica); - if (ret < 0) { - goto end; - } - } - break; - } - default: - tor_assert(0); - } - - end: - return ret; -} - -/** Allocate and initialize a rend_data_t object for a service using the - * provided arguments. All arguments are optional (can be NULL), except from - * <b>onion_address</b> which MUST be set. The <b>pk_digest</b> is the hash of - * the service private key. The <b>cookie</b> is the rendezvous cookie and - * <b>auth_type</b> is which authentiation this service is configured with. - * - * Return a valid rend_data_t pointer. This only returns a version 2 object of - * rend_data_t. */ -rend_data_t * -rend_data_service_create(const char *onion_address, const char *pk_digest, - const uint8_t *cookie, rend_auth_type_t auth_type) -{ - /* Create a rend_data_t object for version 2. */ - rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO); - rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data); - - /* We need at least one else the call is wrong. */ - tor_assert(onion_address != NULL); - - if (pk_digest) { - memcpy(v2->rend_pk_digest, pk_digest, sizeof(v2->rend_pk_digest)); - } - if (cookie) { - memcpy(rend_data->rend_cookie, cookie, sizeof(rend_data->rend_cookie)); - } - - strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address)); - v2->auth_type = auth_type; - - return rend_data; -} - -/** Allocate and initialize a rend_data_t object for a client request using the - * given arguments. Either an onion address or a descriptor ID is needed. Both - * can be given but in this case only the onion address will be used to make - * the descriptor fetch. The <b>cookie</b> is the rendezvous cookie and - * <b>auth_type</b> is which authentiation the service is configured with. - * - * Return a valid rend_data_t pointer or NULL on error meaning the - * descriptor IDs couldn't be computed from the given data. */ -rend_data_t * -rend_data_client_create(const char *onion_address, const char *desc_id, - const char *cookie, rend_auth_type_t auth_type) -{ - /* Create a rend_data_t object for version 2. */ - rend_data_t *rend_data = rend_data_alloc(HS_VERSION_TWO); - rend_data_v2_t *v2= TO_REND_DATA_V2(rend_data); - - /* We need at least one else the call is wrong. */ - tor_assert(onion_address != NULL || desc_id != NULL); - - if (cookie) { - memcpy(v2->descriptor_cookie, cookie, sizeof(v2->descriptor_cookie)); - } - if (desc_id) { - memcpy(v2->desc_id_fetch, desc_id, sizeof(v2->desc_id_fetch)); - } - if (onion_address) { - strlcpy(v2->onion_address, onion_address, sizeof(v2->onion_address)); - if (compute_desc_id(rend_data) < 0) { - goto error; - } - } - - v2->auth_type = auth_type; - - return rend_data; - - error: - rend_data_free(rend_data); - return NULL; -} - -/** Return the onion address from the rend data. Depending on the version, - * the size of the address can vary but it's always NUL terminated. */ -const char * -rend_data_get_address(const rend_data_t *rend_data) -{ - tor_assert(rend_data); - - switch (rend_data->version) { - case HS_VERSION_TWO: - return TO_REND_DATA_V2(rend_data)->onion_address; - default: - /* We should always have a supported version. */ - tor_assert_unreached(); - } -} - -/** Return the descriptor ID for a specific replica number from the rend - * data. The returned data is a binary digest and depending on the version its - * size can vary. The size of the descriptor ID is put in <b>len_out</b> if - * non NULL. */ -const char * -rend_data_get_desc_id(const rend_data_t *rend_data, uint8_t replica, - size_t *len_out) -{ - tor_assert(rend_data); - - switch (rend_data->version) { - case HS_VERSION_TWO: - tor_assert(replica < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS); - if (len_out) { - *len_out = DIGEST_LEN; - } - return TO_REND_DATA_V2(rend_data)->descriptor_id[replica]; - default: - /* We should always have a supported version. */ - tor_assert_unreached(); - } -} - -/** Return the public key digest using the given <b>rend_data</b>. The size of - * the digest is put in <b>len_out</b> (if set) which can differ depending on - * the version. */ -const uint8_t * -rend_data_get_pk_digest(const rend_data_t *rend_data, size_t *len_out) -{ - tor_assert(rend_data); - - switch (rend_data->version) { - case HS_VERSION_TWO: - { - const rend_data_v2_t *v2_data = TO_REND_DATA_V2(rend_data); - if (len_out) { - *len_out = sizeof(v2_data->rend_pk_digest); - } - return (const uint8_t *) v2_data->rend_pk_digest; - } - default: - /* We should always have a supported version. */ - tor_assert_unreached(); - } -} - /** Using the given time period number, compute the disaster shared random * value and put it in srv_out. It MUST be at least DIGEST256_LEN bytes. */ static void @@ -859,7 +605,7 @@ hs_get_subcredential(const ed25519_public_key_t *identity_pk, int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn) { - rend_service_port_config_t *chosen_port; + hs_port_config_t *chosen_port; unsigned int warn_once = 0; smartlist_t *matching_ports; @@ -867,7 +613,7 @@ hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn) tor_assert(conn); matching_ports = smartlist_new(); - SMARTLIST_FOREACH_BEGIN(ports, rend_service_port_config_t *, p) { + SMARTLIST_FOREACH_BEGIN(ports, hs_port_config_t *, p) { if (TO_CONN(conn)->port != p->virtual_port) { continue; } @@ -890,7 +636,6 @@ hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn) chosen_port = smartlist_choose(matching_ports); smartlist_free(matching_ports); if (chosen_port) { - /* Remember, v2 doesn't use an hs_ident. */ if (conn->hs_ident) { /* There is always a connection identifier at this point. Regardless of a * Unix or TCP port, note the virtual port. */ @@ -912,6 +657,138 @@ hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn) return (chosen_port) ? 0 : -1; } +/** Return a new hs_port_config_t with its path set to + * <b>socket_path</b> or empty if <b>socket_path</b> is NULL */ +static hs_port_config_t * +hs_port_config_new(const char *socket_path) +{ + if (!socket_path) + return tor_malloc_zero(sizeof(hs_port_config_t) + 1); + + const size_t pathlen = strlen(socket_path) + 1; + hs_port_config_t *conf = + tor_malloc_zero(sizeof(hs_port_config_t) + pathlen); + memcpy(conf->unix_addr, socket_path, pathlen); + conf->is_unix_addr = 1; + return conf; +} + +/** Parses a virtual-port to real-port/socket mapping separated by + * the provided separator and returns a new hs_port_config_t, + * or NULL and an optional error string on failure. + * + * The format is: VirtualPort SEP (IP|RealPort|IP:RealPort|'socket':path)? + * + * IP defaults to 127.0.0.1; RealPort defaults to VirtualPort. + */ +hs_port_config_t * +hs_parse_port_config(const char *string, const char *sep, + char **err_msg_out) +{ + smartlist_t *sl; + int virtport; + int realport = 0; + uint16_t p; + tor_addr_t addr; + hs_port_config_t *result = NULL; + unsigned int is_unix_addr = 0; + const char *socket_path = NULL; + char *err_msg = NULL; + char *addrport = NULL; + + sl = smartlist_new(); + smartlist_split_string(sl, string, sep, + SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2); + if (smartlist_len(sl) < 1 || BUG(smartlist_len(sl) > 2)) { + err_msg = tor_strdup("Bad syntax in hidden service port configuration."); + goto err; + } + virtport = (int)tor_parse_long(smartlist_get(sl,0), 10, 1, 65535, NULL,NULL); + if (!virtport) { + tor_asprintf(&err_msg, "Missing or invalid port %s in hidden service " + "port configuration", escaped(smartlist_get(sl,0))); + + goto err; + } + if (smartlist_len(sl) == 1) { + /* No addr:port part; use default. */ + realport = virtport; + tor_addr_from_ipv4h(&addr, 0x7F000001u); /* 127.0.0.1 */ + } else { + int ret; + + const char *addrport_element = smartlist_get(sl,1); + const char *rest = NULL; + int is_unix; + ret = port_cfg_line_extract_addrport(addrport_element, &addrport, + &is_unix, &rest); + + if (ret < 0) { + tor_asprintf(&err_msg, "Couldn't process address <%s> from hidden " + "service configuration", addrport_element); + goto err; + } + + if (rest && strlen(rest)) { + err_msg = tor_strdup("HiddenServicePort parse error: invalid port " + "mapping"); + goto err; + } + + if (is_unix) { + socket_path = addrport; + is_unix_addr = 1; + } else if (strchr(addrport, ':') || strchr(addrport, '.')) { + /* else try it as an IP:port pair if it has a : or . in it */ + if (tor_addr_port_lookup(addrport, &addr, &p)<0) { + err_msg = tor_strdup("Unparseable address in hidden service port " + "configuration."); + goto err; + } + realport = p?p:virtport; + } else { + /* No addr:port, no addr -- must be port. */ + realport = (int)tor_parse_long(addrport, 10, 1, 65535, NULL, NULL); + if (!realport) { + tor_asprintf(&err_msg, "Unparseable or out-of-range port %s in " + "hidden service port configuration.", + escaped(addrport)); + goto err; + } + tor_addr_from_ipv4h(&addr, 0x7F000001u); /* Default to 127.0.0.1 */ + } + } + + /* Allow room for unix_addr */ + result = hs_port_config_new(socket_path); + result->virtual_port = virtport; + result->is_unix_addr = is_unix_addr; + if (!is_unix_addr) { + result->real_port = realport; + tor_addr_copy(&result->real_addr, &addr); + result->unix_addr[0] = '\0'; + } + + err: + tor_free(addrport); + if (err_msg_out != NULL) { + *err_msg_out = err_msg; + } else { + tor_free(err_msg); + } + SMARTLIST_FOREACH(sl, char *, c, tor_free(c)); + smartlist_free(sl); + + return result; +} + +/** Release all storage held in a hs_port_config_t. */ +void +hs_port_config_free_(hs_port_config_t *p) +{ + tor_free(p); +} + /** Using a base32 representation of a service address, parse its content into * the key_out, checksum_out and version_out. Any out variable can be NULL in * case the caller would want only one field. checksum_out MUST at least be 2 @@ -1140,7 +1017,7 @@ hs_service_requires_uptime_circ(const smartlist_t *ports) { tor_assert(ports); - SMARTLIST_FOREACH_BEGIN(ports, rend_service_port_config_t *, p) { + SMARTLIST_FOREACH_BEGIN(ports, hs_port_config_t *, p) { if (smartlist_contains_int_as_string(get_options()->LongLivedPorts, p->virtual_port)) { return 1; @@ -1470,8 +1347,8 @@ hs_hsdir_requery_period(const or_options_t *options) /** Tracks requests for fetching hidden service descriptors. It's used by * hidden service clients, to avoid querying HSDirs that have already failed - * giving back a descriptor. The same data structure is used to track both v2 - * and v3 HS descriptor requests. + * giving back a descriptor. The same data structure is used to track v3 HS + * descriptor requests. * * The string map is a key/value store that contains the last request times to * hidden service directories for certain queries. Specifically: @@ -1480,8 +1357,7 @@ hs_hsdir_requery_period(const or_options_t *options) * value = time_t of last request for that hs_identity to that HSDir * * where 'hsdir_identity' is the identity digest of the HSDir node, and - * 'hs_identity' is the descriptor ID of the HS in the v2 case, or the ed25519 - * blinded public key of the HS in the v3 case. */ + * 'hs_identity' is the ed25519 blinded public key of the HS for v3. */ static strmap_t *last_hid_serv_requests_ = NULL; /** Returns last_hid_serv_requests_, initializing it to a new strmap if @@ -1495,10 +1371,10 @@ get_last_hid_serv_requests(void) } /** Look up the last request time to hidden service directory <b>hs_dir</b> - * for descriptor request key <b>req_key_str</b> which is the descriptor ID - * for a v2 service or the blinded key for v3. If <b>set</b> is non-zero, - * assign the current time <b>now</b> and return that. Otherwise, return the - * most recent request time, or 0 if no such request has been sent before. */ + * for descriptor request key <b>req_key_str</b> which is the blinded key for + * v3. If <b>set</b> is non-zero, assign the current time <b>now</b> and + * return that. Otherwise, return the most recent request time, or 0 if no + * such request has been sent before. */ time_t hs_lookup_last_hid_serv_request(routerstatus_t *hs_dir, const char *req_key_str, @@ -1559,9 +1435,8 @@ hs_clean_last_hid_serv_requests(time_t now) * <b>req_key_str</b> from the history of times of requests to hidden service * directories. * - * This is called from rend_client_note_connection_attempt_ended(), which - * must be idempotent, so any future changes to this function must leave it - * idempotent too. */ + * This is called from purge_hid_serv_request(), which must be idempotent, so + * any future changes to this function must leave it idempotent too. */ void hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str) { @@ -1581,8 +1456,7 @@ hs_purge_hid_serv_from_last_hid_serv_requests(const char *req_key_str) * check on the strings we are about to compare. The key is variable sized * since it's composed as follows: * key = base32(hsdir_identity) + base32(req_key_str) - * where 'req_key_str' is the descriptor ID of the HS in the v2 case, or - * the ed25519 blinded public key of the HS in the v3 case. */ + * where 'req_key_str' is the ed25519 blinded public key of the HS v3. */ if (strlen(key) < REND_DESC_ID_V2_LEN_BASE32 + strlen(req_key_str)) { iter = strmap_iter_next(last_hid_serv_requests, iter); continue; @@ -1813,7 +1687,7 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs, /* We do have everything for which we think we can connect successfully. */ info = extend_info_new(NULL, legacy_id, (have_ed25519_id) ? &ed25519_pk : NULL, NULL, - onion_key, &ap.addr, ap.port); + onion_key, &ap.addr, ap.port, NULL, false); done: return info; } @@ -1849,9 +1723,7 @@ hs_dec_rdv_stream_counter(origin_circuit_t *circ) { tor_assert(circ); - if (circ->rend_data) { - circ->rend_data->nr_streams--; - } else if (circ->hs_ident) { + if (circ->hs_ident) { circ->hs_ident->num_rdv_streams--; } else { /* Should not be called if this circuit is not for hidden service. */ @@ -1866,9 +1738,7 @@ hs_inc_rdv_stream_counter(origin_circuit_t *circ) { tor_assert(circ); - if (circ->rend_data) { - circ->rend_data->nr_streams++; - } else if (circ->hs_ident) { + if (circ->hs_ident) { circ->hs_ident->num_rdv_streams++; } else { /* Should not be called if this circuit is not for hidden service. */ diff --git a/src/feature/hs/hs_common.h b/src/feature/hs/hs_common.h index 274017180a..a7a8f23a3c 100644 --- a/src/feature/hs/hs_common.h +++ b/src/feature/hs/hs_common.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -19,9 +19,6 @@ struct ed25519_keypair_t; /* Trunnel */ #include "trunnel/ed25519_cert.h" -/** Protocol version 2. Use this instead of hardcoding "2" in the code base, - * this adds a clearer semantic to the value when used. */ -#define HS_VERSION_TWO 2 /** Version 3 of the protocol (prop224). */ #define HS_VERSION_THREE 3 /** Earliest version we support. */ @@ -138,7 +135,7 @@ typedef enum { } hs_auth_key_type_t; /** Return value when adding an ephemeral service through the ADD_ONION - * control port command. Both v2 and v3 share these. */ + * control port command. */ typedef enum { RSAE_BADAUTH = -5, /**< Invalid auth_type/auth_clients */ RSAE_BADVIRTPORT = -4, /**< Invalid VIRTPORT/TARGET(s) */ @@ -150,7 +147,7 @@ typedef enum { /** Represents the mapping from a virtual port of a rendezvous service to a * real port on some IP. */ -typedef struct rend_service_port_config_t { +typedef struct hs_port_config_t { /** The incoming HS virtual port we're mapping */ uint16_t virtual_port; /** Is this an AF_UNIX port? */ @@ -161,7 +158,7 @@ typedef struct rend_service_port_config_t { tor_addr_t real_addr; /** The socket path to connect to, if is_unix_addr */ char unix_addr[FLEXIBLE_ARRAY_MEMBER]; -} rend_service_port_config_t; +} hs_port_config_t; void hs_init(void); void hs_free_all(void); @@ -194,24 +191,6 @@ void hs_build_blinded_keypair(const struct ed25519_keypair_t *kp, struct ed25519_keypair_t *kp_out); int hs_service_requires_uptime_circ(const smartlist_t *ports); -void rend_data_free_(rend_data_t *data); -#define rend_data_free(data) \ - FREE_AND_NULL(rend_data_t, rend_data_free_, (data)) -rend_data_t *rend_data_dup(const rend_data_t *data); -rend_data_t *rend_data_client_create(const char *onion_address, - const char *desc_id, - const char *cookie, - rend_auth_type_t auth_type); -rend_data_t *rend_data_service_create(const char *onion_address, - const char *pk_digest, - const uint8_t *cookie, - rend_auth_type_t auth_type); -const char *rend_data_get_address(const rend_data_t *rend_data); -const char *rend_data_get_desc_id(const rend_data_t *rend_data, - uint8_t replica, size_t *len_out); -const uint8_t *rend_data_get_pk_digest(const rend_data_t *rend_data, - size_t *len_out); - routerstatus_t *pick_hsdir(const char *desc_id, const char *desc_id_base32); struct hs_subcredential_t; @@ -260,6 +239,11 @@ void hs_purge_hid_serv_from_last_hid_serv_requests(const char *desc_id); void hs_purge_last_hid_serv_requests(void); int hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn); +hs_port_config_t *hs_parse_port_config(const char *string, const char *sep, + char **err_msg_out); +void hs_port_config_free_(hs_port_config_t *p); +#define hs_port_config_free(p) \ + FREE_AND_NULL(hs_port_config_t, hs_port_config_free_, (p)) void hs_inc_rdv_stream_counter(origin_circuit_t *circ); void hs_dec_rdv_stream_counter(origin_circuit_t *circ); diff --git a/src/feature/hs/hs_config.c b/src/feature/hs/hs_config.c index f8d71674de..a76893fe1a 100644 --- a/src/feature/hs/hs_config.c +++ b/src/feature/hs/hs_config.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -28,8 +28,6 @@ #include "feature/hs/hs_client.h" #include "feature/hs/hs_ob.h" #include "feature/hs/hs_service.h" -#include "feature/rend/rendclient.h" -#include "feature/rend/rendservice.h" #include "lib/encoding/confline.h" #include "lib/conf/confdecl.h" #include "lib/confmgt/confmgt.h" @@ -102,23 +100,6 @@ stage_services(smartlist_t *service_list) { tor_assert(service_list); - /* This is v2 specific. Trigger service pruning which will make sure the - * just configured services end up in the main global list. It should only - * be done in non validation mode because v2 subsystem handles service - * object differently. */ - rend_service_prune_list(); - - /* Cleanup v2 service from the list, we don't need those object anymore - * because we validated them all against the others and we want to stage - * only >= v3 service. And remember, v2 has a different object type which is - * shadow copied from an hs_service_t type. */ - SMARTLIST_FOREACH_BEGIN(service_list, hs_service_t *, s) { - if (s->config.version == HS_VERSION_TWO) { - SMARTLIST_DEL_CURRENT(service_list, s); - hs_service_free(s); - } - } SMARTLIST_FOREACH_END(s); - /* This is >= v3 specific. Using the newly configured service list, stage * them into our global state. Every object ownership is lost after. */ hs_service_stage_services(service_list); @@ -146,8 +127,7 @@ service_is_duplicate_in_list(const smartlist_t *service_list, /* XXX: Validate if we have any service that has the given service dir path. * This has two problems: * - * a) It's O(n^2), but the same comment from the bottom of - * rend_config_services() should apply. + * a) It's O(n^2) * * b) We only compare directory paths as strings, so we can't * detect two distinct paths that specify the same directory @@ -274,15 +254,6 @@ config_has_invalid_options(const config_line_t *line_, NULL /* End marker. */ }; - const char *opts_exclude_v2[] = { - "HiddenServiceExportCircuitID", - "HiddenServiceEnableIntroDoSDefense", - "HiddenServiceEnableIntroDoSRatePerSec", - "HiddenServiceEnableIntroDoSBurstPerSec", - "HiddenServiceOnionBalanceInstance", - NULL /* End marker. */ - }; - /* Defining the size explicitly allows us to take advantage of the compiler * which warns us if we ever bump the max version but forget to grow this * array. The plus one is because we have a version 0 :). */ @@ -291,7 +262,7 @@ config_has_invalid_options(const config_line_t *line_, } exclude_lists[HS_VERSION_MAX + 1] = { { NULL }, /* v0. */ { NULL }, /* v1. */ - { opts_exclude_v2 }, /* v2 */ + { NULL }, /* v2. */ { opts_exclude_v3 }, /* v3. */ }; @@ -315,16 +286,6 @@ config_has_invalid_options(const config_line_t *line_, "version %" PRIu32 " of service in %s", opt, service->config.version, service->config.directory_path); - - if (!strcasecmp(line->key, "HiddenServiceAuthorizeClient")) { - /* Special case this v2 option so that we can offer alternatives. - * If more such special cases appear, it would be good to - * generalize the exception mechanism here. */ - log_warn(LD_CONFIG, "For v3 onion service client authorization, " - "please read the 'CLIENT AUTHORIZATION' section in the " - "manual."); - } - ret = 1; /* Continue the loop so we can find all possible options. */ continue; @@ -479,6 +440,12 @@ config_generic_service(const hs_opts_t *hs_opts, /* Protocol version for the service. */ if (hs_opts->HiddenServiceVersion == -1) { /* No value was set; stay with the default. */ + } else if (hs_opts->HiddenServiceVersion == 2) { + log_warn(LD_CONFIG, "Onion services version 2 are obsolete. Please see " + "https://blog.torproject.org/v2-deprecation-timeline " + "for more details and for instructions on how to " + "transition to version 3."); + goto err; } else if (CHECK_OOB(hs_opts, HiddenServiceVersion, HS_VERSION_MIN, HS_VERSION_MAX)) { goto err; @@ -492,8 +459,8 @@ config_generic_service(const hs_opts_t *hs_opts, portline; portline = portline->next) { char *err_msg = NULL; /* XXX: Can we rename this? */ - rend_service_port_config_t *portcfg = - rend_service_parse_port_config(portline->value, " ", &err_msg); + hs_port_config_t *portcfg = + hs_parse_port_config(portline->value, " ", &err_msg); if (!portcfg) { if (err_msg) { log_warn(LD_CONFIG, "%s", err_msg); @@ -526,7 +493,7 @@ config_generic_service(const hs_opts_t *hs_opts, /* Check if we are configured in non anonymous mode meaning every service * becomes a single onion service. */ - if (rend_service_non_anonymous_mode_enabled(options)) { + if (hs_service_non_anonymous_mode_enabled(options)) { config->is_single_onion = 1; } @@ -581,15 +548,19 @@ config_service(config_line_t *line, const or_options_t *options, tor_assert(service->config.version <= HS_VERSION_MAX); - /* Check permission on service directory that was just parsed. And this must - * be done regardless of the service version. Do not ask for the directory - * to be created, this is done when the keys are loaded because we could be - * in validation mode right now. */ - if (hs_check_service_private_dir(options->User, - service->config.directory_path, - service->config.dir_group_readable, - 0) < 0) { - goto err; + /* If we're running with TestingTorNetwork enabled, we relax the permissions + * check on the hs directory. */ + if (!options->TestingTorNetwork) { + /* Check permission on service directory that was just parsed. And this + * must be done regardless of the service version. Do not ask for the + * directory to be created, this is done when the keys are loaded because + * we could be in validation mode right now. */ + if (hs_check_service_private_dir(options->User, + service->config.directory_path, + service->config.dir_group_readable, + 0) < 0) { + goto err; + } } /* We'll try to learn the service version here by loading the key(s) if @@ -599,8 +570,7 @@ config_service(config_line_t *line, const or_options_t *options, service->config.version = config_learn_service_version(service); } - /* We make sure that this set of options for a service are valid that is for - * instance an option only for v2 is not used for v3. */ + /* We make sure that this set of options for a service are valid. */ if (config_has_invalid_options(line->next, service)) { goto err; } @@ -609,9 +579,6 @@ config_service(config_line_t *line, const or_options_t *options, * start just after the service directory line so once we hit another * directory line, the function knows that it has to stop parsing. */ switch (service->config.version) { - case HS_VERSION_TWO: - ret = rend_config_service(hs_opts, options, &service->config); - break; case HS_VERSION_THREE: ret = config_service_v3(hs_opts, &service->config); break; @@ -677,6 +644,7 @@ hs_config_service_all(const or_options_t *options, int validate_only) int rv = config_service(section, options, new_service_list); config_free_lines(section); if (rv < 0) { + config_free_lines(remaining); goto err; } } @@ -692,11 +660,6 @@ hs_config_service_all(const or_options_t *options, int validate_only) * services. We don't need those objects anymore. */ SMARTLIST_FOREACH(new_service_list, hs_service_t *, s, hs_service_free(s)); - /* For the v2 subsystem, the configuration function adds the service - * object to the staging list and it is transferred in the main list - * through the prunning process. In validation mode, we thus have to purge - * the staging list so it's not kept in memory as valid service. */ - rend_service_free_staging_list(); } /* Success. Note that the service list has no ownership of its content. */ @@ -721,11 +684,6 @@ hs_config_client_auth_all(const or_options_t *options, int validate_only) { int ret = -1; - /* Configure v2 authorization. */ - if (rend_parse_service_authorization(options, validate_only) < 0) { - goto done; - } - /* Configure v3 authorization. */ if (hs_config_client_authorization(options, validate_only) < 0) { goto done; diff --git a/src/feature/hs/hs_config.h b/src/feature/hs/hs_config.h index 48c24b1a08..b250c62c8b 100644 --- a/src/feature/hs/hs_config.h +++ b/src/feature/hs/hs_config.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_control.c b/src/feature/hs/hs_control.c index 78b0735c29..8d26922a12 100644 --- a/src/feature/hs/hs_control.c +++ b/src/feature/hs/hs_control.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_control.h b/src/feature/hs/hs_control.h index 947b0ebf1c..c7dbcf8bb5 100644 --- a/src/feature/hs/hs_control.h +++ b/src/feature/hs/hs_control.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c index 6e448b322e..15ad9d8efb 100644 --- a/src/feature/hs/hs_descriptor.c +++ b/src/feature/hs/hs_descriptor.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -61,15 +61,17 @@ #include "trunnel/ed25519_cert.h" /* Trunnel interface. */ #include "feature/hs/hs_descriptor.h" #include "core/or/circuitbuild.h" +#include "core/or/congestion_control_common.h" +#include "core/or/protover.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" #include "feature/dirparse/parsecommon.h" -#include "feature/rend/rendcache.h" #include "feature/hs/hs_cache.h" #include "feature/hs/hs_config.h" #include "feature/nodelist/torcert.h" /* tor_cert_encode_ed22519() */ #include "lib/memarea/memarea.h" #include "lib/crypt_ops/crypto_format.h" +#include "core/or/versions.h" #include "core/or/extend_info_st.h" @@ -93,6 +95,7 @@ #define str_ip_legacy_key "legacy-key" #define str_ip_legacy_key_cert "legacy-key-cert" #define str_intro_point_start "\n" str_intro_point " " +#define str_flow_control "flow-control" /* Constant string value for the construction to encrypt the encrypted data * section. */ #define str_enc_const_superencryption "hsdir-superencrypted-data" @@ -139,6 +142,7 @@ static token_rule_t hs_desc_encrypted_v3_token_table[] = { T1_START(str_create2_formats, R3_CREATE2_FORMATS, CONCAT_ARGS, NO_OBJ), T01(str_intro_auth_required, R3_INTRO_AUTH_REQUIRED, GE(1), NO_OBJ), T01(str_single_onion, R3_SINGLE_ONION_SERVICE, ARGS, NO_OBJ), + T01(str_flow_control, R3_FLOW_CONTROL, GE(2), NO_OBJ), END_OF_TABLE }; @@ -766,6 +770,13 @@ get_inner_encrypted_layer_plaintext(const hs_descriptor_t *desc) if (desc->encrypted_data.single_onion_service) { smartlist_add_asprintf(lines, "%s\n", str_single_onion); } + + if (congestion_control_enabled()) { + /* Add flow control line into the descriptor. */ + smartlist_add_asprintf(lines, "%s %s %u\n", str_flow_control, + protover_get_supported(PRT_FLOWCTRL), + congestion_control_sendme_inc()); + } } /* Build the introduction point(s) section. */ @@ -1608,8 +1619,8 @@ decrypt_desc_layer,(const hs_descriptor_t *desc, * put in decrypted_out which contains the superencrypted layer of the * descriptor. Return the length of decrypted_out on success else 0 is * returned and decrypted_out is set to NULL. */ -static size_t -desc_decrypt_superencrypted(const hs_descriptor_t *desc, char **decrypted_out) +MOCK_IMPL(STATIC size_t, +desc_decrypt_superencrypted,(const hs_descriptor_t *desc,char **decrypted_out)) { size_t superencrypted_len = 0; char *superencrypted_plaintext = NULL; @@ -1640,10 +1651,10 @@ desc_decrypt_superencrypted(const hs_descriptor_t *desc, char **decrypted_out) * decrypted_out which contains the encrypted layer of the descriptor. * Return the length of decrypted_out on success else 0 is returned and * decrypted_out is set to NULL. */ -static size_t -desc_decrypt_encrypted(const hs_descriptor_t *desc, - const curve25519_secret_key_t *client_auth_sk, - char **decrypted_out) +MOCK_IMPL(STATIC size_t, +desc_decrypt_encrypted,(const hs_descriptor_t *desc, + const curve25519_secret_key_t *client_auth_sk, + char **decrypted_out)) { size_t encrypted_len = 0; char *encrypted_plaintext = NULL; @@ -2146,7 +2157,7 @@ desc_decode_plaintext_v3(smartlist_t *tokens, /** Decode the version 3 superencrypted section of the given descriptor desc. * The desc_superencrypted_out will be populated with the decoded data. */ -static hs_desc_decode_status_t +STATIC hs_desc_decode_status_t desc_decode_superencrypted_v3(const hs_descriptor_t *desc, hs_desc_superencrypted_data_t * desc_superencrypted_out) @@ -2260,7 +2271,7 @@ desc_decode_superencrypted_v3(const hs_descriptor_t *desc, /** Decode the version 3 encrypted section of the given descriptor desc. The * desc_encrypted_out will be populated with the decoded data. */ -static hs_desc_decode_status_t +STATIC hs_desc_decode_status_t desc_decode_encrypted_v3(const hs_descriptor_t *desc, const curve25519_secret_key_t *client_auth_sk, hs_desc_encrypted_data_t *desc_encrypted_out) @@ -2336,6 +2347,23 @@ desc_decode_encrypted_v3(const hs_descriptor_t *desc, desc_encrypted_out->single_onion_service = 1; } + /* Get flow control if any. */ + tok = find_opt_by_keyword(tokens, R3_FLOW_CONTROL); + if (tok) { + int ok; + + tor_asprintf(&desc_encrypted_out->flow_control_pv, "FlowCtrl=%s", + tok->args[0]); + uint8_t sendme_inc = + (uint8_t) tor_parse_uint64(tok->args[1], 10, 0, UINT8_MAX, &ok, NULL); + if (!ok || !congestion_control_validate_sendme_increment(sendme_inc)) { + log_warn(LD_REND, "Service descriptor flow control sendme " + "value is invalid"); + goto err; + } + desc_encrypted_out->sendme_inc = sendme_inc; + } + /* Initialize the descriptor's introduction point list before we start * decoding. Having 0 intro point is valid. Then decode them all. */ desc_encrypted_out->intro_points = smartlist_new(); @@ -2746,6 +2774,7 @@ hs_desc_encrypted_data_free_contents(hs_desc_encrypted_data_t *desc) hs_desc_intro_point_free(ip)); smartlist_free(desc->intro_points); } + tor_free(desc->flow_control_pv); memwipe(desc, 0, sizeof(*desc)); } @@ -2958,3 +2987,16 @@ hs_descriptor_clear_intro_points(hs_descriptor_t *desc) smartlist_clear(ips); } } + +/** Return true iff we support the given descriptor congestion control + * parameters. */ +bool +hs_desc_supports_congestion_control(const hs_descriptor_t *desc) +{ + tor_assert(desc); + + /* Validate that we support the protocol version in the descriptor. */ + return desc->encrypted_data.flow_control_pv && + protocol_list_supports_protocol(desc->encrypted_data.flow_control_pv, + PRT_FLOWCTRL, PROTOVER_FLOWCTRL_CC); +} diff --git a/src/feature/hs/hs_descriptor.h b/src/feature/hs/hs_descriptor.h index 08daa904b6..8f42b2138b 100644 --- a/src/feature/hs/hs_descriptor.h +++ b/src/feature/hs/hs_descriptor.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -167,6 +167,10 @@ typedef struct hs_desc_encrypted_data_t { /** Is this descriptor a single onion service? */ unsigned int single_onion_service : 1; + /** Flow control protocol version line. */ + char *flow_control_pv; + uint8_t sendme_inc; + /** A list of intro points. Contains hs_desc_intro_point_t objects. */ smartlist_t *intro_points; } hs_desc_encrypted_data_t; @@ -315,6 +319,8 @@ void hs_desc_superencrypted_data_free_contents( hs_desc_superencrypted_data_t *desc); void hs_desc_encrypted_data_free_contents(hs_desc_encrypted_data_t *desc); +bool hs_desc_supports_congestion_control(const hs_descriptor_t *desc); + #ifdef HS_DESCRIPTOR_PRIVATE /* Encoding. */ @@ -339,6 +345,25 @@ MOCK_DECL(STATIC size_t, decrypt_desc_layer,(const hs_descriptor_t *desc, bool is_superencrypted_layer, char **decrypted_out)); +STATIC hs_desc_decode_status_t desc_decode_encrypted_v3( + const hs_descriptor_t *desc, + const curve25519_secret_key_t *client_auth_sk, + hs_desc_encrypted_data_t *desc_encrypted_out); + +STATIC hs_desc_decode_status_t +desc_decode_superencrypted_v3(const hs_descriptor_t *desc, + hs_desc_superencrypted_data_t * + desc_superencrypted_out); + +MOCK_DECL(STATIC size_t, desc_decrypt_encrypted,( + const hs_descriptor_t *desc, + const curve25519_secret_key_t *client_auth_sk, + char **decrypted_out)); + +MOCK_DECL(STATIC size_t, desc_decrypt_superencrypted,( + const hs_descriptor_t *desc, + char **decrypted_out)); + #endif /* defined(HS_DESCRIPTOR_PRIVATE) */ #endif /* !defined(TOR_HS_DESCRIPTOR_H) */ diff --git a/src/feature/hs/hs_dos.c b/src/feature/hs/hs_dos.c index 04c2bfbb89..6323dbeeac 100644 --- a/src/feature/hs/hs_dos.c +++ b/src/feature/hs/hs_dos.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_dos.h b/src/feature/hs/hs_dos.h index 8e36ece204..c4feb699f9 100644 --- a/src/feature/hs/hs_dos.h +++ b/src/feature/hs/hs_dos.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_ident.c b/src/feature/hs/hs_ident.c index 53360f6e9d..7e99f033ea 100644 --- a/src/feature/hs/hs_ident.c +++ b/src/feature/hs/hs_ident.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_ident.h b/src/feature/hs/hs_ident.h index 0a71602852..cb1249cbdc 100644 --- a/src/feature/hs/hs_ident.h +++ b/src/feature/hs/hs_ident.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index fa6b54b18a..0a656b78dd 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -20,7 +20,7 @@ /* Trunnel */ #include "trunnel/ed25519_cert.h" -#include "trunnel/hs/cell_common.h" +#include "trunnel/extension.h" #include "trunnel/hs/cell_establish_intro.h" #include "trunnel/hs/cell_introduce1.h" @@ -155,14 +155,14 @@ hs_intro_send_intro_established_cell,(or_circuit_t *circ)) uint8_t *encoded_cell = NULL; ssize_t encoded_len, result_len; trn_cell_intro_established_t *cell; - trn_cell_extension_t *ext; + trn_extension_t *ext; tor_assert(circ); /* Build the cell payload. */ cell = trn_cell_intro_established_new(); - ext = trn_cell_extension_new(); - trn_cell_extension_set_num(ext, 0); + ext = trn_extension_new(); + trn_extension_set_num(ext, 0); trn_cell_intro_established_set_extensions(cell, ext); /* Encode the cell to binary format. */ encoded_len = trn_cell_intro_established_encoded_len(cell); @@ -249,7 +249,7 @@ cell_dos_extension_parameters_are_valid(uint64_t intro2_rate_per_sec, * values, the DoS defenses is disabled on the circuit. */ static void handle_establish_intro_cell_dos_extension( - const trn_cell_extension_field_t *field, + const trn_extension_field_t *field, or_circuit_t *circ) { ssize_t ret; @@ -260,8 +260,8 @@ handle_establish_intro_cell_dos_extension( tor_assert(circ); ret = trn_cell_extension_dos_parse(&dos, - trn_cell_extension_field_getconstarray_field(field), - trn_cell_extension_field_getlen_field(field)); + trn_extension_field_getconstarray_field(field), + trn_extension_field_getlen_field(field)); if (ret < 0) { goto end; } @@ -332,7 +332,7 @@ handle_establish_intro_cell_extensions( const trn_cell_establish_intro_t *parsed_cell, or_circuit_t *circ) { - const trn_cell_extension_t *extensions; + const trn_extension_t *extensions; tor_assert(parsed_cell); tor_assert(circ); @@ -343,15 +343,15 @@ handle_establish_intro_cell_extensions( } /* Go over all extensions. */ - for (size_t idx = 0; idx < trn_cell_extension_get_num(extensions); idx++) { - const trn_cell_extension_field_t *field = - trn_cell_extension_getconst_fields(extensions, idx); + for (size_t idx = 0; idx < trn_extension_get_num(extensions); idx++) { + const trn_extension_field_t *field = + trn_extension_getconst_fields(extensions, idx); if (BUG(field == NULL)) { /* The number of extensions should match the number of fields. */ break; } - switch (trn_cell_extension_field_get_field_type(field)) { + switch (trn_extension_field_get_field_type(field)) { case TRUNNEL_CELL_EXTENSION_TYPE_DOS: /* After this, the circuit should be set for DoS defenses. */ handle_establish_intro_cell_dos_extension(field, circ); @@ -494,8 +494,8 @@ hs_intro_circuit_is_suitable_for_establish_intro(const or_circuit_t *circ) return circuit_is_suitable_intro_point(circ, "ESTABLISH_INTRO"); } -/** We just received an ESTABLISH_INTRO cell in <b>circ</b>. Figure out of it's - * a legacy or a next gen cell, and pass it to the appropriate handler. */ +/** We just received an ESTABLISH_INTRO cell in <b>circ</b>. Pass it to the + * appropriate handler. */ int hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, size_t request_len) @@ -514,7 +514,8 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, switch (first_byte) { case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0: case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1: - /* Don't accept version 2 introduction anymore. */ + /* Likely version 2 onion service which is now obsolete. Avoid a + * protocol warning considering they still exists on the network. */ goto err; case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519: return handle_establish_intro(circ, request, request_len); @@ -540,7 +541,7 @@ send_introduce_ack_cell(or_circuit_t *circ, uint16_t status) uint8_t *encoded_cell = NULL; ssize_t encoded_len, result_len; trn_cell_introduce_ack_t *cell; - trn_cell_extension_t *ext; + trn_extension_t *ext; tor_assert(circ); @@ -549,8 +550,8 @@ send_introduce_ack_cell(or_circuit_t *circ, uint16_t status) cell = trn_cell_introduce_ack_new(); ret = trn_cell_introduce_ack_set_status(cell, status); /* We have no cell extensions in an INTRODUCE_ACK cell. */ - ext = trn_cell_extension_new(); - trn_cell_extension_set_num(ext, 0); + ext = trn_extension_new(); + trn_extension_set_num(ext, 0); trn_cell_introduce_ack_set_extensions(cell, ext); /* A wrong status is a very bad code flow error as this value is controlled * by the code in this file and not an external input. This means we use a @@ -718,23 +719,6 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, return ret; } -/** Identify if the encoded cell we just received is a legacy one or not. The - * <b>request</b> should be at least DIGEST_LEN bytes long. */ -STATIC int -introduce1_cell_is_legacy(const uint8_t *request) -{ - tor_assert(request); - - /* If the first 20 bytes of the cell (DIGEST_LEN) are NOT zeroes, it - * indicates a legacy cell (v2). */ - if (!fast_mem_is_zero((const char *) request, DIGEST_LEN)) { - /* Legacy cell. */ - return 1; - } - /* Not a legacy cell. */ - return 0; -} - /** Return true iff the circuit <b>circ</b> is suitable for receiving an * INTRODUCE1 cell. */ STATIC int @@ -773,13 +757,10 @@ int hs_intro_received_introduce1(or_circuit_t *circ, const uint8_t *request, size_t request_len) { - int ret; - tor_assert(circ); tor_assert(request); - /* A cell that can't hold a DIGEST_LEN is invalid as we need to check if - * it's a legacy cell or not using the first DIGEST_LEN bytes. */ + /* A cell that can't hold a DIGEST_LEN is invalid. */ if (request_len < DIGEST_LEN) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Invalid INTRODUCE1 cell length."); goto err; @@ -795,15 +776,8 @@ hs_intro_received_introduce1(or_circuit_t *circ, const uint8_t *request, * DoS mitigation since one circuit with one client can hammer a service. */ circ->already_received_introduce1 = 1; - /* We are sure here to have at least DIGEST_LEN bytes. */ - if (introduce1_cell_is_legacy(request)) { - /* Handle a legacy cell. */ - ret = rend_mid_introduce_legacy(circ, request, request_len); - } else { - /* Handle a non legacy cell. */ - ret = handle_introduce1(circ, request, request_len); - } - return ret; + /* Handle the cell. */ + return handle_introduce1(circ, request, request_len); err: circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL); diff --git a/src/feature/hs/hs_intropoint.h b/src/feature/hs/hs_intropoint.h index 8b2b9892b3..ae920ee12d 100644 --- a/src/feature/hs/hs_intropoint.h +++ b/src/feature/hs/hs_intropoint.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -52,7 +52,6 @@ STATIC void get_auth_key_from_cell(ed25519_public_key_t *auth_key_out, unsigned int cell_type, const void *cell); -STATIC int introduce1_cell_is_legacy(const uint8_t *request); STATIC int handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, size_t request_len); STATIC int validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell); diff --git a/src/feature/hs/hs_metrics.c b/src/feature/hs/hs_metrics.c index 25e2e62111..e80d98c2dd 100644 --- a/src/feature/hs/hs_metrics.c +++ b/src/feature/hs/hs_metrics.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -29,22 +29,6 @@ port_to_str(const uint16_t port) return buf; } -/** Return a static buffer pointer that contains a formatted label on the form - * of key=value. - * - * NOTE: Important, label values MUST NOT contain double quotes else, in the - * case of Prometheus, it will fail with a malformed line because we force the - * label value to be enclosed in double quotes. - * - * Subsequent call to this function invalidates the previous buffer. */ -static const char * -format_label(const char *key, const char *value) -{ - static char buf[128]; - tor_snprintf(buf, sizeof(buf), "%s=\"%s\"", key, value); - return buf; -} - /** Initialize a metrics store for the given service. * * Essentially, this goes over the base_metrics array and adds them all to the @@ -62,23 +46,23 @@ init_store(hs_service_t *service) /* Add entries with port as label. We need one metric line per port. */ if (base_metrics[i].port_as_label && service->config.ports) { SMARTLIST_FOREACH_BEGIN(service->config.ports, - const rend_service_port_config_t *, p) { + const hs_port_config_t *, p) { metrics_store_entry_t *entry = metrics_store_add(store, base_metrics[i].type, base_metrics[i].name, base_metrics[i].help); /* Add labels to the entry. */ metrics_store_entry_add_label(entry, - format_label("onion", service->onion_address)); + metrics_format_label("onion", service->onion_address)); metrics_store_entry_add_label(entry, - format_label("port", port_to_str(p->virtual_port))); + metrics_format_label("port", port_to_str(p->virtual_port))); } SMARTLIST_FOREACH_END(p); } else { metrics_store_entry_t *entry = metrics_store_add(store, base_metrics[i].type, base_metrics[i].name, base_metrics[i].help); metrics_store_entry_add_label(entry, - format_label("onion", service->onion_address)); + metrics_format_label("onion", service->onion_address)); } } } @@ -107,7 +91,7 @@ hs_metrics_update_by_service(const hs_metrics_key_t key, SMARTLIST_FOREACH_BEGIN(entries, metrics_store_entry_t *, entry) { if (port == 0 || metrics_store_entry_has_label(entry, - format_label("port", port_to_str(port)))) { + metrics_format_label("port", port_to_str(port)))) { metrics_store_entry_update(entry, n); break; } diff --git a/src/feature/hs/hs_metrics.h b/src/feature/hs/hs_metrics.h index 506831b3fd..6af3a7e7f0 100644 --- a/src/feature/hs/hs_metrics.h +++ b/src/feature/hs/hs_metrics.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_metrics_entry.c b/src/feature/hs/hs_metrics_entry.c index 7eb78db5ac..46d2d88aca 100644 --- a/src/feature/hs/hs_metrics_entry.c +++ b/src/feature/hs/hs_metrics_entry.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_metrics_entry.h b/src/feature/hs/hs_metrics_entry.h index f68c1ab8e9..b9786ac6f7 100644 --- a/src/feature/hs/hs_metrics_entry.h +++ b/src/feature/hs/hs_metrics_entry.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -46,6 +46,6 @@ typedef struct hs_metrics_entry_t { extern const hs_metrics_entry_t base_metrics[]; extern const size_t base_metrics_size; -#endif /* HS_METRICS_ENTRY_PRIVATE */ +#endif /* defined(HS_METRICS_ENTRY_PRIVATE) */ #endif /* !defined(TOR_FEATURE_HS_METRICS_ENTRY_H) */ diff --git a/src/feature/hs/hs_ob.c b/src/feature/hs/hs_ob.c index 1b8ab121a0..f0e615d6cc 100644 --- a/src/feature/hs/hs_ob.c +++ b/src/feature/hs/hs_ob.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_ob.h b/src/feature/hs/hs_ob.h index d6e6e73a84..6586ae8d4e 100644 --- a/src/feature/hs/hs_ob.h +++ b/src/feature/hs/hs_ob.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_options.inc b/src/feature/hs/hs_options.inc index 1a1444fd05..d3ca688b46 100644 --- a/src/feature/hs/hs_options.inc +++ b/src/feature/hs/hs_options.inc @@ -22,7 +22,6 @@ CONF_VAR(HiddenServiceDirGroupReadable, BOOL, 0, "0") CONF_VAR(HiddenServicePort, LINELIST, 0, NULL) // "-1" means "auto" here. CONF_VAR(HiddenServiceVersion, INT, 0, "-1") -CONF_VAR(HiddenServiceAuthorizeClient, STRING, 0, NULL) CONF_VAR(HiddenServiceAllowUnknownPorts, BOOL, 0, "0") CONF_VAR(HiddenServiceMaxStreams, POSINT, 0, "0") CONF_VAR(HiddenServiceMaxStreamsCloseCircuit, BOOL, 0, "0") diff --git a/src/feature/hs/hs_opts_st.h b/src/feature/hs/hs_opts_st.h index 279f0d6da6..47a4acc21f 100644 --- a/src/feature/hs/hs_opts_st.h +++ b/src/feature/hs/hs_opts_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 908ac02044..1caa5ab64a 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -16,6 +16,7 @@ #include "core/or/circuitbuild.h" #include "core/or/circuitlist.h" #include "core/or/circuituse.h" +#include "core/or/congestion_control_common.h" #include "core/or/extendinfo.h" #include "core/or/relay.h" #include "feature/client/circpathbias.h" @@ -29,7 +30,6 @@ #include "feature/nodelist/nickname.h" #include "feature/nodelist/node_select.h" #include "feature/nodelist/nodelist.h" -#include "feature/rend/rendservice.h" #include "lib/crypt_ops/crypto_ope.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" @@ -60,7 +60,6 @@ /* Trunnel */ #include "trunnel/ed25519_cert.h" -#include "trunnel/hs/cell_common.h" #include "trunnel/hs/cell_establish_intro.h" #ifdef HAVE_SYS_STAT_H @@ -161,6 +160,15 @@ HT_GENERATE2(hs_service_ht, hs_service_t, hs_service_node, hs_service_ht_hash, hs_service_ht_eq, 0.6, tor_reallocarray, tor_free_); +/** Return true iff the given service has client authorization configured that + * is the client list is non empty. */ +static inline bool +is_client_auth_enabled(const hs_service_t *service) +{ + return (service->config.clients != NULL && + smartlist_len(service->config.clients) > 0); +} + /** Query the given service map with a public key and return a service object * if found else NULL. It is also possible to set a directory path in the * search query. If pk is NULL, then it will be set to zero indicating the @@ -266,8 +274,8 @@ service_clear_config(hs_service_config_t *config) } tor_free(config->directory_path); if (config->ports) { - SMARTLIST_FOREACH(config->ports, rend_service_port_config_t *, p, - rend_service_port_config_free(p);); + SMARTLIST_FOREACH(config->ports, hs_port_config_t *, p, + hs_port_config_free(p);); smartlist_free(config->ports); } if (config->clients) { @@ -706,7 +714,7 @@ get_extend_info_from_intro_point(const hs_service_intro_point_t *ip, /* In the case of a direct connection (single onion service), it is possible * our firewall policy won't allow it so this can return a NULL value. */ - info = extend_info_from_node(node, direct_conn); + info = extend_info_from_node(node, direct_conn, false); end: return info; @@ -1118,6 +1126,43 @@ client_filename_is_valid(const char *filename) return ret; } +/** Parse an base32-encoded authorized client from a string. + * + * Return the key on success, return NULL, otherwise. */ +hs_service_authorized_client_t * +parse_authorized_client_key(const char *key_str, int severity) +{ + hs_service_authorized_client_t *client = NULL; + + /* We expect a specific length of the base64 encoded key so make sure we + * have that so we don't successfully decode a value with a different length + * and end up in trouble when copying the decoded key into a fixed length + * buffer. */ + if (strlen(key_str) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)) { + log_fn(severity, LD_REND, "Client authorization encoded base32 public key " + "length is invalid: %s", key_str); + goto err; + } + + client = tor_malloc_zero(sizeof(hs_service_authorized_client_t)); + if (base32_decode((char *) client->client_pk.public_key, + sizeof(client->client_pk.public_key), + key_str, strlen(key_str)) != + sizeof(client->client_pk.public_key)) { + log_fn(severity, LD_REND, "Client authorization public key cannot be " + "decoded: %s", key_str); + goto err; + } + + return client; + + err: + if (client != NULL) { + service_authorized_client_free(client); + } + return NULL; +} + /** Parse an authorized client from a string. The format of a client string * looks like (see rend-spec-v3.txt): * @@ -1164,23 +1209,7 @@ parse_authorized_client(const char *client_key_str) goto err; } - /* We expect a specific length of the base32 encoded key so make sure we - * have that so we don't successfully decode a value with a different length - * and end up in trouble when copying the decoded key into a fixed length - * buffer. */ - if (strlen(pubkey_b32) != BASE32_NOPAD_LEN(CURVE25519_PUBKEY_LEN)) { - log_warn(LD_REND, "Client authorization encoded base32 public key " - "length is invalid: %s", pubkey_b32); - goto err; - } - - client = tor_malloc_zero(sizeof(hs_service_authorized_client_t)); - if (base32_decode((char *) client->client_pk.public_key, - sizeof(client->client_pk.public_key), - pubkey_b32, strlen(pubkey_b32)) != - sizeof(client->client_pk.public_key)) { - log_warn(LD_REND, "Client authorization public key cannot be decoded: %s", - pubkey_b32); + if ((client = parse_authorized_client_key(pubkey_b32, LOG_WARN)) == NULL) { goto err; } @@ -1282,11 +1311,6 @@ load_client_keys(hs_service_t *service) } SMARTLIST_FOREACH_END(filename); - /* If the number of clients is greater than zero, set the flag to be true. */ - if (smartlist_len(config->clients) > 0) { - config->is_client_auth_enabled = 1; - } - /* Success. */ ret = 0; end: @@ -1304,7 +1328,7 @@ load_client_keys(hs_service_t *service) } /** Release all storage held in <b>client</b>. */ -STATIC void +void service_authorized_client_free_(hs_service_authorized_client_t *client) { if (!client) { @@ -1796,7 +1820,7 @@ build_service_desc_superencrypted(const hs_service_t *service, /* We do not need to build the desc authorized client if the client * authorization is disabled */ - if (config->is_client_auth_enabled) { + if (is_client_auth_enabled(service)) { SMARTLIST_FOREACH_BEGIN(config->clients, hs_service_authorized_client_t *, client) { hs_desc_authorized_client_t *desc_client; @@ -2647,8 +2671,6 @@ run_housekeeping_event(time_t now) static void run_build_descriptor_event(time_t now) { - /* For v2 services, this step happens in the upload event. */ - /* Run v3+ events. */ /* We start by rotating the descriptors only if needed. */ rotate_all_descriptors(now); @@ -2821,11 +2843,6 @@ run_build_circuit_event(time_t now) return; } - /* Run v2 check. */ - if (rend_num_services() > 0) { - rend_consider_services_intro_points(now); - } - /* Run v3+ check. */ FOR_EACH_SERVICE_BEGIN(service) { /* For introduction circuit, we need to make sure we don't stress too much @@ -3261,13 +3278,6 @@ refresh_service_descriptor(const hs_service_t *service, STATIC void run_upload_descriptor_event(time_t now) { - /* v2 services use the same function for descriptor creation and upload so - * we do everything here because the intro circuits were checked before. */ - if (rend_num_services() > 0) { - rend_consider_services_upload(now); - rend_consider_descriptor_republication(); - } - /* Run v3+ check. */ FOR_EACH_SERVICE_BEGIN(service) { FOR_EACH_DESCRIPTOR_BEGIN(service, desc) { @@ -3582,7 +3592,7 @@ service_encode_descriptor(const hs_service_t *service, /* If the client authorization is enabled, send the descriptor cookie to * hs_desc_encode_descriptor. Otherwise, send NULL */ - if (service->config.is_client_auth_enabled) { + if (is_client_auth_enabled(service)) { descriptor_cookie = desc->descriptor_cookie; } @@ -3596,6 +3606,54 @@ service_encode_descriptor(const hs_service_t *service, /* Public API */ /* ========== */ +/* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent? + */ +static int +hs_service_non_anonymous_mode_consistent(const or_options_t *options) +{ + /* !! is used to make these options boolean */ + return (!! options->HiddenServiceSingleHopMode == + !! options->HiddenServiceNonAnonymousMode); +} + +/* Do the options allow onion services to make direct (non-anonymous) + * connections to introduction or rendezvous points? + * Must only be called after options_validate_single_onion() has successfully + * checked onion service option consistency. + * Returns true if tor is in HiddenServiceSingleHopMode. */ +int +hs_service_allow_non_anonymous_connection(const or_options_t *options) +{ + tor_assert(hs_service_non_anonymous_mode_consistent(options)); + return options->HiddenServiceSingleHopMode ? 1 : 0; +} + +/* Do the options allow us to reveal the exact startup time of the onion + * service? + * Single Onion Services prioritise availability over hiding their + * startup time, as their IP address is publicly discoverable anyway. + * Must only be called after options_validate_single_onion() has successfully + * checked onion service option consistency. + * Returns true if tor is in non-anonymous hidden service mode. */ +int +hs_service_reveal_startup_time(const or_options_t *options) +{ + tor_assert(hs_service_non_anonymous_mode_consistent(options)); + return hs_service_non_anonymous_mode_enabled(options); +} + +/* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode + * config option? + * Must only be called after options_validate_single_onion() has successfully + * checked onion service option consistency. + */ +int +hs_service_non_anonymous_mode_enabled(const or_options_t *options) +{ + tor_assert(hs_service_non_anonymous_mode_consistent(options)); + return options->HiddenServiceNonAnonymousMode ? 1 : 0; +} + /** Called when a circuit was just cleaned up. This is done right before the * circuit is marked for close. */ void @@ -3617,12 +3675,15 @@ hs_service_circuit_cleanup_on_close(const circuit_t *circ) hs_metrics_close_established_rdv( &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk); break; + case CIRCUIT_PURPOSE_S_CONNECT_REND: + hs_circ_retry_service_rendezvous_point(CONST_TO_ORIGIN_CIRCUIT(circ)); + break; default: break; } } -/** This is called every time the service map (v2 or v3) changes that is if an +/** This is called every time the service map changes that is if an * element is added or removed. */ void hs_service_map_has_changed(void) @@ -3633,6 +3694,34 @@ hs_service_map_has_changed(void) rescan_periodic_events(get_options()); } +/** Called when a new consensus has arrived and has been set globally. The new + * consensus is pointed by ns. */ +void +hs_service_new_consensus_params(const networkstatus_t *ns) +{ + tor_assert(ns); + + /* This value is the new value from the consensus. */ + uint8_t current_sendme_inc = congestion_control_sendme_inc(); + + if (!hs_service_map) + return; + + /* Check each service and look if their descriptor contains a different + * sendme increment. If so, nuke all intro points by forcing an expiration + * which will lead to rebuild and reupload with the new value. */ + FOR_EACH_SERVICE_BEGIN(service) { + FOR_EACH_DESCRIPTOR_BEGIN(service, desc) { + if (desc->desc && + desc->desc->encrypted_data.sendme_inc != current_sendme_inc) { + /* Passing the maximum time_t will force expiration of all intro points + * and thus will lead to a rebuild of the descriptor. */ + cleanup_intro_points(service, LONG_MAX); + } + } FOR_EACH_DESCRIPTOR_END; + } FOR_EACH_SERVICE_END; +} + /** Upload an encoded descriptor in encoded_desc of the given version. This * descriptor is for the service identity_pk and blinded_pk used to setup the * directory connection identifier. It is uploaded to the directory hsdir_rs @@ -3684,15 +3773,17 @@ hs_service_upload_desc_to_dir(const char *encoded_desc, /** Add the ephemeral service using the secret key sk and ports. Both max * streams parameter will be set in the newly created service. * - * Ownership of sk and ports is passed to this routine. Regardless of - * success/failure, callers should not touch these values after calling this - * routine, and may assume that correct cleanup has been done on failure. + * Ownership of sk, ports, and auth_clients_v3 is passed to this routine. + * Regardless of success/failure, callers should not touch these values + * after calling this routine, and may assume that correct cleanup has + * been done on failure. * * Return an appropriate hs_service_add_ephemeral_status_t. */ hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, - int max_streams_close_circuit, char **address_out) + int max_streams_close_circuit, + smartlist_t *auth_clients_v3, char **address_out) { hs_service_add_ephemeral_status_t ret; hs_service_t *service = NULL; @@ -3736,6 +3827,16 @@ hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, goto err; } + if (auth_clients_v3) { + service->config.clients = smartlist_new(); + SMARTLIST_FOREACH(auth_clients_v3, hs_service_authorized_client_t *, c, { + if (c != NULL) { + smartlist_add(service->config.clients, c); + } + }); + smartlist_free(auth_clients_v3); + } + /* Build the onion address for logging purposes but also the control port * uses it for the HS_DESC event. */ hs_build_address(&service->keys.identity_pk, @@ -3961,9 +4062,6 @@ hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, tor_assert(file_list); tor_assert(dir_list); - /* Add files and dirs for legacy services. */ - rend_services_add_filenames_to_lists(file_list, dir_list); - /* Add files and dirs for v3+. */ FOR_EACH_SERVICE_BEGIN(service) { /* Skip ephemeral service, they don't touch the disk. */ @@ -4014,10 +4112,7 @@ hs_service_receive_introduce2(origin_circuit_t *circ, const uint8_t *payload, if (circ->hs_ident) { ret = service_handle_introduce2(circ, payload, payload_len); - hs_stats_note_introduce2_cell(1); - } else { - ret = rend_service_receive_introduction(circ, payload, payload_len); - hs_stats_note_introduce2_cell(0); + hs_stats_note_introduce2_cell(); } done: @@ -4044,12 +4139,8 @@ hs_service_receive_intro_established(origin_circuit_t *circ, goto err; } - /* Handle both version. v2 uses rend_data and v3 uses the hs circuit - * identifier hs_ident. Can't be both. */ if (circ->hs_ident) { ret = service_handle_intro_established(circ, payload, payload_len); - } else { - ret = rend_service_intro_established(circ, payload, payload_len); } if (ret < 0) { @@ -4068,21 +4159,15 @@ hs_service_circuit_has_opened(origin_circuit_t *circ) { tor_assert(circ); - /* Handle both version. v2 uses rend_data and v3 uses the hs circuit - * identifier hs_ident. Can't be both. */ switch (TO_CIRCUIT(circ)->purpose) { case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO: if (circ->hs_ident) { service_intro_circ_has_opened(circ); - } else { - rend_service_intro_has_opened(circ); } break; case CIRCUIT_PURPOSE_S_CONNECT_REND: if (circ->hs_ident) { service_rendezvous_circ_has_opened(circ); - } else { - rend_service_rendezvous_has_opened(circ); } break; default: @@ -4110,11 +4195,6 @@ hs_service_get_version_from_key(const hs_service_t *service) version = HS_VERSION_THREE; goto end; } - /* Version 2 check. */ - if (rend_service_key_on_disk(directory_path)) { - version = HS_VERSION_TWO; - goto end; - } end: return version; @@ -4125,13 +4205,6 @@ hs_service_get_version_from_key(const hs_service_t *service) int hs_service_load_all_keys(void) { - /* Load v2 service keys if we have v2. */ - if (rend_num_services() != 0) { - if (rend_service_load_all_keys(NULL) < 0) { - goto err; - } - } - /* Load or/and generate them for v3+. */ SMARTLIST_FOREACH_BEGIN(hs_service_staging_list, hs_service_t *, service) { /* Ignore ephemeral service, they already have their keys set. */ @@ -4331,9 +4404,6 @@ hs_service_init(void) tor_assert(!hs_service_map); tor_assert(!hs_service_staging_list); - /* v2 specific. */ - rend_service_init(); - hs_service_map = tor_malloc_zero(sizeof(struct hs_service_ht)); HT_INIT(hs_service_ht, hs_service_map); @@ -4344,7 +4414,6 @@ hs_service_init(void) void hs_service_free_all(void) { - rend_service_free_all(); service_free_all(); hs_config_free_all(); } diff --git a/src/feature/hs/hs_service.h b/src/feature/hs/hs_service.h index ec0e83f2c2..95461289ce 100644 --- a/src/feature/hs/hs_service.h +++ b/src/feature/hs/hs_service.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -210,7 +210,7 @@ typedef struct hs_service_config_t { /** Have we explicitly set HiddenServiceVersion? */ unsigned int hs_version_explicitly_set : 1; - /** List of rend_service_port_config_t */ + /** List of hs_port_config_t */ smartlist_t *ports; /** Path on the filesystem where the service persistent data is stored. NULL @@ -230,9 +230,6 @@ typedef struct hs_service_config_t { * HiddenServiceNumIntroductionPoints option. */ unsigned int num_intro_points; - /** True iff the client auth is enabled. */ - unsigned int is_client_auth_enabled : 1; - /** List of hs_service_authorized_client_t's of clients that may access this * service. Specified by HiddenServiceAuthorizeClient option. */ smartlist_t *clients; @@ -358,6 +355,7 @@ smartlist_t *hs_service_get_metrics_stores(void); void hs_service_map_has_changed(void); void hs_service_dir_info_changed(void); +void hs_service_new_consensus_params(const networkstatus_t *ns); void hs_service_run_scheduled_events(time_t now); void hs_service_circuit_has_opened(origin_circuit_t *circ); int hs_service_receive_intro_established(origin_circuit_t *circ, @@ -372,7 +370,8 @@ char *hs_service_lookup_current_desc(const ed25519_public_key_t *pk); hs_service_add_ephemeral_status_t hs_service_add_ephemeral(ed25519_secret_key_t *sk, smartlist_t *ports, int max_streams_per_rdv_circuit, - int max_streams_close_circuit, char **address_out); + int max_streams_close_circuit, + smartlist_t *auth_clients_v3, char **address_out); int hs_service_del_ephemeral(const char *address); /* Used outside of the HS subsystem by the control port command HSPOST. */ @@ -388,6 +387,20 @@ hs_service_exports_circuit_id(const ed25519_public_key_t *pk); void hs_service_dump_stats(int severity); void hs_service_circuit_cleanup_on_close(const circuit_t *circ); +hs_service_authorized_client_t * +parse_authorized_client_key(const char *key_str, int severity); + +void +service_authorized_client_free_(hs_service_authorized_client_t *client); +#define service_authorized_client_free(c) \ + FREE_AND_NULL(hs_service_authorized_client_t, \ + service_authorized_client_free_, (c)) + +/* Config options. */ +int hs_service_allow_non_anonymous_connection(const or_options_t *options); +int hs_service_non_anonymous_mode_enabled(const or_options_t *options); +int hs_service_reveal_startup_time(const or_options_t *options); + #ifdef HS_SERVICE_PRIVATE #ifdef TOR_UNIT_TESTS @@ -452,12 +465,6 @@ STATIC void service_descriptor_free_(hs_service_descriptor_t *desc); FREE_AND_NULL(hs_service_descriptor_t, \ service_descriptor_free_, (d)) -STATIC void -service_authorized_client_free_(hs_service_authorized_client_t *client); -#define service_authorized_client_free(c) \ - FREE_AND_NULL(hs_service_authorized_client_t, \ - service_authorized_client_free_, (c)) - STATIC int write_address_to_file(const hs_service_t *service, const char *fname_); diff --git a/src/feature/hs/hs_stats.c b/src/feature/hs/hs_stats.c index f9d458d630..cf191bd9d4 100644 --- a/src/feature/hs/hs_stats.c +++ b/src/feature/hs/hs_stats.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -12,20 +12,14 @@ /** Number of v3 INTRODUCE2 cells received */ static uint32_t n_introduce2_v3 = 0; -/** Number of v2 INTRODUCE2 cells received */ -static uint32_t n_introduce2_v2 = 0; /** Number of attempts to make a circuit to a rendezvous point */ static uint32_t n_rendezvous_launches = 0; /** Note that we received another INTRODUCE2 cell. */ void -hs_stats_note_introduce2_cell(int is_hsv3) +hs_stats_note_introduce2_cell(void) { - if (is_hsv3) { - n_introduce2_v3++; - } else { - n_introduce2_v2++; - } + n_introduce2_v3++; } /** Return the number of v3 INTRODUCE2 cells we have received. */ @@ -35,13 +29,6 @@ hs_stats_get_n_introduce2_v3_cells(void) return n_introduce2_v3; } -/** Return the number of v2 INTRODUCE2 cells we have received. */ -uint32_t -hs_stats_get_n_introduce2_v2_cells(void) -{ - return n_introduce2_v2; -} - /** Note that we attempted to launch another circuit to a rendezvous point. */ void hs_stats_note_service_rendezvous_launch(void) diff --git a/src/feature/hs/hs_stats.h b/src/feature/hs/hs_stats.h index aea2ccf5c2..1933017602 100644 --- a/src/feature/hs/hs_stats.h +++ b/src/feature/hs/hs_stats.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -9,9 +9,8 @@ #ifndef TOR_HS_STATS_H #define TOR_HS_STATS_H -void hs_stats_note_introduce2_cell(int is_hsv3); +void hs_stats_note_introduce2_cell(void); uint32_t hs_stats_get_n_introduce2_v3_cells(void); -uint32_t hs_stats_get_n_introduce2_v2_cells(void); void hs_stats_note_service_rendezvous_launch(void); uint32_t hs_stats_get_n_rendezvous_launches(void); diff --git a/src/feature/hs/hs_sys.c b/src/feature/hs/hs_sys.c index 6524dc3e4e..21f1fa0707 100644 --- a/src/feature/hs/hs_sys.c +++ b/src/feature/hs/hs_sys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hs_sys.h b/src/feature/hs/hs_sys.h index 4427b59b9c..a42d5323c5 100644 --- a/src/feature/hs/hs_sys.h +++ b/src/feature/hs/hs_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs/hsdir_index_st.h b/src/feature/hs/hsdir_index_st.h index 6ce0bf5c69..f6a2c922ec 100644 --- a/src/feature/hs/hsdir_index_st.h +++ b/src/feature/hs/hsdir_index_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs_common/replaycache.c b/src/feature/hs_common/replaycache.c index ab058ce759..63444de464 100644 --- a/src/feature/hs_common/replaycache.c +++ b/src/feature/hs_common/replaycache.c @@ -1,4 +1,4 @@ - /* Copyright (c) 2012-2020, The Tor Project, Inc. */ + /* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs_common/replaycache.h b/src/feature/hs_common/replaycache.h index 3a3eed29c0..3111149717 100644 --- a/src/feature/hs_common/replaycache.h +++ b/src/feature/hs_common/replaycache.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/hs_common/shared_random_client.c b/src/feature/hs_common/shared_random_client.c index 4e8a2942fc..a09dbd5d29 100644 --- a/src/feature/hs_common/shared_random_client.c +++ b/src/feature/hs_common/shared_random_client.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -34,12 +34,11 @@ srv_to_control_string(const sr_srv_t *srv) } /** - * If we have no consensus and we are not an authority, assume that this is - * the voting interval. We should never actually use this: only authorities - * should be trying to figure out the schedule when they don't have a - * consensus. - **/ + * If we have no consensus and we are not an authority, assume that this is the + * voting interval. This can be used while bootstrapping as a relay and we are + * asked to initialize HS stats (see rep_hist_hs_stats_init()) */ #define DEFAULT_NETWORK_VOTING_INTERVAL (3600) +#define TESTING_DEFAULT_NETWORK_VOTING_INTERVAL (20) /* This is an unpleasing workaround for tests. Our unit tests assume that we * are scheduling all of our shared random stuff as if we were a directory @@ -72,11 +71,13 @@ get_voting_interval(void) * It's better than falling back to the non-consensus case. */ interval = (int)(consensus->fresh_until - consensus->valid_after); } else { - /* We should never be reaching this point, since a client should never - * call this code unless they have some kind of a consensus. All we can - * do is hope that this network is using the default voting interval. */ - tor_assert_nonfatal_unreached_once(); - interval = DEFAULT_NETWORK_VOTING_INTERVAL; + /* We can reach this as a relay when bootstrapping and we are asked to + * initialize HS stats (see rep_hist_hs_stats_init()). */ + if (get_options()->TestingTorNetwork) { + interval = TESTING_DEFAULT_NETWORK_VOTING_INTERVAL; + } else { + interval = DEFAULT_NETWORK_VOTING_INTERVAL; + } } tor_assert(interval > 0); return interval; diff --git a/src/feature/hs_common/shared_random_client.h b/src/feature/hs_common/shared_random_client.h index 37a086d590..679eb24c37 100644 --- a/src/feature/hs_common/shared_random_client.h +++ b/src/feature/hs_common/shared_random_client.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/keymgt/loadkey.c b/src/feature/keymgt/loadkey.c index 6ea3df492d..1000826376 100644 --- a/src/feature/keymgt/loadkey.c +++ b/src/feature/keymgt/loadkey.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -712,7 +712,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags, } /** - * Create a new signing key and (optionally) certficiate; do not read or write + * Create a new signing key and (optionally) certificate; do not read or write * from disk. See ed_key_init_from_file() for more information. */ ed25519_keypair_t * diff --git a/src/feature/keymgt/loadkey.h b/src/feature/keymgt/loadkey.h index 5a8ca32dea..6efbb415e7 100644 --- a/src/feature/keymgt/loadkey.h +++ b/src/feature/keymgt/loadkey.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/metrics/metrics.c b/src/feature/metrics/metrics.c index 9a72fe7145..5c10d553d3 100644 --- a/src/feature/metrics/metrics.c +++ b/src/feature/metrics/metrics.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/metrics/metrics.h b/src/feature/metrics/metrics.h index e072519d10..33e15f8bc9 100644 --- a/src/feature/metrics/metrics.h +++ b/src/feature/metrics/metrics.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/metrics/metrics_sys.c b/src/feature/metrics/metrics_sys.c index 419318068e..d34c9fca38 100644 --- a/src/feature/metrics/metrics_sys.c +++ b/src/feature/metrics/metrics_sys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/metrics/metrics_sys.h b/src/feature/metrics/metrics_sys.h index 30c1b14836..617291ec73 100644 --- a/src/feature/metrics/metrics_sys.h +++ b/src/feature/metrics/metrics_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/authcert.c b/src/feature/nodelist/authcert.c index c5b31be9e3..4ac3acc1bc 100644 --- a/src/feature/nodelist/authcert.c +++ b/src/feature/nodelist/authcert.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/authcert.h b/src/feature/nodelist/authcert.h index 4c3d79ceed..7c42f6bf5f 100644 --- a/src/feature/nodelist/authcert.h +++ b/src/feature/nodelist/authcert.h @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/authority_cert_st.h b/src/feature/nodelist/authority_cert_st.h index aa9831d12e..7c9e31a27c 100644 --- a/src/feature/nodelist/authority_cert_st.h +++ b/src/feature/nodelist/authority_cert_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/desc_store_st.h b/src/feature/nodelist/desc_store_st.h index 5f35a490a5..fd1d36fa6e 100644 --- a/src/feature/nodelist/desc_store_st.h +++ b/src/feature/nodelist/desc_store_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/describe.c b/src/feature/nodelist/describe.c index b6a0fe74f7..758454830b 100644 --- a/src/feature/nodelist/describe.c +++ b/src/feature/nodelist/describe.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/describe.h b/src/feature/nodelist/describe.h index 898b5c943b..b57bf596af 100644 --- a/src/feature/nodelist/describe.h +++ b/src/feature/nodelist/describe.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/dirlist.c b/src/feature/nodelist/dirlist.c index 423c4106e2..1f1ac4d106 100644 --- a/src/feature/nodelist/dirlist.c +++ b/src/feature/nodelist/dirlist.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -43,6 +43,14 @@ #include "feature/dirclient/dir_server_st.h" #include "feature/nodelist/node_st.h" +/** Information about an (HTTP) dirport for a directory authority. */ +struct auth_dirport_t { + /** What is the intended usage for this dirport? One of AUTH_USAGE_* */ + auth_dirport_usage_t usage; + /** What is the correct address/port ? */ + tor_addr_port_t dirport; +}; + /** Global list of a dir_server_t object for each directory * authority. */ static smartlist_t *trusted_dir_servers = NULL; @@ -66,6 +74,11 @@ add_trusted_dir_to_nodelist_addr_set(const dir_server_t *dir) /* IPv6 DirPort is not a thing yet for authorities. */ nodelist_add_addr_to_address_set(&dir->ipv6_addr, dir->ipv6_orport, 0); } + if (dir->auth_dirports) { + SMARTLIST_FOREACH_BEGIN(dir->auth_dirports, const auth_dirport_t *, p) { + nodelist_add_addr_to_address_set(&p->dirport.addr, 0, p->dirport.port); + } SMARTLIST_FOREACH_END(p); + } } /** Go over the trusted directory server list and add their address(es) to the @@ -256,7 +269,10 @@ MOCK_IMPL(int, router_digest_is_trusted_dir_type, /** Return true iff the given address matches a trusted directory that matches * at least one bit of type. * - * If type is NO_DIRINFO or ALL_DIRINFO, any authority is matched. */ + * If type is NO_DIRINFO or ALL_DIRINFO, any authority is matched. + * + * Only ORPorts' addresses are considered. + */ bool router_addr_is_trusted_dir_type(const tor_addr_t *addr, dirinfo_type_t type) { @@ -281,6 +297,39 @@ router_addr_is_trusted_dir_type(const tor_addr_t *addr, dirinfo_type_t type) return false; } +/** Return an appropriate usage value describing which authdir port to use + * for a given directory connection purpose. + */ +auth_dirport_usage_t +auth_dirport_usage_for_purpose(int purpose) +{ + switch (purpose) { + case DIR_PURPOSE_FETCH_SERVERDESC: + case DIR_PURPOSE_FETCH_EXTRAINFO: + case DIR_PURPOSE_FETCH_CONSENSUS: + case DIR_PURPOSE_FETCH_CERTIFICATE: + case DIR_PURPOSE_FETCH_MICRODESC: + return AUTH_USAGE_DOWNLOAD; + + case DIR_PURPOSE_UPLOAD_DIR: + return AUTH_USAGE_UPLOAD; + + case DIR_PURPOSE_UPLOAD_VOTE: + case DIR_PURPOSE_UPLOAD_SIGNATURES: + case DIR_PURPOSE_FETCH_DETACHED_SIGNATURES: + case DIR_PURPOSE_FETCH_STATUS_VOTE: + return AUTH_USAGE_VOTING; + + case DIR_PURPOSE_SERVER: + case DIR_PURPOSE_UPLOAD_HSDESC: + case DIR_PURPOSE_FETCH_HSDESC: + case DIR_PURPOSE_HAS_FETCHED_HSDESC: + default: + tor_assert_nonfatal_unreached(); + return AUTH_USAGE_LEGACY; + } +} + /** Create a directory server at <b>address</b>:<b>port</b>, with OR identity * key <b>digest</b> which has DIGEST_LEN bytes. If <b>address</b> is NULL, * add ourself. If <b>is_authority</b>, this is a directory authority. Return @@ -357,6 +406,7 @@ dir_server_new(int is_authority, ent->fake_status.ipv4_dirport = ent->ipv4_dirport; ent->fake_status.ipv4_orport = ent->ipv4_orport; ent->fake_status.ipv6_orport = ent->ipv6_orport; + ent->fake_status.is_authority = !! is_authority; return ent; } @@ -404,10 +454,98 @@ trusted_dir_server_new(const char *nickname, const char *address, ipv6_addrport, digest, v3_auth_digest, type, weight); + + if (ipv4_dirport) { + tor_addr_port_t p; + memset(&p, 0, sizeof(p)); + tor_addr_copy(&p.addr, &ipv4_addr); + p.port = ipv4_dirport; + trusted_dir_server_add_dirport(result, AUTH_USAGE_LEGACY, &p); + } tor_free(hostname); return result; } +/** + * Add @a dirport as an HTTP DirPort contact point for the directory authority + * @a ds, for use when contacting that authority for the given @a usage. + * + * Multiple ports of the same usage are allowed; if present, then only + * the first one of each address family is currently used. + */ +void +trusted_dir_server_add_dirport(dir_server_t *ds, + auth_dirport_usage_t usage, + const tor_addr_port_t *dirport) +{ + tor_assert(ds); + tor_assert(dirport); + + if (BUG(! ds->is_authority)) { + return; + } + + if (ds->auth_dirports == NULL) { + ds->auth_dirports = smartlist_new(); + } + + auth_dirport_t *port = tor_malloc_zero(sizeof(auth_dirport_t)); + port->usage = usage; + tor_addr_port_copy(&port->dirport, dirport); + smartlist_add(ds->auth_dirports, port); +} + +/** + * Helper for trusted_dir_server_get_dirport: only return the exact requested + * usage type. + */ +const tor_addr_port_t * +trusted_dir_server_get_dirport_exact(const dir_server_t *ds, + auth_dirport_usage_t usage, + int addr_family) +{ + tor_assert(ds); + tor_assert_nonfatal(addr_family == AF_INET || addr_family == AF_INET6); + if (ds->auth_dirports == NULL) + return NULL; + + SMARTLIST_FOREACH_BEGIN(ds->auth_dirports, const auth_dirport_t *, port) { + if (port->usage == usage && + tor_addr_family(&port->dirport.addr) == addr_family) { + return &port->dirport; + } + } SMARTLIST_FOREACH_END(port); + + return NULL; +} + +/** + * Return the DirPort of the authority @a ds for with the usage type + * @a usage and address family @a addr_family. If none is found, try + * again with an AUTH_USAGE_LEGACY dirport, if there is one. Return NULL + * if no port can be found. + */ +const tor_addr_port_t * +trusted_dir_server_get_dirport(const dir_server_t *ds, + auth_dirport_usage_t usage, + int addr_family) +{ + const tor_addr_port_t *port; + + while (1) { + port = trusted_dir_server_get_dirport_exact(ds, usage, addr_family); + if (port) + return port; + + // If we tried LEGACY, there is no fallback from this point. + if (usage == AUTH_USAGE_LEGACY) + return NULL; + + // Try again with LEGACY. + usage = AUTH_USAGE_LEGACY; + } +} + /** Return a new dir_server_t for a fallback directory server at * <b>addr</b>:<b>or_port</b>/<b>dir_port</b>, with identity key digest * <b>id_digest</b> */ @@ -447,6 +585,10 @@ dir_server_free_(dir_server_t *ds) if (!ds) return; + if (ds->auth_dirports) { + SMARTLIST_FOREACH(ds->auth_dirports, auth_dirport_t *, p, tor_free(p)); + smartlist_free(ds->auth_dirports); + } tor_free(ds->nickname); tor_free(ds->description); tor_free(ds->address); diff --git a/src/feature/nodelist/dirlist.h b/src/feature/nodelist/dirlist.h index ae3debf4e5..3b4faf07af 100644 --- a/src/feature/nodelist/dirlist.h +++ b/src/feature/nodelist/dirlist.h @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -11,6 +11,28 @@ #ifndef TOR_DIRLIST_H #define TOR_DIRLIST_H +typedef struct auth_dirport_t auth_dirport_t; +/** + * Different usages for an authority's HTTP directory port. + * + * Historically, only legacy ports existed; proposal 330 added multiple types + * of dirport to better enable authorities to offload work and resist DoS + * attacks. + **/ +typedef enum auth_dirport_usage_t { + /** Flag for an authority's dirport that is intended for misc/legacy + * usage. May be used when no other dirport is available. */ + AUTH_USAGE_LEGACY, + /** Flag for an authority's dirport that is intended for descriptor uploads + * only. */ + AUTH_USAGE_UPLOAD, + /** Flag for an authority's dirport that is intended for voting only */ + AUTH_USAGE_VOTING, + /** Flag for an authority's dirport that is intended for relay downloads + * only. */ + AUTH_USAGE_DOWNLOAD, +} auth_dirport_usage_t; + int get_n_authorities(dirinfo_type_t type); const smartlist_t *router_get_trusted_dir_servers(void); const smartlist_t *router_get_fallback_dir_servers(void); @@ -18,6 +40,8 @@ smartlist_t *router_get_trusted_dir_servers_mutable(void); smartlist_t *router_get_fallback_dir_servers_mutable(void); void mark_all_dirservers_up(smartlist_t *server_list); +auth_dirport_usage_t auth_dirport_usage_for_purpose(int purpose); + dir_server_t *router_get_trusteddirserver_by_digest(const char *d); dir_server_t *router_get_fallback_dirserver_by_digest( const char *digest); @@ -28,6 +52,14 @@ MOCK_DECL(dir_server_t *, trusteddirserver_get_by_v3_auth_digest, MOCK_DECL(int, router_digest_is_trusted_dir_type, (const char *digest, dirinfo_type_t type)); +const tor_addr_port_t *trusted_dir_server_get_dirport(const dir_server_t *ds, + auth_dirport_usage_t usage, + int addr_family); +const tor_addr_port_t *trusted_dir_server_get_dirport_exact( + const dir_server_t *ds, + auth_dirport_usage_t usage, + int addr_family); + bool router_addr_is_trusted_dir_type(const tor_addr_t *addr, dirinfo_type_t type); #define router_addr_is_trusted_dir(d) \ @@ -41,6 +73,9 @@ dir_server_t *trusted_dir_server_new(const char *nickname, const char *address, const tor_addr_port_t *addrport_ipv6, const char *digest, const char *v3_auth_digest, dirinfo_type_t type, double weight); +void trusted_dir_server_add_dirport(dir_server_t *ds, + auth_dirport_usage_t usage, + const tor_addr_port_t *dirport); dir_server_t *fallback_dir_server_new(const tor_addr_t *addr, uint16_t dir_port, uint16_t or_port, const tor_addr_port_t *addrport_ipv6, diff --git a/src/feature/nodelist/document_signature_st.h b/src/feature/nodelist/document_signature_st.h index 4bde9d89ec..63686c8572 100644 --- a/src/feature/nodelist/document_signature_st.h +++ b/src/feature/nodelist/document_signature_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/extrainfo_st.h b/src/feature/nodelist/extrainfo_st.h index 6bd6232cd8..b0d94554a1 100644 --- a/src/feature/nodelist/extrainfo_st.h +++ b/src/feature/nodelist/extrainfo_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/fmt_routerstatus.c b/src/feature/nodelist/fmt_routerstatus.c index 252b2e61fe..8c02a302af 100644 --- a/src/feature/nodelist/fmt_routerstatus.c +++ b/src/feature/nodelist/fmt_routerstatus.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -15,11 +15,11 @@ #include "feature/nodelist/fmt_routerstatus.h" #include "core/or/policies.h" -#include "feature/nodelist/routerlist.h" #include "feature/dirauth/dirvote.h" - #include "feature/nodelist/routerinfo_st.h" +#include "feature/nodelist/routerlist.h" #include "feature/nodelist/vote_routerstatus_st.h" +#include "feature/stats/rephist.h" #include "lib/crypt_ops/crypto_format.h" @@ -87,7 +87,7 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version, goto done; smartlist_add_asprintf(chunks, - "s%s%s%s%s%s%s%s%s%s%s%s\n", + "s%s%s%s%s%s%s%s%s%s%s%s%s%s\n", /* These must stay in alphabetical order. */ rs->is_authority?" Authority":"", rs->is_bad_exit?" BadExit":"", @@ -95,9 +95,11 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version, rs->is_fast?" Fast":"", rs->is_possible_guard?" Guard":"", rs->is_hs_dir?" HSDir":"", + rs->is_middle_only?" MiddleOnly":"", rs->is_flagged_running?" Running":"", rs->is_stable?" Stable":"", rs->is_staledesc?" StaleDesc":"", + rs->is_sybil?" Sybil":"", rs->is_v2_dir?" V2Dir":"", rs->is_valid?" Valid":""); @@ -167,9 +169,20 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version, smartlist_add_asprintf(chunks, "w Bandwidth=%d", bw_kb); + /* Include the bandwidth weight from our external bandwidth + * authority, if we have one. */ if (format == NS_V3_VOTE && vrs && vrs->has_measured_bw) { - smartlist_add_asprintf(chunks, - " Measured=%d", vrs->measured_bw_kb); + if (!rs->is_authority) { /* normal case */ + smartlist_add_asprintf(chunks, + " Measured=%d", vrs->measured_bw_kb); + } else { + /* dir auth special case: don't give it a Measured line, so we + * can reserve its attention for authority-specific activities. + * But do include the bwauth's opinion so it can be recorded for + * posterity. See #40698 for details. */ + smartlist_add_asprintf(chunks, + " MeasuredButAuthority=%d", vrs->measured_bw_kb); + } } /* Write down guardfraction information if we have it. */ if (format == NS_V3_VOTE && vrs && vrs->status.has_guardfraction) { @@ -194,6 +207,15 @@ routerstatus_format_entry(const routerstatus_t *rs, const char *version, digest256_to_base64(ed_b64, (const char*)vrs->ed25519_id); smartlist_add_asprintf(chunks, "id ed25519 %s\n", ed_b64); } + + /* We'll add a series of statistics to the vote per relays so we are + * able to assess what each authorities sees and help our health and + * performance work. */ + time_t now = time(NULL); + smartlist_add_asprintf(chunks, "stats wfu=%.6f tk=%lu mtbf=%.0f\n", + rep_hist_get_weighted_fractional_uptime(rs->identity_digest, now), + rep_hist_get_weighted_time_known(rs->identity_digest, now), + rep_hist_get_stability(rs->identity_digest, now)); } } diff --git a/src/feature/nodelist/fmt_routerstatus.h b/src/feature/nodelist/fmt_routerstatus.h index a007989af3..7482f373e1 100644 --- a/src/feature/nodelist/fmt_routerstatus.h +++ b/src/feature/nodelist/fmt_routerstatus.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/microdesc.c b/src/feature/nodelist/microdesc.c index 01dccd160b..a95d535dc0 100644 --- a/src/feature/nodelist/microdesc.c +++ b/src/feature/nodelist/microdesc.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2009-2020, The Tor Project, Inc. */ +/* Copyright (c) 2009-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/microdesc.h b/src/feature/nodelist/microdesc.h index b352f58e34..977c813911 100644 --- a/src/feature/nodelist/microdesc.h +++ b/src/feature/nodelist/microdesc.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/microdesc_st.h b/src/feature/nodelist/microdesc_st.h index 410403e965..ad56b6d6c2 100644 --- a/src/feature/nodelist/microdesc_st.h +++ b/src/feature/nodelist/microdesc_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c index 80940e6092..af3bde83a5 100644 --- a/src/feature/nodelist/networkstatus.c +++ b/src/feature/nodelist/networkstatus.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -40,11 +40,14 @@ #include "core/or/or.h" #include "app/config/config.h" #include "core/mainloop/connection.h" +#include "core/mainloop/cpuworker.h" #include "core/mainloop/mainloop.h" #include "core/mainloop/netstatus.h" #include "core/or/channel.h" #include "core/or/channelpadding.h" #include "core/or/circuitpadding.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_flow.h" #include "core/or/circuitmux.h" #include "core/or/circuitmux_ewma.h" #include "core/or/circuitstats.h" @@ -80,6 +83,8 @@ #include "feature/nodelist/routerinfo.h" #include "feature/nodelist/routerlist.h" #include "feature/nodelist/torcert.h" +#include "feature/relay/dns.h" +#include "feature/relay/onion_queue.h" #include "feature/relay/routermode.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" @@ -103,6 +108,7 @@ #include "feature/dirauth/vote_microdesc_hash_st.h" #include "feature/nodelist/vote_routerstatus_st.h" #include "feature/nodelist/routerstatus_st.h" +#include "feature/stats/rephist.h" #ifdef HAVE_UNISTD_H #include <unistd.h> @@ -240,7 +246,7 @@ networkstatus_get_cache_fname,(int flav, } /** - * Read and and return the cached consensus of type <b>flavorname</b>. If + * Read and return the cached consensus of type <b>flavorname</b>. If * <b>unverified</b> is false, get the one we haven't verified. Return NULL if * the file isn't there. */ static tor_mmap_t * @@ -1663,6 +1669,9 @@ notify_before_networkstatus_changes(const networkstatus_t *old_c, dos_consensus_has_changed(new_c); relay_consensus_has_changed(new_c); hs_dos_consensus_has_changed(new_c); + rep_hist_consensus_has_changed(new_c); + cpuworker_consensus_has_changed(new_c); + onion_consensus_has_changed(new_c); } /* Called after a new consensus has been put in the global state. It is safe @@ -1699,6 +1708,13 @@ notify_after_networkstatus_changes(void) channelpadding_new_consensus_params(c); circpad_new_consensus_params(c); router_new_consensus_params(c); + congestion_control_new_consensus_params(c); + flow_control_new_consensus_params(c); + hs_service_new_consensus_params(c); + dns_new_consensus_params(c); + + /* Maintenance of our L2 guard list */ + maintain_layer2_guards(); } /** Copy all the ancillary information (like router download status and so on) diff --git a/src/feature/nodelist/networkstatus.h b/src/feature/nodelist/networkstatus.h index ce050aeadc..0ffbd4d2ec 100644 --- a/src/feature/nodelist/networkstatus.h +++ b/src/feature/nodelist/networkstatus.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/networkstatus_sr_info_st.h b/src/feature/nodelist/networkstatus_sr_info_st.h index 04d0dfe8f6..36f31f80b9 100644 --- a/src/feature/nodelist/networkstatus_sr_info_st.h +++ b/src/feature/nodelist/networkstatus_sr_info_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/networkstatus_st.h b/src/feature/nodelist/networkstatus_st.h index 021168d3ca..4694750087 100644 --- a/src/feature/nodelist/networkstatus_st.h +++ b/src/feature/nodelist/networkstatus_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/networkstatus_voter_info_st.h b/src/feature/nodelist/networkstatus_voter_info_st.h index a0fba2e1b5..cf38d1920b 100644 --- a/src/feature/nodelist/networkstatus_voter_info_st.h +++ b/src/feature/nodelist/networkstatus_voter_info_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/nickname.c b/src/feature/nodelist/nickname.c index c022dd6bc4..6713f07320 100644 --- a/src/feature/nodelist/nickname.c +++ b/src/feature/nodelist/nickname.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/nickname.h b/src/feature/nodelist/nickname.h index 11c6416f3a..052ffc2dd7 100644 --- a/src/feature/nodelist/nickname.h +++ b/src/feature/nodelist/nickname.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/node_select.c b/src/feature/nodelist/node_select.c index ecb70aef14..13dfae1de3 100644 --- a/src/feature/nodelist/node_select.c +++ b/src/feature/nodelist/node_select.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/node_select.h b/src/feature/nodelist/node_select.h index 1776d8ea1a..18a14ff0cb 100644 --- a/src/feature/nodelist/node_select.h +++ b/src/feature/nodelist/node_select.h @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/node_st.h b/src/feature/nodelist/node_st.h index 3769f9dc84..df67a47ada 100644 --- a/src/feature/nodelist/node_st.h +++ b/src/feature/nodelist/node_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -70,6 +70,8 @@ struct node_t { unsigned int is_exit:1; /**< Do we think this is an OK exit? */ unsigned int is_bad_exit:1; /**< Do we think this exit is censored, borked, * or otherwise nasty? */ + /** Is this unsuitable for use as anything besides a middle relay? */ + unsigned int is_middle_only:1; unsigned int is_hs_dir:1; /**< True iff this router is a hidden service * directory according to the authorities. */ diff --git a/src/feature/nodelist/nodefamily.c b/src/feature/nodelist/nodefamily.c index feaa3730dc..f1d52a53d2 100644 --- a/src/feature/nodelist/nodefamily.c +++ b/src/feature/nodelist/nodefamily.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/nodefamily.h b/src/feature/nodelist/nodefamily.h index 16e161ba82..f9e82fa979 100644 --- a/src/feature/nodelist/nodefamily.h +++ b/src/feature/nodelist/nodefamily.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/nodefamily_st.h b/src/feature/nodelist/nodefamily_st.h index c581c917a9..2c704ebe47 100644 --- a/src/feature/nodelist/nodefamily_st.h +++ b/src/feature/nodelist/nodefamily_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c index 03b158e68d..b895a2c7f8 100644 --- a/src/feature/nodelist/nodelist.c +++ b/src/feature/nodelist/nodelist.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -64,7 +64,6 @@ #include "feature/nodelist/routerlist.h" #include "feature/nodelist/routerset.h" #include "feature/nodelist/torcert.h" -#include "feature/rend/rendservice.h" #include "lib/encoding/binascii.h" #include "lib/err/backtrace.h" #include "lib/geoip/geoip.h" @@ -1040,6 +1039,7 @@ nodelist_ensure_freshness(const networkstatus_t *ns) nodelist_set_consensus(ns); } } + /** Return a list of a node_t * for every node we know about. The caller * MUST NOT modify the list. (You can set and clear flags in the nodes if * you must, but you must not add or remove nodes.) */ @@ -1205,7 +1205,7 @@ node_ed25519_id_matches(const node_t *node, const ed25519_public_key_t *id) /** Dummy object that should be unreturnable. Used to ensure that * node_get_protover_summary_flags() always returns non-NULL. */ static const protover_summary_flags_t zero_protover_flags = { - 0,0,0,0,0,0,0,0,0,0,0,0 + 0,0,0,0,0,0,0,0,0,0,0,0,0 }; /** Return the protover_summary_flags for a given node. */ @@ -2470,7 +2470,6 @@ void router_dir_info_changed(void) { need_to_update_have_min_dir_info = 1; - rend_hsdir_routers_changed(); hs_service_dir_info_changed(); hs_client_dir_info_changed(); } @@ -2821,6 +2820,7 @@ update_router_have_minimum_dir_info(void) const networkstatus_t *consensus = networkstatus_get_reasonably_live_consensus(now,usable_consensus_flavor()); int using_md; + static int be_loud_when_things_work_again = 0; if (!consensus) { if (!networkstatus_get_latest_consensus()) @@ -2876,8 +2876,9 @@ update_router_have_minimum_dir_info(void) if (res && !have_min_dir_info) { control_event_client_status(LOG_NOTICE, "ENOUGH_DIR_INFO"); control_event_boot_dir(BOOTSTRAP_STATUS_ENOUGH_DIRINFO, 0); - log_info(LD_DIR, - "We now have enough directory information to build circuits."); + tor_log(be_loud_when_things_work_again ? LOG_NOTICE : LOG_INFO, LD_DIR, + "We now have enough directory information to build circuits."); + be_loud_when_things_work_again = 0; } /* If paths have just become unavailable in this update. */ @@ -2886,6 +2887,10 @@ update_router_have_minimum_dir_info(void) tor_log(quiet ? LOG_INFO : LOG_NOTICE, LD_DIR, "Our directory information is no longer up-to-date " "enough to build circuits: %s", dir_info_status); + if (!quiet) { + /* remember to do a notice-level log when things come back */ + be_loud_when_things_work_again = 1; + } /* a) make us log when we next complete a circuit, so we know when Tor * is back up and usable, and b) disable some activities that Tor diff --git a/src/feature/nodelist/nodelist.h b/src/feature/nodelist/nodelist.h index 44b8918b06..5a45490dbb 100644 --- a/src/feature/nodelist/nodelist.h +++ b/src/feature/nodelist/nodelist.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/routerinfo.c b/src/feature/nodelist/routerinfo.c index eb8eb74daa..7400ddd64c 100644 --- a/src/feature/nodelist/routerinfo.c +++ b/src/feature/nodelist/routerinfo.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/routerinfo.h b/src/feature/nodelist/routerinfo.h index bc78beb402..0fbce8345e 100644 --- a/src/feature/nodelist/routerinfo.h +++ b/src/feature/nodelist/routerinfo.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/routerinfo_st.h b/src/feature/nodelist/routerinfo_st.h index 7197c88c18..50134b2b96 100644 --- a/src/feature/nodelist/routerinfo_st.h +++ b/src/feature/nodelist/routerinfo_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/routerlist.c b/src/feature/nodelist/routerlist.c index a1a348edb9..c00f7ffb26 100644 --- a/src/feature/nodelist/routerlist.c +++ b/src/feature/nodelist/routerlist.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -1617,6 +1617,13 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg, "descriptor for router %s", router_describe(router)); } else { + if (router->purpose == ROUTER_PURPOSE_BRIDGE) { + /* Even if we're not going to keep this descriptor, we need to + * let the bridge descriptor fetch subsystem know that we + * succeeded at getting it -- so we can adjust the retry schedule + * to stop trying for a while. */ + learned_bridge_descriptor(router, from_cache, 0); + } log_info(LD_DIR, "Dropping descriptor that we already have for router %s", router_describe(router)); @@ -2012,6 +2019,30 @@ routerlist_remove_old_routers(void) router_rebuild_store(RRS_DONT_REMOVE_OLD,&routerlist->extrainfo_store); } +/* Drop every bridge descriptor in our routerlist. Used by the external + * 'bridgestrap' tool to discard bridge descriptors so that it can then + * do a clean reachability test. */ +void +routerlist_drop_bridge_descriptors(void) +{ + routerinfo_t *router; + int i; + + if (!routerlist) + return; + + for (i = 0; i < smartlist_len(routerlist->routers); ++i) { + router = smartlist_get(routerlist->routers, i); + if (router->purpose == ROUTER_PURPOSE_BRIDGE) { + log_notice(LD_DIR, + "Dropping existing bridge descriptor for %s", + router_describe(router)); + routerlist_remove(routerlist, router, 0, time(NULL)); + i--; + } + } +} + /** We just added a new set of descriptors. Take whatever extra steps * we need. */ void @@ -2023,7 +2054,7 @@ routerlist_descriptors_added(smartlist_t *sl, int from_cache) control_event_descriptors_changed(sl); SMARTLIST_FOREACH_BEGIN(sl, routerinfo_t *, ri) { if (ri->purpose == ROUTER_PURPOSE_BRIDGE) - learned_bridge_descriptor(ri, from_cache); + learned_bridge_descriptor(ri, from_cache, 1); if (ri->needs_retest_if_added) { ri->needs_retest_if_added = 0; dirserv_single_reachability_test(approx_time(), ri); diff --git a/src/feature/nodelist/routerlist.h b/src/feature/nodelist/routerlist.h index 98472b2771..7ba305baf6 100644 --- a/src/feature/nodelist/routerlist.h +++ b/src/feature/nodelist/routerlist.h @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -145,6 +145,7 @@ was_router_added_t router_add_extrainfo_to_routerlist( int from_cache, int from_fetch); void routerlist_descriptors_added(smartlist_t *sl, int from_cache); void routerlist_remove_old_routers(void); +void routerlist_drop_bridge_descriptors(void); int router_load_single_router(const char *s, uint8_t purpose, int cache, const char **msg); int router_load_routers_from_string(const char *s, const char *eos, diff --git a/src/feature/nodelist/routerlist_st.h b/src/feature/nodelist/routerlist_st.h index ec8933c7cb..28ede31a92 100644 --- a/src/feature/nodelist/routerlist_st.h +++ b/src/feature/nodelist/routerlist_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/routerset.c b/src/feature/nodelist/routerset.c index 0d123956d9..1f26e472aa 100644 --- a/src/feature/nodelist/routerset.c +++ b/src/feature/nodelist/routerset.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/routerset.h b/src/feature/nodelist/routerset.h index 18a0e31ba7..f80db52f7f 100644 --- a/src/feature/nodelist/routerset.h +++ b/src/feature/nodelist/routerset.h @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/routerstatus_st.h b/src/feature/nodelist/routerstatus_st.h index 254ba73f7f..55b76de581 100644 --- a/src/feature/nodelist/routerstatus_st.h +++ b/src/feature/nodelist/routerstatus_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -51,6 +51,8 @@ struct routerstatus_t { * choice as an entry guard. */ unsigned int is_bad_exit:1; /**< True iff this node is a bad choice for * an exit node. */ + unsigned int is_middle_only:1; /**< True iff this node is marked as bad + * for anything besides middle positions. */ unsigned int is_hs_dir:1; /**< True iff this router is a v2-or-later hidden * service directory. */ unsigned int is_v2_dir:1; /** True iff this router publishes an open DirPort @@ -58,6 +60,7 @@ struct routerstatus_t { */ unsigned int is_staledesc:1; /** True iff the authorities think this router * should upload a new descriptor soon. */ + unsigned int is_sybil:1; /** True iff this router is a sybil. */ unsigned int has_bandwidth:1; /**< The vote/consensus had bw info */ unsigned int has_exitsummary:1; /**< The vote/consensus had exit summaries */ diff --git a/src/feature/nodelist/signed_descriptor_st.h b/src/feature/nodelist/signed_descriptor_st.h index 068f2a733c..e1982af29d 100644 --- a/src/feature/nodelist/signed_descriptor_st.h +++ b/src/feature/nodelist/signed_descriptor_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/torcert.c b/src/feature/nodelist/torcert.c index dc36626122..8e115a2dc6 100644 --- a/src/feature/nodelist/torcert.c +++ b/src/feature/nodelist/torcert.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -13,7 +13,7 @@ * contents themselves may be another Ed25519 key, a digest of a * RSA key, or some other material. * - * In this module there is also support for a crooss-certification of + * In this module there is also support for a cross-certification of * Ed25519 identities using (older) RSA1024 identities. * * Tor uses other types of certificate too, beyond those described in this diff --git a/src/feature/nodelist/torcert.h b/src/feature/nodelist/torcert.h index 3314ee2550..edbe2564b6 100644 --- a/src/feature/nodelist/torcert.h +++ b/src/feature/nodelist/torcert.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/nodelist/vote_routerstatus_st.h b/src/feature/nodelist/vote_routerstatus_st.h index ad0ee3f23b..6b2f7b92a9 100644 --- a/src/feature/nodelist/vote_routerstatus_st.h +++ b/src/feature/nodelist/vote_routerstatus_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/circuitbuild_relay.c b/src/feature/relay/circuitbuild_relay.c index 289a5be557..5b1609a1af 100644 --- a/src/feature/relay/circuitbuild_relay.c +++ b/src/feature/relay/circuitbuild_relay.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -392,7 +392,9 @@ circuit_open_connection_for_extend(const struct extend_cell_t *ec, NULL, /*onion_key*/ NULL, /*curve25519_key*/ &chosen_ap->addr, - chosen_ap->port); + chosen_ap->port, + NULL /* protover summary */, + false); circ->n_chan_create_cell = tor_memdup(&ec->create_cell, sizeof(ec->create_cell)); diff --git a/src/feature/relay/circuitbuild_relay.h b/src/feature/relay/circuitbuild_relay.h index dc0b886a34..307825bb5c 100644 --- a/src/feature/relay/circuitbuild_relay.h +++ b/src/feature/relay/circuitbuild_relay.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c index 8b684fd9eb..a38bf5cf5a 100644 --- a/src/feature/relay/dns.c +++ b/src/feature/relay/dns.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -61,8 +61,10 @@ #include "core/or/relay.h" #include "feature/control/control_events.h" #include "feature/relay/dns.h" +#include "feature/nodelist/networkstatus.h" #include "feature/relay/router.h" #include "feature/relay/routermode.h" +#include "feature/stats/rephist.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/evloop/compat_libevent.h" #include "lib/sandbox/sandbox.h" @@ -109,6 +111,7 @@ static int answer_is_wildcarded(const char *ip); static int evdns_err_is_transient(int err); static void inform_pending_connections(cached_resolve_t *resolve); static void make_pending_resolve_cached(cached_resolve_t *cached); +static void configure_libevent_options(void); #ifdef DEBUG_DNS_CACHE static void assert_cache_ok_(void); @@ -211,6 +214,19 @@ evdns_log_cb(int warn, const char *msg) tor_log(severity, LD_EXIT, "eventdns: %s", msg); } +/** New consensus just appeared, take appropriate actions if need be. */ +void +dns_new_consensus_params(const networkstatus_t *ns) +{ + (void) ns; + + /* Consensus has parameters for the Exit relay DNS side and so we only reset + * the DNS nameservers if we are in server mode. */ + if (server_mode(get_options())) { + configure_libevent_options(); + } +} + /** Initialize the DNS subsystem; called by the OR process. */ int dns_init(void) @@ -1352,6 +1368,111 @@ configured_nameserver_address(const size_t idx) } #endif /* defined(HAVE_EVDNS_BASE_GET_NAMESERVER_ADDR) */ +/** Return a pointer to a stack allocated buffer containing the string + * representation of the exit_dns_timeout consensus parameter. */ +static const char * +get_consensus_param_exit_dns_timeout(void) +{ + static char str[4]; + + /* Get the Exit DNS timeout value from the consensus or default. This is in + * milliseconds. */ +#define EXIT_DNS_TIMEOUT_DEFAULT (1000) +#define EXIT_DNS_TIMEOUT_MIN (1) +#define EXIT_DNS_TIMEOUT_MAX (120000) + int32_t val = networkstatus_get_param(NULL, "exit_dns_timeout", + EXIT_DNS_TIMEOUT_DEFAULT, + EXIT_DNS_TIMEOUT_MIN, + EXIT_DNS_TIMEOUT_MAX); + /* NOTE: We convert it to seconds because libevent only supports that. In the + * future, if we support different resolver(s), we might want to specialize + * this call. */ + + /* NOTE: We also don't allow 0 and so we must cap the division to 1 second + * else all DNS request would fail if the consensus would ever tell us a + * value below 1000 (1 sec). */ + val = MAX(1, val / 1000); + + tor_snprintf(str, sizeof(str), "%d", val); + return str; +} + +/** Return a pointer to a stack allocated buffer containing the string + * representation of the exit_dns_num_attempts consensus parameter. */ +static const char * +get_consensus_param_exit_dns_attempts(void) +{ + static char str[4]; + + /* Get the Exit DNS number of attempt value from the consensus or default. */ +#define EXIT_DNS_NUM_ATTEMPTS_DEFAULT (2) +#define EXIT_DNS_NUM_ATTEMPTS_MIN (0) +#define EXIT_DNS_NUM_ATTEMPTS_MAX (255) + int32_t val = networkstatus_get_param(NULL, "exit_dns_num_attempts", + EXIT_DNS_NUM_ATTEMPTS_DEFAULT, + EXIT_DNS_NUM_ATTEMPTS_MIN, + EXIT_DNS_NUM_ATTEMPTS_MAX); + tor_snprintf(str, sizeof(str), "%d", val); + return str; +} + +/** Configure the libevent options. This can safely be called after + * initialization or even if the evdns base is not set. */ +static void +configure_libevent_options(void) +{ + /* This is possible because we can get called when a new consensus is set + * while the DNS subsystem is not initialized just yet. It should be + * harmless. */ + if (!the_evdns_base) { + return; + } + +#define SET(k,v) evdns_base_set_option(the_evdns_base, (k), (v)) + + // If we only have one nameserver, it does not make sense to back off + // from it for a timeout. Unfortunately, the value for max-timeouts is + // currently clamped by libevent to 255, but it does not hurt to set + // it higher in case libevent gets a patch for this. Higher-than- + // default maximum of 3 with multiple nameservers to avoid spuriously + // marking one down on bursts of timeouts resulting from scans/attacks + // against non-responding authoritative DNS servers. + if (evdns_base_count_nameservers(the_evdns_base) == 1) { + SET("max-timeouts:", "1000000"); + } else { + SET("max-timeouts:", "10"); + } + + // Elongate the queue of maximum inflight dns requests, so if a bunch + // remain pending at the resolver (happens commonly with Unbound) we won't + // stall every other DNS request. This potentially means some wasted + // CPU as there's a walk over a linear queue involved, but this is a + // much better tradeoff compared to just failing DNS requests because + // of a full queue. + SET("max-inflight:", "8192"); + + /* Set timeout to be 1 second. This tells libevent that it shouldn't wait + * more than N second to drop a DNS query and consider it "timed out". It is + * very important to differentiate here a libevent timeout and a DNS server + * timeout. And so, by setting this to N second, libevent sends back + * "DNS_ERR_TIMEOUT" if that N second is reached which does NOT indicate that + * the query itself timed out in transit. */ + SET("timeout:", get_consensus_param_exit_dns_timeout()); + + /* This tells libevent to attemps up to X times a DNS query if the previous + * one failed to complete within N second. We believe that this should be + * enough to catch temporary hiccups on the first query. But after that, it + * should signal us that it won't be able to resolve it. */ + SET("attempts:", get_consensus_param_exit_dns_attempts()); + + if (get_options()->ServerDNSRandomizeCase) + SET("randomize-case:", "1"); + else + SET("randomize-case:", "0"); + +#undef SET +} + /** Configure eventdns nameservers if force is true, or if the configuration * has changed since the last time we called this function, or if we failed on * our last attempt. On Unix, this reads from /etc/resolv.conf or @@ -1465,43 +1586,10 @@ configure_nameservers(int force) } #endif /* defined(_WIN32) */ -#define SET(k,v) evdns_base_set_option(the_evdns_base, (k), (v)) - - // If we only have one nameserver, it does not make sense to back off - // from it for a timeout. Unfortunately, the value for max-timeouts is - // currently clamped by libevent to 255, but it does not hurt to set - // it higher in case libevent gets a patch for this. Higher-than- - // default maximum of 3 with multiple nameservers to avoid spuriously - // marking one down on bursts of timeouts resulting from scans/attacks - // against non-responding authoritative DNS servers. - if (evdns_base_count_nameservers(the_evdns_base) == 1) { - SET("max-timeouts:", "1000000"); - } else { - SET("max-timeouts:", "10"); - } - - // Elongate the queue of maximum inflight dns requests, so if a bunch - // remain pending at the resolver (happens commonly with Unbound) we won't - // stall every other DNS request. This potentially means some wasted - // CPU as there's a walk over a linear queue involved, but this is a - // much better tradeoff compared to just failing DNS requests because - // of a full queue. - SET("max-inflight:", "8192"); - - // Two retries at 5 and 10 seconds for bind9/named which relies on - // clients to handle retries. Second retry for retried circuits with - // extended 15 second timeout. Superfluous with local-system Unbound - // instance--has its own elaborate retry scheme. - SET("timeout:", "5"); - SET("attempts:","3"); - - if (options->ServerDNSRandomizeCase) - SET("randomize-case:", "1"); - else - SET("randomize-case:", "0"); - -#undef SET + /* Setup libevent options. */ + configure_libevent_options(); + /* Relaunch periodical DNS check event. */ dns_servers_relaunch_checks(); nameservers_configured = 1; @@ -1639,6 +1727,10 @@ evdns_callback(int result, char type, int count, int ttl, void *addresses, dns_found_answer(string_address, orig_query_type, result, &addr, hostname, clip_dns_fuzzy_ttl(ttl)); + /* The result can be changed within this function thus why we note the result + * at the end. */ + rep_hist_note_dns_error(type, result); + tor_free(arg_); } @@ -1657,6 +1749,9 @@ launch_one_resolve(const char *address, uint8_t query_type, addr[0] = (char) query_type; memcpy(addr+1, address, addr_len + 1); + /* Note the query for our statistics. */ + rep_hist_note_dns_request(query_type); + switch (query_type) { case DNS_IPv4_A: req = evdns_base_resolve_ipv4(the_evdns_base, diff --git a/src/feature/relay/dns.h b/src/feature/relay/dns.h index 120b75bf8d..3f8519bd97 100644 --- a/src/feature/relay/dns.h +++ b/src/feature/relay/dns.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -26,6 +26,7 @@ void dns_reset_correctness_checks(void); size_t dns_cache_total_allocation(void); void dump_dns_mem_usage(int severity); size_t dns_cache_handle_oom(time_t now, size_t min_remove_bytes); +void dns_new_consensus_params(const networkstatus_t *ns); /* These functions are only used within the feature/relay module, and don't * need stubs. */ @@ -47,6 +48,8 @@ void dns_launch_correctness_checks(void); ((void)(severity)) #define dns_cache_handle_oom(now, bytes) \ ((void)(now), (void)(bytes), 0) +#define dns_new_consensus_params(ns) \ + ((void) ns) #define connection_dns_remove(conn) \ STMT_BEGIN \ diff --git a/src/feature/relay/dns_structs.h b/src/feature/relay/dns_structs.h index 27a791b9b3..d153629bf8 100644 --- a/src/feature/relay/dns_structs.h +++ b/src/feature/relay/dns_structs.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/ext_orport.c b/src/feature/relay/ext_orport.c index 1bb8741e45..89b287b0b4 100644 --- a/src/feature/relay/ext_orport.c +++ b/src/feature/relay/ext_orport.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -656,77 +656,6 @@ connection_ext_or_start_auth(or_connection_t *or_conn) return 0; } -/** Global map between Extended ORPort identifiers and OR - * connections. */ -static digestmap_t *orconn_ext_or_id_map = NULL; - -/** Remove the Extended ORPort identifier of <b>conn</b> from the - * global identifier list. Also, clear the identifier from the - * connection itself. */ -void -connection_or_remove_from_ext_or_id_map(or_connection_t *conn) -{ - or_connection_t *tmp; - if (!orconn_ext_or_id_map) - return; - if (!conn->ext_or_conn_id) - return; - - tmp = digestmap_remove(orconn_ext_or_id_map, conn->ext_or_conn_id); - if (!tor_digest_is_zero(conn->ext_or_conn_id)) - tor_assert(tmp == conn); - - memset(conn->ext_or_conn_id, 0, EXT_OR_CONN_ID_LEN); -} - -#ifdef TOR_UNIT_TESTS -/** Return the connection whose ext_or_id is <b>id</b>. Return NULL if no such - * connection is found. */ -or_connection_t * -connection_or_get_by_ext_or_id(const char *id) -{ - if (!orconn_ext_or_id_map) - return NULL; - return digestmap_get(orconn_ext_or_id_map, id); -} -#endif /* defined(TOR_UNIT_TESTS) */ - -/** Deallocate the global Extended ORPort identifier list */ -void -connection_or_clear_ext_or_id_map(void) -{ - digestmap_free(orconn_ext_or_id_map, NULL); - orconn_ext_or_id_map = NULL; -} - -/** Creates an Extended ORPort identifier for <b>conn</b> and deposits - * it into the global list of identifiers. */ -void -connection_or_set_ext_or_identifier(or_connection_t *conn) -{ - char random_id[EXT_OR_CONN_ID_LEN]; - or_connection_t *tmp; - - if (!orconn_ext_or_id_map) - orconn_ext_or_id_map = digestmap_new(); - - /* Remove any previous identifiers: */ - if (conn->ext_or_conn_id && !tor_digest_is_zero(conn->ext_or_conn_id)) - connection_or_remove_from_ext_or_id_map(conn); - - do { - crypto_rand(random_id, sizeof(random_id)); - } while (digestmap_get(orconn_ext_or_id_map, random_id)); - - if (!conn->ext_or_conn_id) - conn->ext_or_conn_id = tor_malloc_zero(EXT_OR_CONN_ID_LEN); - - memcpy(conn->ext_or_conn_id, random_id, EXT_OR_CONN_ID_LEN); - - tmp = digestmap_set(orconn_ext_or_id_map, random_id, conn); - tor_assert(!tmp); -} - /** Free any leftover allocated memory of the ext_orport.c subsystem. */ void ext_orport_free_all(void) diff --git a/src/feature/relay/ext_orport.h b/src/feature/relay/ext_orport.h index 416c358397..5a9063d005 100644 --- a/src/feature/relay/ext_orport.h +++ b/src/feature/relay/ext_orport.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -35,9 +35,6 @@ int connection_ext_or_start_auth(or_connection_t *or_conn); -void connection_or_set_ext_or_identifier(or_connection_t *conn); -void connection_or_remove_from_ext_or_id_map(or_connection_t *conn); -void connection_or_clear_ext_or_id_map(void); int connection_ext_or_finished_flushing(or_connection_t *conn); int connection_ext_or_process_inbuf(or_connection_t *or_conn); char *get_ext_or_auth_cookie_file_name(void); @@ -69,13 +66,6 @@ connection_ext_or_process_inbuf(or_connection_t *conn) tor_assert_nonfatal_unreached(); return -1; } -#define connection_or_set_ext_or_identifier(conn) \ - ((void)(conn)) -#define connection_or_remove_from_ext_or_id_map(conn) \ - ((void)(conn)) -#define connection_or_clear_ext_or_id_map() \ - STMT_NIL - #define get_ext_or_auth_cookie_file_name() \ (NULL) @@ -94,7 +84,6 @@ STATIC int handle_client_auth_nonce(const char *client_nonce, #ifdef TOR_UNIT_TESTS extern uint8_t *ext_or_auth_cookie; extern int ext_or_auth_cookie_is_set; -or_connection_t *connection_or_get_by_ext_or_id(const char *id); #endif #endif /* defined(EXT_ORPORT_PRIVATE) */ diff --git a/src/feature/relay/include.am b/src/feature/relay/include.am index 84bb1ff35e..8a121cef01 100644 --- a/src/feature/relay/include.am +++ b/src/feature/relay/include.am @@ -15,6 +15,7 @@ MODULE_RELAY_SOURCES = \ src/feature/relay/routermode.c \ src/feature/relay/relay_config.c \ src/feature/relay/relay_handshake.c \ + src/feature/relay/relay_metrics.c \ src/feature/relay/relay_periodic.c \ src/feature/relay/relay_sys.c \ src/feature/relay/routerkeys.c \ @@ -30,6 +31,7 @@ noinst_HEADERS += \ src/feature/relay/onion_queue.h \ src/feature/relay/relay_config.h \ src/feature/relay/relay_handshake.h \ + src/feature/relay/relay_metrics.h \ src/feature/relay/relay_periodic.h \ src/feature/relay/relay_sys.h \ src/feature/relay/relay_find_addr.h \ diff --git a/src/feature/relay/onion_queue.c b/src/feature/relay/onion_queue.c index 3cbaa65d28..b844aefcd1 100644 --- a/src/feature/relay/onion_queue.c +++ b/src/feature/relay/onion_queue.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -33,39 +33,104 @@ #include "core/or/circuitlist.h" #include "core/or/onion.h" #include "feature/nodelist/networkstatus.h" +#include "feature/stats/rephist.h" #include "core/or/or_circuit_st.h" +#include "core/or/channel.h" + +/** Onion queue default, max and min. */ + +/* In seconds. */ +#define ONION_QUEUE_WAIT_CUTOFF_DEFAULT 5 +#define ONION_QUEUE_WAIT_CUTOFF_MIN 0 +#define ONION_QUEUE_WAIT_CUTOFF_MAX INT32_MAX + +/* In msec. */ +#define ONION_QUEUE_MAX_DELAY_DEFAULT 1750 +#define ONION_QUEUE_MAX_DELAY_MIN 1 +#define ONION_QUEUE_MAX_DELAY_MAX INT32_MAX + +#define NUM_NTORS_PER_TAP_DEFAULT 10 +#define NUM_NTORS_PER_TAP_MIN 1 +#define NUM_NTORS_PER_TAP_MAX 100000 /** Type for a linked list of circuits that are waiting for a free CPU worker * to process a waiting onion handshake. */ typedef struct onion_queue_t { TOR_TAILQ_ENTRY(onion_queue_t) next; or_circuit_t *circ; - uint16_t handshake_type; + uint16_t queue_idx; create_cell_t *onionskin; time_t when_added; } onion_queue_t; -/** 5 seconds on the onion queue til we just send back a destroy */ -#define ONIONQUEUE_WAIT_CUTOFF 5 - TOR_TAILQ_HEAD(onion_queue_head_t, onion_queue_t); typedef struct onion_queue_head_t onion_queue_head_t; +/** We have 3 queues: tap, fast, and ntor. (ntorv3 goes into ntor queue). */ +#define MAX_QUEUE_IDX ONION_HANDSHAKE_TYPE_NTOR + /** Array of queues of circuits waiting for CPU workers. An element is NULL * if that queue is empty.*/ -static onion_queue_head_t ol_list[MAX_ONION_HANDSHAKE_TYPE+1] = +static onion_queue_head_t ol_list[MAX_QUEUE_IDX+1] = { TOR_TAILQ_HEAD_INITIALIZER(ol_list[0]), /* tap */ TOR_TAILQ_HEAD_INITIALIZER(ol_list[1]), /* fast */ TOR_TAILQ_HEAD_INITIALIZER(ol_list[2]), /* ntor */ }; /** Number of entries of each type currently in each element of ol_list[]. */ -static int ol_entries[MAX_ONION_HANDSHAKE_TYPE+1]; +static int ol_entries[MAX_QUEUE_IDX+1]; -static int num_ntors_per_tap(void); static void onion_queue_entry_remove(onion_queue_t *victim); +/** Consensus parameters. */ +static int32_t ns_num_ntors_per_tap = NUM_NTORS_PER_TAP_DEFAULT; +static time_t ns_onion_queue_wait_cutoff = ONION_QUEUE_WAIT_CUTOFF_DEFAULT; +static uint32_t ns_onion_queue_max_delay = ONION_QUEUE_MAX_DELAY_DEFAULT; + +/** Return the number of ntors per tap from the cached parameter. */ +static inline int32_t +get_num_ntors_per_tap(void) +{ + return ns_num_ntors_per_tap; +} + +/** Return the onion queue wait cutoff value from the cached parameter. */ +static inline time_t +get_onion_queue_wait_cutoff(void) +{ + return ns_onion_queue_wait_cutoff; +} + +/** Return the max onion queue delay value either from the torrc options (if + * the user explicitly set it) else from the cached parameter. */ +static inline uint32_t +get_onion_queue_max_delay(const or_options_t *options) +{ + if (options && options->MaxOnionQueueDelay > 0) { + return options->MaxOnionQueueDelay; + } + return ns_onion_queue_max_delay; +} + +/** + * We combine ntorv3 and ntor into the same queue, so we must + * use this function to covert the cell type to a queue index. + */ +static inline uint16_t +onionskin_type_to_queue(uint16_t type) +{ + if (type == ONION_HANDSHAKE_TYPE_NTOR_V3) { + return ONION_HANDSHAKE_TYPE_NTOR; + } + + if (BUG(type > MAX_QUEUE_IDX)) { + return MAX_QUEUE_IDX; // use ntor if out of range + } + + return type; +} + /* XXXX Check lengths vs MAX_ONIONSKIN_{CHALLENGE,REPLY}_LEN. * * (By which I think I meant, "make sure that no @@ -80,13 +145,22 @@ have_room_for_onionskin(uint16_t type) { const or_options_t *options = get_options(); int num_cpus; + uint64_t max_onion_queue_delay; uint64_t tap_usec, ntor_usec; uint64_t ntor_during_tap_usec, tap_during_ntor_usec; /* If we've got fewer than 50 entries, we always have room for one more. */ if (ol_entries[type] < 50) return 1; - num_cpus = get_num_cpus(options); + + /* If zero, this means our thread pool was never initialized meaning we can't + * really get here but make sure we don't have such value because we are + * using as a divisor. */ + num_cpus = cpuworker_get_n_threads(); + tor_assert(num_cpus > 0); + + max_onion_queue_delay = get_onion_queue_max_delay(options); + /* Compute how many microseconds we'd expect to need to clear all * onionskins in various combinations of the queues. */ @@ -104,32 +178,30 @@ have_room_for_onionskin(uint16_t type) * process while draining the ntor queue? */ tap_during_ntor_usec = estimated_usec_for_onionskins( MIN(ol_entries[ONION_HANDSHAKE_TYPE_TAP], - ol_entries[ONION_HANDSHAKE_TYPE_NTOR] / num_ntors_per_tap()), + ol_entries[ONION_HANDSHAKE_TYPE_NTOR] / get_num_ntors_per_tap()), ONION_HANDSHAKE_TYPE_TAP) / num_cpus; /* How long would it take to process the ntor cells that we expect to * process while draining the tap queue? */ ntor_during_tap_usec = estimated_usec_for_onionskins( MIN(ol_entries[ONION_HANDSHAKE_TYPE_NTOR], - ol_entries[ONION_HANDSHAKE_TYPE_TAP] * num_ntors_per_tap()), + ol_entries[ONION_HANDSHAKE_TYPE_TAP] * get_num_ntors_per_tap()), ONION_HANDSHAKE_TYPE_NTOR) / num_cpus; /* See whether that exceeds MaxOnionQueueDelay. If so, we can't queue * this. */ if (type == ONION_HANDSHAKE_TYPE_NTOR && - (ntor_usec + tap_during_ntor_usec) / 1000 > - (uint64_t)options->MaxOnionQueueDelay) + (ntor_usec + tap_during_ntor_usec) / 1000 > max_onion_queue_delay) return 0; if (type == ONION_HANDSHAKE_TYPE_TAP && - (tap_usec + ntor_during_tap_usec) / 1000 > - (uint64_t)options->MaxOnionQueueDelay) + (tap_usec + ntor_during_tap_usec) / 1000 > max_onion_queue_delay) return 0; /* If we support the ntor handshake, then don't let TAP handshakes use * more than 2/3 of the space on the queue. */ if (type == ONION_HANDSHAKE_TYPE_TAP && - tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3) + tap_usec / 1000 > max_onion_queue_delay * 2 / 3) return 0; return 1; @@ -143,6 +215,7 @@ onion_pending_add(or_circuit_t *circ, create_cell_t *onionskin) { onion_queue_t *tmp; time_t now = time(NULL); + uint16_t queue_idx = 0; if (onionskin->handshake_type > MAX_ONION_HANDSHAKE_TYPE) { /* LCOV_EXCL_START @@ -153,43 +226,52 @@ onion_pending_add(or_circuit_t *circ, create_cell_t *onionskin) /* LCOV_EXCL_STOP */ } + queue_idx = onionskin_type_to_queue(onionskin->handshake_type); + tmp = tor_malloc_zero(sizeof(onion_queue_t)); tmp->circ = circ; - tmp->handshake_type = onionskin->handshake_type; + tmp->queue_idx = queue_idx; tmp->onionskin = onionskin; tmp->when_added = now; - if (!have_room_for_onionskin(onionskin->handshake_type)) { + if (!have_room_for_onionskin(queue_idx)) { #define WARN_TOO_MANY_CIRC_CREATIONS_INTERVAL (60) static ratelim_t last_warned = RATELIM_INIT(WARN_TOO_MANY_CIRC_CREATIONS_INTERVAL); - char *m; - if (onionskin->handshake_type == ONION_HANDSHAKE_TYPE_NTOR && - (m = rate_limit_log(&last_warned, approx_time()))) { - log_warn(LD_GENERAL, - "Your computer is too slow to handle this many circuit " - "creation requests! Please consider using the " - "MaxAdvertisedBandwidth config option or choosing a more " - "restricted exit policy.%s",m); - tor_free(m); + if (!channel_is_client(circ->p_chan)) { + // Avoid counting create cells from clients, to go with the same + // check in command_process_create_cell(). + rep_hist_note_circuit_handshake_dropped(queue_idx); + } + if (queue_idx == ONION_HANDSHAKE_TYPE_NTOR) { + char *m; + if ((m = rate_limit_log(&last_warned, approx_time()))) { + log_warn(LD_GENERAL, + "Your computer is too slow to handle this many circuit " + "creation requests! Please consider using the " + "MaxAdvertisedBandwidth config option or choosing a more " + "restricted exit policy.%s", + m); + tor_free(m); + } } tor_free(tmp); return -1; } - ++ol_entries[onionskin->handshake_type]; + ++ol_entries[queue_idx]; log_info(LD_OR, "New create (%s). Queues now ntor=%d and tap=%d.", - onionskin->handshake_type == ONION_HANDSHAKE_TYPE_NTOR ? "ntor" : "tap", + queue_idx == ONION_HANDSHAKE_TYPE_NTOR ? "ntor" : "tap", ol_entries[ONION_HANDSHAKE_TYPE_NTOR], ol_entries[ONION_HANDSHAKE_TYPE_TAP]); circ->onionqueue_entry = tmp; - TOR_TAILQ_INSERT_TAIL(&ol_list[onionskin->handshake_type], tmp, next); + TOR_TAILQ_INSERT_TAIL(&ol_list[queue_idx], tmp, next); /* cull elderly requests. */ while (1) { - onion_queue_t *head = TOR_TAILQ_FIRST(&ol_list[onionskin->handshake_type]); - if (now - head->when_added < (time_t)ONIONQUEUE_WAIT_CUTOFF) + onion_queue_t *head = TOR_TAILQ_FIRST(&ol_list[queue_idx]); + if (now - head->when_added < get_onion_queue_wait_cutoff()) break; circ = head->circ; @@ -204,24 +286,6 @@ onion_pending_add(or_circuit_t *circ, create_cell_t *onionskin) return 0; } -/** Return a fairness parameter, to prefer processing NTOR style - * handshakes but still slowly drain the TAP queue so we don't starve - * it entirely. */ -static int -num_ntors_per_tap(void) -{ -#define DEFAULT_NUM_NTORS_PER_TAP 10 -#define MIN_NUM_NTORS_PER_TAP 1 -#define MAX_NUM_NTORS_PER_TAP 100000 - - int result = networkstatus_get_param(NULL, "NumNTorsPerTAP", - DEFAULT_NUM_NTORS_PER_TAP, - MIN_NUM_NTORS_PER_TAP, - MAX_NUM_NTORS_PER_TAP); - tor_assert(result > 0); - return result; -} - /** Choose which onion queue we'll pull from next. If one is empty choose * the other; if they both have elements, load balance across them but * favoring NTOR. */ @@ -245,7 +309,7 @@ decide_next_handshake_type(void) * once tap is rare. We should reevaluate whether we like this decision * once tap gets more rare. */ if (ol_entries[ONION_HANDSHAKE_TYPE_NTOR] && - recently_chosen_ntors <= num_ntors_per_tap()) + recently_chosen_ntors <= get_num_ntors_per_tap()) ++recently_chosen_ntors; return ONION_HANDSHAKE_TYPE_NTOR; /* no taps? try ntor */ @@ -253,7 +317,7 @@ decide_next_handshake_type(void) /* They both have something queued. Pick ntor if we haven't done that * too much lately. */ - if (++recently_chosen_ntors <= num_ntors_per_tap()) { + if (++recently_chosen_ntors <= get_num_ntors_per_tap()) { return ONION_HANDSHAKE_TYPE_NTOR; } @@ -276,15 +340,15 @@ onion_next_task(create_cell_t **onionskin_out) return NULL; /* no onions pending, we're done */ tor_assert(head->circ); - tor_assert(head->handshake_type <= MAX_ONION_HANDSHAKE_TYPE); + tor_assert(head->queue_idx <= MAX_QUEUE_IDX); // tor_assert(head->circ->p_chan); /* make sure it's still valid */ /* XXX I only commented out the above line to make the unit tests * more manageable. That's probably not good long-term. -RD */ circ = head->circ; if (head->onionskin) - --ol_entries[head->handshake_type]; + --ol_entries[head->queue_idx]; log_info(LD_OR, "Processing create (%s). Queues now ntor=%d and tap=%d.", - head->handshake_type == ONION_HANDSHAKE_TYPE_NTOR ? "ntor" : "tap", + head->queue_idx == ONION_HANDSHAKE_TYPE_NTOR ? "ntor" : "tap", ol_entries[ONION_HANDSHAKE_TYPE_NTOR], ol_entries[ONION_HANDSHAKE_TYPE_TAP]); @@ -300,7 +364,7 @@ onion_next_task(create_cell_t **onionskin_out) int onion_num_pending(uint16_t handshake_type) { - return ol_entries[handshake_type]; + return ol_entries[onionskin_type_to_queue(handshake_type)]; } /** Go through ol_list, find the onion_queue_t element which points to @@ -326,23 +390,23 @@ onion_pending_remove(or_circuit_t *circ) static void onion_queue_entry_remove(onion_queue_t *victim) { - if (victim->handshake_type > MAX_ONION_HANDSHAKE_TYPE) { + if (victim->queue_idx > MAX_QUEUE_IDX) { /* LCOV_EXCL_START * We should have rejected this far before this point */ log_warn(LD_BUG, "Handshake %d out of range! Dropping.", - victim->handshake_type); + victim->queue_idx); /* XXX leaks */ return; /* LCOV_EXCL_STOP */ } - TOR_TAILQ_REMOVE(&ol_list[victim->handshake_type], victim, next); + TOR_TAILQ_REMOVE(&ol_list[victim->queue_idx], victim, next); if (victim->circ) victim->circ->onionqueue_entry = NULL; if (victim->onionskin) - --ol_entries[victim->handshake_type]; + --ol_entries[victim->queue_idx]; tor_free(victim->onionskin); tor_free(victim); @@ -354,7 +418,7 @@ clear_pending_onions(void) { onion_queue_t *victim, *next; int i; - for (i=0; i<=MAX_ONION_HANDSHAKE_TYPE; i++) { + for (i=0; i<=MAX_QUEUE_IDX; i++) { for (victim = TOR_TAILQ_FIRST(&ol_list[i]); victim; victim = next) { next = TOR_TAILQ_NEXT(victim,next); onion_queue_entry_remove(victim); @@ -363,3 +427,28 @@ clear_pending_onions(void) } memset(ol_entries, 0, sizeof(ol_entries)); } + +/** Consensus has changed, update the cached parameters. */ +void +onion_consensus_has_changed(const networkstatus_t *ns) +{ + tor_assert(ns); + + ns_onion_queue_max_delay = + networkstatus_get_param(ns, "MaxOnionQueueDelay", + ONION_QUEUE_MAX_DELAY_DEFAULT, + ONION_QUEUE_MAX_DELAY_MIN, + ONION_QUEUE_MAX_DELAY_MAX); + + ns_onion_queue_wait_cutoff = + networkstatus_get_param(ns, "onion_queue_wait_cutoff", + ONION_QUEUE_WAIT_CUTOFF_DEFAULT, + ONION_QUEUE_WAIT_CUTOFF_MIN, + ONION_QUEUE_WAIT_CUTOFF_MAX); + + ns_num_ntors_per_tap = + networkstatus_get_param(ns, "NumNTorsPerTAP", + NUM_NTORS_PER_TAP_DEFAULT, + NUM_NTORS_PER_TAP_MIN, + NUM_NTORS_PER_TAP_MAX); +} diff --git a/src/feature/relay/onion_queue.h b/src/feature/relay/onion_queue.h index 08379b2c00..0c2b97c2b0 100644 --- a/src/feature/relay/onion_queue.h +++ b/src/feature/relay/onion_queue.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -14,6 +14,8 @@ struct create_cell_t; +void onion_consensus_has_changed(const networkstatus_t *ns); + int onion_pending_add(or_circuit_t *circ, struct create_cell_t *onionskin); or_circuit_t *onion_next_task(struct create_cell_t **onionskin_out); int onion_num_pending(uint16_t handshake_type); diff --git a/src/feature/relay/relay_config.c b/src/feature/relay/relay_config.c index 8ea0ad8397..85ccfc18a7 100644 --- a/src/feature/relay/relay_config.c +++ b/src/feature/relay/relay_config.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -190,7 +190,7 @@ describe_relay_port(const port_cfg_t *port) /** Return true iff port p1 is equal to p2. * - * This does a field by field comparaison. */ + * This does a field by field comparison. */ static bool port_cfg_eq(const port_cfg_t *p1, const port_cfg_t *p2) { diff --git a/src/feature/relay/relay_config.h b/src/feature/relay/relay_config.h index d36863a1a1..cb08531782 100644 --- a/src/feature/relay/relay_config.h +++ b/src/feature/relay/relay_config.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -93,7 +93,7 @@ STATIC int have_enough_mem_for_dircache(const struct or_options_t *options, struct port_cfg_t; STATIC const char *describe_relay_port(const struct port_cfg_t *port); -#endif /* TOR_UNIT_TESTS */ +#endif /* defined(TOR_UNIT_TESTS) */ #endif /* defined(RELAY_CONFIG_PRIVATE) */ diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c index c43885af51..f4f9d40823 100644 --- a/src/feature/relay/relay_find_addr.c +++ b/src/feature/relay/relay_find_addr.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2001-2020, The Tor Project, Inc. */ +/* Copyright (c) 2001-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -221,7 +221,7 @@ relay_addr_learn_from_dirauth(void) "learn for now our address from them."); return; } - extend_info_t *ei = extend_info_from_node(node, 1); + extend_info_t *ei = extend_info_from_node(node, 1, false); if (BUG(!ei)) { return; } diff --git a/src/feature/relay/relay_find_addr.h b/src/feature/relay/relay_find_addr.h index f049d1bd20..5bb7f8736e 100644 --- a/src/feature/relay/relay_find_addr.h +++ b/src/feature/relay/relay_find_addr.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -28,5 +28,5 @@ void relay_addr_learn_from_dirauth(void); #endif /* RELAY_FIND_ADDR_PRIVATE */ -#endif /* TOR_RELAY_FIND_ADDR_H */ +#endif /* !defined(TOR_RELAY_FIND_ADDR_H) */ diff --git a/src/feature/relay/relay_handshake.c b/src/feature/relay/relay_handshake.c index 030dc94956..be7dba721a 100644 --- a/src/feature/relay/relay_handshake.c +++ b/src/feature/relay/relay_handshake.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/relay_handshake.h b/src/feature/relay/relay_handshake.h index 99a658cbcc..87199c1c2d 100644 --- a/src/feature/relay/relay_handshake.h +++ b/src/feature/relay/relay_handshake.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/relay_metrics.c b/src/feature/relay/relay_metrics.c new file mode 100644 index 0000000000..cdf34a3404 --- /dev/null +++ b/src/feature/relay/relay_metrics.c @@ -0,0 +1,1058 @@ +/* Copyright (c) 2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file relay_metrics.c + * @brief Relay metrics exposed through the MetricsPort + **/ + +#define RELAY_METRICS_ENTRY_PRIVATE + +#include "orconfig.h" + +#include "core/or/or.h" +#include "core/mainloop/connection.h" +#include "core/mainloop/mainloop.h" +#include "core/or/congestion_control_common.h" +#include "core/or/congestion_control_vegas.h" +#include "core/or/congestion_control_flow.h" +#include "core/or/circuitlist.h" +#include "core/or/dos.h" +#include "core/or/relay.h" + +#include "app/config/config.h" + +#include "lib/container/smartlist.h" +#include "lib/log/util_bug.h" +#include "lib/malloc/malloc.h" +#include "lib/math/fp.h" +#include "lib/metrics/metrics_store.h" + +#include "feature/hs/hs_dos.h" +#include "feature/nodelist/nodelist.h" +#include "feature/nodelist/node_st.h" +#include "feature/nodelist/routerstatus_st.h" +#include "feature/relay/relay_metrics.h" +#include "feature/relay/router.h" +#include "feature/stats/rephist.h" + +#include <event2/dns.h> + +/** Declarations of each fill function for metrics defined in base_metrics. */ +static void fill_cc_counters_values(void); +static void fill_cc_gauges_values(void); +static void fill_circuits_values(void); +static void fill_conn_counter_values(void); +static void fill_conn_gauge_values(void); +static void fill_dns_error_values(void); +static void fill_dns_query_values(void); +static void fill_dos_values(void); +static void fill_global_bw_limit_values(void); +static void fill_socket_values(void); +static void fill_onionskins_values(void); +static void fill_oom_values(void); +static void fill_streams_values(void); +static void fill_relay_flags(void); +static void fill_tcp_exhaustion_values(void); +static void fill_traffic_values(void); + +/** The base metrics that is a static array of metrics added to the metrics + * store. + * + * The key member MUST be also the index of the entry in the array. */ +static const relay_metrics_entry_t base_metrics[] = +{ + { + .key = RELAY_METRICS_NUM_OOM_BYTES, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_load_oom_bytes_total), + .help = "Total number of bytes the OOM has freed by subsystem", + .fill_fn = fill_oom_values, + }, + { + .key = RELAY_METRICS_NUM_ONIONSKINS, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_load_onionskins_total), + .help = "Total number of onionskins handled", + .fill_fn = fill_onionskins_values, + }, + { + .key = RELAY_METRICS_NUM_SOCKETS, + .type = METRICS_TYPE_GAUGE, + .name = METRICS_NAME(relay_load_socket_total), + .help = "Total number of sockets", + .fill_fn = fill_socket_values, + }, + { + .key = RELAY_METRICS_NUM_GLOBAL_RW_LIMIT, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_load_global_rate_limit_reached_total), + .help = "Total number of global connection bucket limit reached", + .fill_fn = fill_global_bw_limit_values, + }, + { + .key = RELAY_METRICS_NUM_DNS, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_exit_dns_query_total), + .help = "Total number of DNS queries done by this relay", + .fill_fn = fill_dns_query_values, + }, + { + .key = RELAY_METRICS_NUM_DNS_ERRORS, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_exit_dns_error_total), + .help = "Total number of DNS errors encountered by this relay", + .fill_fn = fill_dns_error_values, + }, + { + .key = RELAY_METRICS_NUM_TCP_EXHAUSTION, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_load_tcp_exhaustion_total), + .help = "Total number of times we ran out of TCP ports", + .fill_fn = fill_tcp_exhaustion_values, + }, + { + .key = RELAY_METRICS_CONN_COUNTERS, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_connections_total), + .help = "Total number of created/rejected connections", + .fill_fn = fill_conn_counter_values, + }, + { + .key = RELAY_METRICS_CONN_GAUGES, + .type = METRICS_TYPE_GAUGE, + .name = METRICS_NAME(relay_connections), + .help = "Total number of opened connections", + .fill_fn = fill_conn_gauge_values, + }, + { + .key = RELAY_METRICS_NUM_STREAMS, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_streams_total), + .help = "Total number of streams", + .fill_fn = fill_streams_values, + }, + { + .key = RELAY_METRICS_CC_COUNTERS, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_congestion_control_total), + .help = "Congestion control related counters", + .fill_fn = fill_cc_counters_values, + }, + { + .key = RELAY_METRICS_CC_GAUGES, + .type = METRICS_TYPE_GAUGE, + .name = METRICS_NAME(relay_congestion_control), + .help = "Congestion control related gauges", + .fill_fn = fill_cc_gauges_values, + }, + { + .key = RELAY_METRICS_NUM_DOS, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_dos_total), + .help = "Denial of Service defenses related counters", + .fill_fn = fill_dos_values, + }, + { + .key = RELAY_METRICS_NUM_TRAFFIC, + .type = METRICS_TYPE_COUNTER, + .name = METRICS_NAME(relay_traffic_bytes), + .help = "Traffic related counters", + .fill_fn = fill_traffic_values, + }, + { + .key = RELAY_METRICS_RELAY_FLAGS, + .type = METRICS_TYPE_GAUGE, + .name = METRICS_NAME(relay_flag), + .help = "Relay flags from consensus", + .fill_fn = fill_relay_flags, + }, + { + .key = RELAY_METRICS_NUM_CIRCUITS, + .type = METRICS_TYPE_GAUGE, + .name = METRICS_NAME(relay_circuits_total), + .help = "Total number of circuits", + .fill_fn = fill_circuits_values, + }, +}; +static const size_t num_base_metrics = ARRAY_LENGTH(base_metrics); + +/** The only and single store of all the relay metrics. */ +static metrics_store_t *the_store; + +/** Helper function to convert an handshake type into a string. */ +static inline const char * +handshake_type_to_str(const uint16_t type) +{ + switch (type) { + case ONION_HANDSHAKE_TYPE_TAP: + return "tap"; + case ONION_HANDSHAKE_TYPE_FAST: + return "fast"; + case ONION_HANDSHAKE_TYPE_NTOR: + return "ntor"; + case ONION_HANDSHAKE_TYPE_NTOR_V3: + return "ntor_v3"; + default: + // LCOV_EXCL_START + tor_assert_unreached(); + // LCOV_EXCL_STOP + } +} + +/** Helper function to convert a socket family type into a string. */ +static inline const char * +af_to_string(const int af) +{ + switch (af) { + case AF_INET: + return "ipv4"; + case AF_INET6: + return "ipv6"; + case AF_UNIX: + return "unix"; + default: + return "<unknown>"; + } +} + +/** Fill function for the RELAY_METRICS_NUM_CIRCUITS metric. */ +static void +fill_circuits_values(void) +{ + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_CIRCUITS]; + metrics_store_entry_t *sentry = + metrics_store_add(the_store, rentry->type, rentry->name, rentry->help); + + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "opened")); + metrics_store_entry_update(sentry, + smartlist_len(circuit_get_global_list())); +} + +/** Fill function for the RELAY_METRICS_RELAY_FLAGS metric. */ +static void +fill_relay_flags(void) +{ + uint8_t is_fast = 0, is_exit = 0, is_authority = 0, is_stable = 0; + uint8_t is_running = 0, is_v2_dir = 0, is_guard = 0, is_sybil = 0; + uint8_t is_hs_dir = 0; + + const node_t *me = + node_get_by_id((const char *) router_get_my_id_digest()); + if (me && me->rs) { + is_fast = me->rs->is_fast; + is_exit = me->rs->is_exit; + is_authority = me->rs->is_authority; + is_stable = me->rs->is_stable; + is_running = me->rs->is_flagged_running; + is_v2_dir = me->rs->is_v2_dir; + is_guard = me->rs->is_possible_guard; + is_sybil = me->rs->is_sybil; + is_hs_dir = me->rs->is_hs_dir; + } + + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_RELAY_FLAGS]; + metrics_store_entry_t *sentry = + metrics_store_add(the_store, rentry->type, rentry->name, rentry->help); + + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "Fast")); + metrics_store_entry_update(sentry, is_fast); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "Exit")); + metrics_store_entry_update(sentry, is_exit); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "Authority")); + metrics_store_entry_update(sentry, is_authority); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "Stable")); + metrics_store_entry_update(sentry, is_stable); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "HSDir")); + metrics_store_entry_update(sentry, is_hs_dir); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "Running")); + metrics_store_entry_update(sentry, is_running); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "V2Dir")); + metrics_store_entry_update(sentry, is_v2_dir); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "Sybil")); + metrics_store_entry_update(sentry, is_sybil); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "Guard")); + metrics_store_entry_update(sentry, is_guard); +} + +/** Fill function for the RELAY_METRICS_NUM_TRAFFIC metric. */ +static void +fill_traffic_values(void) +{ + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_TRAFFIC]; + metrics_store_entry_t *sentry = + metrics_store_add(the_store, rentry->type, rentry->name, rentry->help); + + metrics_store_entry_add_label(sentry, + metrics_format_label("direction", "read")); + metrics_store_entry_update(sentry, get_bytes_read()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("direction", "written")); + metrics_store_entry_update(sentry, get_bytes_written()); +} + +/** Fill function for the RELAY_METRICS_NUM_DOS metric. */ +static void +fill_dos_values(void) +{ + const relay_metrics_entry_t *rentry = &base_metrics[RELAY_METRICS_NUM_DOS]; + metrics_store_entry_t *sentry = + metrics_store_add(the_store, rentry->type, rentry->name, rentry->help); + + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "circuit_rejected")); + metrics_store_entry_update(sentry, dos_get_num_cc_rejected()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "circuit_killed_max_cell")); + metrics_store_entry_update(sentry, stats_n_circ_max_cell_reached); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "circuit_killed_max_cell_outq")); + metrics_store_entry_update(sentry, stats_n_circ_max_cell_outq_reached); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "marked_address")); + metrics_store_entry_update(sentry, dos_get_num_cc_marked_addr()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "marked_address_maxq")); + metrics_store_entry_update(sentry, dos_get_num_cc_marked_addr_maxq()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "conn_rejected")); + metrics_store_entry_update(sentry, dos_get_num_conn_addr_connect_rejected()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "concurrent_conn_rejected")); + metrics_store_entry_update(sentry, dos_get_num_conn_addr_rejected()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "single_hop_refused")); + metrics_store_entry_update(sentry, dos_get_num_single_hop_refused()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("type", "introduce2_rejected")); + metrics_store_entry_update(sentry, hs_dos_get_intro2_rejected_count()); +} + +/** Fill function for the RELAY_METRICS_CC_COUNTERS metric. */ +static void +fill_cc_counters_values(void) +{ + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_CC_COUNTERS]; + + metrics_store_entry_t *sentry = + metrics_store_add(the_store, rentry->type, rentry->name, rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "starvation")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "rtt_reset")); + metrics_store_entry_update(sentry, congestion_control_get_num_rtt_reset()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "clock_stalls")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "rtt_skipped")); + metrics_store_entry_update(sentry, + congestion_control_get_num_clock_stalls()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "flow_control")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "xoff_num_sent")); + metrics_store_entry_update(sentry, + cc_stats_flow_num_xoff_sent); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "flow_control")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "xon_num_sent")); + metrics_store_entry_update(sentry, + cc_stats_flow_num_xon_sent); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_limits")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "above_delta")); + metrics_store_entry_update(sentry, cc_stats_vegas_above_delta); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_limits")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "above_ss_cwnd_max")); + metrics_store_entry_update(sentry, cc_stats_vegas_above_ss_cwnd_max); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_limits")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "below_ss_inc_floor")); + metrics_store_entry_update(sentry, cc_stats_vegas_below_ss_inc_floor); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_circuits")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "circs_created")); + metrics_store_entry_update(sentry, cc_stats_circs_created); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_circuits")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "circs_closed")); + metrics_store_entry_update(sentry, cc_stats_circs_closed); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_circuits")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "circs_exited_ss")); + metrics_store_entry_update(sentry, cc_stats_vegas_circ_exited_ss); +} + +/** Fill function for the RELAY_METRICS_CC_GAUGES metric. */ +static void +fill_cc_gauges_values(void) +{ + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_CC_GAUGES]; + + metrics_store_entry_t *sentry = + metrics_store_add(the_store, rentry->type, rentry->name, rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "slow_start_exit")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "cwnd")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_exit_ss_cwnd_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "slow_start_exit")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "bdp")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_exit_ss_bdp_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "slow_start_exit")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "inc")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_exit_ss_inc_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "on_circ_close")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "cwnd")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_circ_close_cwnd_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "on_circ_close")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "ss_cwnd")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_circ_close_ss_cwnd_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "buffers")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "xon_outbuf")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_flow_xon_outbuf_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "buffers")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "xoff_outbuf")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_flow_xoff_outbuf_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_backoff")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "chan_blocked_pct")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_csig_blocked_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_backoff")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "gamma_drop")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_gamma_drop_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_backoff")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "delta_drop")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_delta_drop_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_backoff")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "ss_chan_blocked_pct")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_ss_csig_blocked_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_cwnd_update")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "alpha_pct")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_csig_alpha_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_cwnd_update")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "beta_pct")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_csig_beta_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_cwnd_update")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "delta_pct")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_csig_delta_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_estimates")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "ss_queue")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_ss_queue_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_estimates")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "queue")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_queue_ma)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "cc_estimates")); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "bdp")); + metrics_store_entry_update(sentry, + tor_llround(cc_stats_vegas_bdp_ma)); +} + +/** Helper: Fill in single stream metrics output. */ +static void +fill_single_stream_value(metrics_store_entry_t *sentry, uint8_t cmd) +{ + metrics_store_entry_add_label(sentry, + metrics_format_label("type", relay_command_to_string(cmd))); + metrics_store_entry_update(sentry, rep_hist_get_exit_stream_seen(cmd)); +} + +/** Fill function for the RELAY_METRICS_NUM_STREAMS metric. */ +static void +fill_streams_values(void) +{ + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_STREAMS]; + metrics_store_entry_t *sentry = + metrics_store_add(the_store, rentry->type, rentry->name, rentry->help); + fill_single_stream_value(sentry, RELAY_COMMAND_BEGIN); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_stream_value(sentry, RELAY_COMMAND_BEGIN_DIR); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_stream_value(sentry, RELAY_COMMAND_RESOLVE); +} + +/** Helper: Fill in single connection metrics output. */ +static void +fill_single_connection_value(metrics_store_entry_t *sentry, + unsigned int conn_type, + const char* direction, + const char* state, + int socket_family, + uint64_t value) +{ + metrics_store_entry_add_label(sentry, + metrics_format_label("type", conn_type_to_string(conn_type))); + metrics_store_entry_add_label(sentry, + metrics_format_label("direction", direction)); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", state)); + metrics_store_entry_add_label(sentry, + metrics_format_label("family", af_to_string(socket_family))); + metrics_store_entry_update(sentry, value); +} + +/** Fill function for the RELAY_METRICS_CONN_COUNTERS metric. */ +static void +fill_conn_counter_values(void) +{ + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_CONN_COUNTERS]; + + for (unsigned int i = CONN_TYPE_MIN_; i < CONN_TYPE_MAX_ ; i++) { + /* Type is unused. Ugly but else we clobber the output. */ + if (i == 10) { + continue; + } + metrics_store_entry_t *sentry = + metrics_store_add(the_store, rentry->type, rentry->name, rentry->help); + fill_single_connection_value(sentry, i, "initiated", "created", AF_INET, + rep_hist_get_conn_created(false, i, AF_INET)); + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_connection_value(sentry, i, "initiated", "created", AF_INET6, + rep_hist_get_conn_created(false, i, + AF_INET6)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_connection_value(sentry, i, "received", "created", AF_INET, + rep_hist_get_conn_created(true, i, AF_INET)); + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_connection_value(sentry, i, "received", "created", AF_INET6, + rep_hist_get_conn_created(true, i, AF_INET6)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_connection_value(sentry, i, "received", "rejected", AF_INET, + rep_hist_get_conn_rejected(i, AF_INET)); + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_connection_value(sentry, i, "received", "rejected", AF_INET6, + rep_hist_get_conn_rejected(i, AF_INET6)); + + /* No counter for "initiated" + "rejected" connections exists. */ + } +} + +/** Fill function for the RELAY_METRICS_CONN_GAUGES metric. */ +static void +fill_conn_gauge_values(void) +{ + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_CONN_GAUGES]; + + for (unsigned int i = CONN_TYPE_MIN_; i < CONN_TYPE_MAX_ ; i++) { + /* Type is unused. Ugly but else we clobber the output. */ + if (i == 10) { + continue; + } + metrics_store_entry_t *sentry = + metrics_store_add(the_store, rentry->type, rentry->name, rentry->help); + fill_single_connection_value(sentry, i, "initiated", "opened", AF_INET, + rep_hist_get_conn_opened(false, i, AF_INET)); + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_connection_value(sentry, i, "initiated", "opened", AF_INET6, + rep_hist_get_conn_opened(false, i, AF_INET6)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_connection_value(sentry, i, "received", "opened", AF_INET, + rep_hist_get_conn_opened(true, i, AF_INET)); + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + fill_single_connection_value(sentry, i, "received", "opened", AF_INET6, + rep_hist_get_conn_opened(true, i, AF_INET6)); + } +} + +/** Fill function for the RELAY_METRICS_NUM_DNS metrics. */ +static void +fill_tcp_exhaustion_values(void) +{ + metrics_store_entry_t *sentry; + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_TCP_EXHAUSTION]; + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_update(sentry, rep_hist_get_n_tcp_exhaustion()); +} + +/* NOTE: Disable the record type label until libevent is fixed. */ +#if 0 +/** Helper array containing mapping for the name of the different DNS records + * and their corresponding libevent values. */ +static struct dns_type { + const char *name; + uint8_t type; +} dns_types[] = { + { .name = "A", .type = DNS_IPv4_A }, + { .name = "PTR", .type = DNS_PTR }, + { .name = "AAAA", .type = DNS_IPv6_AAAA }, +}; +static const size_t num_dns_types = ARRAY_LENGTH(dns_types); +#endif + +/** Fill function for the RELAY_METRICS_NUM_DNS_ERRORS metrics. */ +static void +fill_dns_error_values(void) +{ + metrics_store_entry_t *sentry; + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_DNS_ERRORS]; + + /* Helper array to map libeven DNS errors to their names and so we can + * iterate over this array to add all metrics. */ + static struct dns_error { + const char *name; + uint8_t key; + } errors[] = { + { .name = "success", .key = DNS_ERR_NONE }, + { .name = "format", .key = DNS_ERR_FORMAT }, + { .name = "serverfailed", .key = DNS_ERR_SERVERFAILED }, + { .name = "notexist", .key = DNS_ERR_NOTEXIST }, + { .name = "notimpl", .key = DNS_ERR_NOTIMPL }, + { .name = "refused", .key = DNS_ERR_REFUSED }, + { .name = "truncated", .key = DNS_ERR_TRUNCATED }, + { .name = "unknown", .key = DNS_ERR_UNKNOWN }, + { .name = "tor_timeout", .key = DNS_ERR_TIMEOUT }, + { .name = "shutdown", .key = DNS_ERR_SHUTDOWN }, + { .name = "cancel", .key = DNS_ERR_CANCEL }, + { .name = "nodata", .key = DNS_ERR_NODATA }, + }; + static const size_t num_errors = ARRAY_LENGTH(errors); + + /* NOTE: Disable the record type label until libevent is fixed. */ +#if 0 + for (size_t i = 0; i < num_dns_types; i++) { + /* Dup the label because metrics_format_label() returns a pointer to a + * string on the stack and we need that label for all metrics. */ + char *record_label = + tor_strdup(metrics_format_label("record", dns_types[i].name)); + + for (size_t j = 0; j < num_errors; j++) { + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, record_label); + metrics_store_entry_add_label(sentry, + metrics_format_label("reason", errors[j].name)); + metrics_store_entry_update(sentry, + rep_hist_get_n_dns_error(dns_types[i].type, errors[j].key)); + } + tor_free(record_label); + } +#endif + + /* Put in the DNS errors, unfortunately not per-type for now. */ + for (size_t j = 0; j < num_errors; j++) { + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("reason", errors[j].name)); + metrics_store_entry_update(sentry, + rep_hist_get_n_dns_error(0, errors[j].key)); + } +} + +/** Fill function for the RELAY_METRICS_NUM_DNS metrics. */ +static void +fill_dns_query_values(void) +{ + metrics_store_entry_t *sentry; + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_DNS]; + + /* NOTE: Disable the record type label until libevent is fixed (#40490). */ +#if 0 + for (size_t i = 0; i < num_dns_types; i++) { + /* Dup the label because metrics_format_label() returns a pointer to a + * string on the stack and we need that label for all metrics. */ + char *record_label = + tor_strdup(metrics_format_label("record", dns_types[i].name)); + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, record_label); + metrics_store_entry_update(sentry, + rep_hist_get_n_dns_request(dns_types[i].type)); + tor_free(record_label); + } +#endif + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_update(sentry, rep_hist_get_n_dns_request(0)); +} + +/** Fill function for the RELAY_METRICS_NUM_GLOBAL_RW_LIMIT metrics. */ +static void +fill_global_bw_limit_values(void) +{ + metrics_store_entry_t *sentry; + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_GLOBAL_RW_LIMIT]; + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("side", "read")); + metrics_store_entry_update(sentry, rep_hist_get_n_read_limit_reached()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("side", "write")); + metrics_store_entry_update(sentry, rep_hist_get_n_write_limit_reached()); +} + +/** Fill function for the RELAY_METRICS_NUM_SOCKETS metrics. */ +static void +fill_socket_values(void) +{ + metrics_store_entry_t *sentry; + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_SOCKETS]; + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("state", "opened")); + metrics_store_entry_update(sentry, get_n_open_sockets()); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_update(sentry, get_max_sockets()); +} + +/** Fill function for the RELAY_METRICS_NUM_ONIONSKINS metrics. */ +static void +fill_onionskins_values(void) +{ + metrics_store_entry_t *sentry; + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_ONIONSKINS]; + + for (uint16_t t = 0; t <= MAX_ONION_HANDSHAKE_TYPE; t++) { + /* Dup the label because metrics_format_label() returns a pointer to a + * string on the stack and we need that label for all metrics. */ + char *type_label = + tor_strdup(metrics_format_label("type", handshake_type_to_str(t))); + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, type_label); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "processed")); + metrics_store_entry_update(sentry, + rep_hist_get_circuit_n_handshake_assigned(t)); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, type_label); + metrics_store_entry_add_label(sentry, + metrics_format_label("action", "dropped")); + metrics_store_entry_update(sentry, + rep_hist_get_circuit_n_handshake_dropped(t)); + tor_free(type_label); + } +} + +/** Fill function for the RELAY_METRICS_NUM_OOM_BYTES metrics. */ +static void +fill_oom_values(void) +{ + metrics_store_entry_t *sentry; + const relay_metrics_entry_t *rentry = + &base_metrics[RELAY_METRICS_NUM_OOM_BYTES]; + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("subsys", "cell")); + metrics_store_entry_update(sentry, oom_stats_n_bytes_removed_cell); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("subsys", "dns")); + metrics_store_entry_update(sentry, oom_stats_n_bytes_removed_dns); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("subsys", "geoip")); + metrics_store_entry_update(sentry, oom_stats_n_bytes_removed_geoip); + + sentry = metrics_store_add(the_store, rentry->type, rentry->name, + rentry->help); + metrics_store_entry_add_label(sentry, + metrics_format_label("subsys", "hsdir")); + metrics_store_entry_update(sentry, oom_stats_n_bytes_removed_hsdir); +} + +/** Reset the global store and fill it with all the metrics from base_metrics + * and their associated values. + * + * To pull this off, every metrics has a "fill" function that is called and in + * charge of adding the metrics to the store, appropriate labels and finally + * updating the value to report. */ +static void +fill_store(void) +{ + /* Reset the current store, we are about to fill it with all the things. */ + metrics_store_reset(the_store); + + /* Call the fill function for each metrics. */ + for (size_t i = 0; i < num_base_metrics; i++) { + if (BUG(!base_metrics[i].fill_fn)) { + continue; + } + base_metrics[i].fill_fn(); + } +} + +/** Return a list of all the relay metrics stores. This is the + * function attached to the .get_metrics() member of the subsys_t. */ +const smartlist_t * +relay_metrics_get_stores(void) +{ + /* We can't have the caller to free the returned list so keep it static, + * simply update it. */ + static smartlist_t *stores_list = NULL; + + /* We dynamically fill the store with all the metrics upon a request. The + * reason for this is because the exposed metrics of a relay are often + * internal counters in the fast path and thus we fetch the value when a + * metrics port request arrives instead of keeping a local metrics store of + * those values. */ + fill_store(); + + if (!stores_list) { + stores_list = smartlist_new(); + smartlist_add(stores_list, the_store); + } + + return stores_list; +} + +/** Initialize the relay metrics. */ +void +relay_metrics_init(void) +{ + if (BUG(the_store)) { + return; + } + the_store = metrics_store_new(); +} + +/** Free the relay metrics. */ +void +relay_metrics_free(void) +{ + if (!the_store) { + return; + } + /* NULL is set with this call. */ + metrics_store_free(the_store); +} diff --git a/src/feature/relay/relay_metrics.h b/src/feature/relay/relay_metrics.h new file mode 100644 index 0000000000..1d2d649d8a --- /dev/null +++ b/src/feature/relay/relay_metrics.h @@ -0,0 +1,73 @@ +/* Copyright (c) 2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file relay_metrics.h + * @brief Header for feature/relay/relay_metrics.c + **/ + +#ifndef TOR_FEATURE_RELAY_RELAY_METRICS_H +#define TOR_FEATURE_RELAY_RELAY_METRICS_H + +#include "lib/container/smartlist.h" +#include "lib/metrics/metrics_common.h" + +/** Metrics key for each reported metrics. This key is also used as an index in + * the base_metrics array. */ +typedef enum { + /** Number of OOM invocation. */ + RELAY_METRICS_NUM_OOM_BYTES, + /** Number of onionskines handled. */ + RELAY_METRICS_NUM_ONIONSKINS, + /** Number of sockets. */ + RELAY_METRICS_NUM_SOCKETS, + /** Number of global connection rate limit. */ + RELAY_METRICS_NUM_GLOBAL_RW_LIMIT, + /** Number of DNS queries. */ + RELAY_METRICS_NUM_DNS, + /** Number of DNS query errors. */ + RELAY_METRICS_NUM_DNS_ERRORS, + /** Number of TCP exhaustion reached. */ + RELAY_METRICS_NUM_TCP_EXHAUSTION, + /** Connections counters (always going up). */ + RELAY_METRICS_CONN_COUNTERS, + /** Connections gauges. */ + RELAY_METRICS_CONN_GAUGES, + /** Number of streams. */ + RELAY_METRICS_NUM_STREAMS, + /** Congestion control counters. */ + RELAY_METRICS_CC_COUNTERS, + /** Congestion control gauges. */ + RELAY_METRICS_CC_GAUGES, + /** Denial of Service defenses subsystem. */ + RELAY_METRICS_NUM_DOS, + /** Denial of Service defenses subsystem. */ + RELAY_METRICS_NUM_TRAFFIC, + /** Relay flags. */ + RELAY_METRICS_RELAY_FLAGS, + /** Numer of circuits. */ + RELAY_METRICS_NUM_CIRCUITS, +} relay_metrics_key_t; + +/** The metadata of a relay metric. */ +typedef struct relay_metrics_entry_t { + /* Metric key used as a static array index. */ + relay_metrics_key_t key; + /* Metric type. */ + metrics_type_t type; + /* Metrics output name. */ + const char *name; + /* Metrics output help comment. */ + const char *help; + /* Update value function. */ + void (*fill_fn)(void); +} relay_metrics_entry_t; + +/* Init. */ +void relay_metrics_init(void); +void relay_metrics_free(void); + +/* Accessors. */ +const smartlist_t *relay_metrics_get_stores(void); + +#endif /* !defined(TOR_FEATURE_RELAY_RELAY_METRICS_H) */ diff --git a/src/feature/relay/relay_periodic.c b/src/feature/relay/relay_periodic.c index a917d90f1a..dd9be4e36f 100644 --- a/src/feature/relay/relay_periodic.c +++ b/src/feature/relay/relay_periodic.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -164,9 +164,7 @@ check_for_reachability_bw_callback(time_t now, const or_options_t *options) (have_completed_a_circuit() || !any_predicted_circuits(now)) && !net_is_disabled()) { if (get_uptime() < TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) { - router_do_reachability_checks(1, dirport_reachability_count==0); - if (++dirport_reachability_count > 5) - dirport_reachability_count = 0; + router_do_reachability_checks(); return EARLY_CHECK_REACHABILITY_INTERVAL; } else { /* If we haven't checked for 12 hours and our bandwidth estimate is @@ -221,7 +219,7 @@ reachability_warnings_callback(time_t now, const or_options_t *options) tor_asprintf(&where4, "%s:%d", address4, me->ipv4_orport); if (!v6_ok) tor_asprintf(&where6, "[%s]:%d", address6, me->ipv6_orport); - const char *opt_and = (!v4_ok && !v6_ok) ? "and" : ""; + const char *opt_and = (!v4_ok && !v6_ok) ? " and " : ""; /* IPv4 reachability test worked but not the IPv6. We will _not_ * publish the descriptor if our IPv6 was configured. We will if it @@ -264,20 +262,6 @@ reachability_warnings_callback(time_t now, const or_options_t *options) tor_free(address4); tor_free(address6); } - - if (me && !router_dirport_seems_reachable(options)) { - char *address4 = tor_addr_to_str_dup(&me->ipv4_addr); - log_warn(LD_CONFIG, - "Your server (%s:%d) has not managed to confirm that its " - "DirPort is reachable. Relays do not publish descriptors " - "until their ORPort and DirPort are reachable. Please check " - "your firewalls, ports, address, /etc/hosts file, etc.", - address4, me->ipv4_dirport); - control_event_server_status(LOG_WARN, - "REACHABILITY_FAILED DIRADDRESS=%s:%d", - address4, me->ipv4_dirport); - tor_free(address4); - } } return TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT; diff --git a/src/feature/relay/relay_periodic.h b/src/feature/relay/relay_periodic.h index ccda9a440b..d3a13ec835 100644 --- a/src/feature/relay/relay_periodic.h +++ b/src/feature/relay/relay_periodic.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/relay_stub.c b/src/feature/relay/relay_stub.c index 283aaf6e49..c7ac9093fa 100644 --- a/src/feature/relay/relay_stub.c +++ b/src/feature/relay/relay_stub.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/relay_sys.c b/src/feature/relay/relay_sys.c index 2e90740925..9c43734b84 100644 --- a/src/feature/relay/relay_sys.c +++ b/src/feature/relay/relay_sys.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -14,6 +14,7 @@ #include "feature/relay/dns.h" #include "feature/relay/ext_orport.h" +#include "feature/relay/relay_metrics.h" #include "feature/relay/onion_queue.h" #include "feature/relay/relay_periodic.h" #include "feature/relay/relay_sys.h" @@ -25,6 +26,7 @@ static int subsys_relay_initialize(void) { + relay_metrics_init(); relay_register_periodic_events(); return 0; } @@ -37,6 +39,7 @@ subsys_relay_shutdown(void) clear_pending_onions(); routerkeys_free_all(); router_free_all(); + relay_metrics_free(); } const struct subsys_fns_t sys_relay = { @@ -46,4 +49,6 @@ const struct subsys_fns_t sys_relay = { .level = RELAY_SUBSYS_LEVEL, .initialize = subsys_relay_initialize, .shutdown = subsys_relay_shutdown, + + .get_metrics = relay_metrics_get_stores, }; diff --git a/src/feature/relay/relay_sys.h b/src/feature/relay/relay_sys.h index 9bad93a6c9..2c5edb53dd 100644 --- a/src/feature/relay/relay_sys.h +++ b/src/feature/relay/relay_sys.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index fb26309dfa..bc98fd985c 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define ROUTER_PRIVATE @@ -1357,8 +1357,8 @@ decide_to_advertise_dir_impl(const or_options_t *options, int router_should_advertise_dirport(const or_options_t *options, uint16_t dir_port) { - /* supports_tunnelled_dir_requests is not relevant, pass 0 */ - return decide_to_advertise_dir_impl(options, dir_port, 0) ? dir_port : 0; + /* Only authorities should advertise a DirPort now. */ + return authdir_mode(options) ? dir_port : 0; } /** Front-end to decide_to_advertise_dir_impl(): return 0 if we don't want to @@ -3062,6 +3062,15 @@ router_dump_router_to_string(routerinfo_t *router, smartlist_add_strdup(chunks, "tunnelled-dir-server\n"); } + /* Overload general information. */ + if (options->OverloadStatistics) { + char *overload_general = rep_hist_get_overload_general_line(); + + if (overload_general) { + smartlist_add(chunks, overload_general); + } + } + /* Sign the descriptor with Ed25519 */ if (emit_ed_sigs) { smartlist_add_strdup(chunks, "router-sig-ed25519 "); @@ -3345,6 +3354,11 @@ extrainfo_dump_to_string_stats_helper(smartlist_t *chunks, "hidserv-stats-end", now, &contents) > 0) { smartlist_add(chunks, contents); } + if (options->HiddenServiceStatistics && + load_stats_file("stats"PATH_SEPARATOR"hidserv-v3-stats", + "hidserv-v3-stats-end", now, &contents) > 0) { + smartlist_add(chunks, contents); + } if (options->EntryStatistics && load_stats_file("stats"PATH_SEPARATOR"entry-stats", "entry-stats-end", now, &contents) > 0) { @@ -3370,6 +3384,12 @@ extrainfo_dump_to_string_stats_helper(smartlist_t *chunks, if (contents) smartlist_add(chunks, contents); } + if (options->OverloadStatistics) { + contents = rep_hist_get_overload_stats_lines(); + if (contents) { + smartlist_add(chunks, contents); + } + } /* bridge statistics */ if (should_record_bridge_info(options)) { const char *bridge_stats = geoip_get_bridge_stats_extrainfo(now); diff --git a/src/feature/relay/router.h b/src/feature/relay/router.h index 9556a66e68..b5b5a1fffa 100644 --- a/src/feature/relay/router.h +++ b/src/feature/relay/router.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/routerkeys.c b/src/feature/relay/routerkeys.c index 116f0b4e3d..64ec38ed19 100644 --- a/src/feature/relay/routerkeys.c +++ b/src/feature/relay/routerkeys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/routerkeys.h b/src/feature/relay/routerkeys.h index 1fb5d724e9..7b6d80773c 100644 --- a/src/feature/relay/routerkeys.h +++ b/src/feature/relay/routerkeys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/routermode.c b/src/feature/relay/routermode.c index c4d8792b5b..15f66de8ba 100644 --- a/src/feature/relay/routermode.c +++ b/src/feature/relay/routermode.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/routermode.h b/src/feature/relay/routermode.h index 6d7404968d..2c22c23c0f 100644 --- a/src/feature/relay/routermode.h +++ b/src/feature/relay/routermode.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c index 46b4b20ffc..399b6bca6e 100644 --- a/src/feature/relay/selftest.c +++ b/src/feature/relay/selftest.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -49,15 +49,12 @@ static bool have_orport_for_family(int family); static void inform_testing_reachability(const tor_addr_t *addr, - uint16_t port, - bool is_dirport); + uint16_t port); /** Whether we can reach our IPv4 ORPort from the outside. */ static bool can_reach_or_port_ipv4 = false; /** Whether we can reach our IPv6 ORPort from the outside. */ static bool can_reach_or_port_ipv6 = false; -/** Whether we can reach our DirPort from the outside. */ -static bool can_reach_dir_port = false; /** Has informed_testing_reachable logged a message about testing our IPv4 * ORPort? */ @@ -65,18 +62,14 @@ static bool have_informed_testing_or_port_ipv4 = false; /** Has informed_testing_reachable logged a message about testing our IPv6 * ORPort? */ static bool have_informed_testing_or_port_ipv6 = false; -/** Has informed_testing_reachable logged a message about testing our - * DirPort? */ -static bool have_informed_testing_dir_port = false; /** Forget what we have learned about our reachability status. */ void router_reset_reachability(void) { - can_reach_or_port_ipv4 = can_reach_or_port_ipv6 = can_reach_dir_port = false; + can_reach_or_port_ipv4 = can_reach_or_port_ipv6 = false; have_informed_testing_or_port_ipv4 = - have_informed_testing_or_port_ipv6 = - have_informed_testing_dir_port = false; + have_informed_testing_or_port_ipv6 = false; } /** Return 1 if we won't do reachability checks, because: @@ -137,31 +130,20 @@ router_orport_seems_reachable(const or_options_t *options, return true; } -/** Return 0 if we need to do a DirPort reachability check, because: - * - no reachability check has been done yet, or - * - we've initiated reachability checks, but none have succeeded. - * Return 1 if we don't need to do a DirPort reachability check, because: - * - we've seen a successful reachability check, or - * - there is no DirPort set, or - * - AssumeReachable is set, or - * - We're a dir auth (see ticket #40287), or - * - the network is disabled. - */ +/** Relay DirPorts are no longer used (though authorities are). In either case, + * reachability self test is done anymore, since network re-entry towards an + * authority DirPort is not allowed. Thus, consider it always reachable. */ int router_dirport_seems_reachable(const or_options_t *options) { - int reach_checks_disabled = router_reachability_checks_disabled(options) || - authdir_mode(options) || - !options->DirPort_set; - return reach_checks_disabled || - can_reach_dir_port; + (void) options; + return 1; } -/** See if we currently believe our ORPort or DirPort to be - * unreachable. If so, return 1 else return 0. - */ +/** See if we currently believe our ORPort to be unreachable. If so, return 1 + * else return 0. */ static int -router_should_check_reachability(int test_or, int test_dir) +router_should_check_reachability(void) { const routerinfo_t *me = router_get_my_routerinfo(); const or_options_t *options = get_options(); @@ -174,15 +156,13 @@ router_should_check_reachability(int test_or, int test_dir) options->StrictNodes) { /* If we've excluded ourself, and StrictNodes is set, we can't test * ourself. */ - if (test_or || test_dir) { #define SELF_EXCLUDED_WARN_INTERVAL 3600 - static ratelim_t warning_limit=RATELIM_INIT(SELF_EXCLUDED_WARN_INTERVAL); - log_fn_ratelim(&warning_limit, LOG_WARN, LD_CIRC, - "Can't perform self-tests for this relay: we have " - "listed ourself in ExcludeNodes, and StrictNodes is set. " - "We cannot learn whether we are usable, and will not " - "be able to advertise ourself."); - } + static ratelim_t warning_limit=RATELIM_INIT(SELF_EXCLUDED_WARN_INTERVAL); + log_fn_ratelim(&warning_limit, LOG_WARN, LD_CIRC, + "Can't perform self-tests for this relay: we have " + "listed ourself in ExcludeNodes, and StrictNodes is set. " + "We cannot learn whether we are usable, and will not " + "be able to advertise ourself."); return 0; } return 1; @@ -248,7 +228,10 @@ extend_info_from_router(const routerinfo_t *r, int family) info = extend_info_new(r->nickname, r->cache_info.identity_digest, ed_id_key, rsa_pubkey, r->onion_curve25519_pkey, - &ap.addr, ap.port); + &ap.addr, ap.port, + /* TODO-324: Should self-test circuits use + * congestion control? */ + NULL, false); crypto_pk_free(rsa_pubkey); return info; } @@ -274,6 +257,11 @@ router_do_orport_reachability_checks(const routerinfo_t *me, if (ei) { const char *family_name = fmt_af_family(family); const tor_addr_port_t *ap = extend_info_get_orport(ei, family); + if (BUG(!ap)) { + /* Not much we can do here to recover apart from screaming loudly. */ + extend_info_free(ei); + return; + } log_info(LD_CIRC, "Testing %s of my %s ORPort: %s.", !orport_reachable ? "reachability" : "bandwidth", family_name, fmt_addrport_ap(ap)); @@ -281,8 +269,8 @@ router_do_orport_reachability_checks(const routerinfo_t *me, if (!orport_reachable) { /* Only log if we are actually doing a reachability test to learn if our * ORPort is reachable. Else, this prints a log notice if we are simply - * opening a bandwidth testing circuit even do we are reachable. */ - inform_testing_reachability(&ap->addr, ap->port, false); + * opening a bandwidth testing circuit even though we are reachable. */ + inform_testing_reachability(&ap->addr, ap->port); } circuit_launch_by_extend_info(CIRCUIT_PURPOSE_TESTING, ei, @@ -293,53 +281,15 @@ router_do_orport_reachability_checks(const routerinfo_t *me, } } -/** Launch a self-testing circuit, and ask an exit to connect to our DirPort. - * <b>me</b> is our own routerinfo. +/** Some time has passed, or we just got new directory information. See if we + * currently believe our ORPort to be unreachable. If so, launch a new test + * for it. * - * Relays don't advertise IPv6 DirPorts, so this function only supports IPv4. - * - * See router_do_reachability_checks() for details. */ -static void -router_do_dirport_reachability_checks(const routerinfo_t *me) -{ - tor_addr_port_t my_dirport; - tor_addr_copy(&my_dirport.addr, &me->ipv4_addr); - my_dirport.port = me->ipv4_dirport; - - /* If there is already a pending connection, don't open another one. */ - if (!connection_get_by_type_addr_port_purpose( - CONN_TYPE_DIR, - &my_dirport.addr, my_dirport.port, - DIR_PURPOSE_FETCH_SERVERDESC)) { - /* ask myself, via tor, for my server descriptor. */ - directory_request_t *req = - directory_request_new(DIR_PURPOSE_FETCH_SERVERDESC); - directory_request_set_dir_addr_port(req, &my_dirport); - directory_request_set_directory_id_digest(req, - me->cache_info.identity_digest); - /* ask via an anon circuit, connecting to our dirport. */ - directory_request_set_indirection(req, DIRIND_ANON_DIRPORT); - directory_request_set_resource(req, "authority.z"); - directory_initiate_request(req); - directory_request_free(req); - - inform_testing_reachability(&my_dirport.addr, my_dirport.port, true); - } -} - -/** Some time has passed, or we just got new directory information. - * See if we currently believe our ORPort or DirPort to be - * unreachable. If so, launch a new test for it. - * - * For ORPort, we simply try making a circuit that ends at ourselves. - * Success is noticed in onionskin_answer(). - * - * For DirPort, we make a connection via Tor to our DirPort and ask - * for our own server descriptor. - * Success is noticed in connection_dir_client_reached_eof(). + * For ORPort, we simply try making a circuit that ends at ourselves. Success + * is noticed in onionskin_answer(). */ void -router_do_reachability_checks(int test_or, int test_dir) +router_do_reachability_checks(void) { const routerinfo_t *me = router_get_my_routerinfo(); const or_options_t *options = get_options(); @@ -348,45 +298,34 @@ router_do_reachability_checks(int test_or, int test_dir) int orport_reachable_v6 = router_orport_seems_reachable(options, AF_INET6); - if (router_should_check_reachability(test_or, test_dir)) { + if (router_should_check_reachability()) { bool need_testing = !circuit_enough_testing_circs(); /* At the moment, tor relays believe that they are reachable when they * receive any create cell on an inbound connection, if the address * family is correct. */ - if (test_or && (!orport_reachable_v4 || need_testing)) { + if (!orport_reachable_v4 || need_testing) { router_do_orport_reachability_checks(me, AF_INET, orport_reachable_v4); } - if (test_or && (!orport_reachable_v6 || need_testing)) { + if (!orport_reachable_v6 || need_testing) { router_do_orport_reachability_checks(me, AF_INET6, orport_reachable_v6); } - - if (test_dir && !router_dirport_seems_reachable(options)) { - router_do_dirport_reachability_checks(me); - } } } /** Log a message informing the user that we are testing a port for * reachability, if we have not already logged such a message. * - * If @a is_dirport is true, then the port is a DirPort; otherwise it is an - * ORPort. - * * Calls to router_reset_reachability() will reset our view of whether we have * logged this message for a given port. */ static void -inform_testing_reachability(const tor_addr_t *addr, - uint16_t port, - bool is_dirport) +inform_testing_reachability(const tor_addr_t *addr, uint16_t port) { if (!router_get_my_routerinfo()) return; bool *have_informed_ptr; - if (is_dirport) { - have_informed_ptr = &have_informed_testing_dir_port; - } else if (tor_addr_family(addr) == AF_INET) { + if (tor_addr_family(addr) == AF_INET) { have_informed_ptr = &have_informed_testing_or_port_ipv4; } else { have_informed_ptr = &have_informed_testing_or_port_ipv6; @@ -401,18 +340,16 @@ inform_testing_reachability(const tor_addr_t *addr, char addr_buf[TOR_ADDRPORT_BUF_LEN]; strlcpy(addr_buf, fmt_addrport(addr, port), sizeof(addr_buf)); - const char *control_addr_type = is_dirport ? "DIRADDRESS" : "ORADDRESS"; - const char *port_type = is_dirport ? "DirPort" : "ORPort"; const char *afname = fmt_af_family(tor_addr_family(addr)); control_event_server_status(LOG_NOTICE, - "CHECKING_REACHABILITY %s=%s", - control_addr_type, addr_buf); + "CHECKING_REACHABILITY ORADDRESS=%s", + addr_buf); - log_notice(LD_OR, "Now checking whether %s %s %s is reachable... " + log_notice(LD_OR, "Now checking whether %s ORPort %s is reachable... " "(this may take up to %d minutes -- look for log " "messages indicating success)", - afname, port_type, addr_buf, + afname, addr_buf, TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60); *have_informed_ptr = true; @@ -426,8 +363,7 @@ static bool ready_to_publish(const or_options_t *options) { return options->PublishServerDescriptor_ != NO_DIRINFO && - router_dirport_seems_reachable(options) && - router_all_orports_seem_reachable(options); + router_all_orports_seem_reachable(options); } /** Annotate that we found our ORPort reachable with a given address @@ -481,40 +417,6 @@ router_orport_found_reachable(int family) } } -/** Annotate that we found our DirPort reachable. */ -void -router_dirport_found_reachable(void) -{ - const routerinfo_t *me = router_get_my_routerinfo(); - const or_options_t *options = get_options(); - - if (!can_reach_dir_port && me) { - char *address = tor_addr_to_str_dup(&me->ipv4_addr); - - if (!address) - return; - - can_reach_dir_port = true; - log_notice(LD_DIRSERV,"Self-testing indicates your DirPort is reachable " - "from the outside. Excellent.%s", - ready_to_publish(options) ? - " Publishing server descriptor." : ""); - - if (router_should_advertise_dirport(options, me->ipv4_dirport)) { - mark_my_descriptor_dirty("DirPort found reachable"); - /* This is a significant enough change to upload immediately, - * at least in a test network */ - if (options->TestingTorNetwork == 1) { - reschedule_descriptor_update_check(); - } - } - control_event_server_status(LOG_NOTICE, - "REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d", - address, me->ipv4_dirport); - tor_free(address); - } -} - /** We have enough testing circuits open. Send a bunch of "drop" * cells down each of them, to exercise our bandwidth. * @@ -530,8 +432,8 @@ router_perform_bandwidth_test(int num_circs, time_t now) origin_circuit_t *circ = NULL; log_notice(LD_OR,"Performing bandwidth self-test...done."); - while ((circ = circuit_get_next_by_pk_and_purpose(circ, NULL, - CIRCUIT_PURPOSE_TESTING))) { + while ((circ = circuit_get_next_by_purpose(circ, + CIRCUIT_PURPOSE_TESTING))) { /* dump cells_per_circuit drop cells onto this circ */ int i = cells_per_circuit; if (circ->base_.state != CIRCUIT_STATE_OPEN) diff --git a/src/feature/relay/selftest.h b/src/feature/relay/selftest.h index e09c0e7898..b662fe0fb0 100644 --- a/src/feature/relay/selftest.h +++ b/src/feature/relay/selftest.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -23,11 +23,10 @@ int router_orport_seems_reachable( int router_dirport_seems_reachable( const struct or_options_t *options); -void router_do_reachability_checks(int test_or, int test_dir); +void router_do_reachability_checks(void); void router_perform_bandwidth_test(int num_circs, time_t now); void router_orport_found_reachable(int family); -void router_dirport_found_reachable(void); void router_reset_reachability(void); @@ -41,10 +40,8 @@ void router_reset_reachability(void); ((void)(opts), 0) static inline void -router_do_reachability_checks(int test_or, int test_dir) +router_do_reachability_checks(void) { - (void)test_or; - (void)test_dir; tor_assert_nonfatal_unreached(); } static inline void @@ -55,16 +52,16 @@ router_perform_bandwidth_test(int num_circs, time_t now) tor_assert_nonfatal_unreached(); } static inline int -inform_testing_reachability(void) +inform_testing_reachability(const tor_addr_t *addr, uint16_t port) { + (void) addr; + (void) port; tor_assert_nonfatal_unreached(); return 0; } #define router_orport_found_reachable() \ STMT_NIL -#define router_dirport_found_reachable() \ - STMT_NIL #define router_reset_reachability() \ STMT_NIL diff --git a/src/feature/relay/transport_config.c b/src/feature/relay/transport_config.c index 7dcce70e30..23e024fbee 100644 --- a/src/feature/relay/transport_config.c +++ b/src/feature/relay/transport_config.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/relay/transport_config.h b/src/feature/relay/transport_config.h index 6d956d9af1..6cf3142fb0 100644 --- a/src/feature/relay/transport_config.h +++ b/src/feature/relay/transport_config.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/rend/feature_rend.md b/src/feature/rend/feature_rend.md deleted file mode 100644 index bfd8ae3dbc..0000000000 --- a/src/feature/rend/feature_rend.md +++ /dev/null @@ -1,7 +0,0 @@ -@dir /feature/rend -@brief feature/rend: version 2 (old) hidden services - -This directory implements the v2 onion service protocol, -as specified in -[rend-spec-v2.txt](https://gitweb.torproject.org/torspec.git/tree/rend-spec-v2.txt). - diff --git a/src/feature/rend/include.am b/src/feature/rend/include.am index fb12439a90..d338869b5b 100644 --- a/src/feature/rend/include.am +++ b/src/feature/rend/include.am @@ -1,22 +1,10 @@ # ADD_C_FILE: INSERT SOURCES HERE. LIBTOR_APP_A_SOURCES += \ - src/feature/rend/rendcache.c \ - src/feature/rend/rendclient.c \ src/feature/rend/rendcommon.c \ - src/feature/rend/rendmid.c \ - src/feature/rend/rendparse.c \ - src/feature/rend/rendservice.c + src/feature/rend/rendmid.c # ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ - src/feature/rend/rend_authorized_client_st.h \ - src/feature/rend/rend_encoded_v2_service_descriptor_st.h \ - src/feature/rend/rend_intro_point_st.h \ - src/feature/rend/rend_service_descriptor_st.h \ - src/feature/rend/rendcache.h \ - src/feature/rend/rendclient.h \ src/feature/rend/rendcommon.h \ - src/feature/rend/rendmid.h \ - src/feature/rend/rendparse.h \ - src/feature/rend/rendservice.h + src/feature/rend/rendmid.h diff --git a/src/feature/rend/rend_authorized_client_st.h b/src/feature/rend/rend_authorized_client_st.h deleted file mode 100644 index c6a6676da9..0000000000 --- a/src/feature/rend/rend_authorized_client_st.h +++ /dev/null @@ -1,22 +0,0 @@ -/* Copyright (c) 2001 Matej Pfajfar. - * Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * @file rend_authorized_client_st.h - * @brief Hidden-service authorized client structure. - **/ - -#ifndef REND_AUTHORIZED_CLIENT_ST_H -#define REND_AUTHORIZED_CLIENT_ST_H - -/** Hidden-service side configuration of client authorization. */ -struct rend_authorized_client_t { - char *client_name; - uint8_t descriptor_cookie[REND_DESC_COOKIE_LEN]; - crypto_pk_t *client_key; -}; - -#endif /* !defined(REND_AUTHORIZED_CLIENT_ST_H) */ diff --git a/src/feature/rend/rend_encoded_v2_service_descriptor_st.h b/src/feature/rend/rend_encoded_v2_service_descriptor_st.h deleted file mode 100644 index fea91b876a..0000000000 --- a/src/feature/rend/rend_encoded_v2_service_descriptor_st.h +++ /dev/null @@ -1,21 +0,0 @@ -/* Copyright (c) 2001 Matej Pfajfar. - * Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * @file rend_encoded_v2_service_descriptor_st.h - * @brief Encoded v2 HS descriptor structure. - **/ - -#ifndef REND_ENCODED_V2_SERVICE_DESCRIPTOR_ST_H -#define REND_ENCODED_V2_SERVICE_DESCRIPTOR_ST_H - -/** ASCII-encoded v2 hidden service descriptor. */ -struct rend_encoded_v2_service_descriptor_t { - char desc_id[DIGEST_LEN]; /**< Descriptor ID. */ - char *desc_str; /**< Descriptor string. */ -}; - -#endif /* !defined(REND_ENCODED_V2_SERVICE_DESCRIPTOR_ST_H) */ diff --git a/src/feature/rend/rend_intro_point_st.h b/src/feature/rend/rend_intro_point_st.h deleted file mode 100644 index 4f0aa01523..0000000000 --- a/src/feature/rend/rend_intro_point_st.h +++ /dev/null @@ -1,81 +0,0 @@ -/* Copyright (c) 2001 Matej Pfajfar. - * Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * @file rend_intro_point_st.h - * @brief v2 hidden service introduction point structure. - **/ - -#ifndef REND_INTRO_POINT_ST_H -#define REND_INTRO_POINT_ST_H - -struct replaycache_t; -struct crypto_pk_t; - -/** Introduction point information. Used both in rend_service_t (on - * the service side) and in rend_service_descriptor_t (on both the - * client and service side). */ -struct rend_intro_point_t { - extend_info_t *extend_info; /**< Extend info for connecting to this - * introduction point via a multi-hop path. */ - struct crypto_pk_t *intro_key; /**< Introduction key that replaces the - * service key, if this descriptor is V2. */ - - /** (Client side only) Flag indicating that a timeout has occurred - * after sending an INTRODUCE cell to this intro point. After a - * timeout, an intro point should not be tried again during the same - * hidden service connection attempt, but it may be tried again - * during a future connection attempt. */ - unsigned int timed_out : 1; - - /** (Client side only) The number of times we have failed to build a - * circuit to this intro point for some reason other than our - * circuit-build timeout. See also MAX_INTRO_POINT_REACHABILITY_FAILURES. */ - unsigned int unreachable_count : 3; - - /** (Service side only) Flag indicating that this intro point was - * included in the last HS descriptor we generated. */ - unsigned int listed_in_last_desc : 1; - - /** (Service side only) A replay cache recording the RSA-encrypted parts - * of INTRODUCE2 cells this intro point's circuit has received. This is - * used to prevent replay attacks. */ - struct replaycache_t *accepted_intro_rsa_parts; - - /** (Service side only) Count of INTRODUCE2 cells accepted from this - * intro point. - */ - int accepted_introduce2_count; - - /** (Service side only) Maximum number of INTRODUCE2 cells that this IP - * will accept. This is a random value between - * INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS and - * INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS. */ - int max_introductions; - - /** (Service side only) The time at which this intro point was first - * published, or -1 if this intro point has not yet been - * published. */ - time_t time_published; - - /** (Service side only) The time at which this intro point should - * (start to) expire, or -1 if we haven't decided when this intro - * point should expire. */ - time_t time_to_expire; - - /** (Service side only) The amount of circuit creation we've made to this - * intro point. This is incremented every time we do a circuit relaunch on - * this object which is triggered when the circuit dies but the node is - * still in the consensus. After MAX_INTRO_POINT_CIRCUIT_RETRIES, we give - * up on it. */ - unsigned int circuit_retries; - - /** (Service side only) Set if this intro point has an established circuit - * and unset if it doesn't. */ - unsigned int circuit_established:1; -}; - -#endif /* !defined(REND_INTRO_POINT_ST_H) */ diff --git a/src/feature/rend/rend_service_descriptor_st.h b/src/feature/rend/rend_service_descriptor_st.h deleted file mode 100644 index 80c8034f46..0000000000 --- a/src/feature/rend/rend_service_descriptor_st.h +++ /dev/null @@ -1,38 +0,0 @@ -/* Copyright (c) 2001 Matej Pfajfar. - * Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * @file rend_service_descriptor_st.h - * @brief Parsed v2 HS descriptor structure. - **/ - -#ifndef REND_SERVICE_DESCRIPTOR_ST_H -#define REND_SERVICE_DESCRIPTOR_ST_H - -#define REND_PROTOCOL_VERSION_BITMASK_WIDTH 16 - -/** Information used to connect to a hidden service. Used on both the - * service side and the client side. */ -struct rend_service_descriptor_t { - crypto_pk_t *pk; /**< This service's public key. */ - int version; /**< Version of the descriptor format: 0 or 2. */ - time_t timestamp; /**< Time when the descriptor was generated. */ - /** Bitmask: which introduce/rendezvous protocols are supported? - * (We allow bits '0', '1', '2' and '3' to be set.) */ - unsigned protocols : REND_PROTOCOL_VERSION_BITMASK_WIDTH; - /** List of the service's introduction points. Elements are removed if - * introduction attempts fail. */ - smartlist_t *intro_nodes; - /** Has descriptor been uploaded to all hidden service directories? */ - int all_uploads_performed; - /** List of hidden service directories to which an upload request for - * this descriptor could be sent. Smartlist exists only when at least one - * of the previous upload requests failed (otherwise it's not important - * to know which uploads succeeded and which not). */ - smartlist_t *successful_uploads; -}; - -#endif /* !defined(REND_SERVICE_DESCRIPTOR_ST_H) */ diff --git a/src/feature/rend/rendcache.c b/src/feature/rend/rendcache.c deleted file mode 100644 index 04f6390a7f..0000000000 --- a/src/feature/rend/rendcache.c +++ /dev/null @@ -1,1029 +0,0 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file rendcache.c - * \brief Hidden service descriptor cache. - **/ - -#define RENDCACHE_PRIVATE -#include "feature/rend/rendcache.h" - -#include "app/config/config.h" -#include "feature/stats/rephist.h" -#include "feature/nodelist/routerlist.h" -#include "feature/rend/rendcommon.h" -#include "feature/rend/rendparse.h" - -#include "core/or/extend_info_st.h" -#include "feature/rend/rend_intro_point_st.h" -#include "feature/rend/rend_service_descriptor_st.h" - -#include "lib/ctime/di_ops.h" - -/** Map from service id (as generated by rend_get_service_id) to - * rend_cache_entry_t. */ -STATIC strmap_t *rend_cache = NULL; - -/** Map from service id to rend_cache_entry_t; only for hidden services. */ -static strmap_t *rend_cache_local_service = NULL; - -/** Map from descriptor id to rend_cache_entry_t; only for hidden service - * directories. */ -STATIC digestmap_t *rend_cache_v2_dir = NULL; - -/** (Client side only) Map from service id to rend_cache_failure_t. This - * cache is used to track intro point(IP) failures so we know when to keep - * or discard a new descriptor we just fetched. Here is a description of the - * cache behavior. - * - * Every time tor discards an IP (ex: receives a NACK), we add an entry to - * this cache noting the identity digest of the IP and it's failure type for - * the service ID. The reason we indexed this cache by service ID is to - * differentiate errors that can occur only for a specific service like a - * NACK for instance. It applies for one but maybe not for the others. - * - * Once a service descriptor is fetched and considered valid, each IP is - * looked up in this cache and if present, it is discarded from the fetched - * descriptor. At the end, all IP(s) in the cache, for a specific service - * ID, that were NOT present in the descriptor are removed from this cache. - * Which means that if at least one IP was not in this cache, thus usable, - * it's considered a new descriptor so we keep it. Else, if all IPs were in - * this cache, we discard the descriptor as it's considered unusable. - * - * Once a descriptor is removed from the rend cache or expires, the entry - * in this cache is also removed for the service ID. - * - * This scheme allows us to not rely on the descriptor's timestamp (which - * is rounded down to the hour) to know if we have a newer descriptor. We - * only rely on the usability of intro points from an internal state. */ -STATIC strmap_t *rend_cache_failure = NULL; - -/* DOCDOC */ -STATIC size_t rend_cache_total_allocation = 0; - -/** Initializes the service descriptor cache. -*/ -void -rend_cache_init(void) -{ - rend_cache = strmap_new(); - rend_cache_v2_dir = digestmap_new(); - rend_cache_local_service = strmap_new(); - rend_cache_failure = strmap_new(); -} - -/** Return the approximate number of bytes needed to hold <b>e</b>. */ -STATIC size_t -rend_cache_entry_allocation(const rend_cache_entry_t *e) -{ - if (!e) - return 0; - - /* This doesn't count intro_nodes or key size */ - return sizeof(*e) + e->len + sizeof(*e->parsed); -} - -/* DOCDOC */ -size_t -rend_cache_get_total_allocation(void) -{ - return rend_cache_total_allocation; -} - -/** Decrement the total bytes attributed to the rendezvous cache by n. */ -void -rend_cache_decrement_allocation(size_t n) -{ - static int have_underflowed = 0; - - if (rend_cache_total_allocation >= n) { - rend_cache_total_allocation -= n; - } else { - rend_cache_total_allocation = 0; - if (! have_underflowed) { - have_underflowed = 1; - log_warn(LD_BUG, "Underflow in rend_cache_decrement_allocation"); - } - } -} - -/** Increase the total bytes attributed to the rendezvous cache by n. */ -void -rend_cache_increment_allocation(size_t n) -{ - static int have_overflowed = 0; - if (rend_cache_total_allocation <= SIZE_MAX - n) { - rend_cache_total_allocation += n; - } else { - rend_cache_total_allocation = SIZE_MAX; - if (! have_overflowed) { - have_overflowed = 1; - log_warn(LD_BUG, "Overflow in rend_cache_increment_allocation"); - } - } -} - -/** Helper: free a rend cache failure intro object. */ -STATIC void -rend_cache_failure_intro_entry_free_(rend_cache_failure_intro_t *entry) -{ - if (entry == NULL) { - return; - } - tor_free(entry); -} - -static void -rend_cache_failure_intro_entry_free_void(void *entry) -{ - rend_cache_failure_intro_entry_free_(entry); -} - -/** Allocate a rend cache failure intro object and return it. <b>failure</b> - * is set into the object. This function can not fail. */ -STATIC rend_cache_failure_intro_t * -rend_cache_failure_intro_entry_new(rend_intro_point_failure_t failure) -{ - rend_cache_failure_intro_t *entry = tor_malloc(sizeof(*entry)); - entry->failure_type = failure; - entry->created_ts = time(NULL); - return entry; -} - -/** Helper: free a rend cache failure object. */ -STATIC void -rend_cache_failure_entry_free_(rend_cache_failure_t *entry) -{ - if (entry == NULL) { - return; - } - - /* Free and remove every intro failure object. */ - digestmap_free(entry->intro_failures, - rend_cache_failure_intro_entry_free_void); - - tor_free(entry); -} - -/** Helper: deallocate a rend_cache_failure_t. (Used with strmap_free(), - * which requires a function pointer whose argument is void*). */ -STATIC void -rend_cache_failure_entry_free_void(void *entry) -{ - rend_cache_failure_entry_free_(entry); -} - -/** Allocate a rend cache failure object and return it. This function can - * not fail. */ -STATIC rend_cache_failure_t * -rend_cache_failure_entry_new(void) -{ - rend_cache_failure_t *entry = tor_malloc(sizeof(*entry)); - entry->intro_failures = digestmap_new(); - return entry; -} - -/** Remove failure cache entry for the service ID in the given descriptor - * <b>desc</b>. */ -STATIC void -rend_cache_failure_remove(rend_service_descriptor_t *desc) -{ - char service_id[REND_SERVICE_ID_LEN_BASE32 + 1]; - rend_cache_failure_t *entry; - - if (desc == NULL) { - return; - } - if (rend_get_service_id(desc->pk, service_id) < 0) { - return; - } - entry = strmap_get_lc(rend_cache_failure, service_id); - if (entry != NULL) { - strmap_remove_lc(rend_cache_failure, service_id); - rend_cache_failure_entry_free(entry); - } -} - -/** Helper: free storage held by a single service descriptor cache entry. */ -STATIC void -rend_cache_entry_free_(rend_cache_entry_t *e) -{ - if (!e) - return; - rend_cache_decrement_allocation(rend_cache_entry_allocation(e)); - /* We are about to remove a descriptor from the cache so remove the entry - * in the failure cache. */ - rend_cache_failure_remove(e->parsed); - rend_service_descriptor_free(e->parsed); - tor_free(e->desc); - tor_free(e); -} - -/** Helper: deallocate a rend_cache_entry_t. (Used with strmap_free(), which - * requires a function pointer whose argument is void*). */ -static void -rend_cache_entry_free_void(void *p) -{ - rend_cache_entry_free_(p); -} - -/** Check if a failure cache entry exists for the given intro point. */ -bool -rend_cache_intro_failure_exists(const char *service_id, - const uint8_t *intro_identity) -{ - tor_assert(service_id); - tor_assert(intro_identity); - - return cache_failure_intro_lookup(intro_identity, service_id, NULL); -} - -/** Free all storage held by the service descriptor cache. */ -void -rend_cache_free_all(void) -{ - strmap_free(rend_cache, rend_cache_entry_free_void); - digestmap_free(rend_cache_v2_dir, rend_cache_entry_free_void); - strmap_free(rend_cache_local_service, rend_cache_entry_free_void); - strmap_free(rend_cache_failure, rend_cache_failure_entry_free_void); - rend_cache = NULL; - rend_cache_v2_dir = NULL; - rend_cache_local_service = NULL; - rend_cache_failure = NULL; - rend_cache_total_allocation = 0; -} - -/** Remove all entries that re REND_CACHE_FAILURE_MAX_AGE old. This is - * called every second. - * - * We have to clean these regularly else if for whatever reasons an hidden - * service goes offline and a client tries to connect to it during that - * time, a failure entry is created and the client will be unable to connect - * for a while even though the service has return online. */ -void -rend_cache_failure_clean(time_t now) -{ - time_t cutoff = now - REND_CACHE_FAILURE_MAX_AGE; - STRMAP_FOREACH_MODIFY(rend_cache_failure, key, - rend_cache_failure_t *, ent) { - /* Free and remove every intro failure object that match the cutoff. */ - DIGESTMAP_FOREACH_MODIFY(ent->intro_failures, ip_key, - rend_cache_failure_intro_t *, ip_ent) { - if (ip_ent->created_ts < cutoff) { - rend_cache_failure_intro_entry_free(ip_ent); - MAP_DEL_CURRENT(ip_key); - } - } DIGESTMAP_FOREACH_END; - /* If the entry is now empty of intro point failures, remove it. */ - if (digestmap_isempty(ent->intro_failures)) { - rend_cache_failure_entry_free(ent); - MAP_DEL_CURRENT(key); - } - } STRMAP_FOREACH_END; -} - -/** Removes all old entries from the client or service descriptor cache. -*/ -void -rend_cache_clean(time_t now, rend_cache_type_t cache_type) -{ - strmap_iter_t *iter; - const char *key; - void *val; - rend_cache_entry_t *ent; - time_t cutoff = now - REND_CACHE_MAX_AGE - REND_CACHE_MAX_SKEW; - strmap_t *cache = NULL; - - if (cache_type == REND_CACHE_TYPE_CLIENT) { - cache = rend_cache; - } else if (cache_type == REND_CACHE_TYPE_SERVICE) { - cache = rend_cache_local_service; - } - tor_assert(cache); - - for (iter = strmap_iter_init(cache); !strmap_iter_done(iter); ) { - strmap_iter_get(iter, &key, &val); - ent = (rend_cache_entry_t*)val; - if (ent->parsed->timestamp < cutoff) { - iter = strmap_iter_next_rmv(cache, iter); - rend_cache_entry_free(ent); - } else { - iter = strmap_iter_next(cache, iter); - } - } -} - -/** Remove ALL entries from the rendezvous service descriptor cache. -*/ -void -rend_cache_purge(void) -{ - if (rend_cache) { - log_info(LD_REND, "Purging HS v2 descriptor cache"); - strmap_free(rend_cache, rend_cache_entry_free_void); - } - rend_cache = strmap_new(); -} - -/** Remove ALL entries from the failure cache. This is also called when a - * NEWNYM signal is received. */ -void -rend_cache_failure_purge(void) -{ - if (rend_cache_failure) { - log_info(LD_REND, "Purging HS v2 failure cache"); - strmap_free(rend_cache_failure, rend_cache_failure_entry_free_void); - } - rend_cache_failure = strmap_new(); -} - -/** Lookup the rend failure cache using a relay identity digest in - * <b>identity</b> which has DIGEST_LEN bytes and service ID <b>service_id</b> - * which is a null-terminated string. If @a intro_entry is provided, then it - * is set to the entry on success, and to NULL on failure. - * Return 1 iff found else 0. */ -STATIC int -cache_failure_intro_lookup(const uint8_t *identity, const char *service_id, - rend_cache_failure_intro_t **intro_entry) -{ - rend_cache_failure_t *elem; - rend_cache_failure_intro_t *intro_elem; - - tor_assert(rend_cache_failure); - - if (intro_entry) { - *intro_entry = NULL; - } - - /* Lookup descriptor and return it. */ - elem = strmap_get_lc(rend_cache_failure, service_id); - if (elem == NULL) { - goto not_found; - } - intro_elem = digestmap_get(elem->intro_failures, (char *) identity); - if (intro_elem == NULL) { - goto not_found; - } - if (intro_entry) { - *intro_entry = intro_elem; - } - return 1; - not_found: - return 0; -} - -/** Allocate a new cache failure intro object and copy the content from - * <b>entry</b> to this newly allocated object. Return it. */ -static rend_cache_failure_intro_t * -cache_failure_intro_dup(const rend_cache_failure_intro_t *entry) -{ - rend_cache_failure_intro_t *ent_dup = - rend_cache_failure_intro_entry_new(entry->failure_type); - ent_dup->created_ts = entry->created_ts; - return ent_dup; -} - -/** Add an intro point failure to the failure cache using the relay - * <b>identity</b> and service ID <b>service_id</b>. Record the - * <b>failure</b> in that object. */ -STATIC void -cache_failure_intro_add(const uint8_t *identity, const char *service_id, - rend_intro_point_failure_t failure) -{ - rend_cache_failure_t *fail_entry; - rend_cache_failure_intro_t *entry, *old_entry; - - /* Make sure we have a failure object for this service ID and if not, - * create it with this new intro failure entry. */ - fail_entry = strmap_get_lc(rend_cache_failure, service_id); - if (fail_entry == NULL) { - fail_entry = rend_cache_failure_entry_new(); - /* Add failure entry to global rend failure cache. */ - strmap_set_lc(rend_cache_failure, service_id, fail_entry); - } - entry = rend_cache_failure_intro_entry_new(failure); - old_entry = digestmap_set(fail_entry->intro_failures, - (char *) identity, entry); - /* This _should_ be NULL, but in case it isn't, free it. */ - rend_cache_failure_intro_entry_free(old_entry); -} - -/** Using a parsed descriptor <b>desc</b>, check if the introduction points - * are present in the failure cache and if so they are removed from the - * descriptor and kept into the failure cache. Then, each intro points that - * are NOT in the descriptor but in the failure cache for the given - * <b>service_id</b> are removed from the failure cache. */ -STATIC void -validate_intro_point_failure(const rend_service_descriptor_t *desc, - const char *service_id) -{ - rend_cache_failure_t *new_entry, *cur_entry; - /* New entry for the service ID that will be replacing the one in the - * failure cache since we have a new descriptor. In the case where all - * intro points are removed, we are assured that the new entry is the same - * as the current one. */ - new_entry = tor_malloc(sizeof(*new_entry)); - new_entry->intro_failures = digestmap_new(); - - tor_assert(desc); - - SMARTLIST_FOREACH_BEGIN(desc->intro_nodes, rend_intro_point_t *, intro) { - int found; - rend_cache_failure_intro_t *entry; - const uint8_t *identity = - (uint8_t *) intro->extend_info->identity_digest; - - found = cache_failure_intro_lookup(identity, service_id, &entry); - if (found) { - /* Dup here since it will be freed at the end when removing the - * original entry in the cache. */ - rend_cache_failure_intro_t *ent_dup = cache_failure_intro_dup(entry); - /* This intro point is in our cache, discard it from the descriptor - * because chances are that it's unusable. */ - SMARTLIST_DEL_CURRENT(desc->intro_nodes, intro); - /* Keep it for our new entry. */ - digestmap_set(new_entry->intro_failures, (char *) identity, ent_dup); - /* Only free it when we're done looking at it. */ - rend_intro_point_free(intro); - continue; - } - } SMARTLIST_FOREACH_END(intro); - - /* Swap the failure entry in the cache and free the current one. */ - cur_entry = strmap_get_lc(rend_cache_failure, service_id); - if (cur_entry != NULL) { - rend_cache_failure_entry_free(cur_entry); - } - strmap_set_lc(rend_cache_failure, service_id, new_entry); -} - -/** Note down an intro failure in the rend failure cache using the type of - * failure in <b>failure</b> for the relay identity digest in - * <b>identity</b> and service ID <b>service_id</b>. If an entry already - * exists in the cache, the failure type is changed with <b>failure</b>. */ -void -rend_cache_intro_failure_note(rend_intro_point_failure_t failure, - const uint8_t *identity, - const char *service_id) -{ - int found; - rend_cache_failure_intro_t *entry; - - found = cache_failure_intro_lookup(identity, service_id, &entry); - if (!found) { - cache_failure_intro_add(identity, service_id, failure); - } else { - /* Replace introduction point failure with this one. */ - entry->failure_type = failure; - } -} - -/** Remove all old v2 descriptors and those for which this hidden service - * directory is not responsible for any more. The cutoff is the time limit for - * which we want to keep the cache entry. In other words, any entry created - * before will be removed. */ -size_t -rend_cache_clean_v2_descs_as_dir(time_t cutoff) -{ - digestmap_iter_t *iter; - size_t bytes_removed = 0; - - for (iter = digestmap_iter_init(rend_cache_v2_dir); - !digestmap_iter_done(iter); ) { - const char *key; - void *val; - rend_cache_entry_t *ent; - digestmap_iter_get(iter, &key, &val); - ent = val; - if (ent->parsed->timestamp < cutoff) { - char key_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - base32_encode(key_base32, sizeof(key_base32), key, DIGEST_LEN); - log_info(LD_REND, "Removing descriptor with ID '%s' from cache", - safe_str_client(key_base32)); - bytes_removed += rend_cache_entry_allocation(ent); - iter = digestmap_iter_next_rmv(rend_cache_v2_dir, iter); - rend_cache_entry_free(ent); - } else { - iter = digestmap_iter_next(rend_cache_v2_dir, iter); - } - } - - return bytes_removed; -} - -/** Lookup in the client cache the given service ID <b>query</b> for - * <b>version</b>. - * - * Return 0 if found and if <b>e</b> is non NULL, set it with the entry - * found. Else, a negative value is returned and <b>e</b> is untouched. - * -EINVAL means that <b>query</b> is not a valid service id. - * -ENOENT means that no entry in the cache was found. */ -int -rend_cache_lookup_entry(const char *query, int version, rend_cache_entry_t **e) -{ - int ret = 0; - char key[REND_SERVICE_ID_LEN_BASE32 + 2]; /* <version><query>\0 */ - rend_cache_entry_t *entry = NULL; - static const int default_version = 2; - - tor_assert(query); - - /* This is possible if we are in the shutdown process and the cache was - * freed while some other subsystem might do a lookup to the cache for - * cleanup reasons such HS circuit cleanup for instance. */ - if (!rend_cache) { - ret = -ENOENT; - goto end; - } - - if (!rend_valid_v2_service_id(query)) { - ret = -EINVAL; - goto end; - } - - switch (version) { - case 0: - log_warn(LD_REND, "Cache lookup of a v0 renddesc is deprecated."); - break; - case 2: - /* Default is version 2. */ - default: - tor_snprintf(key, sizeof(key), "%d%s", default_version, query); - entry = strmap_get_lc(rend_cache, key); - break; - } - if (!entry) { - ret = -ENOENT; - goto end; - } - tor_assert(entry->parsed && entry->parsed->intro_nodes); - - if (e) { - *e = entry; - } - - end: - return ret; -} - -/* - * Lookup the v2 service descriptor with the service ID <b>query</b> in the - * local service descriptor cache. Return 0 if found and if <b>e</b> is - * non NULL, set it with the entry found. Else, a negative value is returned - * and <b>e</b> is untouched. - * -EINVAL means that <b>query</b> is not a valid service id. - * -ENOENT means that no entry in the cache was found. */ -int -rend_cache_lookup_v2_desc_as_service(const char *query, rend_cache_entry_t **e) -{ - int ret = 0; - rend_cache_entry_t *entry = NULL; - - tor_assert(rend_cache_local_service); - tor_assert(query); - - if (!rend_valid_v2_service_id(query)) { - ret = -EINVAL; - goto end; - } - - /* Lookup descriptor and return. */ - entry = strmap_get_lc(rend_cache_local_service, query); - if (!entry) { - ret = -ENOENT; - goto end; - } - - if (e) { - *e = entry; - } - - end: - return ret; -} - -/** Lookup the v2 service descriptor with base32-encoded <b>desc_id</b> and - * copy the pointer to it to *<b>desc</b>. Return 1 on success, 0 on - * well-formed-but-not-found, and -1 on failure. - */ -int -rend_cache_lookup_v2_desc_as_dir(const char *desc_id, const char **desc) -{ - rend_cache_entry_t *e; - char desc_id_digest[DIGEST_LEN]; - tor_assert(rend_cache_v2_dir); - if (base32_decode(desc_id_digest, DIGEST_LEN, - desc_id, REND_DESC_ID_V2_LEN_BASE32) != DIGEST_LEN) { - log_fn(LOG_PROTOCOL_WARN, LD_REND, - "Rejecting v2 rendezvous descriptor request -- descriptor ID " - "has wrong length or illegal characters: %s", - safe_str(desc_id)); - return -1; - } - /* Lookup descriptor and return. */ - e = digestmap_get(rend_cache_v2_dir, desc_id_digest); - if (e) { - *desc = e->desc; - e->last_served = approx_time(); - return 1; - } - return 0; -} - -/** Parse the v2 service descriptor(s) in <b>desc</b> and store it/them to the - * local rend cache. Don't attempt to decrypt the included list of introduction - * points (as we don't have a descriptor cookie for it). - * - * If we have a newer descriptor with the same ID, ignore this one. - * If we have an older descriptor with the same ID, replace it. - * - * Return 0 on success, or -1 if we couldn't parse any of them. - * - * We should only call this function for public (e.g. non bridge) relays. - */ -int -rend_cache_store_v2_desc_as_dir(const char *desc) -{ - const or_options_t *options = get_options(); - rend_service_descriptor_t *parsed; - char desc_id[DIGEST_LEN]; - char *intro_content; - size_t intro_size; - size_t encoded_size; - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - int number_parsed = 0, number_stored = 0; - const char *current_desc = desc; - const char *next_desc; - rend_cache_entry_t *e; - time_t now = time(NULL); - tor_assert(rend_cache_v2_dir); - tor_assert(desc); - while (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content, - &intro_size, &encoded_size, - &next_desc, current_desc, 1) >= 0) { - number_parsed++; - /* We don't care about the introduction points. */ - tor_free(intro_content); - /* For pretty log statements. */ - base32_encode(desc_id_base32, sizeof(desc_id_base32), - desc_id, DIGEST_LEN); - /* Is descriptor too old? */ - if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) { - log_info(LD_REND, "Service descriptor with desc ID %s is too old.", - safe_str(desc_id_base32)); - goto skip; - } - /* Is descriptor too far in the future? */ - if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) { - log_info(LD_REND, "Service descriptor with desc ID %s is too far in the " - "future.", - safe_str(desc_id_base32)); - goto skip; - } - /* Do we already have a newer descriptor? */ - e = digestmap_get(rend_cache_v2_dir, desc_id); - if (e && e->parsed->timestamp > parsed->timestamp) { - log_info(LD_REND, "We already have a newer service descriptor with the " - "same desc ID %s and version.", - safe_str(desc_id_base32)); - goto skip; - } - /* Do we already have this descriptor? */ - if (e && !strcmp(desc, e->desc)) { - log_info(LD_REND, "We already have this service descriptor with desc " - "ID %s.", safe_str(desc_id_base32)); - goto skip; - } - /* Store received descriptor. */ - if (!e) { - e = tor_malloc_zero(sizeof(rend_cache_entry_t)); - digestmap_set(rend_cache_v2_dir, desc_id, e); - /* Treat something just uploaded as having been served a little - * while ago, so that flooding with new descriptors doesn't help - * too much. - */ - e->last_served = approx_time() - 3600; - } else { - rend_cache_decrement_allocation(rend_cache_entry_allocation(e)); - rend_service_descriptor_free(e->parsed); - tor_free(e->desc); - } - e->parsed = parsed; - e->desc = tor_strndup(current_desc, encoded_size); - e->len = encoded_size; - rend_cache_increment_allocation(rend_cache_entry_allocation(e)); - log_info(LD_REND, "Successfully stored service descriptor with desc ID " - "'%s' and len %d.", - safe_str(desc_id_base32), (int)encoded_size); - /* Statistics: Note down this potentially new HS. */ - if (options->HiddenServiceStatistics) { - rep_hist_stored_maybe_new_hs(e->parsed->pk); - } - - number_stored++; - goto advance; - skip: - rend_service_descriptor_free(parsed); - advance: - /* advance to next descriptor, if available. */ - current_desc = next_desc; - /* check if there is a next descriptor. */ - if (!current_desc || - strcmpstart(current_desc, "rendezvous-service-descriptor ")) - break; - } - if (!number_parsed) { - log_info(LD_REND, "Could not parse any descriptor."); - return -1; - } - log_info(LD_REND, "Parsed %d and added %d descriptor%s.", - number_parsed, number_stored, number_stored != 1 ? "s" : ""); - return 0; -} - -/** Parse the v2 service descriptor in <b>desc</b> and store it to the -* local service rend cache. Don't attempt to decrypt the included list of -* introduction points. -* -* If we have a newer descriptor with the same ID, ignore this one. -* If we have an older descriptor with the same ID, replace it. -* -* Return 0 on success, or -1 if we couldn't understand the descriptor. -*/ -int -rend_cache_store_v2_desc_as_service(const char *desc) -{ - rend_service_descriptor_t *parsed = NULL; - char desc_id[DIGEST_LEN]; - char *intro_content = NULL; - size_t intro_size; - size_t encoded_size; - const char *next_desc; - char service_id[REND_SERVICE_ID_LEN_BASE32+1]; - rend_cache_entry_t *e; - int retval = -1; - tor_assert(rend_cache_local_service); - tor_assert(desc); - - /* Parse the descriptor. */ - if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content, - &intro_size, &encoded_size, - &next_desc, desc, 0) < 0) { - log_warn(LD_REND, "Could not parse descriptor."); - goto err; - } - /* Compute service ID from public key. */ - if (rend_get_service_id(parsed->pk, service_id)<0) { - log_warn(LD_REND, "Couldn't compute service ID."); - goto err; - } - - /* Do we already have a newer descriptor? Allow new descriptors with a - rounded timestamp equal to or newer than the current descriptor */ - e = (rend_cache_entry_t*) strmap_get_lc(rend_cache_local_service, - service_id); - if (e && e->parsed->timestamp > parsed->timestamp) { - log_info(LD_REND, "We already have a newer service descriptor for " - "service ID %s.", safe_str_client(service_id)); - goto okay; - } - /* We don't care about the introduction points. */ - tor_free(intro_content); - if (!e) { - e = tor_malloc_zero(sizeof(rend_cache_entry_t)); - strmap_set_lc(rend_cache_local_service, service_id, e); - } else { - rend_cache_decrement_allocation(rend_cache_entry_allocation(e)); - rend_service_descriptor_free(e->parsed); - tor_free(e->desc); - } - e->parsed = parsed; - e->desc = tor_malloc_zero(encoded_size + 1); - strlcpy(e->desc, desc, encoded_size + 1); - e->len = encoded_size; - rend_cache_increment_allocation(rend_cache_entry_allocation(e)); - log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.", - safe_str_client(service_id), (int)encoded_size); - return 0; - - okay: - retval = 0; - - err: - rend_service_descriptor_free(parsed); - tor_free(intro_content); - return retval; -} - -/** Parse the v2 service descriptor in <b>desc</b>, decrypt the included list - * of introduction points with <b>descriptor_cookie</b> (which may also be - * <b>NULL</b> if decryption is not necessary), and store the descriptor to - * the local cache under its version and service id. - * - * If we have a newer v2 descriptor with the same ID, ignore this one. - * If we have an older descriptor with the same ID, replace it. - * If the descriptor's service ID does not match - * <b>rend_query</b>-\>onion_address, reject it. - * - * If the descriptor's descriptor ID doesn't match <b>desc_id_base32</b>, - * reject it. - * - * Return 0 on success, or -1 if we rejected the descriptor. - * If entry is not NULL, set it with the cache entry pointer of the descriptor. - */ -int -rend_cache_store_v2_desc_as_client(const char *desc, - const char *desc_id_base32, - const rend_data_t *rend_query, - rend_cache_entry_t **entry) -{ - /*XXXX this seems to have a bit of duplicate code with - * rend_cache_store_v2_desc_as_dir(). Fix that. */ - /* Though having similar elements, both functions were separated on - * purpose: - * - dirs don't care about encoded/encrypted introduction points, clients - * do. - * - dirs store descriptors in a separate cache by descriptor ID, whereas - * clients store them by service ID; both caches are different data - * structures and have different access methods. - * - dirs store a descriptor only if they are responsible for its ID, - * clients do so in every way (because they have requested it before). - * - dirs can process multiple concatenated descriptors which is required - * for replication, whereas clients only accept a single descriptor. - * Thus, combining both methods would result in a lot of if statements - * which probably would not improve, but worsen code readability. -KL */ - rend_service_descriptor_t *parsed = NULL; - char desc_id[DIGEST_LEN]; - char *intro_content = NULL; - size_t intro_size; - size_t encoded_size; - const char *next_desc; - time_t now = time(NULL); - char key[REND_SERVICE_ID_LEN_BASE32+2]; - char service_id[REND_SERVICE_ID_LEN_BASE32+1]; - char want_desc_id[DIGEST_LEN]; - rend_cache_entry_t *e; - int retval = -1; - rend_data_v2_t *rend_data = TO_REND_DATA_V2(rend_query); - - tor_assert(rend_cache); - tor_assert(desc); - tor_assert(desc_id_base32); - memset(want_desc_id, 0, sizeof(want_desc_id)); - if (entry) { - *entry = NULL; - } - if (base32_decode(want_desc_id, sizeof(want_desc_id), - desc_id_base32, strlen(desc_id_base32)) != - sizeof(want_desc_id)) { - log_warn(LD_BUG, "Couldn't decode base32 %s for descriptor id.", - escaped_safe_str_client(desc_id_base32)); - goto err; - } - /* Parse the descriptor. */ - if (rend_parse_v2_service_descriptor(&parsed, desc_id, &intro_content, - &intro_size, &encoded_size, - &next_desc, desc, 0) < 0) { - log_warn(LD_REND, "Could not parse descriptor."); - goto err; - } - /* Compute service ID from public key. */ - if (rend_get_service_id(parsed->pk, service_id)<0) { - log_warn(LD_REND, "Couldn't compute service ID."); - goto err; - } - if (rend_data->onion_address[0] != '\0' && - strcmp(rend_data->onion_address, service_id)) { - log_warn(LD_REND, "Received service descriptor for service ID %s; " - "expected descriptor for service ID %s.", - service_id, safe_str(rend_data->onion_address)); - goto err; - } - if (tor_memneq(desc_id, want_desc_id, DIGEST_LEN)) { - log_warn(LD_REND, "Received service descriptor for %s with incorrect " - "descriptor ID.", service_id); - goto err; - } - - /* Decode/decrypt introduction points. */ - if (intro_content && intro_size > 0) { - int n_intro_points; - if (rend_data->auth_type != REND_NO_AUTH && - !safe_mem_is_zero(rend_data->descriptor_cookie, - sizeof(rend_data->descriptor_cookie))) { - char *ipos_decrypted = NULL; - size_t ipos_decrypted_size; - if (rend_decrypt_introduction_points(&ipos_decrypted, - &ipos_decrypted_size, - rend_data->descriptor_cookie, - intro_content, - intro_size) < 0) { - log_warn(LD_REND, "Failed to decrypt introduction points. We are " - "probably unable to parse the encoded introduction points."); - } else { - /* Replace encrypted with decrypted introduction points. */ - log_info(LD_REND, "Successfully decrypted introduction points."); - tor_free(intro_content); - intro_content = ipos_decrypted; - intro_size = ipos_decrypted_size; - } - } - n_intro_points = rend_parse_introduction_points(parsed, intro_content, - intro_size); - if (n_intro_points <= 0) { - log_warn(LD_REND, "Failed to parse introduction points. Either the " - "service has published a corrupt descriptor or you have " - "provided invalid authorization data."); - goto err; - } else if (n_intro_points > MAX_INTRO_POINTS) { - log_warn(LD_REND, "Found too many introduction points on a hidden " - "service descriptor for %s. This is probably a (misguided) " - "attempt to improve reliability, but it could also be an " - "attempt to do a guard enumeration attack. Rejecting.", - safe_str_client(service_id)); - - goto err; - } - } else { - log_info(LD_REND, "Descriptor does not contain any introduction points."); - parsed->intro_nodes = smartlist_new(); - } - /* We don't need the encoded/encrypted introduction points any longer. */ - tor_free(intro_content); - /* Is descriptor too old? */ - if (parsed->timestamp < now - REND_CACHE_MAX_AGE-REND_CACHE_MAX_SKEW) { - log_warn(LD_REND, "Service descriptor with service ID %s is too old.", - safe_str_client(service_id)); - goto err; - } - /* Is descriptor too far in the future? */ - if (parsed->timestamp > now + REND_CACHE_MAX_SKEW) { - log_warn(LD_REND, "Service descriptor with service ID %s is too far in " - "the future.", safe_str_client(service_id)); - goto err; - } - /* Do we have the same exact copy already in our cache? */ - tor_snprintf(key, sizeof(key), "2%s", service_id); - e = (rend_cache_entry_t*) strmap_get_lc(rend_cache, key); - if (e && !strcmp(desc, e->desc)) { - log_info(LD_REND,"We already have this service descriptor %s.", - safe_str_client(service_id)); - goto okay; - } - /* Verify that we are not replacing an older descriptor. It's important to - * avoid an evil HSDir serving old descriptor. We validate if the - * timestamp is greater than and not equal because it's a rounded down - * timestamp to the hour so if the descriptor changed in the same hour, - * the rend cache failure will tell us if we have a new descriptor. */ - if (e && e->parsed->timestamp > parsed->timestamp) { - log_info(LD_REND, "We already have a new enough service descriptor for " - "service ID %s with the same desc ID and version.", - safe_str_client(service_id)); - goto okay; - } - /* Lookup our failure cache for intro point that might be unusable. */ - validate_intro_point_failure(parsed, service_id); - /* It's now possible that our intro point list is empty, which means that - * this descriptor is useless to us because intro points have all failed - * somehow before. Discard the descriptor. */ - if (smartlist_len(parsed->intro_nodes) == 0) { - log_info(LD_REND, "Service descriptor with service ID %s has no " - "usable intro points. Discarding it.", - safe_str_client(service_id)); - goto err; - } - /* Now either purge the current one and replace its content or create a - * new one and add it to the rend cache. */ - if (!e) { - e = tor_malloc_zero(sizeof(rend_cache_entry_t)); - strmap_set_lc(rend_cache, key, e); - } else { - rend_cache_decrement_allocation(rend_cache_entry_allocation(e)); - rend_cache_failure_remove(e->parsed); - rend_service_descriptor_free(e->parsed); - tor_free(e->desc); - } - e->parsed = parsed; - e->desc = tor_malloc_zero(encoded_size + 1); - strlcpy(e->desc, desc, encoded_size + 1); - e->len = encoded_size; - rend_cache_increment_allocation(rend_cache_entry_allocation(e)); - log_debug(LD_REND,"Successfully stored rend desc '%s', len %d.", - safe_str_client(service_id), (int)encoded_size); - if (entry) { - *entry = e; - } - return 0; - - okay: - if (entry) { - *entry = e; - } - retval = 0; - - err: - rend_service_descriptor_free(parsed); - tor_free(intro_content); - return retval; -} diff --git a/src/feature/rend/rendcache.h b/src/feature/rend/rendcache.h deleted file mode 100644 index 45410610b4..0000000000 --- a/src/feature/rend/rendcache.h +++ /dev/null @@ -1,132 +0,0 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file rendcache.h - * \brief Header file for rendcache.c - **/ - -#ifndef TOR_RENDCACHE_H -#define TOR_RENDCACHE_H - -#include "core/or/or.h" -#include "feature/rend/rendcommon.h" - -/** How old do we let hidden service descriptors get before discarding - * them as too old? */ -#define REND_CACHE_MAX_AGE (2*24*60*60) -/** How wrong do we assume our clock may be when checking whether hidden - * services are too old or too new? */ -#define REND_CACHE_MAX_SKEW (24*60*60) -/** How old do we keep an intro point failure entry in the failure cache? */ -#define REND_CACHE_FAILURE_MAX_AGE (5*60) - -/* Do not allow more than this many introduction points in a hidden service - * descriptor */ -#define MAX_INTRO_POINTS 10 - -/** A cached rendezvous descriptor. */ -typedef struct rend_cache_entry_t { - size_t len; /**< Length of <b>desc</b> */ - time_t last_served; /**< When did we last write this one to somebody? - * (HSDir only) */ - char *desc; /**< Service descriptor */ - rend_service_descriptor_t *parsed; /**< Parsed value of 'desc' */ -} rend_cache_entry_t; - -/* Introduction point failure type. */ -typedef struct rend_cache_failure_intro_t { - /* When this intro point failure occurred thus we allocated this object and - * cache it. */ - time_t created_ts; - rend_intro_point_failure_t failure_type; -} rend_cache_failure_intro_t; - -/** Cache failure object indexed by service ID. */ -typedef struct rend_cache_failure_t { - /* Contains rend_cache_failure_intro_t indexed by identity digest. */ - digestmap_t *intro_failures; -} rend_cache_failure_t; - -typedef enum { - REND_CACHE_TYPE_CLIENT = 1, - REND_CACHE_TYPE_SERVICE = 2, -} rend_cache_type_t; - -/* Return maximum lifetime in seconds of a cache entry. */ -static inline time_t -rend_cache_max_entry_lifetime(void) -{ - return REND_CACHE_MAX_AGE + REND_CACHE_MAX_SKEW; -} - -void rend_cache_init(void); -void rend_cache_clean(time_t now, rend_cache_type_t cache_type); -void rend_cache_failure_clean(time_t now); -size_t rend_cache_clean_v2_descs_as_dir(time_t cutoff); -void rend_cache_purge(void); -void rend_cache_free_all(void); -int rend_cache_lookup_entry(const char *query, int version, - rend_cache_entry_t **entry_out); -int rend_cache_lookup_v2_desc_as_service(const char *query, - rend_cache_entry_t **entry_out); -int rend_cache_lookup_v2_desc_as_dir(const char *query, const char **desc); - -int rend_cache_store_v2_desc_as_dir(const char *desc); -int rend_cache_store_v2_desc_as_service(const char *desc); -int rend_cache_store_v2_desc_as_client(const char *desc, - const char *desc_id_base32, - const rend_data_t *rend_query, - rend_cache_entry_t **entry); -size_t rend_cache_get_total_allocation(void); - -bool rend_cache_intro_failure_exists(const char *service_id, - const uint8_t *intro_identity); -void rend_cache_intro_failure_note(rend_intro_point_failure_t failure, - const uint8_t *identity, - const char *service_id); -void rend_cache_failure_purge(void); -void rend_cache_decrement_allocation(size_t n); -void rend_cache_increment_allocation(size_t n); - -#ifdef RENDCACHE_PRIVATE - -STATIC size_t rend_cache_entry_allocation(const rend_cache_entry_t *e); -STATIC void rend_cache_entry_free_(rend_cache_entry_t *e); -#define rend_cache_entry_free(e) \ - FREE_AND_NULL(rend_cache_entry_t, rend_cache_entry_free_, (e)) -STATIC void rend_cache_failure_intro_entry_free_(rend_cache_failure_intro_t - *entry); -#define rend_cache_failure_intro_entry_free(e) \ - FREE_AND_NULL(rend_cache_failure_intro_t, \ - rend_cache_failure_intro_entry_free_, (e)) -STATIC void rend_cache_failure_entry_free_(rend_cache_failure_t *entry); -#define rend_cache_failure_entry_free(e) \ - FREE_AND_NULL(rend_cache_failure_t, \ - rend_cache_failure_entry_free_, (e)) -STATIC int cache_failure_intro_lookup(const uint8_t *identity, - const char *service_id, - rend_cache_failure_intro_t - **intro_entry); -STATIC rend_cache_failure_intro_t *rend_cache_failure_intro_entry_new( - rend_intro_point_failure_t failure); -STATIC rend_cache_failure_t *rend_cache_failure_entry_new(void); -STATIC void rend_cache_failure_remove(rend_service_descriptor_t *desc); -STATIC void cache_failure_intro_add(const uint8_t *identity, - const char *service_id, - rend_intro_point_failure_t failure); -STATIC void validate_intro_point_failure(const rend_service_descriptor_t *desc, - const char *service_id); - -STATIC void rend_cache_failure_entry_free_void(void *entry); - -#ifdef TOR_UNIT_TESTS -extern strmap_t *rend_cache; -extern strmap_t *rend_cache_failure; -extern digestmap_t *rend_cache_v2_dir; -extern size_t rend_cache_total_allocation; -#endif /* defined(TOR_UNIT_TESTS) */ -#endif /* defined(RENDCACHE_PRIVATE) */ - -#endif /* !defined(TOR_RENDCACHE_H) */ - diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c deleted file mode 100644 index 3dda7cd46d..0000000000 --- a/src/feature/rend/rendclient.c +++ /dev/null @@ -1,1322 +0,0 @@ -/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file rendclient.c - * \brief Client code to access location-hidden services. - **/ - -#include "core/or/or.h" -#include "app/config/config.h" -#include "core/mainloop/connection.h" -#include "core/mainloop/mainloop.h" -#include "core/or/circuitbuild.h" -#include "core/or/circuitlist.h" -#include "core/or/circuituse.h" -#include "core/or/connection_edge.h" -#include "core/or/extendinfo.h" -#include "core/or/relay.h" -#include "feature/client/circpathbias.h" -#include "feature/control/control_events.h" -#include "feature/dirclient/dirclient.h" -#include "feature/dircommon/directory.h" -#include "feature/hs/hs_circuit.h" -#include "feature/hs/hs_client.h" -#include "feature/hs/hs_common.h" -#include "feature/nodelist/describe.h" -#include "feature/nodelist/networkstatus.h" -#include "feature/nodelist/nodelist.h" -#include "feature/nodelist/routerlist.h" -#include "feature/nodelist/routerset.h" -#include "feature/rend/rendclient.h" -#include "feature/rend/rendcommon.h" -#include "feature/stats/rephist.h" -#include "lib/crypt_ops/crypto_dh.h" -#include "lib/crypt_ops/crypto_rand.h" -#include "lib/crypt_ops/crypto_util.h" -#include "lib/encoding/confline.h" - -#include "core/or/cpath_build_state_st.h" -#include "core/or/crypt_path_st.h" -#include "feature/dircommon/dir_connection_st.h" -#include "core/or/entry_connection_st.h" -#include "core/or/extend_info_st.h" -#include "core/or/origin_circuit_st.h" -#include "feature/rend/rend_intro_point_st.h" -#include "feature/rend/rend_service_descriptor_st.h" -#include "feature/nodelist/routerstatus_st.h" - -static extend_info_t *rend_client_get_random_intro_impl( - const rend_cache_entry_t *rend_query, - const int strict, const int warnings); - -/** Purge all potentially remotely-detectable state held in the hidden - * service client code. Called on SIGNAL NEWNYM. */ -void -rend_client_purge_state(void) -{ - rend_cache_purge(); - rend_cache_failure_purge(); - rend_client_cancel_descriptor_fetches(); - hs_purge_last_hid_serv_requests(); -} - -/** Called when we've established a circuit to an introduction point: - * send the introduction request. */ -void -rend_client_introcirc_has_opened(origin_circuit_t *circ) -{ - tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING); - tor_assert(circ->cpath); - - log_info(LD_REND,"introcirc is open"); - connection_ap_attach_pending(1); -} - -/** Send the establish-rendezvous cell along a rendezvous circuit. if - * it fails, mark the circ for close and return -1. else return 0. - */ -static int -rend_client_send_establish_rendezvous(origin_circuit_t *circ) -{ - tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND); - tor_assert(circ->rend_data); - log_info(LD_REND, "Sending an ESTABLISH_RENDEZVOUS cell"); - - crypto_rand(circ->rend_data->rend_cookie, REND_COOKIE_LEN); - - /* Set timestamp_dirty, because circuit_expire_building expects it, - * and the rend cookie also means we've used the circ. */ - circ->base_.timestamp_dirty = time(NULL); - - /* We've attempted to use this circuit. Probe it if we fail */ - pathbias_count_use_attempt(circ); - - if (relay_send_command_from_edge(0, TO_CIRCUIT(circ), - RELAY_COMMAND_ESTABLISH_RENDEZVOUS, - circ->rend_data->rend_cookie, - REND_COOKIE_LEN, - circ->cpath->prev)<0) { - /* circ is already marked for close */ - log_warn(LD_GENERAL, "Couldn't send ESTABLISH_RENDEZVOUS cell"); - return -1; - } - - return 0; -} - -/** Called when we're trying to connect an ap conn; sends an INTRODUCE1 cell - * down introcirc if possible. - */ -int -rend_client_send_introduction(origin_circuit_t *introcirc, - origin_circuit_t *rendcirc) -{ - const or_options_t *options = get_options(); - size_t payload_len; - int r, v3_shift = 0; - char payload[RELAY_PAYLOAD_SIZE]; - char tmp[RELAY_PAYLOAD_SIZE]; - rend_cache_entry_t *entry = NULL; - crypt_path_t *cpath; - ptrdiff_t dh_offset; - crypto_pk_t *intro_key = NULL; - int status = 0; - const char *onion_address; - - tor_assert(introcirc->base_.purpose == CIRCUIT_PURPOSE_C_INTRODUCING); - tor_assert(rendcirc->base_.purpose == CIRCUIT_PURPOSE_C_REND_READY); - tor_assert(introcirc->rend_data); - tor_assert(rendcirc->rend_data); - tor_assert(!rend_cmp_service_ids(rend_data_get_address(introcirc->rend_data), - rend_data_get_address(rendcirc->rend_data))); - assert_circ_anonymity_ok(introcirc, options); - assert_circ_anonymity_ok(rendcirc, options); - onion_address = rend_data_get_address(introcirc->rend_data); - - r = rend_cache_lookup_entry(onion_address, -1, &entry); - /* An invalid onion address is not possible else we have a big issue. */ - tor_assert(r != -EINVAL); - if (r < 0 || !rend_client_any_intro_points_usable(entry)) { - /* If the descriptor is not found or the intro points are not usable - * anymore, trigger a fetch. */ - log_info(LD_REND, - "query %s didn't have valid rend desc in cache. " - "Refetching descriptor.", - safe_str_client(onion_address)); - rend_client_refetch_v2_renddesc(introcirc->rend_data); - { - connection_t *conn; - - while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP, - AP_CONN_STATE_CIRCUIT_WAIT, onion_address))) { - connection_ap_mark_as_waiting_for_renddesc(TO_ENTRY_CONN(conn)); - } - } - - status = -1; - goto cleanup; - } - - /* first 20 bytes of payload are the hash of the service's pk */ - intro_key = NULL; - SMARTLIST_FOREACH(entry->parsed->intro_nodes, rend_intro_point_t *, - intro, { - if (tor_memeq(introcirc->build_state->chosen_exit->identity_digest, - intro->extend_info->identity_digest, DIGEST_LEN)) { - intro_key = intro->intro_key; - break; - } - }); - if (!intro_key) { - log_info(LD_REND, "Could not find intro key for %s at %s; we " - "have a v2 rend desc with %d intro points. " - "Trying a different intro point...", - safe_str_client(onion_address), - safe_str_client(extend_info_describe( - introcirc->build_state->chosen_exit)), - smartlist_len(entry->parsed->intro_nodes)); - - if (hs_client_reextend_intro_circuit(introcirc)) { - status = -2; - goto perm_err; - } else { - status = -1; - goto cleanup; - } - } - if (crypto_pk_get_digest(intro_key, payload)<0) { - log_warn(LD_BUG, "Internal error: couldn't hash public key."); - status = -2; - goto perm_err; - } - - /* Initialize the pending_final_cpath and start the DH handshake. */ - cpath = rendcirc->build_state->pending_final_cpath; - if (!cpath) { - cpath = rendcirc->build_state->pending_final_cpath = - tor_malloc_zero(sizeof(crypt_path_t)); - cpath->magic = CRYPT_PATH_MAGIC; - if (!(cpath->rend_dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) { - log_warn(LD_BUG, "Internal error: couldn't allocate DH."); - status = -2; - goto perm_err; - } - if (crypto_dh_generate_public(cpath->rend_dh_handshake_state)<0) { - log_warn(LD_BUG, "Internal error: couldn't generate g^x."); - status = -2; - goto perm_err; - } - } - - /* If version is 3, write (optional) auth data and timestamp. */ - if (entry->parsed->protocols & (1<<3)) { - tmp[0] = 3; /* version 3 of the cell format */ - /* auth type, if any */ - tmp[1] = (uint8_t) TO_REND_DATA_V2(introcirc->rend_data)->auth_type; - v3_shift = 1; - if (tmp[1] != REND_NO_AUTH) { - set_uint16(tmp+2, htons(REND_DESC_COOKIE_LEN)); - memcpy(tmp+4, TO_REND_DATA_V2(introcirc->rend_data)->descriptor_cookie, - REND_DESC_COOKIE_LEN); - v3_shift += 2+REND_DESC_COOKIE_LEN; - } - /* Once this held a timestamp. */ - set_uint32(tmp+v3_shift+1, 0); - v3_shift += 4; - } /* if version 2 only write version number */ - else if (entry->parsed->protocols & (1<<2)) { - tmp[0] = 2; /* version 2 of the cell format */ - } - - /* write the remaining items into tmp */ - if (entry->parsed->protocols & (1<<3) || entry->parsed->protocols & (1<<2)) { - /* version 2 format */ - extend_info_t *extend_info = rendcirc->build_state->chosen_exit; - int klen; - const tor_addr_port_t *orport = - extend_info_get_orport(extend_info, AF_INET); - IF_BUG_ONCE(! orport) { - /* we should never put an IPv6 address here. */ - goto perm_err; - } - /* nul pads */ - set_uint32(tmp+v3_shift+1, tor_addr_to_ipv4n(&orport->addr)); - set_uint16(tmp+v3_shift+5, htons(orport->port)); - memcpy(tmp+v3_shift+7, extend_info->identity_digest, DIGEST_LEN); - klen = crypto_pk_asn1_encode(extend_info->onion_key, - tmp+v3_shift+7+DIGEST_LEN+2, - sizeof(tmp)-(v3_shift+7+DIGEST_LEN+2)); - if (klen < 0) { - log_warn(LD_BUG,"Internal error: can't encode public key."); - status = -2; - goto perm_err; - } - set_uint16(tmp+v3_shift+7+DIGEST_LEN, htons(klen)); - memcpy(tmp+v3_shift+7+DIGEST_LEN+2+klen, rendcirc->rend_data->rend_cookie, - REND_COOKIE_LEN); - dh_offset = v3_shift+7+DIGEST_LEN+2+klen+REND_COOKIE_LEN; - } else { - /* Version 0. */ - - /* Some compilers are smart enough to work out that nickname can be more - * than 19 characters, when it's a hexdigest. They warn that strncpy() - * will truncate hexdigests without NUL-terminating them. But we only put - * hexdigests in HSDir and general circuit exits. */ - if (BUG(strlen(rendcirc->build_state->chosen_exit->nickname) - > MAX_NICKNAME_LEN)) { - goto perm_err; - } - strlcpy(tmp, rendcirc->build_state->chosen_exit->nickname, - sizeof(tmp)); - memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie, - REND_COOKIE_LEN); - dh_offset = MAX_NICKNAME_LEN+1+REND_COOKIE_LEN; - } - - if (crypto_dh_get_public(cpath->rend_dh_handshake_state, tmp+dh_offset, - DH1024_KEY_LEN)<0) { - log_warn(LD_BUG, "Internal error: couldn't extract g^x."); - status = -2; - goto perm_err; - } - - /*XXX maybe give crypto_pk_obsolete_public_hybrid_encrypt a max_len arg, - * to avoid buffer overflows? */ - r = crypto_pk_obsolete_public_hybrid_encrypt(intro_key, payload+DIGEST_LEN, - sizeof(payload)-DIGEST_LEN, - tmp, - (int)(dh_offset+DH1024_KEY_LEN), - PK_PKCS1_OAEP_PADDING, 0); - if (r<0) { - log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed."); - status = -2; - goto perm_err; - } - - payload_len = DIGEST_LEN + r; - tor_assert(payload_len <= RELAY_PAYLOAD_SIZE); /* we overran something */ - - /* Copy the rendezvous cookie from rendcirc to introcirc, so that - * when introcirc gets an ack, we can change the state of the right - * rendezvous circuit. */ - memcpy(introcirc->rend_data->rend_cookie, rendcirc->rend_data->rend_cookie, - REND_COOKIE_LEN); - - log_info(LD_REND, "Sending an INTRODUCE1 cell"); - if (relay_send_command_from_edge(0, TO_CIRCUIT(introcirc), - RELAY_COMMAND_INTRODUCE1, - payload, payload_len, - introcirc->cpath->prev)<0) { - /* introcirc is already marked for close. leave rendcirc alone. */ - log_warn(LD_BUG, "Couldn't send INTRODUCE1 cell"); - status = -2; - goto cleanup; - } - - /* Now, we wait for an ACK or NAK on this circuit. */ - circuit_change_purpose(TO_CIRCUIT(introcirc), - CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT); - /* Set timestamp_dirty, because circuit_expire_building expects it - * to specify when a circuit entered the _C_INTRODUCE_ACK_WAIT - * state. */ - introcirc->base_.timestamp_dirty = time(NULL); - - pathbias_count_use_attempt(introcirc); - - goto cleanup; - - perm_err: - if (!introcirc->base_.marked_for_close) - circuit_mark_for_close(TO_CIRCUIT(introcirc), END_CIRC_REASON_INTERNAL); - circuit_mark_for_close(TO_CIRCUIT(rendcirc), END_CIRC_REASON_INTERNAL); - cleanup: - memwipe(payload, 0, sizeof(payload)); - memwipe(tmp, 0, sizeof(tmp)); - - return status; -} - -/** Called when a rendezvous circuit is open; sends a establish - * rendezvous circuit as appropriate. */ -void -rend_client_rendcirc_has_opened(origin_circuit_t *circ) -{ - tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND); - - log_info(LD_REND,"rendcirc is open"); - - /* generate a rendezvous cookie, store it in circ */ - if (rend_client_send_establish_rendezvous(circ) < 0) { - return; - } -} - -/** - * Called to close other intro circuits we launched in parallel. - */ -static void -rend_client_close_other_intros(const uint8_t *rend_pk_digest) -{ - /* abort parallel intro circs, if any */ - SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, c) { - if ((c->purpose == CIRCUIT_PURPOSE_C_INTRODUCING || - c->purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT) && - !c->marked_for_close && CIRCUIT_IS_ORIGIN(c)) { - origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(c); - if (oc->rend_data && - rend_circuit_pk_digest_eq(oc, rend_pk_digest)) { - log_info(LD_REND|LD_CIRC, "Closing introduction circuit %d that we " - "built in parallel (Purpose %d).", oc->global_identifier, - c->purpose); - circuit_mark_for_close(c, END_CIRC_REASON_IP_NOW_REDUNDANT); - } - } - } - SMARTLIST_FOREACH_END(c); -} - -/** Called when get an ACK or a NAK for a REND_INTRODUCE1 cell. - */ -int -rend_client_introduction_acked(origin_circuit_t *circ, - const uint8_t *request, size_t request_len) -{ - const or_options_t *options = get_options(); - origin_circuit_t *rendcirc; - (void) request; // XXXX Use this. - - tor_assert(circ->build_state); - tor_assert(circ->build_state->chosen_exit); - assert_circ_anonymity_ok(circ, options); - tor_assert(circ->rend_data); - - if (request_len == 0) { - /* It's an ACK; the introduction point relayed our introduction request. */ - /* Locate the rend circ which is waiting to hear about this ack, - * and tell it. - */ - log_info(LD_REND,"Received ack. Telling rend circ..."); - rendcirc = circuit_get_ready_rend_circ_by_rend_data(circ->rend_data); - if (rendcirc) { /* remember the ack */ - assert_circ_anonymity_ok(rendcirc, options); - circuit_change_purpose(TO_CIRCUIT(rendcirc), - CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED); - /* Set timestamp_dirty, because circuit_expire_building expects - * it to specify when a circuit entered the - * _C_REND_READY_INTRO_ACKED state. */ - rendcirc->base_.timestamp_dirty = time(NULL); - } else { - log_info(LD_REND,"...Found no rend circ. Dropping on the floor."); - } - /* Save the rend data digest to a temporary object so that we don't access - * it after we mark the circuit for close. */ - const uint8_t *rend_digest_tmp = NULL; - size_t digest_len; - uint8_t *cached_rend_digest = NULL; - rend_digest_tmp = rend_data_get_pk_digest(circ->rend_data, &digest_len); - cached_rend_digest = tor_malloc_zero(digest_len); - memcpy(cached_rend_digest, rend_digest_tmp, digest_len); - - /* close the circuit: we won't need it anymore. */ - circuit_change_purpose(TO_CIRCUIT(circ), - CIRCUIT_PURPOSE_C_INTRODUCE_ACKED); - circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED); - - /* close any other intros launched in parallel */ - rend_client_close_other_intros(cached_rend_digest); - tor_free(cached_rend_digest); /* free the temporary digest */ - } else { - /* It's a NAK; the introduction point didn't relay our request. */ - circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_C_INTRODUCING); - /* Remove this intro point from the set of viable introduction - * points. If any remain, extend to a new one and try again. - * If none remain, refetch the service descriptor. - */ - log_info(LD_REND, "Got nack for %s from %s...", - safe_str_client(rend_data_get_address(circ->rend_data)), - safe_str_client(extend_info_describe(circ->build_state->chosen_exit))); - if (rend_client_report_intro_point_failure(circ->build_state->chosen_exit, - circ->rend_data, - INTRO_POINT_FAILURE_GENERIC)>0) { - /* There are introduction points left. Re-extend the circuit to - * another intro point and try again. */ - int result = hs_client_reextend_intro_circuit(circ); - /* XXXX If that call failed, should we close the rend circuit, - * too? */ - return result; - } else { - /* Close circuit because no more intro points are usable thus not - * useful anymore. Change it's purpose before so we don't report an - * intro point failure again triggering an extra descriptor fetch. */ - circuit_change_purpose(TO_CIRCUIT(circ), - CIRCUIT_PURPOSE_C_INTRODUCE_ACKED); - circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_FINISHED); - } - } - return 0; -} - -/** Determine the responsible hidden service directories for <b>desc_id</b> - * and fetch the descriptor with that ID from one of them. Only - * send a request to a hidden service directory that we have not yet tried - * during this attempt to connect to this hidden service; on success, return 1, - * in the case that no hidden service directory is left to ask for the - * descriptor, return 0, and in case of a failure -1. */ -static int -directory_get_from_hs_dir(const char *desc_id, - const rend_data_t *rend_query, - routerstatus_t *rs_hsdir) -{ - routerstatus_t *hs_dir = rs_hsdir; - char *hsdir_fp; - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64]; - const rend_data_v2_t *rend_data; - const int how_to_fetch = DIRIND_ANONYMOUS; - - tor_assert(desc_id); - tor_assert(rend_query); - rend_data = TO_REND_DATA_V2(rend_query); - - base32_encode(desc_id_base32, sizeof(desc_id_base32), - desc_id, DIGEST_LEN); - - /* Automatically pick an hs dir if none given. */ - if (!rs_hsdir) { - bool rate_limited = false; - - /* Determine responsible dirs. Even if we can't get all we want, work with - * the ones we have. If it's empty, we'll notice in hs_pick_hsdir(). */ - smartlist_t *responsible_dirs = smartlist_new(); - hid_serv_get_responsible_directories(responsible_dirs, desc_id); - - hs_dir = hs_pick_hsdir(responsible_dirs, desc_id_base32, &rate_limited); - if (!hs_dir) { - /* No suitable hs dir can be found, stop right now. */ - const char *query_response = (rate_limited) ? "QUERY_RATE_LIMITED" : - "QUERY_NO_HSDIR"; - control_event_hsv2_descriptor_failed(rend_query, NULL, query_response); - control_event_hs_descriptor_content(rend_data_get_address(rend_query), - desc_id_base32, NULL, NULL); - return 0; - } - } - - /* Add a copy of the HSDir identity digest to the query so we can track it - * on the control port. */ - hsdir_fp = tor_memdup(hs_dir->identity_digest, - sizeof(hs_dir->identity_digest)); - smartlist_add(rend_query->hsdirs_fp, hsdir_fp); - - /* Encode descriptor cookie for logging purposes. Also, if the cookie is - * malformed, no fetch is triggered thus this needs to be done before the - * fetch request. */ - if (rend_data->auth_type != REND_NO_AUTH) { - if (base64_encode(descriptor_cookie_base64, - sizeof(descriptor_cookie_base64), - rend_data->descriptor_cookie, - REND_DESC_COOKIE_LEN, - 0)<0) { - log_warn(LD_BUG, "Could not base64-encode descriptor cookie."); - control_event_hsv2_descriptor_failed(rend_query, hsdir_fp, "BAD_DESC"); - control_event_hs_descriptor_content(rend_data_get_address(rend_query), - desc_id_base32, hsdir_fp, NULL); - return 0; - } - /* Remove == signs. */ - descriptor_cookie_base64[strlen(descriptor_cookie_base64)-2] = '\0'; - } else { - strlcpy(descriptor_cookie_base64, "(none)", - sizeof(descriptor_cookie_base64)); - } - - /* Send fetch request. (Pass query and possibly descriptor cookie so that - * they can be written to the directory connection and be referred to when - * the response arrives. */ - directory_request_t *req = - directory_request_new(DIR_PURPOSE_FETCH_RENDDESC_V2); - directory_request_set_routerstatus(req, hs_dir); - directory_request_set_indirection(req, how_to_fetch); - directory_request_set_resource(req, desc_id_base32); - directory_request_set_rend_query(req, rend_query); - directory_initiate_request(req); - directory_request_free(req); - - log_info(LD_REND, "Sending fetch request for v2 descriptor for " - "service '%s' with descriptor ID '%s', auth type %d, " - "and descriptor cookie '%s' to hidden service " - "directory %s", - rend_data->onion_address, desc_id_base32, - rend_data->auth_type, - (rend_data->auth_type == REND_NO_AUTH ? "[none]" : - escaped_safe_str_client(descriptor_cookie_base64)), - routerstatus_describe(hs_dir)); - control_event_hs_descriptor_requested(rend_data->onion_address, - rend_data->auth_type, - hs_dir->identity_digest, - desc_id_base32, NULL); - return 1; -} - -/** Remove tracked HSDir requests from our history for this hidden service - * descriptor <b>desc_id</b> (of size DIGEST_LEN) */ -static void -purge_v2_hidserv_req(const char *desc_id) -{ - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - - /* The hsdir request tracker stores v2 keys using the base32 encoded - desc_id. Do it: */ - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_id, - DIGEST_LEN); - hs_purge_hid_serv_from_last_hid_serv_requests(desc_id_base32); -} - -/** Fetch a v2 descriptor using the given descriptor id. If any hsdir(s) are - * given, they will be used instead. - * - * On success, 1 is returned. If no hidden service is left to ask, return 0. - * On error, -1 is returned. */ -static int -fetch_v2_desc_by_descid(const char *desc_id, - const rend_data_t *rend_query, smartlist_t *hsdirs) -{ - int ret; - - tor_assert(rend_query); - - if (!hsdirs) { - ret = directory_get_from_hs_dir(desc_id, rend_query, NULL); - goto end; /* either success or failure, but we're done */ - } - - /* Using the given hsdir list, trigger a fetch on each of them. */ - SMARTLIST_FOREACH_BEGIN(hsdirs, routerstatus_t *, hs_dir) { - /* This should always be a success. */ - ret = directory_get_from_hs_dir(desc_id, rend_query, hs_dir); - tor_assert(ret); - } SMARTLIST_FOREACH_END(hs_dir); - - /* Everything went well. */ - ret = 0; - - end: - return ret; -} - -/** Fetch a v2 descriptor using the onion address in the given query object. - * This will compute the descriptor id for each replicas and fetch it on the - * given hsdir(s) if any or the responsible ones that are chosen - * automatically. - * - * On success, 1 is returned. If no hidden service is left to ask, return 0. - * On error, -1 is returned. */ -static int -fetch_v2_desc_by_addr(rend_data_t *rend_query, smartlist_t *hsdirs) -{ - char descriptor_id[DIGEST_LEN]; - int replicas_left_to_try[REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS]; - int i, tries_left, ret; - rend_data_v2_t *rend_data = TO_REND_DATA_V2(rend_query); - - /* Randomly iterate over the replicas until a descriptor can be fetched - * from one of the consecutive nodes, or no options are left. */ - for (i = 0; i < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; i++) { - replicas_left_to_try[i] = i; - } - - tries_left = REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; - while (tries_left > 0) { - int rand_val = crypto_rand_int(tries_left); - int chosen_replica = replicas_left_to_try[rand_val]; - replicas_left_to_try[rand_val] = replicas_left_to_try[--tries_left]; - - ret = rend_compute_v2_desc_id(descriptor_id, - rend_data->onion_address, - rend_data->auth_type == REND_STEALTH_AUTH ? - rend_data->descriptor_cookie : NULL, - time(NULL), chosen_replica); - if (ret < 0) { - /* Normally, on failure the descriptor_id is untouched but let's be - * safe in general in case the function changes at some point. */ - goto end; - } - - if (tor_memcmp(descriptor_id, rend_data->descriptor_id[chosen_replica], - sizeof(descriptor_id)) != 0) { - /* Not equal from what we currently have so purge the last hid serv - * request cache and update the descriptor ID with the new value. */ - purge_v2_hidserv_req(rend_data->descriptor_id[chosen_replica]); - memcpy(rend_data->descriptor_id[chosen_replica], descriptor_id, - sizeof(rend_data->descriptor_id[chosen_replica])); - } - - /* Trigger the fetch with the computed descriptor ID. */ - ret = fetch_v2_desc_by_descid(descriptor_id, rend_query, hsdirs); - if (ret != 0) { - /* Either on success or failure, as long as we tried a fetch we are - * done here. */ - goto end; - } - } - - /* If we come here, there are no hidden service directories left. */ - log_info(LD_REND, "Could not pick one of the responsible hidden " - "service directories to fetch descriptors, because " - "we already tried them all unsuccessfully."); - ret = 0; - - end: - memwipe(descriptor_id, 0, sizeof(descriptor_id)); - return ret; -} - -/** Fetch a v2 descriptor using the given query. If any hsdir are specified, - * use them for the fetch. - * - * On success, 1 is returned. If no hidden service is left to ask, return 0. - * On error, -1 is returned. */ -int -rend_client_fetch_v2_desc(rend_data_t *query, smartlist_t *hsdirs) -{ - int ret; - rend_data_v2_t *rend_data; - const char *onion_address; - - tor_assert(query); - - /* Get the version 2 data structure of the query. */ - rend_data = TO_REND_DATA_V2(query); - onion_address = rend_data_get_address(query); - - /* Depending on what's available in the rend data query object, we will - * trigger a fetch by HS address or using a descriptor ID. */ - - if (onion_address[0] != '\0') { - ret = fetch_v2_desc_by_addr(query, hsdirs); - } else if (!tor_digest_is_zero(rend_data->desc_id_fetch)) { - ret = fetch_v2_desc_by_descid(rend_data->desc_id_fetch, query, - hsdirs); - } else { - /* Query data is invalid. */ - ret = -1; - goto error; - } - - error: - return ret; -} - -/** Unless we already have a descriptor for <b>rend_query</b> with at least - * one (possibly) working introduction point in it, start a connection to a - * hidden service directory to fetch a v2 rendezvous service descriptor. */ -void -rend_client_refetch_v2_renddesc(rend_data_t *rend_query) -{ - rend_cache_entry_t *e = NULL; - const char *onion_address = rend_data_get_address(rend_query); - - tor_assert(rend_query); - /* Before fetching, check if we already have a usable descriptor here. */ - if (rend_cache_lookup_entry(onion_address, -1, &e) == 0 && - rend_client_any_intro_points_usable(e)) { - log_info(LD_REND, "We would fetch a v2 rendezvous descriptor, but we " - "already have a usable descriptor here. Not fetching."); - return; - } - /* Are we configured to fetch descriptors? */ - if (!get_options()->FetchHidServDescriptors) { - log_warn(LD_REND, "We received an onion address for a v2 rendezvous " - "service descriptor, but are not fetching service descriptors."); - return; - } - log_debug(LD_REND, "Fetching v2 rendezvous descriptor for service %s", - safe_str_client(onion_address)); - - rend_client_fetch_v2_desc(rend_query, NULL); - /* We don't need to look the error code because either on failure or - * success, the necessary steps to continue the HS connection will be - * triggered once the descriptor arrives or if all fetch failed. */ - return; -} - -/** Cancel all rendezvous descriptor fetches currently in progress. - */ -void -rend_client_cancel_descriptor_fetches(void) -{ - smartlist_t *connection_array = get_connection_array(); - - SMARTLIST_FOREACH_BEGIN(connection_array, connection_t *, conn) { - if (conn->type == CONN_TYPE_DIR && - conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2) { - /* It's a rendezvous descriptor fetch in progress -- cancel it - * by marking the connection for close. - * - * Even if this connection has already reached EOF, this is - * enough to make sure that if the descriptor hasn't been - * processed yet, it won't be. See the end of - * connection_handle_read; connection_reached_eof (indirectly) - * processes whatever response the connection received. */ - - const rend_data_t *rd = (TO_DIR_CONN(conn))->rend_data; - if (!rd) { - log_warn(LD_BUG | LD_REND, - "Marking for close dir conn fetching rendezvous " - "descriptor for unknown service!"); - } else { - log_debug(LD_REND, "Marking for close dir conn fetching " - "rendezvous descriptor for service %s", - safe_str(rend_data_get_address(rd))); - } - connection_mark_for_close(conn); - } - } SMARTLIST_FOREACH_END(conn); -} - -/** Mark <b>failed_intro</b> as a failed introduction point for the - * hidden service specified by <b>rend_query</b>. If the HS now has no - * usable intro points, or we do not have an HS descriptor for it, - * then launch a new renddesc fetch. - * - * If <b>failure_type</b> is INTRO_POINT_FAILURE_GENERIC, remove the - * intro point from (our parsed copy of) the HS descriptor. - * - * If <b>failure_type</b> is INTRO_POINT_FAILURE_TIMEOUT, mark the - * intro point as 'timed out'; it will not be retried until the - * current hidden service connection attempt has ended or it has - * appeared in a newly fetched rendezvous descriptor. - * - * If <b>failure_type</b> is INTRO_POINT_FAILURE_UNREACHABLE, - * increment the intro point's reachability-failure count; if it has - * now failed MAX_INTRO_POINT_REACHABILITY_FAILURES or more times, - * remove the intro point from (our parsed copy of) the HS descriptor. - * - * Return -1 if error, 0 if no usable intro points remain or service - * unrecognized, 1 if recognized and some intro points remain. - */ -int -rend_client_report_intro_point_failure(extend_info_t *failed_intro, - rend_data_t *rend_data, - unsigned int failure_type) -{ - int i, r; - rend_cache_entry_t *ent; - connection_t *conn; - const char *onion_address = rend_data_get_address(rend_data); - - r = rend_cache_lookup_entry(onion_address, -1, &ent); - if (r < 0) { - /* Either invalid onion address or cache entry not found. */ - switch (-r) { - case EINVAL: - log_warn(LD_BUG, "Malformed service ID %s.", - escaped_safe_str_client(onion_address)); - return -1; - case ENOENT: - log_info(LD_REND, "Unknown service %s. Re-fetching descriptor.", - escaped_safe_str_client(onion_address)); - rend_client_refetch_v2_renddesc(rend_data); - return 0; - default: - log_warn(LD_BUG, "Unknown cache lookup returned code: %d", r); - return -1; - } - } - /* The intro points are not checked here if they are usable or not because - * this is called when an intro point circuit is closed thus there must be - * at least one intro point that is usable and is about to be flagged. */ - - for (i = 0; i < smartlist_len(ent->parsed->intro_nodes); i++) { - rend_intro_point_t *intro = smartlist_get(ent->parsed->intro_nodes, i); - if (tor_memeq(failed_intro->identity_digest, - intro->extend_info->identity_digest, DIGEST_LEN)) { - switch (failure_type) { - default: - log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.", - failure_type); - tor_fragile_assert(); - FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL; - case INTRO_POINT_FAILURE_GENERIC: - rend_cache_intro_failure_note(failure_type, - (uint8_t *)failed_intro->identity_digest, - onion_address); - rend_intro_point_free(intro); - smartlist_del(ent->parsed->intro_nodes, i); - break; - case INTRO_POINT_FAILURE_TIMEOUT: - intro->timed_out = 1; - break; - case INTRO_POINT_FAILURE_UNREACHABLE: - ++(intro->unreachable_count); - { - int zap_intro_point = - intro->unreachable_count >= MAX_INTRO_POINT_REACHABILITY_FAILURES; - log_info(LD_REND, "Failed to reach this intro point %u times.%s", - intro->unreachable_count, - zap_intro_point ? " Removing from descriptor.": ""); - if (zap_intro_point) { - rend_cache_intro_failure_note( - failure_type, - (uint8_t *) failed_intro->identity_digest, onion_address); - rend_intro_point_free(intro); - smartlist_del(ent->parsed->intro_nodes, i); - } - } - break; - } - break; - } - } - - if (! rend_client_any_intro_points_usable(ent)) { - log_info(LD_REND, - "No more intro points remain for %s. Re-fetching descriptor.", - escaped_safe_str_client(onion_address)); - rend_client_refetch_v2_renddesc(rend_data); - - /* move all pending streams back to renddesc_wait */ - /* NOTE: We can now do this faster, if we use pending_entry_connections */ - while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP, - AP_CONN_STATE_CIRCUIT_WAIT, - onion_address))) { - connection_ap_mark_as_waiting_for_renddesc(TO_ENTRY_CONN(conn)); - } - - return 0; - } - log_info(LD_REND,"%d options left for %s.", - smartlist_len(ent->parsed->intro_nodes), - escaped_safe_str_client(onion_address)); - return 1; -} - -/** The service sent us a rendezvous cell; join the circuits. */ -int -rend_client_receive_rendezvous(origin_circuit_t *circ, const uint8_t *request, - size_t request_len) -{ - if (request_len != DH1024_KEY_LEN+DIGEST_LEN) { - log_warn(LD_PROTOCOL,"Incorrect length (%d) on RENDEZVOUS2 cell.", - (int)request_len); - goto err; - } - - if (hs_circuit_setup_e2e_rend_circ_legacy_client(circ, request) < 0) { - log_warn(LD_GENERAL, "Failed to setup circ"); - goto err; - } - return 0; - - err: - circuit_mark_for_close(TO_CIRCUIT(circ), END_CIRC_REASON_TORPROTOCOL); - return -1; -} - -/** Find all the apconns in state AP_CONN_STATE_RENDDESC_WAIT that are - * waiting on <b>query</b>. If there's a working cache entry here with at - * least one intro point, move them to the next state. */ -void -rend_client_desc_trynow(const char *query) -{ - entry_connection_t *conn; - rend_cache_entry_t *entry; - const rend_data_t *rend_data; - time_t now = time(NULL); - - smartlist_t *conns = get_connection_array(); - SMARTLIST_FOREACH_BEGIN(conns, connection_t *, base_conn) { - if (base_conn->type != CONN_TYPE_AP || - base_conn->state != AP_CONN_STATE_RENDDESC_WAIT || - base_conn->marked_for_close) - continue; - conn = TO_ENTRY_CONN(base_conn); - rend_data = ENTRY_TO_EDGE_CONN(conn)->rend_data; - if (!rend_data) - continue; - const char *onion_address = rend_data_get_address(rend_data); - if (rend_cmp_service_ids(query, onion_address)) - continue; - assert_connection_ok(base_conn, now); - if (rend_cache_lookup_entry(onion_address, -1, - &entry) == 0 && - rend_client_any_intro_points_usable(entry)) { - /* either this fetch worked, or it failed but there was a - * valid entry from before which we should reuse */ - log_info(LD_REND,"Rend desc is usable. Launching circuits."); - base_conn->state = AP_CONN_STATE_CIRCUIT_WAIT; - - /* restart their timeout values, so they get a fair shake at - * connecting to the hidden service. */ - base_conn->timestamp_created = now; - base_conn->timestamp_last_read_allowed = now; - base_conn->timestamp_last_write_allowed = now; - - connection_ap_mark_as_pending_circuit(conn); - } else { /* 404, or fetch didn't get that far */ - log_notice(LD_REND,"Closing stream for '%s.onion': hidden service is " - "unavailable (try again later).", - safe_str_client(query)); - connection_mark_unattached_ap(conn, END_STREAM_REASON_RESOLVEFAILED); - rend_client_note_connection_attempt_ended(rend_data); - } - } SMARTLIST_FOREACH_END(base_conn); -} - -/** Clear temporary state used only during an attempt to connect to the - * hidden service with <b>rend_data</b>. Called when a connection attempt - * has ended; it is possible for this to be called multiple times while - * handling an ended connection attempt, and any future changes to this - * function must ensure it remains idempotent. */ -void -rend_client_note_connection_attempt_ended(const rend_data_t *rend_data) -{ - unsigned int have_onion = 0; - rend_cache_entry_t *cache_entry = NULL; - const char *onion_address = rend_data_get_address(rend_data); - rend_data_v2_t *rend_data_v2 = TO_REND_DATA_V2(rend_data); - - if (onion_address[0] != '\0') { - /* Ignore return value; we find an entry, or we don't. */ - (void) rend_cache_lookup_entry(onion_address, -1, &cache_entry); - have_onion = 1; - } - - /* Clear the timed_out flag on all remaining intro points for this HS. */ - if (cache_entry != NULL) { - SMARTLIST_FOREACH(cache_entry->parsed->intro_nodes, - rend_intro_point_t *, ip, - ip->timed_out = 0; ); - } - - /* Remove the HS's entries in last_hid_serv_requests. */ - if (have_onion) { - unsigned int replica; - for (replica = 0; replica < ARRAY_LENGTH(rend_data_v2->descriptor_id); - replica++) { - const char *desc_id = rend_data_v2->descriptor_id[replica]; - purge_v2_hidserv_req(desc_id); - } - log_info(LD_REND, "Connection attempt for %s has ended; " - "cleaning up temporary state.", - safe_str_client(onion_address)); - } else { - /* We only have an ID for a fetch. Probably used by HSFETCH. */ - purge_v2_hidserv_req(rend_data_v2->desc_id_fetch); - } -} - -/** Return a newly allocated extend_info_t* for a randomly chosen introduction - * point for the named hidden service. Return NULL if all introduction points - * have been tried and failed. - */ -extend_info_t * -rend_client_get_random_intro(const rend_data_t *rend_query) -{ - int ret; - extend_info_t *result; - rend_cache_entry_t *entry; - const char *onion_address = rend_data_get_address(rend_query); - - ret = rend_cache_lookup_entry(onion_address, -1, &entry); - if (ret < 0 || !rend_client_any_intro_points_usable(entry)) { - log_warn(LD_REND, - "Query '%s' didn't have valid rend desc in cache. Failing.", - safe_str_client(onion_address)); - /* XXX: Should we refetch the descriptor here if the IPs are not usable - * anymore ?. */ - return NULL; - } - - /* See if we can get a node that complies with ExcludeNodes */ - if ((result = rend_client_get_random_intro_impl(entry, 1, 1))) - return result; - /* If not, and StrictNodes is not set, see if we can return any old node - */ - if (!get_options()->StrictNodes) - return rend_client_get_random_intro_impl(entry, 0, 1); - return NULL; -} - -/** As rend_client_get_random_intro, except assume that StrictNodes is set - * iff <b>strict</b> is true. If <b>warnings</b> is false, don't complain - * to the user when we're out of nodes, even if StrictNodes is true. - */ -static extend_info_t * -rend_client_get_random_intro_impl(const rend_cache_entry_t *entry, - const int strict, - const int warnings) -{ - int i; - - rend_intro_point_t *intro; - const or_options_t *options = get_options(); - smartlist_t *usable_nodes; - int n_excluded = 0; - char service_id[REND_SERVICE_ID_LEN_BASE32 + 1]; - - /* We'll keep a separate list of the usable nodes. If this becomes empty, - * no nodes are usable. */ - usable_nodes = smartlist_new(); - smartlist_add_all(usable_nodes, entry->parsed->intro_nodes); - - /* Get service ID so we can use it to query the failure cache. If we fail to - * parse it, this cache entry is no good. */ - if (BUG(rend_get_service_id(entry->parsed->pk, service_id) < 0)) { - smartlist_free(usable_nodes); - return NULL; - } - - /* Remove the intro points that have timed out during this HS - * connection attempt from our list of usable nodes. */ - SMARTLIST_FOREACH_BEGIN(usable_nodes, const rend_intro_point_t *, ip) { - bool failed_intro = - rend_cache_intro_failure_exists(service_id, - (const uint8_t *) ip->extend_info->identity_digest); - if (ip->timed_out || failed_intro) { - SMARTLIST_DEL_CURRENT(usable_nodes, ip); - }; - } SMARTLIST_FOREACH_END(ip); - - again: - if (smartlist_len(usable_nodes) == 0) { - if (n_excluded && get_options()->StrictNodes && warnings) { - /* We only want to warn if StrictNodes is really set. Otherwise - * we're just about to retry anyways. - */ - log_warn(LD_REND, "All introduction points for hidden service are " - "at excluded relays, and StrictNodes is set. Skipping."); - } - smartlist_free(usable_nodes); - return NULL; - } - - i = crypto_rand_int(smartlist_len(usable_nodes)); - intro = smartlist_get(usable_nodes, i); - if (BUG(!intro->extend_info)) { - /* This should never happen, but it isn't fatal, just try another */ - smartlist_del(usable_nodes, i); - goto again; - } - /* All version 2 HS descriptors come with a TAP onion key. - * Clients used to try to get the TAP onion key from the consensus, but this - * meant that hidden services could discover which consensus clients have. */ - if (!extend_info_supports_tap(intro->extend_info)) { - log_info(LD_REND, "The HS descriptor is missing a TAP onion key for the " - "intro-point relay '%s'; trying another.", - safe_str_client(extend_info_describe(intro->extend_info))); - smartlist_del(usable_nodes, i); - goto again; - } - /* Check if we should refuse to talk to this router. */ - if (strict && - routerset_contains_extendinfo(options->ExcludeNodes, - intro->extend_info)) { - n_excluded++; - smartlist_del(usable_nodes, i); - goto again; - } - - smartlist_free(usable_nodes); - return extend_info_dup(intro->extend_info); -} - -/** Return true iff any introduction points still listed in <b>entry</b> are - * usable. */ -int -rend_client_any_intro_points_usable(const rend_cache_entry_t *entry) -{ - extend_info_t *extend_info = - rend_client_get_random_intro_impl(entry, get_options()->StrictNodes, 0); - - int rv = (extend_info != NULL); - - extend_info_free(extend_info); - return rv; -} - -/** Client-side authorizations for hidden services; map of onion address to - * rend_service_authorization_t*. */ -static strmap_t *auth_hid_servs = NULL; - -/** Look up the client-side authorization for the hidden service with - * <b>onion_address</b>. Return NULL if no authorization is available for - * that address. */ -rend_service_authorization_t* -rend_client_lookup_service_authorization(const char *onion_address) -{ - tor_assert(onion_address); - if (!auth_hid_servs) return NULL; - return strmap_get(auth_hid_servs, onion_address); -} - -#define rend_service_authorization_free(val) \ - FREE_AND_NULL(rend_service_authorization_t, \ - rend_service_authorization_free_, (val)) - -/** Helper: Free storage held by rend_service_authorization_t. */ -static void -rend_service_authorization_free_(rend_service_authorization_t *auth) -{ - tor_free(auth); -} - -/** Helper for strmap_free. */ -static void -rend_service_authorization_free_void(void *service_auth) -{ - rend_service_authorization_free_(service_auth); -} - -/** Release all the storage held in auth_hid_servs. - */ -void -rend_service_authorization_free_all(void) -{ - if (!auth_hid_servs) { - return; - } - strmap_free(auth_hid_servs, rend_service_authorization_free_void); - auth_hid_servs = NULL; -} - -/** Parse <b>config_line</b> as a client-side authorization for a hidden - * service and add it to the local map of hidden service authorizations. - * Return 0 for success and -1 for failure. */ -int -rend_parse_service_authorization(const or_options_t *options, - int validate_only) -{ - config_line_t *line; - int res = -1; - strmap_t *parsed = strmap_new(); - smartlist_t *sl = smartlist_new(); - rend_service_authorization_t *auth = NULL; - char *err_msg = NULL; - - for (line = options->HidServAuth; line; line = line->next) { - char *onion_address, *descriptor_cookie; - auth = NULL; - SMARTLIST_FOREACH(sl, char *, c, tor_free(c);); - smartlist_clear(sl); - smartlist_split_string(sl, line->value, " ", - SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 3); - if (smartlist_len(sl) < 2) { - log_warn(LD_CONFIG, "Configuration line does not consist of " - "\"onion-address authorization-cookie [service-name]\": " - "'%s'", line->value); - goto err; - } - auth = tor_malloc_zero(sizeof(rend_service_authorization_t)); - /* Parse onion address. */ - onion_address = smartlist_get(sl, 0); - if (strlen(onion_address) != REND_SERVICE_ADDRESS_LEN || - strcmpend(onion_address, ".onion")) { - log_warn(LD_CONFIG, "Onion address has wrong format: '%s'", - onion_address); - goto err; - } - strlcpy(auth->onion_address, onion_address, REND_SERVICE_ID_LEN_BASE32+1); - if (!rend_valid_v2_service_id(auth->onion_address)) { - log_warn(LD_CONFIG, "Onion address has wrong format: '%s'", - onion_address); - goto err; - } - /* Parse descriptor cookie. */ - descriptor_cookie = smartlist_get(sl, 1); - if (rend_auth_decode_cookie(descriptor_cookie, auth->descriptor_cookie, - &auth->auth_type, &err_msg) < 0) { - tor_assert(err_msg); - log_warn(LD_CONFIG, "%s", err_msg); - tor_free(err_msg); - goto err; - } - if (strmap_get(parsed, auth->onion_address)) { - log_warn(LD_CONFIG, "Duplicate authorization for the same hidden " - "service."); - goto err; - } - strmap_set(parsed, auth->onion_address, auth); - auth = NULL; - } - res = 0; - goto done; - err: - res = -1; - done: - rend_service_authorization_free(auth); - SMARTLIST_FOREACH(sl, char *, c, tor_free(c);); - smartlist_free(sl); - if (!validate_only && res == 0) { - rend_service_authorization_free_all(); - auth_hid_servs = parsed; - } else { - strmap_free(parsed, rend_service_authorization_free_void); - } - return res; -} - -/** The given circuit is being freed. Take appropriate action if it is of - * interest to the client subsystem. */ -void -rend_client_circuit_cleanup_on_free(const circuit_t *circ) -{ - int reason, orig_reason; - bool has_timed_out, ip_is_redundant; - const origin_circuit_t *ocirc = NULL; - - tor_assert(circ); - tor_assert(CIRCUIT_IS_ORIGIN(circ)); - - reason = circ->marked_for_close_reason; - orig_reason = circ->marked_for_close_orig_reason; - ocirc = CONST_TO_ORIGIN_CIRCUIT(circ); - tor_assert(ocirc->rend_data); - - has_timed_out = (reason == END_CIRC_REASON_TIMEOUT); - ip_is_redundant = (orig_reason == END_CIRC_REASON_IP_NOW_REDUNDANT); - - switch (circ->purpose) { - case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT: - { - if (ip_is_redundant) { - break; - } - tor_assert(circ->state == CIRCUIT_STATE_OPEN); - tor_assert(ocirc->build_state->chosen_exit); - /* Treat this like getting a nack from it */ - log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). %s", - safe_str_client(rend_data_get_address(ocirc->rend_data)), - safe_str_client(build_state_get_exit_nickname(ocirc->build_state)), - has_timed_out ? "Recording timeout." : "Removing from descriptor."); - rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit, - ocirc->rend_data, - has_timed_out ? - INTRO_POINT_FAILURE_TIMEOUT : - INTRO_POINT_FAILURE_GENERIC); - break; - } - case CIRCUIT_PURPOSE_C_INTRODUCING: - { - /* Ignore if we were introducing and it timed out, we didn't pick an exit - * point yet (IP) or the reason indicate that it was a redundant IP. */ - if (has_timed_out || !ocirc->build_state->chosen_exit || ip_is_redundant) { - break; - } - log_info(LD_REND, "Failed intro circ %s to %s " - "(building circuit to intro point). " - "Marking intro point as possibly unreachable.", - safe_str_client(rend_data_get_address(ocirc->rend_data)), - safe_str_client(build_state_get_exit_nickname( - ocirc->build_state))); - rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit, - ocirc->rend_data, - INTRO_POINT_FAILURE_UNREACHABLE); - break; - } - default: - break; - } -} diff --git a/src/feature/rend/rendclient.h b/src/feature/rend/rendclient.h deleted file mode 100644 index b7aa212487..0000000000 --- a/src/feature/rend/rendclient.h +++ /dev/null @@ -1,54 +0,0 @@ -/* Copyright (c) 2001 Matej Pfajfar. - * Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file rendclient.h - * \brief Header file for rendclient.c. - **/ - -#ifndef TOR_RENDCLIENT_H -#define TOR_RENDCLIENT_H - -#include "feature/hs/hs_circuit.h" -#include "feature/rend/rendcache.h" - -void rend_client_purge_state(void); - -void rend_client_introcirc_has_opened(origin_circuit_t *circ); -void rend_client_rendcirc_has_opened(origin_circuit_t *circ); -int rend_client_introduction_acked(origin_circuit_t *circ, - const uint8_t *request, - size_t request_len); -void rend_client_refetch_v2_renddesc(rend_data_t *rend_query); -int rend_client_fetch_v2_desc(rend_data_t *query, smartlist_t *hsdirs); -void rend_client_cancel_descriptor_fetches(void); - -int rend_client_report_intro_point_failure(extend_info_t *failed_intro, - rend_data_t *rend_data, - unsigned int failure_type); - -int rend_client_receive_rendezvous(origin_circuit_t *circ, - const uint8_t *request, - size_t request_len); -void rend_client_desc_trynow(const char *query); - -void rend_client_note_connection_attempt_ended(const rend_data_t *rend_data); - -extend_info_t *rend_client_get_random_intro(const rend_data_t *rend_query); -int rend_client_any_intro_points_usable(const rend_cache_entry_t *entry); - -int rend_client_send_introduction(origin_circuit_t *introcirc, - origin_circuit_t *rendcirc); -int rend_parse_service_authorization(const or_options_t *options, - int validate_only); -rend_service_authorization_t *rend_client_lookup_service_authorization( - const char *onion_address); -void rend_service_authorization_free_all(void); - -void rend_client_circuit_cleanup_on_free(const circuit_t *circ); - -#endif /* !defined(TOR_RENDCLIENT_H) */ - diff --git a/src/feature/rend/rendcommon.c b/src/feature/rend/rendcommon.c index 775d487805..0628422812 100644 --- a/src/feature/rend/rendcommon.c +++ b/src/feature/rend/rendcommon.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -11,761 +11,22 @@ #define RENDCOMMON_PRIVATE #include "core/or/or.h" -#include "core/or/circuitbuild.h" + +#include "app/config/config.h" + #include "core/or/circuitlist.h" #include "core/or/circuituse.h" -#include "core/or/extendinfo.h" -#include "app/config/config.h" -#include "feature/control/control_events.h" -#include "lib/crypt_ops/crypto_rand.h" -#include "lib/crypt_ops/crypto_util.h" + #include "feature/hs/hs_client.h" #include "feature/hs/hs_common.h" #include "feature/hs/hs_intropoint.h" -#include "feature/nodelist/networkstatus.h" -#include "feature/rend/rendclient.h" #include "feature/rend/rendcommon.h" #include "feature/rend/rendmid.h" -#include "feature/rend/rendparse.h" -#include "feature/rend/rendservice.h" -#include "feature/stats/rephist.h" -#include "feature/hs_common/replaycache.h" -#include "feature/relay/router.h" -#include "feature/nodelist/routerlist.h" -#include "feature/dirparse/signing.h" +#include "core/or/circuit_st.h" #include "core/or/cpath_build_state_st.h" #include "core/or/crypt_path_st.h" -#include "core/or/extend_info_st.h" -#include "feature/nodelist/networkstatus_st.h" #include "core/or/origin_circuit_st.h" -#include "feature/rend/rend_encoded_v2_service_descriptor_st.h" -#include "feature/rend/rend_intro_point_st.h" -#include "feature/rend/rend_service_descriptor_st.h" -#include "feature/nodelist/routerstatus_st.h" - -/** Return 0 if one and two are the same service ids, else -1 or 1 */ -int -rend_cmp_service_ids(const char *one, const char *two) -{ - return strcasecmp(one,two); -} - -/** Free the storage held by the service descriptor <b>desc</b>. - */ -void -rend_service_descriptor_free_(rend_service_descriptor_t *desc) -{ - if (!desc) - return; - if (desc->pk) - crypto_pk_free(desc->pk); - if (desc->intro_nodes) { - SMARTLIST_FOREACH(desc->intro_nodes, rend_intro_point_t *, intro, - rend_intro_point_free(intro);); - smartlist_free(desc->intro_nodes); - } - if (desc->successful_uploads) { - SMARTLIST_FOREACH(desc->successful_uploads, char *, c, tor_free(c);); - smartlist_free(desc->successful_uploads); - } - tor_free(desc); -} - -/** Length of the descriptor cookie that is used for versioned hidden - * service descriptors. */ -#define REND_DESC_COOKIE_LEN 16 - -/** Length of the replica number that is used to determine the secret ID - * part of versioned hidden service descriptors. */ -#define REND_REPLICA_LEN 1 - -/** Compute the descriptor ID for <b>service_id</b> of length - * <b>REND_SERVICE_ID_LEN</b> and <b>secret_id_part</b> of length - * <b>DIGEST_LEN</b>, and write it to <b>descriptor_id_out</b> of length - * <b>DIGEST_LEN</b>. */ -void -rend_get_descriptor_id_bytes(char *descriptor_id_out, - const char *service_id, - const char *secret_id_part) -{ - crypto_digest_t *digest = crypto_digest_new(); - crypto_digest_add_bytes(digest, service_id, REND_SERVICE_ID_LEN); - crypto_digest_add_bytes(digest, secret_id_part, DIGEST_LEN); - crypto_digest_get_digest(digest, descriptor_id_out, DIGEST_LEN); - crypto_digest_free(digest); -} - -/** Compute the secret ID part for time_period, - * a <b>descriptor_cookie</b> of length - * <b>REND_DESC_COOKIE_LEN</b> which may also be <b>NULL</b> if no - * descriptor_cookie shall be used, and <b>replica</b>, and write it to - * <b>secret_id_part</b> of length DIGEST_LEN. */ -static void -get_secret_id_part_bytes(char *secret_id_part, uint32_t time_period, - const char *descriptor_cookie, uint8_t replica) -{ - crypto_digest_t *digest = crypto_digest_new(); - time_period = htonl(time_period); - crypto_digest_add_bytes(digest, (char*)&time_period, sizeof(uint32_t)); - if (descriptor_cookie) { - crypto_digest_add_bytes(digest, descriptor_cookie, - REND_DESC_COOKIE_LEN); - } - crypto_digest_add_bytes(digest, (const char *)&replica, REND_REPLICA_LEN); - crypto_digest_get_digest(digest, secret_id_part, DIGEST_LEN); - crypto_digest_free(digest); -} - -/** Return the time period for time <b>now</b> plus a potentially - * intended <b>deviation</b> of one or more periods, based on the first byte - * of <b>service_id</b>. */ -static uint32_t -get_time_period(time_t now, uint8_t deviation, const char *service_id) -{ - /* The time period is the number of REND_TIME_PERIOD_V2_DESC_VALIDITY - * intervals that have passed since the epoch, offset slightly so that - * each service's time periods start and end at a fraction of that - * period based on their first byte. */ - return (uint32_t) - (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256) - / REND_TIME_PERIOD_V2_DESC_VALIDITY + deviation; -} - -/** Compute the time in seconds that a descriptor that is generated - * <b>now</b> for <b>service_id</b> will be valid. */ -static uint32_t -get_seconds_valid(time_t now, const char *service_id) -{ - uint32_t result = REND_TIME_PERIOD_V2_DESC_VALIDITY - - ((uint32_t) - (now + ((uint8_t) *service_id) * REND_TIME_PERIOD_V2_DESC_VALIDITY / 256) - % REND_TIME_PERIOD_V2_DESC_VALIDITY); - return result; -} - -/** Compute the binary <b>desc_id_out</b> (DIGEST_LEN bytes long) for a given - * base32-encoded <b>service_id</b> and optional unencoded - * <b>descriptor_cookie</b> of length REND_DESC_COOKIE_LEN, - * at time <b>now</b> for replica number - * <b>replica</b>. <b>desc_id</b> needs to have <b>DIGEST_LEN</b> bytes - * free. Return 0 for success, -1 otherwise. */ -int -rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, - const char *descriptor_cookie, time_t now, - uint8_t replica) -{ - char service_id_binary[REND_SERVICE_ID_LEN]; - char secret_id_part[DIGEST_LEN]; - uint32_t time_period; - if (!service_id || - strlen(service_id) != REND_SERVICE_ID_LEN_BASE32) { - log_warn(LD_REND, "Could not compute v2 descriptor ID: " - "Illegal service ID: %s", - safe_str(service_id)); - return -1; - } - if (replica >= REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS) { - log_warn(LD_REND, "Could not compute v2 descriptor ID: " - "Replica number out of range: %d", replica); - return -1; - } - /* Convert service ID to binary. */ - if (base32_decode(service_id_binary, REND_SERVICE_ID_LEN, - service_id, REND_SERVICE_ID_LEN_BASE32) != - REND_SERVICE_ID_LEN) { - log_warn(LD_REND, "Could not compute v2 descriptor ID: " - "Illegal characters or wrong length for service ID: %s", - safe_str_client(service_id)); - return -1; - } - /* Calculate current time-period. */ - time_period = get_time_period(now, 0, service_id_binary); - /* Calculate secret-id-part = h(time-period | desc-cookie | replica). */ - get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie, - replica); - /* Calculate descriptor ID: H(permanent-id | secret-id-part) */ - rend_get_descriptor_id_bytes(desc_id_out, service_id_binary, secret_id_part); - return 0; -} - -/** Encode the introduction points in <b>desc</b> and write the result to a - * newly allocated string pointed to by <b>encoded</b>. Return 0 for - * success, -1 otherwise. */ -static int -rend_encode_v2_intro_points(char **encoded, rend_service_descriptor_t *desc) -{ - size_t unenc_len; - char *unenc = NULL; - size_t unenc_written = 0; - int i; - int r = -1; - /* Assemble unencrypted list of introduction points. */ - unenc_len = smartlist_len(desc->intro_nodes) * 1000; /* too long, but ok. */ - unenc = tor_malloc_zero(unenc_len); - for (i = 0; i < smartlist_len(desc->intro_nodes); i++) { - char id_base32[REND_INTRO_POINT_ID_LEN_BASE32 + 1]; - char *onion_key = NULL; - size_t onion_key_len; - crypto_pk_t *intro_key; - char *service_key = NULL; - char *address = NULL; - size_t service_key_len; - int res; - rend_intro_point_t *intro = smartlist_get(desc->intro_nodes, i); - /* Obtain extend info with introduction point details. */ - extend_info_t *info = intro->extend_info; - /* Encode introduction point ID. */ - base32_encode(id_base32, sizeof(id_base32), - info->identity_digest, DIGEST_LEN); - /* Encode onion key. */ - if (crypto_pk_write_public_key_to_string(info->onion_key, &onion_key, - &onion_key_len) < 0) { - log_warn(LD_REND, "Could not write onion key."); - goto done; - } - /* Encode intro key. */ - intro_key = intro->intro_key; - if (!intro_key || - crypto_pk_write_public_key_to_string(intro_key, &service_key, - &service_key_len) < 0) { - log_warn(LD_REND, "Could not write intro key."); - tor_free(onion_key); - goto done; - } - /* Assemble everything for this introduction point. */ - const tor_addr_port_t *orport = extend_info_get_orport(info, AF_INET); - IF_BUG_ONCE(!orport) { - /* There must be an IPv4 address for v2 hs. */ - goto done; - } - address = tor_addr_to_str_dup(&orport->addr); - res = tor_snprintf(unenc + unenc_written, unenc_len - unenc_written, - "introduction-point %s\n" - "ip-address %s\n" - "onion-port %d\n" - "onion-key\n%s" - "service-key\n%s", - id_base32, - address, - orport->port, - onion_key, - service_key); - tor_free(address); - tor_free(onion_key); - tor_free(service_key); - if (res < 0) { - log_warn(LD_REND, "Not enough space for writing introduction point " - "string."); - goto done; - } - /* Update total number of written bytes for unencrypted intro points. */ - unenc_written += res; - } - /* Finalize unencrypted introduction points. */ - if (unenc_len < unenc_written + 2) { - log_warn(LD_REND, "Not enough space for finalizing introduction point " - "string."); - goto done; - } - unenc[unenc_written++] = '\n'; - unenc[unenc_written++] = 0; - *encoded = unenc; - r = 0; - done: - if (r<0) - tor_free(unenc); - return r; -} - -/** Encrypt the encoded introduction points in <b>encoded</b> using - * authorization type 'basic' with <b>client_cookies</b> and write the - * result to a newly allocated string pointed to by <b>encrypted_out</b> of - * length <b>encrypted_len_out</b>. Return 0 for success, -1 otherwise. */ -static int -rend_encrypt_v2_intro_points_basic(char **encrypted_out, - size_t *encrypted_len_out, - const char *encoded, - smartlist_t *client_cookies) -{ - int r = -1, i, pos, enclen, client_blocks; - size_t len, client_entries_len; - char *enc = NULL, iv[CIPHER_IV_LEN], *client_part = NULL, - session_key[CIPHER_KEY_LEN]; - smartlist_t *encrypted_session_keys = NULL; - crypto_digest_t *digest; - crypto_cipher_t *cipher; - tor_assert(encoded); - tor_assert(client_cookies && smartlist_len(client_cookies) > 0); - - /* Generate session key. */ - crypto_rand(session_key, CIPHER_KEY_LEN); - - /* Determine length of encrypted introduction points including session - * keys. */ - client_blocks = 1 + ((smartlist_len(client_cookies) - 1) / - REND_BASIC_AUTH_CLIENT_MULTIPLE); - client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE * - REND_BASIC_AUTH_CLIENT_ENTRY_LEN; - len = 2 + client_entries_len + CIPHER_IV_LEN + strlen(encoded); - if (client_blocks >= 256) { - log_warn(LD_REND, "Too many clients in introduction point string."); - goto done; - } - enc = tor_malloc_zero(len); - enc[0] = 0x01; /* type of authorization. */ - enc[1] = (uint8_t)client_blocks; - - /* Encrypt with random session key. */ - enclen = crypto_cipher_encrypt_with_iv(session_key, - enc + 2 + client_entries_len, - CIPHER_IV_LEN + strlen(encoded), encoded, strlen(encoded)); - - if (enclen < 0) { - log_warn(LD_REND, "Could not encrypt introduction point string."); - goto done; - } - memcpy(iv, enc + 2 + client_entries_len, CIPHER_IV_LEN); - - /* Encrypt session key for cookies, determine client IDs, and put both - * in a smartlist. */ - encrypted_session_keys = smartlist_new(); - SMARTLIST_FOREACH_BEGIN(client_cookies, const char *, cookie) { - client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN); - /* Encrypt session key. */ - cipher = crypto_cipher_new(cookie); - if (crypto_cipher_encrypt(cipher, client_part + - REND_BASIC_AUTH_CLIENT_ID_LEN, - session_key, CIPHER_KEY_LEN) < 0) { - log_warn(LD_REND, "Could not encrypt session key for client."); - crypto_cipher_free(cipher); - tor_free(client_part); - goto done; - } - crypto_cipher_free(cipher); - - /* Determine client ID. */ - digest = crypto_digest_new(); - crypto_digest_add_bytes(digest, cookie, REND_DESC_COOKIE_LEN); - crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN); - crypto_digest_get_digest(digest, client_part, - REND_BASIC_AUTH_CLIENT_ID_LEN); - crypto_digest_free(digest); - - /* Put both together. */ - smartlist_add(encrypted_session_keys, client_part); - } SMARTLIST_FOREACH_END(cookie); - - /* Add some fake client IDs and encrypted session keys. */ - for (i = (smartlist_len(client_cookies) - 1) % - REND_BASIC_AUTH_CLIENT_MULTIPLE; - i < REND_BASIC_AUTH_CLIENT_MULTIPLE - 1; i++) { - client_part = tor_malloc_zero(REND_BASIC_AUTH_CLIENT_ENTRY_LEN); - crypto_rand(client_part, REND_BASIC_AUTH_CLIENT_ENTRY_LEN); - smartlist_add(encrypted_session_keys, client_part); - } - /* Sort smartlist and put elements in result in order. */ - smartlist_sort_digests(encrypted_session_keys); - pos = 2; - SMARTLIST_FOREACH(encrypted_session_keys, const char *, entry, { - memcpy(enc + pos, entry, REND_BASIC_AUTH_CLIENT_ENTRY_LEN); - pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN; - }); - *encrypted_out = enc; - *encrypted_len_out = len; - enc = NULL; /* prevent free. */ - r = 0; - done: - tor_free(enc); - if (encrypted_session_keys) { - SMARTLIST_FOREACH(encrypted_session_keys, char *, d, tor_free(d);); - smartlist_free(encrypted_session_keys); - } - return r; -} - -/** Encrypt the encoded introduction points in <b>encoded</b> using - * authorization type 'stealth' with <b>descriptor_cookie</b> of length - * REND_DESC_COOKIE_LEN and write the result to a newly allocated string - * pointed to by <b>encrypted_out</b> of length <b>encrypted_len_out</b>. - * Return 0 for success, -1 otherwise. */ -static int -rend_encrypt_v2_intro_points_stealth(char **encrypted_out, - size_t *encrypted_len_out, - const char *encoded, - const char *descriptor_cookie) -{ - int r = -1, enclen; - char *enc; - tor_assert(encoded); - tor_assert(descriptor_cookie); - - enc = tor_malloc_zero(1 + CIPHER_IV_LEN + strlen(encoded)); - enc[0] = 0x02; /* Auth type */ - enclen = crypto_cipher_encrypt_with_iv(descriptor_cookie, - enc + 1, - CIPHER_IV_LEN+strlen(encoded), - encoded, strlen(encoded)); - if (enclen < 0) { - log_warn(LD_REND, "Could not encrypt introduction point string."); - goto done; - } - *encrypted_out = enc; - *encrypted_len_out = enclen; - enc = NULL; /* prevent free */ - r = 0; - done: - tor_free(enc); - return r; -} - -/** Attempt to parse the given <b>desc_str</b> and return true if this - * succeeds, false otherwise. */ -STATIC int -rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc) -{ - rend_service_descriptor_t *test_parsed = NULL; - char test_desc_id[DIGEST_LEN]; - char *test_intro_content = NULL; - size_t test_intro_size; - size_t test_encoded_size; - const char *test_next; - int res = rend_parse_v2_service_descriptor(&test_parsed, test_desc_id, - &test_intro_content, - &test_intro_size, - &test_encoded_size, - &test_next, desc->desc_str, 1); - rend_service_descriptor_free(test_parsed); - tor_free(test_intro_content); - return (res >= 0); -} - -/** Free the storage held by an encoded v2 service descriptor. */ -void -rend_encoded_v2_service_descriptor_free_( - rend_encoded_v2_service_descriptor_t *desc) -{ - if (!desc) - return; - tor_free(desc->desc_str); - tor_free(desc); -} - -/** Free the storage held by an introduction point info. */ -void -rend_intro_point_free_(rend_intro_point_t *intro) -{ - if (!intro) - return; - - extend_info_free(intro->extend_info); - crypto_pk_free(intro->intro_key); - - if (intro->accepted_intro_rsa_parts != NULL) { - replaycache_free(intro->accepted_intro_rsa_parts); - } - - tor_free(intro); -} - -/** Encode a set of rend_encoded_v2_service_descriptor_t's for <b>desc</b> - * at time <b>now</b> using <b>service_key</b>, depending on - * <b>auth_type</b> a <b>descriptor_cookie</b> and a list of - * <b>client_cookies</b> (which are both <b>NULL</b> if no client - * authorization is performed), and <b>period</b> (e.g. 0 for the current - * period, 1 for the next period, etc.) and add them to the existing list - * <b>descs_out</b>; return the number of seconds that the descriptors will - * be found by clients, or -1 if the encoding was not successful. */ -int -rend_encode_v2_descriptors(smartlist_t *descs_out, - rend_service_descriptor_t *desc, time_t now, - uint8_t period, rend_auth_type_t auth_type, - crypto_pk_t *client_key, - smartlist_t *client_cookies) -{ - char service_id[DIGEST_LEN]; - char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1]; - uint32_t time_period; - char *ipos_base64 = NULL, *ipos = NULL, *ipos_encrypted = NULL, - *descriptor_cookie = NULL; - size_t ipos_len = 0, ipos_encrypted_len = 0; - int k; - uint32_t seconds_valid; - crypto_pk_t *service_key; - if (!desc) { - log_warn(LD_BUG, "Could not encode v2 descriptor: No desc given."); - return -1; - } - service_key = (auth_type == REND_STEALTH_AUTH) ? client_key : desc->pk; - tor_assert(service_key); - if (auth_type == REND_STEALTH_AUTH) { - descriptor_cookie = smartlist_get(client_cookies, 0); - tor_assert(descriptor_cookie); - } - /* Obtain service_id from public key. */ - if (crypto_pk_get_digest(service_key, service_id) < 0) { - log_warn(LD_BUG, "Couldn't compute service key digest."); - return -1; - } - /* Calculate current time-period. */ - time_period = get_time_period(now, period, service_id); - /* Determine how many seconds the descriptor will be valid. */ - seconds_valid = period * REND_TIME_PERIOD_V2_DESC_VALIDITY + - get_seconds_valid(now, service_id); - /* Assemble, possibly encrypt, and encode introduction points. */ - if (smartlist_len(desc->intro_nodes) > 0) { - if (rend_encode_v2_intro_points(&ipos, desc) < 0) { - log_warn(LD_REND, "Encoding of introduction points did not succeed."); - return -1; - } - switch (auth_type) { - case REND_NO_AUTH: - ipos_len = strlen(ipos); - break; - case REND_BASIC_AUTH: - if (rend_encrypt_v2_intro_points_basic(&ipos_encrypted, - &ipos_encrypted_len, ipos, - client_cookies) < 0) { - log_warn(LD_REND, "Encrypting of introduction points did not " - "succeed."); - tor_free(ipos); - return -1; - } - tor_free(ipos); - ipos = ipos_encrypted; - ipos_len = ipos_encrypted_len; - break; - case REND_STEALTH_AUTH: - if (rend_encrypt_v2_intro_points_stealth(&ipos_encrypted, - &ipos_encrypted_len, ipos, - descriptor_cookie) < 0) { - log_warn(LD_REND, "Encrypting of introduction points did not " - "succeed."); - tor_free(ipos); - return -1; - } - tor_free(ipos); - ipos = ipos_encrypted; - ipos_len = ipos_encrypted_len; - break; - default: - log_warn(LD_REND|LD_BUG, "Unrecognized authorization type %d", - (int)auth_type); - tor_free(ipos); - return -1; - } - /* Base64-encode introduction points. */ - ipos_base64 = tor_calloc(ipos_len, 2); - if (base64_encode(ipos_base64, ipos_len * 2, ipos, ipos_len, - BASE64_ENCODE_MULTILINE)<0) { - log_warn(LD_REND, "Could not encode introduction point string to " - "base64. length=%d", (int)ipos_len); - tor_free(ipos_base64); - tor_free(ipos); - return -1; - } - tor_free(ipos); - } - /* Encode REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS descriptors. */ - for (k = 0; k < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; k++) { - char secret_id_part[DIGEST_LEN]; - char secret_id_part_base32[REND_SECRET_ID_PART_LEN_BASE32 + 1]; - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - char *permanent_key = NULL; - size_t permanent_key_len; - char published[ISO_TIME_LEN+1]; - int i; - char protocol_versions_string[16]; /* max len: "0,1,2,3,4,5,6,7\0" */ - size_t protocol_versions_written; - size_t desc_len; - char *desc_str = NULL; - int result = 0; - size_t written = 0; - char desc_digest[DIGEST_LEN]; - rend_encoded_v2_service_descriptor_t *enc = - tor_malloc_zero(sizeof(rend_encoded_v2_service_descriptor_t)); - /* Calculate secret-id-part = h(time-period | cookie | replica). */ - get_secret_id_part_bytes(secret_id_part, time_period, descriptor_cookie, - k); - base32_encode(secret_id_part_base32, sizeof(secret_id_part_base32), - secret_id_part, DIGEST_LEN); - /* Calculate descriptor ID. */ - rend_get_descriptor_id_bytes(enc->desc_id, service_id, secret_id_part); - base32_encode(desc_id_base32, sizeof(desc_id_base32), - enc->desc_id, DIGEST_LEN); - /* PEM-encode the public key */ - if (crypto_pk_write_public_key_to_string(service_key, &permanent_key, - &permanent_key_len) < 0) { - log_warn(LD_BUG, "Could not write public key to string."); - rend_encoded_v2_service_descriptor_free(enc); - goto err; - } - /* Encode timestamp. */ - format_iso_time(published, desc->timestamp); - /* Write protocol-versions bitmask to comma-separated value string. */ - protocol_versions_written = 0; - for (i = 0; i < 8; i++) { - if (desc->protocols & 1 << i) { - tor_snprintf(protocol_versions_string + protocol_versions_written, - 16 - protocol_versions_written, "%d,", i); - protocol_versions_written += 2; - } - } - if (protocol_versions_written) - protocol_versions_string[protocol_versions_written - 1] = '\0'; - else - protocol_versions_string[0]= '\0'; - /* Assemble complete descriptor. */ - desc_len = 2000 + smartlist_len(desc->intro_nodes) * 1000; /* far too long, - but okay.*/ - enc->desc_str = desc_str = tor_malloc_zero(desc_len); - result = tor_snprintf(desc_str, desc_len, - "rendezvous-service-descriptor %s\n" - "version 2\n" - "permanent-key\n%s" - "secret-id-part %s\n" - "publication-time %s\n" - "protocol-versions %s\n", - desc_id_base32, - permanent_key, - secret_id_part_base32, - published, - protocol_versions_string); - tor_free(permanent_key); - if (result < 0) { - log_warn(LD_BUG, "Descriptor ran out of room."); - rend_encoded_v2_service_descriptor_free(enc); - goto err; - } - written = result; - /* Add introduction points. */ - if (ipos_base64) { - result = tor_snprintf(desc_str + written, desc_len - written, - "introduction-points\n" - "-----BEGIN MESSAGE-----\n%s" - "-----END MESSAGE-----\n", - ipos_base64); - if (result < 0) { - log_warn(LD_BUG, "could not write introduction points."); - rend_encoded_v2_service_descriptor_free(enc); - goto err; - } - written += result; - } - /* Add signature. */ - strlcpy(desc_str + written, "signature\n", desc_len - written); - written += strlen(desc_str + written); - if (crypto_digest(desc_digest, desc_str, written) < 0) { - log_warn(LD_BUG, "could not create digest."); - rend_encoded_v2_service_descriptor_free(enc); - goto err; - } - if (router_append_dirobj_signature(desc_str + written, - desc_len - written, - desc_digest, DIGEST_LEN, - service_key) < 0) { - log_warn(LD_BUG, "Couldn't sign desc."); - rend_encoded_v2_service_descriptor_free(enc); - goto err; - } - written += strlen(desc_str+written); - if (written+2 > desc_len) { - log_warn(LD_BUG, "Could not finish desc."); - rend_encoded_v2_service_descriptor_free(enc); - goto err; - } - desc_str[written++] = 0; - /* Check if we can parse our own descriptor. */ - if (!rend_desc_v2_is_parsable(enc)) { - log_warn(LD_BUG, "Could not parse my own descriptor: %s", desc_str); - rend_encoded_v2_service_descriptor_free(enc); - goto err; - } - smartlist_add(descs_out, enc); - /* Add the uploaded descriptor to the local service's descriptor cache */ - rend_cache_store_v2_desc_as_service(enc->desc_str); - base32_encode(service_id_base32, sizeof(service_id_base32), - service_id, REND_SERVICE_ID_LEN); - control_event_hs_descriptor_created(service_id_base32, desc_id_base32, k); - } - - log_info(LD_REND, "Successfully encoded a v2 descriptor and " - "confirmed that it is parsable."); - goto done; - - err: - SMARTLIST_FOREACH(descs_out, rend_encoded_v2_service_descriptor_t *, d, - rend_encoded_v2_service_descriptor_free(d);); - smartlist_clear(descs_out); - seconds_valid = -1; - - done: - tor_free(ipos_base64); - return seconds_valid; -} - -/** Sets <b>out</b> to the first 10 bytes of the digest of <b>pk</b>, - * base32 encoded. NUL-terminates out. (We use this string to - * identify services in directory requests and .onion URLs.) - */ -int -rend_get_service_id(crypto_pk_t *pk, char *out) -{ - char buf[DIGEST_LEN]; - tor_assert(pk); - if (crypto_pk_get_digest(pk, buf) < 0) - return -1; - base32_encode(out, REND_SERVICE_ID_LEN_BASE32+1, buf, REND_SERVICE_ID_LEN); - return 0; -} - -/** Return true iff <b>query</b> is a syntactically valid service ID (as - * generated by rend_get_service_id). */ -int -rend_valid_v2_service_id(const char *query) -{ - if (strlen(query) != REND_SERVICE_ID_LEN_BASE32) - return 0; - - if (strspn(query, BASE32_CHARS) != REND_SERVICE_ID_LEN_BASE32) - return 0; - - return 1; -} - -/** Return true iff <b>query</b> is a syntactically valid descriptor ID. - * (as generated by rend_get_descriptor_id_bytes). */ -int -rend_valid_descriptor_id(const char *query) -{ - if (strlen(query) != REND_DESC_ID_V2_LEN_BASE32) { - goto invalid; - } - if (strspn(query, BASE32_CHARS) != REND_DESC_ID_V2_LEN_BASE32) { - goto invalid; - } - - return 1; - - invalid: - return 0; -} - -/** Return true iff <b>client_name</b> is a syntactically valid name - * for rendezvous client authentication. */ -int -rend_valid_client_name(const char *client_name) -{ - size_t len = strlen(client_name); - if (len < 1 || len > REND_CLIENTNAME_MAX_LEN) { - return 0; - } - if (strspn(client_name, REND_LEGAL_CLIENTNAME_CHARACTERS) != len) { - return 0; - } - - return 1; -} /** Called when we get a rendezvous-related relay cell on circuit * <b>circ</b>. Dispatch on rendezvous relay command. */ @@ -840,168 +101,6 @@ rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, command); } -/** Determine the routers that are responsible for <b>id</b> (binary) and - * add pointers to those routers' routerstatus_t to <b>responsible_dirs</b>. - * Return -1 if we're returning an empty smartlist, else return 0. - */ -int -hid_serv_get_responsible_directories(smartlist_t *responsible_dirs, - const char *id) -{ - int start, found, n_added = 0, i; - networkstatus_t *c = networkstatus_get_latest_consensus(); - if (!c || !smartlist_len(c->routerstatus_list)) { - log_info(LD_REND, "We don't have a consensus, so we can't perform v2 " - "rendezvous operations."); - return -1; - } - tor_assert(id); - start = networkstatus_vote_find_entry_idx(c, id, &found); - if (start == smartlist_len(c->routerstatus_list)) start = 0; - i = start; - do { - routerstatus_t *r = smartlist_get(c->routerstatus_list, i); - if (r->is_hs_dir) { - smartlist_add(responsible_dirs, r); - if (++n_added == REND_NUMBER_OF_CONSECUTIVE_REPLICAS) - return 0; - } - if (++i == smartlist_len(c->routerstatus_list)) - i = 0; - } while (i != start); - - /* Even though we don't have the desired number of hidden service - * directories, be happy if we got any. */ - return smartlist_len(responsible_dirs) ? 0 : -1; -} - -/* Length of the 'extended' auth cookie used to encode auth type before - * base64 encoding. */ -#define REND_DESC_COOKIE_LEN_EXT (REND_DESC_COOKIE_LEN + 1) -/* Length of the zero-padded auth cookie when base64 encoded. These two - * padding bytes always (A=) are stripped off of the returned cookie. */ -#define REND_DESC_COOKIE_LEN_EXT_BASE64 (REND_DESC_COOKIE_LEN_BASE64 + 2) - -/** Encode a client authorization descriptor cookie. - * The result of this function is suitable for use in the HidServAuth - * option. The trailing padding characters are removed, and the - * auth type is encoded into the cookie. - * - * Returns a new base64-encoded cookie. This function cannot fail. - * The caller is responsible for freeing the returned value. - */ -char * -rend_auth_encode_cookie(const uint8_t *cookie_in, rend_auth_type_t auth_type) -{ - uint8_t extended_cookie[REND_DESC_COOKIE_LEN_EXT]; - char *cookie_out = tor_malloc_zero(REND_DESC_COOKIE_LEN_EXT_BASE64 + 1); - int re; - - tor_assert(cookie_in); - - memcpy(extended_cookie, cookie_in, REND_DESC_COOKIE_LEN); - extended_cookie[REND_DESC_COOKIE_LEN] = ((int)auth_type - 1) << 4; - re = base64_encode(cookie_out, REND_DESC_COOKIE_LEN_EXT_BASE64 + 1, - (const char *) extended_cookie, REND_DESC_COOKIE_LEN_EXT, - 0); - tor_assert(re == REND_DESC_COOKIE_LEN_EXT_BASE64); - - /* Remove the trailing 'A='. Auth type is encoded in the high bits - * of the last byte, so the last base64 character will always be zero - * (A). This is subtly different behavior from base64_encode_nopad. */ - cookie_out[REND_DESC_COOKIE_LEN_BASE64] = '\0'; - memwipe(extended_cookie, 0, sizeof(extended_cookie)); - return cookie_out; -} - -/** Decode a base64-encoded client authorization descriptor cookie. - * The descriptor_cookie can be truncated to REND_DESC_COOKIE_LEN_BASE64 - * characters (as given to clients), or may include the two padding - * characters (as stored by the service). - * - * The result is stored in REND_DESC_COOKIE_LEN bytes of cookie_out. - * The rend_auth_type_t decoded from the cookie is stored in the - * optional auth_type_out parameter. - * - * Return 0 on success, or -1 on error. The caller is responsible for - * freeing the returned err_msg. - */ -int -rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out, - rend_auth_type_t *auth_type_out, char **err_msg_out) -{ - uint8_t descriptor_cookie_decoded[REND_DESC_COOKIE_LEN_EXT + 1] = { 0 }; - char descriptor_cookie_base64ext[REND_DESC_COOKIE_LEN_EXT_BASE64 + 1]; - const char *descriptor_cookie = cookie_in; - char *err_msg = NULL; - int auth_type_val = 0; - int res = -1; - int decoded_len; - - size_t len = strlen(descriptor_cookie); - if (len == REND_DESC_COOKIE_LEN_BASE64) { - /* Add a trailing zero byte to make base64-decoding happy. */ - tor_snprintf(descriptor_cookie_base64ext, - sizeof(descriptor_cookie_base64ext), - "%sA=", descriptor_cookie); - descriptor_cookie = descriptor_cookie_base64ext; - } else if (len != REND_DESC_COOKIE_LEN_EXT_BASE64) { - tor_asprintf(&err_msg, "Authorization cookie has wrong length: %s", - escaped(cookie_in)); - goto err; - } - - decoded_len = base64_decode((char *) descriptor_cookie_decoded, - sizeof(descriptor_cookie_decoded), - descriptor_cookie, - REND_DESC_COOKIE_LEN_EXT_BASE64); - if (decoded_len != REND_DESC_COOKIE_LEN && - decoded_len != REND_DESC_COOKIE_LEN_EXT) { - tor_asprintf(&err_msg, "Authorization cookie has invalid characters: %s", - escaped(cookie_in)); - goto err; - } - - if (auth_type_out) { - auth_type_val = (descriptor_cookie_decoded[REND_DESC_COOKIE_LEN] >> 4) + 1; - if (auth_type_val < 1 || auth_type_val > 2) { - tor_asprintf(&err_msg, "Authorization cookie type is unknown: %s", - escaped(cookie_in)); - goto err; - } - *auth_type_out = auth_type_val == 1 ? REND_BASIC_AUTH : REND_STEALTH_AUTH; - } - - memcpy(cookie_out, descriptor_cookie_decoded, REND_DESC_COOKIE_LEN); - res = 0; - err: - if (err_msg_out) { - *err_msg_out = err_msg; - } else { - tor_free(err_msg); - } - memwipe(descriptor_cookie_decoded, 0, sizeof(descriptor_cookie_decoded)); - memwipe(descriptor_cookie_base64ext, 0, sizeof(descriptor_cookie_base64ext)); - return res; -} - -/* Is this a rend client or server that allows direct (non-anonymous) - * connections? - * Onion services can be configured to start in this mode for single onion. */ -int -rend_allow_non_anonymous_connection(const or_options_t* options) -{ - return rend_service_allow_non_anonymous_connection(options); -} - -/* Is this a rend client or server in non-anonymous mode? - * Onion services can be configured to start in this mode for single onion. */ -int -rend_non_anonymous_mode_enabled(const or_options_t *options) -{ - return rend_service_non_anonymous_mode_enabled(options); -} - /* Make sure that tor only builds one-hop circuits when they would not * compromise user anonymity. * @@ -1020,35 +119,6 @@ assert_circ_anonymity_ok(const origin_circuit_t *circ, tor_assert(circ->build_state); if (circ->build_state->onehop_tunnel) { - tor_assert(rend_allow_non_anonymous_connection(options)); - } -} - -/* Return 1 iff the given <b>digest</b> of a permenanent hidden service key is - * equal to the digest in the origin circuit <b>ocirc</b> of its rend data . - * If the rend data doesn't exist, 0 is returned. This function is agnostic to - * the rend data version. */ -int -rend_circuit_pk_digest_eq(const origin_circuit_t *ocirc, - const uint8_t *digest) -{ - size_t rend_pk_digest_len; - const uint8_t *rend_pk_digest; - - tor_assert(ocirc); - tor_assert(digest); - - if (ocirc->rend_data == NULL) { - goto no_match; - } - - rend_pk_digest = rend_data_get_pk_digest(ocirc->rend_data, - &rend_pk_digest_len); - if (tor_memeq(rend_pk_digest, digest, rend_pk_digest_len)) { - goto match; + tor_assert(hs_service_allow_non_anonymous_connection(options)); } - no_match: - return 0; - match: - return 1; } diff --git a/src/feature/rend/rendcommon.h b/src/feature/rend/rendcommon.h index d8281e0578..113438e6fc 100644 --- a/src/feature/rend/rendcommon.h +++ b/src/feature/rend/rendcommon.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -18,65 +18,12 @@ typedef enum rend_intro_point_failure_t { INTRO_POINT_FAILURE_UNREACHABLE = 2, } rend_intro_point_failure_t; -int rend_cmp_service_ids(const char *one, const char *two); - void rend_process_relay_cell(circuit_t *circ, const crypt_path_t *layer_hint, int command, size_t length, const uint8_t *payload); -void rend_service_descriptor_free_(rend_service_descriptor_t *desc); -#define rend_service_descriptor_free(desc) \ - FREE_AND_NULL(rend_service_descriptor_t, rend_service_descriptor_free_, \ - (desc)) -int rend_get_service_id(crypto_pk_t *pk, char *out); -void rend_encoded_v2_service_descriptor_free_( - rend_encoded_v2_service_descriptor_t *desc); -#define rend_encoded_v2_service_descriptor_free(desc) \ - FREE_AND_NULL(rend_encoded_v2_service_descriptor_t, \ - rend_encoded_v2_service_descriptor_free_, (desc)) -void rend_intro_point_free_(rend_intro_point_t *intro); -#define rend_intro_point_free(intro) \ - FREE_AND_NULL(rend_intro_point_t, rend_intro_point_free_, (intro)) - -int rend_valid_v2_service_id(const char *query); -int rend_valid_descriptor_id(const char *query); -int rend_valid_client_name(const char *client_name); -int rend_encode_v2_descriptors(smartlist_t *descs_out, - rend_service_descriptor_t *desc, time_t now, - uint8_t period, rend_auth_type_t auth_type, - crypto_pk_t *client_key, - smartlist_t *client_cookies); -int rend_compute_v2_desc_id(char *desc_id_out, const char *service_id, - const char *descriptor_cookie, - time_t now, uint8_t replica); -void rend_get_descriptor_id_bytes(char *descriptor_id_out, - const char *service_id, - const char *secret_id_part); -int hid_serv_get_responsible_directories(smartlist_t *responsible_dirs, - const char *id); - -int rend_circuit_pk_digest_eq(const origin_circuit_t *ocirc, - const uint8_t *digest); - -char *rend_auth_encode_cookie(const uint8_t *cookie_in, - rend_auth_type_t auth_type); -int rend_auth_decode_cookie(const char *cookie_in, - uint8_t *cookie_out, - rend_auth_type_t *auth_type_out, - char **err_msg_out); - -int rend_allow_non_anonymous_connection(const or_options_t* options); -int rend_non_anonymous_mode_enabled(const or_options_t *options); - void assert_circ_anonymity_ok(const origin_circuit_t *circ, const or_options_t *options); -#ifdef RENDCOMMON_PRIVATE - -STATIC int -rend_desc_v2_is_parsable(rend_encoded_v2_service_descriptor_t *desc); - -#endif /* defined(RENDCOMMON_PRIVATE) */ - #endif /* !defined(TOR_RENDCOMMON_H) */ diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c index b497362857..8f6a45dfef 100644 --- a/src/feature/rend/rendmid.c +++ b/src/feature/rend/rendmid.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -16,217 +16,12 @@ #include "core/or/dos.h" #include "core/or/relay.h" #include "feature/rend/rendmid.h" -#include "feature/stats/rephist.h" #include "feature/hs/hs_circuitmap.h" #include "feature/hs/hs_dos.h" #include "feature/hs/hs_intropoint.h" #include "core/or/or_circuit_st.h" -/** Respond to an ESTABLISH_INTRO cell by checking the signed data and - * setting the circuit's purpose and service pk digest. - */ -int -rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, - size_t request_len) -{ - crypto_pk_t *pk = NULL; - char buf[DIGEST_LEN+9]; - char expected_digest[DIGEST_LEN]; - char pk_digest[DIGEST_LEN]; - size_t asn1len; - or_circuit_t *c; - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - int reason = END_CIRC_REASON_INTERNAL; - - log_info(LD_REND, - "Received a legacy ESTABLISH_INTRO request on circuit %u", - (unsigned) circ->p_circ_id); - - if (!hs_intro_circuit_is_suitable_for_establish_intro(circ)) { - reason = END_CIRC_REASON_TORPROTOCOL; - goto err; - } - - if (request_len < 2+DIGEST_LEN) - goto truncated; - /* First 2 bytes: length of asn1-encoded key. */ - asn1len = ntohs(get_uint16(request)); - - /* Next asn1len bytes: asn1-encoded key. */ - if (request_len < 2+DIGEST_LEN+asn1len) - goto truncated; - pk = crypto_pk_asn1_decode((char*)(request+2), asn1len); - if (!pk) { - reason = END_CIRC_REASON_TORPROTOCOL; - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Couldn't decode public key."); - goto err; - } - - /* Next 20 bytes: Hash of rend_circ_nonce | "INTRODUCE" */ - memcpy(buf, circ->rend_circ_nonce, DIGEST_LEN); - memcpy(buf+DIGEST_LEN, "INTRODUCE", 9); - if (crypto_digest(expected_digest, buf, DIGEST_LEN+9) < 0) { - log_warn(LD_BUG, "Internal error computing digest."); - goto err; - } - if (tor_memneq(expected_digest, request+2+asn1len, DIGEST_LEN)) { - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Hash of session info was not as expected."); - reason = END_CIRC_REASON_TORPROTOCOL; - goto err; - } - /* Rest of body: signature of previous data */ - if (crypto_pk_public_checksig_digest(pk, - (char*)request, 2+asn1len+DIGEST_LEN, - (char*)(request+2+DIGEST_LEN+asn1len), - request_len-(2+DIGEST_LEN+asn1len))<0) { - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Incorrect signature on ESTABLISH_INTRO cell; rejecting."); - reason = END_CIRC_REASON_TORPROTOCOL; - goto err; - } - - /* The request is valid. First, compute the hash of the service's PK.*/ - if (crypto_pk_get_digest(pk, pk_digest)<0) { - log_warn(LD_BUG, "Internal error: couldn't hash public key."); - goto err; - } - - crypto_pk_free(pk); /* don't need it anymore */ - pk = NULL; /* so we don't free it again if err */ - - base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - pk_digest, REND_SERVICE_ID_LEN); - - /* Close any other intro circuits with the same pk. */ - c = NULL; - while ((c = hs_circuitmap_get_intro_circ_v2_relay_side( - (const uint8_t *)pk_digest))) { - log_info(LD_REND, "Replacing old circuit for service %s", - safe_str(serviceid)); - circuit_mark_for_close(TO_CIRCUIT(c), END_CIRC_REASON_FINISHED); - /* Now it's marked, and it won't be returned next time. */ - } - - /* Acknowledge the request. */ - if (hs_intro_send_intro_established_cell(circ) < 0) { - log_info(LD_GENERAL, "Couldn't send INTRO_ESTABLISHED cell."); - goto err_no_close; - } - - /* Now, set up this circuit. */ - circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_INTRO_POINT); - hs_circuitmap_register_intro_circ_v2_relay_side(circ, (uint8_t *)pk_digest); - hs_dos_setup_default_intro2_defenses(circ); - - log_info(LD_REND, - "Established introduction point on circuit %u for service %s", - (unsigned) circ->p_circ_id, safe_str(serviceid)); - - return 0; - truncated: - log_warn(LD_PROTOCOL, "Rejecting truncated ESTABLISH_INTRO cell."); - reason = END_CIRC_REASON_TORPROTOCOL; - err: - circuit_mark_for_close(TO_CIRCUIT(circ), reason); - err_no_close: - if (pk) crypto_pk_free(pk); - return -1; -} - -/** Process an INTRODUCE1 cell by finding the corresponding introduction - * circuit, and relaying the body of the INTRODUCE1 cell inside an - * INTRODUCE2 cell. - */ -int -rend_mid_introduce_legacy(or_circuit_t *circ, const uint8_t *request, - size_t request_len) -{ - or_circuit_t *intro_circ; - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - char nak_body[1]; - - log_info(LD_REND, "Received an INTRODUCE1 request on circuit %u", - (unsigned)circ->p_circ_id); - - /* At this point, we know that the circuit is valid for an INTRODUCE1 - * because the validation has been made before calling this function. */ - tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_OR); - tor_assert(!circ->base_.n_chan); - - /* We could change this to MAX_HEX_NICKNAME_LEN now that 0.0.9.x is - * obsolete; however, there isn't much reason to do so, and we're going - * to revise this protocol anyway. - */ - if (request_len < (DIGEST_LEN+(MAX_NICKNAME_LEN+1)+REND_COOKIE_LEN+ - DH1024_KEY_LEN+CIPHER_KEY_LEN+ - PKCS1_OAEP_PADDING_OVERHEAD)) { - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Impossibly short INTRODUCE1 cell on circuit %u; " - "responding with nack.", (unsigned)circ->p_circ_id); - goto err; - } - - base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - (char*)request, REND_SERVICE_ID_LEN); - - /* The first 20 bytes are all we look at: they have a hash of the service's - * PK. */ - intro_circ = hs_circuitmap_get_intro_circ_v2_relay_side( - (const uint8_t*)request); - if (!intro_circ) { - log_info(LD_REND, - "No intro circ found for INTRODUCE1 cell (%s) from circuit %u; " - "responding with nack.", - safe_str(serviceid), (unsigned)circ->p_circ_id); - goto err; - } - - /* Before sending, lets make sure this cell can be sent on the service - * circuit asking the DoS defenses. */ - if (!hs_dos_can_send_intro2(intro_circ)) { - log_info(LD_PROTOCOL, "Can't relay INTRODUCE1 v2 cell due to DoS " - "limitations. Sending NACK to client."); - goto err; - } - - log_info(LD_REND, - "Sending introduction request for service %s " - "from circ %u to circ %u", - safe_str(serviceid), (unsigned)circ->p_circ_id, - (unsigned)intro_circ->p_circ_id); - - /* Great. Now we just relay the cell down the circuit. */ - if (relay_send_command_from_edge(0, TO_CIRCUIT(intro_circ), - RELAY_COMMAND_INTRODUCE2, - (char*)request, request_len, NULL)) { - log_warn(LD_GENERAL, - "Unable to send INTRODUCE2 cell to Tor client."); - /* Stop right now, the circuit has been closed. */ - return -1; - } - /* And send an ack down the client's circuit. Empty body means succeeded. */ - if (relay_send_command_from_edge(0,TO_CIRCUIT(circ), - RELAY_COMMAND_INTRODUCE_ACK, - NULL,0,NULL)) { - log_warn(LD_GENERAL, "Unable to send INTRODUCE_ACK cell to Tor client."); - /* Stop right now, the circuit has been closed. */ - return -1; - } - - return 0; - err: - /* Send the client a NACK */ - nak_body[0] = 1; - if (relay_send_command_from_edge(0,TO_CIRCUIT(circ), - RELAY_COMMAND_INTRODUCE_ACK, - nak_body, 1, NULL)) { - log_warn(LD_GENERAL, "Unable to send NAK to Tor client."); - } - return -1; -} - /** Process an ESTABLISH_RENDEZVOUS cell by setting the circuit's purpose and * rendezvous cookie. */ @@ -336,7 +131,11 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, rend_circ = hs_circuitmap_get_rend_circ_relay_side(request); if (!rend_circ) { - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + /* Once this was a LOG_PROTOCOL_WARN, but it can happen naturally if a + * client gives up on a rendezvous circuit after sending INTRODUCE1, but + * before the onion service sends the RENDEZVOUS1 cell. + */ + log_fn(LOG_DEBUG, LD_PROTOCOL, "Rejecting RENDEZVOUS1 cell with unrecognized rendezvous cookie %s.", hexid); reason = END_CIRC_REASON_TORPROTOCOL; diff --git a/src/feature/rend/rendmid.h b/src/feature/rend/rendmid.h index 789596d855..d42d5cfa05 100644 --- a/src/feature/rend/rendmid.h +++ b/src/feature/rend/rendmid.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/rend/rendparse.c b/src/feature/rend/rendparse.c deleted file mode 100644 index c28add5ca9..0000000000 --- a/src/feature/rend/rendparse.c +++ /dev/null @@ -1,612 +0,0 @@ -/* Copyright (c) 2001 Matej Pfajfar. - * Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file rendparse.c - * \brief Code to parse and validate v2 hidden service descriptors. - **/ - -#include "core/or/or.h" -#include "core/or/extendinfo.h" -#include "feature/dirparse/parsecommon.h" -#include "feature/dirparse/sigcommon.h" -#include "feature/rend/rendcommon.h" -#include "feature/rend/rendparse.h" -#include "lib/memarea/memarea.h" - -#include "core/or/extend_info_st.h" -#include "feature/rend/rend_authorized_client_st.h" -#include "feature/rend/rend_intro_point_st.h" -#include "feature/rend/rend_service_descriptor_st.h" - -/** List of tokens recognized in rendezvous service descriptors */ -static token_rule_t desc_token_table[] = { - T1_START("rendezvous-service-descriptor", R_RENDEZVOUS_SERVICE_DESCRIPTOR, - EQ(1), NO_OBJ), - T1("version", R_VERSION, EQ(1), NO_OBJ), - T1("permanent-key", R_PERMANENT_KEY, NO_ARGS, NEED_KEY_1024), - T1("secret-id-part", R_SECRET_ID_PART, EQ(1), NO_OBJ), - T1("publication-time", R_PUBLICATION_TIME, CONCAT_ARGS, NO_OBJ), - T1("protocol-versions", R_PROTOCOL_VERSIONS, EQ(1), NO_OBJ), - T01("introduction-points", R_INTRODUCTION_POINTS, NO_ARGS, NEED_OBJ), - T1_END("signature", R_SIGNATURE, NO_ARGS, NEED_OBJ), - END_OF_TABLE -}; - -/** List of tokens recognized in the (encrypted) list of introduction points of - * rendezvous service descriptors */ -static token_rule_t ipo_token_table[] = { - T1_START("introduction-point", R_IPO_IDENTIFIER, EQ(1), NO_OBJ), - T1("ip-address", R_IPO_IP_ADDRESS, EQ(1), NO_OBJ), - T1("onion-port", R_IPO_ONION_PORT, EQ(1), NO_OBJ), - T1("onion-key", R_IPO_ONION_KEY, NO_ARGS, NEED_KEY_1024), - T1("service-key", R_IPO_SERVICE_KEY, NO_ARGS, NEED_KEY_1024), - END_OF_TABLE -}; - -/** List of tokens recognized in the (possibly encrypted) list of introduction - * points of rendezvous service descriptors */ -static token_rule_t client_keys_token_table[] = { - T1_START("client-name", C_CLIENT_NAME, CONCAT_ARGS, NO_OBJ), - T1("descriptor-cookie", C_DESCRIPTOR_COOKIE, EQ(1), NO_OBJ), - T01("client-key", C_CLIENT_KEY, NO_ARGS, NEED_SKEY_1024), - END_OF_TABLE -}; - -/** Parse and validate the ASCII-encoded v2 descriptor in <b>desc</b>, - * write the parsed descriptor to the newly allocated *<b>parsed_out</b>, the - * binary descriptor ID of length DIGEST_LEN to <b>desc_id_out</b>, the - * encrypted introduction points to the newly allocated - * *<b>intro_points_encrypted_out</b>, their encrypted size to - * *<b>intro_points_encrypted_size_out</b>, the size of the encoded descriptor - * to *<b>encoded_size_out</b>, and a pointer to the possibly next - * descriptor to *<b>next_out</b>; return 0 for success (including validation) - * and -1 for failure. - * - * If <b>as_hsdir</b> is 1, we're parsing this as an HSDir, and we should - * be strict about time formats. - */ -int -rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, - char *desc_id_out, - char **intro_points_encrypted_out, - size_t *intro_points_encrypted_size_out, - size_t *encoded_size_out, - const char **next_out, const char *desc, - int as_hsdir) -{ - rend_service_descriptor_t *result = - tor_malloc_zero(sizeof(rend_service_descriptor_t)); - char desc_hash[DIGEST_LEN]; - const char *eos; - smartlist_t *tokens = smartlist_new(); - directory_token_t *tok; - char secret_id_part[DIGEST_LEN]; - int i, version, num_ok=1; - smartlist_t *versions; - char public_key_hash[DIGEST_LEN]; - char test_desc_id[DIGEST_LEN]; - memarea_t *area = NULL; - const int strict_time_fmt = as_hsdir; - - tor_assert(desc); - /* Check if desc starts correctly. */ - if (strcmpstart(desc, "rendezvous-service-descriptor ")) { - log_info(LD_REND, "Descriptor does not start correctly."); - goto err; - } - /* Compute descriptor hash for later validation. */ - if (router_get_hash_impl(desc, strlen(desc), desc_hash, - "rendezvous-service-descriptor ", - "\nsignature", '\n', DIGEST_SHA1) < 0) { - log_warn(LD_REND, "Couldn't compute descriptor hash."); - goto err; - } - /* Determine end of string. */ - eos = strstr(desc, "\nrendezvous-service-descriptor "); - if (!eos) - eos = desc + strlen(desc); - else - eos = eos + 1; - /* Check length. */ - if (eos-desc > REND_DESC_MAX_SIZE) { - /* XXXX+ If we are parsing this descriptor as a server, this - * should be a protocol warning. */ - log_warn(LD_REND, "Descriptor length is %d which exceeds " - "maximum rendezvous descriptor size of %d bytes.", - (int)(eos-desc), REND_DESC_MAX_SIZE); - goto err; - } - /* Tokenize descriptor. */ - area = memarea_new(); - if (tokenize_string(area, desc, eos, tokens, desc_token_table, 0)) { - log_warn(LD_REND, "Error tokenizing descriptor."); - goto err; - } - /* Set next to next descriptor, if available. */ - *next_out = eos; - /* Set length of encoded descriptor. */ - *encoded_size_out = eos - desc; - /* Check min allowed length of token list. */ - if (smartlist_len(tokens) < 7) { - log_warn(LD_REND, "Impossibly short descriptor."); - goto err; - } - /* Parse base32-encoded descriptor ID. */ - tok = find_by_keyword(tokens, R_RENDEZVOUS_SERVICE_DESCRIPTOR); - tor_assert(tok == smartlist_get(tokens, 0)); - tor_assert(tok->n_args == 1); - if (!rend_valid_descriptor_id(tok->args[0])) { - log_warn(LD_REND, "Invalid descriptor ID: '%s'", tok->args[0]); - goto err; - } - if (base32_decode(desc_id_out, DIGEST_LEN, - tok->args[0], REND_DESC_ID_V2_LEN_BASE32) != DIGEST_LEN) { - log_warn(LD_REND, - "Descriptor ID has wrong length or illegal characters: %s", - tok->args[0]); - goto err; - } - /* Parse descriptor version. */ - tok = find_by_keyword(tokens, R_VERSION); - tor_assert(tok->n_args == 1); - result->version = - (int) tor_parse_long(tok->args[0], 10, 0, INT_MAX, &num_ok, NULL); - if (result->version != 2 || !num_ok) { - /* If it's <2, it shouldn't be under this format. If the number - * is greater than 2, we bumped it because we broke backward - * compatibility. See how version numbers in our other formats - * work. */ - log_warn(LD_REND, "Unrecognized descriptor version: %s", - escaped(tok->args[0])); - goto err; - } - /* Parse public key. */ - tok = find_by_keyword(tokens, R_PERMANENT_KEY); - result->pk = tok->key; - tok->key = NULL; /* Prevent free */ - /* Parse secret ID part. */ - tok = find_by_keyword(tokens, R_SECRET_ID_PART); - tor_assert(tok->n_args == 1); - if (strlen(tok->args[0]) != REND_SECRET_ID_PART_LEN_BASE32 || - strspn(tok->args[0], BASE32_CHARS) != REND_SECRET_ID_PART_LEN_BASE32) { - log_warn(LD_REND, "Invalid secret ID part: '%s'", tok->args[0]); - goto err; - } - if (base32_decode(secret_id_part, DIGEST_LEN, tok->args[0], 32) != - DIGEST_LEN) { - log_warn(LD_REND, - "Secret ID part has wrong length or illegal characters: %s", - tok->args[0]); - goto err; - } - /* Parse publication time -- up-to-date check is done when storing the - * descriptor. */ - tok = find_by_keyword(tokens, R_PUBLICATION_TIME); - tor_assert(tok->n_args == 1); - if (parse_iso_time_(tok->args[0], &result->timestamp, - strict_time_fmt, 0) < 0) { - log_warn(LD_REND, "Invalid publication time: '%s'", tok->args[0]); - goto err; - } - /* Parse protocol versions. */ - tok = find_by_keyword(tokens, R_PROTOCOL_VERSIONS); - tor_assert(tok->n_args == 1); - versions = smartlist_new(); - smartlist_split_string(versions, tok->args[0], ",", - SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0); - for (i = 0; i < smartlist_len(versions); i++) { - version = (int) tor_parse_long(smartlist_get(versions, i), - 10, 0, INT_MAX, &num_ok, NULL); - if (!num_ok) /* It's a string; let's ignore it. */ - continue; - if (version >= REND_PROTOCOL_VERSION_BITMASK_WIDTH) - /* Avoid undefined left-shift behaviour. */ - continue; - result->protocols |= 1 << version; - } - SMARTLIST_FOREACH(versions, char *, cp, tor_free(cp)); - smartlist_free(versions); - /* Parse encrypted introduction points. Don't verify. */ - tok = find_opt_by_keyword(tokens, R_INTRODUCTION_POINTS); - if (tok) { - if (strcmp(tok->object_type, "MESSAGE")) { - log_warn(LD_DIR, "Bad object type: introduction points should be of " - "type MESSAGE"); - goto err; - } - *intro_points_encrypted_out = tor_memdup(tok->object_body, - tok->object_size); - *intro_points_encrypted_size_out = tok->object_size; - } else { - *intro_points_encrypted_out = NULL; - *intro_points_encrypted_size_out = 0; - } - /* Parse and verify signature. */ - tok = find_by_keyword(tokens, R_SIGNATURE); - if (check_signature_token(desc_hash, DIGEST_LEN, tok, result->pk, 0, - "v2 rendezvous service descriptor") < 0) - goto err; - /* Verify that descriptor ID belongs to public key and secret ID part. */ - if (crypto_pk_get_digest(result->pk, public_key_hash) < 0) { - log_warn(LD_REND, "Unable to compute rend descriptor public key digest"); - goto err; - } - rend_get_descriptor_id_bytes(test_desc_id, public_key_hash, - secret_id_part); - if (tor_memneq(desc_id_out, test_desc_id, DIGEST_LEN)) { - log_warn(LD_REND, "Parsed descriptor ID does not match " - "computed descriptor ID."); - goto err; - } - goto done; - err: - rend_service_descriptor_free(result); - result = NULL; - done: - if (tokens) { - SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); - smartlist_free(tokens); - } - if (area) - memarea_drop_all(area); - *parsed_out = result; - if (result) - return 0; - return -1; -} - -/** Decrypt the encrypted introduction points in <b>ipos_encrypted</b> of - * length <b>ipos_encrypted_size</b> using <b>descriptor_cookie</b> and - * write the result to a newly allocated string that is pointed to by - * <b>ipos_decrypted</b> and its length to <b>ipos_decrypted_size</b>. - * Return 0 if decryption was successful and -1 otherwise. */ -int -rend_decrypt_introduction_points(char **ipos_decrypted, - size_t *ipos_decrypted_size, - const char *descriptor_cookie, - const char *ipos_encrypted, - size_t ipos_encrypted_size) -{ - tor_assert(ipos_encrypted); - tor_assert(descriptor_cookie); - if (ipos_encrypted_size < 2) { - log_warn(LD_REND, "Size of encrypted introduction points is too " - "small."); - return -1; - } - if (ipos_encrypted[0] == (int)REND_BASIC_AUTH) { - char iv[CIPHER_IV_LEN], client_id[REND_BASIC_AUTH_CLIENT_ID_LEN], - session_key[CIPHER_KEY_LEN], *dec; - int declen, client_blocks; - size_t pos = 0, len, client_entries_len; - crypto_digest_t *digest; - crypto_cipher_t *cipher; - client_blocks = (int) ipos_encrypted[1]; - client_entries_len = client_blocks * REND_BASIC_AUTH_CLIENT_MULTIPLE * - REND_BASIC_AUTH_CLIENT_ENTRY_LEN; - if (ipos_encrypted_size < 2 + client_entries_len + CIPHER_IV_LEN + 1) { - log_warn(LD_REND, "Size of encrypted introduction points is too " - "small."); - return -1; - } - memcpy(iv, ipos_encrypted + 2 + client_entries_len, CIPHER_IV_LEN); - digest = crypto_digest_new(); - crypto_digest_add_bytes(digest, descriptor_cookie, REND_DESC_COOKIE_LEN); - crypto_digest_add_bytes(digest, iv, CIPHER_IV_LEN); - crypto_digest_get_digest(digest, client_id, - REND_BASIC_AUTH_CLIENT_ID_LEN); - crypto_digest_free(digest); - for (pos = 2; pos < 2 + client_entries_len; - pos += REND_BASIC_AUTH_CLIENT_ENTRY_LEN) { - if (tor_memeq(ipos_encrypted + pos, client_id, - REND_BASIC_AUTH_CLIENT_ID_LEN)) { - /* Attempt to decrypt introduction points. */ - cipher = crypto_cipher_new(descriptor_cookie); - if (crypto_cipher_decrypt(cipher, session_key, ipos_encrypted - + pos + REND_BASIC_AUTH_CLIENT_ID_LEN, - CIPHER_KEY_LEN) < 0) { - log_warn(LD_REND, "Could not decrypt session key for client."); - crypto_cipher_free(cipher); - return -1; - } - crypto_cipher_free(cipher); - - len = ipos_encrypted_size - 2 - client_entries_len - CIPHER_IV_LEN; - dec = tor_malloc_zero(len + 1); - declen = crypto_cipher_decrypt_with_iv(session_key, dec, len, - ipos_encrypted + 2 + client_entries_len, - ipos_encrypted_size - 2 - client_entries_len); - - if (declen < 0) { - log_warn(LD_REND, "Could not decrypt introduction point string."); - tor_free(dec); - return -1; - } - if (fast_memcmpstart(dec, declen, "introduction-point ")) { - log_warn(LD_REND, "Decrypted introduction points don't " - "look like we could parse them."); - tor_free(dec); - continue; - } - *ipos_decrypted = dec; - *ipos_decrypted_size = declen; - return 0; - } - } - log_warn(LD_REND, "Could not decrypt introduction points. Please " - "check your authorization for this service!"); - return -1; - } else if (ipos_encrypted[0] == (int)REND_STEALTH_AUTH) { - char *dec; - int declen; - if (ipos_encrypted_size < CIPHER_IV_LEN + 2) { - log_warn(LD_REND, "Size of encrypted introduction points is too " - "small."); - return -1; - } - dec = tor_malloc_zero(ipos_encrypted_size - CIPHER_IV_LEN - 1 + 1); - - declen = crypto_cipher_decrypt_with_iv(descriptor_cookie, dec, - ipos_encrypted_size - - CIPHER_IV_LEN - 1, - ipos_encrypted + 1, - ipos_encrypted_size - 1); - - if (declen < 0) { - log_warn(LD_REND, "Decrypting introduction points failed!"); - tor_free(dec); - return -1; - } - *ipos_decrypted = dec; - *ipos_decrypted_size = declen; - return 0; - } else { - log_warn(LD_REND, "Unknown authorization type number: %d", - ipos_encrypted[0]); - return -1; - } -} - -/** Parse the encoded introduction points in <b>intro_points_encoded</b> of - * length <b>intro_points_encoded_size</b> and write the result to the - * descriptor in <b>parsed</b>; return the number of successfully parsed - * introduction points or -1 in case of a failure. */ -int -rend_parse_introduction_points(rend_service_descriptor_t *parsed, - const char *intro_points_encoded, - size_t intro_points_encoded_size) -{ - const char *current_ipo, *end_of_intro_points; - smartlist_t *tokens = NULL; - directory_token_t *tok; - rend_intro_point_t *intro; - extend_info_t *info; - int result, num_ok=1; - memarea_t *area = NULL; - tor_assert(parsed); - /** Function may only be invoked once. */ - tor_assert(!parsed->intro_nodes); - if (!intro_points_encoded || intro_points_encoded_size == 0) { - log_warn(LD_REND, "Empty or zero size introduction point list"); - goto err; - } - /* Consider one intro point after the other. */ - current_ipo = intro_points_encoded; - end_of_intro_points = intro_points_encoded + intro_points_encoded_size; - tokens = smartlist_new(); - parsed->intro_nodes = smartlist_new(); - area = memarea_new(); - - while (!fast_memcmpstart(current_ipo, end_of_intro_points-current_ipo, - "introduction-point ")) { - /* Determine end of string. */ - const char *eos = tor_memstr(current_ipo, end_of_intro_points-current_ipo, - "\nintroduction-point "); - if (!eos) - eos = end_of_intro_points; - else - eos = eos+1; - tor_assert(eos <= intro_points_encoded+intro_points_encoded_size); - /* Free tokens and clear token list. */ - SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); - smartlist_clear(tokens); - memarea_clear(area); - /* Tokenize string. */ - if (tokenize_string(area, current_ipo, eos, tokens, ipo_token_table, 0)) { - log_warn(LD_REND, "Error tokenizing introduction point"); - goto err; - } - /* Advance to next introduction point, if available. */ - current_ipo = eos; - /* Check minimum allowed length of introduction point. */ - if (smartlist_len(tokens) < 5) { - log_warn(LD_REND, "Impossibly short introduction point."); - goto err; - } - /* Allocate new intro point and extend info. */ - intro = tor_malloc_zero(sizeof(rend_intro_point_t)); - info = intro->extend_info = - extend_info_new(NULL, NULL, NULL, NULL, NULL, NULL, 0); - /* Parse identifier. */ - tok = find_by_keyword(tokens, R_IPO_IDENTIFIER); - if (base32_decode(info->identity_digest, DIGEST_LEN, - tok->args[0], REND_INTRO_POINT_ID_LEN_BASE32) != - DIGEST_LEN) { - log_warn(LD_REND, - "Identity digest has wrong length or illegal characters: %s", - tok->args[0]); - rend_intro_point_free(intro); - goto err; - } - /* Write identifier to nickname. */ - info->nickname[0] = '$'; - base16_encode(info->nickname + 1, sizeof(info->nickname) - 1, - info->identity_digest, DIGEST_LEN); - /* Parse IP address. */ - tok = find_by_keyword(tokens, R_IPO_IP_ADDRESS); - tor_addr_t addr; - if (tor_addr_parse(&addr, tok->args[0])<0) { - log_warn(LD_REND, "Could not parse introduction point address."); - rend_intro_point_free(intro); - goto err; - } - if (tor_addr_family(&addr) != AF_INET) { - log_warn(LD_REND, "Introduction point address was not ipv4."); - rend_intro_point_free(intro); - goto err; - } - - /* Parse onion port. */ - tok = find_by_keyword(tokens, R_IPO_ONION_PORT); - uint16_t port = (uint16_t) tor_parse_long(tok->args[0],10,1,65535, - &num_ok,NULL); - if (!port || !num_ok) { - log_warn(LD_REND, "Introduction point onion port %s is invalid", - escaped(tok->args[0])); - rend_intro_point_free(intro); - goto err; - } - - /* Add the address and port. */ - extend_info_add_orport(info, &addr, port); - - /* Parse onion key. */ - tok = find_by_keyword(tokens, R_IPO_ONION_KEY); - if (!crypto_pk_public_exponent_ok(tok->key)) { - log_warn(LD_REND, - "Introduction point's onion key had invalid exponent."); - rend_intro_point_free(intro); - goto err; - } - info->onion_key = tok->key; - tok->key = NULL; /* Prevent free */ - /* Parse service key. */ - tok = find_by_keyword(tokens, R_IPO_SERVICE_KEY); - if (!crypto_pk_public_exponent_ok(tok->key)) { - log_warn(LD_REND, - "Introduction point key had invalid exponent."); - rend_intro_point_free(intro); - goto err; - } - intro->intro_key = tok->key; - tok->key = NULL; /* Prevent free */ - /* Add extend info to list of introduction points. */ - smartlist_add(parsed->intro_nodes, intro); - } - result = smartlist_len(parsed->intro_nodes); - goto done; - - err: - result = -1; - - done: - /* Free tokens and clear token list. */ - if (tokens) { - SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); - smartlist_free(tokens); - } - if (area) - memarea_drop_all(area); - - return result; -} - -/** Parse the content of a client_key file in <b>ckstr</b> and add - * rend_authorized_client_t's for each parsed client to - * <b>parsed_clients</b>. Return the number of parsed clients as result - * or -1 for failure. */ -int -rend_parse_client_keys(strmap_t *parsed_clients, const char *ckstr) -{ - int result = -1; - smartlist_t *tokens; - directory_token_t *tok; - const char *current_entry = NULL; - memarea_t *area = NULL; - char *err_msg = NULL; - if (!ckstr || strlen(ckstr) == 0) - return -1; - tokens = smartlist_new(); - /* Begin parsing with first entry, skipping comments or whitespace at the - * beginning. */ - area = memarea_new(); - current_entry = eat_whitespace(ckstr); - while (!strcmpstart(current_entry, "client-name ")) { - rend_authorized_client_t *parsed_entry; - /* Determine end of string. */ - const char *eos = strstr(current_entry, "\nclient-name "); - if (!eos) - eos = current_entry + strlen(current_entry); - else - eos = eos + 1; - /* Free tokens and clear token list. */ - SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); - smartlist_clear(tokens); - memarea_clear(area); - /* Tokenize string. */ - if (tokenize_string(area, current_entry, eos, tokens, - client_keys_token_table, 0)) { - log_warn(LD_REND, "Error tokenizing client keys file."); - goto err; - } - /* Advance to next entry, if available. */ - current_entry = eos; - /* Check minimum allowed length of token list. */ - if (smartlist_len(tokens) < 2) { - log_warn(LD_REND, "Impossibly short client key entry."); - goto err; - } - /* Parse client name. */ - tok = find_by_keyword(tokens, C_CLIENT_NAME); - tor_assert(tok == smartlist_get(tokens, 0)); - tor_assert(tok->n_args == 1); - - if (!rend_valid_client_name(tok->args[0])) { - log_warn(LD_CONFIG, "Illegal client name: %s. (Length must be " - "between 1 and %d, and valid characters are " - "[A-Za-z0-9+-_].)", tok->args[0], REND_CLIENTNAME_MAX_LEN); - goto err; - } - /* Check if client name is duplicate. */ - if (strmap_get(parsed_clients, tok->args[0])) { - log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains a " - "duplicate client name: '%s'. Ignoring.", tok->args[0]); - goto err; - } - parsed_entry = tor_malloc_zero(sizeof(rend_authorized_client_t)); - parsed_entry->client_name = tor_strdup(tok->args[0]); - strmap_set(parsed_clients, parsed_entry->client_name, parsed_entry); - /* Parse client key. */ - tok = find_opt_by_keyword(tokens, C_CLIENT_KEY); - if (tok) { - parsed_entry->client_key = tok->key; - tok->key = NULL; /* Prevent free */ - } - - /* Parse descriptor cookie. */ - tok = find_by_keyword(tokens, C_DESCRIPTOR_COOKIE); - tor_assert(tok->n_args == 1); - if (rend_auth_decode_cookie(tok->args[0], parsed_entry->descriptor_cookie, - NULL, &err_msg) < 0) { - tor_assert(err_msg); - log_warn(LD_REND, "%s", err_msg); - tor_free(err_msg); - goto err; - } - } - result = strmap_size(parsed_clients); - goto done; - err: - result = -1; - done: - /* Free tokens and clear token list. */ - SMARTLIST_FOREACH(tokens, directory_token_t *, t, token_clear(t)); - smartlist_free(tokens); - if (area) - memarea_drop_all(area); - return result; -} diff --git a/src/feature/rend/rendparse.h b/src/feature/rend/rendparse.h deleted file mode 100644 index 75109c204d..0000000000 --- a/src/feature/rend/rendparse.h +++ /dev/null @@ -1,32 +0,0 @@ -/* Copyright (c) 2001 Matej Pfajfar. - * Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file rendparse.h - * \brief Header file for rendparse.c. - **/ - -#ifndef TOR_REND_PARSE_H -#define TOR_REND_PARSE_H - -int rend_parse_v2_service_descriptor(rend_service_descriptor_t **parsed_out, - char *desc_id_out, - char **intro_points_encrypted_out, - size_t *intro_points_encrypted_size_out, - size_t *encoded_size_out, - const char **next_out, const char *desc, - int as_hsdir); -int rend_decrypt_introduction_points(char **ipos_decrypted, - size_t *ipos_decrypted_size, - const char *descriptor_cookie, - const char *ipos_encrypted, - size_t ipos_encrypted_size); -int rend_parse_introduction_points(rend_service_descriptor_t *parsed, - const char *intro_points_encoded, - size_t intro_points_encoded_size); -int rend_parse_client_keys(strmap_t *parsed_clients, const char *str); - -#endif /* !defined(TOR_REND_PARSE_H) */ diff --git a/src/feature/rend/rendservice.c b/src/feature/rend/rendservice.c deleted file mode 100644 index a2be900e2a..0000000000 --- a/src/feature/rend/rendservice.c +++ /dev/null @@ -1,4535 +0,0 @@ -/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file rendservice.c - * \brief The hidden-service side of rendezvous functionality. - **/ - -#define RENDSERVICE_PRIVATE - -#include "core/or/or.h" - -#include "app/config/config.h" -#include "core/mainloop/mainloop.h" -#include "core/or/circuitbuild.h" -#include "core/or/circuitlist.h" -#include "core/or/circuituse.h" -#include "core/or/extendinfo.h" -#include "core/or/policies.h" -#include "core/or/relay.h" -#include "core/or/crypt_path.h" -#include "feature/client/circpathbias.h" -#include "feature/control/control_events.h" -#include "feature/dirclient/dirclient.h" -#include "feature/dircommon/directory.h" -#include "feature/hs/hs_common.h" -#include "feature/hs/hs_config.h" -#include "feature/hs_common/replaycache.h" -#include "feature/keymgt/loadkey.h" -#include "feature/nodelist/describe.h" -#include "feature/nodelist/networkstatus.h" -#include "feature/nodelist/nickname.h" -#include "feature/nodelist/node_select.h" -#include "feature/nodelist/nodelist.h" -#include "feature/nodelist/routerset.h" -#include "feature/rend/rendclient.h" -#include "feature/rend/rendcommon.h" -#include "feature/rend/rendparse.h" -#include "feature/rend/rendservice.h" -#include "feature/stats/predict_ports.h" -#include "lib/crypt_ops/crypto_dh.h" -#include "lib/crypt_ops/crypto_rand.h" -#include "lib/crypt_ops/crypto_util.h" -#include "lib/encoding/confline.h" -#include "lib/net/resolve.h" - -#include "core/or/cpath_build_state_st.h" -#include "core/or/crypt_path_st.h" -#include "core/or/crypt_path_reference_st.h" -#include "core/or/edge_connection_st.h" -#include "core/or/extend_info_st.h" -#include "feature/hs/hs_opts_st.h" -#include "feature/nodelist/networkstatus_st.h" -#include "core/or/origin_circuit_st.h" -#include "feature/rend/rend_authorized_client_st.h" -#include "feature/rend/rend_encoded_v2_service_descriptor_st.h" -#include "feature/rend/rend_intro_point_st.h" -#include "feature/rend/rend_service_descriptor_st.h" -#include "feature/nodelist/routerstatus_st.h" - -#ifdef HAVE_FCNTL_H -#include <fcntl.h> -#endif -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif -#ifdef HAVE_SYS_STAT_H -#include <sys/stat.h> -#endif - -struct rend_service_t; -static origin_circuit_t *find_intro_circuit(rend_intro_point_t *intro, - const char *pk_digest); -static rend_intro_point_t *find_intro_point(origin_circuit_t *circ); -static rend_intro_point_t *find_expiring_intro_point( - struct rend_service_t *service, origin_circuit_t *circ); - -static extend_info_t *find_rp_for_intro( - const rend_intro_cell_t *intro, - char **err_msg_out); - -static int intro_point_accepted_intro_count(rend_intro_point_t *intro); -static int intro_point_should_expire_now(rend_intro_point_t *intro, - time_t now); -static int rend_service_derive_key_digests(struct rend_service_t *s); -static int rend_service_load_keys(struct rend_service_t *s); -static int rend_service_load_auth_keys(struct rend_service_t *s, - const char *hfname); -static struct rend_service_t *rend_service_get_by_pk_digest( - const char* digest); -static struct rend_service_t *rend_service_get_by_service_id(const char *id); -static const char *rend_service_escaped_dir( - const struct rend_service_t *s); - -static ssize_t rend_service_parse_intro_for_v0_or_v1( - rend_intro_cell_t *intro, - const uint8_t *buf, - size_t plaintext_len, - char **err_msg_out); -static ssize_t rend_service_parse_intro_for_v2( - rend_intro_cell_t *intro, - const uint8_t *buf, - size_t plaintext_len, - char **err_msg_out); -static ssize_t rend_service_parse_intro_for_v3( - rend_intro_cell_t *intro, - const uint8_t *buf, - size_t plaintext_len, - char **err_msg_out); - -static int rend_service_check_private_dir(const or_options_t *options, - const rend_service_t *s, - int create); -static const smartlist_t* rend_get_service_list( - const smartlist_t* substitute_service_list); -static smartlist_t* rend_get_service_list_mutable( - smartlist_t* substitute_service_list); -static int rend_max_intro_circs_per_period(unsigned int n_intro_points_wanted); - -/* Hidden service directory file names: - * new file names should be added to rend_service_add_filenames_to_list() - * for sandboxing purposes. */ -static const char *private_key_fname = "private_key"; -static const char *hostname_fname = "hostname"; -static const char *client_keys_fname = "client_keys"; -static const char *sos_poison_fname = "onion_service_non_anonymous"; - -/** A list of rend_service_t's for services run on this OP. */ -static smartlist_t *rend_service_list = NULL; -/** A list of rend_service_t's for services run on this OP which is used as a - * staging area before they are put in the main list in order to prune dying - * service on config reload. */ -static smartlist_t *rend_service_staging_list = NULL; - -/** Helper: log the deprecation warning for version 2 only once. */ -static void -log_once_deprecation_warning(void) -{ - static bool logged_once = false; - if (!logged_once) { - log_warn(LD_REND, "DEPRECATED: Onion service version 2 are deprecated. " - "Please use version 3 which is the default now. " - "Currently, version 2 is planned to be obsolete in " - "the Tor version 0.4.6 stable series."); - logged_once = true; - } -} -/** Macro to make it very explicit that we are warning about deprecation. */ -#define WARN_ONCE_DEPRECATION() log_once_deprecation_warning() - -/* Like rend_get_service_list_mutable, but returns a read-only list. */ -static const smartlist_t* -rend_get_service_list(const smartlist_t* substitute_service_list) -{ - /* It is safe to cast away the const here, because - * rend_get_service_list_mutable does not actually modify the list */ - return rend_get_service_list_mutable((smartlist_t*)substitute_service_list); -} - -/* Return a mutable list of hidden services. - * If substitute_service_list is not NULL, return it. - * Otherwise, check if the global rend_service_list is non-NULL, and if so, - * return it. - * Otherwise, log a BUG message and return NULL. - * */ -static smartlist_t* -rend_get_service_list_mutable(smartlist_t* substitute_service_list) -{ - if (substitute_service_list) { - return substitute_service_list; - } - - /* If no special service list is provided, then just use the global one. */ - - if (BUG(!rend_service_list)) { - /* No global HS list, which is a programmer error. */ - return NULL; - } - - return rend_service_list; -} - -/** Tells if onion service <b>s</b> is ephemeral. - */ -static unsigned int -rend_service_is_ephemeral(const struct rend_service_t *s) -{ - return (s->directory == NULL); -} - -/** Returns a escaped string representation of the service, <b>s</b>. - */ -static const char * -rend_service_escaped_dir(const struct rend_service_t *s) -{ - return rend_service_is_ephemeral(s) ? "[EPHEMERAL]" : escaped(s->directory); -} - -/** Return the number of rendezvous services we have configured. */ -int -rend_num_services(void) -{ - if (!rend_service_list) - return 0; - return smartlist_len(rend_service_list); -} - -/** Helper: free storage held by a single service authorized client entry. */ -void -rend_authorized_client_free_(rend_authorized_client_t *client) -{ - if (!client) - return; - if (client->client_key) - crypto_pk_free(client->client_key); - if (client->client_name) - memwipe(client->client_name, 0, strlen(client->client_name)); - tor_free(client->client_name); - memwipe(client->descriptor_cookie, 0, sizeof(client->descriptor_cookie)); - tor_free(client); -} - -/** Helper for strmap_free. */ -static void -rend_authorized_client_free_void(void *authorized_client) -{ - rend_authorized_client_free_(authorized_client); -} - -/** Release the storage held by <b>service</b>. - */ -STATIC void -rend_service_free_(rend_service_t *service) -{ - if (!service) - return; - - tor_free(service->directory); - if (service->ports) { - SMARTLIST_FOREACH(service->ports, rend_service_port_config_t*, p, - rend_service_port_config_free(p)); - smartlist_free(service->ports); - } - if (service->private_key) - crypto_pk_free(service->private_key); - if (service->intro_nodes) { - SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro, - rend_intro_point_free(intro);); - smartlist_free(service->intro_nodes); - } - if (service->expiring_nodes) { - SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *, intro, - rend_intro_point_free(intro);); - smartlist_free(service->expiring_nodes); - } - - rend_service_descriptor_free(service->desc); - if (service->clients) { - SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, c, - rend_authorized_client_free(c);); - smartlist_free(service->clients); - } - if (service->accepted_intro_dh_parts) { - replaycache_free(service->accepted_intro_dh_parts); - } - tor_free(service); -} - -/* Release all the storage held in rend_service_staging_list. */ -void -rend_service_free_staging_list(void) -{ - if (rend_service_staging_list) { - SMARTLIST_FOREACH(rend_service_staging_list, rend_service_t*, ptr, - rend_service_free(ptr)); - smartlist_free(rend_service_staging_list); - rend_service_staging_list = NULL; - } -} - -/** Release all the storage held in both rend_service_list and - * rend_service_staging_list. */ -void -rend_service_free_all(void) -{ - if (rend_service_list) { - SMARTLIST_FOREACH(rend_service_list, rend_service_t*, ptr, - rend_service_free(ptr)); - smartlist_free(rend_service_list); - rend_service_list = NULL; - } - rend_service_free_staging_list(); -} - -/* Initialize the subsystem. */ -void -rend_service_init(void) -{ - tor_assert(!rend_service_list); - tor_assert(!rend_service_staging_list); - - rend_service_list = smartlist_new(); - rend_service_staging_list = smartlist_new(); -} - -/* Validate a <b>service</b>. Use the <b>service_list</b> to make sure there - * is no duplicate entry for the given service object. Return 0 if valid else - * -1 if not.*/ -static int -rend_validate_service(const smartlist_t *service_list, - const rend_service_t *service) -{ - tor_assert(service_list); - tor_assert(service); - - if (service->max_streams_per_circuit < 0) { - log_warn(LD_CONFIG, "Hidden service (%s) configured with negative max " - "streams per circuit.", - rend_service_escaped_dir(service)); - goto invalid; - } - - if (service->max_streams_close_circuit < 0 || - service->max_streams_close_circuit > 1) { - log_warn(LD_CONFIG, "Hidden service (%s) configured with invalid " - "max streams handling.", - rend_service_escaped_dir(service)); - goto invalid; - } - - if (service->auth_type != REND_NO_AUTH && - (!service->clients || smartlist_len(service->clients) == 0)) { - log_warn(LD_CONFIG, "Hidden service (%s) with client authorization but " - "no clients.", - rend_service_escaped_dir(service)); - goto invalid; - } - - if (!service->ports || !smartlist_len(service->ports)) { - log_warn(LD_CONFIG, "Hidden service (%s) with no ports configured.", - rend_service_escaped_dir(service)); - goto invalid; - } - - /* Valid. */ - return 0; - invalid: - return -1; -} - -/** Add it to <b>service_list</b>, or to the global rend_service_list if - * <b>service_list</b> is NULL. Return 0 on success. On failure, free - * <b>service</b> and return -1. Takes ownership of <b>service</b>. */ -static int -rend_add_service(smartlist_t *service_list, rend_service_t *service) -{ - int i; - rend_service_port_config_t *p; - - tor_assert(service); - - smartlist_t *s_list = rend_get_service_list_mutable(service_list); - /* We must have a service list, even if it's a temporary one, so we can - * check for duplicate services */ - if (BUG(!s_list)) { - rend_service_free(service); - return -1; - } - - service->intro_nodes = smartlist_new(); - service->expiring_nodes = smartlist_new(); - - log_debug(LD_REND,"Configuring service with directory %s", - rend_service_escaped_dir(service)); - for (i = 0; i < smartlist_len(service->ports); ++i) { - p = smartlist_get(service->ports, i); - if (!(p->is_unix_addr)) { - log_debug(LD_REND, - "Service maps port %d to %s", - p->virtual_port, - fmt_addrport(&p->real_addr, p->real_port)); - } else { -#ifdef HAVE_SYS_UN_H - log_debug(LD_REND, - "Service maps port %d to socket at \"%s\"", - p->virtual_port, p->unix_addr); -#else - log_warn(LD_BUG, - "Service maps port %d to an AF_UNIX socket, but we " - "have no AF_UNIX support on this platform. This is " - "probably a bug.", - p->virtual_port); - rend_service_free(service); - return -1; -#endif /* defined(HAVE_SYS_UN_H) */ - } - } - /* The service passed all the checks */ - tor_assert(s_list); - smartlist_add(s_list, service); - - /* Notify that our global service list has changed only if this new service - * went into our global list. If not, when we move service from the staging - * list to the new list, a notify is triggered. */ - if (s_list == rend_service_list) { - hs_service_map_has_changed(); - } - return 0; -} - -/** Return a new rend_service_port_config_t with its path set to - * <b>socket_path</b> or empty if <b>socket_path</b> is NULL */ -static rend_service_port_config_t * -rend_service_port_config_new(const char *socket_path) -{ - if (!socket_path) - return tor_malloc_zero(sizeof(rend_service_port_config_t) + 1); - - const size_t pathlen = strlen(socket_path) + 1; - rend_service_port_config_t *conf = - tor_malloc_zero(sizeof(rend_service_port_config_t) + pathlen); - memcpy(conf->unix_addr, socket_path, pathlen); - conf->is_unix_addr = 1; - return conf; -} - -/** Parses a virtual-port to real-port/socket mapping separated by - * the provided separator and returns a new rend_service_port_config_t, - * or NULL and an optional error string on failure. - * - * The format is: VirtualPort SEP (IP|RealPort|IP:RealPort|'socket':path)? - * - * IP defaults to 127.0.0.1; RealPort defaults to VirtualPort. - */ -rend_service_port_config_t * -rend_service_parse_port_config(const char *string, const char *sep, - char **err_msg_out) -{ - smartlist_t *sl; - int virtport; - int realport = 0; - uint16_t p; - tor_addr_t addr; - rend_service_port_config_t *result = NULL; - unsigned int is_unix_addr = 0; - const char *socket_path = NULL; - char *err_msg = NULL; - char *addrport = NULL; - - sl = smartlist_new(); - smartlist_split_string(sl, string, sep, - SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 2); - if (smartlist_len(sl) < 1 || BUG(smartlist_len(sl) > 2)) { - err_msg = tor_strdup("Bad syntax in hidden service port configuration."); - goto err; - } - virtport = (int)tor_parse_long(smartlist_get(sl,0), 10, 1, 65535, NULL,NULL); - if (!virtport) { - tor_asprintf(&err_msg, "Missing or invalid port %s in hidden service " - "port configuration", escaped(smartlist_get(sl,0))); - - goto err; - } - if (smartlist_len(sl) == 1) { - /* No addr:port part; use default. */ - realport = virtport; - tor_addr_from_ipv4h(&addr, 0x7F000001u); /* 127.0.0.1 */ - } else { - int ret; - - const char *addrport_element = smartlist_get(sl,1); - const char *rest = NULL; - int is_unix; - ret = port_cfg_line_extract_addrport(addrport_element, &addrport, - &is_unix, &rest); - - if (ret < 0) { - tor_asprintf(&err_msg, "Couldn't process address <%s> from hidden " - "service configuration", addrport_element); - goto err; - } - - if (rest && strlen(rest)) { - err_msg = tor_strdup("HiddenServicePort parse error: invalid port " - "mapping"); - goto err; - } - - if (is_unix) { - socket_path = addrport; - is_unix_addr = 1; - } else if (strchr(addrport, ':') || strchr(addrport, '.')) { - /* else try it as an IP:port pair if it has a : or . in it */ - if (tor_addr_port_lookup(addrport, &addr, &p)<0) { - err_msg = tor_strdup("Unparseable address in hidden service port " - "configuration."); - goto err; - } - realport = p?p:virtport; - } else { - /* No addr:port, no addr -- must be port. */ - realport = (int)tor_parse_long(addrport, 10, 1, 65535, NULL, NULL); - if (!realport) { - tor_asprintf(&err_msg, "Unparseable or out-of-range port %s in " - "hidden service port configuration.", - escaped(addrport)); - goto err; - } - tor_addr_from_ipv4h(&addr, 0x7F000001u); /* Default to 127.0.0.1 */ - } - } - - /* Allow room for unix_addr */ - result = rend_service_port_config_new(socket_path); - result->virtual_port = virtport; - result->is_unix_addr = is_unix_addr; - if (!is_unix_addr) { - result->real_port = realport; - tor_addr_copy(&result->real_addr, &addr); - result->unix_addr[0] = '\0'; - } - - err: - tor_free(addrport); - if (err_msg_out != NULL) { - *err_msg_out = err_msg; - } else { - tor_free(err_msg); - } - SMARTLIST_FOREACH(sl, char *, c, tor_free(c)); - smartlist_free(sl); - - return result; -} - -/** Release all storage held in a rend_service_port_config_t. */ -void -rend_service_port_config_free_(rend_service_port_config_t *p) -{ - tor_free(p); -} - -/* Copy relevant data from service src to dst while pruning the service lists. - * This should only be called during the pruning process which takes existing - * services and copy their data to the newly configured services. The src - * service replaycache will be set to NULL after this call. */ -static void -copy_service_on_prunning(rend_service_t *dst, rend_service_t *src) -{ - tor_assert(dst); - tor_assert(src); - - /* Keep the timestamps for when the content changed and the next upload - * time so we can properly upload the descriptor if needed for the new - * service object. */ - dst->desc_is_dirty = src->desc_is_dirty; - dst->next_upload_time = src->next_upload_time; - /* Move the replaycache to the new object. */ - dst->accepted_intro_dh_parts = src->accepted_intro_dh_parts; - src->accepted_intro_dh_parts = NULL; - /* Copy intro point information to destination service. */ - dst->intro_period_started = src->intro_period_started; - dst->n_intro_circuits_launched = src->n_intro_circuits_launched; - dst->n_intro_points_wanted = src->n_intro_points_wanted; -} - -/* Helper: Actual implementation of the pruning on reload which we've - * decoupled in order to make the unit test workeable without ugly hacks. - * Furthermore, this function does NOT free any memory but will nullify the - * temporary list pointer whatever happens. */ -STATIC void -rend_service_prune_list_impl_(void) -{ - origin_circuit_t *ocirc = NULL; - smartlist_t *surviving_services, *old_service_list, *new_service_list; - - /* When pruning our current service list, we must have a staging list that - * contains what we want to check else it's a code flow error. */ - tor_assert(rend_service_staging_list); - - /* We are about to prune the current list of its dead service so set the - * semantic for that list to be the "old" one. */ - old_service_list = rend_service_list; - /* The staging list is now the "new" list so set this semantic. */ - new_service_list = rend_service_staging_list; - /* After this, whatever happens, we'll use our new list. */ - rend_service_list = new_service_list; - /* Finally, nullify the staging list pointer as we don't need it anymore - * and it needs to be NULL before the next reload. */ - rend_service_staging_list = NULL; - /* Nothing to prune if we have no service list so stop right away. */ - if (!old_service_list) { - return; - } - - /* This contains all _existing_ services that survives the relaod that is - * that haven't been removed from the configuration. The difference between - * this list and the new service list is that the new list can possibly - * contain newly configured service that have no introduction points opened - * yet nor key material loaded or generated. */ - surviving_services = smartlist_new(); - - /* Preserve the existing ephemeral services. - * - * This is the ephemeral service equivalent of the "Copy introduction - * points to new services" block, except there's no copy required since - * the service structure isn't regenerated. - * - * After this is done, all ephemeral services will be: - * * Removed from old_service_list, so the equivalent non-ephemeral code - * will not attempt to preserve them. - * * Added to the new_service_list (that previously only had the - * services listed in the configuration). - * * Added to surviving_services, which is the list of services that - * will NOT have their intro point closed. - */ - SMARTLIST_FOREACH_BEGIN(old_service_list, rend_service_t *, old) { - if (rend_service_is_ephemeral(old)) { - SMARTLIST_DEL_CURRENT(old_service_list, old); - smartlist_add(surviving_services, old); - smartlist_add(new_service_list, old); - } - } SMARTLIST_FOREACH_END(old); - - /* Copy introduction points to new services. This is O(n^2), but it's only - * called on reconfigure, so it's ok performance wise. */ - SMARTLIST_FOREACH_BEGIN(new_service_list, rend_service_t *, new) { - SMARTLIST_FOREACH_BEGIN(old_service_list, rend_service_t *, old) { - /* Skip ephemeral services as we only want to copy introduction points - * from current services to newly configured one that already exists. - * The same directory means it's the same service. */ - if (rend_service_is_ephemeral(new) || rend_service_is_ephemeral(old) || - strcmp(old->directory, new->directory)) { - continue; - } - smartlist_add_all(new->intro_nodes, old->intro_nodes); - smartlist_clear(old->intro_nodes); - smartlist_add_all(new->expiring_nodes, old->expiring_nodes); - smartlist_clear(old->expiring_nodes); - - /* Copy needed information from old to new. */ - copy_service_on_prunning(new, old); - - /* This regular service will survive the closing IPs step after. */ - smartlist_add(surviving_services, old); - break; - } SMARTLIST_FOREACH_END(old); - } SMARTLIST_FOREACH_END(new); - - /* For every service introduction circuit we can find, see if we have a - * matching surviving configured service. If not, close the circuit. */ - while ((ocirc = circuit_get_next_intro_circ(ocirc, false))) { - int keep_it = 0; - if (ocirc->rend_data == NULL) { - /* This is a v3 circuit, ignore it. */ - continue; - } - SMARTLIST_FOREACH_BEGIN(surviving_services, const rend_service_t *, s) { - if (rend_circuit_pk_digest_eq(ocirc, (uint8_t *) s->pk_digest)) { - /* Keep this circuit as we have a matching configured service. */ - keep_it = 1; - break; - } - } SMARTLIST_FOREACH_END(s); - if (keep_it) { - continue; - } - log_info(LD_REND, "Closing intro point %s for service %s.", - safe_str_client(extend_info_describe( - ocirc->build_state->chosen_exit)), - safe_str_client(rend_data_get_address(ocirc->rend_data))); - /* Reason is FINISHED because service has been removed and thus the - * circuit is considered old/unneeded. */ - circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED); - } - smartlist_free(surviving_services); - /* Notify that our global service list has changed. */ - hs_service_map_has_changed(); -} - -/* Try to prune our main service list using the temporary one that we just - * loaded and parsed successfully. The pruning process decides which onion - * services to keep and which to discard after a reload. */ -void -rend_service_prune_list(void) -{ - smartlist_t *old_service_list = rend_service_list; - - if (!rend_service_staging_list) { - rend_service_staging_list = smartlist_new(); - } - - rend_service_prune_list_impl_(); - if (old_service_list) { - /* Every remaining service in the old list have been removed from the - * configuration so clean them up safely. */ - SMARTLIST_FOREACH(old_service_list, rend_service_t *, s, - rend_service_free(s)); - smartlist_free(old_service_list); - } -} - -/* Copy all the relevant data that the hs_service object contains over to the - * rend_service_t object. The reason to do so is because when configuring a - * service, we go through a generic handler that creates an hs_service_t - * object which so we have to copy the parsed values to a rend service object - * which is version 2 specific. */ -static void -service_config_shadow_copy(rend_service_t *service, - hs_service_config_t *config) -{ - tor_assert(service); - tor_assert(config); - - service->directory = tor_strdup(config->directory_path); - service->dir_group_readable = config->dir_group_readable; - service->allow_unknown_ports = config->allow_unknown_ports; - /* This value can't go above HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT (65535) - * if the code flow is right so this cast is safe. But just in case, we'll - * check it. */ - service->max_streams_per_circuit = (int) config->max_streams_per_rdv_circuit; - if (BUG(config->max_streams_per_rdv_circuit > - HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT)) { - service->max_streams_per_circuit = HS_CONFIG_MAX_STREAMS_PER_RDV_CIRCUIT; - } - service->max_streams_close_circuit = config->max_streams_close_circuit; - service->n_intro_points_wanted = config->num_intro_points; - /* Switching ownership of the ports to the rend service object. */ - smartlist_add_all(service->ports, config->ports); - smartlist_free(config->ports); - config->ports = NULL; -} - -/* Parse the hidden service configuration from <b>hs_opts</b> using the - * already configured generic service configuration in <b>config</b>. This - * function will translate the config object to a rend_service_t and add it to - * the temporary list if valid. If <b>validate_only</b> is set, parse, warn - * and return as normal but don't actually add the service to the list. */ -int -rend_config_service(const hs_opts_t *hs_opts, - const or_options_t *options, - hs_service_config_t *config) -{ - rend_service_t *service = NULL; - - tor_assert(options); - tor_assert(hs_opts); - tor_assert(config); - - /* We are about to configure a version 2 service. Warn of deprecation. */ - WARN_ONCE_DEPRECATION(); - - /* Use the staging service list so that we can check then do the pruning - * process using the main list at the end. */ - if (rend_service_staging_list == NULL) { - rend_service_staging_list = smartlist_new(); - } - - /* Initialize service. */ - service = tor_malloc_zero(sizeof(rend_service_t)); - service->intro_period_started = time(NULL); - service->ports = smartlist_new(); - /* From the hs_service object which has been used to load the generic - * options, we'll copy over the useful data to the rend_service_t object. */ - service_config_shadow_copy(service, config); - - /* Number of introduction points. */ - if (hs_opts->HiddenServiceNumIntroductionPoints > NUM_INTRO_POINTS_MAX) { - log_warn(LD_CONFIG, "HiddenServiceNumIntroductionPoints must be " - "between 0 and %d, not %d.", - NUM_INTRO_POINTS_MAX, - hs_opts->HiddenServiceNumIntroductionPoints); - goto err; - } - service->n_intro_points_wanted = hs_opts->HiddenServiceNumIntroductionPoints; - log_info(LD_CONFIG, "HiddenServiceNumIntroductionPoints=%d for %s", - service->n_intro_points_wanted, escaped(service->directory)); - - /* Client authorization */ - if (hs_opts->HiddenServiceAuthorizeClient) { - /* Parse auth type and comma-separated list of client names and add a - * rend_authorized_client_t for each client to the service's list - * of authorized clients. */ - smartlist_t *type_names_split, *clients; - const char *authname; - type_names_split = smartlist_new(); - smartlist_split_string(type_names_split, - hs_opts->HiddenServiceAuthorizeClient, " ", 0, 2); - if (smartlist_len(type_names_split) < 1) { - log_warn(LD_BUG, "HiddenServiceAuthorizeClient has no value. This " - "should have been prevented when parsing the " - "configuration."); - smartlist_free(type_names_split); - goto err; - } - authname = smartlist_get(type_names_split, 0); - if (!strcasecmp(authname, "basic")) { - service->auth_type = REND_BASIC_AUTH; - } else if (!strcasecmp(authname, "stealth")) { - service->auth_type = REND_STEALTH_AUTH; - } else { - log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains " - "unrecognized auth-type '%s'. Only 'basic' or 'stealth' " - "are recognized.", - (char *) smartlist_get(type_names_split, 0)); - SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp)); - smartlist_free(type_names_split); - goto err; - } - service->clients = smartlist_new(); - if (smartlist_len(type_names_split) < 2) { - log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains " - "auth-type '%s', but no client names.", - service->auth_type == REND_BASIC_AUTH ? "basic" : "stealth"); - SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp)); - smartlist_free(type_names_split); - goto err; - } - clients = smartlist_new(); - smartlist_split_string(clients, smartlist_get(type_names_split, 1), - ",", SPLIT_SKIP_SPACE, 0); - SMARTLIST_FOREACH(type_names_split, char *, cp, tor_free(cp)); - smartlist_free(type_names_split); - /* Remove duplicate client names. */ - { - int num_clients = smartlist_len(clients); - smartlist_sort_strings(clients); - smartlist_uniq_strings(clients); - if (smartlist_len(clients) < num_clients) { - log_info(LD_CONFIG, "HiddenServiceAuthorizeClient contains %d " - "duplicate client name(s); removing.", - num_clients - smartlist_len(clients)); - } - } - SMARTLIST_FOREACH_BEGIN(clients, const char *, client_name) { - rend_authorized_client_t *client; - if (!rend_valid_client_name(client_name)) { - log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains an " - "illegal client name: '%s'. Names must be " - "between 1 and %d characters and contain " - "only [A-Za-z0-9+_-].", - client_name, REND_CLIENTNAME_MAX_LEN); - SMARTLIST_FOREACH(clients, char *, cp, tor_free(cp)); - smartlist_free(clients); - goto err; - } - client = tor_malloc_zero(sizeof(rend_authorized_client_t)); - client->client_name = tor_strdup(client_name); - smartlist_add(service->clients, client); - log_debug(LD_REND, "Adding client name '%s'", client_name); - } SMARTLIST_FOREACH_END(client_name); - SMARTLIST_FOREACH(clients, char *, cp, tor_free(cp)); - smartlist_free(clients); - /* Ensure maximum number of clients. */ - if ((service->auth_type == REND_BASIC_AUTH && - smartlist_len(service->clients) > 512) || - (service->auth_type == REND_STEALTH_AUTH && - smartlist_len(service->clients) > 16)) { - log_warn(LD_CONFIG, "HiddenServiceAuthorizeClient contains %d " - "client authorization entries, but only a " - "maximum of %d entries is allowed for " - "authorization type '%s'.", - smartlist_len(service->clients), - service->auth_type == REND_BASIC_AUTH ? 512 : 16, - service->auth_type == REND_BASIC_AUTH ? "basic" : "stealth"); - goto err; - } - } - - /* Validate the service just parsed. */ - if (rend_validate_service(rend_service_staging_list, service) < 0) { - /* Service is in the staging list so don't try to free it. */ - goto err; - } - - /* Add it to the temporary list which we will use to prune our current - * list if any after configuring all services. */ - if (rend_add_service(rend_service_staging_list, service) < 0) { - /* The object has been freed on error already. */ - service = NULL; - goto err; - } - - return 0; - err: - rend_service_free(service); - return -1; -} - -/** Add the ephemeral service <b>pk</b>/<b>ports</b> if possible, using - * client authorization <b>auth_type</b> and an optional list of - * rend_authorized_client_t in <b>auth_clients</b>, with - * <b>max_streams_per_circuit</b> streams allowed per rendezvous circuit, - * and circuit closure on max streams being exceeded set by - * <b>max_streams_close_circuit</b>. - * - * Ownership of pk, ports, and auth_clients is passed to this routine. - * Regardless of success/failure, callers should not touch these values - * after calling this routine, and may assume that correct cleanup has - * been done on failure. - * - * Return an appropriate hs_service_add_ephemeral_status_t. - */ -hs_service_add_ephemeral_status_t -rend_service_add_ephemeral(crypto_pk_t *pk, - smartlist_t *ports, - int max_streams_per_circuit, - int max_streams_close_circuit, - rend_auth_type_t auth_type, - smartlist_t *auth_clients, - char **service_id_out) -{ - *service_id_out = NULL; - /* Allocate the service structure, and initialize the key, and key derived - * parameters. - */ - rend_service_t *s = tor_malloc_zero(sizeof(rend_service_t)); - s->directory = NULL; /* This indicates the service is ephemeral. */ - s->private_key = pk; - s->auth_type = auth_type; - s->clients = auth_clients; - s->ports = ports; - s->intro_period_started = time(NULL); - s->n_intro_points_wanted = NUM_INTRO_POINTS_DEFAULT; - s->max_streams_per_circuit = max_streams_per_circuit; - s->max_streams_close_circuit = max_streams_close_circuit; - if (rend_service_derive_key_digests(s) < 0) { - rend_service_free(s); - return RSAE_BADPRIVKEY; - } - - if (!s->ports || smartlist_len(s->ports) == 0) { - log_warn(LD_CONFIG, "At least one VIRTPORT/TARGET must be specified."); - rend_service_free(s); - return RSAE_BADVIRTPORT; - } - if (s->auth_type != REND_NO_AUTH && - (!s->clients || smartlist_len(s->clients) == 0)) { - log_warn(LD_CONFIG, "At least one authorized client must be specified."); - rend_service_free(s); - return RSAE_BADAUTH; - } - - /* Enforcing pk/id uniqueness should be done by rend_service_load_keys(), but - * it's not, see #14828. - */ - if (rend_service_get_by_pk_digest(s->pk_digest)) { - log_warn(LD_CONFIG, "Onion Service private key collides with an " - "existing service."); - rend_service_free(s); - return RSAE_ADDREXISTS; - } - if (rend_service_get_by_service_id(s->service_id)) { - log_warn(LD_CONFIG, "Onion Service id collides with an existing service."); - rend_service_free(s); - return RSAE_ADDREXISTS; - } - - /* Initialize the service. */ - if (rend_add_service(NULL, s)) { - return RSAE_INTERNAL; - } - *service_id_out = tor_strdup(s->service_id); - - log_debug(LD_CONFIG, "Added ephemeral Onion Service: %s", s->service_id); - return RSAE_OKAY; -} - -/** Remove the ephemeral service <b>service_id</b> if possible. Returns 0 on - * success, and -1 on failure. - */ -int -rend_service_del_ephemeral(const char *service_id) -{ - rend_service_t *s; - if (!rend_valid_v2_service_id(service_id)) { - log_warn(LD_CONFIG, "Requested malformed Onion Service id for removal."); - return -1; - } - if ((s = rend_service_get_by_service_id(service_id)) == NULL) { - log_warn(LD_CONFIG, "Requested non-existent Onion Service id for " - "removal."); - return -1; - } - if (!rend_service_is_ephemeral(s)) { - log_warn(LD_CONFIG, "Requested non-ephemeral Onion Service for removal."); - return -1; - } - - /* Kill the intro point circuit for the Onion Service, and remove it from - * the list. Closing existing connections is the application's problem. - * - * XXX: As with the comment in rend_config_services(), a nice abstraction - * would be ideal here, but for now just duplicate the code. - */ - SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) { - if (!circ->marked_for_close && - (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO || - circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) { - origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ); - if (oc->rend_data == NULL || - !rend_circuit_pk_digest_eq(oc, (uint8_t *) s->pk_digest)) { - continue; - } - log_debug(LD_REND, "Closing intro point %s for service %s.", - safe_str_client(extend_info_describe( - oc->build_state->chosen_exit)), - rend_data_get_address(oc->rend_data)); - circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED); - } - } SMARTLIST_FOREACH_END(circ); - smartlist_remove(rend_service_list, s); - /* Notify that we just removed a service from our global list. */ - hs_service_map_has_changed(); - rend_service_free(s); - - log_debug(LD_CONFIG, "Removed ephemeral Onion Service: %s", service_id); - - return 0; -} - -/* There can be 1 second's delay due to second_elapsed_callback, and perhaps - * another few seconds due to blocking calls. */ -#define INTRO_CIRC_RETRY_PERIOD_SLOP 10 - -/** Log information about the intro point creation rate and current intro - * points for service, upgrading the log level from min_severity to warn if - * we have stopped launching new intro point circuits. */ -static void -rend_log_intro_limit(const rend_service_t *service, int min_severity) -{ - int exceeded_limit = (service->n_intro_circuits_launched >= - rend_max_intro_circs_per_period( - service->n_intro_points_wanted)); - int severity = min_severity; - /* We stopped creating circuits */ - if (exceeded_limit) { - severity = LOG_WARN; - } - time_t intro_period_elapsed = time(NULL) - service->intro_period_started; - tor_assert_nonfatal(intro_period_elapsed >= 0); - { - char *msg; - static ratelim_t rlimit = RATELIM_INIT(INTRO_CIRC_RETRY_PERIOD); - if ((msg = rate_limit_log(&rlimit, approx_time()))) { - log_fn(severity, LD_REND, - "Hidden service %s %s %d intro points in the last %d seconds. " - "Intro circuit launches are limited to %d per %d seconds.%s", - service->service_id, - exceeded_limit ? "exceeded launch limit with" : "launched", - service->n_intro_circuits_launched, - (int)intro_period_elapsed, - rend_max_intro_circs_per_period(service->n_intro_points_wanted), - INTRO_CIRC_RETRY_PERIOD, msg); - rend_service_dump_stats(severity); - tor_free(msg); - } - } -} - -/** Replace the old value of <b>service</b>-\>desc with one that reflects - * the other fields in service. - */ -static void -rend_service_update_descriptor(rend_service_t *service) -{ - rend_service_descriptor_t *d; - int i; - - rend_service_descriptor_free(service->desc); - service->desc = NULL; - - d = service->desc = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - d->pk = crypto_pk_dup_key(service->private_key); - d->timestamp = time(NULL); - d->timestamp -= d->timestamp % 3600; /* Round down to nearest hour */ - d->intro_nodes = smartlist_new(); - /* Support intro protocols 2 and 3. */ - d->protocols = (1 << 2) + (1 << 3); - - for (i = 0; i < smartlist_len(service->intro_nodes); ++i) { - rend_intro_point_t *intro_svc = smartlist_get(service->intro_nodes, i); - rend_intro_point_t *intro_desc; - - /* This intro point won't be listed in the descriptor... */ - intro_svc->listed_in_last_desc = 0; - - /* circuit_established is set in rend_service_intro_established(), and - * checked every second in rend_consider_services_intro_points(), so it's - * safe to use it here */ - if (!intro_svc->circuit_established) { - continue; - } - - /* ...unless this intro point is listed in the descriptor. */ - intro_svc->listed_in_last_desc = 1; - - /* We have an entirely established intro circuit. Publish it in - * our descriptor. */ - intro_desc = tor_malloc_zero(sizeof(rend_intro_point_t)); - intro_desc->extend_info = extend_info_dup(intro_svc->extend_info); - if (intro_svc->intro_key) - intro_desc->intro_key = crypto_pk_dup_key(intro_svc->intro_key); - smartlist_add(d->intro_nodes, intro_desc); - - if (intro_svc->time_published == -1) { - /* We are publishing this intro point in a descriptor for the - * first time -- note the current time in the service's copy of - * the intro point. */ - intro_svc->time_published = time(NULL); - } - } - - /* Check that we have the right number of intro points */ - unsigned int have_intro = (unsigned int)smartlist_len(d->intro_nodes); - if (have_intro != service->n_intro_points_wanted) { - int severity; - /* Getting less than we wanted or more than we're allowed is serious */ - if (have_intro < service->n_intro_points_wanted || - have_intro > NUM_INTRO_POINTS_MAX) { - severity = LOG_WARN; - } else { - /* Getting more than we wanted is weird, but less of a problem */ - severity = LOG_NOTICE; - } - log_fn(severity, LD_REND, "Hidden service %s wanted %d intro points, but " - "descriptor was updated with %d instead.", - service->service_id, - service->n_intro_points_wanted, have_intro); - /* Now log an informative message about how we might have got here. */ - rend_log_intro_limit(service, severity); - } -} - -/* Allocate and return a string containing the path to file_name in - * service->directory. Asserts that service has a directory. - * This function will never return NULL. - * The caller must free this path. */ -static char * -rend_service_path(const rend_service_t *service, const char *file_name) -{ - tor_assert(service->directory); - return hs_path_from_filename(service->directory, file_name); -} - -/* Allocate and return a string containing the path to the single onion - * service poison file in service->directory. Asserts that service has a - * directory. - * The caller must free this path. */ -STATIC char * -rend_service_sos_poison_path(const rend_service_t *service) -{ - return rend_service_path(service, sos_poison_fname); -} - -/** Return True if hidden services <b>service</b> has been poisoned by single - * onion mode. */ -static int -service_is_single_onion_poisoned(const rend_service_t *service) -{ - char *poison_fname = NULL; - file_status_t fstatus; - - /* Passing a NULL service is a bug */ - if (BUG(!service)) { - return 0; - } - - if (rend_service_is_ephemeral(service)) { - return 0; - } - - poison_fname = rend_service_sos_poison_path(service); - - fstatus = file_status(poison_fname); - tor_free(poison_fname); - - /* If this fname is occupied, the hidden service has been poisoned. - * fstatus can be FN_ERROR if the service directory does not exist, in that - * case, there is obviously no private key. */ - if (fstatus == FN_FILE || fstatus == FN_EMPTY) { - return 1; - } - - return 0; -} - -/* Return 1 if the private key file for service exists and has a non-zero size, - * and 0 otherwise. */ -static int -rend_service_private_key_exists(const rend_service_t *service) -{ - char *private_key_path = rend_service_path(service, private_key_fname); - const file_status_t private_key_status = file_status(private_key_path); - tor_free(private_key_path); - /* Only non-empty regular private key files could have been used before. - * fstatus can be FN_ERROR if the service directory does not exist, in that - * case, there is obviously no private key. */ - return private_key_status == FN_FILE; -} - -/** Check the single onion service poison state of the directory for s: - * - If the service is poisoned, and we are in Single Onion Mode, - * return 0, - * - If the service is not poisoned, and we are not in Single Onion Mode, - * return 0, - * - Otherwise, the poison state is invalid: the service was created in one - * mode, and is being used in the other, return -1. - * Hidden service directories without keys are always considered consistent. - * They will be poisoned after their directory is created (if needed). */ -STATIC int -rend_service_verify_single_onion_poison(const rend_service_t* s, - const or_options_t* options) -{ - /* Passing a NULL service is a bug */ - if (BUG(!s)) { - return -1; - } - - /* Ephemeral services are checked at ADD_ONION time */ - if (BUG(rend_service_is_ephemeral(s))) { - return -1; - } - - /* Service is expected to have a directory */ - if (BUG(!s->directory)) { - return -1; - } - - /* Services without keys are always ok - their keys will only ever be used - * in the current mode */ - if (!rend_service_private_key_exists(s)) { - return 0; - } - - /* The key has been used before in a different mode */ - if (service_is_single_onion_poisoned(s) != - rend_service_non_anonymous_mode_enabled(options)) { - return -1; - } - - /* The key exists and is consistent with the current mode */ - return 0; -} - -/*** Helper for rend_service_poison_new_single_onion_dir(). Add a file to - * the hidden service directory for s that marks it as a single onion service. - * Tor must be in single onion mode before calling this function, and the - * service directory must already have been created. - * Returns 0 when a directory is successfully poisoned, or if it is already - * poisoned. Returns -1 on a failure to read the directory or write the poison - * file, or if there is an existing private key file in the directory. (The - * service should have been poisoned when the key was created.) */ -static int -poison_new_single_onion_hidden_service_dir_impl(const rend_service_t *service, - const or_options_t* options) -{ - /* Passing a NULL service is a bug */ - if (BUG(!service)) { - return -1; - } - - /* We must only poison directories if we're in Single Onion mode */ - tor_assert(rend_service_non_anonymous_mode_enabled(options)); - - int fd; - int retval = -1; - char *poison_fname = NULL; - - if (rend_service_is_ephemeral(service)) { - log_info(LD_REND, "Ephemeral HS started in non-anonymous mode."); - return 0; - } - - /* Make sure we're only poisoning new hidden service directories */ - if (rend_service_private_key_exists(service)) { - log_warn(LD_BUG, "Tried to single onion poison a service directory after " - "the private key was created."); - return -1; - } - - /* Make sure the directory was created before calling this function. */ - if (BUG(hs_check_service_private_dir(options->User, service->directory, - service->dir_group_readable, 0) < 0)) - return -1; - - poison_fname = rend_service_sos_poison_path(service); - - switch (file_status(poison_fname)) { - case FN_DIR: - case FN_ERROR: - log_warn(LD_FS, "Can't read single onion poison file \"%s\"", - poison_fname); - goto done; - case FN_FILE: /* single onion poison file already exists. NOP. */ - case FN_EMPTY: /* single onion poison file already exists. NOP. */ - log_debug(LD_FS, "Tried to re-poison a single onion poisoned file \"%s\"", - poison_fname); - break; - case FN_NOENT: - fd = tor_open_cloexec(poison_fname, O_RDWR|O_CREAT|O_TRUNC, 0600); - if (fd < 0) { - log_warn(LD_FS, "Could not create single onion poison file %s", - poison_fname); - goto done; - } - close(fd); - break; - default: - tor_assert(0); - } - - retval = 0; - - done: - tor_free(poison_fname); - - return retval; -} - -/** We just got launched in Single Onion Mode. That's a non-anonymous mode for - * hidden services. If s is new, we should mark its hidden service - * directory appropriately so that it is never launched as a location-private - * hidden service. (New directories don't have private key files.) - * Return 0 on success, -1 on fail. */ -STATIC int -rend_service_poison_new_single_onion_dir(const rend_service_t *s, - const or_options_t* options) -{ - /* Passing a NULL service is a bug */ - if (BUG(!s)) { - return -1; - } - - /* We must only poison directories if we're in Single Onion mode */ - tor_assert(rend_service_non_anonymous_mode_enabled(options)); - - /* Ephemeral services aren't allowed in non-anonymous mode */ - if (BUG(rend_service_is_ephemeral(s))) { - return -1; - } - - /* Service is expected to have a directory */ - if (BUG(!s->directory)) { - return -1; - } - - if (!rend_service_private_key_exists(s)) { - if (poison_new_single_onion_hidden_service_dir_impl(s, options) - < 0) { - return -1; - } - } - - return 0; -} - -/* Return true iff the given service identity key is present on disk. This is - * used to try to learn the service version during configuration time. */ -int -rend_service_key_on_disk(const char *directory_path) -{ - int ret = 0; - char *fname; - crypto_pk_t *pk = NULL; - - tor_assert(directory_path); - - /* Load key */ - fname = hs_path_from_filename(directory_path, private_key_fname); - pk = init_key_from_file(fname, 0, LOG_DEBUG, NULL); - if (pk) { - ret = 1; - } - - crypto_pk_free(pk); - tor_free(fname); - return ret; -} - -/** Load and/or generate private keys for all hidden services, possibly - * including keys for client authorization. - * If a <b>service_list</b> is provided, treat it as the list of hidden - * services (used in unittests). Otherwise, require that rend_service_list is - * not NULL. - * Return 0 on success, -1 on failure. */ -int -rend_service_load_all_keys(const smartlist_t *service_list) -{ - /* Use service_list for unit tests */ - const smartlist_t *s_list = rend_get_service_list(service_list); - if (BUG(!s_list)) { - return -1; - } - - SMARTLIST_FOREACH_BEGIN(s_list, rend_service_t *, s) { - if (s->private_key) - continue; - log_info(LD_REND, "Loading hidden-service keys from %s", - rend_service_escaped_dir(s)); - - if (rend_service_load_keys(s) < 0) - return -1; - } SMARTLIST_FOREACH_END(s); - - return 0; -} - -/** Add to <b>lst</b> every filename used by <b>s</b>. */ -static void -rend_service_add_filenames_to_list(smartlist_t *lst, const rend_service_t *s) -{ - tor_assert(lst); - tor_assert(s); - tor_assert(s->directory); - smartlist_add(lst, rend_service_path(s, private_key_fname)); - smartlist_add(lst, rend_service_path(s, hostname_fname)); - smartlist_add(lst, rend_service_path(s, client_keys_fname)); - smartlist_add(lst, rend_service_sos_poison_path(s)); -} - -/** Add to <b>open_lst</b> every filename used by a configured hidden service, - * and to <b>stat_lst</b> every directory used by a configured hidden - * service */ -void -rend_services_add_filenames_to_lists(smartlist_t *open_lst, - smartlist_t *stat_lst) -{ - if (!rend_service_list) - return; - SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, s) { - if (!rend_service_is_ephemeral(s)) { - rend_service_add_filenames_to_list(open_lst, s); - smartlist_add_strdup(stat_lst, s->directory); - } - } SMARTLIST_FOREACH_END(s); -} - -/** Derive all rend_service_t internal material based on the service's key. - * Returns 0 on success, -1 on failure. - */ -static int -rend_service_derive_key_digests(struct rend_service_t *s) -{ - if (rend_get_service_id(s->private_key, s->service_id)<0) { - log_warn(LD_BUG, "Internal error: couldn't encode service ID."); - return -1; - } - if (crypto_pk_get_digest(s->private_key, s->pk_digest)<0) { - log_warn(LD_BUG, "Couldn't compute hash of public key."); - return -1; - } - - return 0; -} - -/** Make sure that the directory for <b>s</b> is private, using the config in - * <b>options</b>. - * If <b>create</b> is true: - * - if the directory exists, change permissions if needed, - * - if the directory does not exist, create it with the correct permissions. - * If <b>create</b> is false: - * - if the directory exists, check permissions, - * - if the directory does not exist, check if we think we can create it. - * Return 0 on success, -1 on failure. */ -static int -rend_service_check_private_dir(const or_options_t *options, - const rend_service_t *s, - int create) -{ - /* Passing a NULL service is a bug */ - if (BUG(!s)) { - return -1; - } - - /* Check/create directory */ - if (hs_check_service_private_dir(options->User, s->directory, - s->dir_group_readable, create) < 0) { - return -1; - } - - /* Check if the hidden service key exists, and was created in a different - * single onion service mode, and refuse to launch if it has. - * This is safe to call even when create is false, as it ignores missing - * keys and directories: they are always valid. - */ - if (rend_service_verify_single_onion_poison(s, options) < 0) { - /* We can't use s->service_id here, as the key may not have been loaded */ - log_warn(LD_GENERAL, "We are configured with " - "HiddenServiceNonAnonymousMode %d, but the hidden " - "service key in directory %s was created in %s mode. " - "This is not allowed.", - rend_service_non_anonymous_mode_enabled(options) ? 1 : 0, - rend_service_escaped_dir(s), - rend_service_non_anonymous_mode_enabled(options) ? - "an anonymous" : "a non-anonymous" - ); - return -1; - } - - /* Poison new single onion directories immediately after they are created, - * so that we never accidentally launch non-anonymous hidden services - * thinking they are anonymous. Any keys created later will end up with the - * correct poisoning state. - */ - if (create && rend_service_non_anonymous_mode_enabled(options)) { - static int logged_warning = 0; - - if (rend_service_poison_new_single_onion_dir(s, options) < 0) { - log_warn(LD_GENERAL,"Failed to mark new hidden services as non-anonymous" - "."); - return -1; - } - - if (!logged_warning) { - /* The keys for these services are linked to the server IP address */ - log_notice(LD_REND, "The configured onion service directories have been " - "used in single onion mode. They can not be used for " - "anonymous hidden services."); - logged_warning = 1; - } - } - - return 0; -} - -/** Load and/or generate private keys for the hidden service <b>s</b>, - * possibly including keys for client authorization. Return 0 on success, -1 - * on failure. */ -static int -rend_service_load_keys(rend_service_t *s) -{ - char *fname = NULL; - char buf[128]; - - /* Create the directory if needed which will also poison it in case of - * single onion service. */ - if (rend_service_check_private_dir(get_options(), s, 1) < 0) - goto err; - - /* Load key */ - fname = rend_service_path(s, private_key_fname); - s->private_key = init_key_from_file(fname, 1, LOG_ERR, NULL); - - if (!s->private_key) - goto err; - - if (rend_service_derive_key_digests(s) < 0) - goto err; - - tor_free(fname); - /* Create service file */ - fname = rend_service_path(s, hostname_fname); - - tor_snprintf(buf, sizeof(buf),"%s.onion\n", s->service_id); - if (write_str_to_file_if_not_equal(fname, buf)) { - log_warn(LD_CONFIG, "Could not write onion address to hostname file."); - goto err; - } -#ifndef _WIN32 - if (s->dir_group_readable) { - /* Also verify hostname file created with group read. */ - if (chmod(fname, 0640)) - log_warn(LD_FS,"Unable to make hidden hostname file %s group-readable.", - fname); - } -#endif /* !defined(_WIN32) */ - - /* If client authorization is configured, load or generate keys. */ - if (s->auth_type != REND_NO_AUTH) { - if (rend_service_load_auth_keys(s, fname) < 0) { - goto err; - } - } - - int r = 0; - goto done; - err: - r = -1; - done: - memwipe(buf, 0, sizeof(buf)); - tor_free(fname); - return r; -} - -/** Load and/or generate client authorization keys for the hidden service - * <b>s</b>, which stores its hostname in <b>hfname</b>. Return 0 on success, - * -1 on failure. */ -static int -rend_service_load_auth_keys(rend_service_t *s, const char *hfname) -{ - int r = 0; - char *cfname = NULL; - char *client_keys_str = NULL; - strmap_t *parsed_clients = strmap_new(); - FILE *cfile, *hfile; - open_file_t *open_cfile = NULL, *open_hfile = NULL; - char desc_cook_out[3*REND_DESC_COOKIE_LEN_BASE64+1]; - char service_id[16+1]; - char buf[1500]; - - /* Load client keys and descriptor cookies, if available. */ - cfname = rend_service_path(s, client_keys_fname); - client_keys_str = read_file_to_str(cfname, RFTS_IGNORE_MISSING, NULL); - if (client_keys_str) { - if (rend_parse_client_keys(parsed_clients, client_keys_str) < 0) { - log_warn(LD_CONFIG, "Previously stored client_keys file could not " - "be parsed."); - goto err; - } else { - log_info(LD_CONFIG, "Parsed %d previously stored client entries.", - strmap_size(parsed_clients)); - } - } - - /* Prepare client_keys and hostname files. */ - if (!(cfile = start_writing_to_stdio_file(cfname, - OPEN_FLAGS_REPLACE | O_TEXT, - 0600, &open_cfile))) { - log_warn(LD_CONFIG, "Could not open client_keys file %s", - escaped(cfname)); - goto err; - } - - if (!(hfile = start_writing_to_stdio_file(hfname, - OPEN_FLAGS_REPLACE | O_TEXT, - 0600, &open_hfile))) { - log_warn(LD_CONFIG, "Could not open hostname file %s", escaped(hfname)); - goto err; - } - - /* Either use loaded keys for configured clients or generate new - * ones if a client is new. */ - SMARTLIST_FOREACH_BEGIN(s->clients, rend_authorized_client_t *, client) { - rend_authorized_client_t *parsed = - strmap_get(parsed_clients, client->client_name); - int written; - size_t len; - /* Copy descriptor cookie from parsed entry or create new one. */ - if (parsed) { - memcpy(client->descriptor_cookie, parsed->descriptor_cookie, - REND_DESC_COOKIE_LEN); - } else { - crypto_rand((char *) client->descriptor_cookie, REND_DESC_COOKIE_LEN); - } - /* For compatibility with older tor clients, this does not - * truncate the padding characters, unlike rend_auth_encode_cookie. */ - if (base64_encode(desc_cook_out, 3*REND_DESC_COOKIE_LEN_BASE64+1, - (char *) client->descriptor_cookie, - REND_DESC_COOKIE_LEN, 0) < 0) { - log_warn(LD_BUG, "Could not base64-encode descriptor cookie."); - goto err; - } - /* Copy client key from parsed entry or create new one if required. */ - if (parsed && parsed->client_key) { - client->client_key = crypto_pk_dup_key(parsed->client_key); - } else if (s->auth_type == REND_STEALTH_AUTH) { - /* Create private key for client. */ - crypto_pk_t *prkey = NULL; - if (!(prkey = crypto_pk_new())) { - log_warn(LD_BUG,"Error constructing client key"); - goto err; - } - if (crypto_pk_generate_key(prkey)) { - log_warn(LD_BUG,"Error generating client key"); - crypto_pk_free(prkey); - goto err; - } - if (! crypto_pk_is_valid_private_key(prkey)) { - log_warn(LD_BUG,"Generated client key seems invalid"); - crypto_pk_free(prkey); - goto err; - } - client->client_key = prkey; - } - /* Add entry to client_keys file. */ - written = tor_snprintf(buf, sizeof(buf), - "client-name %s\ndescriptor-cookie %s\n", - client->client_name, desc_cook_out); - if (written < 0) { - log_warn(LD_BUG, "Could not write client entry."); - goto err; - } - if (client->client_key) { - char *client_key_out = NULL; - if (crypto_pk_write_private_key_to_string(client->client_key, - &client_key_out, &len) != 0) { - log_warn(LD_BUG, "Internal error: " - "crypto_pk_write_private_key_to_string() failed."); - goto err; - } - if (rend_get_service_id(client->client_key, service_id)<0) { - log_warn(LD_BUG, "Internal error: couldn't encode service ID."); - /* - * len is string length, not buffer length, but last byte is NUL - * anyway. - */ - memwipe(client_key_out, 0, len); - tor_free(client_key_out); - goto err; - } - written = tor_snprintf(buf + written, sizeof(buf) - written, - "client-key\n%s", client_key_out); - memwipe(client_key_out, 0, len); - tor_free(client_key_out); - if (written < 0) { - log_warn(LD_BUG, "Could not write client entry."); - goto err; - } - } else { - strlcpy(service_id, s->service_id, sizeof(service_id)); - } - - if (fputs(buf, cfile) < 0) { - log_warn(LD_FS, "Could not append client entry to file: %s", - strerror(errno)); - goto err; - } - - /* Add line to hostname file. This is not the same encoding as in - * client_keys. */ - char *encoded_cookie = rend_auth_encode_cookie(client->descriptor_cookie, - s->auth_type); - if (!encoded_cookie) { - log_warn(LD_BUG, "Could not base64-encode descriptor cookie."); - goto err; - } - tor_snprintf(buf, sizeof(buf), "%s.onion %s # client: %s\n", - service_id, encoded_cookie, client->client_name); - memwipe(encoded_cookie, 0, strlen(encoded_cookie)); - tor_free(encoded_cookie); - - if (fputs(buf, hfile)<0) { - log_warn(LD_FS, "Could not append host entry to file: %s", - strerror(errno)); - goto err; - } - } SMARTLIST_FOREACH_END(client); - - finish_writing_to_file(open_cfile); - finish_writing_to_file(open_hfile); - - goto done; - err: - r = -1; - if (open_cfile) - abort_writing_to_file(open_cfile); - if (open_hfile) - abort_writing_to_file(open_hfile); - done: - if (client_keys_str) { - memwipe(client_keys_str, 0, strlen(client_keys_str)); - tor_free(client_keys_str); - } - strmap_free(parsed_clients, rend_authorized_client_free_void); - - if (cfname) { - memwipe(cfname, 0, strlen(cfname)); - tor_free(cfname); - } - - /* Clear stack buffers that held key-derived material. */ - memwipe(buf, 0, sizeof(buf)); - memwipe(desc_cook_out, 0, sizeof(desc_cook_out)); - memwipe(service_id, 0, sizeof(service_id)); - - return r; -} - -/** Return the service whose public key has a digest of <b>digest</b>, or - * NULL if no such service exists. - */ -static rend_service_t * -rend_service_get_by_pk_digest(const char* digest) -{ - SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s, - if (tor_memeq(s->pk_digest,digest,DIGEST_LEN)) - return s); - return NULL; -} - -/** Return the service whose service id is <b>id</b>, or NULL if no such - * service exists. - */ -static struct rend_service_t * -rend_service_get_by_service_id(const char *id) -{ - tor_assert(strlen(id) == REND_SERVICE_ID_LEN_BASE32); - SMARTLIST_FOREACH(rend_service_list, rend_service_t*, s, { - if (tor_memeq(s->service_id, id, REND_SERVICE_ID_LEN_BASE32)) - return s; - }); - return NULL; -} - -/** Check client authorization of a given <b>descriptor_cookie</b> of - * length <b>cookie_len</b> for <b>service</b>. Return 1 for success - * and 0 for failure. */ -static int -rend_check_authorization(rend_service_t *service, - const char *descriptor_cookie, - size_t cookie_len) -{ - rend_authorized_client_t *auth_client = NULL; - tor_assert(service); - tor_assert(descriptor_cookie); - if (!service->clients) { - log_warn(LD_BUG, "Can't check authorization for a service that has no " - "authorized clients configured."); - return 0; - } - - if (cookie_len != REND_DESC_COOKIE_LEN) { - log_info(LD_REND, "Descriptor cookie is %lu bytes, but we expected " - "%lu bytes. Dropping cell.", - (unsigned long)cookie_len, (unsigned long)REND_DESC_COOKIE_LEN); - return 0; - } - - /* Look up client authorization by descriptor cookie. */ - SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, client, { - if (tor_memeq(client->descriptor_cookie, descriptor_cookie, - REND_DESC_COOKIE_LEN)) { - auth_client = client; - break; - } - }); - if (!auth_client) { - char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64]; - base64_encode(descriptor_cookie_base64, sizeof(descriptor_cookie_base64), - descriptor_cookie, REND_DESC_COOKIE_LEN, 0); - log_info(LD_REND, "No authorization found for descriptor cookie '%s'! " - "Dropping cell!", - descriptor_cookie_base64); - return 0; - } - - /* Allow the request. */ - log_info(LD_REND, "Client %s authorized for service %s.", - auth_client->client_name, service->service_id); - return 1; -} - -/* Can this service make a direct connection to ei? - * It must be a single onion service, and the firewall rules must allow ei. */ -static int -rend_service_use_direct_connection(const or_options_t* options, - const extend_info_t* ei) -{ - /* We'll connect directly all reachable addresses, whether preferred or not. - * The prefer_ipv6 argument to reachable_addr_allows_addr is - * ignored, because pref_only is 0. */ - const tor_addr_port_t *ap = extend_info_get_orport(ei, AF_INET); - if (!ap) - return 0; - return (rend_service_allow_non_anonymous_connection(options) && - reachable_addr_allows_addr(&ap->addr, ap->port, - FIREWALL_OR_CONNECTION, 0, 0)); -} - -/* Like rend_service_use_direct_connection, but to a node. */ -static int -rend_service_use_direct_connection_node(const or_options_t* options, - const node_t* node) -{ - /* We'll connect directly all reachable addresses, whether preferred or not. - */ - return (rend_service_allow_non_anonymous_connection(options) && - reachable_addr_allows_node(node, FIREWALL_OR_CONNECTION, 0)); -} - -/****** - * Handle cells - ******/ - -/** Respond to an INTRODUCE2 cell by launching a circuit to the chosen - * rendezvous point. - */ -int -rend_service_receive_introduction(origin_circuit_t *circuit, - const uint8_t *request, - size_t request_len) -{ - /* Global status stuff */ - int status = 0, result; - const or_options_t *options = get_options(); - char *err_msg = NULL; - int err_msg_severity = LOG_WARN; - const char *stage_descr = NULL, *rend_pk_digest; - int reason = END_CIRC_REASON_TORPROTOCOL; - /* Service/circuit/key stuff we can learn before parsing */ - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - rend_service_t *service = NULL; - rend_intro_point_t *intro_point = NULL; - crypto_pk_t *intro_key = NULL; - /* Parsed cell */ - rend_intro_cell_t *parsed_req = NULL; - /* Rendezvous point */ - extend_info_t *rp = NULL; - /* XXX not handled yet */ - char buf[RELAY_PAYLOAD_SIZE]; - char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN]; /* Holds KH, Df, Db, Kf, Kb */ - int i; - crypto_dh_t *dh = NULL; - origin_circuit_t *launched = NULL; - crypt_path_t *cpath = NULL; - char hexcookie[9]; - int circ_needs_uptime; - time_t now = time(NULL); - time_t elapsed; - int replay; - ssize_t keylen; - - /* Do some initial validation and logging before we parse the cell */ - if (circuit->base_.purpose != CIRCUIT_PURPOSE_S_INTRO) { - log_warn(LD_PROTOCOL, - "Got an INTRODUCE2 over a non-introduction circuit %u.", - (unsigned) circuit->base_.n_circ_id); - goto err; - } - - assert_circ_anonymity_ok(circuit, options); - tor_assert(circuit->rend_data); - /* XXX: This is version 2 specific (only one supported). */ - rend_pk_digest = (char *) rend_data_get_pk_digest(circuit->rend_data, NULL); - - /* We'll use this in a bazillion log messages */ - base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - rend_pk_digest, REND_SERVICE_ID_LEN); - - /* look up service depending on circuit. */ - service = rend_service_get_by_pk_digest(rend_pk_digest); - if (!service) { - log_warn(LD_BUG, - "Internal error: Got an INTRODUCE2 cell on an intro " - "circ for an unrecognized service %s.", - escaped(serviceid)); - goto err; - } - - intro_point = find_intro_point(circuit); - if (intro_point == NULL) { - intro_point = find_expiring_intro_point(service, circuit); - if (intro_point == NULL) { - log_warn(LD_BUG, - "Internal error: Got an INTRODUCE2 cell on an " - "intro circ (for service %s) with no corresponding " - "rend_intro_point_t.", - escaped(serviceid)); - goto err; - } - } - - log_info(LD_REND, "Received INTRODUCE2 cell for service %s on circ %u.", - escaped(serviceid), (unsigned)circuit->base_.n_circ_id); - - /* use intro key instead of service key. */ - intro_key = circuit->intro_key; - - tor_free(err_msg); - stage_descr = NULL; - - stage_descr = "early parsing"; - /* Early parsing pass (get pk, ciphertext); type 2 is INTRODUCE2 */ - parsed_req = - rend_service_begin_parse_intro(request, request_len, 2, &err_msg); - if (!parsed_req) { - goto log_error; - } else if (err_msg) { - log_info(LD_REND, "%s on circ %u.", err_msg, - (unsigned)circuit->base_.n_circ_id); - tor_free(err_msg); - } - - /* make sure service replay caches are present */ - if (!service->accepted_intro_dh_parts) { - service->accepted_intro_dh_parts = - replaycache_new(REND_REPLAY_TIME_INTERVAL, - REND_REPLAY_TIME_INTERVAL); - } - - if (!intro_point->accepted_intro_rsa_parts) { - intro_point->accepted_intro_rsa_parts = replaycache_new(0, 0); - } - - /* check for replay of PK-encrypted portion. */ - keylen = crypto_pk_keysize(intro_key); - replay = replaycache_add_test_and_elapsed( - intro_point->accepted_intro_rsa_parts, - parsed_req->ciphertext, MIN(parsed_req->ciphertext_len, keylen), - &elapsed); - - if (replay) { - log_warn(LD_REND, - "Possible replay detected! We received an " - "INTRODUCE2 cell with same PK-encrypted part %d " - "seconds ago. Dropping cell.", - (int)elapsed); - goto err; - } - - stage_descr = "decryption"; - /* Now try to decrypt it */ - result = rend_service_decrypt_intro(parsed_req, intro_key, &err_msg); - if (result < 0) { - goto log_error; - } else if (err_msg) { - log_info(LD_REND, "%s on circ %u.", err_msg, - (unsigned)circuit->base_.n_circ_id); - tor_free(err_msg); - } - - stage_descr = "late parsing"; - /* Parse the plaintext */ - result = rend_service_parse_intro_plaintext(parsed_req, &err_msg); - if (result < 0) { - goto log_error; - } else if (err_msg) { - log_info(LD_REND, "%s on circ %u.", err_msg, - (unsigned)circuit->base_.n_circ_id); - tor_free(err_msg); - } - - stage_descr = "late validation"; - /* Validate the parsed plaintext parts */ - result = rend_service_validate_intro_late(parsed_req, &err_msg); - if (result < 0) { - goto log_error; - } else if (err_msg) { - log_info(LD_REND, "%s on circ %u.", err_msg, - (unsigned)circuit->base_.n_circ_id); - tor_free(err_msg); - } - stage_descr = NULL; - - /* Increment INTRODUCE2 counter */ - ++(intro_point->accepted_introduce2_count); - - /* Find the rendezvous point */ - rp = find_rp_for_intro(parsed_req, &err_msg); - if (!rp) { - err_msg_severity = LOG_PROTOCOL_WARN; - goto log_error; - } - - /* Check if we'd refuse to talk to this router */ - if (options->StrictNodes && - routerset_contains_extendinfo(options->ExcludeNodes, rp)) { - log_warn(LD_REND, "Client asked to rendezvous at a relay that we " - "exclude, and StrictNodes is set. Refusing service."); - reason = END_CIRC_REASON_INTERNAL; /* XXX might leak why we refused */ - goto err; - } - - base16_encode(hexcookie, 9, (const char *)(parsed_req->rc), 4); - - /* Check whether there is a past request with the same Diffie-Hellman, - * part 1. */ - replay = replaycache_add_test_and_elapsed( - service->accepted_intro_dh_parts, - parsed_req->dh, DH1024_KEY_LEN, - &elapsed); - - if (replay) { - /* A Tor client will send a new INTRODUCE1 cell with the same rend - * cookie and DH public key as its previous one if its intro circ - * times out while in state CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT . - * If we received the first INTRODUCE1 cell (the intro-point relay - * converts it into an INTRODUCE2 cell), we are already trying to - * connect to that rend point (and may have already succeeded); - * drop this cell. */ - log_info(LD_REND, "We received an " - "INTRODUCE2 cell with same first part of " - "Diffie-Hellman handshake %d seconds ago. Dropping " - "cell.", - (int) elapsed); - goto err; - } - - /* If the service performs client authorization, check included auth data. */ - if (service->clients) { - if (parsed_req->version == 3 && parsed_req->u.v3.auth_len > 0) { - if (rend_check_authorization(service, - (const char*)parsed_req->u.v3.auth_data, - parsed_req->u.v3.auth_len)) { - log_info(LD_REND, "Authorization data in INTRODUCE2 cell are valid."); - } else { - log_info(LD_REND, "The authorization data that are contained in " - "the INTRODUCE2 cell are invalid. Dropping cell."); - reason = END_CIRC_REASON_CONNECTFAILED; - goto err; - } - } else { - log_info(LD_REND, "INTRODUCE2 cell does not contain authentication " - "data, but we require client authorization. Dropping cell."); - reason = END_CIRC_REASON_CONNECTFAILED; - goto err; - } - } - - /* Try DH handshake... */ - dh = crypto_dh_new(DH_TYPE_REND); - if (!dh || crypto_dh_generate_public(dh)<0) { - log_warn(LD_BUG,"Internal error: couldn't build DH state " - "or generate public key."); - reason = END_CIRC_REASON_INTERNAL; - goto err; - } - if (crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh, - (char *)(parsed_req->dh), - DH1024_KEY_LEN, keys, - DIGEST_LEN+CPATH_KEY_MATERIAL_LEN)<0) { - log_warn(LD_BUG, "Internal error: couldn't complete DH handshake"); - reason = END_CIRC_REASON_INTERNAL; - goto err; - } - - circ_needs_uptime = hs_service_requires_uptime_circ(service->ports); - - /* help predict this next time */ - rep_hist_note_used_internal(now, circ_needs_uptime, 1); - - /* Launch a circuit to the client's chosen rendezvous point. - */ - int max_rend_failures=hs_get_service_max_rend_failures(); - for (i=0;i<max_rend_failures;i++) { - int flags = CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_IS_INTERNAL; - if (circ_needs_uptime) flags |= CIRCLAUNCH_NEED_UPTIME; - /* A Single Onion Service only uses a direct connection if its - * firewall rules permit direct connections to the address. - * - * We only use a one-hop path on the first attempt. If the first attempt - * fails, we use a 3-hop path for reachability / reliability. - * See the comment in rend_service_relaunch_rendezvous() for details. */ - if (rend_service_use_direct_connection(options, rp) && i == 0) { - flags = flags | CIRCLAUNCH_ONEHOP_TUNNEL; - } - launched = circuit_launch_by_extend_info( - CIRCUIT_PURPOSE_S_CONNECT_REND, rp, flags); - - if (launched) - break; - } - if (!launched) { /* give up */ - log_warn(LD_REND, "Giving up launching first hop of circuit to rendezvous " - "point %s for service %s.", - safe_str_client(extend_info_describe(rp)), - serviceid); - reason = END_CIRC_REASON_CONNECTFAILED; - goto err; - } - log_info(LD_REND, - "Accepted intro; launching circuit to %s " - "(cookie %s) for service %s.", - safe_str_client(extend_info_describe(rp)), - hexcookie, serviceid); - tor_assert(launched->build_state); - /* Fill in the circuit's state. */ - - launched->rend_data = - rend_data_service_create(service->service_id, rend_pk_digest, - parsed_req->rc, service->auth_type); - - launched->build_state->service_pending_final_cpath_ref = - tor_malloc_zero(sizeof(crypt_path_reference_t)); - launched->build_state->service_pending_final_cpath_ref->refcount = 1; - - launched->build_state->service_pending_final_cpath_ref->cpath = cpath = - tor_malloc_zero(sizeof(crypt_path_t)); - cpath->magic = CRYPT_PATH_MAGIC; - launched->build_state->expiry_time = now + MAX_REND_TIMEOUT; - - cpath->rend_dh_handshake_state = dh; - dh = NULL; - if (cpath_init_circuit_crypto(cpath, - keys+DIGEST_LEN, sizeof(keys)-DIGEST_LEN, - 1, 0)<0) - goto err; - memcpy(cpath->rend_circ_nonce, keys, DIGEST_LEN); - - goto done; - - log_error: - if (!err_msg) { - if (stage_descr) { - tor_asprintf(&err_msg, - "unknown %s error for INTRODUCE2", stage_descr); - } else { - err_msg = tor_strdup("unknown error for INTRODUCE2"); - } - } - - log_fn(err_msg_severity, LD_REND, "%s on circ %u", err_msg, - (unsigned)circuit->base_.n_circ_id); - err: - status = -1; - if (dh) crypto_dh_free(dh); - if (launched) { - circuit_mark_for_close(TO_CIRCUIT(launched), reason); - } - tor_free(err_msg); - - done: - memwipe(keys, 0, sizeof(keys)); - memwipe(buf, 0, sizeof(buf)); - memwipe(serviceid, 0, sizeof(serviceid)); - memwipe(hexcookie, 0, sizeof(hexcookie)); - - /* Free the parsed cell */ - rend_service_free_intro(parsed_req); - - /* Free rp */ - extend_info_free(rp); - - return status; -} - -/** Given a parsed and decrypted INTRODUCE2, find the rendezvous point or - * return NULL and an error string if we can't. Return a newly allocated - * extend_info_t* for the rendezvous point. */ -static extend_info_t * -find_rp_for_intro(const rend_intro_cell_t *intro, - char **err_msg_out) -{ - extend_info_t *rp = NULL; - char *err_msg = NULL; - const char *rp_nickname = NULL; - const node_t *node = NULL; - - if (!intro) { - if (err_msg_out) - err_msg = tor_strdup("Bad parameters to find_rp_for_intro()"); - - goto err; - } - - if (intro->version == 0 || intro->version == 1) { - rp_nickname = (const char *)(intro->u.v0_v1.rp); - - node = node_get_by_nickname(rp_nickname, NNF_NO_WARN_UNNAMED); - if (!node) { - if (err_msg_out) { - tor_asprintf(&err_msg, - "Couldn't find router %s named in INTRODUCE2 cell", - escaped_safe_str_client(rp_nickname)); - } - - goto err; - } - - /* Are we in single onion mode? */ - const int allow_direct = rend_service_allow_non_anonymous_connection( - get_options()); - rp = extend_info_from_node(node, allow_direct); - if (!rp) { - if (err_msg_out) { - tor_asprintf(&err_msg, - "Couldn't build extend_info_t for router %s named " - "in INTRODUCE2 cell", - escaped_safe_str_client(rp_nickname)); - } - - goto err; - } - } else if (intro->version == 2) { - rp = extend_info_dup(intro->u.v2.extend_info); - } else if (intro->version == 3) { - rp = extend_info_dup(intro->u.v3.extend_info); - } else { - if (err_msg_out) { - tor_asprintf(&err_msg, - "Unknown version %d in INTRODUCE2 cell", - (int)(intro->version)); - } - - goto err; - } - - /* rp is always set here: extend_info_dup guarantees a non-NULL result, and - * the other cases goto err. */ - tor_assert(rp); - - /* Make sure the RP we are being asked to connect to is _not_ a private - * address unless it's allowed. Let's avoid to build a circuit to our - * second middle node and fail right after when extending to the RP. */ - const tor_addr_port_t *orport = extend_info_get_orport(rp, AF_INET); - if (! orport || !extend_info_addr_is_allowed(&orport->addr)) { - if (err_msg_out) { - tor_asprintf(&err_msg, - "Relay IP in INTRODUCE2 cell is private address."); - } - extend_info_free(rp); - rp = NULL; - goto err; - } - goto done; - - err: - if (err_msg_out) - *err_msg_out = err_msg; - else - tor_free(err_msg); - - done: - return rp; -} - -/** Free a parsed INTRODUCE1 or INTRODUCE2 cell that was allocated by - * rend_service_parse_intro(). - */ -void -rend_service_free_intro_(rend_intro_cell_t *request) -{ - if (!request) { - return; - } - - /* Free ciphertext */ - tor_free(request->ciphertext); - request->ciphertext_len = 0; - - /* Have plaintext? */ - if (request->plaintext) { - /* Zero it out just to be safe */ - memwipe(request->plaintext, 0, request->plaintext_len); - tor_free(request->plaintext); - request->plaintext_len = 0; - } - - /* Have parsed plaintext? */ - if (request->parsed) { - switch (request->version) { - case 0: - case 1: - /* - * Nothing more to do; these formats have no further pointers - * in them. - */ - break; - case 2: - extend_info_free(request->u.v2.extend_info); - request->u.v2.extend_info = NULL; - break; - case 3: - if (request->u.v3.auth_data) { - memwipe(request->u.v3.auth_data, 0, request->u.v3.auth_len); - tor_free(request->u.v3.auth_data); - } - - extend_info_free(request->u.v3.extend_info); - request->u.v3.extend_info = NULL; - break; - default: - log_info(LD_BUG, - "rend_service_free_intro() saw unknown protocol " - "version %d.", - request->version); - } - } - - /* Zero it out to make sure sensitive stuff doesn't hang around in memory */ - memwipe(request, 0, sizeof(*request)); - - tor_free(request); -} - -/** Parse an INTRODUCE1 or INTRODUCE2 cell into a newly allocated - * rend_intro_cell_t structure. Free it with rend_service_free_intro() - * when finished. The type parameter should be 1 or 2 to indicate whether - * this is INTRODUCE1 or INTRODUCE2. This parses only the non-encrypted - * parts; after this, call rend_service_decrypt_intro() with a key, then - * rend_service_parse_intro_plaintext() to finish parsing. The optional - * err_msg_out parameter is set to a string suitable for log output - * if parsing fails. This function does some validation, but only - * that which depends solely on the contents of the cell and the - * key; it can be unit-tested. Further validation is done in - * rend_service_validate_intro(). - */ - -rend_intro_cell_t * -rend_service_begin_parse_intro(const uint8_t *request, - size_t request_len, - uint8_t type, - char **err_msg_out) -{ - rend_intro_cell_t *rv = NULL; - char *err_msg = NULL; - - if (!request || request_len <= 0) goto err; - if (!(type == 1 || type == 2)) goto err; - - /* First, check that the cell is long enough to be a sensible INTRODUCE */ - - /* min key length plus digest length plus nickname length */ - if (request_len < - (DIGEST_LEN + REND_COOKIE_LEN + (MAX_NICKNAME_LEN + 1) + - DH1024_KEY_LEN + 42)) { - if (err_msg_out) { - tor_asprintf(&err_msg, - "got a truncated INTRODUCE%d cell", - (int)type); - } - goto err; - } - - /* Allocate a new parsed cell structure */ - rv = tor_malloc_zero(sizeof(*rv)); - - /* Set the type */ - rv->type = type; - - /* Copy in the ID */ - memcpy(rv->pk, request, DIGEST_LEN); - - /* Copy in the ciphertext */ - rv->ciphertext = tor_malloc(request_len - DIGEST_LEN); - memcpy(rv->ciphertext, request + DIGEST_LEN, request_len - DIGEST_LEN); - rv->ciphertext_len = request_len - DIGEST_LEN; - - goto done; - - err: - rend_service_free_intro(rv); - rv = NULL; - - if (err_msg_out && !err_msg) { - tor_asprintf(&err_msg, - "unknown INTRODUCE%d error", - (int)type); - } - - done: - if (err_msg_out) *err_msg_out = err_msg; - else tor_free(err_msg); - - return rv; -} - -/** Parse the version-specific parts of a v0 or v1 INTRODUCE1 or INTRODUCE2 - * cell - */ - -static ssize_t -rend_service_parse_intro_for_v0_or_v1( - rend_intro_cell_t *intro, - const uint8_t *buf, - size_t plaintext_len, - char **err_msg_out) -{ - const char *rp_nickname, *endptr; - size_t nickname_field_len, ver_specific_len; - - if (intro->version == 1) { - ver_specific_len = MAX_HEX_NICKNAME_LEN + 2; - rp_nickname = ((const char *)buf) + 1; - nickname_field_len = MAX_HEX_NICKNAME_LEN + 1; - } else if (intro->version == 0) { - ver_specific_len = MAX_NICKNAME_LEN + 1; - rp_nickname = (const char *)buf; - nickname_field_len = MAX_NICKNAME_LEN + 1; - } else { - if (err_msg_out) - tor_asprintf(err_msg_out, - "rend_service_parse_intro_for_v0_or_v1() called with " - "bad version %d on INTRODUCE%d cell (this is a bug)", - intro->version, - (int)(intro->type)); - goto err; - } - - if (plaintext_len < ver_specific_len) { - if (err_msg_out) - tor_asprintf(err_msg_out, - "short plaintext of encrypted part in v1 INTRODUCE%d " - "cell (%lu bytes, needed %lu)", - (int)(intro->type), - (unsigned long)plaintext_len, - (unsigned long)ver_specific_len); - goto err; - } - - endptr = memchr(rp_nickname, 0, nickname_field_len); - if (!endptr || endptr == rp_nickname) { - if (err_msg_out) { - tor_asprintf(err_msg_out, - "couldn't find a nul-padded nickname in " - "INTRODUCE%d cell", - (int)(intro->type)); - } - goto err; - } - - if ((intro->version == 0 && - !is_legal_nickname(rp_nickname)) || - (intro->version == 1 && - !is_legal_nickname_or_hexdigest(rp_nickname))) { - if (err_msg_out) { - tor_asprintf(err_msg_out, - "bad nickname in INTRODUCE%d cell", - (int)(intro->type)); - } - goto err; - } - - memcpy(intro->u.v0_v1.rp, rp_nickname, endptr - rp_nickname + 1); - - return ver_specific_len; - - err: - return -1; -} - -/** Parse the version-specific parts of a v2 INTRODUCE1 or INTRODUCE2 cell - */ - -static ssize_t -rend_service_parse_intro_for_v2( - rend_intro_cell_t *intro, - const uint8_t *buf, - size_t plaintext_len, - char **err_msg_out) -{ - unsigned int klen; - extend_info_t *extend_info = NULL; - ssize_t ver_specific_len; - - /* - * We accept version 3 too so that the v3 parser can call this with - * an adjusted buffer for the latter part of a v3 cell, which is - * identical to a v2 cell. - */ - if (!(intro->version == 2 || - intro->version == 3)) { - if (err_msg_out) - tor_asprintf(err_msg_out, - "rend_service_parse_intro_for_v2() called with " - "bad version %d on INTRODUCE%d cell (this is a bug)", - intro->version, - (int)(intro->type)); - goto err; - } - - /* 7 == version, IP and port, DIGEST_LEN == id, 2 == key length */ - if (plaintext_len < 7 + DIGEST_LEN + 2) { - if (err_msg_out) { - tor_asprintf(err_msg_out, - "truncated plaintext of encrypted parted of " - "version %d INTRODUCE%d cell", - intro->version, - (int)(intro->type)); - } - - goto err; - } - - extend_info = extend_info_new(NULL, NULL, NULL, NULL, NULL, NULL, 0); - tor_addr_t addr; - tor_addr_from_ipv4n(&addr, get_uint32(buf + 1)); - uint16_t port = ntohs(get_uint16(buf + 5)); - extend_info_add_orport(extend_info, &addr, port); - memcpy(extend_info->identity_digest, buf + 7, DIGEST_LEN); - extend_info->nickname[0] = '$'; - base16_encode(extend_info->nickname + 1, sizeof(extend_info->nickname) - 1, - extend_info->identity_digest, DIGEST_LEN); - klen = ntohs(get_uint16(buf + 7 + DIGEST_LEN)); - - /* 7 == version, IP and port, DIGEST_LEN == id, 2 == key length */ - if (plaintext_len < 7 + DIGEST_LEN + 2 + klen) { - if (err_msg_out) { - tor_asprintf(err_msg_out, - "truncated plaintext of encrypted parted of " - "version %d INTRODUCE%d cell", - intro->version, - (int)(intro->type)); - } - - goto err; - } - - extend_info->onion_key = - crypto_pk_asn1_decode((const char *)(buf + 7 + DIGEST_LEN + 2), klen); - if (!extend_info->onion_key) { - if (err_msg_out) { - tor_asprintf(err_msg_out, - "error decoding onion key in version %d " - "INTRODUCE%d cell", - intro->version, - (intro->type)); - } - - goto err; - } - if (128 != crypto_pk_keysize(extend_info->onion_key)) { - if (err_msg_out) { - tor_asprintf(err_msg_out, - "invalid onion key size in version %d INTRODUCE%d cell", - intro->version, - (intro->type)); - } - - goto err; - } - - ver_specific_len = 7+DIGEST_LEN+2+klen; - - if (intro->version == 2) intro->u.v2.extend_info = extend_info; - else intro->u.v3.extend_info = extend_info; - - return ver_specific_len; - - err: - extend_info_free(extend_info); - - return -1; -} - -/** Parse the version-specific parts of a v3 INTRODUCE1 or INTRODUCE2 cell - */ - -static ssize_t -rend_service_parse_intro_for_v3( - rend_intro_cell_t *intro, - const uint8_t *buf, - size_t plaintext_len, - char **err_msg_out) -{ - ssize_t adjust, v2_ver_specific_len, ts_offset; - - /* This should only be called on v3 cells */ - if (intro->version != 3) { - if (err_msg_out) - tor_asprintf(err_msg_out, - "rend_service_parse_intro_for_v3() called with " - "bad version %d on INTRODUCE%d cell (this is a bug)", - intro->version, - (int)(intro->type)); - goto err; - } - - /* - * Check that we have at least enough to get auth_len: - * - * 1 octet for version, 1 for auth_type, 2 for auth_len - */ - if (plaintext_len < 4) { - if (err_msg_out) { - tor_asprintf(err_msg_out, - "truncated plaintext of encrypted parted of " - "version %d INTRODUCE%d cell", - intro->version, - (int)(intro->type)); - } - - goto err; - } - - /* - * The rend_client_send_introduction() function over in rendclient.c is - * broken (i.e., fails to match the spec) in such a way that we can't - * change it without breaking the protocol. Specifically, it doesn't - * emit auth_len when auth-type is REND_NO_AUTH, so everything is off - * by two bytes after that. Calculate ts_offset and do everything from - * the timestamp on relative to that to handle this dain bramage. - */ - - intro->u.v3.auth_type = buf[1]; - if (intro->u.v3.auth_type != REND_NO_AUTH) { - intro->u.v3.auth_len = ntohs(get_uint16(buf + 2)); - ts_offset = 4 + intro->u.v3.auth_len; - } else { - intro->u.v3.auth_len = 0; - ts_offset = 2; - } - - /* Check that auth len makes sense for this auth type */ - if (intro->u.v3.auth_type == REND_BASIC_AUTH || - intro->u.v3.auth_type == REND_STEALTH_AUTH) { - if (intro->u.v3.auth_len != REND_DESC_COOKIE_LEN) { - if (err_msg_out) { - tor_asprintf(err_msg_out, - "wrong auth data size %d for INTRODUCE%d cell, " - "should be %d", - (int)(intro->u.v3.auth_len), - (int)(intro->type), - REND_DESC_COOKIE_LEN); - } - - goto err; - } - } - - /* Check that we actually have everything up through the timestamp */ - if (plaintext_len < (size_t)(ts_offset)+4) { - if (err_msg_out) { - tor_asprintf(err_msg_out, - "truncated plaintext of encrypted parted of " - "version %d INTRODUCE%d cell", - intro->version, - (int)(intro->type)); - } - - goto err; - } - - if (intro->u.v3.auth_type != REND_NO_AUTH && - intro->u.v3.auth_len > 0) { - /* Okay, we can go ahead and copy auth_data */ - intro->u.v3.auth_data = tor_malloc(intro->u.v3.auth_len); - /* - * We know we had an auth_len field in this case, so 4 is - * always right. - */ - memcpy(intro->u.v3.auth_data, buf + 4, intro->u.v3.auth_len); - } - - /* - * From here on, the format is as in v2, so we call the v2 parser with - * adjusted buffer and length. We are 4 + ts_offset octets in, but the - * v2 parser expects to skip over a version byte at the start, so we - * adjust by 3 + ts_offset. - */ - adjust = 3 + ts_offset; - - v2_ver_specific_len = - rend_service_parse_intro_for_v2(intro, - buf + adjust, plaintext_len - adjust, - err_msg_out); - - /* Success in v2 parser */ - if (v2_ver_specific_len >= 0) return v2_ver_specific_len + adjust; - /* Failure in v2 parser; it will have provided an err_msg */ - else return v2_ver_specific_len; - - err: - return -1; -} - -/** Table of parser functions for version-specific parts of an INTRODUCE2 - * cell. - */ - -static ssize_t - (*intro_version_handlers[])( - rend_intro_cell_t *, - const uint8_t *, - size_t, - char **) = -{ rend_service_parse_intro_for_v0_or_v1, - rend_service_parse_intro_for_v0_or_v1, - rend_service_parse_intro_for_v2, - rend_service_parse_intro_for_v3 }; - -/** Decrypt the encrypted part of an INTRODUCE1 or INTRODUCE2 cell, - * return 0 if successful, or < 0 and write an error message to - * *err_msg_out if provided. - */ - -int -rend_service_decrypt_intro( - rend_intro_cell_t *intro, - crypto_pk_t *key, - char **err_msg_out) -{ - char *err_msg = NULL; - uint8_t key_digest[DIGEST_LEN]; - char service_id[REND_SERVICE_ID_LEN_BASE32+1]; - ssize_t key_len; - uint8_t buf[RELAY_PAYLOAD_SIZE]; - int result, status = -1; - - if (!intro || !key) { - if (err_msg_out) { - err_msg = - tor_strdup("rend_service_decrypt_intro() called with bad " - "parameters"); - } - - status = -2; - goto err; - } - - /* Make sure we have ciphertext */ - if (!(intro->ciphertext) || intro->ciphertext_len <= 0) { - if (err_msg_out) { - tor_asprintf(&err_msg, - "rend_intro_cell_t was missing ciphertext for " - "INTRODUCE%d cell", - (int)(intro->type)); - } - status = -3; - goto err; - } - - /* Check that this cell actually matches this service key */ - - /* first DIGEST_LEN bytes of request is intro or service pk digest */ - if (crypto_pk_get_digest(key, (char *)key_digest) < 0) { - if (err_msg_out) - *err_msg_out = tor_strdup("Couldn't compute RSA digest."); - log_warn(LD_BUG, "Couldn't compute key digest."); - status = -7; - goto err; - } - - if (tor_memneq(key_digest, intro->pk, DIGEST_LEN)) { - if (err_msg_out) { - base32_encode(service_id, REND_SERVICE_ID_LEN_BASE32 + 1, - (char*)(intro->pk), REND_SERVICE_ID_LEN); - tor_asprintf(&err_msg, - "got an INTRODUCE%d cell for the wrong service (%s)", - (int)(intro->type), - escaped(service_id)); - } - - status = -4; - goto err; - } - - /* Make sure the encrypted part is long enough to decrypt */ - - key_len = crypto_pk_keysize(key); - if (intro->ciphertext_len < key_len) { - if (err_msg_out) { - tor_asprintf(&err_msg, - "got an INTRODUCE%d cell with a truncated PK-encrypted " - "part", - (int)(intro->type)); - } - - status = -5; - goto err; - } - - /* Decrypt the encrypted part */ - result = - crypto_pk_obsolete_private_hybrid_decrypt( - key, (char *)buf, sizeof(buf), - (const char *)(intro->ciphertext), intro->ciphertext_len, - PK_PKCS1_OAEP_PADDING, 1); - if (result < 0) { - if (err_msg_out) { - tor_asprintf(&err_msg, - "couldn't decrypt INTRODUCE%d cell", - (int)(intro->type)); - } - status = -6; - goto err; - } - intro->plaintext_len = result; - intro->plaintext = tor_malloc(intro->plaintext_len); - memcpy(intro->plaintext, buf, intro->plaintext_len); - - status = 0; - - goto done; - - err: - if (err_msg_out && !err_msg) { - tor_asprintf(&err_msg, - "unknown INTRODUCE%d error decrypting encrypted part", - intro ? (int)(intro->type) : -1); - } - - done: - if (err_msg_out) *err_msg_out = err_msg; - else tor_free(err_msg); - - /* clean up potentially sensitive material */ - memwipe(buf, 0, sizeof(buf)); - memwipe(key_digest, 0, sizeof(key_digest)); - memwipe(service_id, 0, sizeof(service_id)); - - return status; -} - -/** Parse the plaintext of the encrypted part of an INTRODUCE1 or - * INTRODUCE2 cell, return 0 if successful, or < 0 and write an error - * message to *err_msg_out if provided. - */ - -int -rend_service_parse_intro_plaintext( - rend_intro_cell_t *intro, - char **err_msg_out) -{ - char *err_msg = NULL; - ssize_t ver_specific_len, ver_invariant_len; - uint8_t version; - int status = -1; - - if (!intro) { - if (err_msg_out) { - err_msg = - tor_strdup("rend_service_parse_intro_plaintext() called with NULL " - "rend_intro_cell_t"); - } - - status = -2; - goto err; - } - - /* Check that we have plaintext */ - if (!(intro->plaintext) || intro->plaintext_len <= 0) { - if (err_msg_out) { - err_msg = tor_strdup("rend_intro_cell_t was missing plaintext"); - } - status = -3; - goto err; - } - - /* In all formats except v0, the first byte is a version number */ - version = intro->plaintext[0]; - - /* v0 has no version byte (stupid...), so handle it as a fallback */ - if (version > 3) version = 0; - - /* Copy the version into the parsed cell structure */ - intro->version = version; - - /* Call the version-specific parser from the table */ - ver_specific_len = - intro_version_handlers[version](intro, - intro->plaintext, intro->plaintext_len, - &err_msg); - if (ver_specific_len < 0) { - status = -4; - goto err; - } - - /** The rendezvous cookie and Diffie-Hellman stuff are version-invariant - * and at the end of the plaintext of the encrypted part of the cell. - */ - - ver_invariant_len = intro->plaintext_len - ver_specific_len; - if (ver_invariant_len < REND_COOKIE_LEN + DH1024_KEY_LEN) { - tor_asprintf(&err_msg, - "decrypted plaintext of INTRODUCE%d cell was truncated (%ld bytes)", - (int)(intro->type), - (long)(intro->plaintext_len)); - status = -5; - goto err; - } else if (ver_invariant_len > REND_COOKIE_LEN + DH1024_KEY_LEN) { - tor_asprintf(&err_msg, - "decrypted plaintext of INTRODUCE%d cell was too long (%ld bytes)", - (int)(intro->type), - (long)(intro->plaintext_len)); - status = -6; - goto err; - } else { - memcpy(intro->rc, - intro->plaintext + ver_specific_len, - REND_COOKIE_LEN); - memcpy(intro->dh, - intro->plaintext + ver_specific_len + REND_COOKIE_LEN, - DH1024_KEY_LEN); - } - - /* Flag it as being fully parsed */ - intro->parsed = 1; - - status = 0; - goto done; - - err: - if (err_msg_out && !err_msg) { - tor_asprintf(&err_msg, - "unknown INTRODUCE%d error parsing encrypted part", - intro ? (int)(intro->type) : -1); - } - - done: - if (err_msg_out) *err_msg_out = err_msg; - else tor_free(err_msg); - - return status; -} - -/** Do validity checks on a parsed intro cell after decryption; some of - * these are not done in rend_service_parse_intro_plaintext() itself because - * they depend on a lot of other state and would make it hard to unit test. - * Returns >= 0 if successful or < 0 if the intro cell is invalid, and - * optionally writes out an error message for logging. If an err_msg - * pointer is provided, it is the caller's responsibility to free any - * provided message. - */ - -int -rend_service_validate_intro_late(const rend_intro_cell_t *intro, - char **err_msg_out) -{ - int status = 0; - - if (!intro) { - if (err_msg_out) - *err_msg_out = - tor_strdup("NULL intro cell passed to " - "rend_service_validate_intro_late()"); - - status = -1; - goto err; - } - - if (intro->version == 3 && intro->parsed) { - if (!(intro->u.v3.auth_type == REND_NO_AUTH || - intro->u.v3.auth_type == REND_BASIC_AUTH || - intro->u.v3.auth_type == REND_STEALTH_AUTH)) { - /* This is an informative message, not an error, as in the old code */ - if (err_msg_out) - tor_asprintf(err_msg_out, - "unknown authorization type %d", - intro->u.v3.auth_type); - } - } - - err: - return status; -} - -/** Called when we fail building a rendezvous circuit at some point other - * than the last hop: launches a new circuit to the same rendezvous point. - */ -void -rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc) -{ - origin_circuit_t *newcirc; - cpath_build_state_t *newstate, *oldstate; - const char *rend_pk_digest; - rend_service_t *service = NULL; - - int flags = CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_IS_INTERNAL; - - tor_assert(oldcirc->base_.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND); - oldstate = oldcirc->build_state; - tor_assert(oldstate); - - if (oldstate->service_pending_final_cpath_ref == NULL) { - log_info(LD_REND,"Skipping relaunch of circ that failed on its first hop. " - "Initiator will retry."); - return; - } - - log_info(LD_REND,"Reattempting rendezvous circuit to '%s'", - safe_str(extend_info_describe(oldstate->chosen_exit))); - - /* Look up the service. */ - rend_pk_digest = (char *) rend_data_get_pk_digest(oldcirc->rend_data, NULL); - service = rend_service_get_by_pk_digest(rend_pk_digest); - - if (!service) { - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - rend_pk_digest, REND_SERVICE_ID_LEN); - - log_warn(LD_BUG, "Internal error: Trying to relaunch a rendezvous circ " - "for an unrecognized service %s.", - safe_str_client(serviceid)); - return; - } - - if (hs_service_requires_uptime_circ(service->ports)) { - flags |= CIRCLAUNCH_NEED_UPTIME; - } - - /* You'd think Single Onion Services would want to retry the rendezvous - * using a direct connection. But if it's blocked by a firewall, or the - * service is IPv6-only, or the rend point avoiding becoming a one-hop - * proxy, we need a 3-hop connection. */ - newcirc = circuit_launch_by_extend_info(CIRCUIT_PURPOSE_S_CONNECT_REND, - oldstate->chosen_exit, flags); - - if (!newcirc) { - log_warn(LD_REND,"Couldn't relaunch rendezvous circuit to '%s'.", - safe_str(extend_info_describe(oldstate->chosen_exit))); - return; - } - newstate = newcirc->build_state; - tor_assert(newstate); - newstate->failure_count = oldstate->failure_count+1; - newstate->expiry_time = oldstate->expiry_time; - newstate->service_pending_final_cpath_ref = - oldstate->service_pending_final_cpath_ref; - ++(newstate->service_pending_final_cpath_ref->refcount); - - newcirc->rend_data = rend_data_dup(oldcirc->rend_data); -} - -/** Launch a circuit to serve as an introduction point for the service - * <b>service</b> at the introduction point <b>nickname</b> - */ -static int -rend_service_launch_establish_intro(rend_service_t *service, - rend_intro_point_t *intro) -{ - origin_circuit_t *launched; - int flags = CIRCLAUNCH_NEED_UPTIME|CIRCLAUNCH_IS_INTERNAL; - const or_options_t *options = get_options(); - extend_info_t *launch_ei = intro->extend_info; - extend_info_t *direct_ei = NULL; - - /* Are we in single onion mode? - * - * We only use a one-hop path on the first attempt. If the first attempt - * fails, we use a 3-hop path for reachability / reliability. - * (Unlike v3, retries is incremented by the caller after it calls this - * function.) - */ - if (rend_service_allow_non_anonymous_connection(options) && - intro->circuit_retries == 0) { - /* Do we have a descriptor for the node? - * We've either just chosen it from the consensus, or we've just reviewed - * our intro points to see which ones are still valid, and deleted the ones - * that aren't in the consensus any more. */ - const node_t *node = node_get_by_id(launch_ei->identity_digest); - if (BUG(!node)) { - /* The service has kept an intro point after it went missing from the - * consensus. If we did anything else here, it would be a consensus - * distinguisher. Which are less of an issue for single onion services, - * but still a bug. */ - return -1; - } - /* Can we connect to the node directly? If so, replace launch_ei - * (a multi-hop extend_info) with one suitable for direct connection. */ - if (rend_service_use_direct_connection_node(options, node)) { - direct_ei = extend_info_from_node(node, 1); - if (BUG(!direct_ei)) { - /* rend_service_use_direct_connection_node and extend_info_from_node - * disagree about which addresses on this node are permitted. This - * should never happen. Avoiding the connection is a safe response. */ - return -1; - } - flags = flags | CIRCLAUNCH_ONEHOP_TUNNEL; - launch_ei = direct_ei; - } - } - /* launch_ei is either intro->extend_info, or has been replaced with a valid - * extend_info for single onion service direct connection. */ - tor_assert(launch_ei); - /* We must have the same intro when making a direct connection. */ - tor_assert(tor_memeq(intro->extend_info->identity_digest, - launch_ei->identity_digest, - DIGEST_LEN)); - - log_info(LD_REND, - "Launching circuit to introduction point %s%s%s for service %s", - safe_str_client(extend_info_describe(intro->extend_info)), - direct_ei ? " via direct address " : "", - direct_ei ? safe_str_client(extend_info_describe(direct_ei)) : "", - service->service_id); - - rep_hist_note_used_internal(time(NULL), 1, 0); - - ++service->n_intro_circuits_launched; - launched = circuit_launch_by_extend_info(CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, - launch_ei, flags); - - if (!launched) { - log_info(LD_REND, - "Can't launch circuit to establish introduction at %s%s%s.", - safe_str_client(extend_info_describe(intro->extend_info)), - direct_ei ? " via direct address " : "", - direct_ei ? safe_str_client(extend_info_describe(direct_ei)) : "" - ); - extend_info_free(direct_ei); - return -1; - } - /* We must have the same exit node even if cannibalized or direct connection. - */ - tor_assert(tor_memeq(intro->extend_info->identity_digest, - launched->build_state->chosen_exit->identity_digest, - DIGEST_LEN)); - - launched->rend_data = rend_data_service_create(service->service_id, - service->pk_digest, NULL, - service->auth_type); - launched->intro_key = crypto_pk_dup_key(intro->intro_key); - if (launched->base_.state == CIRCUIT_STATE_OPEN) - rend_service_intro_has_opened(launched); - extend_info_free(direct_ei); - return 0; -} - -/** Return the number of introduction points that are established for the - * given service. */ -static unsigned int -count_established_intro_points(const rend_service_t *service) -{ - unsigned int num = 0; - - SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro, - num += intro->circuit_established - ); - return num; -} - -/** Return the number of introduction points that are or are being - * established for the given service. This function iterates over all - * circuit and count those that are linked to the service and are waiting - * for the intro point to respond. */ -static unsigned int -count_intro_point_circuits(const rend_service_t *service) -{ - unsigned int num_ipos = 0; - SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *, circ) { - if (!circ->marked_for_close && - circ->state == CIRCUIT_STATE_OPEN && - (circ->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO || - circ->purpose == CIRCUIT_PURPOSE_S_INTRO)) { - origin_circuit_t *oc = TO_ORIGIN_CIRCUIT(circ); - if (oc->rend_data && - rend_circuit_pk_digest_eq(oc, (uint8_t *) service->pk_digest)) { - num_ipos++; - } - } - } - SMARTLIST_FOREACH_END(circ); - return num_ipos; -} - -/* Given a buffer of at least RELAY_PAYLOAD_SIZE bytes in <b>cell_body_out</b>, - write the body of a legacy ESTABLISH_INTRO cell in it. Use <b>intro_key</b> - as the intro point auth key, and <b>rend_circ_nonce</b> as the circuit - crypto material. On success, fill <b>cell_body_out</b> and return the number - of bytes written. On fail, return -1. - */ -ssize_t -rend_service_encode_establish_intro_cell(char *cell_body_out, - size_t cell_body_out_len, - crypto_pk_t *intro_key, - const char *rend_circ_nonce) -{ - int retval = -1; - int r; - int len = 0; - char auth[DIGEST_LEN + 9]; - - tor_assert(intro_key); - tor_assert(rend_circ_nonce); - - /* Build the payload for a RELAY_ESTABLISH_INTRO cell. */ - r = crypto_pk_asn1_encode(intro_key, cell_body_out+2, - RELAY_PAYLOAD_SIZE-2); - if (r < 0) { - log_warn(LD_BUG, "Internal error; failed to establish intro point."); - goto err; - } - len = r; - set_uint16(cell_body_out, htons((uint16_t)len)); - len += 2; - memcpy(auth, rend_circ_nonce, DIGEST_LEN); - memcpy(auth+DIGEST_LEN, "INTRODUCE", 9); - if (crypto_digest(cell_body_out+len, auth, DIGEST_LEN+9)) - goto err; - len += 20; - r = crypto_pk_private_sign_digest(intro_key, cell_body_out+len, - cell_body_out_len - len, - cell_body_out, len); - if (r<0) { - log_warn(LD_BUG, "Internal error: couldn't sign introduction request."); - goto err; - } - len += r; - - retval = len; - - err: - memwipe(auth, 0, sizeof(auth)); - - return retval; -} - -/** Called when we're done building a circuit to an introduction point: - * sends a RELAY_ESTABLISH_INTRO cell. - */ -void -rend_service_intro_has_opened(origin_circuit_t *circuit) -{ - rend_service_t *service; - char buf[RELAY_PAYLOAD_SIZE]; - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - unsigned int expiring_nodes_len, num_ip_circuits, valid_ip_circuits = 0; - int reason = END_CIRC_REASON_TORPROTOCOL; - const char *rend_pk_digest; - - tor_assert(circuit->base_.purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO); - assert_circ_anonymity_ok(circuit, get_options()); - tor_assert(circuit->cpath); - tor_assert(circuit->rend_data); - /* XXX: This is version 2 specific (only on supported). */ - rend_pk_digest = (char *) rend_data_get_pk_digest(circuit->rend_data, NULL); - - base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - rend_pk_digest, REND_SERVICE_ID_LEN); - - service = rend_service_get_by_pk_digest(rend_pk_digest); - if (!service) { - log_warn(LD_REND, "Unrecognized service ID %s on introduction circuit %u.", - safe_str_client(serviceid), (unsigned)circuit->base_.n_circ_id); - reason = END_CIRC_REASON_NOSUCHSERVICE; - goto err; - } - - /* Take the current amount of expiring nodes and the current amount of IP - * circuits and compute how many valid IP circuits we have. */ - expiring_nodes_len = (unsigned int) smartlist_len(service->expiring_nodes); - num_ip_circuits = count_intro_point_circuits(service); - /* Let's avoid an underflow. The valid_ip_circuits is initialized to 0 in - * case this condition turns out false because it means that all circuits - * are expiring so we need to keep this circuit. */ - if (num_ip_circuits > expiring_nodes_len) { - valid_ip_circuits = num_ip_circuits - expiring_nodes_len; - } - - /* If we already have enough introduction circuits for this service, - * redefine this one as a general circuit or close it, depending. - * Subtract the amount of expiring nodes here because the circuits are - * still opened. */ - if (valid_ip_circuits > service->n_intro_points_wanted) { - const or_options_t *options = get_options(); - /* Remove the intro point associated with this circuit, it's being - * repurposed or closed thus cleanup memory. */ - rend_intro_point_t *intro = find_intro_point(circuit); - if (intro != NULL) { - smartlist_remove(service->intro_nodes, intro); - rend_intro_point_free(intro); - } - - if (options->ExcludeNodes) { - /* XXXX in some future version, we can test whether the transition is - allowed or not given the actual nodes in the circuit. But for now, - this case, we might as well close the thing. */ - log_info(LD_CIRC|LD_REND, "We have just finished an introduction " - "circuit, but we already have enough. Closing it."); - reason = END_CIRC_REASON_NONE; - goto err; - } else { - tor_assert(circuit->build_state->is_internal); - log_info(LD_CIRC|LD_REND, "We have just finished an introduction " - "circuit, but we already have enough. Redefining purpose to " - "general; leaving as internal."); - - if (circuit_should_use_vanguards(TO_CIRCUIT(circuit)->purpose)) { - circuit_change_purpose(TO_CIRCUIT(circuit), - CIRCUIT_PURPOSE_HS_VANGUARDS); - } else { - circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_C_GENERAL); - } - - { - rend_data_free(circuit->rend_data); - circuit->rend_data = NULL; - } - { - crypto_pk_t *intro_key = circuit->intro_key; - circuit->intro_key = NULL; - crypto_pk_free(intro_key); - } - - circuit_has_opened(circuit); - goto done; - } - } - - log_info(LD_REND, - "Established circuit %u as introduction point for service %s", - (unsigned)circuit->base_.n_circ_id, serviceid); - circuit_log_path(LOG_INFO, LD_REND, circuit); - - /* Send the ESTABLISH_INTRO cell */ - { - ssize_t len; - len = rend_service_encode_establish_intro_cell(buf, sizeof(buf), - circuit->intro_key, - circuit->cpath->prev->rend_circ_nonce); - if (len < 0) { - reason = END_CIRC_REASON_INTERNAL; - goto err; - } - - if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit), - RELAY_COMMAND_ESTABLISH_INTRO, - buf, len, circuit->cpath->prev)<0) { - log_info(LD_GENERAL, - "Couldn't send introduction request for service %s on circuit %u", - serviceid, (unsigned)circuit->base_.n_circ_id); - goto done; - } - } - - /* We've attempted to use this circuit */ - pathbias_count_use_attempt(circuit); - - goto done; - - err: - circuit_mark_for_close(TO_CIRCUIT(circuit), reason); - done: - memwipe(buf, 0, sizeof(buf)); - memwipe(serviceid, 0, sizeof(serviceid)); - - return; -} - -/** Called when we get an INTRO_ESTABLISHED cell; mark the circuit as a - * live introduction point, and note that the service descriptor is - * now out-of-date. */ -int -rend_service_intro_established(origin_circuit_t *circuit, - const uint8_t *request, - size_t request_len) -{ - rend_service_t *service; - rend_intro_point_t *intro; - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - (void) request; - (void) request_len; - tor_assert(circuit->rend_data); - /* XXX: This is version 2 specific (only supported one for now). */ - const char *rend_pk_digest = - (char *) rend_data_get_pk_digest(circuit->rend_data, NULL); - - if (circuit->base_.purpose != CIRCUIT_PURPOSE_S_ESTABLISH_INTRO) { - log_warn(LD_PROTOCOL, - "received INTRO_ESTABLISHED cell on non-intro circuit."); - goto err; - } - service = rend_service_get_by_pk_digest(rend_pk_digest); - if (!service) { - log_warn(LD_REND, "Unknown service on introduction circuit %u.", - (unsigned)circuit->base_.n_circ_id); - goto err; - } - base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32 + 1, - rend_pk_digest, REND_SERVICE_ID_LEN); - /* We've just successfully established a intro circuit to one of our - * introduction point, account for it. */ - intro = find_intro_point(circuit); - if (intro == NULL) { - log_warn(LD_REND, - "Introduction circuit established without a rend_intro_point_t " - "object for service %s on circuit %u", - safe_str_client(serviceid), (unsigned)circuit->base_.n_circ_id); - goto err; - } - intro->circuit_established = 1; - /* We might not have every introduction point ready but at this point we - * know that the descriptor needs to be uploaded. */ - service->desc_is_dirty = time(NULL); - circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_INTRO); - - log_info(LD_REND, - "Received INTRO_ESTABLISHED cell on circuit %u for service %s", - (unsigned)circuit->base_.n_circ_id, serviceid); - - /* Getting a valid INTRODUCE_ESTABLISHED means we've successfully - * used the circ */ - pathbias_mark_use_success(circuit); - - return 0; - err: - circuit_mark_for_close(TO_CIRCUIT(circuit), END_CIRC_REASON_TORPROTOCOL); - return -1; -} - -/** Called once a circuit to a rendezvous point is established: sends a - * RELAY_COMMAND_RENDEZVOUS1 cell. - */ -void -rend_service_rendezvous_has_opened(origin_circuit_t *circuit) -{ - rend_service_t *service; - char buf[RELAY_PAYLOAD_SIZE]; - crypt_path_t *hop; - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - char hexcookie[9]; - int reason; - const char *rend_cookie, *rend_pk_digest; - - tor_assert(circuit->base_.purpose == CIRCUIT_PURPOSE_S_CONNECT_REND); - tor_assert(circuit->cpath); - tor_assert(circuit->build_state); - assert_circ_anonymity_ok(circuit, get_options()); - tor_assert(circuit->rend_data); - - /* XXX: This is version 2 specific (only one supported). */ - rend_pk_digest = (char *) rend_data_get_pk_digest(circuit->rend_data, - NULL); - rend_cookie = circuit->rend_data->rend_cookie; - - /* Declare the circuit dirty to avoid reuse, and for path-bias. We set the - * timestamp regardless of its content because that circuit could have been - * cannibalized so in any cases, we are about to use that circuit more. */ - circuit->base_.timestamp_dirty = time(NULL); - - /* This may be redundant */ - pathbias_count_use_attempt(circuit); - - hop = circuit->build_state->service_pending_final_cpath_ref->cpath; - - base16_encode(hexcookie,9, rend_cookie,4); - base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - rend_pk_digest, REND_SERVICE_ID_LEN); - - log_info(LD_REND, - "Done building circuit %u to rendezvous with " - "cookie %s for service %s", - (unsigned)circuit->base_.n_circ_id, hexcookie, serviceid); - circuit_log_path(LOG_INFO, LD_REND, circuit); - - /* Clear the 'in-progress HS circ has timed out' flag for - * consistency with what happens on the client side; this line has - * no effect on Tor's behaviour. */ - circuit->hs_circ_has_timed_out = 0; - - /* If hop is NULL, another rend circ has already connected to this - * rend point. Close this circ. */ - if (hop == NULL) { - log_info(LD_REND, "Another rend circ has already reached this rend point; " - "closing this rend circ."); - reason = END_CIRC_REASON_NONE; - goto err; - } - - /* Remove our final cpath element from the reference, so that no - * other circuit will try to use it. Store it in - * pending_final_cpath for now to ensure that it will be freed if - * our rendezvous attempt fails. */ - circuit->build_state->pending_final_cpath = hop; - circuit->build_state->service_pending_final_cpath_ref->cpath = NULL; - - service = rend_service_get_by_pk_digest(rend_pk_digest); - if (!service) { - log_warn(LD_GENERAL, "Internal error: unrecognized service ID on " - "rendezvous circuit."); - reason = END_CIRC_REASON_INTERNAL; - goto err; - } - - /* All we need to do is send a RELAY_RENDEZVOUS1 cell... */ - memcpy(buf, rend_cookie, REND_COOKIE_LEN); - if (crypto_dh_get_public(hop->rend_dh_handshake_state, - buf+REND_COOKIE_LEN, DH1024_KEY_LEN)<0) { - log_warn(LD_GENERAL,"Couldn't get DH public key."); - reason = END_CIRC_REASON_INTERNAL; - goto err; - } - memcpy(buf+REND_COOKIE_LEN+DH1024_KEY_LEN, hop->rend_circ_nonce, - DIGEST_LEN); - - /* Send the cell */ - if (relay_send_command_from_edge(0, TO_CIRCUIT(circuit), - RELAY_COMMAND_RENDEZVOUS1, - buf, HS_LEGACY_RENDEZVOUS_CELL_SIZE, - circuit->cpath->prev)<0) { - log_warn(LD_GENERAL, "Couldn't send RENDEZVOUS1 cell."); - goto done; - } - - crypto_dh_free(hop->rend_dh_handshake_state); - hop->rend_dh_handshake_state = NULL; - - /* Append the cpath entry. */ - hop->state = CPATH_STATE_OPEN; - /* set the windows to default. these are the windows - * that the service thinks the client has. - */ - hop->package_window = circuit_initial_package_window(); - hop->deliver_window = CIRCWINDOW_START; - - cpath_extend_linked_list(&circuit->cpath, hop); - circuit->build_state->pending_final_cpath = NULL; /* prevent double-free */ - - /* Change the circuit purpose. */ - circuit_change_purpose(TO_CIRCUIT(circuit), CIRCUIT_PURPOSE_S_REND_JOINED); - - goto done; - - err: - circuit_mark_for_close(TO_CIRCUIT(circuit), reason); - done: - memwipe(buf, 0, sizeof(buf)); - memwipe(serviceid, 0, sizeof(serviceid)); - memwipe(hexcookie, 0, sizeof(hexcookie)); - - return; -} - -/* - * Manage introduction points - */ - -/** Return the (possibly non-open) introduction circuit ending at - * <b>intro</b> for the service whose public key is <b>pk_digest</b>. - * (<b>desc_version</b> is ignored). Return NULL if no such service is - * found. - */ -static origin_circuit_t * -find_intro_circuit(rend_intro_point_t *intro, const char *pk_digest) -{ - origin_circuit_t *circ = NULL; - - tor_assert(intro); - while ((circ = circuit_get_next_by_pk_and_purpose(circ, - (uint8_t *) pk_digest, CIRCUIT_PURPOSE_S_INTRO))) { - if (tor_memeq(circ->build_state->chosen_exit->identity_digest, - intro->extend_info->identity_digest, DIGEST_LEN) && - circ->rend_data) { - return circ; - } - } - - circ = NULL; - while ((circ = circuit_get_next_by_pk_and_purpose(circ, - (uint8_t *) pk_digest, - CIRCUIT_PURPOSE_S_ESTABLISH_INTRO))) { - if (tor_memeq(circ->build_state->chosen_exit->identity_digest, - intro->extend_info->identity_digest, DIGEST_LEN) && - circ->rend_data) { - return circ; - } - } - return NULL; -} - -/** Return the corresponding introdution point using the circuit <b>circ</b> - * found in the <b>service</b>. NULL is returned if not found. */ -static rend_intro_point_t * -find_expiring_intro_point(rend_service_t *service, origin_circuit_t *circ) -{ - tor_assert(service); - tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO || - TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO); - - SMARTLIST_FOREACH(service->expiring_nodes, rend_intro_point_t *, - intro_point, - if (crypto_pk_eq_keys(intro_point->intro_key, circ->intro_key)) { - return intro_point; - }); - - return NULL; -} - -/** Return a pointer to the rend_intro_point_t corresponding to the - * service-side introduction circuit <b>circ</b>. */ -static rend_intro_point_t * -find_intro_point(origin_circuit_t *circ) -{ - const char *serviceid; - rend_service_t *service = NULL; - - tor_assert(TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_ESTABLISH_INTRO || - TO_CIRCUIT(circ)->purpose == CIRCUIT_PURPOSE_S_INTRO); - tor_assert(circ->rend_data); - serviceid = rend_data_get_address(circ->rend_data); - - SMARTLIST_FOREACH(rend_service_list, rend_service_t *, s, - if (tor_memeq(s->service_id, serviceid, REND_SERVICE_ID_LEN_BASE32)) { - service = s; - break; - }); - - if (service == NULL) return NULL; - - SMARTLIST_FOREACH(service->intro_nodes, rend_intro_point_t *, intro_point, - if (crypto_pk_eq_keys(intro_point->intro_key, circ->intro_key)) { - return intro_point; - }); - - return NULL; -} - -/** Upload the rend_encoded_v2_service_descriptor_t's in <b>descs</b> - * associated with the rend_service_descriptor_t <b>renddesc</b> to - * the responsible hidden service directories OR the hidden service - * directories specified by <b>hs_dirs</b>; <b>service_id</b> and - * <b>seconds_valid</b> are only passed for logging purposes. - */ -void -directory_post_to_hs_dir(rend_service_descriptor_t *renddesc, - smartlist_t *descs, smartlist_t *hs_dirs, - const char *service_id, int seconds_valid) -{ - int i, j, failed_upload = 0; - smartlist_t *responsible_dirs = smartlist_new(); - smartlist_t *successful_uploads = smartlist_new(); - routerstatus_t *hs_dir; - for (i = 0; i < smartlist_len(descs); i++) { - rend_encoded_v2_service_descriptor_t *desc = smartlist_get(descs, i); - /** If any HSDirs are specified, they should be used instead of - * the responsible directories */ - if (hs_dirs && smartlist_len(hs_dirs) > 0) { - smartlist_add_all(responsible_dirs, hs_dirs); - } else { - /* Determine responsible dirs. */ - if (hid_serv_get_responsible_directories(responsible_dirs, - desc->desc_id) < 0) { - log_warn(LD_REND, "Could not determine the responsible hidden service " - "directories to post descriptors to."); - control_event_hs_descriptor_upload(service_id, - "UNKNOWN", - "UNKNOWN", NULL); - goto done; - } - } - for (j = 0; j < smartlist_len(responsible_dirs); j++) { - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - char *hs_dir_ip; - const node_t *node; - rend_data_t *rend_data; - hs_dir = smartlist_get(responsible_dirs, j); - if (smartlist_contains_digest(renddesc->successful_uploads, - hs_dir->identity_digest)) - /* Don't upload descriptor if we succeeded in doing so last time. */ - continue; - node = node_get_by_id(hs_dir->identity_digest); - if (!node || !node_has_preferred_descriptor(node,0)) { - log_info(LD_REND, "Not launching upload for for v2 descriptor to " - "hidden service directory %s; we don't have its " - "router descriptor. Queuing for later upload.", - safe_str_client(routerstatus_describe(hs_dir))); - failed_upload = -1; - continue; - } - /* Send publish request. */ - - /* We need the service ID to identify which service did the upload - * request. Lookup is made in rend_service_desc_has_uploaded(). */ - rend_data = rend_data_client_create(service_id, desc->desc_id, NULL, - REND_NO_AUTH); - directory_request_t *req = - directory_request_new(DIR_PURPOSE_UPLOAD_RENDDESC_V2); - directory_request_set_routerstatus(req, hs_dir); - directory_request_set_indirection(req, DIRIND_ANONYMOUS); - directory_request_set_payload(req, - desc->desc_str, strlen(desc->desc_str)); - directory_request_set_rend_query(req, rend_data); - directory_initiate_request(req); - directory_request_free(req); - - rend_data_free(rend_data); - base32_encode(desc_id_base32, sizeof(desc_id_base32), - desc->desc_id, DIGEST_LEN); - hs_dir_ip = tor_addr_to_str_dup(&hs_dir->ipv4_addr); - if (hs_dir_ip) { - log_info(LD_REND, "Launching upload for v2 descriptor for " - "service '%s' with descriptor ID '%s' with validity " - "of %d seconds to hidden service directory '%s' on " - "%s:%d.", - safe_str_client(service_id), - safe_str_client(desc_id_base32), - seconds_valid, - hs_dir->nickname, - hs_dir_ip, - hs_dir->ipv4_orport); - tor_free(hs_dir_ip); - } - - control_event_hs_descriptor_upload(service_id, - hs_dir->identity_digest, - desc_id_base32, NULL); - /* Remember successful upload to this router for next time. */ - if (!smartlist_contains_digest(successful_uploads, - hs_dir->identity_digest)) - smartlist_add(successful_uploads, hs_dir->identity_digest); - } - smartlist_clear(responsible_dirs); - } - if (!failed_upload) { - if (renddesc->successful_uploads) { - SMARTLIST_FOREACH(renddesc->successful_uploads, char *, c, tor_free(c);); - smartlist_free(renddesc->successful_uploads); - renddesc->successful_uploads = NULL; - } - renddesc->all_uploads_performed = 1; - } else { - /* Remember which routers worked this time, so that we don't upload the - * descriptor to them again. */ - if (!renddesc->successful_uploads) - renddesc->successful_uploads = smartlist_new(); - SMARTLIST_FOREACH(successful_uploads, const char *, c, { - if (!smartlist_contains_digest(renddesc->successful_uploads, c)) { - char *hsdir_id = tor_memdup(c, DIGEST_LEN); - smartlist_add(renddesc->successful_uploads, hsdir_id); - } - }); - } - done: - smartlist_free(responsible_dirs); - smartlist_free(successful_uploads); -} - -/** Encode and sign an up-to-date service descriptor for <b>service</b>, - * and upload it/them to the responsible hidden service directories. - */ -static void -upload_service_descriptor(rend_service_t *service) -{ - time_t now = time(NULL); - int rendpostperiod; - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - int uploaded = 0; - - rendpostperiod = get_options()->RendPostPeriod; - - networkstatus_t *c = networkstatus_get_latest_consensus(); - if (c && smartlist_len(c->routerstatus_list) > 0) { - int seconds_valid, i, j, num_descs; - smartlist_t *descs = smartlist_new(); - smartlist_t *client_cookies = smartlist_new(); - /* Either upload a single descriptor (including replicas) or one - * descriptor for each authorized client in case of authorization - * type 'stealth'. */ - num_descs = service->auth_type == REND_STEALTH_AUTH ? - smartlist_len(service->clients) : 1; - for (j = 0; j < num_descs; j++) { - crypto_pk_t *client_key = NULL; - rend_authorized_client_t *client = NULL; - smartlist_clear(client_cookies); - switch (service->auth_type) { - case REND_NO_AUTH: - /* Do nothing here. */ - break; - case REND_BASIC_AUTH: - SMARTLIST_FOREACH(service->clients, rend_authorized_client_t *, - cl, smartlist_add(client_cookies, cl->descriptor_cookie)); - break; - case REND_STEALTH_AUTH: - client = smartlist_get(service->clients, j); - client_key = client->client_key; - smartlist_add(client_cookies, client->descriptor_cookie); - break; - } - /* Encode the current descriptor. */ - seconds_valid = rend_encode_v2_descriptors(descs, service->desc, - now, 0, - service->auth_type, - client_key, - client_cookies); - if (seconds_valid < 0) { - log_warn(LD_BUG, "Internal error: couldn't encode service " - "descriptor; not uploading."); - smartlist_free(descs); - smartlist_free(client_cookies); - return; - } - rend_get_service_id(service->desc->pk, serviceid); - if (get_options()->PublishHidServDescriptors) { - /* Post the current descriptors to the hidden service directories. */ - /* This log message is used by Chutney as part of its bootstrap - * detection mechanism. Please don't change without first checking - * Chutney. */ - log_info(LD_REND, "Launching upload for hidden service %s", - serviceid); - directory_post_to_hs_dir(service->desc, descs, NULL, serviceid, - seconds_valid); - } - /* Free memory for descriptors. */ - for (i = 0; i < smartlist_len(descs); i++) - rend_encoded_v2_service_descriptor_free_(smartlist_get(descs, i)); - smartlist_clear(descs); - /* Update next upload time. */ - if (seconds_valid - REND_TIME_PERIOD_OVERLAPPING_V2_DESCS - > rendpostperiod) - service->next_upload_time = now + rendpostperiod; - else if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS) - service->next_upload_time = now + seconds_valid + 1; - else - service->next_upload_time = now + seconds_valid - - REND_TIME_PERIOD_OVERLAPPING_V2_DESCS + 1; - /* Post also the next descriptors, if necessary. */ - if (seconds_valid < REND_TIME_PERIOD_OVERLAPPING_V2_DESCS) { - seconds_valid = rend_encode_v2_descriptors(descs, service->desc, - now, 1, - service->auth_type, - client_key, - client_cookies); - if (seconds_valid < 0) { - log_warn(LD_BUG, "Internal error: couldn't encode service " - "descriptor; not uploading."); - smartlist_free(descs); - smartlist_free(client_cookies); - return; - } - if (get_options()->PublishHidServDescriptors) { - directory_post_to_hs_dir(service->desc, descs, NULL, serviceid, - seconds_valid); - } - /* Free memory for descriptors. */ - for (i = 0; i < smartlist_len(descs); i++) - rend_encoded_v2_service_descriptor_free_(smartlist_get(descs, i)); - smartlist_clear(descs); - } - } - smartlist_free(descs); - smartlist_free(client_cookies); - uploaded = 1; - if (get_options()->PublishHidServDescriptors) { - log_info(LD_REND, "Successfully uploaded v2 rend descriptors!"); - } else { - log_info(LD_REND, "Successfully stored created v2 rend descriptors!"); - } - } - - /* If not uploaded, try again in one minute. */ - if (!uploaded) - service->next_upload_time = now + 60; - - /* Unmark dirty flag of this service. */ - service->desc_is_dirty = 0; -} - -/** Return the number of INTRODUCE2 cells this hidden service has received - * from this intro point. */ -static int -intro_point_accepted_intro_count(rend_intro_point_t *intro) -{ - return intro->accepted_introduce2_count; -} - -/** Return non-zero iff <b>intro</b> should 'expire' now (i.e. we - * should stop publishing it in new descriptors and eventually close - * it). */ -static int -intro_point_should_expire_now(rend_intro_point_t *intro, - time_t now) -{ - tor_assert(intro != NULL); - - if (intro->time_published == -1) { - /* Don't expire an intro point if we haven't even published it yet. */ - return 0; - } - - if (intro_point_accepted_intro_count(intro) >= - intro->max_introductions) { - /* This intro point has been used too many times. Expire it now. */ - return 1; - } - - if (intro->time_to_expire == -1) { - /* This intro point has been published, but we haven't picked an - * expiration time for it. Pick one now. */ - int intro_point_lifetime_seconds = - crypto_rand_int_range(INTRO_POINT_LIFETIME_MIN_SECONDS, - INTRO_POINT_LIFETIME_MAX_SECONDS); - - /* Start the expiration timer now, rather than when the intro - * point was first published. There shouldn't be much of a time - * difference. */ - intro->time_to_expire = now + intro_point_lifetime_seconds; - - return 0; - } - - /* This intro point has a time to expire set already. Use it. */ - return (now >= intro->time_to_expire); -} - -/** Iterate over intro points in the given service and remove the invalid - * ones. For an intro point object to be considered invalid, the circuit - * _and_ node need to have disappeared. - * - * If the intro point should expire, it's placed into the expiring_nodes - * list of the service and removed from the active intro nodes list. - * - * If <b>exclude_nodes</b> is not NULL, add the valid nodes to it. - * - * If <b>retry_nodes</b> is not NULL, add the valid node to it if the - * circuit disappeared but the node is still in the consensus. */ -static void -remove_invalid_intro_points(rend_service_t *service, - smartlist_t *exclude_nodes, - smartlist_t *retry_nodes, time_t now) -{ - tor_assert(service); - - /* Remove any expired nodes that doesn't have a circuit. */ - SMARTLIST_FOREACH_BEGIN(service->expiring_nodes, rend_intro_point_t *, - intro) { - origin_circuit_t *intro_circ = - find_intro_circuit(intro, service->pk_digest); - if (intro_circ) { - continue; - } - /* No more circuit, cleanup the into point object. */ - SMARTLIST_DEL_CURRENT(service->expiring_nodes, intro); - rend_intro_point_free(intro); - } SMARTLIST_FOREACH_END(intro); - - SMARTLIST_FOREACH_BEGIN(service->intro_nodes, rend_intro_point_t *, - intro) { - /* Find the introduction point node object. */ - const node_t *node = - node_get_by_id(intro->extend_info->identity_digest); - /* Find the intro circuit, this might be NULL. */ - origin_circuit_t *intro_circ = - find_intro_circuit(intro, service->pk_digest); - - /* Add the valid node to the exclusion list so we don't try to establish - * an introduction point to it again. */ - if (node && exclude_nodes) { - smartlist_add(exclude_nodes, (void*) node); - } - - /* First, make sure we still have a valid circuit for this intro point. - * If we dont, we'll give up on it and make a new one. */ - if (intro_circ == NULL) { - log_info(LD_REND, "Attempting to retry on %s as intro point for %s" - " (circuit disappeared).", - safe_str_client(extend_info_describe(intro->extend_info)), - safe_str_client(service->service_id)); - /* We've lost the circuit for this intro point, flag it so it can be - * accounted for when considiring uploading a descriptor. */ - intro->circuit_established = 0; - - /* Node is gone or we've reached our maximum circuit creation retry - * count, clean up everything, we'll find a new one. */ - if (node == NULL || - intro->circuit_retries >= MAX_INTRO_POINT_CIRCUIT_RETRIES) { - rend_intro_point_free(intro); - SMARTLIST_DEL_CURRENT(service->intro_nodes, intro); - /* We've just killed the intro point, nothing left to do. */ - continue; - } - - /* The intro point is still alive so let's try to use it again because - * we have a published descriptor containing it. Keep the intro point - * in the intro_nodes list because it's still valid, we are rebuilding - * a circuit to it. */ - if (retry_nodes) { - smartlist_add(retry_nodes, intro); - } - } - /* else, the circuit is valid so in both cases, node being alive or not, - * we leave the circuit and intro point object as is. Closing the - * circuit here would leak new consensus timing and freeing the intro - * point object would make the intro circuit unusable. */ - - /* Now, check if intro point should expire. If it does, queue it so - * it can be cleaned up once it has been replaced properly. */ - if (intro_point_should_expire_now(intro, now)) { - log_info(LD_REND, "Expiring %s as intro point for %s.", - safe_str_client(extend_info_describe(intro->extend_info)), - safe_str_client(service->service_id)); - /* We might have put it in the retry list if so, undo. */ - if (retry_nodes) { - smartlist_remove(retry_nodes, intro); - } - smartlist_add(service->expiring_nodes, intro); - SMARTLIST_DEL_CURRENT(service->intro_nodes, intro); - /* Intro point is expired, we need a new one thus don't consider it - * anymore has a valid established intro point. */ - intro->circuit_established = 0; - } - } SMARTLIST_FOREACH_END(intro); -} - -/** A new descriptor has been successfully uploaded for the given - * <b>rend_data</b>. Remove and free the expiring nodes from the associated - * service. */ -void -rend_service_desc_has_uploaded(const rend_data_t *rend_data) -{ - rend_service_t *service; - const char *onion_address; - - tor_assert(rend_data); - - onion_address = rend_data_get_address(rend_data); - - service = rend_service_get_by_service_id(onion_address); - if (service == NULL) { - return; - } - - SMARTLIST_FOREACH_BEGIN(service->expiring_nodes, rend_intro_point_t *, - intro) { - origin_circuit_t *intro_circ = - find_intro_circuit(intro, service->pk_digest); - if (intro_circ != NULL) { - circuit_mark_for_close(TO_CIRCUIT(intro_circ), - END_CIRC_REASON_FINISHED); - } - SMARTLIST_DEL_CURRENT(service->expiring_nodes, intro); - rend_intro_point_free(intro); - } SMARTLIST_FOREACH_END(intro); -} - -/** Don't try to build more than this many circuits before giving up - * for a while. Dynamically calculated based on the configured number of - * introduction points for the service, n_intro_points_wanted. */ -static int -rend_max_intro_circs_per_period(unsigned int n_intro_points_wanted) -{ - /* Allow all but one of the initial connections to fail and be - * retried. (If all fail, we *want* to wait, because something is broken.) */ - tor_assert(n_intro_points_wanted <= NUM_INTRO_POINTS_MAX); - - /* For the normal use case, 3 intro points plus 2 extra for performance and - * allow that twice because once every 24h or so, we can do it twice for two - * descriptors that is the current one and the next one. So (3 + 2) * 2 == - * 12 allowed attempts for one period. */ - return ((n_intro_points_wanted + NUM_INTRO_POINTS_EXTRA) * 2); -} - -/** For every service, check how many intro points it currently has, and: - * - Invalidate introdution points based on specific criteria, see - * remove_invalid_intro_points comments. - * - Pick new intro points as necessary. - * - Launch circuits to any new intro points. - * - * This is called once a second by the main loop. - */ -void -rend_consider_services_intro_points(time_t now) -{ - int i; - const or_options_t *options = get_options(); - /* Are we in single onion mode? */ - const int allow_direct = rend_service_allow_non_anonymous_connection( - get_options()); - /* List of nodes we need to _exclude_ when choosing a new node to - * establish an intro point to. */ - smartlist_t *exclude_nodes; - /* List of nodes we need to retry to build a circuit on them because the - * node is valid but circuit died. */ - smartlist_t *retry_nodes; - - if (!have_completed_a_circuit()) - return; - - exclude_nodes = smartlist_new(); - retry_nodes = smartlist_new(); - - SMARTLIST_FOREACH_BEGIN(rend_service_list, rend_service_t *, service) { - int r; - /* Number of intro points we want to open and add to the intro nodes - * list of the service. */ - unsigned int n_intro_points_to_open; - /* Have an unsigned len so we can use it to compare values else gcc is - * not happy with unmatching signed comparison. */ - unsigned int intro_nodes_len; - /* Different service are allowed to have the same introduction point as - * long as they are on different circuit thus why we clear this list. */ - smartlist_clear(exclude_nodes); - smartlist_clear(retry_nodes); - - /* Cleanup the invalid intro points and save the node objects, if any, - * in the exclude_nodes and retry_nodes lists. */ - remove_invalid_intro_points(service, exclude_nodes, retry_nodes, now); - - /* This retry period is important here so we don't stress circuit - * creation. */ - - if (now > service->intro_period_started + INTRO_CIRC_RETRY_PERIOD) { - /* One period has elapsed: - * - if we stopped, we can try building circuits again, - * - if we haven't, we reset the circuit creation counts. */ - rend_log_intro_limit(service, LOG_INFO); - service->intro_period_started = now; - service->n_intro_circuits_launched = 0; - } else if (service->n_intro_circuits_launched >= - rend_max_intro_circs_per_period( - service->n_intro_points_wanted)) { - /* We have failed too many times in this period; wait for the next - * one before we try to initiate any more connections. */ - rend_log_intro_limit(service, LOG_WARN); - continue; - } - - /* Let's try to rebuild circuit on the nodes we want to retry on. */ - SMARTLIST_FOREACH_BEGIN(retry_nodes, rend_intro_point_t *, intro) { - r = rend_service_launch_establish_intro(service, intro); - if (r < 0) { - log_warn(LD_REND, "Error launching circuit to node %s for service %s.", - safe_str_client(extend_info_describe(intro->extend_info)), - safe_str_client(service->service_id)); - /* Unable to launch a circuit to that intro point, remove it from - * the valid list so we can create a new one. */ - smartlist_remove(service->intro_nodes, intro); - rend_intro_point_free(intro); - continue; - } - intro->circuit_retries++; - } SMARTLIST_FOREACH_END(intro); - - /* Avoid mismatched signed comparison below. */ - intro_nodes_len = (unsigned int) smartlist_len(service->intro_nodes); - - /* Quiescent state, we have more or the equal amount of wanted node for - * this service. Proceed to the next service. We can have more nodes - * because we launch extra preemptive circuits if our intro nodes list was - * originally empty for performance reasons. */ - if (intro_nodes_len >= service->n_intro_points_wanted) { - continue; - } - - /* Number of intro points we want to open which is the wanted amount minus - * the current amount of valid nodes. We know that this won't underflow - * because of the check above. */ - n_intro_points_to_open = service->n_intro_points_wanted - intro_nodes_len; - if (intro_nodes_len == 0) { - /* We want to end up with n_intro_points_wanted intro points, but if - * we have no intro points at all (chances are they all cycled or we - * are starting up), we launch NUM_INTRO_POINTS_EXTRA extra circuits - * and use the first n_intro_points_wanted that complete. See proposal - * #155, section 4 for the rationale of this which is purely for - * performance. - * - * The ones after the first n_intro_points_to_open will be converted - * to 'general' internal circuits in rend_service_intro_has_opened(), - * and then we'll drop them from the list of intro points. */ - n_intro_points_to_open += NUM_INTRO_POINTS_EXTRA; - } - - for (i = 0; i < (int) n_intro_points_to_open; i++) { - const node_t *node; - rend_intro_point_t *intro; - router_crn_flags_t flags = CRN_NEED_UPTIME|CRN_NEED_DESC; - router_crn_flags_t direct_flags = flags; - direct_flags |= CRN_PREF_ADDR; - direct_flags |= CRN_DIRECT_CONN; - - node = router_choose_random_node(exclude_nodes, - options->ExcludeNodes, - allow_direct ? direct_flags : flags); - /* If we are in single onion mode, retry node selection for a 3-hop - * path */ - if (allow_direct && !node) { - log_info(LD_REND, - "Unable to find an intro point that we can connect to " - "directly for %s, falling back to a 3-hop path.", - safe_str_client(service->service_id)); - node = router_choose_random_node(exclude_nodes, - options->ExcludeNodes, flags); - } - - if (!node) { - log_warn(LD_REND, - "We only have %d introduction points established for %s; " - "wanted %u.", - smartlist_len(service->intro_nodes), - safe_str_client(service->service_id), - n_intro_points_to_open); - break; - } - /* Add the chosen node to the exclusion list in order to avoid picking - * it again in the next iteration. */ - smartlist_add(exclude_nodes, (void*)node); - intro = tor_malloc_zero(sizeof(rend_intro_point_t)); - /* extend_info is for clients, so we want the multi-hop primary ORPort, - * even if we are a single onion service and intend to connect to it - * directly ourselves. */ - intro->extend_info = extend_info_from_node(node, 0); - if (BUG(intro->extend_info == NULL)) { - tor_free(intro); - break; - } - intro->intro_key = crypto_pk_new(); - const int fail = crypto_pk_generate_key(intro->intro_key); - tor_assert(!fail); - intro->time_published = -1; - intro->time_to_expire = -1; - intro->max_introductions = - crypto_rand_int_range(INTRO_POINT_MIN_LIFETIME_INTRODUCTIONS, - INTRO_POINT_MAX_LIFETIME_INTRODUCTIONS); - smartlist_add(service->intro_nodes, intro); - log_info(LD_REND, "Picked router %s as an intro point for %s.", - safe_str_client(node_describe(node)), - safe_str_client(service->service_id)); - /* Establish new introduction circuit to our chosen intro point. */ - r = rend_service_launch_establish_intro(service, intro); - if (r < 0) { - log_warn(LD_REND, "Error launching circuit to node %s for service %s.", - safe_str_client(extend_info_describe(intro->extend_info)), - safe_str_client(service->service_id)); - /* This function will be called again by the main loop so this intro - * point without a intro circuit will be retried on or removed after - * a maximum number of attempts. */ - } - } - } SMARTLIST_FOREACH_END(service); - smartlist_free(exclude_nodes); - smartlist_free(retry_nodes); -} - -#define MIN_REND_INITIAL_POST_DELAY (30) -#define MIN_REND_INITIAL_POST_DELAY_TESTING (5) - -/** Regenerate and upload rendezvous service descriptors for all - * services, if necessary. If the descriptor has been dirty enough - * for long enough, definitely upload; else only upload when the - * periodic timeout has expired. - * - * For the first upload, pick a random time between now and two periods - * from now, and pick it independently for each service. - */ -void -rend_consider_services_upload(time_t now) -{ - int i; - rend_service_t *service; - const or_options_t *options = get_options(); - int rendpostperiod = options->RendPostPeriod; - int rendinitialpostdelay = (options->TestingTorNetwork ? - MIN_REND_INITIAL_POST_DELAY_TESTING : - MIN_REND_INITIAL_POST_DELAY); - - for (i=0; i < smartlist_len(rend_service_list); ++i) { - service = smartlist_get(rend_service_list, i); - if (!service->next_upload_time) { /* never been uploaded yet */ - /* The fixed lower bound of rendinitialpostdelay seconds ensures that - * the descriptor is stable before being published. See comment below. */ - service->next_upload_time = - now + rendinitialpostdelay + crypto_rand_int(2*rendpostperiod); - /* Single Onion Services prioritise availability over hiding their - * startup time, as their IP address is publicly discoverable anyway. - */ - if (rend_service_reveal_startup_time(options)) { - service->next_upload_time = now + rendinitialpostdelay; - } - } - /* Does every introduction points have been established? */ - unsigned int intro_points_ready = - count_established_intro_points(service) >= - service->n_intro_points_wanted; - if (intro_points_ready && - (service->next_upload_time < now || - (service->desc_is_dirty && - service->desc_is_dirty < now-rendinitialpostdelay))) { - /* if it's time, or if the directory servers have a wrong service - * descriptor and ours has been stable for rendinitialpostdelay seconds, - * upload a new one of each format. */ - rend_service_update_descriptor(service); - upload_service_descriptor(service); - } - } -} - -/** True if the list of available router descriptors might have changed so - * that we should have a look whether we can republish previously failed - * rendezvous service descriptors. */ -static int consider_republishing_rend_descriptors = 1; - -/** Called when our internal view of the directory has changed, so that we - * might have router descriptors of hidden service directories available that - * we did not have before. */ -void -rend_hsdir_routers_changed(void) -{ - consider_republishing_rend_descriptors = 1; -} - -/** Consider republication of v2 rendezvous service descriptors that failed - * previously, but without regenerating descriptor contents. - */ -void -rend_consider_descriptor_republication(void) -{ - int i; - rend_service_t *service; - - if (!consider_republishing_rend_descriptors) - return; - consider_republishing_rend_descriptors = 0; - - if (!get_options()->PublishHidServDescriptors) - return; - - for (i=0; i < smartlist_len(rend_service_list); ++i) { - service = smartlist_get(rend_service_list, i); - if (service->desc && !service->desc->all_uploads_performed) { - /* If we failed in uploading a descriptor last time, try again *without* - * updating the descriptor's contents. */ - upload_service_descriptor(service); - } - } -} - -/** Log the status of introduction points for all rendezvous services - * at log severity <b>severity</b>. - */ -void -rend_service_dump_stats(int severity) -{ - rend_service_t *service; - rend_intro_point_t *intro; - const char *safe_name; - origin_circuit_t *circ; - - for (int i = 0; i < smartlist_len(rend_service_list); ++i) { - service = smartlist_get(rend_service_list, i); - tor_log(severity, LD_GENERAL, "Service configured in %s:", - rend_service_escaped_dir(service)); - for (int j = 0; j < smartlist_len(service->intro_nodes); ++j) { - intro = smartlist_get(service->intro_nodes, j); - safe_name = safe_str_client(intro->extend_info->nickname); - - circ = find_intro_circuit(intro, service->pk_digest); - if (!circ) { - tor_log(severity, LD_GENERAL, " Intro point %d at %s: no circuit", - j, safe_name); - continue; - } - tor_log(severity, LD_GENERAL, " Intro point %d at %s: circuit is %s", - j, safe_name, circuit_state_to_string(circ->base_.state)); - } - } -} - -/** Given <b>conn</b>, a rendezvous exit stream, look up the hidden service for - * <b>circ</b>, and look up the port and address based on conn-\>port. - * Assign the actual conn-\>addr and conn-\>port. Return -2 on failure - * for which the circuit should be closed, -1 on other failure, - * or 0 for success. - */ -int -rend_service_set_connection_addr_port(edge_connection_t *conn, - origin_circuit_t *circ) -{ - rend_service_t *service; - char serviceid[REND_SERVICE_ID_LEN_BASE32+1]; - const char *rend_pk_digest; - - tor_assert(circ->base_.purpose == CIRCUIT_PURPOSE_S_REND_JOINED); - tor_assert(circ->rend_data); - log_debug(LD_REND,"beginning to hunt for addr/port"); - rend_pk_digest = (char *) rend_data_get_pk_digest(circ->rend_data, NULL); - base32_encode(serviceid, REND_SERVICE_ID_LEN_BASE32+1, - rend_pk_digest, REND_SERVICE_ID_LEN); - service = rend_service_get_by_pk_digest(rend_pk_digest); - if (!service) { - log_warn(LD_REND, "Couldn't find any service associated with pk %s on " - "rendezvous circuit %u; closing.", - serviceid, (unsigned)circ->base_.n_circ_id); - return -2; - } - if (service->max_streams_per_circuit > 0) { - /* Enforce the streams-per-circuit limit, and refuse to provide a - * mapping if this circuit will exceed the limit. */ -#define MAX_STREAM_WARN_INTERVAL 600 - static struct ratelim_t stream_ratelim = - RATELIM_INIT(MAX_STREAM_WARN_INTERVAL); - if (circ->rend_data->nr_streams >= service->max_streams_per_circuit) { - log_fn_ratelim(&stream_ratelim, LOG_WARN, LD_REND, - "Maximum streams per circuit limit reached on rendezvous " - "circuit %u; %s. Circuit has %d out of %d streams.", - (unsigned)circ->base_.n_circ_id, - service->max_streams_close_circuit ? - "closing circuit" : - "ignoring open stream request", - circ->rend_data->nr_streams, - service->max_streams_per_circuit); - return service->max_streams_close_circuit ? -2 : -1; - } - } - - if (hs_set_conn_addr_port(service->ports, conn) == 0) { - /* Successfully set the port to the connection. We are done. */ - return 0; - } - - log_info(LD_REND, - "No virtual port mapping exists for port %d on service %s", - conn->base_.port, serviceid); - - if (service->allow_unknown_ports) - return -1; - else - return -2; -} - -/* Are HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode consistent? - */ -static int -rend_service_non_anonymous_mode_consistent(const or_options_t *options) -{ - /* !! is used to make these options boolean */ - return (!! options->HiddenServiceSingleHopMode == - !! options->HiddenServiceNonAnonymousMode); -} - -/* Do the options allow onion services to make direct (non-anonymous) - * connections to introduction or rendezvous points? - * Must only be called after options_validate_single_onion() has successfully - * checked onion service option consistency. - * Returns true if tor is in HiddenServiceSingleHopMode. */ -int -rend_service_allow_non_anonymous_connection(const or_options_t *options) -{ - tor_assert(rend_service_non_anonymous_mode_consistent(options)); - return options->HiddenServiceSingleHopMode ? 1 : 0; -} - -/* Do the options allow us to reveal the exact startup time of the onion - * service? - * Single Onion Services prioritise availability over hiding their - * startup time, as their IP address is publicly discoverable anyway. - * Must only be called after options_validate_single_onion() has successfully - * checked onion service option consistency. - * Returns true if tor is in non-anonymous hidden service mode. */ -int -rend_service_reveal_startup_time(const or_options_t *options) -{ - tor_assert(rend_service_non_anonymous_mode_consistent(options)); - return rend_service_non_anonymous_mode_enabled(options); -} - -/* Is non-anonymous mode enabled using the HiddenServiceNonAnonymousMode - * config option? - * Must only be called after options_validate_single_onion() has successfully - * checked onion service option consistency. - */ -int -rend_service_non_anonymous_mode_enabled(const or_options_t *options) -{ - tor_assert(rend_service_non_anonymous_mode_consistent(options)); - return options->HiddenServiceNonAnonymousMode ? 1 : 0; -} - -#ifdef TOR_UNIT_TESTS - -STATIC void -set_rend_service_list(smartlist_t *new_list) -{ - rend_service_list = new_list; -} - -STATIC void -set_rend_rend_service_staging_list(smartlist_t *new_list) -{ - rend_service_staging_list = new_list; -} - -#endif /* defined(TOR_UNIT_TESTS) */ diff --git a/src/feature/rend/rendservice.h b/src/feature/rend/rendservice.h deleted file mode 100644 index 012afc0f9f..0000000000 --- a/src/feature/rend/rendservice.h +++ /dev/null @@ -1,223 +0,0 @@ -/* Copyright (c) 2001 Matej Pfajfar. - * Copyright (c) 2001-2004, Roger Dingledine. - * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file rendservice.h - * \brief Header file for rendservice.c. - **/ - -#ifndef TOR_RENDSERVICE_H -#define TOR_RENDSERVICE_H - -#include "core/or/or.h" -#include "feature/hs/hs_service.h" - -typedef struct rend_intro_cell_t rend_intro_cell_t; -struct config_line_t; - -/* This can be used for both INTRODUCE1 and INTRODUCE2 */ - -struct rend_intro_cell_t { - /* Is this an INTRODUCE1 or INTRODUCE2? (set to 1 or 2) */ - uint8_t type; - /* Public key digest */ - uint8_t pk[DIGEST_LEN]; - /* Optionally, store ciphertext here */ - uint8_t *ciphertext; - ssize_t ciphertext_len; - /* Optionally, store plaintext */ - uint8_t *plaintext; - ssize_t plaintext_len; - /* Have we parsed the plaintext? */ - uint8_t parsed; - /* intro protocol version (0, 1, 2 or 3) */ - uint8_t version; - /* Version-specific parts */ - union { - struct { - /* Rendezvous point nickname or hex-encoded key digest */ - uint8_t rp[42]; - } v0_v1; - struct { - /* The extend_info_t struct has everything v2 uses */ - extend_info_t *extend_info; - } v2; - struct { - /* Auth type used */ - uint8_t auth_type; - /* Length of auth data */ - uint16_t auth_len; - /* Auth data */ - uint8_t *auth_data; - /* Rendezvous point's IP address/port, identity digest and onion key */ - extend_info_t *extend_info; - } v3; - } u; - /* Rendezvous cookie */ - uint8_t rc[REND_COOKIE_LEN]; - /* Diffie-Hellman data */ - uint8_t dh[DH1024_KEY_LEN]; -}; - -#ifdef RENDSERVICE_PRIVATE - -/** Represents a single hidden service running at this OP. */ -typedef struct rend_service_t { - /* Fields specified in config file */ - char *directory; /**< where in the filesystem it stores it. Will be NULL if - * this service is ephemeral. */ - int dir_group_readable; /**< if 1, allow group read - permissions on directory */ - smartlist_t *ports; /**< List of rend_service_port_config_t */ - rend_auth_type_t auth_type; /**< Client authorization type or 0 if no client - * authorization is performed. */ - smartlist_t *clients; /**< List of rend_authorized_client_t's of - * clients that may access our service. Can be NULL - * if no client authorization is performed. */ - /* Other fields */ - crypto_pk_t *private_key; /**< Permanent hidden-service key. */ - char service_id[REND_SERVICE_ID_LEN_BASE32+1]; /**< Onion address without - * '.onion' */ - char pk_digest[DIGEST_LEN]; /**< Hash of permanent hidden-service key. */ - smartlist_t *intro_nodes; /**< List of rend_intro_point_t's we have, - * or are trying to establish. */ - /** List of rend_intro_point_t that are expiring. They are removed once - * the new descriptor is successfully uploaded. A node in this list CAN - * NOT appear in the intro_nodes list. */ - smartlist_t *expiring_nodes; - time_t intro_period_started; /**< Start of the current period to build - * introduction points. */ - int n_intro_circuits_launched; /**< Count of intro circuits we have - * established in this period. */ - unsigned int n_intro_points_wanted; /**< Number of intro points this - * service wants to have open. */ - rend_service_descriptor_t *desc; /**< Current hidden service descriptor. */ - time_t desc_is_dirty; /**< Time at which changes to the hidden service - * descriptor content occurred, or 0 if it's - * up-to-date. */ - time_t next_upload_time; /**< Scheduled next hidden service descriptor - * upload time. */ - /** Replay cache for Diffie-Hellman values of INTRODUCE2 cells, to - * detect repeats. Clients may send INTRODUCE1 cells for the same - * rendezvous point through two or more different introduction points; - * when they do, this keeps us from launching multiple simultaneous attempts - * to connect to the same rend point. */ - replaycache_t *accepted_intro_dh_parts; - /** If true, we don't close circuits for making requests to unsupported - * ports. */ - int allow_unknown_ports; - /** The maximum number of simultaneous streams-per-circuit that are allowed - * to be established, or 0 if no limit is set. - */ - int max_streams_per_circuit; - /** If true, we close circuits that exceed the max_streams_per_circuit - * limit. */ - int max_streams_close_circuit; -} rend_service_t; - -STATIC void rend_service_free_(rend_service_t *service); -#define rend_service_free(s) \ - FREE_AND_NULL(rend_service_t, rend_service_free_, (s)) -STATIC char *rend_service_sos_poison_path(const rend_service_t *service); -STATIC int rend_service_verify_single_onion_poison( - const rend_service_t *s, - const or_options_t *options); -STATIC int rend_service_poison_new_single_onion_dir( - const rend_service_t *s, - const or_options_t* options); -#ifdef TOR_UNIT_TESTS - -STATIC void set_rend_service_list(smartlist_t *new_list); -STATIC void set_rend_rend_service_staging_list(smartlist_t *new_list); -STATIC void rend_service_prune_list_impl_(void); - -#endif /* defined(TOR_UNIT_TESTS) */ - -#endif /* defined(RENDSERVICE_PRIVATE) */ - -int rend_num_services(void); -struct hs_opts_t; -int rend_config_service(const struct hs_opts_t *hs_opts, - const or_options_t *options, - hs_service_config_t *config); -void rend_service_prune_list(void); -void rend_service_free_staging_list(void); -int rend_service_load_all_keys(const smartlist_t *service_list); -int rend_service_key_on_disk(const char *directory_path); -void rend_services_add_filenames_to_lists(smartlist_t *open_lst, - smartlist_t *stat_lst); -void rend_consider_services_intro_points(time_t now); -void rend_consider_services_upload(time_t now); -void rend_hsdir_routers_changed(void); -void rend_consider_descriptor_republication(void); - -void rend_service_intro_has_opened(origin_circuit_t *circuit); -int rend_service_intro_established(origin_circuit_t *circuit, - const uint8_t *request, - size_t request_len); -void rend_service_rendezvous_has_opened(origin_circuit_t *circuit); -int rend_service_receive_introduction(origin_circuit_t *circuit, - const uint8_t *request, - size_t request_len); -int rend_service_decrypt_intro(rend_intro_cell_t *request, - crypto_pk_t *key, - char **err_msg_out); -void rend_service_free_intro_(rend_intro_cell_t *request); -#define rend_service_free_intro(req) do { \ - rend_service_free_intro_(req); \ - (req) = NULL; \ - } while (0) -rend_intro_cell_t * rend_service_begin_parse_intro(const uint8_t *request, - size_t request_len, - uint8_t type, - char **err_msg_out); -int rend_service_parse_intro_plaintext(rend_intro_cell_t *intro, - char **err_msg_out); -ssize_t rend_service_encode_establish_intro_cell(char *cell_body_out, - size_t cell_body_out_len, - crypto_pk_t *intro_key, - const char *rend_circ_nonce); -int rend_service_validate_intro_late(const rend_intro_cell_t *intro, - char **err_msg_out); -void rend_service_relaunch_rendezvous(origin_circuit_t *oldcirc); -int rend_service_set_connection_addr_port(edge_connection_t *conn, - origin_circuit_t *circ); -void rend_service_dump_stats(int severity); -void rend_service_free_all(void); -void rend_service_init(void); - -rend_service_port_config_t *rend_service_parse_port_config(const char *string, - const char *sep, - char **err_msg_out); -void rend_service_port_config_free_(rend_service_port_config_t *p); -#define rend_service_port_config_free(p) \ - FREE_AND_NULL(rend_service_port_config_t, rend_service_port_config_free_, \ - (p)) - -void rend_authorized_client_free_(rend_authorized_client_t *client); -#define rend_authorized_client_free(client) \ - FREE_AND_NULL(rend_authorized_client_t, rend_authorized_client_free_, \ - (client)) - -hs_service_add_ephemeral_status_t rend_service_add_ephemeral(crypto_pk_t *pk, - smartlist_t *ports, - int max_streams_per_circuit, - int max_streams_close_circuit, - rend_auth_type_t auth_type, - smartlist_t *auth_clients, - char **service_id_out); -int rend_service_del_ephemeral(const char *service_id); - -void directory_post_to_hs_dir(rend_service_descriptor_t *renddesc, - smartlist_t *descs, smartlist_t *hs_dirs, - const char *service_id, int seconds_valid); -void rend_service_desc_has_uploaded(const rend_data_t *rend_data); - -int rend_service_allow_non_anonymous_connection(const or_options_t *options); -int rend_service_reveal_startup_time(const or_options_t *options); -int rend_service_non_anonymous_mode_enabled(const or_options_t *options); - -#endif /* !defined(TOR_RENDSERVICE_H) */ diff --git a/src/feature/stats/bw_array_st.h b/src/feature/stats/bw_array_st.h index 2d05ff0f77..caf4ae1793 100644 --- a/src/feature/stats/bw_array_st.h +++ b/src/feature/stats/bw_array_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/stats/bwhist.c b/src/feature/stats/bwhist.c index 06ad48e5c3..552dc7ad74 100644 --- a/src/feature/stats/bwhist.c +++ b/src/feature/stats/bwhist.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/stats/bwhist.h b/src/feature/stats/bwhist.h index 01055df720..d61c442e5d 100644 --- a/src/feature/stats/bwhist.h +++ b/src/feature/stats/bwhist.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -38,7 +38,7 @@ STATIC void add_obs(bw_array_t *b, time_t when, uint64_t n); STATIC void bw_array_free_(bw_array_t *b); STATIC size_t bwhist_fill_bandwidth_history(char *buf, size_t len, const bw_array_t *b); -#endif /* defined(REPHIST_PRIVATE) */ +#endif /* defined(BWHIST_PRIVATE) */ #ifdef TOR_UNIT_TESTS extern struct bw_array_t *write_array; diff --git a/src/feature/stats/connstats.c b/src/feature/stats/connstats.c index 827a332be1..8e52bdb0e9 100644 --- a/src/feature/stats/connstats.c +++ b/src/feature/stats/connstats.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/stats/connstats.h b/src/feature/stats/connstats.h index 1a03d0748b..7994c220ac 100644 --- a/src/feature/stats/connstats.h +++ b/src/feature/stats/connstats.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/stats/geoip_stats.c b/src/feature/stats/geoip_stats.c index a733653dde..a0fe8597c1 100644 --- a/src/feature/stats/geoip_stats.c +++ b/src/feature/stats/geoip_stats.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -196,6 +196,8 @@ clientmap_entry_new(geoip_client_action_t action, const tor_addr_t *addr, if (transport_name) { entry->transport_name = tor_strdup(transport_name); } + /* Initialize the DoS object. */ + dos_geoip_entry_init(entry); /* Allocated and initialized, note down its size for the OOM handler. */ geoip_increment_client_history_cache_size(clientmap_entry_size(entry)); @@ -1204,11 +1206,11 @@ format_bridge_stats_controller(time_t now) char * format_client_stats_heartbeat(time_t now) { - const int n_hours = 6; + const int n_seconds = get_options()->HeartbeatPeriod; char *out = NULL; int n_clients = 0; clientmap_entry_t **ent; - unsigned cutoff = (unsigned)( (now-n_hours*3600)/60 ); + unsigned cutoff = (unsigned)( (now-n_seconds)/60 ); if (!start_of_bridge_stats_interval) return NULL; /* Not initialized. */ @@ -1224,8 +1226,7 @@ format_client_stats_heartbeat(time_t now) } tor_asprintf(&out, "Heartbeat: " - "In the last %d hours, I have seen %d unique clients.", - n_hours, + "Since last heartbeat message, I have seen %d unique clients.", n_clients); return out; diff --git a/src/feature/stats/geoip_stats.h b/src/feature/stats/geoip_stats.h index fcfe7a31f0..b54304337a 100644 --- a/src/feature/stats/geoip_stats.h +++ b/src/feature/stats/geoip_stats.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/stats/predict_ports.c b/src/feature/stats/predict_ports.c index 57463952e7..f182d0f71b 100644 --- a/src/feature/stats/predict_ports.c +++ b/src/feature/stats/predict_ports.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -273,8 +273,6 @@ rep_hist_circbuilding_dormant(time_t now) (!router_all_orports_seem_reachable(options) || !circuit_enough_testing_circs())) return 0; - if (!router_dirport_seems_reachable(options)) - return 0; return 1; } diff --git a/src/feature/stats/predict_ports.h b/src/feature/stats/predict_ports.h index ed067b6ced..82e7fa739b 100644 --- a/src/feature/stats/predict_ports.h +++ b/src/feature/stats/predict_ports.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/feature/stats/rephist.c b/src/feature/stats/rephist.c index 3c22fda3b8..d1ccc5edf5 100644 --- a/src/feature/stats/rephist.c +++ b/src/feature/stats/rephist.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -69,6 +69,7 @@ #define REPHIST_PRIVATE #include "core/or/or.h" #include "app/config/config.h" +#include "core/mainloop/connection.h" #include "core/or/circuitlist.h" #include "core/or/connection_or.h" #include "feature/dirauth/authmode.h" @@ -84,6 +85,8 @@ #include "feature/nodelist/networkstatus_st.h" #include "core/or/or_circuit_st.h" +#include <event2/dns.h> + #ifdef HAVE_FCNTL_H #include <fcntl.h> #endif @@ -183,6 +186,405 @@ static time_t started_tracking_stability = 0; /** Map from hex OR identity digest to or_history_t. */ static digestmap_t *history_map = NULL; +/** Represents a state of overload stats. + * + * All the timestamps in this structure have already been rounded down to the + * nearest hour. */ +typedef struct { + /* When did we last experience a general overload? */ + time_t overload_general_time; + + /* When did we last experience a bandwidth-related overload? */ + time_t overload_ratelimits_time; + /* How many times have we gone off the our read limits? */ + uint64_t overload_read_count; + /* How many times have we gone off the our write limits? */ + uint64_t overload_write_count; + + /* When did we last experience a file descriptor exhaustion? */ + time_t overload_fd_exhausted_time; + /* How many times have we experienced a file descriptor exhaustion? */ + uint64_t overload_fd_exhausted; +} overload_stats_t; + +/** Current state of overload stats */ +static overload_stats_t overload_stats; + +/** Counters to count the number of times we've reached an overload for the + * global connection read/write limit. Reported on the MetricsPort. */ +static uint64_t stats_n_read_limit_reached = 0; +static uint64_t stats_n_write_limit_reached = 0; + +/** Total number of times we've reached TCP port exhaustion. */ +static uint64_t stats_n_tcp_exhaustion = 0; + +/***** DNS statistics *****/ + +/** Overload DNS statistics. The information in this object is used to assess + * if, due to DNS errors, we should emit a general overload signal or not. + * + * NOTE: This structure is _not_ per DNS query type like the statistics below + * because of a libevent bug + * (https://github.com/libevent/libevent/issues/1219), on error, the type is + * not propagated up back to the user and so we need to keep our own stats for + * the overload signal. */ +typedef struct { + /** Total number of DNS request seen at an Exit. They might not all end + * successfully or might even be lost by tor. This counter is incremented + * right before the DNS request is initiated. */ + uint64_t stats_n_request; + + /** When is the next assessment time of the general overload for DNS errors. + * Once this time is reached, all stats are reset and this time is set to the + * next assessment time. */ + time_t next_assessment_time; +} overload_dns_stats_t; + +/** Keep track of the DNS requests for the general overload state. */ +static overload_dns_stats_t overload_dns_stats; + +/** Represents the statistics of DNS queries seen if it is an Exit. */ +typedef struct { + /* Total number of DNS errors found in RFC 1035 (from 0 to 5 code). */ + uint64_t stats_n_error_none; /* 0 */ + uint64_t stats_n_error_format; /* 1 */ + uint64_t stats_n_error_serverfailed; /* 2 */ + uint64_t stats_n_error_notexist; /* 3 */ + uint64_t stats_n_error_notimpl; /* 4 */ + uint64_t stats_n_error_refused; /* 5 */ + + /* Total number of DNS errors specific to libevent. */ + uint64_t stats_n_error_truncated; /* 65 */ + uint64_t stats_n_error_unknown; /* 66 */ + uint64_t stats_n_error_tor_timeout; /* 67 */ + uint64_t stats_n_error_shutdown; /* 68 */ + uint64_t stats_n_error_cancel; /* 69 */ + uint64_t stats_n_error_nodata; /* 70 */ + + /* Total number of DNS request seen at an Exit. They might not all end + * successfully or might even be lost by tor. This counter is incremented + * right before the DNS request is initiated. */ + uint64_t stats_n_request; +} dns_stats_t; + +/* This is disabled because of the libevent bug where on error we don't get the + * DNS query type back. Once it is fixed, we can re-enable this. */ +#if 0 +/** DNS statistics store for each DNS record type for which tor supports only + * three at the moment: A, PTR and AAAA. */ +static dns_stats_t dns_A_stats; +static dns_stats_t dns_PTR_stats; +static dns_stats_t dns_AAAA_stats; +#endif + +/** DNS query statistics store. It covers all type of queries. */ +static dns_stats_t dns_all_stats; + +/** Return the point to the DNS statistics store. Ignore the type for now + * because of a libevent problem. */ +static inline dns_stats_t * +get_dns_stats_by_type(const int type) +{ + (void) type; + return &dns_all_stats; +} + +#if 0 +/** From a libevent record type, return a pointer to the corresponding DNS + * statistics store. NULL is returned if the type is unhandled. */ +static inline dns_stats_t * +get_dns_stats_by_type(const int type) +{ + switch (type) { + case DNS_IPv4_A: + return &dns_A_stats; + case DNS_PTR: + return &dns_PTR_stats; + case DNS_IPv6_AAAA: + return &dns_AAAA_stats; + default: + return NULL; + } +} +#endif + +/** Return the DNS error count for the given libevent DNS type and error code. + * The possible types are: DNS_IPv4_A, DNS_PTR, DNS_IPv6_AAAA. */ +uint64_t +rep_hist_get_n_dns_error(int type, uint8_t error) +{ + dns_stats_t *dns_stats = get_dns_stats_by_type(type); + if (BUG(!dns_stats)) { + return 0; + } + + switch (error) { + case DNS_ERR_NONE: + return dns_stats->stats_n_error_none; + case DNS_ERR_FORMAT: + return dns_stats->stats_n_error_format; + case DNS_ERR_SERVERFAILED: + return dns_stats->stats_n_error_serverfailed; + case DNS_ERR_NOTEXIST: + return dns_stats->stats_n_error_notexist; + case DNS_ERR_NOTIMPL: + return dns_stats->stats_n_error_notimpl; + case DNS_ERR_REFUSED: + return dns_stats->stats_n_error_refused; + case DNS_ERR_TRUNCATED: + return dns_stats->stats_n_error_truncated; + case DNS_ERR_UNKNOWN: + return dns_stats->stats_n_error_unknown; + case DNS_ERR_TIMEOUT: + return dns_stats->stats_n_error_tor_timeout; + case DNS_ERR_SHUTDOWN: + return dns_stats->stats_n_error_shutdown; + case DNS_ERR_CANCEL: + return dns_stats->stats_n_error_cancel; + case DNS_ERR_NODATA: + return dns_stats->stats_n_error_nodata; + default: + /* Unhandled code sent back by libevent. */ + return 0; + } +} + +/** Return the total number of DNS request seen for the given libevent DNS + * record type. Possible types are: DNS_IPv4_A, DNS_PTR, DNS_IPv6_AAAA. */ +uint64_t +rep_hist_get_n_dns_request(int type) +{ + dns_stats_t *dns_stats = get_dns_stats_by_type(type); + if (BUG(!dns_stats)) { + return 0; + } + return dns_stats->stats_n_request; +} + +/** Note a DNS error for the given given libevent DNS record type and error + * code. Possible types are: DNS_IPv4_A, DNS_PTR, DNS_IPv6_AAAA. + * + * NOTE: Libevent is _not_ returning the type in case of an error and so if + * error is anything but DNS_ERR_NONE, the type is not usable and set to 0. + * + * See: https://gitlab.torproject.org/tpo/core/tor/-/issues/40490 */ +void +rep_hist_note_dns_error(int type, uint8_t error) +{ + overload_dns_stats.stats_n_request++; + + /* Again, the libevent bug (see function comment), for an error that is + * anything but DNS_ERR_NONE, the type is always 0 which means that we don't + * have a DNS stat object for it so this code will do nothing until libevent + * is fixed. */ + dns_stats_t *dns_stats = get_dns_stats_by_type(type); + /* Unsupported DNS query type. */ + if (!dns_stats) { + return; + } + + switch (error) { + case DNS_ERR_NONE: + dns_stats->stats_n_error_none++; + break; + case DNS_ERR_FORMAT: + dns_stats->stats_n_error_format++; + break; + case DNS_ERR_SERVERFAILED: + dns_stats->stats_n_error_serverfailed++; + break; + case DNS_ERR_NOTEXIST: + dns_stats->stats_n_error_notexist++; + break; + case DNS_ERR_NOTIMPL: + dns_stats->stats_n_error_notimpl++; + break; + case DNS_ERR_REFUSED: + dns_stats->stats_n_error_refused++; + break; + case DNS_ERR_TRUNCATED: + dns_stats->stats_n_error_truncated++; + break; + case DNS_ERR_UNKNOWN: + dns_stats->stats_n_error_unknown++; + break; + case DNS_ERR_TIMEOUT: + dns_stats->stats_n_error_tor_timeout++; + break; + case DNS_ERR_SHUTDOWN: + dns_stats->stats_n_error_shutdown++; + break; + case DNS_ERR_CANCEL: + dns_stats->stats_n_error_cancel++; + break; + case DNS_ERR_NODATA: + dns_stats->stats_n_error_nodata++; + break; + default: + /* Unhandled code sent back by libevent. */ + break; + } +} + +/** Note a DNS request for the given given libevent DNS record type. */ +void +rep_hist_note_dns_request(int type) +{ + dns_stats_t *dns_stats = get_dns_stats_by_type(type); + if (BUG(!dns_stats)) { + return; + } + dns_stats->stats_n_request++; +} + +/***** END of DNS statistics *****/ + +/** Return true if this overload happened within the last `n_hours`. */ +static bool +overload_happened_recently(time_t overload_time, int n_hours) +{ + /* An overload is relevant if it happened in the last 72 hours */ + if (overload_time > approx_time() - 3600 * n_hours) { + return true; + } + return false; +} + +/* The current version of the overload stats version */ +#define OVERLOAD_STATS_VERSION 1 + +/** Return the stats_n_read_limit_reached counter. */ +uint64_t +rep_hist_get_n_read_limit_reached(void) +{ + return stats_n_read_limit_reached; +} + +/** Return the stats_n_write_limit_reached counter. */ +uint64_t +rep_hist_get_n_write_limit_reached(void) +{ + return stats_n_write_limit_reached; +} + +/** Returns an allocated string for server descriptor for publising information + * on whether we are overloaded or not. */ +char * +rep_hist_get_overload_general_line(void) +{ + char *result = NULL; + char tbuf[ISO_TIME_LEN+1]; + + /* Encode the general overload */ + if (overload_happened_recently(overload_stats.overload_general_time, 72)) { + format_iso_time(tbuf, overload_stats.overload_general_time); + tor_asprintf(&result, "overload-general %d %s\n", + OVERLOAD_STATS_VERSION, tbuf); + } + + return result; +} + +/** Returns an allocated string for extra-info documents for publishing + * overload statistics. */ +char * +rep_hist_get_overload_stats_lines(void) +{ + char *result = NULL; + smartlist_t *chunks = smartlist_new(); + char tbuf[ISO_TIME_LEN+1]; + + /* Add bandwidth-related overloads */ + if (overload_happened_recently(overload_stats.overload_ratelimits_time,24)) { + const or_options_t *options = get_options(); + format_iso_time(tbuf, overload_stats.overload_ratelimits_time); + smartlist_add_asprintf(chunks, + "overload-ratelimits %d %s %" PRIu64 " %" PRIu64 + " %" PRIu64 " %" PRIu64 "\n", + OVERLOAD_STATS_VERSION, tbuf, + options->BandwidthRate, options->BandwidthBurst, + overload_stats.overload_read_count, + overload_stats.overload_write_count); + } + + /* Finally file descriptor overloads */ + if (overload_happened_recently( + overload_stats.overload_fd_exhausted_time, 72)) { + format_iso_time(tbuf, overload_stats.overload_fd_exhausted_time); + smartlist_add_asprintf(chunks, "overload-fd-exhausted %d %s\n", + OVERLOAD_STATS_VERSION, tbuf); + } + + /* Bail early if we had nothing to write */ + if (smartlist_len(chunks) == 0) { + goto done; + } + + result = smartlist_join_strings(chunks, "", 0, NULL); + + done: + SMARTLIST_FOREACH(chunks, char *, cp, tor_free(cp)); + smartlist_free(chunks); + return result; +} + +/** Round down the time in `a` to the beginning of the current hour */ +#define SET_TO_START_OF_HOUR(a) STMT_BEGIN \ + (a) = approx_time() - (approx_time() % 3600); \ +STMT_END + +/** Note down an overload event of type `overload`. */ +void +rep_hist_note_overload(overload_type_t overload) +{ + static time_t last_read_counted = 0; + static time_t last_write_counted = 0; + + switch (overload) { + case OVERLOAD_GENERAL: + SET_TO_START_OF_HOUR(overload_stats.overload_general_time); + break; + case OVERLOAD_READ: { + stats_n_read_limit_reached++; + SET_TO_START_OF_HOUR(overload_stats.overload_ratelimits_time); + if (approx_time() >= last_read_counted + 60) { /* Count once a minute */ + overload_stats.overload_read_count++; + last_read_counted = approx_time(); + } + break; + } + case OVERLOAD_WRITE: { + stats_n_write_limit_reached++; + SET_TO_START_OF_HOUR(overload_stats.overload_ratelimits_time); + if (approx_time() >= last_write_counted + 60) { /* Count once a minute */ + overload_stats.overload_write_count++; + last_write_counted = approx_time(); + } + break; + } + case OVERLOAD_FD_EXHAUSTED: + SET_TO_START_OF_HOUR(overload_stats.overload_fd_exhausted_time); + overload_stats.overload_fd_exhausted++; + break; + } +} + +/** Note down that we've reached a TCP port exhaustion. This triggers an + * overload general event. */ +void +rep_hist_note_tcp_exhaustion(void) +{ + stats_n_tcp_exhaustion++; + rep_hist_note_overload(OVERLOAD_GENERAL); +} + +/** Return the total number of TCP exhaustion times we've reached. */ +uint64_t +rep_hist_get_n_tcp_exhaustion(void) +{ + return stats_n_tcp_exhaustion; +} + /** Return the or_history_t for the OR with identity digest <b>id</b>, * creating it if necessary. */ static or_history_t * @@ -382,7 +784,7 @@ rep_hist_downrate_old_runs(time_t now) return stability_last_downrated + STABILITY_INTERVAL; /* Okay, we should downrate the data. By how much? */ - while (stability_last_downrated + STABILITY_INTERVAL < now) { + while (stability_last_downrated + STABILITY_INTERVAL <= now) { stability_last_downrated += STABILITY_INTERVAL; alpha *= STABILITY_ALPHA; } @@ -1237,6 +1639,183 @@ rep_hist_note_exit_stream_opened(uint16_t port) log_debug(LD_HIST, "Opened exit stream to port %d", port); } +/*** Exit streams statistics ***/ + +/** Number of BEGIN streams seen. */ +static uint64_t streams_begin_seen; +/** Number of BEGIN_DIR streams seen. */ +static uint64_t streams_begindir_seen; +/** Number of RESOLVE streams seen. */ +static uint64_t streams_resolve_seen; + +/** Note a stream as seen for the given relay command. */ +void +rep_hist_note_exit_stream(unsigned int cmd) +{ + switch (cmd) { + case RELAY_COMMAND_BEGIN: + streams_begin_seen++; + break; + case RELAY_COMMAND_BEGIN_DIR: + streams_begindir_seen++; + break; + case RELAY_COMMAND_RESOLVE: + streams_resolve_seen++; + break; + default: + tor_assert_nonfatal_unreached_once(); + break; + } +} + +/** Return number of stream seen for the given command. */ +uint64_t +rep_hist_get_exit_stream_seen(unsigned int cmd) +{ + switch (cmd) { + case RELAY_COMMAND_BEGIN: + return streams_begin_seen; + case RELAY_COMMAND_BEGIN_DIR: + return streams_begindir_seen; + case RELAY_COMMAND_RESOLVE: + return streams_resolve_seen; + default: + return 0; + } +} + +/******* Connections statistics *******/ + +#define CONN_DIRECTION_INITIATED 0 +#define CONN_DIRECTION_RECEIVED 1 + +#define CONN_DIRECTION(from_listener) \ + (from_listener) ? CONN_DIRECTION_RECEIVED : CONN_DIRECTION_INITIATED + +/** Number of connections created as in seen per direction per type. */ +static uint64_t conn_num_created_v4[2][CONN_TYPE_MAX_]; +static uint64_t conn_num_created_v6[2][CONN_TYPE_MAX_]; +/** Number of connections opened per direction per type. */ +static uint64_t conn_num_opened_v4[2][CONN_TYPE_MAX_]; +static uint64_t conn_num_opened_v6[2][CONN_TYPE_MAX_]; +/** Number of connections rejected per type. Always inbound. */ +static uint64_t conn_num_rejected_v4[CONN_TYPE_MAX_]; +static uint64_t conn_num_rejected_v6[CONN_TYPE_MAX_]; + +/** Note that a connection has opened of the given type. */ +void +rep_hist_note_conn_opened(bool from_listener, unsigned int type, int af) +{ + tor_assert(type <= CONN_TYPE_MAX_); + + unsigned int dir = CONN_DIRECTION(from_listener); + + switch (af) { + case AF_INET: + conn_num_created_v4[dir][type]++; + conn_num_opened_v4[dir][type]++; + break; + case AF_INET6: + conn_num_created_v6[dir][type]++; + conn_num_opened_v6[dir][type]++; + break; + default: + /* Ignore non IP connections at this point in time. */ + break; + } +} + +/** Note that a connection has closed of the given type. */ +void +rep_hist_note_conn_closed(bool from_listener, unsigned int type, int af) +{ + tor_assert(type <= CONN_TYPE_MAX_); + + unsigned int dir = CONN_DIRECTION(from_listener); + + switch (af) { + case AF_INET: + if (conn_num_opened_v4[dir][type] > 0) { + conn_num_opened_v4[dir][type]--; + } + break; + case AF_INET6: + if (conn_num_opened_v6[dir][type] > 0) { + conn_num_opened_v6[dir][type]--; + } + break; + default: + /* Ignore non IP connections at this point in time. */ + break; + } +} + +/** Note that a connection has rejected of the given type. */ +void +rep_hist_note_conn_rejected(unsigned int type, int af) +{ + tor_assert(type <= CONN_TYPE_MAX_); + + switch (af) { + case AF_INET: + conn_num_rejected_v4[type]++; + break; + case AF_INET6: + conn_num_rejected_v6[type]++; + break; + default: + /* Ignore non IP connections at this point in time. */ + break; + } +} + +/** Return number of created connections of the given type. */ +uint64_t +rep_hist_get_conn_created(bool from_listener, unsigned int type, int af) +{ + tor_assert(type <= CONN_TYPE_MAX_); + unsigned int dir = CONN_DIRECTION(from_listener); + switch (af) { + case AF_INET: + return conn_num_created_v4[dir][type]; + case AF_INET6: + return conn_num_created_v6[dir][type]; + default: + return 0; + } +} + +/** Return number of opened connections of the given type. */ +uint64_t +rep_hist_get_conn_opened(bool from_listener, unsigned int type, int af) +{ + tor_assert(type <= CONN_TYPE_MAX_); + unsigned int dir = CONN_DIRECTION(from_listener); + switch (af) { + case AF_INET: + return conn_num_opened_v4[dir][type]; + case AF_INET6: + return conn_num_opened_v6[dir][type]; + default: + return 0; + } +} + +/** Return number of opened connections of the given type. */ +uint64_t +rep_hist_get_conn_rejected(unsigned int type, int af) +{ + tor_assert(type <= CONN_TYPE_MAX_); + switch (af) { + case AF_INET: + return conn_num_rejected_v4[type]; + case AF_INET6: + return conn_num_rejected_v6[type]; + default: + return 0; + } +} + /*** cell statistics ***/ /** Start of the current buffer stats interval or 0 if we're not @@ -1649,17 +2228,155 @@ rep_hist_note_desc_served(const char * desc) /** Internal statistics to track how many requests of each type of * handshake we've received, and how many we've assigned to cpuworkers. * Useful for seeing trends in cpu load. + * + * They are reset at every heartbeat. * @{ */ -STATIC int onion_handshakes_requested[MAX_ONION_HANDSHAKE_TYPE+1] = {0}; -STATIC int onion_handshakes_assigned[MAX_ONION_HANDSHAKE_TYPE+1] = {0}; +STATIC int onion_handshakes_requested[MAX_ONION_STAT_TYPE+1] = {0}; +STATIC int onion_handshakes_assigned[MAX_ONION_STAT_TYPE+1] = {0}; /**@}*/ +/** Counters keeping the same stats as above but for the entire duration of the + * process (not reset). */ +static uint64_t stats_n_onionskin_assigned[MAX_ONION_STAT_TYPE+1] = {0}; +static uint64_t stats_n_onionskin_dropped[MAX_ONION_STAT_TYPE+1] = {0}; + +/* We use a scale here so we can represent percentages with decimal points by + * scaling the value by this factor and so 0.5% becomes a value of 500. + * Default is 1% and thus min and max range is 0 to 100%. */ +#define OVERLOAD_ONIONSKIN_NTOR_PERCENT_SCALE 1000.0 +#define OVERLOAD_ONIONSKIN_NTOR_PERCENT_DEFAULT 1000 +#define OVERLOAD_ONIONSKIN_NTOR_PERCENT_MIN 0 +#define OVERLOAD_ONIONSKIN_NTOR_PERCENT_MAX 100000 + +/** Consensus parameter: indicate what fraction of ntor onionskin drop over the + * total number of requests must be reached before we trigger a general + * overload signal.*/ +static double overload_onionskin_ntor_fraction = + OVERLOAD_ONIONSKIN_NTOR_PERCENT_DEFAULT / + OVERLOAD_ONIONSKIN_NTOR_PERCENT_SCALE / 100.0; + +/* Number of seconds for the assessment period. Default is 6 hours (21600) and + * the min max range is within a 32bit value. We align this period to the + * Heartbeat so the logs would match this period more or less. */ +#define OVERLOAD_ONIONSKIN_NTOR_PERIOD_SECS_DEFAULT (60 * 60 * 6) +#define OVERLOAD_ONIONSKIN_NTOR_PERIOD_SECS_MIN 0 +#define OVERLOAD_ONIONSKIN_NTOR_PERIOD_SECS_MAX INT32_MAX + +/** Consensus parameter: Period, in seconds, over which we count the number of + * ntor onionskins requests and how many were dropped. After that period, we + * assess if we trigger an overload or not. */ +static int32_t overload_onionskin_ntor_period_secs = + OVERLOAD_ONIONSKIN_NTOR_PERIOD_SECS_DEFAULT; + +/** Structure containing information for an assessment period of the onionskin + * drop overload general signal. + * + * It is used to track, within a time period, how many requests we've gotten + * and how many were dropped. The overload general signal is decided from these + * depending on some consensus parameters. */ +typedef struct { + /** Total number of ntor onionskin requested for an assessment period. */ + uint64_t n_ntor_requested; + + /** Total number of dropped ntor onionskins for an assessment period. */ + uint64_t n_ntor_dropped; + + /** When is the next assessment time of the general overload for ntor + * onionskin drop. Once this time is reached, all stats are reset and this + * time is set to the next assessment time. */ + time_t next_assessment_time; +} overload_onionskin_assessment_t; + +/** Keep track of the onionskin requests for an assessment period. */ +static overload_onionskin_assessment_t overload_onionskin_assessment; + +/** + * We combine ntorv3 and ntor into the same stat, so we must + * use this function to covert the cell type to a stat index. + */ +static inline uint16_t +onionskin_type_to_stat(uint16_t type) +{ + if (type == ONION_HANDSHAKE_TYPE_NTOR_V3) { + return ONION_HANDSHAKE_TYPE_NTOR; + } + + if (BUG(type > MAX_ONION_STAT_TYPE)) { + return MAX_ONION_STAT_TYPE; // use ntor if out of range + } + + return type; +} + +/** Assess our ntor handshake statistics and decide if we need to emit a + * general overload signal. + * + * Regardless of overloaded or not, if the assessment time period has passed, + * the stats are reset back to 0 and the assessment time period updated. + * + * This is called when a ntor handshake is _requested_ because we want to avoid + * to have an assymetric situation where requested counter is reset to 0 but + * then a drop happens leading to the drop counter being incremented while the + * requested counter is 0. */ +static void +overload_general_onionskin_assessment(void) +{ + /* Initialize the time. Should be done once. */ + if (overload_onionskin_assessment.next_assessment_time == 0) { + goto reset; + } + + /* Not the time yet. */ + if (overload_onionskin_assessment.next_assessment_time > approx_time()) { + goto done; + } + + /* Make sure we have enough requests to be able to make a proper assessment. + * We want to avoid 1 single request/drop to trigger an overload as we want + * at least the number of requests to be above the scale of our fraction. */ + if (overload_onionskin_assessment.n_ntor_requested < + OVERLOAD_ONIONSKIN_NTOR_PERCENT_SCALE) { + goto done; + } + + /* Lets see if we can signal a general overload. */ + double fraction = (double) overload_onionskin_assessment.n_ntor_dropped / + (double) overload_onionskin_assessment.n_ntor_requested; + if (fraction >= overload_onionskin_ntor_fraction) { + log_notice(LD_HIST, "General overload -> Ntor dropped (%" PRIu64 ") " + "fraction %.4f%% is above threshold of %.4f%%", + overload_onionskin_assessment.n_ntor_dropped, + fraction * 100.0, + overload_onionskin_ntor_fraction * 100.0); + rep_hist_note_overload(OVERLOAD_GENERAL); + } + + reset: + /* Reset counters for the next period. */ + overload_onionskin_assessment.n_ntor_dropped = 0; + overload_onionskin_assessment.n_ntor_requested = 0; + overload_onionskin_assessment.next_assessment_time = + approx_time() + overload_onionskin_ntor_period_secs; + + done: + return; +} + /** A new onionskin (using the <b>type</b> handshake) has arrived. */ void rep_hist_note_circuit_handshake_requested(uint16_t type) { - if (type <= MAX_ONION_HANDSHAKE_TYPE) - onion_handshakes_requested[type]++; + uint16_t stat = onionskin_type_to_stat(type); + + onion_handshakes_requested[stat]++; + + /* Only relays get to record requested onionskins. */ + if (stat == ONION_HANDSHAKE_TYPE_NTOR) { + /* Assess if we've reached the overload general signal. */ + overload_general_onionskin_assessment(); + + overload_onionskin_assessment.n_ntor_requested++; + } } /** We've sent an onionskin (using the <b>type</b> handshake) to a @@ -1667,28 +2384,52 @@ rep_hist_note_circuit_handshake_requested(uint16_t type) void rep_hist_note_circuit_handshake_assigned(uint16_t type) { - if (type <= MAX_ONION_HANDSHAKE_TYPE) - onion_handshakes_assigned[type]++; + onion_handshakes_assigned[onionskin_type_to_stat(type)]++; + stats_n_onionskin_assigned[onionskin_type_to_stat(type)]++; +} + +/** We've just drop an onionskin (using the <b>type</b> handshake) due to being + * overloaded. */ +void +rep_hist_note_circuit_handshake_dropped(uint16_t type) +{ + uint16_t stat = onionskin_type_to_stat(type); + + stats_n_onionskin_dropped[stat]++; + + /* Only relays get to record requested onionskins. */ + if (stat == ONION_HANDSHAKE_TYPE_NTOR) { + /* Note the dropped ntor in the overload assessment object. */ + overload_onionskin_assessment.n_ntor_dropped++; + } } /** Get the circuit handshake value that is requested. */ MOCK_IMPL(int, rep_hist_get_circuit_handshake_requested, (uint16_t type)) { - if (BUG(type > MAX_ONION_HANDSHAKE_TYPE)) { - return 0; - } - return onion_handshakes_requested[type]; + return onion_handshakes_requested[onionskin_type_to_stat(type)]; } /** Get the circuit handshake value that is assigned. */ MOCK_IMPL(int, rep_hist_get_circuit_handshake_assigned, (uint16_t type)) { - if (BUG(type > MAX_ONION_HANDSHAKE_TYPE)) { - return 0; - } - return onion_handshakes_assigned[type]; + return onion_handshakes_assigned[onionskin_type_to_stat(type)]; +} + +/** Get the total number of circuit handshake value that is assigned. */ +MOCK_IMPL(uint64_t, +rep_hist_get_circuit_n_handshake_assigned, (uint16_t type)) +{ + return stats_n_onionskin_assigned[onionskin_type_to_stat(type)]; +} + +/** Get the total number of circuit handshake value that is dropped. */ +MOCK_IMPL(uint64_t, +rep_hist_get_circuit_n_handshake_dropped, (uint16_t type)) +{ + return stats_n_onionskin_dropped[onionskin_type_to_stat(type)]; } /** Log our onionskin statistics since the last time we were called. */ @@ -1710,123 +2451,214 @@ rep_hist_log_circuit_handshake_stats(time_t now) /** Start of the current hidden service stats interval or 0 if we're * not collecting hidden service statistics. */ -static time_t start_of_hs_stats_interval; +static time_t start_of_hs_v2_stats_interval; -/** Carries the various hidden service statistics, and any other - * information needed. */ -typedef struct hs_stats_t { - /** How many relay cells have we seen as rendezvous points? */ - uint64_t rp_relay_cells_seen; +/** Our v2 statistics structure singleton. */ +static hs_v2_stats_t *hs_v2_stats = NULL; - /** Set of unique public key digests we've seen this stat period - * (could also be implemented as sorted smartlist). */ - digestmap_t *onions_seen_this_period; -} hs_stats_t; +/** HSv2 stats */ -/** Our statistics structure singleton. */ -static hs_stats_t *hs_stats = NULL; - -/** Allocate, initialize and return an hs_stats_t structure. */ -static hs_stats_t * -hs_stats_new(void) +/** Allocate, initialize and return an hs_v2_stats_t structure. */ +static hs_v2_stats_t * +hs_v2_stats_new(void) { - hs_stats_t *new_hs_stats = tor_malloc_zero(sizeof(hs_stats_t)); - new_hs_stats->onions_seen_this_period = digestmap_new(); + hs_v2_stats_t *new_hs_v2_stats = tor_malloc_zero(sizeof(hs_v2_stats_t)); - return new_hs_stats; + return new_hs_v2_stats; } -#define hs_stats_free(val) \ - FREE_AND_NULL(hs_stats_t, hs_stats_free_, (val)) +#define hs_v2_stats_free(val) \ + FREE_AND_NULL(hs_v2_stats_t, hs_v2_stats_free_, (val)) -/** Free an hs_stats_t structure. */ +/** Free an hs_v2_stats_t structure. */ static void -hs_stats_free_(hs_stats_t *victim_hs_stats) +hs_v2_stats_free_(hs_v2_stats_t *victim_hs_v2_stats) { - if (!victim_hs_stats) { + if (!victim_hs_v2_stats) { return; } + tor_free(victim_hs_v2_stats); +} - digestmap_free(victim_hs_stats->onions_seen_this_period, NULL); - tor_free(victim_hs_stats); +/** Clear history of hidden service statistics and set the measurement + * interval start to <b>now</b>. */ +static void +rep_hist_reset_hs_v2_stats(time_t now) +{ + if (!hs_v2_stats) { + hs_v2_stats = hs_v2_stats_new(); + } + + hs_v2_stats->rp_v2_relay_cells_seen = 0; + + start_of_hs_v2_stats_interval = now; } -/** Initialize hidden service statistics. */ -void -rep_hist_hs_stats_init(time_t now) +/*** HSv3 stats ******/ + +/** Start of the current hidden service stats interval or 0 if we're not + * collecting hidden service statistics. + * + * This is particularly important for v3 statistics since this variable + * controls the start time of initial v3 stats collection. It's initialized by + * rep_hist_hs_stats_init() to the next time period start (i.e. 12:00UTC), and + * should_collect_v3_stats() ensures that functions that collect v3 stats do + * not do so sooner than that. + * + * Collecting stats from 12:00UTC to 12:00UTC is extremely important for v3 + * stats because rep_hist_hsdir_stored_maybe_new_v3_onion() uses the blinded + * key of each onion service as its double-counting index. Onion services + * rotate their descriptor at around 00:00UTC which means that their blinded + * key also changes around that time. However the precise time that onion + * services rotate their descriptors is actually when they fetch a new + * 00:00UTC consensus and that happens at a random time (e.g. it can even + * happen at 02:00UTC). This means that if we started keeping v3 stats at + * around 00:00UTC we wouldn't be able to tell when onion services change + * their blinded key and hence we would double count an unpredictable amount + * of them (for example, if an onion service fetches the 00:00UTC consensus at + * 01:00UTC it would upload to its old HSDir at 00:45UTC, and then to a + * different HSDir at 01:50UTC). + * + * For this reason, we start collecting statistics at 12:00UTC. This way we + * know that by the time we stop collecting statistics for that time period 24 + * hours later, all the onion services have switched to their new blinded + * key. This way we can predict much better how much double counting has been + * performed. + */ +static time_t start_of_hs_v3_stats_interval; + +/** Our v3 statistics structure singleton. */ +static hs_v3_stats_t *hs_v3_stats = NULL; + +/** Allocate, initialize and return an hs_v3_stats_t structure. */ +static hs_v3_stats_t * +hs_v3_stats_new(void) +{ + hs_v3_stats_t *new_hs_v3_stats = tor_malloc_zero(sizeof(hs_v3_stats_t)); + new_hs_v3_stats->v3_onions_seen_this_period = digest256map_new(); + + return new_hs_v3_stats; +} + +#define hs_v3_stats_free(val) \ + FREE_AND_NULL(hs_v3_stats_t, hs_v3_stats_free_, (val)) + +/** Free an hs_v3_stats_t structure. */ +static void +hs_v3_stats_free_(hs_v3_stats_t *victim_hs_v3_stats) { - if (!hs_stats) { - hs_stats = hs_stats_new(); + if (!victim_hs_v3_stats) { + return; } - start_of_hs_stats_interval = now; + digest256map_free(victim_hs_v3_stats->v3_onions_seen_this_period, NULL); + tor_free(victim_hs_v3_stats); } /** Clear history of hidden service statistics and set the measurement * interval start to <b>now</b>. */ static void -rep_hist_reset_hs_stats(time_t now) +rep_hist_reset_hs_v3_stats(time_t now) { - if (!hs_stats) { - hs_stats = hs_stats_new(); + if (!hs_v3_stats) { + hs_v3_stats = hs_v3_stats_new(); } - hs_stats->rp_relay_cells_seen = 0; + digest256map_free(hs_v3_stats->v3_onions_seen_this_period, NULL); + hs_v3_stats->v3_onions_seen_this_period = digest256map_new(); - digestmap_free(hs_stats->onions_seen_this_period, NULL); - hs_stats->onions_seen_this_period = digestmap_new(); + hs_v3_stats->rp_v3_relay_cells_seen = 0; - start_of_hs_stats_interval = now; + start_of_hs_v3_stats_interval = now; } -/** Stop collecting hidden service stats in a way that we can re-start - * doing so in rep_hist_buffer_stats_init(). */ -void -rep_hist_hs_stats_term(void) +/** Return true if it's a good time to collect v3 stats. + * + * v3 stats have a strict stats collection period (from 12:00UTC to 12:00UTC + * on the real network). We don't want to collect statistics if (for example) + * we just booted and it's 03:00UTC; we will wait until 12:00UTC before we + * start collecting statistics to make sure that the final result represents + * the whole collection period. This behavior is controlled by + * rep_hist_hs_stats_init(). + */ +MOCK_IMPL(STATIC bool, +should_collect_v3_stats,(void)) { - rep_hist_reset_hs_stats(0); + return start_of_hs_v3_stats_interval <= approx_time(); } -/** We saw a new HS relay cell, Count it! */ +/** We just received a new descriptor with <b>blinded_key</b>. See if we've + * seen this blinded key before, and if not add it to the stats. */ void -rep_hist_seen_new_rp_cell(void) +rep_hist_hsdir_stored_maybe_new_v3_onion(const uint8_t *blinded_key) { - if (!hs_stats) { - return; // We're not collecting stats + /* Return early if we don't collect HSv3 stats, or if it's not yet the time + * to collect them. */ + if (!hs_v3_stats || !should_collect_v3_stats()) { + return; } - hs_stats->rp_relay_cells_seen++; + bool seen_before = + !!digest256map_get(hs_v3_stats->v3_onions_seen_this_period, + blinded_key); + + log_info(LD_GENERAL, "Considering v3 descriptor with %s (%sseen before)", + safe_str(hex_str((char*)blinded_key, 32)), + seen_before ? "" : "not "); + + /* Count it if we haven't seen it before. */ + if (!seen_before) { + digest256map_set(hs_v3_stats->v3_onions_seen_this_period, + blinded_key, (void*)(uintptr_t)1); + } } -/** As HSDirs, we saw another hidden service with public key - * <b>pubkey</b>. Check whether we have counted it before, if not - * count it now! */ +/** We saw a new HS relay cell: count it! + * If <b>is_v2</b> is set then it's a v2 RP cell, otherwise it's a v3. */ void -rep_hist_stored_maybe_new_hs(const crypto_pk_t *pubkey) +rep_hist_seen_new_rp_cell(bool is_v2) { - char pubkey_hash[DIGEST_LEN]; + log_debug(LD_GENERAL, "New RP cell (%d)", is_v2); - if (!hs_stats) { - return; // We're not collecting stats + if (is_v2 && hs_v2_stats) { + hs_v2_stats->rp_v2_relay_cells_seen++; + } else if (!is_v2 && hs_v3_stats && should_collect_v3_stats()) { + hs_v3_stats->rp_v3_relay_cells_seen++; } +} - /* Get the digest of the pubkey which will be used to detect whether - we've seen this hidden service before or not. */ - if (crypto_pk_get_digest(pubkey, pubkey_hash) < 0) { - /* This fail should not happen; key has been validated by - descriptor parsing code first. */ - return; +/** Generic HS stats code */ + +/** Initialize v2 and v3 hidden service statistics. */ +void +rep_hist_hs_stats_init(time_t now) +{ + if (!hs_v2_stats) { + hs_v2_stats = hs_v2_stats_new(); } - /* Check if this is the first time we've seen this hidden - service. If it is, count it as new. */ - if (!digestmap_get(hs_stats->onions_seen_this_period, - pubkey_hash)) { - digestmap_set(hs_stats->onions_seen_this_period, - pubkey_hash, (void*)(uintptr_t)1); + /* Start collecting v2 stats straight away */ + start_of_hs_v2_stats_interval = now; + + if (!hs_v3_stats) { + hs_v3_stats = hs_v3_stats_new(); } + + /* Start collecting v3 stats at the next 12:00 UTC */ + start_of_hs_v3_stats_interval = hs_get_start_time_of_next_time_period(now); } +/** Stop collecting hidden service stats in a way that we can re-start + * doing so in rep_hist_buffer_stats_init(). */ +void +rep_hist_hs_stats_term(void) +{ + rep_hist_reset_hs_v2_stats(0); + rep_hist_reset_hs_v3_stats(0); +} + +/** Stats reporting code */ + /* The number of cells that are supposed to be hidden from the adversary * by adding noise from the Laplace distribution. This value, divided by * EPSILON, is Laplace parameter b. It must be greater than 0. */ @@ -1851,58 +2683,68 @@ rep_hist_stored_maybe_new_hs(const crypto_pk_t *pubkey) #define ONIONS_SEEN_BIN_SIZE 8 /** Allocate and return a string containing hidden service stats that - * are meant to be placed in the extra-info descriptor. */ -static char * -rep_hist_format_hs_stats(time_t now) + * are meant to be placed in the extra-info descriptor. + * + * Function works for both v2 and v3 stats depending on <b>is_v3</b>. */ +STATIC char * +rep_hist_format_hs_stats(time_t now, bool is_v3) { char t[ISO_TIME_LEN+1]; char *hs_stats_string; - int64_t obfuscated_cells_seen; - int64_t obfuscated_onions_seen; + int64_t obfuscated_onions_seen, obfuscated_cells_seen; + + uint64_t rp_cells_seen = is_v3 ? + hs_v3_stats->rp_v3_relay_cells_seen : hs_v2_stats->rp_v2_relay_cells_seen; + size_t onions_seen = is_v3 ? + digest256map_size(hs_v3_stats->v3_onions_seen_this_period) : 0; + time_t start_of_hs_stats_interval = is_v3 ? + start_of_hs_v3_stats_interval : start_of_hs_v2_stats_interval; uint64_t rounded_cells_seen - = round_uint64_to_next_multiple_of(hs_stats->rp_relay_cells_seen, - REND_CELLS_BIN_SIZE); + = round_uint64_to_next_multiple_of(rp_cells_seen, REND_CELLS_BIN_SIZE); rounded_cells_seen = MIN(rounded_cells_seen, INT64_MAX); obfuscated_cells_seen = add_laplace_noise((int64_t)rounded_cells_seen, crypto_rand_double(), REND_CELLS_DELTA_F, REND_CELLS_EPSILON); uint64_t rounded_onions_seen = - round_uint64_to_next_multiple_of((size_t)digestmap_size( - hs_stats->onions_seen_this_period), - ONIONS_SEEN_BIN_SIZE); + round_uint64_to_next_multiple_of(onions_seen, ONIONS_SEEN_BIN_SIZE); rounded_onions_seen = MIN(rounded_onions_seen, INT64_MAX); obfuscated_onions_seen = add_laplace_noise((int64_t)rounded_onions_seen, crypto_rand_double(), ONIONS_SEEN_DELTA_F, ONIONS_SEEN_EPSILON); format_iso_time(t, now); - tor_asprintf(&hs_stats_string, "hidserv-stats-end %s (%d s)\n" - "hidserv-rend-relayed-cells %"PRId64" delta_f=%d " - "epsilon=%.2f bin_size=%d\n" - "hidserv-dir-onions-seen %"PRId64" delta_f=%d " - "epsilon=%.2f bin_size=%d\n", + tor_asprintf(&hs_stats_string, "%s %s (%u s)\n" + "%s %"PRId64" delta_f=%d epsilon=%.2f bin_size=%d\n" + "%s %"PRId64" delta_f=%d epsilon=%.2f bin_size=%d\n", + is_v3 ? "hidserv-v3-stats-end" : "hidserv-stats-end", t, (unsigned) (now - start_of_hs_stats_interval), - (obfuscated_cells_seen), REND_CELLS_DELTA_F, + is_v3 ? + "hidserv-rend-v3-relayed-cells" : "hidserv-rend-relayed-cells", + obfuscated_cells_seen, REND_CELLS_DELTA_F, REND_CELLS_EPSILON, REND_CELLS_BIN_SIZE, - (obfuscated_onions_seen), - ONIONS_SEEN_DELTA_F, + is_v3 ? "hidserv-dir-v3-onions-seen" :"hidserv-dir-onions-seen", + obfuscated_onions_seen, ONIONS_SEEN_DELTA_F, ONIONS_SEEN_EPSILON, ONIONS_SEEN_BIN_SIZE); return hs_stats_string; } /** If 24 hours have passed since the beginning of the current HS - * stats period, write buffer stats to $DATADIR/stats/hidserv-stats + * stats period, write buffer stats to $DATADIR/stats/hidserv-v3-stats * (possibly overwriting an existing file) and reset counters. Return * when we would next want to write buffer stats or 0 if we never want to - * write. */ + * write. Function works for both v2 and v3 stats depending on <b>is_v3</b>. + */ time_t -rep_hist_hs_stats_write(time_t now) +rep_hist_hs_stats_write(time_t now, bool is_v3) { char *str = NULL; + time_t start_of_hs_stats_interval = is_v3 ? + start_of_hs_v3_stats_interval : start_of_hs_v2_stats_interval; + if (!start_of_hs_stats_interval) { return 0; /* Not initialized. */ } @@ -1912,15 +2754,20 @@ rep_hist_hs_stats_write(time_t now) } /* Generate history string. */ - str = rep_hist_format_hs_stats(now); + str = rep_hist_format_hs_stats(now, is_v3); /* Reset HS history. */ - rep_hist_reset_hs_stats(now); + if (is_v3) { + rep_hist_reset_hs_v3_stats(now); + } else { + rep_hist_reset_hs_v2_stats(now); + } /* Try to write to disk. */ if (!check_or_create_data_subdir("stats")) { - write_to_data_subdir("stats", "hidserv-stats", str, - "hidden service stats"); + write_to_data_subdir("stats", + is_v3 ? "hidserv-v3-stats" : "hidserv-stats", + str, "hidden service stats"); } done: @@ -2134,7 +2981,8 @@ rep_hist_log_link_protocol_counts(void) void rep_hist_free_all(void) { - hs_stats_free(hs_stats); + hs_v2_stats_free(hs_v2_stats); + hs_v3_stats_free(hs_v3_stats); digestmap_free(history_map, free_or_history); tor_free(exit_bytes_read); @@ -2155,3 +3003,38 @@ rep_hist_free_all(void) tor_assert_nonfatal(rephist_total_alloc == 0); tor_assert_nonfatal_once(rephist_total_num == 0); } + +/** Called just before the consensus will be replaced. Update the consensus + * parameters in case they changed. */ +void +rep_hist_consensus_has_changed(const networkstatus_t *ns) +{ + overload_onionskin_ntor_fraction = + networkstatus_get_param(ns, "overload_onionskin_ntor_scale_percent", + OVERLOAD_ONIONSKIN_NTOR_PERCENT_DEFAULT, + OVERLOAD_ONIONSKIN_NTOR_PERCENT_MIN, + OVERLOAD_ONIONSKIN_NTOR_PERCENT_MAX) / + OVERLOAD_ONIONSKIN_NTOR_PERCENT_SCALE / 100.0; + + overload_onionskin_ntor_period_secs = + networkstatus_get_param(ns, "overload_onionskin_ntor_period_secs", + OVERLOAD_ONIONSKIN_NTOR_PERIOD_SECS_DEFAULT, + OVERLOAD_ONIONSKIN_NTOR_PERIOD_SECS_MIN, + OVERLOAD_ONIONSKIN_NTOR_PERIOD_SECS_MAX); +} + +#ifdef TOR_UNIT_TESTS +/* only exists for unit tests: get HSv2 stats object */ +const hs_v2_stats_t * +rep_hist_get_hs_v2_stats(void) +{ + return hs_v2_stats; +} + +/* only exists for unit tests: get HSv2 stats object */ +const hs_v3_stats_t * +rep_hist_get_hs_v3_stats(void) +{ + return hs_v3_stats; +} +#endif /* defined(TOR_UNIT_TESTS) */ diff --git a/src/feature/stats/rephist.h b/src/feature/stats/rephist.h index c9ebc5c328..fbfab4c451 100644 --- a/src/feature/stats/rephist.h +++ b/src/feature/stats/rephist.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -41,6 +41,16 @@ void rep_hist_note_exit_bytes(uint16_t port, size_t num_written, size_t num_read); void rep_hist_note_exit_stream_opened(uint16_t port); +void rep_hist_note_conn_opened(bool initiated, unsigned int type, int af); +void rep_hist_note_conn_closed(bool initiated, unsigned int type, int af); +void rep_hist_note_conn_rejected(unsigned int type, int af); +uint64_t rep_hist_get_conn_created(bool initiated, unsigned int type, int af); +uint64_t rep_hist_get_conn_opened(bool initiated, unsigned int type, int af); +uint64_t rep_hist_get_conn_rejected(unsigned int type, int af); + +void rep_hist_note_exit_stream(unsigned int cmd); +uint64_t rep_hist_get_exit_stream_seen(unsigned int cmd); + void rep_hist_buffer_stats_init(time_t now); void rep_hist_buffer_stats_add_circ(circuit_t *circ, time_t end_of_interval); @@ -58,17 +68,25 @@ time_t rep_hist_desc_stats_write(time_t now); void rep_hist_note_circuit_handshake_requested(uint16_t type); void rep_hist_note_circuit_handshake_assigned(uint16_t type); +void rep_hist_note_circuit_handshake_dropped(uint16_t type); void rep_hist_log_circuit_handshake_stats(time_t now); MOCK_DECL(int, rep_hist_get_circuit_handshake_requested, (uint16_t type)); MOCK_DECL(int, rep_hist_get_circuit_handshake_assigned, (uint16_t type)); +MOCK_DECL(uint64_t, rep_hist_get_circuit_n_handshake_assigned, + (uint16_t type)); +MOCK_DECL(uint64_t, rep_hist_get_circuit_n_handshake_dropped, + (uint16_t type)); + void rep_hist_hs_stats_init(time_t now); void rep_hist_hs_stats_term(void); -time_t rep_hist_hs_stats_write(time_t now); -char *rep_hist_get_hs_stats_string(void); -void rep_hist_seen_new_rp_cell(void); -void rep_hist_stored_maybe_new_hs(const crypto_pk_t *pubkey); +time_t rep_hist_hs_stats_write(time_t now, bool is_v3); + +void rep_hist_seen_new_rp_cell(bool is_v2); + +char *rep_hist_get_hs_v3_stats_string(void); +void rep_hist_hsdir_stored_maybe_new_v3_onion(const uint8_t *blinded_key); void rep_hist_free_all(void); @@ -76,13 +94,54 @@ void rep_hist_note_negotiated_link_proto(unsigned link_proto, int started_here); void rep_hist_log_link_protocol_counts(void); +uint64_t rep_hist_get_n_dns_error(int type, uint8_t error); +uint64_t rep_hist_get_n_dns_request(int type); +void rep_hist_note_dns_request(int type); +void rep_hist_note_dns_error(int type, uint8_t error); + +void rep_hist_consensus_has_changed(const networkstatus_t *ns); + +/** We combine ntor and ntorv3 stats, so we have 3 stat types: + * tap, fast, and ntor. The max type is ntor (2) */ +#define MAX_ONION_STAT_TYPE ONION_HANDSHAKE_TYPE_NTOR + extern uint64_t rephist_total_alloc; extern uint32_t rephist_total_num; #ifdef TOR_UNIT_TESTS -extern int onion_handshakes_requested[MAX_ONION_HANDSHAKE_TYPE+1]; -extern int onion_handshakes_assigned[MAX_ONION_HANDSHAKE_TYPE+1]; +extern int onion_handshakes_requested[MAX_ONION_STAT_TYPE+1]; +extern int onion_handshakes_assigned[MAX_ONION_STAT_TYPE+1]; #endif +#ifdef REPHIST_PRIVATE +/** Carries the various hidden service statistics, and any other + * information needed. */ +typedef struct hs_v2_stats_t { + /** How many v2 relay cells have we seen as rendezvous points? */ + uint64_t rp_v2_relay_cells_seen; +} hs_v2_stats_t; + +/** Structure that contains the various statistics we keep about v3 + * services. + * + * Because of the time period logic of v3 services, v3 statistics are more + * sensitive to time than v2 stats. For this reason, we collect v3 + * statistics strictly from 12:00UTC to 12:00UTC as dictated by + * 'start_of_hs_v3_stats_interval'. + **/ +typedef struct hs_v3_stats_t { + /** How many v3 relay cells have we seen as a rendezvous point? */ + uint64_t rp_v3_relay_cells_seen; + + /* The number of unique v3 onion descriptors (actually, unique v3 blind keys) + * we've seen during the measurement period */ + digest256map_t *v3_onions_seen_this_period; +} hs_v3_stats_t; + +MOCK_DECL(STATIC bool, should_collect_v3_stats,(void)); + +STATIC char *rep_hist_format_hs_stats(time_t now, bool is_v3); +#endif /* defined(REPHIST_PRIVATE) */ + /** * Represents the type of a cell for padding accounting */ @@ -108,4 +167,36 @@ void rep_hist_reset_padding_counts(void); void rep_hist_prep_published_padding_counts(time_t now); void rep_hist_padding_count_timers(uint64_t num_timers); +/** + * Represents the various types of overload we keep track of and expose in our + * extra-info descriptor. +*/ +typedef enum { + /* A general overload -- can have many different causes. */ + OVERLOAD_GENERAL, + /* We went over our configured read rate/burst bandwidth limit */ + OVERLOAD_READ, + /* We went over our configured write rate/burst bandwidth limit */ + OVERLOAD_WRITE, + /* We exhausted the file descriptors in this system */ + OVERLOAD_FD_EXHAUSTED, +} overload_type_t; + +void rep_hist_note_overload(overload_type_t overload); +char *rep_hist_get_overload_general_line(void); +char *rep_hist_get_overload_stats_lines(void); + +void rep_hist_note_tcp_exhaustion(void); +uint64_t rep_hist_get_n_tcp_exhaustion(void); + +uint64_t rep_hist_get_n_read_limit_reached(void); +uint64_t rep_hist_get_n_write_limit_reached(void); + +#ifdef TOR_UNIT_TESTS +struct hs_v2_stats_t; +const struct hs_v2_stats_t *rep_hist_get_hs_v2_stats(void); +struct hs_v3_stats_t; +const struct hs_v3_stats_t *rep_hist_get_hs_v3_stats(void); +#endif /* defined(TOR_UNIT_TESTS) */ + #endif /* !defined(TOR_REPHIST_H) */ diff --git a/src/include.am b/src/include.am index 0826da7548..36d323e6eb 100644 --- a/src/include.am +++ b/src/include.am @@ -85,7 +85,6 @@ include src/app/main/include.am include src/core/include.am include src/app/include.am -include src/rust/include.am include src/test/include.am include src/tools/include.am include src/win32/include.am diff --git a/src/lib/arch/bytes.h b/src/lib/arch/bytes.h index c72ac3eb8e..5c3c0b30ba 100644 --- a/src/lib/arch/bytes.h +++ b/src/lib/arch/bytes.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_BYTES_H diff --git a/src/lib/buf/buffers.c b/src/lib/buf/buffers.c index e9d5f7f031..e0faa84099 100644 --- a/src/lib/buf/buffers.c +++ b/src/lib/buf/buffers.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/buf/buffers.h b/src/lib/buf/buffers.h index 1361a02eba..01cb2346b6 100644 --- a/src/lib/buf/buffers.h +++ b/src/lib/buf/buffers.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/cc/compat_compiler.h b/src/lib/cc/compat_compiler.h index 96aa912652..991b33d9e7 100644 --- a/src/lib/cc/compat_compiler.h +++ b/src/lib/cc/compat_compiler.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -15,6 +15,15 @@ #include "orconfig.h" #include <inttypes.h> +#if defined(__MINGW32__) || defined(__MINGW64__) +#define MINGW_ANY +#endif + +#ifdef MINGW_ANY +/* We need this for __MINGW_PRINTF_FORMAT, alas. */ +#include <stdio.h> +#endif + #if defined(__has_feature) # if __has_feature(address_sanitizer) /* Some of the fancy glibc strcmp() macros include references to memory that @@ -36,16 +45,30 @@ #error "It seems that you encode characters in something other than ASCII." #endif +/* Use the right magic attribute on mingw, which might be printf, gnu_printf, + * or ms_printf, depending on how we're set up to build. + */ +#ifdef __MINGW_PRINTF_FORMAT +#define PRINTF_FORMAT_ATTR __MINGW_PRINTF_FORMAT +#else +#define PRINTF_FORMAT_ATTR printf +#endif +#ifdef __MINGW_SCANF_FORMAT +#define SCANF_FORMAT_ATTR __MINGW_SCANF_FORMAT +#else +#define SCANF_FORMAT_ATTR scanf +#endif + /* GCC can check printf and scanf types on arbitrary functions. */ #ifdef __GNUC__ #define CHECK_PRINTF(formatIdx, firstArg) \ - __attribute__ ((format(printf, formatIdx, firstArg))) + __attribute__ ((format(PRINTF_FORMAT_ATTR, formatIdx, firstArg))) #else #define CHECK_PRINTF(formatIdx, firstArg) #endif /* defined(__GNUC__) */ #ifdef __GNUC__ #define CHECK_SCANF(formatIdx, firstArg) \ - __attribute__ ((format(scanf, formatIdx, firstArg))) + __attribute__ ((format(SCANF_FORMAT_ATTR, formatIdx, firstArg))) #else #define CHECK_SCANF(formatIdx, firstArg) #endif /* defined(__GNUC__) */ @@ -191,10 +214,6 @@ #define OP_EQ == #define OP_NE != -#if defined(__MINGW32__) || defined(__MINGW64__) -#define MINGW_ANY -#endif - /** Macro: yield a pointer to the field at position <b>off</b> within the * structure <b>st</b>. Example: * <pre> diff --git a/src/lib/cc/tokpaste.h b/src/lib/cc/tokpaste.h index 068621b5bd..e64f2757e9 100644 --- a/src/lib/cc/tokpaste.h +++ b/src/lib/cc/tokpaste.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/cc/torint.h b/src/lib/cc/torint.h index af7a90431c..f551c01454 100644 --- a/src/lib/cc/torint.h +++ b/src/lib/cc/torint.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress.c b/src/lib/compress/compress.c index 7ce3910d84..83e63905cc 100644 --- a/src/lib/compress/compress.c +++ b/src/lib/compress/compress.c @@ -1,6 +1,6 @@ /* Copyright (c) 2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress.h b/src/lib/compress/compress.h index f36cdb82aa..c15434a1ae 100644 --- a/src/lib/compress/compress.h +++ b/src/lib/compress/compress.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_buf.c b/src/lib/compress/compress_buf.c index d1941c9da6..51cca0e7ae 100644 --- a/src/lib/compress/compress_buf.c +++ b/src/lib/compress/compress_buf.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_lzma.c b/src/lib/compress/compress_lzma.c index 8884b020e8..7e5c1a2883 100644 --- a/src/lib/compress/compress_lzma.c +++ b/src/lib/compress/compress_lzma.c @@ -1,6 +1,6 @@ /* Copyright (c) 2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_lzma.h b/src/lib/compress/compress_lzma.h index de03cda91c..c615968378 100644 --- a/src/lib/compress/compress_lzma.h +++ b/src/lib/compress/compress_lzma.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_none.c b/src/lib/compress/compress_none.c index 43c021c788..f7d065e5c8 100644 --- a/src/lib/compress/compress_none.c +++ b/src/lib/compress/compress_none.c @@ -1,6 +1,6 @@ /* Copyright (c) 2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_none.h b/src/lib/compress/compress_none.h index df696a11aa..90b27ff58f 100644 --- a/src/lib/compress/compress_none.h +++ b/src/lib/compress/compress_none.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_sys.h b/src/lib/compress/compress_sys.h index dce0549924..8d149133af 100644 --- a/src/lib/compress/compress_sys.h +++ b/src/lib/compress/compress_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_zlib.c b/src/lib/compress/compress_zlib.c index 3711e46222..52f95090fe 100644 --- a/src/lib/compress/compress_zlib.c +++ b/src/lib/compress/compress_zlib.c @@ -1,6 +1,6 @@ /* Copyright (c) 2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_zlib.h b/src/lib/compress/compress_zlib.h index 7328ce899b..f683c496c6 100644 --- a/src/lib/compress/compress_zlib.h +++ b/src/lib/compress/compress_zlib.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_zstd.c b/src/lib/compress/compress_zstd.c index 61c684068e..34a2e806f6 100644 --- a/src/lib/compress/compress_zstd.c +++ b/src/lib/compress/compress_zstd.c @@ -1,6 +1,6 @@ /* Copyright (c) 2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/compress/compress_zstd.h b/src/lib/compress/compress_zstd.h index 0fc71db749..46a8be0e45 100644 --- a/src/lib/compress/compress_zstd.h +++ b/src/lib/compress/compress_zstd.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/conf/confdecl.h b/src/lib/conf/confdecl.h index c2d3fb335d..f7ab788636 100644 --- a/src/lib/conf/confdecl.h +++ b/src/lib/conf/confdecl.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/conf/confmacros.h b/src/lib/conf/confmacros.h index 9f85d21740..71b272d212 100644 --- a/src/lib/conf/confmacros.h +++ b/src/lib/conf/confmacros.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/conf/conftesting.h b/src/lib/conf/conftesting.h index 4707c919d3..0b4a720ae8 100644 --- a/src/lib/conf/conftesting.h +++ b/src/lib/conf/conftesting.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/conf/conftypes.h b/src/lib/conf/conftypes.h index 2207508ef9..d05a0e3c8c 100644 --- a/src/lib/conf/conftypes.h +++ b/src/lib/conf/conftypes.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/confmgt.c b/src/lib/confmgt/confmgt.c index bf2764160e..19f0a5e517 100644 --- a/src/lib/confmgt/confmgt.c +++ b/src/lib/confmgt/confmgt.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/confmgt.h b/src/lib/confmgt/confmgt.h index 5065c13b60..ae04fab604 100644 --- a/src/lib/confmgt/confmgt.h +++ b/src/lib/confmgt/confmgt.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/structvar.c b/src/lib/confmgt/structvar.c index 55deb4759c..d522456ed8 100644 --- a/src/lib/confmgt/structvar.c +++ b/src/lib/confmgt/structvar.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/structvar.h b/src/lib/confmgt/structvar.h index 91334fa8c5..f04fd62eb8 100644 --- a/src/lib/confmgt/structvar.h +++ b/src/lib/confmgt/structvar.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/type_defs.c b/src/lib/confmgt/type_defs.c index d9e5e1e4c2..d17e97dd86 100644 --- a/src/lib/confmgt/type_defs.c +++ b/src/lib/confmgt/type_defs.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/type_defs.h b/src/lib/confmgt/type_defs.h index fec002b1d3..f913125e50 100644 --- a/src/lib/confmgt/type_defs.h +++ b/src/lib/confmgt/type_defs.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/typedvar.c b/src/lib/confmgt/typedvar.c index 240c03a316..b6c247ccfe 100644 --- a/src/lib/confmgt/typedvar.c +++ b/src/lib/confmgt/typedvar.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/typedvar.h b/src/lib/confmgt/typedvar.h index cc90ed10a3..21d6d16216 100644 --- a/src/lib/confmgt/typedvar.h +++ b/src/lib/confmgt/typedvar.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/unitparse.c b/src/lib/confmgt/unitparse.c index 99716e8d9d..a0cfacaab2 100644 --- a/src/lib/confmgt/unitparse.c +++ b/src/lib/confmgt/unitparse.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/unitparse.h b/src/lib/confmgt/unitparse.h index 047e11b424..d211c9d14d 100644 --- a/src/lib/confmgt/unitparse.h +++ b/src/lib/confmgt/unitparse.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/confmgt/var_type_def_st.h b/src/lib/confmgt/var_type_def_st.h index 2519b86aa0..1c8f8f5d84 100644 --- a/src/lib/confmgt/var_type_def_st.h +++ b/src/lib/confmgt/var_type_def_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/container/bitarray.h b/src/lib/container/bitarray.h index 41409e350a..7052cf38b7 100644 --- a/src/lib/container/bitarray.h +++ b/src/lib/container/bitarray.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_BITARRAY_H diff --git a/src/lib/container/bloomfilt.c b/src/lib/container/bloomfilt.c index 34b1265d81..ace3f6786e 100644 --- a/src/lib/container/bloomfilt.c +++ b/src/lib/container/bloomfilt.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/container/bloomfilt.h b/src/lib/container/bloomfilt.h index 6d36056b5a..6a4f3632fe 100644 --- a/src/lib/container/bloomfilt.h +++ b/src/lib/container/bloomfilt.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_BLOOMFILT_H diff --git a/src/lib/container/handles.h b/src/lib/container/handles.h index 6b1bbd5167..6acdbdc3b9 100644 --- a/src/lib/container/handles.h +++ b/src/lib/container/handles.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/container/map.c b/src/lib/container/map.c index 7db84313ea..2067886286 100644 --- a/src/lib/container/map.c +++ b/src/lib/container/map.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/container/map.h b/src/lib/container/map.h index dbc1967247..a1b6948293 100644 --- a/src/lib/container/map.h +++ b/src/lib/container/map.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_MAP_H diff --git a/src/lib/container/namemap.c b/src/lib/container/namemap.c index 5299c78e83..1676209e14 100644 --- a/src/lib/container/namemap.c +++ b/src/lib/container/namemap.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/container/namemap.h b/src/lib/container/namemap.h index b451c18c68..ad36988f70 100644 --- a/src/lib/container/namemap.h +++ b/src/lib/container/namemap.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_NAMEMAP_H diff --git a/src/lib/container/namemap_st.h b/src/lib/container/namemap_st.h index 39aa85cc09..e9cafe8f53 100644 --- a/src/lib/container/namemap_st.h +++ b/src/lib/container/namemap_st.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef NAMEMAP_ST_H diff --git a/src/lib/container/order.c b/src/lib/container/order.c index cac241f027..2ff166ce07 100644 --- a/src/lib/container/order.c +++ b/src/lib/container/order.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/container/order.h b/src/lib/container/order.h index 5bca095f35..fccee86541 100644 --- a/src/lib/container/order.h +++ b/src/lib/container/order.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_ORDER_H diff --git a/src/lib/container/smartlist.c b/src/lib/container/smartlist.c index 7784f83957..aa85d7ddc6 100644 --- a/src/lib/container/smartlist.c +++ b/src/lib/container/smartlist.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/container/smartlist.h b/src/lib/container/smartlist.h index 458d564cd5..b9caa19c72 100644 --- a/src/lib/container/smartlist.h +++ b/src/lib/container/smartlist.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_SMARTLIST_H diff --git a/src/lib/crypt_ops/aes.h b/src/lib/crypt_ops/aes.h index c25417b4e6..d712b77136 100644 --- a/src/lib/crypt_ops/aes.h +++ b/src/lib/crypt_ops/aes.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* Implements a minimal interface to counter-mode AES. */ diff --git a/src/lib/crypt_ops/aes_nss.c b/src/lib/crypt_ops/aes_nss.c index 71d2f01449..7e4fe5ac26 100644 --- a/src/lib/crypt_ops/aes_nss.c +++ b/src/lib/crypt_ops/aes_nss.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/aes_openssl.c b/src/lib/crypt_ops/aes_openssl.c index 502f7703bd..ca8c5aca1a 100644 --- a/src/lib/crypt_ops/aes_openssl.c +++ b/src/lib/crypt_ops/aes_openssl.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h index aa66e0c3fa..0f56f338b5 100644 --- a/src/lib/crypt_ops/compat_openssl.h +++ b/src/lib/crypt_ops/compat_openssl.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_COMPAT_OPENSSL_H diff --git a/src/lib/crypt_ops/crypto_cipher.c b/src/lib/crypt_ops/crypto_cipher.c index 0a24a580ae..cfece770a1 100644 --- a/src/lib/crypt_ops/crypto_cipher.c +++ b/src/lib/crypt_ops/crypto_cipher.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_cipher.h b/src/lib/crypt_ops/crypto_cipher.h index 1e22a7c138..107e4b83b9 100644 --- a/src/lib/crypt_ops/crypto_cipher.h +++ b/src/lib/crypt_ops/crypto_cipher.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_curve25519.c b/src/lib/crypt_ops/crypto_curve25519.c index 2a2589f07d..a20eaf4bf7 100644 --- a/src/lib/crypt_ops/crypto_curve25519.c +++ b/src/lib/crypt_ops/crypto_curve25519.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_curve25519.h b/src/lib/crypt_ops/crypto_curve25519.h index f1e5d1265d..146945fa24 100644 --- a/src/lib/crypt_ops/crypto_curve25519.h +++ b/src/lib/crypt_ops/crypto_curve25519.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_dh.c b/src/lib/crypt_ops/crypto_dh.c index 086aceed6f..d0805d834d 100644 --- a/src/lib/crypt_ops/crypto_dh.c +++ b/src/lib/crypt_ops/crypto_dh.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_dh.h b/src/lib/crypt_ops/crypto_dh.h index 2a0e1f6912..6083566306 100644 --- a/src/lib/crypt_ops/crypto_dh.h +++ b/src/lib/crypt_ops/crypto_dh.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_dh_nss.c b/src/lib/crypt_ops/crypto_dh_nss.c index e5d070397d..e0bed5c7e7 100644 --- a/src/lib/crypt_ops/crypto_dh_nss.c +++ b/src/lib/crypt_ops/crypto_dh_nss.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_dh_openssl.c b/src/lib/crypt_ops/crypto_dh_openssl.c index f05afd8497..b2bebd2655 100644 --- a/src/lib/crypt_ops/crypto_dh_openssl.c +++ b/src/lib/crypt_ops/crypto_dh_openssl.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_digest.c b/src/lib/crypt_ops/crypto_digest.c index 7775e69410..3e165c2ce2 100644 --- a/src/lib/crypt_ops/crypto_digest.c +++ b/src/lib/crypt_ops/crypto_digest.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_digest.h b/src/lib/crypt_ops/crypto_digest.h index eefd2e3f0a..f810961357 100644 --- a/src/lib/crypt_ops/crypto_digest.h +++ b/src/lib/crypt_ops/crypto_digest.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_digest_nss.c b/src/lib/crypt_ops/crypto_digest_nss.c index 92c20fe9e8..5e70ebe734 100644 --- a/src/lib/crypt_ops/crypto_digest_nss.c +++ b/src/lib/crypt_ops/crypto_digest_nss.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_digest_openssl.c b/src/lib/crypt_ops/crypto_digest_openssl.c index 11189c7fb2..f71e4d0dcd 100644 --- a/src/lib/crypt_ops/crypto_digest_openssl.c +++ b/src/lib/crypt_ops/crypto_digest_openssl.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_ed25519.c b/src/lib/crypt_ops/crypto_ed25519.c index 5823b4e557..1f02b86880 100644 --- a/src/lib/crypt_ops/crypto_ed25519.c +++ b/src/lib/crypt_ops/crypto_ed25519.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_ed25519.h b/src/lib/crypt_ops/crypto_ed25519.h index 346de464e3..34b3584b32 100644 --- a/src/lib/crypt_ops/crypto_ed25519.h +++ b/src/lib/crypt_ops/crypto_ed25519.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_format.c b/src/lib/crypt_ops/crypto_format.c index 4483b7d2f5..73c4f25f0d 100644 --- a/src/lib/crypt_ops/crypto_format.c +++ b/src/lib/crypt_ops/crypto_format.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_format.h b/src/lib/crypt_ops/crypto_format.h index 91da137e1c..c539905955 100644 --- a/src/lib/crypt_ops/crypto_format.h +++ b/src/lib/crypt_ops/crypto_format.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_hkdf.c b/src/lib/crypt_ops/crypto_hkdf.c index 7b02820087..ffdf71933d 100644 --- a/src/lib/crypt_ops/crypto_hkdf.c +++ b/src/lib/crypt_ops/crypto_hkdf.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_hkdf.h b/src/lib/crypt_ops/crypto_hkdf.h index 404f548774..6501316d80 100644 --- a/src/lib/crypt_ops/crypto_hkdf.h +++ b/src/lib/crypt_ops/crypto_hkdf.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c index a836bd8645..ef9908c893 100644 --- a/src/lib/crypt_ops/crypto_init.c +++ b/src/lib/crypt_ops/crypto_init.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_init.h b/src/lib/crypt_ops/crypto_init.h index b11e2e34bf..5ef63fbef2 100644 --- a/src/lib/crypt_ops/crypto_init.h +++ b/src/lib/crypt_ops/crypto_init.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_nss_mgt.c b/src/lib/crypt_ops/crypto_nss_mgt.c index d82e51249c..73580cd883 100644 --- a/src/lib/crypt_ops/crypto_nss_mgt.c +++ b/src/lib/crypt_ops/crypto_nss_mgt.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_nss_mgt.h b/src/lib/crypt_ops/crypto_nss_mgt.h index 8686b1b8aa..80d1c78c6a 100644 --- a/src/lib/crypt_ops/crypto_nss_mgt.h +++ b/src/lib/crypt_ops/crypto_nss_mgt.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_ope.c b/src/lib/crypt_ops/crypto_ope.c index 4cacb3dd98..e108727c34 100644 --- a/src/lib/crypt_ops/crypto_ope.c +++ b/src/lib/crypt_ops/crypto_ope.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_ope.h b/src/lib/crypt_ops/crypto_ope.h index 7498ea6a2e..f1ceaff5a5 100644 --- a/src/lib/crypt_ops/crypto_ope.h +++ b/src/lib/crypt_ops/crypto_ope.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c index e763491a11..6c01cb6aa8 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.c +++ b/src/lib/crypt_ops/crypto_openssl_mgt.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -106,7 +106,7 @@ crypto_openssl_get_version_str(void) #else /* This old name was changed around OpenSSL 1.1.0 */ const int query = SSLEAY_VERSION; -#endif +#endif /* defined(OPENSSL_VERSION) */ if (crypto_openssl_version_str == NULL) { const char *raw_version = OpenSSL_version(query); diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h index 91df084a15..c6f63ffa08 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.h +++ b/src/lib/crypt_ops/crypto_openssl_mgt.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_options_st.h b/src/lib/crypt_ops/crypto_options_st.h index a453c451fe..6e4d9147e5 100644 --- a/src/lib/crypt_ops/crypto_options_st.h +++ b/src/lib/crypt_ops/crypto_options_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_pwbox.c b/src/lib/crypt_ops/crypto_pwbox.c index bfad27d9fc..792cc11e18 100644 --- a/src/lib/crypt_ops/crypto_pwbox.c +++ b/src/lib/crypt_ops/crypto_pwbox.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_pwbox.h b/src/lib/crypt_ops/crypto_pwbox.h index 0a85b1230a..41ee4f9e18 100644 --- a/src/lib/crypt_ops/crypto_pwbox.h +++ b/src/lib/crypt_ops/crypto_pwbox.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_rand.c b/src/lib/crypt_ops/crypto_rand.c index b1e3dcb6fa..f39ee6c24f 100644 --- a/src/lib/crypt_ops/crypto_rand.c +++ b/src/lib/crypt_ops/crypto_rand.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -568,6 +568,8 @@ crypto_random_hostname(int min_rand_len, int max_rand_len, const char *prefix, prefixlen = strlen(prefix); resultlen = prefixlen + strlen(suffix) + randlen + 16; + /* (x+(n-1))/n is an idiom for dividing x by n, rounding up to the nearest + * integer and thus why this construction. */ rand_bytes_len = ((randlen*5)+7)/8; if (rand_bytes_len % 5) rand_bytes_len += 5 - (rand_bytes_len%5); diff --git a/src/lib/crypt_ops/crypto_rand.h b/src/lib/crypt_ops/crypto_rand.h index 99aff5d4a9..aea1428673 100644 --- a/src/lib/crypt_ops/crypto_rand.h +++ b/src/lib/crypt_ops/crypto_rand.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_rand_fast.c b/src/lib/crypt_ops/crypto_rand_fast.c index 172ea48bdb..d1e7380a34 100644 --- a/src/lib/crypt_ops/crypto_rand_fast.c +++ b/src/lib/crypt_ops/crypto_rand_fast.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_rsa.c b/src/lib/crypt_ops/crypto_rsa.c index 195e4bbaf9..24258cbb65 100644 --- a/src/lib/crypt_ops/crypto_rsa.c +++ b/src/lib/crypt_ops/crypto_rsa.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_rsa.h b/src/lib/crypt_ops/crypto_rsa.h index ab2e9db80d..07da2e1846 100644 --- a/src/lib/crypt_ops/crypto_rsa.h +++ b/src/lib/crypt_ops/crypto_rsa.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_rsa_nss.c b/src/lib/crypt_ops/crypto_rsa_nss.c index d316910b32..bda35ec1ea 100644 --- a/src/lib/crypt_ops/crypto_rsa_nss.c +++ b/src/lib/crypt_ops/crypto_rsa_nss.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c b/src/lib/crypt_ops/crypto_rsa_openssl.c index c96ee81fd3..a21c4a65cf 100644 --- a/src/lib/crypt_ops/crypto_rsa_openssl.c +++ b/src/lib/crypt_ops/crypto_rsa_openssl.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_s2k.c b/src/lib/crypt_ops/crypto_s2k.c index cdd8eb3a15..ae781f24ef 100644 --- a/src/lib/crypt_ops/crypto_s2k.c +++ b/src/lib/crypt_ops/crypto_s2k.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_s2k.h b/src/lib/crypt_ops/crypto_s2k.h index 181a17acb1..6dce855cad 100644 --- a/src/lib/crypt_ops/crypto_s2k.h +++ b/src/lib/crypt_ops/crypto_s2k.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_sys.h b/src/lib/crypt_ops/crypto_sys.h index 2115d4fc99..7900767058 100644 --- a/src/lib/crypt_ops/crypto_sys.h +++ b/src/lib/crypt_ops/crypto_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_util.c b/src/lib/crypt_ops/crypto_util.c index 7ebb860d09..37d3a75ba5 100644 --- a/src/lib/crypt_ops/crypto_util.c +++ b/src/lib/crypt_ops/crypto_util.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/crypto_util.h b/src/lib/crypt_ops/crypto_util.h index 36ee230176..fb9b3ed6c2 100644 --- a/src/lib/crypt_ops/crypto_util.h +++ b/src/lib/crypt_ops/crypto_util.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/digestset.c b/src/lib/crypt_ops/digestset.c index 5162d6d8bd..c5be83497b 100644 --- a/src/lib/crypt_ops/digestset.c +++ b/src/lib/crypt_ops/digestset.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/crypt_ops/digestset.h b/src/lib/crypt_ops/digestset.h index 505ac10395..76e6045c98 100644 --- a/src/lib/crypt_ops/digestset.h +++ b/src/lib/crypt_ops/digestset.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/ctime/di_ops.c b/src/lib/ctime/di_ops.c index d57d286990..a6d69d4f91 100644 --- a/src/lib/ctime/di_ops.c +++ b/src/lib/ctime/di_ops.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2020, The Tor Project, Inc. */ +/* Copyright (c) 2011-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/ctime/di_ops.h b/src/lib/ctime/di_ops.h index 9fe2884ecc..ac2800be57 100644 --- a/src/lib/ctime/di_ops.h +++ b/src/lib/ctime/di_ops.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/defs/dh_sizes.h b/src/lib/defs/dh_sizes.h index bc2707b36f..4fc85cf3bd 100644 --- a/src/lib/defs/dh_sizes.h +++ b/src/lib/defs/dh_sizes.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/defs/digest_sizes.h b/src/lib/defs/digest_sizes.h index 7eef1747db..d24369fb1f 100644 --- a/src/lib/defs/digest_sizes.h +++ b/src/lib/defs/digest_sizes.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_DIGEST_SIZES_H diff --git a/src/lib/defs/logging_types.h b/src/lib/defs/logging_types.h index 33aa46186b..f7876df3b5 100644 --- a/src/lib/defs/logging_types.h +++ b/src/lib/defs/logging_types.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/defs/time.h b/src/lib/defs/time.h index 5707330795..c9044e440f 100644 --- a/src/lib/defs/time.h +++ b/src/lib/defs/time.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_TIME_DEFS_H diff --git a/src/lib/defs/x25519_sizes.h b/src/lib/defs/x25519_sizes.h index e650f5a350..b278a5ee51 100644 --- a/src/lib/defs/x25519_sizes.h +++ b/src/lib/defs/x25519_sizes.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/dispatch/dispatch.h b/src/lib/dispatch/dispatch.h index 63e96bcf8d..1c041c6eeb 100644 --- a/src/lib/dispatch/dispatch.h +++ b/src/lib/dispatch/dispatch.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_DISPATCH_H diff --git a/src/lib/dispatch/dispatch_cfg.c b/src/lib/dispatch/dispatch_cfg.c index a54188dcaa..15b65af9ad 100644 --- a/src/lib/dispatch/dispatch_cfg.c +++ b/src/lib/dispatch/dispatch_cfg.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/dispatch/dispatch_cfg.h b/src/lib/dispatch/dispatch_cfg.h index a4f1948eac..f4f585bcd4 100644 --- a/src/lib/dispatch/dispatch_cfg.h +++ b/src/lib/dispatch/dispatch_cfg.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_DISPATCH_CFG_H diff --git a/src/lib/dispatch/dispatch_cfg_st.h b/src/lib/dispatch/dispatch_cfg_st.h index 3c99adf2f7..636f2e6df5 100644 --- a/src/lib/dispatch/dispatch_cfg_st.h +++ b/src/lib/dispatch/dispatch_cfg_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/dispatch/dispatch_core.c b/src/lib/dispatch/dispatch_core.c index 3d51c876a7..687ba5b73c 100644 --- a/src/lib/dispatch/dispatch_core.c +++ b/src/lib/dispatch/dispatch_core.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/dispatch/dispatch_naming.c b/src/lib/dispatch/dispatch_naming.c index bb49343712..9fd1e67d0a 100644 --- a/src/lib/dispatch/dispatch_naming.c +++ b/src/lib/dispatch/dispatch_naming.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/dispatch/dispatch_naming.h b/src/lib/dispatch/dispatch_naming.h index 72206d3ed5..ebed09b66d 100644 --- a/src/lib/dispatch/dispatch_naming.h +++ b/src/lib/dispatch/dispatch_naming.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/dispatch/dispatch_new.c b/src/lib/dispatch/dispatch_new.c index e1dbb1c4b8..b5ef2557ec 100644 --- a/src/lib/dispatch/dispatch_new.c +++ b/src/lib/dispatch/dispatch_new.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/dispatch/dispatch_st.h b/src/lib/dispatch/dispatch_st.h index ad5b4efc40..e520056622 100644 --- a/src/lib/dispatch/dispatch_st.h +++ b/src/lib/dispatch/dispatch_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/dispatch/msgtypes.h b/src/lib/dispatch/msgtypes.h index 01d969dcb5..aecb114ece 100644 --- a/src/lib/dispatch/msgtypes.h +++ b/src/lib/dispatch/msgtypes.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/binascii.c b/src/lib/encoding/binascii.c index 5f68da183f..1b87b4fc2b 100644 --- a/src/lib/encoding/binascii.c +++ b/src/lib/encoding/binascii.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/binascii.h b/src/lib/encoding/binascii.h index 9cb03bab62..d8ee39c7b2 100644 --- a/src/lib/encoding/binascii.h +++ b/src/lib/encoding/binascii.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/confline.c b/src/lib/encoding/confline.c index 613e4a00c6..b9dcbbe25f 100644 --- a/src/lib/encoding/confline.c +++ b/src/lib/encoding/confline.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/confline.h b/src/lib/encoding/confline.h index ce0d6c6e17..ce2d0c5454 100644 --- a/src/lib/encoding/confline.h +++ b/src/lib/encoding/confline.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/cstring.c b/src/lib/encoding/cstring.c index 54c330fca3..f922fc819c 100644 --- a/src/lib/encoding/cstring.c +++ b/src/lib/encoding/cstring.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/cstring.h b/src/lib/encoding/cstring.h index 2a3f6d0fc4..8f6c9e1d27 100644 --- a/src/lib/encoding/cstring.h +++ b/src/lib/encoding/cstring.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/keyval.c b/src/lib/encoding/keyval.c index 0eb1219d43..5dc7f96d66 100644 --- a/src/lib/encoding/keyval.c +++ b/src/lib/encoding/keyval.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/keyval.h b/src/lib/encoding/keyval.h index b4966b01de..a5ba14ace9 100644 --- a/src/lib/encoding/keyval.h +++ b/src/lib/encoding/keyval.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/kvline.c b/src/lib/encoding/kvline.c index 5b220605d6..398eaa5503 100644 --- a/src/lib/encoding/kvline.c +++ b/src/lib/encoding/kvline.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/kvline.h b/src/lib/encoding/kvline.h index 34c52908e3..1cda49397d 100644 --- a/src/lib/encoding/kvline.h +++ b/src/lib/encoding/kvline.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/pem.c b/src/lib/encoding/pem.c index 6c9f10e085..9756075edb 100644 --- a/src/lib/encoding/pem.c +++ b/src/lib/encoding/pem.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/pem.h b/src/lib/encoding/pem.h index 027c31c315..c8ac13dd91 100644 --- a/src/lib/encoding/pem.h +++ b/src/lib/encoding/pem.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/qstring.c b/src/lib/encoding/qstring.c index 5a34924eab..d1a4379b1c 100644 --- a/src/lib/encoding/qstring.c +++ b/src/lib/encoding/qstring.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/qstring.h b/src/lib/encoding/qstring.h index f19a7dad87..1a75a7ccc1 100644 --- a/src/lib/encoding/qstring.h +++ b/src/lib/encoding/qstring.h @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/time_fmt.c b/src/lib/encoding/time_fmt.c index 5e58d36698..136158ab1b 100644 --- a/src/lib/encoding/time_fmt.c +++ b/src/lib/encoding/time_fmt.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/encoding/time_fmt.h b/src/lib/encoding/time_fmt.h index 4adccb5990..aaf8ba7af0 100644 --- a/src/lib/encoding/time_fmt.h +++ b/src/lib/encoding/time_fmt.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c index afb6b9503f..9987a51f0a 100644 --- a/src/lib/err/backtrace.c +++ b/src/lib/err/backtrace.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/err/backtrace.h b/src/lib/err/backtrace.h index d02e6960b5..ec14d1ab02 100644 --- a/src/lib/err/backtrace.h +++ b/src/lib/err/backtrace.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_BACKTRACE_H diff --git a/src/lib/err/torerr.c b/src/lib/err/torerr.c index 2de75c0be4..4cb0120c34 100644 --- a/src/lib/err/torerr.c +++ b/src/lib/err/torerr.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/err/torerr.h b/src/lib/err/torerr.h index ce1b049c47..089cff823c 100644 --- a/src/lib/err/torerr.h +++ b/src/lib/err/torerr.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/err/torerr_sys.c b/src/lib/err/torerr_sys.c index 8ee1521f3b..24be4a497f 100644 --- a/src/lib/err/torerr_sys.c +++ b/src/lib/err/torerr_sys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/err/torerr_sys.h b/src/lib/err/torerr_sys.h index b86ccd2790..d6d959222b 100644 --- a/src/lib/err/torerr_sys.h +++ b/src/lib/err/torerr_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/compat_libevent.c b/src/lib/evloop/compat_libevent.c index 0fd247d331..fd840f8085 100644 --- a/src/lib/evloop/compat_libevent.c +++ b/src/lib/evloop/compat_libevent.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2009-2020, The Tor Project, Inc. */ +/* Copyright (c) 2009-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/compat_libevent.h b/src/lib/evloop/compat_libevent.h index 277ba3add6..485f85529f 100644 --- a/src/lib/evloop/compat_libevent.h +++ b/src/lib/evloop/compat_libevent.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2009-2020, The Tor Project, Inc. */ +/* Copyright (c) 2009-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/evloop_sys.c b/src/lib/evloop/evloop_sys.c index b639810c23..162f18fd20 100644 --- a/src/lib/evloop/evloop_sys.c +++ b/src/lib/evloop/evloop_sys.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/evloop_sys.h b/src/lib/evloop/evloop_sys.h index a37440e7a6..bc4a5aa9ef 100644 --- a/src/lib/evloop/evloop_sys.h +++ b/src/lib/evloop/evloop_sys.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/procmon.c b/src/lib/evloop/procmon.c index 718c7d4777..47c07f9eb0 100644 --- a/src/lib/evloop/procmon.c +++ b/src/lib/evloop/procmon.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2020, The Tor Project, Inc. */ +/* Copyright (c) 2011-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/procmon.h b/src/lib/evloop/procmon.h index 28f443da18..db5382627d 100644 --- a/src/lib/evloop/procmon.h +++ b/src/lib/evloop/procmon.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2020, The Tor Project, Inc. */ +/* Copyright (c) 2011-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/timers.c b/src/lib/evloop/timers.c index 11418e93fd..a8643e01b3 100644 --- a/src/lib/evloop/timers.c +++ b/src/lib/evloop/timers.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/timers.h b/src/lib/evloop/timers.h index dd55446121..b1fe017a0c 100644 --- a/src/lib/evloop/timers.h +++ b/src/lib/evloop/timers.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/token_bucket.c b/src/lib/evloop/token_bucket.c index a2b330fddb..16452314e2 100644 --- a/src/lib/evloop/token_bucket.c +++ b/src/lib/evloop/token_bucket.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/token_bucket.h b/src/lib/evloop/token_bucket.h index 460dad23e4..b57d704298 100644 --- a/src/lib/evloop/token_bucket.h +++ b/src/lib/evloop/token_bucket.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/evloop/workqueue.c b/src/lib/evloop/workqueue.c index 603dddd5a3..bc929148eb 100644 --- a/src/lib/evloop/workqueue.c +++ b/src/lib/evloop/workqueue.c @@ -672,3 +672,11 @@ replyqueue_process(replyqueue_t *queue) tor_mutex_release(&queue->lock); } + +/** Return the number of threads configured for the given pool. */ +unsigned int +threadpool_get_n_threads(threadpool_t *tp) +{ + tor_assert(tp); + return tp->n_threads; +} diff --git a/src/lib/evloop/workqueue.h b/src/lib/evloop/workqueue.h index 43cfebf788..134fe7434f 100644 --- a/src/lib/evloop/workqueue.h +++ b/src/lib/evloop/workqueue.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -65,5 +65,6 @@ void replyqueue_process(replyqueue_t *queue); int threadpool_register_reply_event(threadpool_t *tp, void (*cb)(threadpool_t *tp)); +unsigned int threadpool_get_n_threads(threadpool_t *tp); #endif /* !defined(TOR_WORKQUEUE_H) */ diff --git a/src/lib/fdio/fdio.c b/src/lib/fdio/fdio.c index 56e3818f5c..7e27644067 100644 --- a/src/lib/fdio/fdio.c +++ b/src/lib/fdio/fdio.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fdio/fdio.h b/src/lib/fdio/fdio.h index 99bc33c64b..7551dedb9e 100644 --- a/src/lib/fdio/fdio.h +++ b/src/lib/fdio/fdio.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/conffile.c b/src/lib/fs/conffile.c index 0d0bdf09a6..a0908ed42e 100644 --- a/src/lib/fs/conffile.c +++ b/src/lib/fs/conffile.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/conffile.h b/src/lib/fs/conffile.h index cbfe4ec7c9..53824b6c10 100644 --- a/src/lib/fs/conffile.h +++ b/src/lib/fs/conffile.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_CONFFILE_H diff --git a/src/lib/fs/dir.c b/src/lib/fs/dir.c index 3432df0299..2626635d46 100644 --- a/src/lib/fs/dir.c +++ b/src/lib/fs/dir.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/dir.h b/src/lib/fs/dir.h index c4ab430891..138ce67b42 100644 --- a/src/lib/fs/dir.h +++ b/src/lib/fs/dir.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_DIR_H diff --git a/src/lib/fs/files.c b/src/lib/fs/files.c index aff78db718..55f20dd49e 100644 --- a/src/lib/fs/files.c +++ b/src/lib/fs/files.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/files.h b/src/lib/fs/files.h index f0178e2b5b..e02365db52 100644 --- a/src/lib/fs/files.h +++ b/src/lib/fs/files.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/freespace.c b/src/lib/fs/freespace.c index 511f2a0b98..0b001070f2 100644 --- a/src/lib/fs/freespace.c +++ b/src/lib/fs/freespace.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/lockfile.c b/src/lib/fs/lockfile.c index c081f57a5d..d8b091c7ab 100644 --- a/src/lib/fs/lockfile.c +++ b/src/lib/fs/lockfile.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/lockfile.h b/src/lib/fs/lockfile.h index 91effd701d..44e3867c6e 100644 --- a/src/lib/fs/lockfile.h +++ b/src/lib/fs/lockfile.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/mmap.c b/src/lib/fs/mmap.c index cc1c40b7ab..9cc4b26d31 100644 --- a/src/lib/fs/mmap.c +++ b/src/lib/fs/mmap.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/mmap.h b/src/lib/fs/mmap.h index e142bd78c3..6b512e399f 100644 --- a/src/lib/fs/mmap.h +++ b/src/lib/fs/mmap.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/path.c b/src/lib/fs/path.c index 81960bd69a..8194d920ab 100644 --- a/src/lib/fs/path.c +++ b/src/lib/fs/path.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -533,6 +533,7 @@ unglob_win32(const char *pattern, int prev_sep, int next_sep) return result; } #elif HAVE_GLOB +#ifdef GLOB_ALTDIRFUNC // prevent warning about unused functions /** Same as opendir but calls sandbox_intern_string before */ static DIR * prot_opendir(const char *name) @@ -571,6 +572,7 @@ wrap_closedir(void *arg) { closedir(arg); } +#endif /* defined(GLOB_ALTDIRFUNC) */ /** Function passed to glob to handle processing errors. <b>epath</b> is the * path that caused the error and <b>eerrno</b> is the errno set by the @@ -627,11 +629,13 @@ tor_glob(const char *pattern) return NULL; } - // #40141: workaround for bug in glibc < 2.19 where patterns ending in path - // separator match files and folders instead of folders only + // #40141, !249: workaround for glibc bug where patterns ending in path + // separator match files and folders instead of folders only. + // this could be in #ifdef __GLIBC__ but: 1. it might affect other libcs too, + // and 2. it doesn't cost much to stat each match again since libc is already + // supposed to do it (otherwise the file may be on slow NFS or something) size_t pattern_len = strlen(pattern); - bool dir_only = has_glob(pattern) && - pattern_len > 0 && pattern[pattern_len-1] == *PATH_SEPARATOR; + bool dir_only = pattern_len > 0 && pattern[pattern_len-1] == *PATH_SEPARATOR; result = smartlist_new(); size_t i; @@ -652,7 +656,7 @@ tor_glob(const char *pattern) #else (void)pattern; return result; -#endif /* !defined(HAVE_GLOB) */ +#endif /* defined(_WIN32) || ... */ return result; } diff --git a/src/lib/fs/path.h b/src/lib/fs/path.h index 425bd12516..bc17ece7e3 100644 --- a/src/lib/fs/path.h +++ b/src/lib/fs/path.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/storagedir.c b/src/lib/fs/storagedir.c index 5e4f9ee257..9503c93e8a 100644 --- a/src/lib/fs/storagedir.c +++ b/src/lib/fs/storagedir.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/storagedir.h b/src/lib/fs/storagedir.h index 9997550b8f..3e33ed5416 100644 --- a/src/lib/fs/storagedir.h +++ b/src/lib/fs/storagedir.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/userdb.c b/src/lib/fs/userdb.c index 40fc4dae97..74ea8e1fb9 100644 --- a/src/lib/fs/userdb.c +++ b/src/lib/fs/userdb.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/userdb.h b/src/lib/fs/userdb.h index 4341237c5f..ef5d9ef3e4 100644 --- a/src/lib/fs/userdb.h +++ b/src/lib/fs/userdb.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/winlib.c b/src/lib/fs/winlib.c index 65ccdae40b..827bc23f9b 100644 --- a/src/lib/fs/winlib.c +++ b/src/lib/fs/winlib.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/fs/winlib.h b/src/lib/fs/winlib.h index 27837ac46e..8dcd01e65f 100644 --- a/src/lib/fs/winlib.h +++ b/src/lib/fs/winlib.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/geoip/country.h b/src/lib/geoip/country.h index feab554a16..9fa1e23f89 100644 --- a/src/lib/geoip/country.h +++ b/src/lib/geoip/country.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/geoip/geoip.c b/src/lib/geoip/geoip.c index ee03d5baa1..686040613d 100644 --- a/src/lib/geoip/geoip.c +++ b/src/lib/geoip/geoip.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/geoip/geoip.h b/src/lib/geoip/geoip.h index 2fc7fae754..764ed1d5a5 100644 --- a/src/lib/geoip/geoip.h +++ b/src/lib/geoip/geoip.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/addsub.c b/src/lib/intmath/addsub.c index 44613417fa..cdc259b74d 100644 --- a/src/lib/intmath/addsub.c +++ b/src/lib/intmath/addsub.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/addsub.h b/src/lib/intmath/addsub.h index bca911103b..c06451872d 100644 --- a/src/lib/intmath/addsub.h +++ b/src/lib/intmath/addsub.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/bits.c b/src/lib/intmath/bits.c index dace9ffe18..650430a839 100644 --- a/src/lib/intmath/bits.c +++ b/src/lib/intmath/bits.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/bits.h b/src/lib/intmath/bits.h index 687651ba35..1a6431c254 100644 --- a/src/lib/intmath/bits.h +++ b/src/lib/intmath/bits.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/cmp.h b/src/lib/intmath/cmp.h index 4e6c2b649a..d1970513a3 100644 --- a/src/lib/intmath/cmp.h +++ b/src/lib/intmath/cmp.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/logic.h b/src/lib/intmath/logic.h index b5fb79f66e..ec6a8c783c 100644 --- a/src/lib/intmath/logic.h +++ b/src/lib/intmath/logic.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/muldiv.c b/src/lib/intmath/muldiv.c index 875cf1bbf2..7936e0e475 100644 --- a/src/lib/intmath/muldiv.c +++ b/src/lib/intmath/muldiv.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/muldiv.h b/src/lib/intmath/muldiv.h index 43700cf1dc..d1c7b9828d 100644 --- a/src/lib/intmath/muldiv.h +++ b/src/lib/intmath/muldiv.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/weakrng.c b/src/lib/intmath/weakrng.c index a29a6a086b..1d5ce7ecba 100644 --- a/src/lib/intmath/weakrng.c +++ b/src/lib/intmath/weakrng.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/intmath/weakrng.h b/src/lib/intmath/weakrng.h index 0394e05f79..424c9b2106 100644 --- a/src/lib/intmath/weakrng.h +++ b/src/lib/intmath/weakrng.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/llharden/winprocess_sys.c b/src/lib/llharden/winprocess_sys.c index f2c88d8c75..e8680e7ab8 100644 --- a/src/lib/llharden/winprocess_sys.c +++ b/src/lib/llharden/winprocess_sys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/llharden/winprocess_sys.h b/src/lib/llharden/winprocess_sys.h index bece1b3da9..b219b40401 100644 --- a/src/lib/llharden/winprocess_sys.h +++ b/src/lib/llharden/winprocess_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/lock/compat_mutex.c b/src/lib/lock/compat_mutex.c index b0084a3484..8d52d967dd 100644 --- a/src/lib/lock/compat_mutex.c +++ b/src/lib/lock/compat_mutex.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/lock/compat_mutex.h b/src/lib/lock/compat_mutex.h index 5631993cc4..f8e4388b34 100644 --- a/src/lib/lock/compat_mutex.h +++ b/src/lib/lock/compat_mutex.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -39,8 +39,15 @@ /** A generic lock structure for multithreaded builds. */ typedef struct tor_mutex_t { #if defined(USE_WIN32_THREADS) - /** Windows-only: on windows, we implement locks with CRITICAL_SECTIONS. */ - CRITICAL_SECTION mutex; + /** Windows-only: on windows, we implement locks with SRW locks. */ + SRWLOCK mutex; + /** For recursive lock support (SRW locks are not recursive) */ + enum mutex_type_t { + NON_RECURSIVE = 0, + RECURSIVE + } type; + LONG lock_owner; // id of the thread that owns the lock + int lock_count; // number of times the lock is held recursively #elif defined(USE_PTHREADS) /** Pthreads-only: with pthreads, we implement locks with * pthread_mutex_t. */ diff --git a/src/lib/lock/compat_mutex_pthreads.c b/src/lib/lock/compat_mutex_pthreads.c index ac83c42a47..ba3c123a45 100644 --- a/src/lib/lock/compat_mutex_pthreads.c +++ b/src/lib/lock/compat_mutex_pthreads.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/lock/compat_mutex_winthreads.c b/src/lib/lock/compat_mutex_winthreads.c index 5fe6870a93..8a101e0d25 100644 --- a/src/lib/lock/compat_mutex_winthreads.c +++ b/src/lib/lock/compat_mutex_winthreads.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -9,6 +9,23 @@ * \brief Implement the tor_mutex API using CRITICAL_SECTION. **/ +#include "orconfig.h" + +/* For SRW locks support */ +#ifndef WINVER +#error "orconfig.h didn't define WINVER" +#endif +#ifndef _WIN32_WINNT +#error "orconfig.h didn't define _WIN32_WINNT" +#endif +#if WINVER < 0x0600 +#error "winver too low" +#endif +#if _WIN32_WINNT < 0x0600 +#error "winver too low" +#endif + +#include <windows.h> #include "lib/lock/compat_mutex.h" #include "lib/err/torerr.h" @@ -20,27 +37,78 @@ tor_locking_init(void) void tor_mutex_init(tor_mutex_t *m) { - InitializeCriticalSection(&m->mutex); + m->type = RECURSIVE; + m->lock_owner = 0; + m->lock_count = 0; + InitializeSRWLock(&m->mutex); } void tor_mutex_init_nonrecursive(tor_mutex_t *m) { - InitializeCriticalSection(&m->mutex); + m->type = NON_RECURSIVE; + InitializeSRWLock(&m->mutex); } void tor_mutex_uninit(tor_mutex_t *m) { - DeleteCriticalSection(&m->mutex); + (void) m; +} + +static void +tor_mutex_acquire_recursive(tor_mutex_t *m) +{ + LONG thread_id = GetCurrentThreadId(); + // use InterlockedCompareExchange to perform an atomic read + LONG lock_owner = InterlockedCompareExchange(&m->lock_owner, 0, 0); + if (thread_id == lock_owner) { + ++m->lock_count; + return; + } + AcquireSRWLockExclusive(&m->mutex); + InterlockedExchange(&m->lock_owner, thread_id); + m->lock_count = 1; +} + +static void +tor_mutex_acquire_nonrecursive(tor_mutex_t *m) +{ + AcquireSRWLockExclusive(&m->mutex); } + void tor_mutex_acquire(tor_mutex_t *m) { raw_assert(m); - EnterCriticalSection(&m->mutex); + if (m->type == NON_RECURSIVE) { + tor_mutex_acquire_nonrecursive(m); + } else { + tor_mutex_acquire_recursive(m); + } +} + +static void +tor_mutex_release_recursive(tor_mutex_t *m) +{ + if (--m->lock_count) { + return; + } + InterlockedExchange(&m->lock_owner, 0); + ReleaseSRWLockExclusive(&m->mutex); } + +static void +tor_mutex_release_nonrecursive(tor_mutex_t *m) +{ + ReleaseSRWLockExclusive(&m->mutex); +} + void tor_mutex_release(tor_mutex_t *m) { - LeaveCriticalSection(&m->mutex); + if (m->type == NON_RECURSIVE) { + tor_mutex_release_nonrecursive(m); + } else { + tor_mutex_release_recursive(m); + } } diff --git a/src/lib/log/escape.c b/src/lib/log/escape.c index 88ca52a78c..6a9e3ef646 100644 --- a/src/lib/log/escape.c +++ b/src/lib/log/escape.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/escape.h b/src/lib/log/escape.h index 0d1eaef4c1..99b8cefc66 100644 --- a/src/lib/log/escape.h +++ b/src/lib/log/escape.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/log.c b/src/lib/log/log.c index 411408966b..db57ee61a2 100644 --- a/src/lib/log/log.c +++ b/src/lib/log/log.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/log.h b/src/lib/log/log.h index fb8a5a28a6..f624309d82 100644 --- a/src/lib/log/log.h +++ b/src/lib/log/log.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/log_sys.c b/src/lib/log/log_sys.c index 021c05d3e6..33609f5288 100644 --- a/src/lib/log/log_sys.c +++ b/src/lib/log/log_sys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/log_sys.h b/src/lib/log/log_sys.h index 523c2e5008..19e22d6f6e 100644 --- a/src/lib/log/log_sys.h +++ b/src/lib/log/log_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/ratelim.c b/src/lib/log/ratelim.c index 8dfaee3384..846cac0700 100644 --- a/src/lib/log/ratelim.c +++ b/src/lib/log/ratelim.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/ratelim.h b/src/lib/log/ratelim.h index 9e202028cf..a429584ccd 100644 --- a/src/lib/log/ratelim.h +++ b/src/lib/log/ratelim.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/util_bug.c b/src/lib/log/util_bug.c index d698ddd8a6..34b41324af 100644 --- a/src/lib/log/util_bug.c +++ b/src/lib/log/util_bug.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/util_bug.h b/src/lib/log/util_bug.h index 684dc7c6dd..dd82981e08 100644 --- a/src/lib/log/util_bug.h +++ b/src/lib/log/util_bug.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -258,7 +258,7 @@ abort() #else #define FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL FALLTHROUGH -#endif +#endif /* defined(ALL_BUGS_ARE_FATAL) */ /** In older code, we used tor_fragile_assert() to mark optional failure * points. At these points, we could make some debug builds fail. diff --git a/src/lib/log/win32err.c b/src/lib/log/win32err.c index 8136813aab..78534f8e0b 100644 --- a/src/lib/log/win32err.c +++ b/src/lib/log/win32err.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/log/win32err.h b/src/lib/log/win32err.h index 5c1386a64d..3d37fcd8c2 100644 --- a/src/lib/log/win32err.h +++ b/src/lib/log/win32err.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/malloc/malloc.c b/src/lib/malloc/malloc.c index 9c9d600260..0b96dd89dd 100644 --- a/src/lib/malloc/malloc.c +++ b/src/lib/malloc/malloc.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/malloc/malloc.h b/src/lib/malloc/malloc.h index 80e8091adc..cc031f843a 100644 --- a/src/lib/malloc/malloc.h +++ b/src/lib/malloc/malloc.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/malloc/map_anon.c b/src/lib/malloc/map_anon.c index 628966012a..d71ea33ad1 100644 --- a/src/lib/malloc/map_anon.c +++ b/src/lib/malloc/map_anon.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/malloc/map_anon.h b/src/lib/malloc/map_anon.h index 0354668d65..a85596b8d6 100644 --- a/src/lib/malloc/map_anon.h +++ b/src/lib/malloc/map_anon.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/math/fp.c b/src/lib/math/fp.c index c09555209e..67b1c7f233 100644 --- a/src/lib/math/fp.c +++ b/src/lib/math/fp.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/math/fp.h b/src/lib/math/fp.h index 0a7a685485..33e62b5350 100644 --- a/src/lib/math/fp.h +++ b/src/lib/math/fp.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/math/include.am b/src/lib/math/include.am index b2ca280f47..f68b265da7 100644 --- a/src/lib/math/include.am +++ b/src/lib/math/include.am @@ -20,4 +20,5 @@ src_lib_libtor_math_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) noinst_HEADERS += \ src/lib/math/fp.h \ src/lib/math/laplace.h \ - src/lib/math/prob_distr.h + src/lib/math/prob_distr.h \ + src/lib/math/stats.h diff --git a/src/lib/math/laplace.c b/src/lib/math/laplace.c index a0e67384e6..3520a95cb7 100644 --- a/src/lib/math/laplace.c +++ b/src/lib/math/laplace.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/math/laplace.h b/src/lib/math/laplace.h index e0dd166bbd..94c41901d9 100644 --- a/src/lib/math/laplace.h +++ b/src/lib/math/laplace.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/math/prob_distr.c b/src/lib/math/prob_distr.c index b322b4db5c..a57fc1020c 100644 --- a/src/lib/math/prob_distr.c +++ b/src/lib/math/prob_distr.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/math/stats.h b/src/lib/math/stats.h new file mode 100644 index 0000000000..14315a2506 --- /dev/null +++ b/src/lib/math/stats.h @@ -0,0 +1,42 @@ +/* Copyright (c) 2022, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file stats.h + * + * \brief Header for stats.c + **/ + +#ifndef TOR_STATS_H +#define TOR_STATS_H + +/** + * Compute an N-count EWMA, aka N-EWMA. N-EWMA is defined as: + * EWMA = alpha*value + (1-alpha)*EWMA_prev + * with alpha = 2/(N+1). + * + * This works out to: + * EWMA = value*2/(N+1) + EMA_prev*(N-1)/(N+1) + * = (value*2 + EWMA_prev*(N-1))/(N+1) + */ +static inline double +n_count_ewma_double(double avg, double value, uint64_t N) +{ + /* If the average was not previously computed, return value. + * The less than is because we have stupid C warning flags that + * prevent exact comparison to 0.0, so we can't do an exact + * check for unitialized double values. Yay pedantry! + * Love it when it introduces surprising edge case bugs like + * this will. */ + if (avg < 0.0000002) + return value; + else + return (2*value + (N-1)*avg)/(N+1); +} + +/* For most stats, an N_EWMA of 100 is sufficient */ +#define DEFAULT_STATS_N_EWMA_COUNT 100 +#define stats_update_running_avg(avg, value) \ + n_count_ewma_double(avg, value, DEFAULT_STATS_N_EWMA_COUNT) + +#endif /* !defined(TOR_STATS_H) */ diff --git a/src/lib/memarea/memarea.c b/src/lib/memarea/memarea.c index 4d26c20eeb..7e984938a2 100644 --- a/src/lib/memarea/memarea.c +++ b/src/lib/memarea/memarea.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2008-2020, The Tor Project, Inc. */ +/* Copyright (c) 2008-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/memarea/memarea.h b/src/lib/memarea/memarea.h index 8b5e63e6b3..0d9ead241c 100644 --- a/src/lib/memarea/memarea.h +++ b/src/lib/memarea/memarea.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2008-2020, The Tor Project, Inc. */ +/* Copyright (c) 2008-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/meminfo/lib_meminfo.md b/src/lib/meminfo/lib_meminfo.md index 87f509d648..e248faab90 100644 --- a/src/lib/meminfo/lib_meminfo.md +++ b/src/lib/meminfo/lib_meminfo.md @@ -1,5 +1,2 @@ @dir /lib/meminfo -@brief lib/meminfo: Inspecting malloc() usage. - -Only available when malloc() provides mallinfo() or something similar. - +@brief lib/meminfo: Inspecting system memory availability. diff --git a/src/lib/meminfo/meminfo.c b/src/lib/meminfo/meminfo.c index 77da579f99..96f3cfc3cc 100644 --- a/src/lib/meminfo/meminfo.c +++ b/src/lib/meminfo/meminfo.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/meminfo/meminfo.h b/src/lib/meminfo/meminfo.h index 36a85c133d..6336c15f78 100644 --- a/src/lib/meminfo/meminfo.h +++ b/src/lib/meminfo/meminfo.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/metrics/metrics_common.c b/src/lib/metrics/metrics_common.c index 5941a4d892..f3f7e22d88 100644 --- a/src/lib/metrics/metrics_common.c +++ b/src/lib/metrics/metrics_common.c @@ -11,6 +11,7 @@ #include "orconfig.h" #include "lib/log/util_bug.h" +#include "lib/string/printf.h" #include "lib/metrics/metrics_common.h" @@ -27,3 +28,15 @@ metrics_type_to_str(const metrics_type_t type) tor_assert_unreached(); } } + +/** Return a static buffer pointer that contains a formatted label on the form + * of key=value. + * + * Subsequent call to this function invalidates the previous buffer. */ +const char * +metrics_format_label(const char *key, const char *value) +{ + static char buf[128]; + tor_snprintf(buf, sizeof(buf), "%s=\"%s\"", key, value); + return buf; +} diff --git a/src/lib/metrics/metrics_common.h b/src/lib/metrics/metrics_common.h index c684a3ec42..3644ad3d50 100644 --- a/src/lib/metrics/metrics_common.h +++ b/src/lib/metrics/metrics_common.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -42,4 +42,7 @@ typedef struct metrics_gauge_t { const char *metrics_type_to_str(const metrics_type_t type); +/* Helpers. */ +const char *metrics_format_label(const char *key, const char *value); + #endif /* !defined(TOR_LIB_METRICS_METRICS_COMMON_H) */ diff --git a/src/lib/metrics/metrics_store.c b/src/lib/metrics/metrics_store.c index 57847cc37c..b017e97688 100644 --- a/src/lib/metrics/metrics_store.c +++ b/src/lib/metrics/metrics_store.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -34,7 +34,8 @@ struct metrics_store_t { }; /** Function pointer to the format function of a specific driver. */ -typedef void (fmt_driver_fn_t)(const metrics_store_entry_t *, buf_t *); +typedef void (fmt_driver_fn_t)(const metrics_store_entry_t *, buf_t *, + bool no_comment); /** Helper: Free a single entry in a metrics_store_t taking a void pointer * parameter. */ @@ -47,6 +48,8 @@ metrics_store_free_void(void *p) smartlist_free(list); } +#include <stdio.h> + /** Put the given store output in the buffer data and use the format function * given in fmt to get it for each entry. */ static void @@ -57,8 +60,11 @@ get_output(const metrics_store_t *store, buf_t *data, fmt_driver_fn_t fmt) tor_assert(fmt); STRMAP_FOREACH(store->entries, key, const smartlist_t *, entries) { + /* Indicate that we've formatted the comment already for the entries. */ + bool comment_formatted = false; SMARTLIST_FOREACH_BEGIN(entries, const metrics_store_entry_t *, entry) { - fmt(entry, data); + fmt(entry, data, comment_formatted); + comment_formatted = true; } SMARTLIST_FOREACH_END(entry); } STRMAP_FOREACH_END; } @@ -138,3 +144,14 @@ metrics_store_get_output(const metrics_format_t fmt, // LCOV_EXCL_STOP } } + +/** Reset a store as in free its content. */ +void +metrics_store_reset(metrics_store_t *store) +{ + if (store == NULL) { + return; + } + strmap_free(store->entries, metrics_store_free_void); + store->entries = strmap_new(); +} diff --git a/src/lib/metrics/metrics_store.h b/src/lib/metrics/metrics_store.h index 9640a5e016..d85f484bd6 100644 --- a/src/lib/metrics/metrics_store.h +++ b/src/lib/metrics/metrics_store.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -28,6 +28,7 @@ metrics_store_t *metrics_store_new(void); metrics_store_entry_t *metrics_store_add(metrics_store_t *store, metrics_type_t type, const char *name, const char *help); +void metrics_store_reset(metrics_store_t *store); /* Accessors. */ smartlist_t *metrics_store_get_all(const metrics_store_t *store, diff --git a/src/lib/metrics/metrics_store_entry.c b/src/lib/metrics/metrics_store_entry.c index 44ebb5cb84..482ec8d7d9 100644 --- a/src/lib/metrics/metrics_store_entry.c +++ b/src/lib/metrics/metrics_store_entry.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/metrics/metrics_store_entry.h b/src/lib/metrics/metrics_store_entry.h index 8e8a8f3917..e4dc7a8b9a 100644 --- a/src/lib/metrics/metrics_store_entry.h +++ b/src/lib/metrics/metrics_store_entry.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -40,7 +40,7 @@ struct metrics_store_entry_t { } u; }; -#endif /* METRICS_STORE_ENTRY_PRIVATE */ +#endif /* defined(METRICS_STORE_ENTRY_PRIVATE) */ typedef struct metrics_store_entry_t metrics_store_entry_t; diff --git a/src/lib/metrics/prometheus.c b/src/lib/metrics/prometheus.c index c2b54e436f..aac23ac92e 100644 --- a/src/lib/metrics/prometheus.c +++ b/src/lib/metrics/prometheus.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -42,14 +42,17 @@ format_labels(smartlist_t *labels) /** Format the given entry in to the buffer data. */ void -prometheus_format_store_entry(const metrics_store_entry_t *entry, buf_t *data) +prometheus_format_store_entry(const metrics_store_entry_t *entry, buf_t *data, + bool no_comment) { tor_assert(entry); tor_assert(data); - buf_add_printf(data, "# HELP %s %s\n", entry->name, entry->help); - buf_add_printf(data, "# TYPE %s %s\n", entry->name, - metrics_type_to_str(entry->type)); + if (!no_comment) { + buf_add_printf(data, "# HELP %s %s\n", entry->name, entry->help); + buf_add_printf(data, "# TYPE %s %s\n", entry->name, + metrics_type_to_str(entry->type)); + } buf_add_printf(data, "%s%s %" PRIi64 "\n", entry->name, format_labels(entry->labels), metrics_store_entry_get_value(entry)); diff --git a/src/lib/metrics/prometheus.h b/src/lib/metrics/prometheus.h index eea26e8ac4..faa7681daa 100644 --- a/src/lib/metrics/prometheus.h +++ b/src/lib/metrics/prometheus.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -13,6 +13,6 @@ #include "lib/metrics/metrics_store_entry.h" void prometheus_format_store_entry(const metrics_store_entry_t *entry, - buf_t *data); + buf_t *data, bool no_comment); #endif /* !defined(TOR_LIB_METRICS_PROMETHEUS_H) */ diff --git a/src/lib/net/address.c b/src/lib/net/address.c index 21794fb4fc..085eb8c458 100644 --- a/src/lib/net/address.c +++ b/src/lib/net/address.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -2005,20 +2005,15 @@ parse_port_range(const char *port, uint16_t *port_min_out, char *endptr = NULL; port_min = (int)tor_parse_long(port, 10, 0, 65535, &ok, &endptr); if (!ok) { - log_warn(LD_GENERAL, - "Malformed port %s on address range; rejecting.", - escaped(port)); - return -1; - } else if (endptr && *endptr == '-') { + goto malformed_port; + } else if (endptr && *endptr != '\0') { + if (*endptr != '-') + goto malformed_port; port = endptr+1; endptr = NULL; port_max = (int)tor_parse_long(port, 10, 1, 65535, &ok, &endptr); - if (!ok) { - log_warn(LD_GENERAL, - "Malformed port %s on address range; rejecting.", - escaped(port)); - return -1; - } + if (!ok) + goto malformed_port; } else { port_max = port_min; } @@ -2037,6 +2032,11 @@ parse_port_range(const char *port, uint16_t *port_min_out, *port_max_out = (uint16_t) port_max; return 0; + malformed_port: + log_warn(LD_GENERAL, + "Malformed port %s on address range; rejecting.", + escaped(port)); + return -1; } /** Given a host-order <b>addr</b>, call tor_inet_ntop() on it diff --git a/src/lib/net/address.h b/src/lib/net/address.h index 4c79db69d2..6c233eece9 100644 --- a/src/lib/net/address.h +++ b/src/lib/net/address.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/alertsock.c b/src/lib/net/alertsock.c index 537fdcaee4..741ff8447f 100644 --- a/src/lib/net/alertsock.c +++ b/src/lib/net/alertsock.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/alertsock.h b/src/lib/net/alertsock.h index dab4273cf1..79c2dc431a 100644 --- a/src/lib/net/alertsock.h +++ b/src/lib/net/alertsock.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/buffers_net.c b/src/lib/net/buffers_net.c index 4a0eb3bf16..a485aa41c6 100644 --- a/src/lib/net/buffers_net.c +++ b/src/lib/net/buffers_net.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/buffers_net.h b/src/lib/net/buffers_net.h index 556575c3dc..e99b16d83d 100644 --- a/src/lib/net/buffers_net.h +++ b/src/lib/net/buffers_net.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/gethostname.c b/src/lib/net/gethostname.c index 001d95391d..4d7200135e 100644 --- a/src/lib/net/gethostname.c +++ b/src/lib/net/gethostname.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/gethostname.h b/src/lib/net/gethostname.h index 90f8056779..a456934022 100644 --- a/src/lib/net/gethostname.h +++ b/src/lib/net/gethostname.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/inaddr.c b/src/lib/net/inaddr.c index d50ac2440c..0ec3987006 100644 --- a/src/lib/net/inaddr.c +++ b/src/lib/net/inaddr.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/inaddr.h b/src/lib/net/inaddr.h index 8d6766eb5d..3cb21cf2fe 100644 --- a/src/lib/net/inaddr.h +++ b/src/lib/net/inaddr.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/inaddr_st.h b/src/lib/net/inaddr_st.h index b9ee2b86cf..fe84718d81 100644 --- a/src/lib/net/inaddr_st.h +++ b/src/lib/net/inaddr_st.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/nettypes.h b/src/lib/net/nettypes.h index 953673d4c3..16950c64d8 100644 --- a/src/lib/net/nettypes.h +++ b/src/lib/net/nettypes.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/network_sys.c b/src/lib/net/network_sys.c index e95c3ba819..ea331df593 100644 --- a/src/lib/net/network_sys.c +++ b/src/lib/net/network_sys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/network_sys.h b/src/lib/net/network_sys.h index 734533c7e8..d0013589af 100644 --- a/src/lib/net/network_sys.h +++ b/src/lib/net/network_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/resolve.c b/src/lib/net/resolve.c index 68a8c01ef4..0f5c04f480 100644 --- a/src/lib/net/resolve.c +++ b/src/lib/net/resolve.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/resolve.h b/src/lib/net/resolve.h index ef3d9fa176..4eeda230ca 100644 --- a/src/lib/net/resolve.h +++ b/src/lib/net/resolve.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/socket.c b/src/lib/net/socket.c index adc060a735..820a89f8b9 100644 --- a/src/lib/net/socket.c +++ b/src/lib/net/socket.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/socket.h b/src/lib/net/socket.h index 46735fdef0..bb44d49b61 100644 --- a/src/lib/net/socket.h +++ b/src/lib/net/socket.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/net/socketpair.c b/src/lib/net/socketpair.c index d4310020cb..dff51cb680 100644 --- a/src/lib/net/socketpair.c +++ b/src/lib/net/socketpair.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /** * @file socketpair.c diff --git a/src/lib/net/socketpair.h b/src/lib/net/socketpair.h index b07016ab94..84bea0a61b 100644 --- a/src/lib/net/socketpair.h +++ b/src/lib/net/socketpair.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_SOCKETPAIR_H diff --git a/src/lib/net/socks5_status.h b/src/lib/net/socks5_status.h index 90c4305d29..c27b7254c2 100644 --- a/src/lib/net/socks5_status.h +++ b/src/lib/net/socks5_status.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/osinfo/libc.c b/src/lib/osinfo/libc.c index 32cbad0fa2..f52dea41aa 100644 --- a/src/lib/osinfo/libc.c +++ b/src/lib/osinfo/libc.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/osinfo/libc.h b/src/lib/osinfo/libc.h index f4303f8c9c..9c250a4097 100644 --- a/src/lib/osinfo/libc.h +++ b/src/lib/osinfo/libc.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/osinfo/uname.c b/src/lib/osinfo/uname.c index f7f5ede307..20c5775915 100644 --- a/src/lib/osinfo/uname.c +++ b/src/lib/osinfo/uname.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/osinfo/uname.h b/src/lib/osinfo/uname.h index c6b1f43235..78db399e7b 100644 --- a/src/lib/osinfo/uname.h +++ b/src/lib/osinfo/uname.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/daemon.c b/src/lib/process/daemon.c index b3b98a297e..abd1d36576 100644 --- a/src/lib/process/daemon.c +++ b/src/lib/process/daemon.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/daemon.h b/src/lib/process/daemon.h index 23f3117898..35b56b3988 100644 --- a/src/lib/process/daemon.h +++ b/src/lib/process/daemon.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/env.c b/src/lib/process/env.c index 517b655a5e..b8d5676203 100644 --- a/src/lib/process/env.c +++ b/src/lib/process/env.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/env.h b/src/lib/process/env.h index 7838dcaa90..67185c50a8 100644 --- a/src/lib/process/env.h +++ b/src/lib/process/env.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/pidfile.c b/src/lib/process/pidfile.c index e7d9d2c47a..53b2dccde4 100644 --- a/src/lib/process/pidfile.c +++ b/src/lib/process/pidfile.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/pidfile.h b/src/lib/process/pidfile.h index d04302df3a..04c3d454f2 100644 --- a/src/lib/process/pidfile.h +++ b/src/lib/process/pidfile.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/process.c b/src/lib/process/process.c index d69b0ca115..c216d0d154 100644 --- a/src/lib/process/process.c +++ b/src/lib/process/process.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/process.h b/src/lib/process/process.h index 8879ec4f21..687c5cefdb 100644 --- a/src/lib/process/process.h +++ b/src/lib/process/process.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/process_sys.c b/src/lib/process/process_sys.c index c8332ba91e..b54308263a 100644 --- a/src/lib/process/process_sys.c +++ b/src/lib/process/process_sys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/process_sys.h b/src/lib/process/process_sys.h index 97b3aaebd0..bb2191a85c 100644 --- a/src/lib/process/process_sys.h +++ b/src/lib/process/process_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/process_unix.c b/src/lib/process/process_unix.c index 82b2630a5d..15ae03eadf 100644 --- a/src/lib/process/process_unix.c +++ b/src/lib/process/process_unix.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/process_unix.h b/src/lib/process/process_unix.h index a6b8304d48..ab752939b0 100644 --- a/src/lib/process/process_unix.h +++ b/src/lib/process/process_unix.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/process_win32.c b/src/lib/process/process_win32.c index 203df136aa..dfcb17a480 100644 --- a/src/lib/process/process_win32.c +++ b/src/lib/process/process_win32.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/process_win32.h b/src/lib/process/process_win32.h index 0f264c8710..6d1b16031e 100644 --- a/src/lib/process/process_win32.h +++ b/src/lib/process/process_win32.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/restrict.c b/src/lib/process/restrict.c index bf5ae8e500..61ea664bc0 100644 --- a/src/lib/process/restrict.c +++ b/src/lib/process/restrict.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/restrict.h b/src/lib/process/restrict.h index 6173d5a438..c34fcb5a9c 100644 --- a/src/lib/process/restrict.h +++ b/src/lib/process/restrict.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/setuid.c b/src/lib/process/setuid.c index 3cfd520a4f..e802027452 100644 --- a/src/lib/process/setuid.c +++ b/src/lib/process/setuid.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/setuid.h b/src/lib/process/setuid.h index fec35a1216..40cc82dc36 100644 --- a/src/lib/process/setuid.h +++ b/src/lib/process/setuid.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/waitpid.c b/src/lib/process/waitpid.c index 014bcf2927..d98c71c8f2 100644 --- a/src/lib/process/waitpid.c +++ b/src/lib/process/waitpid.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/process/waitpid.h b/src/lib/process/waitpid.h index 171cf206fb..1af8a41506 100644 --- a/src/lib/process/waitpid.h +++ b/src/lib/process/waitpid.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2020, The Tor Project, Inc. */ +/* Copyright (c) 2011-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pub_binding_st.h b/src/lib/pubsub/pub_binding_st.h index e35f246c57..b3e418c8a3 100644 --- a/src/lib/pubsub/pub_binding_st.h +++ b/src/lib/pubsub/pub_binding_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub.h b/src/lib/pubsub/pubsub.h index d0a4d317f3..9e39f46403 100644 --- a/src/lib/pubsub/pubsub.h +++ b/src/lib/pubsub/pubsub.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub_build.c b/src/lib/pubsub/pubsub_build.c index 3c134f015c..30b9194062 100644 --- a/src/lib/pubsub/pubsub_build.c +++ b/src/lib/pubsub/pubsub_build.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub_build.h b/src/lib/pubsub/pubsub_build.h index 87fcaf458e..ade58debd6 100644 --- a/src/lib/pubsub/pubsub_build.h +++ b/src/lib/pubsub/pubsub_build.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub_builder_st.h b/src/lib/pubsub/pubsub_builder_st.h index 57de1240ee..3f0d7b25ea 100644 --- a/src/lib/pubsub/pubsub_builder_st.h +++ b/src/lib/pubsub/pubsub_builder_st.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub_check.c b/src/lib/pubsub/pubsub_check.c index 84958e101a..99e604d715 100644 --- a/src/lib/pubsub/pubsub_check.c +++ b/src/lib/pubsub/pubsub_check.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub_connect.h b/src/lib/pubsub/pubsub_connect.h index b0d6ae7e92..0019aebed0 100644 --- a/src/lib/pubsub/pubsub_connect.h +++ b/src/lib/pubsub/pubsub_connect.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub_flags.h b/src/lib/pubsub/pubsub_flags.h index 9912c1ae89..d9c94e1326 100644 --- a/src/lib/pubsub/pubsub_flags.h +++ b/src/lib/pubsub/pubsub_flags.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub_macros.h b/src/lib/pubsub/pubsub_macros.h index 4f5b60c19b..6be45630cf 100644 --- a/src/lib/pubsub/pubsub_macros.h +++ b/src/lib/pubsub/pubsub_macros.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub_publish.c b/src/lib/pubsub/pubsub_publish.c index 84c7dae02c..5ea2988826 100644 --- a/src/lib/pubsub/pubsub_publish.c +++ b/src/lib/pubsub/pubsub_publish.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/pubsub/pubsub_publish.h b/src/lib/pubsub/pubsub_publish.h index d9d6fa9ba5..2c6529b05f 100644 --- a/src/lib/pubsub/pubsub_publish.h +++ b/src/lib/pubsub/pubsub_publish.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001, Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 7a57554ace..6800fa062b 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -58,6 +58,10 @@ #include <linux/futex.h> #include <sys/file.h> +#ifdef ENABLE_FRAGILE_HARDENING +#include <sys/ptrace.h> +#endif + #include <stdarg.h> #include <seccomp.h> #include <signal.h> @@ -148,7 +152,11 @@ static sandbox_cfg_t *filter_dynamic = NULL; static int filter_nopar_gen[] = { SCMP_SYS(access), SCMP_SYS(brk), +#ifdef __NR_clock_gettime64 + SCMP_SYS(clock_gettime64), +#else SCMP_SYS(clock_gettime), +#endif SCMP_SYS(close), SCMP_SYS(clone), SCMP_SYS(dup), @@ -194,6 +202,9 @@ static int filter_nopar_gen[] = { SCMP_SYS(getgid32), #endif SCMP_SYS(getpid), +#ifdef ENABLE_FRAGILE_HARDENING + SCMP_SYS(getppid), +#endif #ifdef __NR_getrlimit SCMP_SYS(getrlimit), #endif @@ -247,6 +258,9 @@ static int filter_nopar_gen[] = { SCMP_SYS(sigreturn), #endif SCMP_SYS(stat), +#if defined(__i386__) && defined(__NR_statx) + SCMP_SYS(statx), +#endif SCMP_SYS(uname), SCMP_SYS(wait4), SCMP_SYS(write), @@ -345,6 +359,7 @@ sb_rt_sigaction(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return rc; } +#ifdef __NR_time /** * Function responsible for setting up the time syscall for * the seccomp filter sandbox. @@ -353,13 +368,11 @@ static int sb_time(scmp_filter_ctx ctx, sandbox_cfg_t *filter) { (void) filter; -#ifdef __NR_time + return seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(time), SCMP_CMP(0, SCMP_CMP_EQ, 0)); -#else - return 0; -#endif /* defined(__NR_time) */ } +#endif /* defined(__NR_time) */ /** * Function responsible for setting up the accept4 syscall for @@ -538,6 +551,24 @@ sb_open(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int use_openat = libc_uses_openat_for_open(); +#ifdef ENABLE_FRAGILE_HARDENING + /* AddressSanitizer uses the "open" syscall to access information about the + * running process via the filesystem, so that call must be allowed without + * restriction or the sanitizer will be unable to execute normally when the + * process terminates. */ + rc = seccomp_rule_add_0(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open)); + if (rc != 0) { + log_err(LD_BUG,"(Sandbox) failed to add open syscall, received " + "libseccomp error %d", rc); + return rc; + } + + /* If glibc also uses only the "open" syscall to open files on this system + * there is no need to consider any additional rules. */ + if (!use_openat) + return 0; +#endif + // for each dynamic parameter filters for (elem = filter; elem != NULL; elem = elem->next) { smp_param_t *param = elem->param; @@ -581,6 +612,32 @@ sb_chmod(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return 0; } +#ifdef __i386__ +static int +sb_chown32(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + int rc; + sandbox_cfg_t *elem = NULL; + + // for each dynamic parameter filters + for (elem = filter; elem != NULL; elem = elem->next) { + smp_param_t *param = elem->param; + + if (param != NULL && param->prot == 1 && param->syscall + == SCMP_SYS(chown32)) { + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(chown32), + SCMP_CMP_STR(0, SCMP_CMP_EQ, param->value)); + if (rc != 0) { + log_err(LD_BUG,"(Sandbox) failed to add chown32 syscall, received " + "libseccomp error %d", rc); + return rc; + } + } + } + + return 0; +} +#else static int sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter) { @@ -605,6 +662,7 @@ sb_chown(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return 0; } +#endif /* defined(__i386__) */ /** * Function responsible for setting up the rename syscall for @@ -693,6 +751,34 @@ sb_opendir(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return 0; } +#ifdef ENABLE_FRAGILE_HARDENING +/** + * Function responsible for setting up the ptrace syscall for + * the seccomp filter sandbox. + */ +static int +sb_ptrace(scmp_filter_ctx ctx, sandbox_cfg_t *filter) +{ + int rc; + pid_t pid = getpid(); + (void) filter; + + rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ptrace), + SCMP_CMP(0, SCMP_CMP_EQ, PTRACE_ATTACH), + SCMP_CMP(1, SCMP_CMP_EQ, pid)); + if (rc) + return rc; + + rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(ptrace), + SCMP_CMP(0, SCMP_CMP_EQ, PTRACE_GETREGS), + SCMP_CMP(1, SCMP_CMP_EQ, pid)); + if (rc) + return rc; + + return 0; +} +#endif + /** * Function responsible for setting up the socket syscall for * the seccomp filter sandbox. @@ -740,7 +826,7 @@ sb_socket(scmp_filter_ctx ctx, sandbox_cfg_t *filter) SCMP_CMP(2, SCMP_CMP_EQ, IPPROTO_IP)); if (rc) return rc; -#endif +#endif /* defined(ENABLE_NSS) */ rc = seccomp_rule_add_3(ctx, SCMP_ACT_ALLOW, SCMP_SYS(socket), SCMP_CMP(0, SCMP_CMP_EQ, PF_UNIX), @@ -868,6 +954,14 @@ sb_setsockopt(scmp_filter_ctx ctx, sandbox_cfg_t *filter) return rc; #endif /* defined(IPV6_V6ONLY) */ +#ifdef IP_BIND_ADDRESS_NO_PORT + rc = seccomp_rule_add_2(ctx, SCMP_ACT_ALLOW, SCMP_SYS(setsockopt), + SCMP_CMP(1, SCMP_CMP_EQ, SOL_IP), + SCMP_CMP(2, SCMP_CMP_EQ, IP_BIND_ADDRESS_NO_PORT)); + if (rc) + return rc; +#endif + return 0; } @@ -1015,6 +1109,18 @@ sb_prctl(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int rc = 0; (void) filter; +#ifdef ENABLE_FRAGILE_HARDENING + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), + SCMP_CMP(0, SCMP_CMP_EQ, PR_GET_DUMPABLE)); + if (rc) + return rc; + + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), + SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_PTRACER)); + if (rc) + return rc; +#endif + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(prctl), SCMP_CMP(0, SCMP_CMP_EQ, PR_SET_DUMPABLE)); if (rc) @@ -1059,6 +1165,13 @@ sb_rt_sigprocmask(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int rc = 0; (void) filter; +#ifdef ENABLE_FRAGILE_HARDENING + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), + SCMP_CMP(0, SCMP_CMP_EQ, SIG_BLOCK)); + if (rc) + return rc; +#endif + rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), SCMP_CMP(0, SCMP_CMP_EQ, SIG_UNBLOCK)); if (rc) @@ -1198,16 +1311,25 @@ sb_kill(scmp_filter_ctx ctx, sandbox_cfg_t *filter) static sandbox_filter_func_t filter_func[] = { sb_rt_sigaction, sb_rt_sigprocmask, +#ifdef __NR_time sb_time, +#endif sb_accept4, #ifdef __NR_mmap2 sb_mmap2, #endif +#ifdef __i386__ + sb_chown32, +#else sb_chown, +#endif sb_chmod, sb_open, sb_openat, sb_opendir, +#ifdef ENABLE_FRAGILE_HARDENING + sb_ptrace, +#endif sb_rename, #ifdef __NR_fcntl64 sb_fcntl64, @@ -1474,6 +1596,12 @@ new_element(int syscall, char *value) return new_element2(syscall, value, NULL); } +#ifdef __i386__ +#define SCMP_chown SCMP_SYS(chown32) +#else +#define SCMP_chown SCMP_SYS(chown) +#endif + #ifdef __NR_stat64 #define SCMP_stat SCMP_SYS(stat64) #else @@ -1524,7 +1652,7 @@ sandbox_cfg_allow_chown_filename(sandbox_cfg_t **cfg, char *file) { sandbox_cfg_t *elem = NULL; - elem = new_element(SCMP_SYS(chown), file); + elem = new_element(SCMP_chown, file); elem->next = *cfg; *cfg = elem; @@ -1719,7 +1847,7 @@ get_syscall_from_ucontext(const ucontext_t *ctx) { return (int) ctx->uc_mcontext.M_SYSCALL; } -#else +#else /* !defined(SYSCALL_NAME_DEBUGGING) */ static const char * get_syscall_name(int syscall_num) { @@ -1732,7 +1860,7 @@ get_syscall_from_ucontext(const ucontext_t *ctx) (void) ctx; return -1; } -#endif +#endif /* defined(SYSCALL_NAME_DEBUGGING) */ #ifdef USE_BACKTRACE #define MAX_DEPTH 256 diff --git a/src/lib/sandbox/sandbox.h b/src/lib/sandbox/sandbox.h index eba99afbde..17d32d16de 100644 --- a/src/lib/sandbox/sandbox.h +++ b/src/lib/sandbox/sandbox.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/smartlist_core/smartlist_core.c b/src/lib/smartlist_core/smartlist_core.c index 571d17aa5d..f0c1f8aae7 100644 --- a/src/lib/smartlist_core/smartlist_core.c +++ b/src/lib/smartlist_core/smartlist_core.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/smartlist_core/smartlist_core.h b/src/lib/smartlist_core/smartlist_core.h index de6fe69d3a..9af49269ef 100644 --- a/src/lib/smartlist_core/smartlist_core.h +++ b/src/lib/smartlist_core/smartlist_core.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/smartlist_core/smartlist_foreach.h b/src/lib/smartlist_core/smartlist_foreach.h index 03edb80f05..977865c17e 100644 --- a/src/lib/smartlist_core/smartlist_foreach.h +++ b/src/lib/smartlist_core/smartlist_foreach.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/smartlist_core/smartlist_split.c b/src/lib/smartlist_core/smartlist_split.c index b76b87406d..e275e87051 100644 --- a/src/lib/smartlist_core/smartlist_split.c +++ b/src/lib/smartlist_core/smartlist_split.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/smartlist_core/smartlist_split.h b/src/lib/smartlist_core/smartlist_split.h index fc964201e9..07ded4c0ab 100644 --- a/src/lib/smartlist_core/smartlist_split.h +++ b/src/lib/smartlist_core/smartlist_split.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/compat_ctype.c b/src/lib/string/compat_ctype.c index a7668bfbfb..87b39c3516 100644 --- a/src/lib/string/compat_ctype.c +++ b/src/lib/string/compat_ctype.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/compat_ctype.h b/src/lib/string/compat_ctype.h index 53ee6066f8..d7a939cbd1 100644 --- a/src/lib/string/compat_ctype.h +++ b/src/lib/string/compat_ctype.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/compat_string.c b/src/lib/string/compat_string.c index 2bd3c2f2b4..c7d809c997 100644 --- a/src/lib/string/compat_string.c +++ b/src/lib/string/compat_string.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/compat_string.h b/src/lib/string/compat_string.h index 5c9bf05ebd..57f08580bb 100644 --- a/src/lib/string/compat_string.h +++ b/src/lib/string/compat_string.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/parse_int.c b/src/lib/string/parse_int.c index 11ce0fa415..9beaf9462e 100644 --- a/src/lib/string/parse_int.c +++ b/src/lib/string/parse_int.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/parse_int.h b/src/lib/string/parse_int.h index 27939ade61..0bc98b1ef5 100644 --- a/src/lib/string/parse_int.h +++ b/src/lib/string/parse_int.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/printf.c b/src/lib/string/printf.c index 86d860935e..bd35b76d1b 100644 --- a/src/lib/string/printf.c +++ b/src/lib/string/printf.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -8,9 +8,9 @@ * \brief Compatibility wrappers around snprintf and its friends **/ +#include "lib/cc/torint.h" #include "lib/string/printf.h" #include "lib/err/torerr.h" -#include "lib/cc/torint.h" #include "lib/malloc/malloc.h" #include <stdlib.h> @@ -45,7 +45,7 @@ tor_vsnprintf(char *str, size_t size, const char *format, va_list args) return -1; /* no place for the NUL */ if (size > SIZE_T_CEILING) return -1; -#ifdef _WIN32 +#if defined(_WIN32) && !defined(HAVE_VSNPRINTF) r = _vsnprintf(str, size, format, args); #else r = vsnprintf(str, size, format, args); diff --git a/src/lib/string/printf.h b/src/lib/string/printf.h index 5ab751b338..b1923a37a4 100644 --- a/src/lib/string/printf.h +++ b/src/lib/string/printf.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/scanf.c b/src/lib/string/scanf.c index 89d1683204..cfa75b5582 100644 --- a/src/lib/string/scanf.c +++ b/src/lib/string/scanf.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/scanf.h b/src/lib/string/scanf.h index 67e9c5eb78..6defbb8ea0 100644 --- a/src/lib/string/scanf.h +++ b/src/lib/string/scanf.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/util_string.c b/src/lib/string/util_string.c index ba5f9f2203..b1c0a11439 100644 --- a/src/lib/string/util_string.c +++ b/src/lib/string/util_string.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/string/util_string.h b/src/lib/string/util_string.h index 15d35415fe..cf63d53f37 100644 --- a/src/lib/string/util_string.h +++ b/src/lib/string/util_string.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/subsys/subsys.h b/src/lib/subsys/subsys.h index abfc82d56a..e9b45dc142 100644 --- a/src/lib/subsys/subsys.h +++ b/src/lib/subsys/subsys.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/term/getpass.c b/src/lib/term/getpass.c index d2d6cb2b7b..ad94bf402c 100644 --- a/src/lib/term/getpass.c +++ b/src/lib/term/getpass.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/term/getpass.h b/src/lib/term/getpass.h index b080ad2473..ea059b7943 100644 --- a/src/lib/term/getpass.h +++ b/src/lib/term/getpass.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/testsupport/testsupport.h b/src/lib/testsupport/testsupport.h index 165c497f71..72e76a6d96 100644 --- a/src/lib/testsupport/testsupport.h +++ b/src/lib/testsupport/testsupport.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/thread/compat_pthreads.c b/src/lib/thread/compat_pthreads.c index d143b80252..61de020a2e 100644 --- a/src/lib/thread/compat_pthreads.c +++ b/src/lib/thread/compat_pthreads.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/thread/compat_threads.c b/src/lib/thread/compat_threads.c index 75ade9c9f2..dca034f9e9 100644 --- a/src/lib/thread/compat_threads.c +++ b/src/lib/thread/compat_threads.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/thread/compat_winthreads.c b/src/lib/thread/compat_winthreads.c index fcc9c0279b..f28cdcca00 100644 --- a/src/lib/thread/compat_winthreads.c +++ b/src/lib/thread/compat_winthreads.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -144,13 +144,17 @@ tor_threadlocal_set(tor_threadlocal_t *threadlocal, void *value) int tor_cond_wait(tor_cond_t *cond, tor_mutex_t *lock_, const struct timeval *tv) { - CRITICAL_SECTION *lock = &lock_->mutex; + // recursive SRW locks are not supported because they need extra logic for + // acquiring and releasing but SleepConditionVariableSRW will use the OS + // lock release function which lacks our extra logic + tor_assert(lock_->type == NON_RECURSIVE); + SRWLOCK *lock = &lock_->mutex; DWORD ms = INFINITE; if (tv) { ms = tv->tv_sec*1000 + (tv->tv_usec+999)/1000; } - BOOL ok = SleepConditionVariableCS(&cond->cond, lock, ms); + BOOL ok = SleepConditionVariableSRW(&cond->cond, lock, ms, 0); if (!ok) { DWORD err = GetLastError(); if (err == ERROR_TIMEOUT) { diff --git a/src/lib/thread/numcpus.c b/src/lib/thread/numcpus.c index 18454ce3ad..40fac7dbe4 100644 --- a/src/lib/thread/numcpus.c +++ b/src/lib/thread/numcpus.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -53,10 +53,10 @@ compute_num_cpus_impl(void) cpus = cpus_onln; } else if (cpus_onln > 0 && cpus_conf > 0) { if (cpus_onln < cpus_conf) { - log_notice(LD_GENERAL, "I think we have %ld CPUS, but only %ld of them " - "are available. Telling Tor to only use %ld. You can over" - "ride this with the NumCPUs option", - cpus_conf, cpus_onln, cpus_onln); + log_info(LD_GENERAL, "I think we have %ld CPUS, but only %ld of them " + "are available. Telling Tor to only use %ld. You can over" + "ride this with the NumCPUs option", + cpus_conf, cpus_onln, cpus_onln); } cpus = cpus_onln; } @@ -70,7 +70,11 @@ compute_num_cpus_impl(void) #endif /* defined(_WIN32) || ... */ } -#define MAX_DETECTABLE_CPUS 16 +/** This is an arbitrary number but at this point in time, it is not that + * uncommon to see servers up to that amount of CPUs. Most servers will likely + * be around 16 to 32 cores now. Lets take advantage of large machines! The + * "NumCPUs" torrc option overrides this maximum. */ +#define MAX_DETECTABLE_CPUS 128 /** Return how many CPUs we are running with. We assume that nobody is * using hot-swappable CPUs, so we don't recompute this after the first diff --git a/src/lib/thread/numcpus.h b/src/lib/thread/numcpus.h index 65e6c430cf..8b7bd96968 100644 --- a/src/lib/thread/numcpus.h +++ b/src/lib/thread/numcpus.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/thread/thread_sys.h b/src/lib/thread/thread_sys.h index 6206fac9d6..f764cfdc60 100644 --- a/src/lib/thread/thread_sys.h +++ b/src/lib/thread/thread_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/thread/threads.h b/src/lib/thread/threads.h index ead4dc3874..d74a7dc429 100644 --- a/src/lib/thread/threads.h +++ b/src/lib/thread/threads.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/time/compat_time.c b/src/lib/time/compat_time.c index 9a5ce062d7..eb716259c4 100644 --- a/src/lib/time/compat_time.c +++ b/src/lib/time/compat_time.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/time/compat_time.h b/src/lib/time/compat_time.h index 08fd0f0c25..da96023894 100644 --- a/src/lib/time/compat_time.h +++ b/src/lib/time/compat_time.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/time/time_sys.c b/src/lib/time/time_sys.c index 1c1bc4cd18..9bdf64403f 100644 --- a/src/lib/time/time_sys.c +++ b/src/lib/time/time_sys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/time/time_sys.h b/src/lib/time/time_sys.h index f2401e1911..e4ca9909f8 100644 --- a/src/lib/time/time_sys.h +++ b/src/lib/time/time_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/time/tvdiff.c b/src/lib/time/tvdiff.c index 14a89bc76e..42470d86dc 100644 --- a/src/lib/time/tvdiff.c +++ b/src/lib/time/tvdiff.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/time/tvdiff.h b/src/lib/time/tvdiff.h index e779e758f1..62af727063 100644 --- a/src/lib/time/tvdiff.h +++ b/src/lib/time/tvdiff.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/buffers_tls.c b/src/lib/tls/buffers_tls.c index de0e9cb4ef..3b6deea7f2 100644 --- a/src/lib/tls/buffers_tls.c +++ b/src/lib/tls/buffers_tls.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/buffers_tls.h b/src/lib/tls/buffers_tls.h index ed391cefbd..4a903843ed 100644 --- a/src/lib/tls/buffers_tls.h +++ b/src/lib/tls/buffers_tls.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/nss_countbytes.c b/src/lib/tls/nss_countbytes.c index 4b98df80ec..4d57d0cc29 100644 --- a/src/lib/tls/nss_countbytes.c +++ b/src/lib/tls/nss_countbytes.c @@ -1,4 +1,4 @@ -/* Copyright 2018-2020, The Tor Project Inc. */ +/* Copyright 2018-2021, The Tor Project Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/nss_countbytes.h b/src/lib/tls/nss_countbytes.h index 36ed55e10d..47aab05d31 100644 --- a/src/lib/tls/nss_countbytes.h +++ b/src/lib/tls/nss_countbytes.h @@ -1,4 +1,4 @@ -/* Copyright 2018-2020, The Tor Project, Inc. */ +/* Copyright 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/tortls.c b/src/lib/tls/tortls.c index 9e70e54725..80f16e1c74 100644 --- a/src/lib/tls/tortls.c +++ b/src/lib/tls/tortls.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/tortls.h b/src/lib/tls/tortls.h index 3703ecad56..96f93e2679 100644 --- a/src/lib/tls/tortls.h +++ b/src/lib/tls/tortls.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_TORTLS_H diff --git a/src/lib/tls/tortls_internal.h b/src/lib/tls/tortls_internal.h index 3f56f181ee..a4c6b87cac 100644 --- a/src/lib/tls/tortls_internal.h +++ b/src/lib/tls/tortls_internal.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index 25446a81af..392747e930 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -588,6 +588,10 @@ tor_tls_write(tor_tls_t *tls, const char *cp, size_t n) tor_assert(cp || n == 0); tor_assert(n < INT_MAX); + if (n == 0) { + return 0; + } + PRInt32 rv = PR_Write(tls->ssl, cp, (int)n); // log_debug(LD_NET, "PR_Write(%zu) returned %d", n, (int)rv); if (rv > 0) { diff --git a/src/lib/tls/tortls_openssl.c b/src/lib/tls/tortls_openssl.c index 78ecc25a35..77de2d6a11 100644 --- a/src/lib/tls/tortls_openssl.c +++ b/src/lib/tls/tortls_openssl.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -701,6 +701,12 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, /* let us realloc bufs that we're writing from */ SSL_CTX_set_mode(result->ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); +#ifdef SSL_OP_TLSEXT_PADDING + /* Adds a padding extension to ensure the ClientHello size is never between + * 256 and 511 bytes in length. */ + SSL_CTX_set_options(result->ctx, SSL_OP_TLSEXT_PADDING); +#endif + return result; error: diff --git a/src/lib/tls/tortls_st.h b/src/lib/tls/tortls_st.h index 34abe52ee3..b27e73b15f 100644 --- a/src/lib/tls/tortls_st.h +++ b/src/lib/tls/tortls_st.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_TORTLS_ST_H @@ -80,7 +80,7 @@ struct tor_tls_t { uint64_t last_write_count; uint64_t last_read_count; long last_error; -#endif +#endif /* defined(ENABLE_NSS) */ }; #endif /* !defined(TOR_TORTLS_ST_H) */ diff --git a/src/lib/tls/tortls_sys.h b/src/lib/tls/tortls_sys.h index 177c198f71..74efb21d7e 100644 --- a/src/lib/tls/tortls_sys.h +++ b/src/lib/tls/tortls_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/x509.c b/src/lib/tls/x509.c index 2515499298..819c497f1c 100644 --- a/src/lib/tls/x509.c +++ b/src/lib/tls/x509.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/x509.h b/src/lib/tls/x509.h index 5919b9089d..deaefb969f 100644 --- a/src/lib/tls/x509.h +++ b/src/lib/tls/x509.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_X509_H diff --git a/src/lib/tls/x509_internal.h b/src/lib/tls/x509_internal.h index 145be7e71c..9e5b6f0d00 100644 --- a/src/lib/tls/x509_internal.h +++ b/src/lib/tls/x509_internal.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_X509_INTERNAL_H diff --git a/src/lib/tls/x509_nss.c b/src/lib/tls/x509_nss.c index 9ee92e9fb0..1034d1c39d 100644 --- a/src/lib/tls/x509_nss.c +++ b/src/lib/tls/x509_nss.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/tls/x509_openssl.c b/src/lib/tls/x509_openssl.c index 2abf02851d..249c9c6688 100644 --- a/src/lib/tls/x509_openssl.c +++ b/src/lib/tls/x509_openssl.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/trace/debug.h b/src/lib/trace/debug.h index 4ee14fab8d..f9d536b301 100644 --- a/src/lib/trace/debug.h +++ b/src/lib/trace/debug.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -28,7 +28,7 @@ log_debug(LD_GENERAL, "Tracepoint \"" XSTR(event_name) "\" from " \ "subsystem \"" XSTR(subsystem) "\" hit.") -#else /* defined(USE_TRACING_INSTRUMENTATION_LOG_DEBUG) */ +#else /* !defined(USE_TRACING_INSTRUMENTATION_LOG_DEBUG) */ /* NOP the debug event. */ #define TOR_TRACE_LOG_DEBUG(subsystem, name, ...) diff --git a/src/lib/trace/events.h b/src/lib/trace/events.h index ce1604de22..165c1aebc0 100644 --- a/src/lib/trace/events.h +++ b/src/lib/trace/events.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/trace/trace.c b/src/lib/trace/trace.c index 10d11c17c5..5d4e983737 100644 --- a/src/lib/trace/trace.c +++ b/src/lib/trace/trace.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/trace/trace.h b/src/lib/trace/trace.h index 22589dbe94..b94600a383 100644 --- a/src/lib/trace/trace.h +++ b/src/lib/trace/trace.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -26,7 +26,7 @@ tracing_log_warning(void) "purpose, your tor is NOT safe to run."); } -#else +#else /* !defined(HAVE_TRACING) */ /* NOP it. */ #define tracing_log_warning() diff --git a/src/lib/trace/trace_stub.c b/src/lib/trace/trace_stub.c index fddf8c63f0..6db5c8ef1a 100644 --- a/src/lib/trace/trace_stub.c +++ b/src/lib/trace/trace_stub.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/trace/trace_sys.c b/src/lib/trace/trace_sys.c index 2ba0258407..0a68e24433 100644 --- a/src/lib/trace/trace_sys.c +++ b/src/lib/trace/trace_sys.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2019, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/trace/trace_sys.h b/src/lib/trace/trace_sys.h index d4da5a9701..d5b5a2cdf2 100644 --- a/src/lib/trace/trace_sys.h +++ b/src/lib/trace/trace_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2019, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/version/git_revision.c b/src/lib/version/git_revision.c index 09f11aa316..5fcd54c9fe 100644 --- a/src/lib/version/git_revision.c +++ b/src/lib/version/git_revision.c @@ -1,6 +1,6 @@ /* Copyright 2001-2004 Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/lib/version/git_revision.h b/src/lib/version/git_revision.h index 80b6c4734e..cd4d3b2646 100644 --- a/src/lib/version/git_revision.h +++ b/src/lib/version/git_revision.h @@ -1,6 +1,6 @@ /* Copyright 2001-2004 Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_GIT_REVISION_H diff --git a/src/lib/version/torversion.h b/src/lib/version/torversion.h index 679df74381..352f83e129 100644 --- a/src/lib/version/torversion.h +++ b/src/lib/version/torversion.h @@ -1,6 +1,6 @@ /* Copyright 2001-2004 Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_VERSION_H diff --git a/src/lib/version/version.c b/src/lib/version/version.c index ec1d0bea2f..e0a0a78867 100644 --- a/src/lib/version/version.c +++ b/src/lib/version/version.c @@ -1,6 +1,6 @@ /* Copyright 2001-2004 Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/lib/wallclock/approx_time.c b/src/lib/wallclock/approx_time.c index c815f20e51..1399b72f19 100644 --- a/src/lib/wallclock/approx_time.c +++ b/src/lib/wallclock/approx_time.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/wallclock/approx_time.h b/src/lib/wallclock/approx_time.h index 42040a1f52..661e2a3348 100644 --- a/src/lib/wallclock/approx_time.h +++ b/src/lib/wallclock/approx_time.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/wallclock/time_to_tm.c b/src/lib/wallclock/time_to_tm.c index 8c747b4c7b..35f3088610 100644 --- a/src/lib/wallclock/time_to_tm.c +++ b/src/lib/wallclock/time_to_tm.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/wallclock/time_to_tm.h b/src/lib/wallclock/time_to_tm.h index bfa8fa3689..f6d218d71c 100644 --- a/src/lib/wallclock/time_to_tm.h +++ b/src/lib/wallclock/time_to_tm.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/wallclock/timeval.h b/src/lib/wallclock/timeval.h index d7d5bda99f..a04b0c853f 100644 --- a/src/lib/wallclock/timeval.h +++ b/src/lib/wallclock/timeval.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/wallclock/tor_gettimeofday.c b/src/lib/wallclock/tor_gettimeofday.c index a07f83220d..7b768a865e 100644 --- a/src/lib/wallclock/tor_gettimeofday.c +++ b/src/lib/wallclock/tor_gettimeofday.c @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/wallclock/tor_gettimeofday.h b/src/lib/wallclock/tor_gettimeofday.h index c1a8afca3a..b8aab11aa4 100644 --- a/src/lib/wallclock/tor_gettimeofday.h +++ b/src/lib/wallclock/tor_gettimeofday.h @@ -1,6 +1,6 @@ /* Copyright (c) 2003-2004, Roger Dingledine * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/lib/wallclock/wallclock_sys.h b/src/lib/wallclock/wallclock_sys.h index 3997d11e7a..8bbc7a737b 100644 --- a/src/lib/wallclock/wallclock_sys.h +++ b/src/lib/wallclock/wallclock_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/rust/.cargo/config.in b/src/rust/.cargo/config.in deleted file mode 100644 index 6eddc75459..0000000000 --- a/src/rust/.cargo/config.in +++ /dev/null @@ -1,12 +0,0 @@ -[source] - -@RUST_DL@ [source.crates-io] -@RUST_DL@ registry = 'https://github.com/rust-lang/crates.io-index' -@RUST_DL@ replace-with = 'vendored-sources' - -@RUST_DL@ [source.vendored-sources] -@RUST_DL@ directory = '@TOR_RUST_DEPENDENCIES@' - -[build] -@RUST_WARN@ rustflags = [ "-D", "warnings" ] -@RUST_TARGET_PROP@ diff --git a/src/rust/.rustfmt.toml b/src/rust/.rustfmt.toml deleted file mode 100644 index 4ff839dcf3..0000000000 --- a/src/rust/.rustfmt.toml +++ /dev/null @@ -1,12 +0,0 @@ -max_width = 100 -hard_tabs = false -tab_spaces = 4 -newline_style = "Unix" -#use_small_heuristics = "Default" -reorder_imports = true -reorder_modules = true -remove_nested_parens = true -merge_derives = true -use_try_shorthand = false -use_field_init_shorthand = false -force_explicit_abi = true diff --git a/src/rust/Cargo.lock b/src/rust/Cargo.lock deleted file mode 100644 index e2f24b0af7..0000000000 --- a/src/rust/Cargo.lock +++ /dev/null @@ -1,122 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -[[package]] -name = "crypto" -version = "0.0.1" -dependencies = [ - "digest 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)", - "external 0.0.1", - "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", - "rand 0.5.0-pre.2 (registry+https://github.com/rust-lang/crates.io-index)", - "rand_core 0.2.0-pre.0 (registry+https://github.com/rust-lang/crates.io-index)", - "smartlist 0.0.1", - "tor_allocate 0.0.1", - "tor_log 0.1.0", -] - -[[package]] -name = "digest" -version = "0.7.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "generic-array 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] -name = "external" -version = "0.0.1" -dependencies = [ - "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", - "smartlist 0.0.1", - "tor_allocate 0.0.1", -] - -[[package]] -name = "generic-array" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "typenum 1.9.0 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] -name = "libc" -version = "0.2.39" -source = "registry+https://github.com/rust-lang/crates.io-index" - -[[package]] -name = "protover" -version = "0.0.1" -dependencies = [ - "external 0.0.1", - "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", - "smartlist 0.0.1", - "tor_allocate 0.0.1", - "tor_log 0.1.0", - "tor_util 0.0.1", -] - -[[package]] -name = "rand" -version = "0.5.0-pre.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -dependencies = [ - "rand_core 0.2.0-pre.0 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] -name = "rand_core" -version = "0.2.0-pre.0" -source = "registry+https://github.com/rust-lang/crates.io-index" - -[[package]] -name = "smartlist" -version = "0.0.1" -dependencies = [ - "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] -name = "tor_allocate" -version = "0.0.1" -dependencies = [ - "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", -] - -[[package]] -name = "tor_log" -version = "0.1.0" -dependencies = [ - "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", - "tor_allocate 0.0.1", -] - -[[package]] -name = "tor_rust" -version = "0.1.0" -dependencies = [ - "protover 0.0.1", - "tor_util 0.0.1", -] - -[[package]] -name = "tor_util" -version = "0.0.1" -dependencies = [ - "libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)", - "tor_allocate 0.0.1", - "tor_log 0.1.0", -] - -[[package]] -name = "typenum" -version = "1.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" - -[metadata] -"checksum digest 0.7.2 (registry+https://github.com/rust-lang/crates.io-index)" = "00a49051fef47a72c9623101b19bd71924a45cca838826caae3eaa4d00772603" -"checksum generic-array 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ef25c5683767570c2bbd7deba372926a55eaae9982d7726ee2a1050239d45b9d" -"checksum libc 0.2.39 (registry+https://github.com/rust-lang/crates.io-index)" = "f54263ad99207254cf58b5f701ecb432c717445ea2ee8af387334bdd1a03fdff" -"checksum rand 0.5.0-pre.2 (registry+https://github.com/rust-lang/crates.io-index)" = "3795e4701d9628a63a84d0289e66279883b40df165fca7caed7b87122447032a" -"checksum rand_core 0.2.0-pre.0 (registry+https://github.com/rust-lang/crates.io-index)" = "c7255ffbdb188d5be1a69b6f9f3cf187de4207430b9e79ed5b76458a6b20de9a" -"checksum typenum 1.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "13a99dc6780ef33c78780b826cf9d2a78840b72cae9474de4bcaf9051e60ebbd" diff --git a/src/rust/Cargo.toml b/src/rust/Cargo.toml deleted file mode 100644 index de8693ea33..0000000000 --- a/src/rust/Cargo.toml +++ /dev/null @@ -1,26 +0,0 @@ -[workspace] -members = [ - "crypto", - "external", - "protover", - "smartlist", - "tor_allocate", - "tor_log", - "tor_rust", - "tor_util", -] - -# Can remove panic="abort" when this issue is fixed: -# https://github.com/rust-lang/rust/issues/52652 -[profile.dev] -panic = "abort" - -[profile.release] -debug = true -panic = "abort" - -[profile.test] -panic = "abort" - -[profile.bench] -panic = "abort" diff --git a/src/rust/build.rs b/src/rust/build.rs deleted file mode 100644 index 5626b35f75..0000000000 --- a/src/rust/build.rs +++ /dev/null @@ -1,192 +0,0 @@ -//! Build script for Rust modules in Tor. -//! -//! We need to use this because some of our Rust tests need to use some -//! of our C modules, which need to link some external libraries. -//! -//! This script works by looking at a "config.rust" file generated by our -//! configure script, and then building a set of options for cargo to pass to -//! the compiler. - -use std::collections::HashMap; -use std::env; -use std::fs::File; -use std::io; -use std::io::prelude::*; -use std::path::PathBuf; - -/// Wrapper around a key-value map. -struct Config(HashMap<String, String>); - -/// Locate a config.rust file generated by autoconf, starting in the OUT_DIR -/// location provided by cargo and recursing up the directory tree. Note that -/// we need to look in the OUT_DIR, since autoconf will place generated files -/// in the build directory. -fn find_cfg() -> io::Result<String> { - let mut path = PathBuf::from(env::var("OUT_DIR").unwrap()); - loop { - path.push("config.rust"); - if path.exists() { - return Ok(path.to_str().unwrap().to_owned()); - } - path.pop(); // remove config.rust - if !path.pop() { - // can't remove last part of directory - return Err(io::Error::new(io::ErrorKind::NotFound, "No config.rust")); - } - } -} - -impl Config { - /// Find the config.rust file and try to parse it. - /// - /// The file format is a series of lines of the form KEY=VAL, with - /// any blank lines and lines starting with # ignored. - fn load() -> io::Result<Config> { - let path = find_cfg()?; - let f = File::open(&path)?; - let reader = io::BufReader::new(f); - let mut map = HashMap::new(); - for line in reader.lines() { - let s = line?; - if s.trim().starts_with("#") || s.trim() == "" { - continue; - } - let idx = match s.find("=") { - None => { - return Err(io::Error::new(io::ErrorKind::InvalidData, "missing =")); - } - Some(x) => x, - }; - let (var, eq_val) = s.split_at(idx); - let val = &eq_val[1..]; - map.insert(var.to_owned(), val.to_owned()); - } - Ok(Config(map)) - } - - /// Return a reference to the value whose key is 'key'. - /// - /// Panics if 'key' is not found in the configuration. - fn get(&self, key: &str) -> &str { - self.0.get(key).unwrap() - } - - /// Add a dependency on a static C library that is part of Tor, by name. - fn component(&self, s: &str) { - println!("cargo:rustc-link-lib=static={}", s); - } - - /// Add a dependency on a native library that is not part of Tor, by name. - fn dependency(&self, s: &str) { - println!("cargo:rustc-link-lib={}", s); - } - - /// Add a link path, relative to Tor's build directory. - fn link_relpath(&self, s: &str) { - let builddir = self.get("BUILDDIR"); - println!("cargo:rustc-link-search=native={}/{}", builddir, s); - } - - /// Add an absolute link path. - fn link_path(&self, s: &str) { - println!("cargo:rustc-link-search=native={}", s); - } - - /// Parse the CFLAGS in s, looking for -l and -L items, and adding - /// rust configuration as appropriate. - fn from_cflags(&self, s: &str) { - let mut next_is_lib = false; - let mut next_is_path = false; - for ent in self.get(s).split_whitespace() { - if next_is_lib { - self.dependency(ent); - next_is_lib = false; - } else if next_is_path { - self.link_path(ent); - next_is_path = false; - } else if ent == "-l" { - next_is_lib = true; - } else if ent == "-L" { - next_is_path = true; - } else if ent.starts_with("-L") { - self.link_path(&ent[2..]); - } else if ent.starts_with("-l") { - self.dependency(&ent[2..]); - } - } - } -} - -pub fn main() { - let cfg = Config::load().unwrap(); - let package = env::var("CARGO_PKG_NAME").unwrap(); - - match package.as_ref() { - "crypto" => { - // Right now, I'm having a separate configuration for each Rust - // package, since I'm hoping we can trim them down. Once we have a - // second Rust package that needs to use this build script, let's - // extract some of this stuff into a module. - // - // This is a ridiculous amount of code to be pulling in just - // to test our crypto library: modularity would be our - // friend here. - cfg.from_cflags("TOR_LDFLAGS_zlib"); - cfg.from_cflags("TOR_LDFLAGS_openssl"); - cfg.from_cflags("TOR_LDFLAGS_libevent"); - - cfg.link_relpath("src/lib"); - cfg.link_relpath("src/ext/keccak-tiny"); - cfg.link_relpath("src/ext/ed25519/ref10"); - cfg.link_relpath("src/ext/ed25519/donna"); - cfg.link_relpath("src/trunnel"); - - // Note that we can't pull in "libtor-testing", or else we - // will have dependencies on all the other rust packages that - // tor uses. We must be careful with factoring and dependencies - // moving forward! - cfg.component("tor-crypt-ops-testing"); - cfg.component("tor-sandbox-testing"); - cfg.component("tor-encoding-testing"); - cfg.component("tor-fs-testing"); - cfg.component("tor-net-testing"); - cfg.component("tor-buf-testing"); - cfg.component("tor-time-testing"); - cfg.component("tor-thread-testing"); - cfg.component("tor-memarea-testing"); - cfg.component("tor-log-testing"); - cfg.component("tor-lock-testing"); - cfg.component("tor-fdio-testing"); - cfg.component("tor-container-testing"); - cfg.component("tor-smartlist-core-testing"); - cfg.component("tor-string-testing"); - cfg.component("tor-malloc"); - cfg.component("tor-wallclock"); - cfg.component("tor-err-testing"); - cfg.component("tor-version-testing"); - cfg.component("tor-intmath-testing"); - cfg.component("tor-ctime-testing"); - cfg.component("curve25519_donna"); - cfg.component("keccak-tiny"); - cfg.component("ed25519_ref10"); - cfg.component("ed25519_donna"); - cfg.component("or-trunnel-testing"); - - cfg.from_cflags("TOR_ZLIB_LIBS"); - cfg.from_cflags("TOR_LIB_MATH"); - cfg.from_cflags("NSS_LIBS"); - cfg.from_cflags("TOR_OPENSSL_LIBS"); - cfg.from_cflags("TOR_LIBEVENT_LIBS"); - cfg.from_cflags("TOR_LIB_WS32"); - cfg.from_cflags("TOR_LIB_GDI"); - cfg.from_cflags("TOR_LIB_USERENV"); - cfg.from_cflags("CURVE25519_LIBS"); - cfg.from_cflags("TOR_LZMA_LIBS"); - cfg.from_cflags("TOR_ZSTD_LIBS"); - cfg.from_cflags("LIBS"); - } - _ => { - panic!("No configuration in build.rs for package {}", package); - } - } -} diff --git a/src/rust/crypto/Cargo.toml b/src/rust/crypto/Cargo.toml deleted file mode 100644 index a7ff7f78d9..0000000000 --- a/src/rust/crypto/Cargo.toml +++ /dev/null @@ -1,37 +0,0 @@ -[package] -authors = ["The Tor Project", - "Isis Lovecruft <isis@torproject.org>"] -name = "crypto" -version = "0.0.1" -publish = false -build = "../build.rs" - -[lib] -name = "crypto" -path = "lib.rs" - -[dependencies] -libc = "=0.2.39" -digest = "=0.7.2" -rand_core = { version = "=0.2.0-pre.0", default-features = false } - -external = { path = "../external" } -smartlist = { path = "../smartlist" } -tor_allocate = { path = "../tor_allocate" } -tor_log = { path = "../tor_log" } - -[dev-dependencies] -rand = { version = "=0.5.0-pre.2", default-features = false } -rand_core = { version = "=0.2.0-pre.0", default-features = false } - -[features] -# If this feature is enabled, test code which calls Tor C code from Rust will -# execute with `cargo test`. Due to numerous linker issues (#25386), this is -# currently disabled by default. -test-c-from-rust = [] - -# We have to define a feature here because doctests don't get cfg(test), -# and we need to disable some C dependencies when running the doctests -# because of the various linker issues. See -# https://github.com/rust-lang/rust/issues/45599 -test_linking_hack = [] diff --git a/src/rust/crypto/digests/mod.rs b/src/rust/crypto/digests/mod.rs deleted file mode 100644 index 58343b9ca7..0000000000 --- a/src/rust/crypto/digests/mod.rs +++ /dev/null @@ -1,7 +0,0 @@ -// Copyright (c) 2018-2019, The Tor Project, Inc. -// Copyright (c) 2018, isis agora lovecruft -// See LICENSE for licensing information - -//! Hash Digests and eXtendible Output Functions (XOFs) - -pub mod sha2; diff --git a/src/rust/crypto/digests/sha2.rs b/src/rust/crypto/digests/sha2.rs deleted file mode 100644 index 91e8b2b3c9..0000000000 --- a/src/rust/crypto/digests/sha2.rs +++ /dev/null @@ -1,234 +0,0 @@ -// Copyright (c) 2018-2019, The Tor Project, Inc. -// Copyright (c) 2018, isis agora lovecruft -// See LICENSE for licensing information - -//! Hash Digests and eXtendible Output Functions (XOFs) - -pub use digest::Digest; - -use digest::generic_array::typenum::U32; -use digest::generic_array::typenum::U64; -use digest::generic_array::GenericArray; -use digest::BlockInput; -use digest::FixedOutput; -use digest::Input; - -use external::crypto_digest::get_256_bit_digest; -use external::crypto_digest::get_512_bit_digest; -use external::crypto_digest::CryptoDigest; -use external::crypto_digest::DigestAlgorithm; - -pub use external::crypto_digest::DIGEST256_LEN; -pub use external::crypto_digest::DIGEST512_LEN; - -/// The block size for both SHA-256 and SHA-512 digests is 512 bits/64 bytes. -/// -/// Unfortunately, we have to use the generic_array crate currently to express -/// this at compile time. Later, in the future, when Rust implements const -/// generics, we'll be able to remove this dependency (actually, it will get -/// removed from the digest crate, which is currently `pub use`ing it). -type BlockSize = U64; - -/// A SHA2-256 digest. -/// -/// # C_RUST_COUPLED -/// -/// * `crypto_digest_dup` -#[derive(Clone)] -pub struct Sha256 { - engine: CryptoDigest, -} - -/// Construct a new, default instance of a `Sha256` hash digest function. -/// -/// # Examples -/// -/// ```rust,no_run -/// use crypto::digests::sha2::{Sha256, Digest}; -/// -/// let mut hasher: Sha256 = Sha256::default(); -/// ``` -/// -/// # Returns -/// -/// A new `Sha256` digest. -impl Default for Sha256 { - fn default() -> Sha256 { - Sha256 { - engine: CryptoDigest::new(Some(DigestAlgorithm::SHA2_256)), - } - } -} - -impl BlockInput for Sha256 { - type BlockSize = BlockSize; -} - -/// Input `msg` into the digest. -/// -/// # Examples -/// -/// ```rust,no_run -/// use crypto::digests::sha2::{Sha256, Digest}; -/// -/// let mut hasher: Sha256 = Sha256::default(); -/// -/// hasher.input(b"foo"); -/// hasher.input(b"bar"); -/// ``` -impl Input for Sha256 { - fn process(&mut self, msg: &[u8]) { - self.engine.add_bytes(&msg); - } -} - -/// Retrieve the output hash from everything which has been fed into this -/// `Sha256` digest thus far. -/// -// -// FIXME: Once const generics land in Rust, we should genericise calling -// crypto_digest_get_digest in external::crypto_digest. -impl FixedOutput for Sha256 { - type OutputSize = U32; - - fn fixed_result(self) -> GenericArray<u8, Self::OutputSize> { - let buffer: [u8; DIGEST256_LEN] = get_256_bit_digest(self.engine); - - GenericArray::from(buffer) - } -} - -/// A SHA2-512 digest. -/// -/// # C_RUST_COUPLED -/// -/// * `crypto_digest_dup` -#[derive(Clone)] -pub struct Sha512 { - engine: CryptoDigest, -} - -/// Construct a new, default instance of a `Sha512` hash digest function. -/// -/// # Examples -/// -/// ```rust,no_run -/// use crypto::digests::sha2::{Sha512, Digest}; -/// -/// let mut hasher: Sha512 = Sha512::default(); -/// ``` -/// -/// # Returns -/// -/// A new `Sha512` digest. -impl Default for Sha512 { - fn default() -> Sha512 { - Sha512 { - engine: CryptoDigest::new(Some(DigestAlgorithm::SHA2_512)), - } - } -} - -impl BlockInput for Sha512 { - type BlockSize = BlockSize; -} - -/// Input `msg` into the digest. -/// -/// # Examples -/// -/// ```rust,no_run -/// use crypto::digests::sha2::{Sha512, Digest}; -/// -/// let mut hasher: Sha512 = Sha512::default(); -/// -/// hasher.input(b"foo"); -/// hasher.input(b"bar"); -/// ``` -impl Input for Sha512 { - fn process(&mut self, msg: &[u8]) { - self.engine.add_bytes(&msg); - } -} - -/// Retrieve the output hash from everything which has been fed into this -/// `Sha512` digest thus far. -/// -// -// FIXME: Once const generics land in Rust, we should genericise calling -// crypto_digest_get_digest in external::crypto_digest. -impl FixedOutput for Sha512 { - type OutputSize = U64; - - fn fixed_result(self) -> GenericArray<u8, Self::OutputSize> { - let buffer: [u8; DIGEST512_LEN] = get_512_bit_digest(self.engine); - - GenericArray::clone_from_slice(&buffer) - } -} - -#[cfg(test)] -mod test { - #[cfg(feature = "test-c-from-rust")] - use digest::Digest; - - #[cfg(feature = "test-c-from-rust")] - use super::*; - - #[cfg(feature = "test-c-from-rust")] - #[test] - fn sha256_default() { - let _: Sha256 = Sha256::default(); - } - - #[cfg(feature = "test-c-from-rust")] - #[test] - fn sha256_digest() { - let mut h: Sha256 = Sha256::new(); - let mut result: [u8; DIGEST256_LEN] = [0u8; DIGEST256_LEN]; - let expected = [ - 151, 223, 53, 136, 181, 163, 242, 75, 171, 195, 133, 27, 55, 47, 11, 167, 26, 157, 205, - 222, 212, 59, 20, 185, 208, 105, 97, 191, 193, 112, 125, 157, - ]; - - h.input(b"foo"); - h.input(b"bar"); - h.input(b"baz"); - - result.copy_from_slice(h.fixed_result().as_slice()); - - println!("{:?}", &result[..]); - - assert_eq!(result, expected); - } - - #[cfg(feature = "test-c-from-rust")] - #[test] - fn sha512_default() { - let _: Sha512 = Sha512::default(); - } - - #[cfg(feature = "test-c-from-rust")] - #[test] - fn sha512_digest() { - let mut h: Sha512 = Sha512::new(); - let mut result: [u8; DIGEST512_LEN] = [0u8; DIGEST512_LEN]; - - let expected = [ - 203, 55, 124, 16, 176, 245, 166, 44, 128, 54, 37, 167, 153, 217, 233, 8, 190, 69, 231, - 103, 245, 209, 71, 212, 116, 73, 7, 203, 5, 89, 122, 164, 237, 211, 41, 160, 175, 20, - 122, 221, 12, 244, 24, 30, 211, 40, 250, 30, 121, 148, 38, 88, 38, 179, 237, 61, 126, - 246, 240, 103, 202, 153, 24, 90, - ]; - - h.input(b"foo"); - h.input(b"bar"); - h.input(b"baz"); - - result.copy_from_slice(h.fixed_result().as_slice()); - - println!("{:?}", &result[..]); - - assert_eq!(&result[..], &expected[..]); - } -} diff --git a/src/rust/crypto/lib.rs b/src/rust/crypto/lib.rs deleted file mode 100644 index 866ea93547..0000000000 --- a/src/rust/crypto/lib.rs +++ /dev/null @@ -1,46 +0,0 @@ -// Copyright (c) 2018-2019, The Tor Project, Inc. -// Copyright (c) 2018, isis agora lovecruft -// See LICENSE for licensing information - -//! Common cryptographic functions and utilities. -//! -//! # Hash Digests and eXtendable Output Functions (XOFs) -//! -//! The `digests` module contains submodules for specific hash digests -//! and extendable output functions. -//! -//! ```rust,no_run -//! use crypto::digests::sha2::*; -//! -//! let mut hasher: Sha256 = Sha256::default(); -//! let mut result: [u8; 32] = [0u8; 32]; -//! -//! hasher.input(b"foo"); -//! hasher.input(b"bar"); -//! hasher.input(b"baz"); -//! -//! result.copy_from_slice(hasher.result().as_slice()); -//! -//! assert!(result == [b'X'; DIGEST256_LEN]); -//! ``` - -// XXX: add missing docs -//#![deny(missing_docs)] - -// External crates from cargo or TOR_RUST_DEPENDENCIES. -extern crate digest; -extern crate libc; -extern crate rand_core; - -// External dependencies for tests. -#[cfg(test)] -extern crate rand as rand_crate; - -// Our local crates. -extern crate external; -#[cfg(not(test))] -#[macro_use] -extern crate tor_log; - -pub mod digests; // Unfortunately named "digests" plural to avoid name conflict with the digest crate -pub mod rand; diff --git a/src/rust/crypto/rand/mod.rs b/src/rust/crypto/rand/mod.rs deleted file mode 100644 index da8b3bd8a5..0000000000 --- a/src/rust/crypto/rand/mod.rs +++ /dev/null @@ -1,6 +0,0 @@ -// Copyright (c) 2018-2019, The Tor Project, Inc. -// Copyright (c) 2018, isis agora lovecruft -// See LICENSE for licensing information - -// Internal dependencies -pub mod rng; diff --git a/src/rust/crypto/rand/rng.rs b/src/rust/crypto/rand/rng.rs deleted file mode 100644 index 644a5c20b1..0000000000 --- a/src/rust/crypto/rand/rng.rs +++ /dev/null @@ -1,145 +0,0 @@ -// Copyright (c) 2018-2019, The Tor Project, Inc. -// Copyright (c) 2018, isis agora lovecruft -// See LICENSE for licensing information - -//! Wrappers for Tor's random number generators to provide implementations of -//! `rand_core` traits. - -// This is the real implementation, in use in production, which calls into our C -// wrappers in /src/common/crypto_rand.c, which call into OpenSSL, system -// libraries, and make syscalls. -#[cfg(not(test))] -mod internal { - use std::u64; - - use rand_core::impls::next_u32_via_fill; - use rand_core::impls::next_u64_via_fill; - use rand_core::CryptoRng; - use rand_core::Error; - use rand_core::RngCore; - - use external::c_tor_crypto_rand; - use external::c_tor_crypto_seed_rng; - use external::c_tor_crypto_strongest_rand; - - use tor_log::LogDomain; - use tor_log::LogSeverity; - - /// Largest strong entropy request permitted. - // - // C_RUST_COUPLED: `MAX_STRONGEST_RAND_SIZE` /src/common/crypto_rand.c - const MAX_STRONGEST_RAND_SIZE: usize = 256; - - /// A wrapper around OpenSSL's RNG. - pub struct TorRng { - // This private, zero-length field forces the struct to be treated the - // same as its opaque C counterpart. - _unused: [u8; 0], - } - - /// Mark `TorRng` as being suitable for cryptographic purposes. - impl CryptoRng for TorRng {} - - impl TorRng { - // C_RUST_COUPLED: `crypto_seed_rng()` /src/common/crypto_rand.c - #[allow(dead_code)] - pub fn new() -> Self { - if !c_tor_crypto_seed_rng() { - tor_log_msg!( - LogSeverity::Warn, - LogDomain::General, - "TorRng::from_seed()", - "The RNG could not be seeded!" - ); - } - // XXX also log success at info level —isis - TorRng { _unused: [0u8; 0] } - } - } - - impl RngCore for TorRng { - // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c - fn next_u32(&mut self) -> u32 { - next_u32_via_fill(self) - } - - // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c - fn next_u64(&mut self) -> u64 { - next_u64_via_fill(self) - } - - // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c - fn fill_bytes(&mut self, dest: &mut [u8]) { - c_tor_crypto_rand(dest); - } - - // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c - fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { - Ok(self.fill_bytes(dest)) - } - } - - /// A CSPRNG which hashes together randomness from OpenSSL's RNG and entropy - /// obtained from the operating system. - pub struct TorStrongestRng { - // This private, zero-length field forces the struct to be treated the - // same as its opaque C counterpart. - _unused: [u8; 0], - } - - /// Mark `TorRng` as being suitable for cryptographic purposes. - impl CryptoRng for TorStrongestRng {} - - impl TorStrongestRng { - // C_RUST_COUPLED: `crypto_seed_rng()` /src/common/crypto_rand.c - #[allow(dead_code)] - pub fn new() -> Self { - if !c_tor_crypto_seed_rng() { - tor_log_msg!( - LogSeverity::Warn, - LogDomain::General, - "TorStrongestRng::from_seed()", - "The RNG could not be seeded!" - ); - } - // XXX also log success at info level —isis - TorStrongestRng { _unused: [0u8; 0] } - } - } - - impl RngCore for TorStrongestRng { - // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c - fn next_u32(&mut self) -> u32 { - next_u32_via_fill(self) - } - - // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c - fn next_u64(&mut self) -> u64 { - next_u64_via_fill(self) - } - - // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c - fn fill_bytes(&mut self, dest: &mut [u8]) { - debug_assert!(dest.len() <= MAX_STRONGEST_RAND_SIZE); - - c_tor_crypto_strongest_rand(dest); - } - - // C_RUST_COUPLED: `crypto_strongest_rand()` /src/common/crypto_rand.c - fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { - Ok(self.fill_bytes(dest)) - } - } -} - -// For testing, we expose a pure-Rust implementation. -#[cfg(test)] -mod internal { - // It doesn't matter if we pretend ChaCha is a CSPRNG in tests. - pub use rand_crate::ChaChaRng as TorRng; - pub use rand_crate::ChaChaRng as TorStrongestRng; -} - -// Finally, expose the public functionality of whichever appropriate internal -// module. -pub use self::internal::*; diff --git a/src/rust/external/Cargo.toml b/src/rust/external/Cargo.toml deleted file mode 100644 index 5f443645bb..0000000000 --- a/src/rust/external/Cargo.toml +++ /dev/null @@ -1,20 +0,0 @@ -[package] -authors = ["The Tor Project"] -version = "0.0.1" -name = "external" - -[dependencies] -libc = "=0.2.39" -smartlist = { path = "../smartlist" } -tor_allocate = { path = "../tor_allocate" } - -[lib] -name = "external" -path = "lib.rs" - -[features] -# We have to define a feature here because doctests don't get cfg(test), -# and we need to disable some C dependencies when running the doctests -# because of the various linker issues. See -# https://github.com/rust-lang/rust/issues/45599 -test_linking_hack = [] diff --git a/src/rust/external/crypto_digest.rs b/src/rust/external/crypto_digest.rs deleted file mode 100644 index 873f75e7a3..0000000000 --- a/src/rust/external/crypto_digest.rs +++ /dev/null @@ -1,454 +0,0 @@ -// Copyright (c) 2018-2019, The Tor Project, Inc. -// Copyright (c) 2018, isis agora lovecruft -// See LICENSE for licensing information - -//! Bindings to external digest and XOF functions which live within -//! src/common/crypto_digest.[ch]. -//! -//! We wrap our C implementations in src/common/crypto_digest.[ch] with more -//! Rusty types and interfaces in src/rust/crypto/digest/. - -use std::process::abort; - -use libc::c_char; -use libc::c_int; -use libc::size_t; -use libc::uint8_t; - -use smartlist::Stringlist; - -/// Length of the output of our message digest. -pub const DIGEST_LEN: usize = 20; - -/// Length of the output of our second (improved) message digests. (For now -/// this is just sha256, but it could be any other 256-bit digest.) -pub const DIGEST256_LEN: usize = 32; - -/// Length of the output of our 64-bit optimized message digests (SHA512). -pub const DIGEST512_LEN: usize = 64; - -/// Length of a sha1 message digest when encoded in base32 with trailing = signs -/// removed. -pub const BASE32_DIGEST_LEN: usize = 32; - -/// Length of a sha1 message digest when encoded in base64 with trailing = signs -/// removed. -pub const BASE64_DIGEST_LEN: usize = 27; - -/// Length of a sha256 message digest when encoded in base64 with trailing = -/// signs removed. -pub const BASE64_DIGEST256_LEN: usize = 43; - -/// Length of a sha512 message digest when encoded in base64 with trailing = -/// signs removed. -pub const BASE64_DIGEST512_LEN: usize = 86; - -/// Length of hex encoding of SHA1 digest, not including final NUL. -pub const HEX_DIGEST_LEN: usize = 40; - -/// Length of hex encoding of SHA256 digest, not including final NUL. -pub const HEX_DIGEST256_LEN: usize = 64; - -/// Length of hex encoding of SHA512 digest, not including final NUL. -pub const HEX_DIGEST512_LEN: usize = 128; - -/// Our C code uses an enum to declare the digest algorithm types which we know -/// about. However, because enums are implementation-defined in C, we can -/// neither work with them directly nor translate them into Rust enums. -/// Instead, we represent them as a u8 (under the assumption that we'll never -/// support more than 256 hash functions). -#[allow(non_camel_case_types)] -type digest_algorithm_t = u8; - -const DIGEST_SHA1: digest_algorithm_t = 0; -const DIGEST_SHA256: digest_algorithm_t = 1; -const DIGEST_SHA512: digest_algorithm_t = 2; -const DIGEST_SHA3_256: digest_algorithm_t = 3; -const DIGEST_SHA3_512: digest_algorithm_t = 4; - -/// The number of hash digests we produce for a `common_digests_t`. -/// -/// We can't access these from Rust, because their definitions in C require -/// introspecting the `digest_algorithm_t` typedef, which is an enum, so we have -/// to redefine them here. -const N_COMMON_DIGEST_ALGORITHMS: usize = DIGEST_SHA256 as usize + 1; - -/// A digest function. -#[repr(C)] -#[derive(Debug, Copy, Clone)] -#[allow(non_camel_case_types)] -struct crypto_digest_t { - // This private, zero-length field forces the struct to be treated the same - // as its opaque C counterpart. - _unused: [u8; 0], -} - -/// An eXtendible Output Function (XOF). -#[repr(C)] -#[derive(Debug, Copy, Clone)] -#[allow(non_camel_case_types)] -struct crypto_xof_t { - // This private, zero-length field forces the struct to be treated the same - // as its opaque C counterpart. - _unused: [u8; 0], -} - -/// A set of all the digests we commonly compute, taken on a single -/// string. Any digests that are shorter than 512 bits are right-padded -/// with 0 bits. -/// -/// Note that this representation wastes 44 bytes for the SHA1 case, so -/// don't use it for anything where we need to allocate a whole bunch at -/// once. -#[repr(C)] -#[derive(Debug, Copy, Clone)] -#[allow(non_camel_case_types)] -struct common_digests_t { - pub d: [[c_char; N_COMMON_DIGEST_ALGORITHMS]; DIGEST256_LEN], -} - -/// A `smartlist_t` is just an alias for the `#[repr(C)]` type `Stringlist`, to -/// make it more clear that we're working with a smartlist which is owned by C. -#[allow(non_camel_case_types)] -// BINDGEN_GENERATED: This type isn't actually bindgen generated, but the code -// below it which uses it is. As such, this comes up as "dead code" as well. -#[allow(dead_code)] -type smartlist_t = Stringlist; - -/// All of the external functions from `src/common/crypto_digest.h`. -/// -/// These are kept private because they should be wrapped with Rust to make their usage safer. -// -// BINDGEN_GENERATED: These definitions were generated with bindgen and cleaned -// up manually. As such, there are more bindings than are likely necessary or -// which are in use. -#[allow(dead_code)] -extern "C" { - fn crypto_digest(digest: *mut c_char, m: *const c_char, len: size_t) -> c_int; - fn crypto_digest256( - digest: *mut c_char, - m: *const c_char, - len: size_t, - algorithm: digest_algorithm_t, - ) -> c_int; - fn crypto_digest512( - digest: *mut c_char, - m: *const c_char, - len: size_t, - algorithm: digest_algorithm_t, - ) -> c_int; - fn crypto_common_digests(ds_out: *mut common_digests_t, m: *const c_char, len: size_t) - -> c_int; - fn crypto_digest_smartlist_prefix( - digest_out: *mut c_char, - len_out: size_t, - prepend: *const c_char, - lst: *const smartlist_t, - append: *const c_char, - alg: digest_algorithm_t, - ); - fn crypto_digest_smartlist( - digest_out: *mut c_char, - len_out: size_t, - lst: *const smartlist_t, - append: *const c_char, - alg: digest_algorithm_t, - ); - fn crypto_digest_algorithm_get_name(alg: digest_algorithm_t) -> *const c_char; - fn crypto_digest_algorithm_get_length(alg: digest_algorithm_t) -> size_t; - fn crypto_digest_algorithm_parse_name(name: *const c_char) -> c_int; - fn crypto_digest_new() -> *mut crypto_digest_t; - fn crypto_digest256_new(algorithm: digest_algorithm_t) -> *mut crypto_digest_t; - fn crypto_digest512_new(algorithm: digest_algorithm_t) -> *mut crypto_digest_t; - fn crypto_digest_free_(digest: *mut crypto_digest_t); - fn crypto_digest_add_bytes(digest: *mut crypto_digest_t, data: *const c_char, len: size_t); - fn crypto_digest_get_digest(digest: *mut crypto_digest_t, out: *mut c_char, out_len: size_t); - fn crypto_digest_dup(digest: *const crypto_digest_t) -> *mut crypto_digest_t; - fn crypto_digest_assign(into: *mut crypto_digest_t, from: *const crypto_digest_t); - fn crypto_hmac_sha256( - hmac_out: *mut c_char, - key: *const c_char, - key_len: size_t, - msg: *const c_char, - msg_len: size_t, - ); - fn crypto_mac_sha3_256( - mac_out: *mut uint8_t, - len_out: size_t, - key: *const uint8_t, - key_len: size_t, - msg: *const uint8_t, - msg_len: size_t, - ); - fn crypto_xof_new() -> *mut crypto_xof_t; - fn crypto_xof_add_bytes(xof: *mut crypto_xof_t, data: *const uint8_t, len: size_t); - fn crypto_xof_squeeze_bytes(xof: *mut crypto_xof_t, out: *mut uint8_t, len: size_t); - fn crypto_xof_free(xof: *mut crypto_xof_t); -} - -/// A wrapper around a `digest_algorithm_t`. -pub enum DigestAlgorithm { - SHA2_256, - SHA2_512, - SHA3_256, - SHA3_512, -} - -impl From<DigestAlgorithm> for digest_algorithm_t { - fn from(digest: DigestAlgorithm) -> digest_algorithm_t { - match digest { - DigestAlgorithm::SHA2_256 => DIGEST_SHA256, - DigestAlgorithm::SHA2_512 => DIGEST_SHA512, - DigestAlgorithm::SHA3_256 => DIGEST_SHA3_256, - DigestAlgorithm::SHA3_512 => DIGEST_SHA3_512, - } - } -} - -/// A wrapper around a mutable pointer to a `crypto_digest_t`. -pub struct CryptoDigest(*mut crypto_digest_t); - -/// Explicitly copy the state of a `CryptoDigest` hash digest context. -/// -/// # C_RUST_COUPLED -/// -/// * `crypto_digest_dup` -impl Clone for CryptoDigest { - fn clone(&self) -> CryptoDigest { - let digest: *mut crypto_digest_t; - - unsafe { - digest = crypto_digest_dup(self.0 as *const crypto_digest_t); - } - - // See the note in the implementation of CryptoDigest for the - // reasoning for `abort()` here. - if digest.is_null() { - abort(); - } - - CryptoDigest(digest) - } -} - -impl CryptoDigest { - /// A wrapper to call one of the C functions `crypto_digest_new`, - /// `crypto_digest256_new`, or `crypto_digest512_new`. - /// - /// # Warnings - /// - /// This function will `abort()` the entire process in an "abnormal" fashion, - /// i.e. not unwinding this or any other thread's stack, running any - /// destructors, or calling any panic/exit hooks) if `tor_malloc()` (called in - /// `crypto_digest256_new()`) is unable to allocate memory. - /// - /// # Returns - /// - /// A new `CryptoDigest`, which is a wrapper around a opaque representation - /// of a `crypto_digest_t`. The underlying `crypto_digest_t` _MUST_ only - /// ever be handled via a raw pointer, and never introspected. - /// - /// # C_RUST_COUPLED - /// - /// * `crypto_digest_new` - /// * `crypto_digest256_new` - /// * `crypto_digest512_new` - /// * `tor_malloc` (called by `crypto_digest256_new`, but we make - /// assumptions about its behaviour and return values here) - pub fn new(algorithm: Option<DigestAlgorithm>) -> CryptoDigest { - let digest: *mut crypto_digest_t; - - if algorithm.is_none() { - unsafe { - digest = crypto_digest_new(); - } - } else { - let algo: digest_algorithm_t = algorithm.unwrap().into(); // can't fail because it's Some - - unsafe { - // XXX This is a pretty awkward API to use from Rust... - digest = match algo { - DIGEST_SHA1 => crypto_digest_new(), - DIGEST_SHA256 => crypto_digest256_new(DIGEST_SHA256), - DIGEST_SHA3_256 => crypto_digest256_new(DIGEST_SHA3_256), - DIGEST_SHA512 => crypto_digest512_new(DIGEST_SHA512), - DIGEST_SHA3_512 => crypto_digest512_new(DIGEST_SHA3_512), - _ => abort(), - } - } - } - - // In our C code, `crypto_digest*_new()` allocates memory with - // `tor_malloc()`. In `tor_malloc()`, if the underlying malloc - // implementation fails to allocate the requested memory and returns a - // NULL pointer, we call `exit(1)`. In the case that this `exit(1)` is - // called within a worker, be that a process or a thread, the inline - // comments within `tor_malloc()` mention "that's ok, since the parent - // will run out of memory soon anyway". However, if it takes long - // enough for the worker to die, and it manages to return a NULL pointer - // to our Rust code, our Rust is now in an irreparably broken state and - // may exhibit undefined behaviour. An even worse scenario, if/when we - // have parent/child processes/threads controlled by Rust, would be that - // the UB contagion in Rust manages to spread to other children before - // the entire process (hopefully terminates). - // - // However, following the assumptions made in `tor_malloc()` that - // calling `exit(1)` in a child is okay because the parent will - // eventually run into the same errors, and also to stymie any UB - // contagion in the meantime, we call abort!() here to terminate the - // entire program immediately. - if digest.is_null() { - abort(); - } - - CryptoDigest(digest) - } - - /// A wrapper to call the C function `crypto_digest_add_bytes`. - /// - /// # Inputs - /// - /// * `bytes`: a byte slice of bytes to be added into this digest. - /// - /// # C_RUST_COUPLED - /// - /// * `crypto_digest_add_bytes` - pub fn add_bytes(&self, bytes: &[u8]) { - unsafe { - crypto_digest_add_bytes( - self.0 as *mut crypto_digest_t, - bytes.as_ptr() as *const c_char, - bytes.len() as size_t, - ) - } - } -} - -impl Drop for CryptoDigest { - fn drop(&mut self) { - unsafe { - crypto_digest_free_(self.0 as *mut crypto_digest_t); - } - } -} - -/// Get the 256-bit digest output of a `crypto_digest_t`. -/// -/// # Inputs -/// -/// * `digest`: A `CryptoDigest` which wraps either a `DIGEST_SHA256` or a -/// `DIGEST_SHA3_256`. -/// -/// # Warning -/// -/// Calling this function with a `CryptoDigest` which is neither SHA2-256 or -/// SHA3-256 is a programming error. Since we cannot introspect the opaque -/// struct from Rust, however, there is no way for us to check that the correct -/// one is being passed in. That is up to you, dear programmer. If you mess -/// up, you will get a incorrectly-sized hash digest in return, and it will be -/// your fault. Don't do that. -/// -/// # Returns -/// -/// A 256-bit hash digest, as a `[u8; 32]`. -/// -/// # C_RUST_COUPLED -/// -/// * `crypto_digest_get_digest` -/// * `DIGEST256_LEN` -// -// FIXME: Once const generics land in Rust, we should genericise calling -// crypto_digest_get_digest w.r.t. output array size. -pub fn get_256_bit_digest(digest: CryptoDigest) -> [u8; DIGEST256_LEN] { - let mut buffer: [u8; DIGEST256_LEN] = [0u8; DIGEST256_LEN]; - - unsafe { - crypto_digest_get_digest( - digest.0, - buffer.as_mut_ptr() as *mut c_char, - DIGEST256_LEN as size_t, - ); - - if buffer.as_ptr().is_null() { - abort(); - } - } - buffer -} - -/// Get the 512-bit digest output of a `crypto_digest_t`. -/// -/// # Inputs -/// -/// * `digest`: A `CryptoDigest` which wraps either a `DIGEST_SHA512` or a -/// `DIGEST_SHA3_512`. -/// -/// # Warning -/// -/// Calling this function with a `CryptoDigest` which is neither SHA2-512 or -/// SHA3-512 is a programming error. Since we cannot introspect the opaque -/// struct from Rust, however, there is no way for us to check that the correct -/// one is being passed in. That is up to you, dear programmer. If you mess -/// up, you will get a incorrectly-sized hash digest in return, and it will be -/// your fault. Don't do that. -/// -/// # Returns -/// -/// A 512-bit hash digest, as a `[u8; 64]`. -/// -/// # C_RUST_COUPLED -/// -/// * `crypto_digest_get_digest` -/// * `DIGEST512_LEN` -// -// FIXME: Once const generics land in Rust, we should genericise calling -// crypto_digest_get_digest w.r.t. output array size. -pub fn get_512_bit_digest(digest: CryptoDigest) -> [u8; DIGEST512_LEN] { - let mut buffer: [u8; DIGEST512_LEN] = [0u8; DIGEST512_LEN]; - - unsafe { - crypto_digest_get_digest( - digest.0, - buffer.as_mut_ptr() as *mut c_char, - DIGEST512_LEN as size_t, - ); - - if buffer.as_ptr().is_null() { - abort(); - } - } - buffer -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_layout_common_digests_t() { - assert_eq!( - ::std::mem::size_of::<common_digests_t>(), - 64usize, - concat!("Size of: ", stringify!(common_digests_t)) - ); - assert_eq!( - ::std::mem::align_of::<common_digests_t>(), - 1usize, - concat!("Alignment of ", stringify!(common_digests_t)) - ); - } - - #[test] - fn test_layout_crypto_digest_t() { - assert_eq!( - ::std::mem::size_of::<crypto_digest_t>(), - 0usize, - concat!("Size of: ", stringify!(crypto_digest_t)) - ); - assert_eq!( - ::std::mem::align_of::<crypto_digest_t>(), - 1usize, - concat!("Alignment of ", stringify!(crypto_digest_t)) - ); - } -} diff --git a/src/rust/external/crypto_rand.rs b/src/rust/external/crypto_rand.rs deleted file mode 100644 index 703382093c..0000000000 --- a/src/rust/external/crypto_rand.rs +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright (c) 2018-2019, The Tor Project, Inc. -// Copyright (c) 2018, isis agora lovecruft -// See LICENSE for licensing information - -//! Bindings to external (P)RNG interfaces and utilities in -//! src/common/crypto_rand.[ch]. -//! -//! We wrap our C implementations in src/common/crypto_rand.[ch] here in order -//! to provide wrappers with native Rust types, and then provide more Rusty -//! types and and trait implementations in src/rust/crypto/rand/. - -use std::time::Duration; - -use libc::c_double; -use libc::c_int; -use libc::size_t; -use libc::time_t; -use libc::uint8_t; - -extern "C" { - fn crypto_seed_rng() -> c_int; - fn crypto_rand(out: *mut uint8_t, out_len: size_t); - fn crypto_strongest_rand(out: *mut uint8_t, out_len: size_t); - fn crypto_rand_time_range(min: time_t, max: time_t) -> time_t; - fn crypto_rand_double() -> c_double; -} - -/// Seed OpenSSL's random number generator with bytes from the operating -/// system. -/// -/// # Returns -/// -/// `true` on success; `false` on failure. -pub fn c_tor_crypto_seed_rng() -> bool { - let ret: c_int; - - unsafe { - ret = crypto_seed_rng(); - } - match ret { - 0 => return true, - _ => return false, - } -} - -/// Fill the bytes of `dest` with random data. -pub fn c_tor_crypto_rand(dest: &mut [u8]) { - unsafe { - crypto_rand(dest.as_mut_ptr(), dest.len() as size_t); - } -} - -/// Fill the bytes of `dest` with "strong" random data by hashing -/// together randomness obtained from OpenSSL's RNG and the operating -/// system. -pub fn c_tor_crypto_strongest_rand(dest: &mut [u8]) { - // We'll let the C side panic if the len is larger than - // MAX_STRONGEST_RAND_SIZE, rather than potentially panicking here. A - // paranoid caller should assert on the length of dest *before* calling this - // function. - unsafe { - crypto_strongest_rand(dest.as_mut_ptr(), dest.len() as size_t); - } -} - -/// Get a random time, in seconds since the Unix Epoch. -/// -/// # Returns -/// -/// A `std::time::Duration` of seconds since the Unix Epoch. -pub fn c_tor_crypto_rand_time_range(min: &Duration, max: &Duration) -> Duration { - let ret: time_t; - - unsafe { - ret = crypto_rand_time_range(min.as_secs() as time_t, max.as_secs() as time_t); - } - - Duration::from_secs(ret as u64) -} - -/// Return a pseudorandom 64-bit float, chosen uniformly from the range [0.0, 1.0). -pub fn c_tor_crypto_rand_double() -> f64 { - unsafe { crypto_rand_double() } -} diff --git a/src/rust/external/external.rs b/src/rust/external/external.rs deleted file mode 100644 index 0d324c8820..0000000000 --- a/src/rust/external/external.rs +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -use libc::{c_char, c_int}; -use std::ffi::CString; - -extern "C" { - fn tor_version_as_new_as(platform: *const c_char, cutoff: *const c_char) -> c_int; -} - -/// Wrap calls to tor_version_as_new_as, defined in routerparse.c -pub fn c_tor_version_as_new_as(platform: &str, cutoff: &str) -> bool { - // CHK: These functions should log a warning if an error occurs. This - // can be added when integration with tor's logger is added to rust - let c_platform = match CString::new(platform) { - Ok(n) => n, - Err(_) => return false, - }; - - let c_cutoff = match CString::new(cutoff) { - Ok(n) => n, - Err(_) => return false, - }; - - let result: c_int = unsafe { tor_version_as_new_as(c_platform.as_ptr(), c_cutoff.as_ptr()) }; - - result == 1 -} - -extern "C" { - fn tor_is_using_nss() -> c_int; -} - -/// Return true if Tor was built to use NSS. -pub fn c_tor_is_using_nss() -> bool { - 0 != unsafe { tor_is_using_nss() } -} diff --git a/src/rust/external/lib.rs b/src/rust/external/lib.rs deleted file mode 100644 index 2f50610a4d..0000000000 --- a/src/rust/external/lib.rs +++ /dev/null @@ -1,19 +0,0 @@ -//! Copyright (c) 2016-2019, The Tor Project, Inc. */ -//! See LICENSE for licensing information */ - -//! Interface for external calls to tor C ABI -//! -//! The purpose of this module is to provide a clean interface for when Rust -//! modules need to interact with functionality in tor C code rather than each -//! module implementing this functionality repeatedly. - -extern crate libc; -extern crate tor_allocate; -extern crate smartlist; - -pub mod crypto_digest; -mod crypto_rand; -mod external; - -pub use crypto_rand::*; -pub use external::*; diff --git a/src/rust/include.am b/src/rust/include.am deleted file mode 100644 index 5e5b0b3faf..0000000000 --- a/src/rust/include.am +++ /dev/null @@ -1,41 +0,0 @@ -include src/rust/tor_rust/include.am - -EXTRA_DIST +=\ - src/rust/build.rs \ - src/rust/Cargo.toml \ - src/rust/Cargo.lock \ - src/rust/.cargo/config.in \ - src/rust/crypto/Cargo.toml \ - src/rust/crypto/lib.rs \ - src/rust/crypto/digests/mod.rs \ - src/rust/crypto/digests/sha2.rs \ - src/rust/crypto/rand/mod.rs \ - src/rust/crypto/rand/rng.rs \ - src/rust/external/Cargo.toml \ - src/rust/external/crypto_digest.rs \ - src/rust/external/crypto_rand.rs \ - src/rust/external/external.rs \ - src/rust/external/lib.rs \ - src/rust/protover/Cargo.toml \ - src/rust/protover/errors.rs \ - src/rust/protover/protoset.rs \ - src/rust/protover/ffi.rs \ - src/rust/protover/lib.rs \ - src/rust/protover/protover.rs \ - src/rust/protover/tests/protover.rs \ - src/rust/smartlist/Cargo.toml \ - src/rust/smartlist/lib.rs \ - src/rust/smartlist/smartlist.rs \ - src/rust/tor_allocate/Cargo.toml \ - src/rust/tor_allocate/lib.rs \ - src/rust/tor_allocate/tor_allocate.rs \ - src/rust/tor_log/Cargo.toml \ - src/rust/tor_log/lib.rs \ - src/rust/tor_log/tor_log.rs \ - src/rust/tor_rust/Cargo.toml \ - src/rust/tor_rust/include.am \ - src/rust/tor_rust/lib.rs \ - src/rust/tor_util/Cargo.toml \ - src/rust/tor_util/ffi.rs \ - src/rust/tor_util/lib.rs \ - src/rust/tor_util/strings.rs diff --git a/src/rust/protover/Cargo.toml b/src/rust/protover/Cargo.toml deleted file mode 100644 index 84a7c71c1a..0000000000 --- a/src/rust/protover/Cargo.toml +++ /dev/null @@ -1,33 +0,0 @@ -[package] -authors = ["The Tor Project"] -version = "0.0.1" -name = "protover" - -[features] -# We have to define a feature here because doctests don't get cfg(test), -# and we need to disable some C dependencies when running the doctests -# because of the various linker issues. See -# https://github.com/rust-lang/rust/issues/45599 -test_linking_hack = [] - -[dependencies] -libc = "=0.2.39" - -[dependencies.smartlist] -path = "../smartlist" - -[dependencies.external] -path = "../external" - -[dependencies.tor_util] -path = "../tor_util" - -[dependencies.tor_allocate] -path = "../tor_allocate" - -[dependencies.tor_log] -path = "../tor_log" - -[lib] -name = "protover" -path = "lib.rs" diff --git a/src/rust/protover/errors.rs b/src/rust/protover/errors.rs deleted file mode 100644 index 04397ac4fe..0000000000 --- a/src/rust/protover/errors.rs +++ /dev/null @@ -1,57 +0,0 @@ -// Copyright (c) 2018-2019, The Tor Project, Inc. -// Copyright (c) 2018, isis agora lovecruft -// See LICENSE for licensing information - -//! Various errors which may occur during protocol version parsing. - -use std::fmt; -use std::fmt::Display; - -/// All errors which may occur during protover parsing routines. -#[derive(Clone, Copy, Debug, Eq, PartialEq, Hash)] -#[allow(missing_docs)] // See Display impl for error descriptions -pub enum ProtoverError { - Overlap, - LowGreaterThanHigh, - Unparseable, - ExceedsMax, - ExceedsExpansionLimit, - UnknownProtocol, - ExceedsNameLimit, - InvalidProtocol, -} - -/// Descriptive error messages for `ProtoverError` variants. -impl Display for ProtoverError { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - match *self { - ProtoverError::Overlap => write!( - f, - "Two or more (low, high) protover ranges would overlap once expanded." - ), - ProtoverError::LowGreaterThanHigh => write!( - f, - "The low in a (low, high) protover range was greater than high." - ), - ProtoverError::Unparseable => write!(f, "The protover string was unparseable."), - ProtoverError::ExceedsMax => write!( - f, - "The high in a (low, high) protover range exceeds 63." - ), - ProtoverError::ExceedsExpansionLimit => write!( - f, - "The protover string would exceed the maximum expansion limit." - ), - ProtoverError::UnknownProtocol => write!( - f, - "A protocol in the protover string we attempted to parse is unknown." - ), - ProtoverError::ExceedsNameLimit => { - write!(f, "An unrecognised protocol name was too long.") - } - ProtoverError::InvalidProtocol => { - write!(f, "A protocol name includes invalid characters.") - } - } - } -} diff --git a/src/rust/protover/ffi.rs b/src/rust/protover/ffi.rs deleted file mode 100644 index 2bf8d3a987..0000000000 --- a/src/rust/protover/ffi.rs +++ /dev/null @@ -1,247 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -//! FFI functions, only to be called from C. -//! -//! Equivalent C versions of this api are in `protover.c` - -use libc::{c_char, c_int, uint32_t}; -use std::ffi::CStr; - -use smartlist::*; -use tor_allocate::allocate_and_copy_string; - -use errors::ProtoverError; -use protover::*; - -/// Translate C enums to Rust Proto enums, using the integer value of the C -/// enum to map to its associated Rust enum. -/// -/// C_RUST_COUPLED: protover.h `protocol_type_t` -fn translate_to_rust(c_proto: uint32_t) -> Result<Protocol, ProtoverError> { - match c_proto { - 0 => Ok(Protocol::Link), - 1 => Ok(Protocol::LinkAuth), - 2 => Ok(Protocol::Relay), - 3 => Ok(Protocol::DirCache), - 4 => Ok(Protocol::HSDir), - 5 => Ok(Protocol::HSIntro), - 6 => Ok(Protocol::HSRend), - 7 => Ok(Protocol::Desc), - 8 => Ok(Protocol::Microdesc), - 9 => Ok(Protocol::Cons), - 10 => Ok(Protocol::Padding), - 11 => Ok(Protocol::FlowCtrl), - _ => Err(ProtoverError::UnknownProtocol), - } -} - -/// Provide an interface for C to translate arguments and return types for -/// protover::all_supported -#[no_mangle] -pub extern "C" fn protover_all_supported( - c_relay_version: *const c_char, - missing_out: *mut *mut c_char, -) -> c_int { - if c_relay_version.is_null() { - return 1; - } - - // Require an unsafe block to read the version from a C string. The pointer - // is checked above to ensure it is not null. - let c_str: &CStr = unsafe { CStr::from_ptr(c_relay_version) }; - - let relay_version = match c_str.to_str() { - Ok(n) => n, - Err(_) => return 1, - }; - - let relay_proto_entry: UnvalidatedProtoEntry = - match UnvalidatedProtoEntry::from_str_any_len(relay_version) { - Ok(n) => n, - Err(_) => return 1, - }; - - if let Some(unsupported) = relay_proto_entry.all_supported() { - if missing_out.is_null() { - return 0; - } - let ptr = allocate_and_copy_string(&unsupported.to_string()); - unsafe { *missing_out = ptr }; - - return 0; - } - - 1 -} - -/// Provide an interface for C to translate arguments and return types for -/// protover::list_supports_protocol -#[no_mangle] -pub extern "C" fn protocol_list_supports_protocol( - c_protocol_list: *const c_char, - c_protocol: uint32_t, - version: uint32_t, -) -> c_int { - if c_protocol_list.is_null() { - return 0; - } - - // Require an unsafe block to read the version from a C string. The pointer - // is checked above to ensure it is not null. - let c_str: &CStr = unsafe { CStr::from_ptr(c_protocol_list) }; - - let protocol_list = match c_str.to_str() { - Ok(n) => n, - Err(_) => return 0, - }; - let proto_entry: UnvalidatedProtoEntry = match protocol_list.parse() { - Ok(n) => n, - Err(_) => return 0, - }; - let protocol: UnknownProtocol = match translate_to_rust(c_protocol) { - Ok(n) => n.into(), - Err(_) => return 0, - }; - if proto_entry.supports_protocol(&protocol, &version) { - 1 - } else { - 0 - } -} - -#[no_mangle] -pub extern "C" fn protover_contains_long_protocol_names_(c_protocol_list: *const c_char) -> c_int { - if c_protocol_list.is_null() { - return 1; - } - - // Require an unsafe block to read the version from a C string. The pointer - // is checked above to ensure it is not null. - let c_str: &CStr = unsafe { CStr::from_ptr(c_protocol_list) }; - - let protocol_list = match c_str.to_str() { - Ok(n) => n, - Err(_) => return 1, - }; - - match protocol_list.parse::<UnvalidatedProtoEntry>() { - Ok(_) => 0, - Err(_) => 1, - } -} - -/// Provide an interface for C to translate arguments and return types for -/// protover::list_supports_protocol_or_later -#[no_mangle] -pub extern "C" fn protocol_list_supports_protocol_or_later( - c_protocol_list: *const c_char, - c_protocol: uint32_t, - version: uint32_t, -) -> c_int { - if c_protocol_list.is_null() { - return 0; - } - - // Require an unsafe block to read the version from a C string. The pointer - // is checked above to ensure it is not null. - let c_str: &CStr = unsafe { CStr::from_ptr(c_protocol_list) }; - - let protocol_list = match c_str.to_str() { - Ok(n) => n, - Err(_) => return 0, - }; - - let protocol = match translate_to_rust(c_protocol) { - Ok(n) => n, - Err(_) => return 0, - }; - - let proto_entry: UnvalidatedProtoEntry = match protocol_list.parse() { - Ok(n) => n, - Err(_) => return 0, - }; - - if proto_entry.supports_protocol_or_later(&protocol.into(), &version) { - return 1; - } - 0 -} - -/// Provide an interface for C to translate arguments and return types for -/// protover::get_supported_protocols -#[no_mangle] -pub extern "C" fn protover_get_supported_protocols() -> *const c_char { - let supported: &'static CStr; - - supported = get_supported_protocols_cstr(); - supported.as_ptr() -} - -/// Provide an interface for C to translate arguments and return types for -/// protover::compute_vote -// -// Why is the threshold a signed integer? —isis -#[no_mangle] -pub extern "C" fn protover_compute_vote(list: *const Stringlist, threshold: c_int) -> *mut c_char { - if list.is_null() { - return allocate_and_copy_string(""); - } - - // Dereference of raw pointer requires an unsafe block. The pointer is - // checked above to ensure it is not null. - let data: Vec<String> = unsafe { (*list).get_list() }; - let hold: usize = threshold as usize; - let mut proto_entries: Vec<UnvalidatedProtoEntry> = Vec::new(); - - for datum in data { - let entry: UnvalidatedProtoEntry = match datum.parse() { - Ok(n) => n, - Err(_) => continue, - }; - proto_entries.push(entry); - } - let vote: UnvalidatedProtoEntry = ProtoverVote::compute(&proto_entries, &hold); - - allocate_and_copy_string(&vote.to_string()) -} - -/// Provide an interface for C to translate arguments and return types for -/// protover::is_supported_here -#[no_mangle] -pub extern "C" fn protover_is_supported_here(c_protocol: uint32_t, version: uint32_t) -> c_int { - let protocol = match translate_to_rust(c_protocol) { - Ok(n) => n, - Err(_) => return 0, - }; - - let is_supported = is_supported_here(&protocol, &version); - - return if is_supported { 1 } else { 0 }; -} - -/// Provide an interface for C to translate arguments and return types for -/// protover::compute_for_old_tor -#[no_mangle] -pub extern "C" fn protover_compute_for_old_tor(version: *const c_char) -> *const c_char { - let supported: &'static CStr; - let empty: &'static CStr; - - empty = cstr!(""); - - if version.is_null() { - return empty.as_ptr(); - } - - // Require an unsafe block to read the version from a C string. The pointer - // is checked above to ensure it is not null. - let c_str: &CStr = unsafe { CStr::from_ptr(version) }; - - let version = match c_str.to_str() { - Ok(n) => n, - Err(_) => return empty.as_ptr(), - }; - - supported = compute_for_old_tor_cstr(&version); - supported.as_ptr() -} diff --git a/src/rust/protover/lib.rs b/src/rust/protover/lib.rs deleted file mode 100644 index 35c4106ae5..0000000000 --- a/src/rust/protover/lib.rs +++ /dev/null @@ -1,40 +0,0 @@ -//! Copyright (c) 2016-2019, The Tor Project, Inc. */ -//! See LICENSE for licensing information */ - -//! Versioning information for different pieces of the Tor protocol. -//! -//! The below description is taken from src/rust/protover.c, which is currently -//! enabled by default. We are in the process of experimenting with Rust in -//! tor, and this protover module is implemented to help achieve this goal. -//! -//! Starting in version 0.2.9.3-alpha, Tor places separate version numbers on -//! each of the different components of its protocol. Relays use these numbers -//! to advertise what versions of the protocols they can support, and clients -//! use them to find what they can ask a given relay to do. Authorities vote -//! on the supported protocol versions for each relay, and also vote on the -//! which protocols you should have to support in order to be on the Tor -//! network. All Tor instances use these required/recommended protocol versions -//! to tell what level of support for recent protocols each relay has, and -//! to decide whether they should be running given their current protocols. -//! -//! The main advantage of these protocol versions numbers over using Tor -//! version numbers is that they allow different implementations of the Tor -//! protocols to develop independently, without having to claim compatibility -//! with specific versions of Tor. - -// XXX: add missing docs -//#![deny(missing_docs)] - -extern crate external; -extern crate libc; -extern crate smartlist; -extern crate tor_allocate; -#[macro_use] -extern crate tor_util; - -pub mod errors; -pub mod ffi; -pub mod protoset; -mod protover; - -pub use protover::*; diff --git a/src/rust/protover/protoset.rs b/src/rust/protover/protoset.rs deleted file mode 100644 index 0ab94457c5..0000000000 --- a/src/rust/protover/protoset.rs +++ /dev/null @@ -1,697 +0,0 @@ -// Copyright (c) 2018-2019, The Tor Project, Inc. -// Copyright (c) 2018, isis agora lovecruft -// See LICENSE for licensing information - -//! Sets for lazily storing ordered, non-overlapping ranges of integers. - -use std::cmp; -use std::iter; -use std::slice; -use std::str::FromStr; -use std::u32; - -use errors::ProtoverError; - -/// A single version number. -pub type Version = u32; - -/// A `ProtoSet` stores an ordered `Vec<T>` of `(low, high)` pairs of ranges of -/// non-overlapping protocol versions. -/// -/// # Examples -/// -/// ``` -/// use std::str::FromStr; -/// -/// use protover::errors::ProtoverError; -/// use protover::protoset::ProtoSet; -/// use protover::protoset::Version; -/// -/// # fn do_test() -> Result<ProtoSet, ProtoverError> { -/// let protoset: ProtoSet = ProtoSet::from_str("3-5,8")?; -/// -/// // We could also equivalently call: -/// let protoset: ProtoSet = "3-5,8".parse()?; -/// -/// assert!(protoset.contains(&4)); -/// assert!(!protoset.contains(&7)); -/// -/// let expanded: Vec<Version> = protoset.clone().into(); -/// -/// assert_eq!(&expanded[..], &[3, 4, 5, 8]); -/// -/// let contracted: String = protoset.clone().to_string(); -/// -/// assert_eq!(contracted, "3-5,8".to_string()); -/// # Ok(protoset) -/// # } -/// # fn main() { do_test(); } // wrap the test so we can use the ? operator -#[derive(Clone, Debug, Eq, PartialEq, Hash)] -pub struct ProtoSet { - pub(crate) pairs: Vec<(Version, Version)>, -} - -impl Default for ProtoSet { - fn default() -> Self { - let pairs: Vec<(Version, Version)> = Vec::new(); - - ProtoSet { pairs } - } -} - -impl<'a> ProtoSet { - /// Create a new `ProtoSet` from a slice of `(low, high)` pairs. - /// - /// # Inputs - /// - /// We do not assume the input pairs are deduplicated or ordered. - pub fn from_slice(low_high_pairs: &'a [(Version, Version)]) -> Result<Self, ProtoverError> { - let mut pairs: Vec<(Version, Version)> = Vec::with_capacity(low_high_pairs.len()); - - for &(low, high) in low_high_pairs { - pairs.push((low, high)); - } - // Sort the pairs without reallocation and remove all duplicate pairs. - pairs.sort_unstable(); - pairs.dedup(); - - ProtoSet { pairs }.is_ok() - } -} - -/// Expand this `ProtoSet` to a `Vec` of all its `Version`s. -/// -/// # Examples -/// -/// ``` -/// use std::str::FromStr; -/// use protover::protoset::ProtoSet; -/// use protover::protoset::Version; -/// # use protover::errors::ProtoverError; -/// -/// # fn do_test() -> Result<Vec<Version>, ProtoverError> { -/// let protoset: ProtoSet = ProtoSet::from_str("3-5,21")?; -/// let versions: Vec<Version> = protoset.into(); -/// -/// assert_eq!(&versions[..], &[3, 4, 5, 21]); -/// # -/// # Ok(versions) -/// # } -/// # fn main() { do_test(); } // wrap the test so we can use the ? operator -/// ``` -impl Into<Vec<Version>> for ProtoSet { - fn into(self) -> Vec<Version> { - let mut versions: Vec<Version> = Vec::new(); - - for &(low, high) in self.iter() { - versions.extend(low..high + 1); - } - versions - } -} - -impl ProtoSet { - /// Get an iterator over the `(low, high)` `pairs` in this `ProtoSet`. - pub fn iter(&self) -> slice::Iter<(Version, Version)> { - self.pairs.iter() - } - - /// Expand this `ProtoSet` into a `Vec` of all its `Version`s. - /// - /// # Examples - /// - /// ``` - /// # use protover::errors::ProtoverError; - /// use protover::protoset::ProtoSet; - /// - /// # fn do_test() -> Result<bool, ProtoverError> { - /// let protoset: ProtoSet = "3-5,9".parse()?; - /// - /// assert_eq!(protoset.expand(), vec![3, 4, 5, 9]); - /// - /// let protoset: ProtoSet = "1,3,5-7".parse()?; - /// - /// assert_eq!(protoset.expand(), vec![1, 3, 5, 6, 7]); - /// # - /// # Ok(true) - /// # } - /// # fn main() { do_test(); } // wrap the test so we can use the ? operator - /// ``` - pub fn expand(self) -> Vec<Version> { - self.into() - } - - pub fn len(&self) -> usize { - let mut length: usize = 0; - - for &(low, high) in self.iter() { - length += (high as usize - low as usize) + 1; - } - - length - } - - /// Check that this `ProtoSet` is well-formed. - /// - /// This is automatically called in `ProtoSet::from_str()`. - /// - /// # Errors - /// - /// * `ProtoverError::LowGreaterThanHigh`: if its `pairs` were not - /// well-formed, i.e. a `low` in a `(low, high)` was higher than the - /// previous `high`, - /// * `ProtoverError::Overlap`: if one or more of the `pairs` are - /// overlapping, - /// * `ProtoverError::ExceedsMax`: if the number of versions when expanded - /// would exceed `MAX_PROTOCOLS_TO_EXPAND`, and - /// - /// # Returns - /// - /// A `Result` whose `Ok` is this `Protoset`, and whose `Err` is one of the - /// errors enumerated in the Errors section above. - fn is_ok(self) -> Result<ProtoSet, ProtoverError> { - let mut last_high: Version = 0; - - for &(low, high) in self.iter() { - if low == u32::MAX || high == u32::MAX { - return Err(ProtoverError::ExceedsMax); - } - if low <= last_high { - return Err(ProtoverError::Overlap); - } else if low > high { - return Err(ProtoverError::LowGreaterThanHigh); - } - last_high = high; - } - - Ok(self) - } - - /// Determine if this `ProtoSet` contains no `Version`s. - /// - /// # Returns - /// - /// * `true` if this `ProtoSet`'s length is zero, and - /// * `false` otherwise. - /// - /// # Examples - /// - /// ``` - /// use protover::protoset::ProtoSet; - /// - /// let protoset: ProtoSet = ProtoSet::default(); - /// - /// assert!(protoset.is_empty()); - /// ``` - pub fn is_empty(&self) -> bool { - self.pairs.len() == 0 - } - - /// Determine if `version` is included within this `ProtoSet`. - /// - /// # Inputs - /// - /// * `version`: a `Version`. - /// - /// # Returns - /// - /// `true` if the `version` is contained within this set; `false` otherwise. - /// - /// # Examples - /// - /// ``` - /// # use protover::errors::ProtoverError; - /// use protover::protoset::ProtoSet; - /// - /// # fn do_test() -> Result<ProtoSet, ProtoverError> { - /// let protoset: ProtoSet = ProtoSet::from_slice(&[(0, 5), (7, 9), (13, 14)])?; - /// - /// assert!(protoset.contains(&5)); - /// assert!(!protoset.contains(&10)); - /// # - /// # Ok(protoset) - /// # } - /// # fn main() { do_test(); } // wrap the test so we can use the ? operator - /// ``` - pub fn contains(&self, version: &Version) -> bool { - for &(low, high) in self.iter() { - if low <= *version && *version <= high { - return true; - } - } - false - } - - /// Returns all the `Version`s in `self` which are not also in the `other` - /// `ProtoSet`. - /// - /// # Examples - /// - /// ``` - /// # use protover::errors::ProtoverError; - /// use protover::protoset::ProtoSet; - /// - /// # fn do_test() -> Result<bool, ProtoverError> { - /// let protoset: ProtoSet = "1,3-6,10-12,15-16".parse()?; - /// let other: ProtoSet = "2,5-7,9-11,14-20".parse()?; - /// - /// let subset: ProtoSet = protoset.and_not_in(&other); - /// - /// assert_eq!(subset.expand(), vec![1, 3, 4, 12]); - /// # - /// # Ok(true) - /// # } - /// # fn main() { do_test(); } // wrap the test so we can use the ? operator - /// ``` - pub fn and_not_in(&self, other: &Self) -> Self { - if self.is_empty() || other.is_empty() { - return self.clone(); - } - - let pairs = self.iter().flat_map(|&(lo, hi)| { - let the_end = (hi + 1, hi + 1); // special case to mark the end of the range. - let excluded_ranges = other - .iter() - .cloned() // have to be owned tuples, to match iter::once(the_end). - .skip_while(move|&(_, hi2)| hi2 < lo) // skip the non-overlapping ranges. - .take_while(move|&(lo2, _)| lo2 <= hi) // take all the overlapping ones. - .chain(iter::once(the_end)); - - let mut nextlo = lo; - excluded_ranges.filter_map(move |(excluded_lo, excluded_hi)| { - let pair = if nextlo < excluded_lo { - Some((nextlo, excluded_lo - 1)) - } else { - None - }; - nextlo = cmp::min(excluded_hi, u32::MAX - 1) + 1; - pair - }) - }); - - let pairs = pairs.collect(); - ProtoSet::is_ok(ProtoSet { pairs }).expect("should be already sorted") - } -} - -/// Largest allowed protocol version. -/// C_RUST_COUPLED: protover.c `MAX_PROTOCOL_VERSION` -const MAX_PROTOCOL_VERSION: Version = 63; - -impl FromStr for ProtoSet { - type Err = ProtoverError; - - /// Parse the unique version numbers supported by a subprotocol from a string. - /// - /// # Inputs - /// - /// * `version_string`, a string comprised of "[0-9,-]" - /// - /// # Returns - /// - /// A `Result` whose `Ok` value is a `ProtoSet` holding all of the unique - /// version numbers. - /// - /// The returned `Result`'s `Err` value is an `ProtoverError` appropriate to - /// the error. - /// - /// # Errors - /// - /// This function will error if: - /// - /// * the `version_string` is an equals (`"="`) sign, - /// * the expansion of a version range produces an error (see - /// `expand_version_range`), - /// * any single version number is not parseable as an `u32` in radix 10, or - /// * there are greater than 2^16 version numbers to expand. - /// - /// # Examples - /// - /// ``` - /// use std::str::FromStr; - /// - /// use protover::errors::ProtoverError; - /// use protover::protoset::ProtoSet; - /// - /// # fn do_test() -> Result<ProtoSet, ProtoverError> { - /// let protoset: ProtoSet = ProtoSet::from_str("2-5,8")?; - /// - /// assert!(protoset.contains(&5)); - /// assert!(!protoset.contains(&10)); - /// - /// // We can also equivalently call `ProtoSet::from_str` by doing (all - /// // implementations of `FromStr` can be called this way, this one isn't - /// // special): - /// let protoset: ProtoSet = "4-6,12".parse()?; - /// - /// // Calling it (either way) can take really large ranges (up to `u32::MAX`): - /// let protoset: ProtoSet = "1-70000".parse()?; - /// let protoset: ProtoSet = "1-4294967296".parse()?; - /// - /// // There are lots of ways to get an `Err` from this function. Here are - /// // a few: - /// assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("=")); - /// assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("-")); - /// assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("not_an_int")); - /// assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("3-")); - /// assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1-,4")); - /// - /// // An empty string is, however, legal, and results in an - /// // empty `ProtoSet`: - /// assert_eq!(Ok(ProtoSet::default()), ProtoSet::from_str("")); - /// # - /// # Ok(protoset) - /// # } - /// # fn main() { do_test(); } // wrap the test so we can use the ? operator - /// ``` - fn from_str(version_string: &str) -> Result<Self, Self::Err> { - // If we were passed in an empty string, then return an empty ProtoSet. - if version_string.is_empty() { - return Ok(Self::default()); - } - - let mut pairs: Vec<(Version, Version)> = Vec::new(); - let pieces: ::std::str::Split<char> = version_string.split(','); - - for p in pieces { - let (lo,hi) = if p.contains('-') { - let mut pair = p.splitn(2, '-'); - - let low = pair.next().ok_or(ProtoverError::Unparseable)?; - let high = pair.next().ok_or(ProtoverError::Unparseable)?; - - let lo: Version = low.parse().or(Err(ProtoverError::Unparseable))?; - let hi: Version = high.parse().or(Err(ProtoverError::Unparseable))?; - - (lo,hi) - } else { - let v: u32 = p.parse().or(Err(ProtoverError::Unparseable))?; - - (v, v) - }; - - if lo > MAX_PROTOCOL_VERSION || hi > MAX_PROTOCOL_VERSION { - return Err(ProtoverError::ExceedsMax); - } - pairs.push((lo, hi)); - } - - ProtoSet::from_slice(&pairs[..]) - } -} - -impl ToString for ProtoSet { - /// Contracts a `ProtoSet` of versions into a string. - /// - /// # Returns - /// - /// A `String` representation of this `ProtoSet` in ascending order. - fn to_string(&self) -> String { - let mut final_output: Vec<String> = Vec::new(); - - for &(lo, hi) in self.iter() { - if lo != hi { - debug_assert!(lo < hi); - final_output.push(format!("{}-{}", lo, hi)); - } else { - final_output.push(format!("{}", lo)); - } - } - final_output.join(",") - } -} - -/// Checks to see if there is a continuous range of integers, starting at the -/// first in the list. Returns the last integer in the range if a range exists. -/// -/// # Inputs -/// -/// `list`, an ordered vector of `u32` integers of "[0-9,-]" representing the -/// supported versions for a single protocol. -/// -/// # Returns -/// -/// A `bool` indicating whether the list contains a range, starting at the first -/// in the list, a`Version` of the last integer in the range, and a `usize` of -/// the index of that version. -/// -/// For example, if given vec![1, 2, 3, 5], find_range will return true, -/// as there is a continuous range, and 3, which is the last number in the -/// continuous range, and 2 which is the index of 3. -fn find_range(list: &Vec<Version>) -> (bool, Version, usize) { - if list.len() == 0 { - return (false, 0, 0); - } - - let mut index: usize = 0; - let mut iterable = list.iter().peekable(); - let mut range_end = match iterable.next() { - Some(n) => *n, - None => return (false, 0, 0), - }; - - let mut has_range = false; - - while iterable.peek().is_some() { - let n = *iterable.next().unwrap(); - if n != range_end + 1 { - break; - } - - has_range = true; - range_end = n; - index += 1; - } - - (has_range, range_end, index) -} - -impl From<Vec<Version>> for ProtoSet { - fn from(mut v: Vec<Version>) -> ProtoSet { - let mut version_pairs: Vec<(Version, Version)> = Vec::new(); - - v.sort_unstable(); - v.dedup(); - - 'vector: while !v.is_empty() { - let (has_range, end, index): (bool, Version, usize) = find_range(&v); - - if has_range { - let first: Version = match v.first() { - Some(x) => *x, - None => continue, - }; - let last: Version = match v.get(index) { - Some(x) => *x, - None => continue, - }; - debug_assert!(last == end, format!("last = {}, end = {}", last, end)); - - version_pairs.push((first, last)); - v = v.split_off(index + 1); - - if v.len() == 0 { - break 'vector; - } - } else { - let last: Version = match v.get(index) { - Some(x) => *x, - None => continue, - }; - version_pairs.push((last, last)); - v.remove(index); - } - } - ProtoSet::from_slice(&version_pairs[..]).unwrap_or(ProtoSet::default()) - } -} - -#[cfg(test)] -mod test { - use super::*; - - #[test] - fn test_find_range() { - assert_eq!((false, 0, 0), find_range(&vec![])); - assert_eq!((false, 1, 0), find_range(&vec![1])); - assert_eq!((true, 2, 1), find_range(&vec![1, 2])); - assert_eq!((true, 3, 2), find_range(&vec![1, 2, 3])); - assert_eq!((true, 3, 2), find_range(&vec![1, 2, 3, 5])); - } - - macro_rules! assert_contains_each { - ($protoset:expr, $versions:expr) => { - for version in $versions { - assert!($protoset.contains(version)); - } - }; - } - - macro_rules! test_protoset_contains_versions { - ($list:expr, $str:expr) => { - let versions: &[Version] = $list; - let protoset: Result<ProtoSet, ProtoverError> = ProtoSet::from_str($str); - - assert!(protoset.is_ok()); - let p = protoset.unwrap(); - assert_contains_each!(p, versions); - }; - } - - #[test] - fn test_versions_from_str() { - test_protoset_contains_versions!(&[], ""); - test_protoset_contains_versions!(&[1], "1"); - test_protoset_contains_versions!(&[1, 2], "1,2"); - test_protoset_contains_versions!(&[1, 2, 3], "1-3"); - test_protoset_contains_versions!(&[1, 2, 5], "1-2,5"); - test_protoset_contains_versions!(&[1, 3, 4, 5], "1,3-5"); - test_protoset_contains_versions!(&[42, 55, 56, 57, 58], "42,55-58"); - } - - #[test] - fn test_versions_from_str_ab() { - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("a,b")); - } - - #[test] - fn test_versions_from_str_negative_1() { - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("-1")); - } - - #[test] - fn test_versions_from_str_commas() { - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str(",")); - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1,,2")); - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1,2,")); - } - - #[test] - fn test_versions_from_str_hyphens() { - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("--1")); - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("-1-2")); - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1--2")); - } - - #[test] - fn test_versions_from_str_triple() { - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1-2-3")); - } - - #[test] - fn test_versions_from_str_1exclam() { - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1,!")); - } - - #[test] - fn test_versions_from_str_percent_equal() { - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("%=")); - } - - #[test] - fn test_versions_from_str_whitespace() { - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1,2\n")); - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1\r,2")); - assert_eq!(Err(ProtoverError::Unparseable), ProtoSet::from_str("1,\t2")); - } - - #[test] - fn test_versions_from_str_overlap() { - assert_eq!(Err(ProtoverError::Overlap), ProtoSet::from_str("1-3,2-4")); - } - - #[test] - fn test_versions_from_slice_overlap() { - assert_eq!( - Err(ProtoverError::Overlap), - ProtoSet::from_slice(&[(1, 3), (2, 4)]) - ); - } - - #[test] - fn test_versions_from_str_max() { - assert_eq!( - Err(ProtoverError::ExceedsMax), - ProtoSet::from_str("4294967295") - ); - } - - #[test] - fn test_versions_from_slice_max() { - assert_eq!( - Err(ProtoverError::ExceedsMax), - ProtoSet::from_slice(&[(4294967295, 4294967295)]) - ); - } - - #[test] - fn test_protoset_contains() { - let protoset: ProtoSet = ProtoSet::from_slice(&[(1, 5), (7, 9), (13, 14)]).unwrap(); - - for x in 1..6 { - assert!(protoset.contains(&x), format!("should contain {}", x)); - } - for x in 7..10 { - assert!(protoset.contains(&x), format!("should contain {}", x)); - } - for x in 13..15 { - assert!(protoset.contains(&x), format!("should contain {}", x)); - } - - for x in [6, 10, 11, 12, 15, 42, 43, 44, 45, 1234584].iter() { - assert!(!protoset.contains(&x), format!("should not contain {}", x)); - } - } - - #[test] - fn test_protoset_contains_1_3() { - let protoset: ProtoSet = ProtoSet::from_slice(&[(1, 3)]).unwrap(); - - for x in 1..4 { - assert!(protoset.contains(&x), format!("should contain {}", x)); - } - } - - macro_rules! assert_protoset_from_vec_contains_all { - ($($x:expr),*) => ( - let vec: Vec<Version> = vec!($($x),*); - let protoset: ProtoSet = vec.clone().into(); - - for x in vec.iter() { - assert!(protoset.contains(&x)); - } - ) - } - - #[test] - fn test_protoset_from_vec_123() { - assert_protoset_from_vec_contains_all!(1, 2, 3); - } - - #[test] - fn test_protoset_from_vec_1_315() { - assert_protoset_from_vec_contains_all!(1, 2, 3, 15); - } - - #[test] - fn test_protoset_from_vec_unordered() { - let v: Vec<Version> = vec![2, 3, 8, 4, 3, 9, 7, 2]; - let ps: ProtoSet = v.into(); - - assert_eq!(ps.to_string(), "2-4,7-9"); - } - - #[test] - fn test_protoset_into_vec() { - let ps: ProtoSet = "1-13,42".parse().unwrap(); - let v: Vec<Version> = ps.into(); - - assert!(v.contains(&7)); - assert!(v.contains(&42)); - } -} - -#[cfg(all(test, feature = "bench"))] -mod bench { - use super::*; -} diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs deleted file mode 100644 index da87509ffa..0000000000 --- a/src/rust/protover/protover.rs +++ /dev/null @@ -1,984 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -use std::collections::hash_map; -use std::collections::HashMap; -use std::ffi::CStr; -use std::fmt; -use std::str; -use std::str::FromStr; -use std::string::String; - -use external::c_tor_version_as_new_as; - -use errors::ProtoverError; -use protoset::ProtoSet; -use protoset::Version; - -/// The first version of Tor that included "proto" entries in its descriptors. -/// Authorities should use this to decide whether to guess proto lines. -/// -/// C_RUST_COUPLED: -/// protover.h `FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS` -const FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS: &'static str = "0.2.9.3-alpha"; - -/// The maximum number of subprotocol version numbers we will attempt to expand -/// before concluding that someone is trying to DoS us -/// -/// C_RUST_COUPLED: protover.c `MAX_PROTOCOLS_TO_EXPAND` -const MAX_PROTOCOLS_TO_EXPAND: usize = 1 << 16; - -/// The maximum size an `UnknownProtocol`'s name may be. -pub(crate) const MAX_PROTOCOL_NAME_LENGTH: usize = 100; - -/// Known subprotocols in Tor. Indicates which subprotocol a relay supports. -/// -/// C_RUST_COUPLED: protover.h `protocol_type_t` -#[derive(Clone, Hash, Eq, PartialEq, Debug)] -pub enum Protocol { - Cons, - Desc, - DirCache, - HSDir, - HSIntro, - HSRend, - Link, - LinkAuth, - Microdesc, - Relay, - Padding, - FlowCtrl, -} - -impl fmt::Display for Protocol { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{:?}", self) - } -} - -/// Translates a string representation of a protocol into a Proto type. -/// Error if the string is an unrecognized protocol name. -/// -/// C_RUST_COUPLED: protover.c `PROTOCOL_NAMES` -impl FromStr for Protocol { - type Err = ProtoverError; - - fn from_str(s: &str) -> Result<Self, Self::Err> { - match s { - "Cons" => Ok(Protocol::Cons), - "Desc" => Ok(Protocol::Desc), - "DirCache" => Ok(Protocol::DirCache), - "HSDir" => Ok(Protocol::HSDir), - "HSIntro" => Ok(Protocol::HSIntro), - "HSRend" => Ok(Protocol::HSRend), - "Link" => Ok(Protocol::Link), - "LinkAuth" => Ok(Protocol::LinkAuth), - "Microdesc" => Ok(Protocol::Microdesc), - "Relay" => Ok(Protocol::Relay), - "Padding" => Ok(Protocol::Padding), - "FlowCtrl" => Ok(Protocol::FlowCtrl), - _ => Err(ProtoverError::UnknownProtocol), - } - } -} - -/// A protocol string which is not one of the `Protocols` we currently know -/// about. -#[derive(Clone, Debug, Hash, Eq, PartialEq)] -pub struct UnknownProtocol(String); - -impl fmt::Display for UnknownProtocol { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", self.0) - } -} - -fn is_valid_proto(s: &str) -> bool { - s.chars().all(|c| c.is_ascii_alphanumeric() || c == '-') -} - -impl FromStr for UnknownProtocol { - type Err = ProtoverError; - - fn from_str(s: &str) -> Result<Self, Self::Err> { - if !is_valid_proto(s) { - Err(ProtoverError::InvalidProtocol) - } else if s.len() <= MAX_PROTOCOL_NAME_LENGTH { - Ok(UnknownProtocol(s.to_string())) - } else { - Err(ProtoverError::ExceedsNameLimit) - } - } -} - -impl UnknownProtocol { - /// Create an `UnknownProtocol`, ignoring whether or not it - /// exceeds MAX_PROTOCOL_NAME_LENGTH. - fn from_str_any_len(s: &str) -> Result<Self, ProtoverError> { - if !is_valid_proto(s) { - return Err(ProtoverError::InvalidProtocol); - } - Ok(UnknownProtocol(s.to_string())) - } -} - -impl From<Protocol> for UnknownProtocol { - fn from(p: Protocol) -> UnknownProtocol { - UnknownProtocol(p.to_string()) - } -} - -#[cfg(feature = "test_linking_hack")] -fn have_linkauth_v1() -> bool { - true -} - -#[cfg(not(feature = "test_linking_hack"))] -fn have_linkauth_v1() -> bool { - use external::c_tor_is_using_nss; - !c_tor_is_using_nss() -} - -/// Get a CStr representation of current supported protocols, for -/// passing to C, or for converting to a `&str` for Rust. -/// -/// # Returns -/// -/// An `&'static CStr` whose value is the existing protocols supported by tor. -/// Returned data is in the format as follows: -/// -/// "HSDir=1-1 LinkAuth=1" -/// -/// # Note -/// -/// Rust code can use the `&'static CStr` as a normal `&'a str` by -/// calling `protover::get_supported_protocols`. -/// -// C_RUST_COUPLED: protover.c `protover_get_supported_protocols` -pub(crate) fn get_supported_protocols_cstr() -> &'static CStr { - if !have_linkauth_v1() { - cstr!( - "Cons=1-2 \ - Desc=1-2 \ - DirCache=2 \ - FlowCtrl=1 \ - HSDir=1-2 \ - HSIntro=3-5 \ - HSRend=1-2 \ - Link=1-5 \ - LinkAuth=3 \ - Microdesc=1-2 \ - Padding=2 \ - Relay=1-3" - ) - } else { - cstr!( - "Cons=1-2 \ - Desc=1-2 \ - DirCache=2 \ - FlowCtrl=1 \ - HSDir=1-2 \ - HSIntro=3-5 \ - HSRend=1-2 \ - Link=1-5 \ - LinkAuth=1,3 \ - Microdesc=1-2 \ - Padding=2 \ - Relay=1-3" - ) - } -} - -/// A map of protocol names to the versions of them which are supported. -#[derive(Clone, Debug, PartialEq, Eq)] -pub struct ProtoEntry(HashMap<Protocol, ProtoSet>); - -impl Default for ProtoEntry { - fn default() -> ProtoEntry { - ProtoEntry(HashMap::new()) - } -} - -impl ProtoEntry { - /// Get an iterator over the `Protocol`s and their `ProtoSet`s in this `ProtoEntry`. - pub fn iter(&self) -> hash_map::Iter<Protocol, ProtoSet> { - self.0.iter() - } - - /// Translate the supported tor versions from a string into a - /// ProtoEntry, which is useful when looking up a specific - /// subprotocol. - pub fn supported() -> Result<Self, ProtoverError> { - let supported_cstr: &'static CStr = get_supported_protocols_cstr(); - let supported: &str = supported_cstr.to_str().unwrap_or(""); - - supported.parse() - } - - pub fn len(&self) -> usize { - self.0.len() - } - - pub fn get(&self, protocol: &Protocol) -> Option<&ProtoSet> { - self.0.get(protocol) - } - - pub fn insert(&mut self, key: Protocol, value: ProtoSet) { - self.0.insert(key, value); - } - - pub fn remove(&mut self, key: &Protocol) -> Option<ProtoSet> { - self.0.remove(key) - } - - pub fn is_empty(&self) -> bool { - self.0.is_empty() - } -} - -impl FromStr for ProtoEntry { - type Err = ProtoverError; - - /// Parse a string of subprotocol types and their version numbers. - /// - /// # Inputs - /// - /// * A `protocol_entry` string, comprised of a keywords, an "=" sign, and - /// one or more version numbers, each separated by a space. For example, - /// `"Cons=3-4 HSDir=1"`. - /// - /// # Returns - /// - /// A `Result` whose `Ok` value is a `ProtoEntry`. - /// Otherwise, the `Err` value of this `Result` is a `ProtoverError`. - fn from_str(protocol_entry: &str) -> Result<ProtoEntry, ProtoverError> { - let mut proto_entry: ProtoEntry = ProtoEntry::default(); - - if protocol_entry.is_empty() { - return Ok(proto_entry); - } - - let entries = protocol_entry.split(' '); - - for entry in entries { - let mut parts = entry.splitn(2, '='); - - let proto = match parts.next() { - Some(n) => n, - None => return Err(ProtoverError::Unparseable), - }; - - let vers = match parts.next() { - Some(n) => n, - None => return Err(ProtoverError::Unparseable), - }; - let versions: ProtoSet = vers.parse()?; - let proto_name: Protocol = proto.parse()?; - - proto_entry.insert(proto_name, versions); - - if proto_entry.len() > MAX_PROTOCOLS_TO_EXPAND { - return Err(ProtoverError::ExceedsMax); - } - } - Ok(proto_entry) - } -} - -/// Generate an implementation of `ToString` for either a `ProtoEntry` or an -/// `UnvalidatedProtoEntry`. -macro_rules! impl_to_string_for_proto_entry { - ($t:ty) => { - impl ToString for $t { - fn to_string(&self) -> String { - let mut parts: Vec<String> = Vec::new(); - - for (protocol, versions) in self.iter() { - parts.push(format!("{}={}", protocol.to_string(), versions.to_string())); - } - parts.sort_unstable(); - parts.join(" ") - } - } - }; -} - -impl_to_string_for_proto_entry!(ProtoEntry); -impl_to_string_for_proto_entry!(UnvalidatedProtoEntry); - -/// A `ProtoEntry`, but whose `Protocols` can be any `UnknownProtocol`, not just -/// the supported ones enumerated in `Protocols`. The protocol versions are -/// validated, however. -#[derive(Clone, Debug, PartialEq, Eq)] -pub struct UnvalidatedProtoEntry(HashMap<UnknownProtocol, ProtoSet>); - -impl Default for UnvalidatedProtoEntry { - fn default() -> UnvalidatedProtoEntry { - UnvalidatedProtoEntry(HashMap::new()) - } -} - -impl UnvalidatedProtoEntry { - /// Get an iterator over the `Protocol`s and their `ProtoSet`s in this `ProtoEntry`. - pub fn iter(&self) -> hash_map::Iter<UnknownProtocol, ProtoSet> { - self.0.iter() - } - - pub fn get(&self, protocol: &UnknownProtocol) -> Option<&ProtoSet> { - self.0.get(protocol) - } - - pub fn insert(&mut self, key: UnknownProtocol, value: ProtoSet) { - self.0.insert(key, value); - } - - pub fn remove(&mut self, key: &UnknownProtocol) -> Option<ProtoSet> { - self.0.remove(key) - } - - pub fn is_empty(&self) -> bool { - self.0.is_empty() - } - - pub fn len(&self) -> usize { - let mut total: usize = 0; - - for (_, versions) in self.iter() { - total += versions.len(); - } - total - } - - /// Determine if we support every protocol a client supports, and if not, - /// determine which protocols we do not have support for. - /// - /// # Returns - /// - /// Optionally, return parameters which the client supports but which we do not. - /// - /// # Examples - /// ``` - /// use protover::UnvalidatedProtoEntry; - /// - /// let protocols: UnvalidatedProtoEntry = "LinkAuth=1 Microdesc=1-2 Relay=2".parse().unwrap(); - /// let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - /// assert_eq!(true, unsupported.is_none()); - /// - /// let protocols: UnvalidatedProtoEntry = "Link=1-2 Wombat=9".parse().unwrap(); - /// let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - /// assert_eq!(true, unsupported.is_some()); - /// assert_eq!("Wombat=9", &unsupported.unwrap().to_string()); - /// ``` - pub fn all_supported(&self) -> Option<UnvalidatedProtoEntry> { - let mut unsupported: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default(); - let supported: ProtoEntry = match ProtoEntry::supported() { - Ok(x) => x, - Err(_) => return None, - }; - - for (protocol, versions) in self.iter() { - let is_supported: Result<Protocol, ProtoverError> = protocol.0.parse(); - let supported_protocol: Protocol; - - // If the protocol wasn't even in the enum, then we definitely don't - // know about it and don't support any of its versions. - if is_supported.is_err() { - if !versions.is_empty() { - unsupported.insert(protocol.clone(), versions.clone()); - } - continue; - } else { - supported_protocol = is_supported.unwrap(); - } - - let maybe_supported_versions: Option<&ProtoSet> = supported.get(&supported_protocol); - let supported_versions: &ProtoSet; - - // If the protocol wasn't in the map, then we don't know about it - // and don't support any of its versions. Add its versions to the - // map (if it has versions). - if maybe_supported_versions.is_none() { - if !versions.is_empty() { - unsupported.insert(protocol.clone(), versions.clone()); - } - continue; - } else { - supported_versions = maybe_supported_versions.unwrap(); - } - let unsupported_versions = versions.and_not_in(supported_versions); - - if !unsupported_versions.is_empty() { - unsupported.insert(protocol.clone(), unsupported_versions); - } - } - - if unsupported.is_empty() { - return None; - } - Some(unsupported) - } - - /// Determine if we have support for some protocol and version. - /// - /// # Inputs - /// - /// * `proto`, an `UnknownProtocol` to test support for - /// * `vers`, a `Version` which we will go on to determine whether the - /// specified protocol supports. - /// - /// # Return - /// - /// Returns `true` iff this `UnvalidatedProtoEntry` includes support for the - /// indicated protocol and version, and `false` otherwise. - /// - /// # Examples - /// - /// ``` - /// # use std::str::FromStr; - /// use protover::*; - /// # use protover::errors::ProtoverError; - /// - /// # fn do_test () -> Result<UnvalidatedProtoEntry, ProtoverError> { - /// let proto: UnvalidatedProtoEntry = "Link=3-4 Cons=1 Doggo=3-5".parse()?; - /// assert_eq!(true, proto.supports_protocol(&Protocol::Cons.into(), &1)); - /// assert_eq!(false, proto.supports_protocol(&Protocol::Cons.into(), &5)); - /// assert_eq!(true, proto.supports_protocol(&UnknownProtocol::from_str("Doggo")?, &4)); - /// # Ok(proto) - /// # } fn main () { do_test(); } - /// ``` - pub fn supports_protocol(&self, proto: &UnknownProtocol, vers: &Version) -> bool { - let supported_versions: &ProtoSet = match self.get(proto) { - Some(n) => n, - None => return false, - }; - supported_versions.contains(&vers) - } - - /// As `UnvalidatedProtoEntry::supports_protocol()`, but also returns `true` - /// if any later version of the protocol is supported. - /// - /// # Examples - /// ``` - /// use protover::*; - /// # use protover::errors::ProtoverError; - /// - /// # fn do_test () -> Result<UnvalidatedProtoEntry, ProtoverError> { - /// let proto: UnvalidatedProtoEntry = "Link=3-4 Cons=5".parse()?; - /// - /// assert_eq!(true, proto.supports_protocol_or_later(&Protocol::Cons.into(), &5)); - /// assert_eq!(true, proto.supports_protocol_or_later(&Protocol::Cons.into(), &4)); - /// assert_eq!(false, proto.supports_protocol_or_later(&Protocol::Cons.into(), &6)); - /// # Ok(proto) - /// # } fn main () { do_test(); } - /// ``` - pub fn supports_protocol_or_later(&self, proto: &UnknownProtocol, vers: &Version) -> bool { - let supported_versions: &ProtoSet = match self.get(&proto) { - Some(n) => n, - None => return false, - }; - supported_versions.iter().any(|v| v.1 >= *vers) - } - - /// Split a string containing (potentially) several protocols and their - /// versions into a `Vec` of tuples of string in `(protocol, versions)` - /// form. - /// - /// # Inputs - /// - /// A &str in the form `"Link=3-4 Cons=5"`. - /// - /// # Returns - /// - /// A `Result` whose `Ok` variant is a `Vec<(&str, &str)>` of `(protocol, - /// versions)`, or whose `Err` variant is a `ProtoverError`. - /// - /// # Errors - /// - /// This will error with a `ProtoverError::Unparseable` if any of the - /// following are true: - /// - /// * If a protocol name is an empty string, e.g. `"Cons=1,3 =3-5"`. - /// * If an entry has no equals sign, e.g. `"Cons=1,3 Desc"`. - /// * If there is leading or trailing whitespace, e.g. `" Cons=1,3 Link=3"`. - /// * If there is any other extra whitespice, e.g. `"Cons=1,3 Link=3"`. - fn parse_protocol_and_version_str<'a>( - protocol_string: &'a str, - ) -> Result<Vec<(&'a str, &'a str)>, ProtoverError> { - let mut protovers: Vec<(&str, &str)> = Vec::new(); - - if protocol_string.is_empty() { - return Ok(protovers); - } - - for subproto in protocol_string.split(' ') { - let mut parts = subproto.splitn(2, '='); - - let name = match parts.next() { - Some("") => return Err(ProtoverError::Unparseable), - Some(n) => n, - None => return Err(ProtoverError::Unparseable), - }; - let vers = match parts.next() { - Some(n) => n, - None => return Err(ProtoverError::Unparseable), - }; - protovers.push((name, vers)); - } - Ok(protovers) - } -} - -impl FromStr for UnvalidatedProtoEntry { - type Err = ProtoverError; - - /// Parses a protocol list without validating the protocol names. - /// - /// # Inputs - /// - /// * `protocol_string`, a string comprised of keys and values, both which are - /// strings. The keys are the protocol names while values are a string - /// representation of the supported versions. - /// - /// The input is _not_ expected to be a subset of the Protocol types - /// - /// # Returns - /// - /// A `Result` whose `Ok` value is an `UnvalidatedProtoEntry`. - /// - /// The returned `Result`'s `Err` value is an `ProtoverError`. - /// - /// # Errors - /// - /// This function will error if: - /// - /// * The protocol string does not follow the "protocol_name=version_list" - /// expected format, or - /// * If the version string is malformed. See `impl FromStr for ProtoSet`. - fn from_str(protocol_string: &str) -> Result<UnvalidatedProtoEntry, ProtoverError> { - let mut parsed: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default(); - let parts: Vec<(&str, &str)> = - UnvalidatedProtoEntry::parse_protocol_and_version_str(protocol_string)?; - - for &(name, vers) in parts.iter() { - let versions = ProtoSet::from_str(vers)?; - let protocol = UnknownProtocol::from_str(name)?; - - parsed.insert(protocol, versions); - } - Ok(parsed) - } -} - -impl UnvalidatedProtoEntry { - /// Create an `UnknownProtocol`, ignoring whether or not it - /// exceeds MAX_PROTOCOL_NAME_LENGTH. - pub(crate) fn from_str_any_len( - protocol_string: &str, - ) -> Result<UnvalidatedProtoEntry, ProtoverError> { - let mut parsed: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default(); - let parts: Vec<(&str, &str)> = - UnvalidatedProtoEntry::parse_protocol_and_version_str(protocol_string)?; - - for &(name, vers) in parts.iter() { - let versions = ProtoSet::from_str(vers)?; - let protocol = UnknownProtocol::from_str_any_len(name)?; - - parsed.insert(protocol, versions); - } - Ok(parsed) - } -} - -/// Pretend a `ProtoEntry` is actually an `UnvalidatedProtoEntry`. -impl From<ProtoEntry> for UnvalidatedProtoEntry { - fn from(proto_entry: ProtoEntry) -> UnvalidatedProtoEntry { - let mut unvalidated: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default(); - - for (protocol, versions) in proto_entry.iter() { - unvalidated.insert(UnknownProtocol::from(protocol.clone()), versions.clone()); - } - unvalidated - } -} - -/// A mapping of protocols to a count of how many times each of their `Version`s -/// were voted for or supported. -/// -/// # Warning -/// -/// The "protocols" are *not* guaranteed to be known/supported `Protocol`s, in -/// order to allow new subprotocols to be introduced even if Directory -/// Authorities don't yet know of them. -pub struct ProtoverVote(HashMap<UnknownProtocol, HashMap<Version, usize>>); - -impl Default for ProtoverVote { - fn default() -> ProtoverVote { - ProtoverVote(HashMap::new()) - } -} - -impl IntoIterator for ProtoverVote { - type Item = (UnknownProtocol, HashMap<Version, usize>); - type IntoIter = hash_map::IntoIter<UnknownProtocol, HashMap<Version, usize>>; - - fn into_iter(self) -> Self::IntoIter { - self.0.into_iter() - } -} - -impl ProtoverVote { - pub fn entry( - &mut self, - key: UnknownProtocol, - ) -> hash_map::Entry<UnknownProtocol, HashMap<Version, usize>> { - self.0.entry(key) - } - - /// Protocol voting implementation. - /// - /// Given a slice of `UnvalidatedProtoEntry`s and a vote `threshold`, return - /// a new `UnvalidatedProtoEntry` encoding all of the protocols that are - /// listed by at least `threshold` of the inputs. - /// - /// # Examples - /// - /// ``` - /// use protover::ProtoverVote; - /// use protover::UnvalidatedProtoEntry; - /// - /// let protos: &[UnvalidatedProtoEntry] = &["Link=3-4".parse().unwrap(), - /// "Link=3".parse().unwrap()]; - /// let vote = ProtoverVote::compute(protos, &2); - /// assert_eq!("Link=3", vote.to_string()); - /// ``` - // C_RUST_COUPLED: protover.c protover_compute_vote - pub fn compute( - proto_entries: &[UnvalidatedProtoEntry], - threshold: &usize, - ) -> UnvalidatedProtoEntry { - let mut all_count: ProtoverVote = ProtoverVote::default(); - let mut final_output: UnvalidatedProtoEntry = UnvalidatedProtoEntry::default(); - - if proto_entries.is_empty() { - return final_output; - } - - // parse and collect all of the protos and their versions and collect them - for vote in proto_entries { - // C_RUST_DIFFERS: This doesn't actually differ, bu this check on - // the total is here to make it match. Because the C version calls - // expand_protocol_list() which checks if there would be too many - // subprotocols *or* individual version numbers, i.e. more than - // MAX_PROTOCOLS_TO_EXPAND, and does this *per vote*, we need to - // match it's behaviour and ensure we're not allowing more than it - // would. - if vote.len() > MAX_PROTOCOLS_TO_EXPAND { - continue; - } - - for (protocol, versions) in vote.iter() { - let supported_vers: &mut HashMap<Version, usize> = - all_count.entry(protocol.clone()).or_insert(HashMap::new()); - - for version in versions.clone().expand() { - let counter: &mut usize = supported_vers.entry(version).or_insert(0); - *counter += 1; - } - } - } - - for (protocol, mut versions) in all_count { - // Go through and remove versions that are less than the threshold - versions.retain(|_, count| *count as usize >= *threshold); - - if versions.len() > 0 { - let voted_versions: Vec<Version> = versions.keys().cloned().collect(); - let voted_protoset: ProtoSet = ProtoSet::from(voted_versions); - - final_output.insert(protocol, voted_protoset); - } - } - final_output - } -} - -/// Returns a boolean indicating whether the given protocol and version is -/// supported in any of the existing Tor protocols -/// -/// # Examples -/// ``` -/// use protover::is_supported_here; -/// use protover::Protocol; -/// -/// let is_supported = is_supported_here(&Protocol::Link, &10); -/// assert_eq!(false, is_supported); -/// -/// let is_supported = is_supported_here(&Protocol::Link, &1); -/// assert_eq!(true, is_supported); -/// ``` -pub fn is_supported_here(proto: &Protocol, vers: &Version) -> bool { - let currently_supported: ProtoEntry = match ProtoEntry::supported() { - Ok(result) => result, - Err(_) => return false, - }; - let supported_versions = match currently_supported.get(proto) { - Some(n) => n, - None => return false, - }; - supported_versions.contains(vers) -} - -/// Since older versions of Tor cannot infer their own subprotocols, -/// determine which subprotocols are supported by older Tor versions. -/// -/// # Inputs -/// -/// * `version`, a string comprised of "[0-9a-z.-]" -/// -/// # Returns -/// -/// A `&'static CStr` encoding a list of protocol names and supported -/// versions. The string takes the following format: -/// -/// "HSDir=1-1 LinkAuth=1" -/// -/// This function returns the protocols that are supported by the version input, -/// only for tor versions older than `FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS` -/// (but not older than 0.2.4.19). For newer tors (or older than 0.2.4.19), it -/// returns an empty string. -/// -/// # Note -/// -/// This function is meant to be called for/within FFI code. If you'd -/// like to use this code in Rust, please see `compute_for_old_tor()`. -// -// C_RUST_COUPLED: src/rust/protover.c `compute_for_old_tor` -pub(crate) fn compute_for_old_tor_cstr(version: &str) -> &'static CStr { - let empty: &'static CStr = cstr!(""); - - if c_tor_version_as_new_as(version, FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS) { - return empty; - } - if c_tor_version_as_new_as(version, "0.2.9.1-alpha") { - return cstr!( - "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1-2 \ - Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2" - ); - } - if c_tor_version_as_new_as(version, "0.2.7.5") { - return cstr!( - "Cons=1-2 Desc=1-2 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \ - Link=1-4 LinkAuth=1 Microdesc=1-2 Relay=1-2" - ); - } - if c_tor_version_as_new_as(version, "0.2.4.19") { - return cstr!( - "Cons=1 Desc=1 DirCache=1 HSDir=1 HSIntro=3 HSRend=1 \ - Link=1-4 LinkAuth=1 Microdesc=1 Relay=1-2" - ); - } - empty -} - -/// Since older versions of Tor cannot infer their own subprotocols, -/// determine which subprotocols are supported by older Tor versions. -/// -/// # Inputs -/// -/// * `version`, a string comprised of "[0-9a-z.-]" -/// -/// # Returns -/// -/// A `Result` whose `Ok` value is an `&'static str` encoding a list of protocol -/// names and supported versions. The string takes the following format: -/// -/// "HSDir=1-1 LinkAuth=1" -/// -/// This function returns the protocols that are supported by the version input, -/// only for tor versions older than `FIRST_TOR_VERSION_TO_ADVERTISE_PROTOCOLS`. -/// (but not older than 0.2.4.19). For newer tors (or older than 0.2.4.19), its -/// `Ok` `Result` contains an empty string. -/// -/// Otherwise, its `Err` contains a `ProtoverError::Unparseable` if the -/// `version` string was invalid utf-8. -/// -/// # Note -/// -/// This function is meant to be called for/within non-FFI Rust code. -// -// C_RUST_COUPLED: src/rust/protover.c `compute_for_old_tor` -pub fn compute_for_old_tor(version: &str) -> Result<&'static str, ProtoverError> { - // .to_str() fails with a Utf8Error if it couldn't validate the - // utf-8, so convert that here into an Unparseable ProtoverError. - compute_for_old_tor_cstr(version) - .to_str() - .or(Err(ProtoverError::Unparseable)) -} - -#[cfg(test)] -mod test { - use std::str::FromStr; - use std::string::ToString; - - use super::*; - - macro_rules! parse_proto { - ($e:expr) => {{ - let proto: Result<UnknownProtocol, _> = $e.parse(); - let proto2 = UnknownProtocol::from_str_any_len($e); - assert_eq!(proto, proto2); - proto - }}; - } - - #[test] - fn test_protocol_from_str() { - assert!(parse_proto!("Cons").is_ok()); - assert!(parse_proto!("123").is_ok()); - assert!(parse_proto!("1-2-3").is_ok()); - - let err = Err(ProtoverError::InvalidProtocol); - assert_eq!(err, parse_proto!("a_b_c")); - assert_eq!(err, parse_proto!("a b")); - assert_eq!(err, parse_proto!("a,")); - assert_eq!(err, parse_proto!("b.")); - assert_eq!(err, parse_proto!("é")); - } - - macro_rules! assert_protoentry_is_parseable { - ($e:expr) => { - let protoentry: Result<ProtoEntry, ProtoverError> = $e.parse(); - - assert!(protoentry.is_ok(), format!("{:?}", protoentry.err())); - }; - } - - macro_rules! assert_protoentry_is_unparseable { - ($e:expr) => { - let protoentry: Result<ProtoEntry, ProtoverError> = $e.parse(); - - assert!(protoentry.is_err()); - }; - } - - #[test] - fn test_protoentry_from_str_multiple_protocols_multiple_versions() { - assert_protoentry_is_parseable!("Cons=3-4 Link=1,3-5"); - } - - #[test] - fn test_protoentry_from_str_empty() { - assert_protoentry_is_parseable!(""); - assert!(UnvalidatedProtoEntry::from_str("").is_ok()); - } - - #[test] - fn test_protoentry_from_str_single_protocol_single_version() { - assert_protoentry_is_parseable!("HSDir=1"); - } - - #[test] - fn test_protoentry_from_str_unknown_protocol() { - assert_protoentry_is_unparseable!("Ducks=5-7,8"); - } - - #[test] - fn test_protoentry_from_str_allowed_number_of_versions() { - assert_protoentry_is_parseable!("Desc=1-63"); - } - - #[test] - fn test_protoentry_from_str_too_many_versions() { - assert_protoentry_is_unparseable!("Desc=1-64"); - } - - #[test] - fn test_protoentry_all_supported_single_protocol_single_version() { - let protocol: UnvalidatedProtoEntry = "Cons=1".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocol.all_supported(); - assert_eq!(true, unsupported.is_none()); - } - - #[test] - fn test_protoentry_all_supported_multiple_protocol_multiple_versions() { - let protocols: UnvalidatedProtoEntry = "Link=3-4 Desc=2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_none()); - } - - #[test] - fn test_protoentry_all_supported_three_values() { - let protocols: UnvalidatedProtoEntry = "LinkAuth=1 Microdesc=1-2 Relay=2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_none()); - } - - #[test] - fn test_protoentry_all_supported_unknown_protocol() { - let protocols: UnvalidatedProtoEntry = "Wombat=9".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_some()); - assert_eq!("Wombat=9", &unsupported.unwrap().to_string()); - } - - #[test] - fn test_protoentry_all_supported_unsupported_high_version() { - let protocols: UnvalidatedProtoEntry = "HSDir=12-60".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_some()); - assert_eq!("HSDir=12-60", &unsupported.unwrap().to_string()); - } - - #[test] - fn test_protoentry_all_supported_unsupported_low_version() { - let protocols: UnvalidatedProtoEntry = "HSIntro=2-3".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_some()); - assert_eq!("HSIntro=2", &unsupported.unwrap().to_string()); - } - - #[test] - fn test_contract_protocol_list() { - let mut versions = ""; - assert_eq!( - String::from(versions), - ProtoSet::from_str(&versions).unwrap().to_string() - ); - - versions = "1"; - assert_eq!( - String::from(versions), - ProtoSet::from_str(&versions).unwrap().to_string() - ); - - versions = "1-2"; - assert_eq!( - String::from(versions), - ProtoSet::from_str(&versions).unwrap().to_string() - ); - - versions = "1,3"; - assert_eq!( - String::from(versions), - ProtoSet::from_str(&versions).unwrap().to_string() - ); - - versions = "1-4"; - assert_eq!( - String::from(versions), - ProtoSet::from_str(&versions).unwrap().to_string() - ); - - versions = "1,3,5-7"; - assert_eq!( - String::from(versions), - ProtoSet::from_str(&versions).unwrap().to_string() - ); - - versions = "1-3,50"; - assert_eq!( - String::from(versions), - ProtoSet::from_str(&versions).unwrap().to_string() - ); - } -} diff --git a/src/rust/protover/tests/protover.rs b/src/rust/protover/tests/protover.rs deleted file mode 100644 index a6305ac39a..0000000000 --- a/src/rust/protover/tests/protover.rs +++ /dev/null @@ -1,365 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -extern crate protover; - -use protover::errors::ProtoverError; -use protover::ProtoEntry; -use protover::ProtoverVote; -use protover::UnvalidatedProtoEntry; - -#[test] -fn parse_protocol_with_single_proto_and_single_version() { - let _: ProtoEntry = "Cons=1".parse().unwrap(); -} - -#[test] -fn parse_protocol_with_single_protocol_and_multiple_versions() { - let _: ProtoEntry = "Cons=1-2".parse().unwrap(); -} - -#[test] -fn parse_protocol_with_different_single_protocol_and_single_version() { - let _: ProtoEntry = "HSDir=1".parse().unwrap(); -} - -#[test] -fn parse_protocol_with_single_protocol_and_supported_version() { - let _: ProtoEntry = "Desc=2".parse().unwrap(); -} - -#[test] -fn parse_protocol_with_two_protocols_and_single_version() { - let _: ProtoEntry = "Cons=1 HSDir=1".parse().unwrap(); -} - -#[test] -fn parse_protocol_with_single_protocol_and_two_sequential_versions() { - let _: ProtoEntry = "Desc=1-2".parse().unwrap(); -} - -#[test] -fn parse_protocol_with_single_protocol_and_protocol_range() { - let _: ProtoEntry = "Link=1-4".parse().unwrap(); -} - -#[test] -fn parse_protocol_with_single_protocol_and_protocol_set() { - let _: ProtoEntry = "Link=3-4 Desc=2".parse().unwrap(); -} - -#[test] -fn protocol_all_supported_with_single_protocol_and_protocol_set() { - let protocols: UnvalidatedProtoEntry = "Link=3-4 Desc=2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_two_values() { - let protocols: UnvalidatedProtoEntry = "Microdesc=1-2 Relay=2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_one_value() { - let protocols: UnvalidatedProtoEntry = "Microdesc=1-2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_three_values() { - let protocols: UnvalidatedProtoEntry = "LinkAuth=1 Microdesc=1-2 Relay=2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_unsupported_protocol() { - let protocols: UnvalidatedProtoEntry = "Wombat=9".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_some()); - assert_eq!("Wombat=9", &unsupported.unwrap().to_string()); -} - -#[test] -fn protocol_all_supported_with_unsupported_versions() { - let protocols: UnvalidatedProtoEntry = "Link=3-63".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_some()); - assert_eq!("Link=6-63", &unsupported.unwrap().to_string()); -} - -#[test] -fn protocol_all_supported_with_unsupported_low_version() { - let protocols: UnvalidatedProtoEntry = "HSIntro=2-3".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_some()); - assert_eq!("HSIntro=2", &unsupported.unwrap().to_string()); -} - -#[test] -fn protocol_all_supported_with_unsupported_high_version() { - let protocols: UnvalidatedProtoEntry = "Cons=1-2,60".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_some()); - assert_eq!("Cons=60", &unsupported.unwrap().to_string()); -} - -#[test] -fn protocol_all_supported_with_mix_of_supported_and_unsupproted() { - let protocols: UnvalidatedProtoEntry = "Link=3-4 Wombat=9".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_some()); - assert_eq!("Wombat=9", &unsupported.unwrap().to_string()); -} - -#[test] -fn protover_string_supports_protocol_returns_true_for_single_supported() { - let protocols: UnvalidatedProtoEntry = "Link=3-4 Cons=1".parse().unwrap(); - let is_supported = protocols.supports_protocol(&protover::Protocol::Cons.into(), &1); - assert_eq!(true, is_supported); -} - -#[test] -fn protover_string_supports_protocol_returns_false_for_single_unsupported() { - let protocols: UnvalidatedProtoEntry = "Link=3-4 Cons=1".parse().unwrap(); - let is_supported = protocols.supports_protocol(&protover::Protocol::Cons.into(), &2); - assert_eq!(false, is_supported); -} - -#[test] -fn protover_string_supports_protocol_returns_false_for_unsupported() { - let protocols: UnvalidatedProtoEntry = "Link=3-4".parse().unwrap(); - let is_supported = protocols.supports_protocol(&protover::Protocol::Cons.into(), &2); - assert_eq!(false, is_supported); -} - -#[test] -#[should_panic] -fn parse_protocol_with_unexpected_characters() { - let _: UnvalidatedProtoEntry = "Cons=*-%".parse().unwrap(); -} - -#[test] -fn protover_compute_vote_returns_empty_for_empty_string() { - let protocols: &[UnvalidatedProtoEntry] = &["".parse().unwrap()]; - let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("", listed.to_string()); -} - -#[test] -fn protover_compute_vote_returns_single_protocol_for_matching() { - let protocols: &[UnvalidatedProtoEntry] = &["Cons=1".parse().unwrap()]; - let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("Cons=1", listed.to_string()); -} - -#[test] -fn protover_compute_vote_returns_two_protocols_for_two_matching() { - let protocols: &[UnvalidatedProtoEntry] = &["Link=1 Cons=1".parse().unwrap()]; - let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("Cons=1 Link=1", listed.to_string()); -} - -#[test] -fn protover_compute_vote_returns_one_protocol_when_one_out_of_two_matches() { - let protocols: &[UnvalidatedProtoEntry] = - &["Cons=1 Link=2".parse().unwrap(), "Cons=1".parse().unwrap()]; - let listed = ProtoverVote::compute(protocols, &2); - assert_eq!("Cons=1", listed.to_string()); -} - -#[test] -fn protover_compute_vote_returns_protocols_that_it_doesnt_currently_support() { - let protocols: &[UnvalidatedProtoEntry] = - &["Foo=1 Cons=2".parse().unwrap(), "Bar=1".parse().unwrap()]; - let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("Bar=1 Cons=2 Foo=1", listed.to_string()); -} - -#[test] -fn protover_compute_vote_returns_matching_for_mix() { - let protocols: &[UnvalidatedProtoEntry] = &["Link=1-10,50 Cons=1,3-7,8".parse().unwrap()]; - let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("Cons=1,3-8 Link=1-10,50", listed.to_string()); -} - -#[test] -fn protover_compute_vote_returns_matching_for_longer_mix() { - let protocols: &[UnvalidatedProtoEntry] = &[ - "Desc=1-10,50 Cons=1,3-7,8".parse().unwrap(), - "Link=12-45,8 Cons=2-6,8 Desc=9".parse().unwrap(), - ]; - - let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("Cons=1-8 Desc=1-10,50 Link=8,12-45", listed.to_string()); -} - -#[test] -fn protover_compute_vote_returns_matching_for_longer_mix_with_threshold_two() { - let protocols: &[UnvalidatedProtoEntry] = &[ - "Desc=1-10,50 Cons=1,3-7,8".parse().unwrap(), - "Link=8,12-45 Cons=2-6,8 Desc=9".parse().unwrap(), - ]; - - let listed = ProtoverVote::compute(protocols, &2); - assert_eq!("Cons=3-6,8 Desc=9", listed.to_string()); -} - -#[test] -fn protover_compute_vote_handles_duplicated_versions() { - let protocols: &[UnvalidatedProtoEntry] = - &["Cons=1".parse().unwrap(), "Cons=1".parse().unwrap()]; - assert_eq!("Cons=1", ProtoverVote::compute(protocols, &2).to_string()); - - let protocols: &[UnvalidatedProtoEntry] = - &["Cons=1-2".parse().unwrap(), "Cons=1-2".parse().unwrap()]; - assert_eq!("Cons=1-2", ProtoverVote::compute(protocols, &2).to_string()); -} - -#[test] -fn protover_compute_vote_handles_invalid_proto_entries() { - let protocols: &[UnvalidatedProtoEntry] = &[ - "Cons=1".parse().unwrap(), - "Cons=1".parse().unwrap(), - "Dinosaur=1".parse().unwrap(), - ]; - assert_eq!("Cons=1", ProtoverVote::compute(protocols, &2).to_string()); -} - -#[test] -fn parse_protocol_with_single_protocol_and_two_nonsequential_versions() { - let _: ProtoEntry = "Desc=1,2".parse().unwrap(); -} - -#[test] -fn protover_is_supported_here_returns_true_for_supported_protocol() { - assert_eq!( - true, - protover::is_supported_here(&protover::Protocol::Cons, &1) - ); -} - -#[test] -fn protover_is_supported_here_returns_false_for_unsupported_protocol() { - assert_eq!( - false, - protover::is_supported_here(&protover::Protocol::Cons, &5) - ); -} - -#[test] -fn protocol_all_supported_with_single_proto_and_single_version() { - let protocol: UnvalidatedProtoEntry = "Cons=1".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocol.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_single_protocol_and_multiple_versions() { - let protocol: UnvalidatedProtoEntry = "Cons=1-2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocol.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_different_single_protocol_and_single_version() { - let protocol: UnvalidatedProtoEntry = "HSDir=1".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocol.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_single_protocol_and_supported_version() { - let protocol: UnvalidatedProtoEntry = "Desc=2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocol.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_two_protocols_and_single_version() { - let protocols: UnvalidatedProtoEntry = "Cons=1 HSDir=1".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_single_protocol_and_two_nonsequential_versions() { - let protocol: UnvalidatedProtoEntry = "Desc=1,2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocol.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_single_protocol_and_two_sequential_versions() { - let protocol: UnvalidatedProtoEntry = "Desc=1-2".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocol.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protocol_all_supported_with_single_protocol_and_protocol_range() { - let protocol: UnvalidatedProtoEntry = "Link=1-4".parse().unwrap(); - let unsupported: Option<UnvalidatedProtoEntry> = protocol.all_supported(); - assert_eq!(true, unsupported.is_none()); -} - -#[test] -fn protover_all_supported_should_exclude_versions_we_actually_do_support() { - let proto: UnvalidatedProtoEntry = "Link=3-63".parse().unwrap(); - let result: String = proto.all_supported().unwrap().to_string(); - - assert_eq!(result, "Link=6-63".to_string()); -} - -#[test] -fn protover_all_supported_should_exclude_versions_we_actually_do_support_complex1() { - let proto: UnvalidatedProtoEntry = "Link=1-3,30-63".parse().unwrap(); - let result: String = proto.all_supported().unwrap().to_string(); - - assert_eq!(result, "Link=30-63".to_string()); -} - -#[test] -fn protover_all_supported_should_exclude_versions_we_actually_do_support_complex2() { - let proto: UnvalidatedProtoEntry = "Link=1-3,5-12".parse().unwrap(); - let result: String = proto.all_supported().unwrap().to_string(); - - assert_eq!(result, "Link=6-12".to_string()); -} - -#[test] -fn protover_all_supported_should_exclude_some_versions_and_entire_protocols() { - let proto: UnvalidatedProtoEntry = "Link=1-3,5-12 Quokka=50-51".parse().unwrap(); - let result: String = proto.all_supported().unwrap().to_string(); - - assert_eq!(result, "Link=6-12 Quokka=50-51".to_string()); -} - -#[test] -// C_RUST_DIFFERS: The C will return true (e.g. saying "yes, that's supported") -// but set the msg to NULL (??? seems maybe potentially bad). The Rust will -// simply return a None. -fn protover_all_supported_should_return_empty_string_for_weird_thing() { - let proto: UnvalidatedProtoEntry = "Fribble=".parse().unwrap(); - let result: Option<UnvalidatedProtoEntry> = proto.all_supported(); - - assert!(result.is_none()); -} - -#[test] -fn protover_unvalidatedprotoentry_should_err_entirely_unparseable_things() { - let proto: Result<UnvalidatedProtoEntry, ProtoverError> = "Fribble".parse(); - - assert_eq!(Err(ProtoverError::Unparseable), proto); -} - -#[test] -fn protover_all_supported_over_maximum_limit() { - let proto: Result<UnvalidatedProtoEntry, ProtoverError> = "Sleen=1-4294967295".parse(); - - assert_eq!(Err(ProtoverError::ExceedsMax), proto); -} diff --git a/src/rust/smartlist/Cargo.toml b/src/rust/smartlist/Cargo.toml deleted file mode 100644 index a5afe7bf74..0000000000 --- a/src/rust/smartlist/Cargo.toml +++ /dev/null @@ -1,18 +0,0 @@ -[package] -authors = ["The Tor Project"] -version = "0.0.1" -name = "smartlist" - -[dependencies] -libc = "0.2.39" - -[lib] -name = "smartlist" -path = "lib.rs" - -[features] -# We have to define a feature here because doctests don't get cfg(test), -# and we need to disable some C dependencies when running the doctests -# because of the various linker issues. See -# https://github.com/rust-lang/rust/issues/45599 -test_linking_hack = [] diff --git a/src/rust/smartlist/lib.rs b/src/rust/smartlist/lib.rs deleted file mode 100644 index 23301f88c3..0000000000 --- a/src/rust/smartlist/lib.rs +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -extern crate libc; - -mod smartlist; - -pub use smartlist::*; - -// When testing we may be compiled with sanitizers which are incompatible with -// Rust's default allocator, jemalloc (unsure why at this time). Most crates -// link to `tor_allocate` which switches by default to a non-jemalloc allocator, -// but we don't already depend on `tor_allocate` so make sure that while testing -// we don't use jemalloc. (but rather malloc/free) -#[global_allocator] -#[cfg(test)] -static A: std::alloc::System = std::alloc::System; diff --git a/src/rust/smartlist/smartlist.rs b/src/rust/smartlist/smartlist.rs deleted file mode 100644 index d8f8083dff..0000000000 --- a/src/rust/smartlist/smartlist.rs +++ /dev/null @@ -1,115 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -use libc::{c_char, c_int}; -use std::ffi::CStr; -use std::slice; - -/// Smartlists are a type used in C code in tor to define a collection of a -/// generic type, which has a capacity and a number used. Each Smartlist -/// defines how to extract the list of values from the underlying C structure -/// -/// Implementations are required to have a C representation, as this module -/// serves purely to translate smartlists as defined in tor to vectors in Rust. -pub trait Smartlist<T> { - fn get_list(&self) -> Vec<T>; -} - -#[repr(C)] -pub struct Stringlist { - pub list: *const *const c_char, - pub num_used: c_int, - pub capacity: c_int, -} - -impl Smartlist<String> for Stringlist { - fn get_list(&self) -> Vec<String> { - let empty: Vec<String> = Vec::new(); - let mut rust_list: Vec<String> = Vec::new(); - - if self.list.is_null() || self.num_used == 0 { - return empty; - } - - // unsafe, as we need to extract the smartlist list into a vector of - // pointers, and then transform each element into a Rust string. - let elems: &[*const c_char] = - unsafe { slice::from_raw_parts(self.list, self.num_used as usize) }; - - for elem in elems.iter() { - if elem.is_null() { - continue; - } - - // unsafe, as we need to create a cstring from the referenced - // element - let c_string = unsafe { CStr::from_ptr(*elem) }; - - let r_string = match c_string.to_str() { - Ok(n) => n, - Err(_) => return empty, - }; - - rust_list.push(String::from(r_string)); - } - - rust_list - } -} - -// TODO: CHK: this module maybe should be tested from a test in C with a -// smartlist as defined in tor. -#[cfg(test)] -mod test { - #[test] - fn test_get_list_of_strings() { - extern crate libc; - - use libc::c_char; - use std::ffi::CString; - - use super::Smartlist; - use super::Stringlist; - - { - // test to verify that null pointers are gracefully handled - use std::ptr; - - let sl = Stringlist { - list: ptr::null(), - num_used: 0, - capacity: 0, - }; - - let data = sl.get_list(); - assert_eq!(0, data.len()); - } - - { - let args = vec![String::from("a"), String::from("b")]; - - // for each string, transform it into a CString - let c_strings: Vec<_> = args - .iter() - .map(|arg| CString::new(arg.as_str()).unwrap()) - .collect(); - - // then, collect a pointer for each CString - let p_args: Vec<_> = c_strings.iter().map(|arg| arg.as_ptr()).collect(); - - let p: *const *const c_char = p_args.as_ptr(); - - // This is the representation that we expect when receiving a - // smartlist at the Rust/C FFI layer. - let sl = Stringlist { - list: p, - num_used: 2, - capacity: 2, - }; - - let data = sl.get_list(); - assert_eq!("a", &data[0]); - assert_eq!("b", &data[1]); - } - } -} diff --git a/src/rust/tor_allocate/Cargo.toml b/src/rust/tor_allocate/Cargo.toml deleted file mode 100644 index 06ac605f17..0000000000 --- a/src/rust/tor_allocate/Cargo.toml +++ /dev/null @@ -1,18 +0,0 @@ -[package] -authors = ["The Tor Project"] -version = "0.0.1" -name = "tor_allocate" - -[dependencies] -libc = "=0.2.39" - -[lib] -name = "tor_allocate" -path = "lib.rs" - -[features] -# We have to define a feature here because doctests don't get cfg(test), -# and we need to disable some C dependencies when running the doctests -# because of the various linker issues. See -# https://github.com/rust-lang/rust/issues/45599 -test_linking_hack = [] diff --git a/src/rust/tor_allocate/lib.rs b/src/rust/tor_allocate/lib.rs deleted file mode 100644 index fff8a08006..0000000000 --- a/src/rust/tor_allocate/lib.rs +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -//! Allocation helper functions that allow data to be allocated in Rust -//! using tor's specified allocator. In doing so, this can be later freed -//! from C. -//! -//! This is currently a temporary solution, we will later use tor's allocator -//! by default for any allocation that occurs in Rust. However, as this will -//! stabalize in 2018, we can use this as a temporary measure. - -extern crate libc; - -use std::alloc::System; - -mod tor_allocate; -pub use tor_allocate::*; - -#[global_allocator] -static A: System = System; diff --git a/src/rust/tor_allocate/tor_allocate.rs b/src/rust/tor_allocate/tor_allocate.rs deleted file mode 100644 index 7b35e2451f..0000000000 --- a/src/rust/tor_allocate/tor_allocate.rs +++ /dev/null @@ -1,104 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ -// No-op defined purely for testing at the module level -use libc::c_char; - -use libc::c_void; -#[cfg(not(feature = "testing"))] -use std::{mem, ptr, slice}; - -// Define a no-op implementation for testing Rust modules without linking to C -#[cfg(feature = "testing")] -pub fn allocate_and_copy_string(s: &str) -> *mut c_char { - use std::ffi::CString; - CString::new(s).unwrap().into_raw() -} - -// Defined only for tests, used for testing purposes, so that we don't need -// to link to tor C files. Uses the system allocator -#[cfg(test)] -unsafe extern "C" fn tor_malloc_(size: usize) -> *mut c_void { - use libc::malloc; - malloc(size) -} - -#[cfg(all(not(test), not(feature = "testing")))] -extern "C" { - fn tor_malloc_(size: usize) -> *mut c_void; -} - -/// Allocate memory using tor_malloc_ and copy an existing string into the -/// allocated buffer, returning a pointer that can later be called in C. -/// -/// # Inputs -/// -/// * `src`, a reference to a String. -/// -/// # Returns -/// -/// A `*mut c_char` that should be freed by tor_free in C -/// -#[cfg(not(feature = "testing"))] -pub fn allocate_and_copy_string(src: &str) -> *mut c_char { - let bytes: &[u8] = src.as_bytes(); - - let size = mem::size_of_val::<[u8]>(bytes); - let size_one_byte = mem::size_of::<u8>(); - - // handle integer overflow when adding one to the calculated length - let size_with_null_byte = match size.checked_add(size_one_byte) { - Some(n) => n, - None => return ptr::null_mut(), - }; - - let dest = unsafe { tor_malloc_(size_with_null_byte) as *mut u8 }; - - if dest.is_null() { - return ptr::null_mut(); - } - - unsafe { ptr::copy_nonoverlapping(bytes.as_ptr(), dest, size) }; - - // set the last byte as null, using the ability to index into a slice - // rather than doing pointer arithmetic - let slice = unsafe { slice::from_raw_parts_mut(dest, size_with_null_byte) }; - slice[size] = 0; // add a null terminator - - dest as *mut c_char -} - -#[cfg(test)] -mod test { - - #[test] - fn test_allocate_and_copy_string_with_empty() { - use libc::{c_void, free}; - use std::ffi::CStr; - - use tor_allocate::allocate_and_copy_string; - - let allocated_empty = allocate_and_copy_string(""); - - let allocated_empty_rust = unsafe { CStr::from_ptr(allocated_empty).to_str().unwrap() }; - - assert_eq!("", allocated_empty_rust); - - unsafe { free(allocated_empty as *mut c_void) }; - } - - #[test] - fn test_allocate_and_copy_string_with_not_empty_string() { - use libc::{c_void, free}; - use std::ffi::CStr; - - use tor_allocate::allocate_and_copy_string; - - let allocated_empty = allocate_and_copy_string("foo bar biz"); - - let allocated_empty_rust = unsafe { CStr::from_ptr(allocated_empty).to_str().unwrap() }; - - assert_eq!("foo bar biz", allocated_empty_rust); - - unsafe { free(allocated_empty as *mut c_void) }; - } -} diff --git a/src/rust/tor_log/Cargo.toml b/src/rust/tor_log/Cargo.toml deleted file mode 100644 index 14d9ae803a..0000000000 --- a/src/rust/tor_log/Cargo.toml +++ /dev/null @@ -1,21 +0,0 @@ -[package] -name = "tor_log" -version = "0.1.0" -authors = ["The Tor Project"] - -[lib] -name = "tor_log" -path = "lib.rs" - -[features] -# We have to define a feature here because doctests don't get cfg(test), -# and we need to disable some C dependencies when running the doctests -# because of the various linker issues. See -# https://github.com/rust-lang/rust/issues/45599 -test_linking_hack = [] - -[dependencies] -libc = "0.2.39" - -[dependencies.tor_allocate] -path = "../tor_allocate" diff --git a/src/rust/tor_log/lib.rs b/src/rust/tor_log/lib.rs deleted file mode 100644 index 4aa658e35b..0000000000 --- a/src/rust/tor_log/lib.rs +++ /dev/null @@ -1,16 +0,0 @@ -//! Copyright (c) 2016-2019, The Tor Project, Inc. */ -//! See LICENSE for licensing information */ - -//! Logging wrapper for Rust to utilize Tor's logger, found at -//! src/common/log.c and src/common/torlog.h -//! -//! Exposes different interfaces depending on whether we are running in test -//! or non-test mode. When testing, we use a no-op implementation, -//! otherwise we link directly to C. - -extern crate libc; -extern crate tor_allocate; - -mod tor_log; - -pub use tor_log::*; diff --git a/src/rust/tor_log/tor_log.rs b/src/rust/tor_log/tor_log.rs deleted file mode 100644 index 391cb32ab3..0000000000 --- a/src/rust/tor_log/tor_log.rs +++ /dev/null @@ -1,265 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -// Note that these functions are untested due to the fact that there are no -// return variables to test and they are calling into a C API. - -/// The related domain which the logging message is relevant. For example, -/// log messages relevant to networking would use LogDomain::LdNet, whereas -/// general messages can use LdGeneral. -#[derive(Eq, PartialEq)] -pub enum LogDomain { - Net, - General, -} - -/// The severity level at which to log messages. -#[derive(Eq, PartialEq)] -pub enum LogSeverity { - Notice, - Warn, -} - -/// Main entry point for Rust modules to log messages. -/// -/// # Inputs -/// -/// * A `severity` of type LogSeverity, which defines the level of severity the -/// message will be logged. -/// * A `domain` of type LogDomain, which defines the domain the log message -/// will be associated with. -/// * A `function` of type &str, which defines the name of the function where -/// the message is being logged. There is a current RFC for a macro that -/// defines function names. When it is, we should use it. See -/// https://github.com/rust-lang/rfcs/pull/1719 -/// * A `message` of type &str, which is the log message itself. -#[macro_export] -macro_rules! tor_log_msg { - ($severity: path, - $domain: path, - $function: expr, - $($message:tt)*) => - { - { - let msg = format!($($message)*); - $crate::tor_log_msg_impl($severity, $domain, $function, msg) - } - }; -} - -#[inline] -pub fn tor_log_msg_impl(severity: LogSeverity, domain: LogDomain, function: &str, message: String) { - use std::ffi::CString; - - /// Default function name to log in case of errors when converting - /// a function name to a CString - const ERR_LOG_FUNCTION: &str = "tor_log_msg"; - - /// Default message to log in case of errors when converting a log - /// message to a CString - const ERR_LOG_MSG: &str = "Unable to log message from Rust \ - module due to error when converting to CString"; - - let func = match CString::new(function) { - Ok(n) => n, - Err(_) => CString::new(ERR_LOG_FUNCTION).unwrap(), - }; - - let msg = match CString::new(message) { - Ok(n) => n, - Err(_) => CString::new(ERR_LOG_MSG).unwrap(), - }; - - // Bind to a local variable to preserve ownership. This is essential so - // that ownership is guaranteed until these local variables go out of scope - let func_ptr = func.as_ptr(); - let msg_ptr = msg.as_ptr(); - - let c_severity = unsafe { log::translate_severity(severity) }; - let c_domain = unsafe { log::translate_domain(domain) }; - - unsafe { log::tor_log_string(c_severity, c_domain, func_ptr, msg_ptr) } -} - -/// This implementation is used when compiling for actual use, as opposed to -/// testing. -#[cfg(not(test))] -pub mod log { - use super::LogDomain; - use super::LogSeverity; - use libc::{c_char, c_int}; - - /// Severity log types. These mirror definitions in src/lib/log/log.h - /// C_RUST_COUPLED: src/lib/log/log.c, log domain types - extern "C" { - static LOG_WARN_: c_int; - static LOG_NOTICE_: c_int; - } - - /// Domain log types. These mirror definitions in src/lib/log/log.h - /// C_RUST_COUPLED: src/lib/log/log.c, log severity types - extern "C" { - static LD_NET_: u64; - static LD_GENERAL_: u64; - } - - /// Translate Rust definitions of log domain levels to C. This exposes a 1:1 - /// mapping between types. - #[inline] - pub unsafe fn translate_domain(domain: LogDomain) -> u64 { - match domain { - LogDomain::Net => LD_NET_, - LogDomain::General => LD_GENERAL_, - } - } - - /// Translate Rust definitions of log severity levels to C. This exposes a - /// 1:1 mapping between types. - #[inline] - pub unsafe fn translate_severity(severity: LogSeverity) -> c_int { - match severity { - LogSeverity::Warn => LOG_WARN_, - LogSeverity::Notice => LOG_NOTICE_, - } - } - - /// The main entry point into Tor's logger. When in non-test mode, this - /// will link directly with `tor_log_string` in torlog.c - extern "C" { - pub fn tor_log_string( - severity: c_int, - domain: u64, - function: *const c_char, - string: *const c_char, - ); - } -} - -/// This module exposes no-op functionality for testing other Rust modules -/// without linking to C. -#[cfg(test)] -pub mod log { - use super::LogDomain; - use super::LogSeverity; - use libc::{c_char, c_int}; - - pub static mut LAST_LOGGED_FUNCTION: *mut String = 0 as *mut String; - pub static mut LAST_LOGGED_MESSAGE: *mut String = 0 as *mut String; - - pub unsafe fn tor_log_string( - _severity: c_int, - _domain: u32, - function: *const c_char, - message: *const c_char, - ) { - use std::ffi::CStr; - - let f = CStr::from_ptr(function); - let fct = match f.to_str() { - Ok(n) => n, - Err(_) => "", - }; - LAST_LOGGED_FUNCTION = Box::into_raw(Box::new(String::from(fct))); - - let m = CStr::from_ptr(message); - let msg = match m.to_str() { - Ok(n) => n, - Err(_) => "", - }; - LAST_LOGGED_MESSAGE = Box::into_raw(Box::new(String::from(msg))); - } - - pub unsafe fn translate_domain(_domain: LogDomain) -> u32 { - 1 - } - - pub unsafe fn translate_severity(_severity: LogSeverity) -> c_int { - 1 - } -} - -#[cfg(test)] -mod test { - use tor_log::log::{LAST_LOGGED_FUNCTION, LAST_LOGGED_MESSAGE}; - use tor_log::*; - - #[test] - fn test_get_log_message() { - { - fn test_macro() { - tor_log_msg!( - LogSeverity::Warn, - LogDomain::Net, - "test_macro", - "test log message {}", - "a", - ); - } - - test_macro(); - - let function = unsafe { Box::from_raw(LAST_LOGGED_FUNCTION) }; - assert_eq!("test_macro", *function); - - let message = unsafe { Box::from_raw(LAST_LOGGED_MESSAGE) }; - assert_eq!("test log message a", *message); - } - - // test multiple inputs into the log message - { - fn test_macro() { - tor_log_msg!( - LogSeverity::Warn, - LogDomain::Net, - "next_test_macro", - "test log message {} {} {} {} {}", - 1, - 2, - 3, - 4, - 5 - ); - } - - test_macro(); - - let function = unsafe { Box::from_raw(LAST_LOGGED_FUNCTION) }; - assert_eq!("next_test_macro", *function); - - let message = unsafe { Box::from_raw(LAST_LOGGED_MESSAGE) }; - assert_eq!("test log message 1 2 3 4 5", *message); - } - - // test how a long log message will be formatted - { - fn test_macro() { - tor_log_msg!( - LogSeverity::Warn, - LogDomain::Net, - "test_macro", - "{}", - "All the world's a stage, and all the men and women \ - merely players: they have their exits and their \ - entrances; and one man in his time plays many parts, his \ - acts being seven ages." - ); - } - - test_macro(); - - let expected_string = "All the world's a \ - stage, and all the men \ - and women merely players: \ - they have their exits and \ - their entrances; and one man \ - in his time plays many parts, \ - his acts being seven ages."; - - let function = unsafe { Box::from_raw(LAST_LOGGED_FUNCTION) }; - assert_eq!("test_macro", *function); - - let message = unsafe { Box::from_raw(LAST_LOGGED_MESSAGE) }; - assert_eq!(expected_string, *message); - } - } -} diff --git a/src/rust/tor_rust/Cargo.toml b/src/rust/tor_rust/Cargo.toml deleted file mode 100644 index 35c629882e..0000000000 --- a/src/rust/tor_rust/Cargo.toml +++ /dev/null @@ -1,22 +0,0 @@ -[package] -authors = ["The Tor Project"] -name = "tor_rust" -version = "0.1.0" - -[lib] -name = "tor_rust" -path = "lib.rs" -crate_type = ["staticlib"] - -[dependencies.tor_util] -path = "../tor_util" - -[dependencies.protover] -path = "../protover" - -[features] -# We have to define a feature here because doctests don't get cfg(test), -# and we need to disable some C dependencies when running the doctests -# because of the various linker issues. See -# https://github.com/rust-lang/rust/issues/45599 -test_linking_hack = [] diff --git a/src/rust/tor_rust/include.am b/src/rust/tor_rust/include.am deleted file mode 100644 index ce673abbee..0000000000 --- a/src/rust/tor_rust/include.am +++ /dev/null @@ -1,28 +0,0 @@ -EXTRA_DIST +=\ - src/rust/tor_rust/Cargo.toml \ - src/rust/tor_rust/lib.rs - -EXTRA_CARGO_OPTIONS= - -@TOR_RUST_LIB_PATH@: FORCE - ( cd "$(abs_top_builddir)/src/rust" ; \ - CARGO_TARGET_DIR="$(abs_top_builddir)/src/rust/target" \ - $(CARGO) build --release $(EXTRA_CARGO_OPTIONS) \ - $(CARGO_ONLINE) \ - --manifest-path "$(abs_top_srcdir)/src/rust/tor_rust/Cargo.toml" ) - -distclean-rust: - ( cd "$(abs_top_builddir)/src/rust" ; \ - CARGO_TARGET_DIR="$(abs_top_builddir)/src/rust/target" \ - $(CARGO) clean $(EXTRA_CARGO_OPTIONS) \ - $(CARGO_ONLINE) \ - --manifest-path "$(abs_top_srcdir)/src/rust/tor_rust/Cargo.toml" ) - rm -rf "$(abs_top_builddir)/src/rust/registry" - -if USE_RUST -build-rust: @TOR_RUST_LIB_PATH@ -else -build-rust: -endif - -FORCE: diff --git a/src/rust/tor_rust/lib.rs b/src/rust/tor_rust/lib.rs deleted file mode 100644 index 18519f8497..0000000000 --- a/src/rust/tor_rust/lib.rs +++ /dev/null @@ -1,5 +0,0 @@ -extern crate protover; -extern crate tor_util; - -pub use protover::*; -pub use tor_util::*; diff --git a/src/rust/tor_util/Cargo.toml b/src/rust/tor_util/Cargo.toml deleted file mode 100644 index 9ffaeda8a6..0000000000 --- a/src/rust/tor_util/Cargo.toml +++ /dev/null @@ -1,24 +0,0 @@ -[package] -authors = ["The Tor Project"] -name = "tor_util" -version = "0.0.1" - -[lib] -name = "tor_util" -path = "lib.rs" - -[dependencies.tor_allocate] -path = "../tor_allocate" - -[dependencies.tor_log] -path = "../tor_log" - -[dependencies] -libc = "=0.2.39" - -[features] -# We have to define a feature here because doctests don't get cfg(test), -# and we need to disable some C dependencies when running the doctests -# because of the various linker issues. See -# https://github.com/rust-lang/rust/issues/45599 -test_linking_hack = [] diff --git a/src/rust/tor_util/ffi.rs b/src/rust/tor_util/ffi.rs deleted file mode 100644 index b71b2bd093..0000000000 --- a/src/rust/tor_util/ffi.rs +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -//! FFI functions to announce Rust support during tor startup, only to be -//! called from C. -//! - -use tor_log::{LogDomain, LogSeverity}; - -/// Returns a short string to announce Rust support during startup. -/// -/// # Examples -/// ```c -/// char *rust_str = rust_welcome_string(); -/// printf("%s", rust_str); -/// tor_free(rust_str); -/// ``` -#[no_mangle] -pub extern "C" fn rust_log_welcome_string() { - tor_log_msg!( - LogSeverity::Notice, - LogDomain::General, - "rust_log_welcome_string", - "Tor is running with Rust integration. Please report \ - any bugs you encounter." - ); -} diff --git a/src/rust/tor_util/lib.rs b/src/rust/tor_util/lib.rs deleted file mode 100644 index 8886767ede..0000000000 --- a/src/rust/tor_util/lib.rs +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -//! Small module to announce Rust support during startup for demonstration -//! purposes. - -extern crate libc; -extern crate tor_allocate; - -#[macro_use] -extern crate tor_log; - -pub mod ffi; -pub mod strings; diff --git a/src/rust/tor_util/strings.rs b/src/rust/tor_util/strings.rs deleted file mode 100644 index ede42c6ea8..0000000000 --- a/src/rust/tor_util/strings.rs +++ /dev/null @@ -1,136 +0,0 @@ -// Copyright (c) 2016-2019, The Tor Project, Inc. */ -// See LICENSE for licensing information */ - -//! Utilities for working with static strings. - -/// Create a `CStr` from a literal byte slice, appending a NUL byte to it first. -/// -/// # Warning -/// -/// The literal byte slice which is taken as an argument *MUST NOT* have any NUL -/// bytes (`b"\0"`) in it, anywhere, or else an empty string will be returned -/// (`CStr::from_bytes_with_nul_unchecked(b"\0")`) so as to avoid `panic!()`ing. -/// -/// # Examples -/// -/// ``` -/// #[macro_use] -/// extern crate tor_util; -/// -/// use std::ffi::CStr; -/// -/// # fn do_test() -> Result<&'static CStr, &'static str> { -/// let message: &'static str = "This is a test of the tsunami warning system."; -/// let tuesday: &'static CStr; -/// let original: &str; -/// -/// tuesday = cstr!("This is a test of the tsunami warning system."); -/// original = tuesday.to_str().or(Err("Couldn't unwrap CStr!"))?; -/// -/// assert!(original == message); -/// # -/// # Ok(tuesday) -/// # } -/// # fn main() { -/// # do_test(); // so that we can use the ? operator in the test -/// # } -/// ``` -/// It is also possible to pass several string literals to this macro. They -/// will be concatenated together in the order of the arguments, unmodified, -/// before finally being suffixed with a NUL byte: -/// -/// ``` -/// #[macro_use] -/// extern crate tor_util; -/// # -/// # use std::ffi::CStr; -/// # -/// # fn do_test() -> Result<&'static CStr, &'static str> { -/// -/// let quux: &'static CStr = cstr!("foo", "bar", "baz"); -/// let orig: &'static str = quux.to_str().or(Err("Couldn't unwrap CStr!"))?; -/// -/// assert!(orig == "foobarbaz"); -/// # Ok(quux) -/// # } -/// # fn main() { -/// # do_test(); // so that we can use the ? operator in the test -/// # } -/// ``` -/// This is useful for passing static strings to C from Rust FFI code. To do so -/// so, use the `.as_ptr()` method on the resulting `&'static CStr` to convert -/// it to the Rust equivalent of a C `const char*`: -/// -/// ``` -/// #[macro_use] -/// extern crate tor_util; -/// -/// use std::ffi::CStr; -/// use std::os::raw::c_char; -/// -/// pub extern "C" fn give_static_borrowed_string_to_c() -> *const c_char { -/// let hello: &'static CStr = cstr!("Hello, language my parents wrote."); -/// -/// hello.as_ptr() -/// } -/// # fn main() { -/// # let greetings = give_static_borrowed_string_to_c(); -/// # } -/// ``` -/// Note that the C code this static borrowed string is passed to *MUST NOT* -/// attempt to free the memory for the string. -/// -/// # Note -/// -/// An unfortunate limitation of the rustc compiler (as of 1.25.0-nightly), is -/// that the first example above compiles, but if we were to change the -/// assignment of `tuesday` as follows, it will fail to compile, because Rust -/// macros are expanded at parse time, and at parse time there is no symbol -/// table available. -/// -/// ```ignore -/// tuesday = cstr!(message); -/// ``` -/// with the error message `error: expected a literal`. -/// -/// # Returns -/// -/// If the string literals passed as arguments contain no NUL bytes anywhere, -/// then an `&'static CStr` containing the (concatenated) bytes of the string -/// literal(s) passed as arguments, with a NUL byte appended, is returned. -/// Otherwise, an `&'static CStr` containing a single NUL byte is returned (an -/// "empty" string in C). -#[macro_export] -macro_rules! cstr { - ($($bytes:expr),*) => ( - ::std::ffi::CStr::from_bytes_with_nul( - concat!($($bytes),*, "\0").as_bytes() - ).unwrap_or_default() - ) -} - -#[cfg(test)] -mod test { - use std::ffi::CStr; - - #[test] - fn cstr_macro() { - let _: &'static CStr = cstr!("boo"); - } - - #[test] - fn cstr_macro_multi_input() { - let quux: &'static CStr = cstr!("foo", "bar", "baz"); - - assert!(quux.to_str().unwrap() == "foobarbaz"); - } - - #[test] - fn cstr_macro_bad_input() { - let waving: &'static CStr = cstr!("waving not drowning o/"); - let drowning: &'static CStr = cstr!("\0 drowning not waving"); - - assert!(waving.to_str().unwrap() == "waving not drowning o/"); - assert!(drowning.to_str().unwrap() == "") - } -} diff --git a/src/test/bench.c b/src/test/bench.c index 7a8c04e802..a76ea67eb8 100644 --- a/src/test/bench.c +++ b/src/test/bench.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/ed25519_exts_ref.py b/src/test/ed25519_exts_ref.py index dcc0a7c25a..abc9a1de7f 100644 --- a/src/test/ed25519_exts_ref.py +++ b/src/test/ed25519_exts_ref.py @@ -42,7 +42,7 @@ def blindESK(esk, param): s_prime = (s * mult) % ell k = esk[32:] assert(len(k) == 32) - k_prime = H("Derive temporary signing key hash input" + k)[:32] + k_prime = H(b"Derive temporary signing key hash input" + k)[:32] return encodeint(s_prime) + k_prime def blindPK(pk, param): @@ -170,6 +170,8 @@ RAND_INPUTS = [ '5c8eac469bb3f1b85bc7cd893f52dc42a9ab66f1b02b5ce6a68e9b175d3bb433', 'eda433d483059b6d1ff8b7cfbd0fe406bfb23722c8f3c8252629284573b61b86', '4377c40431c30883c5fbd9bc92ae48d1ed8a47b81d13806beac5351739b5533d', + 'c6bbcce615839756aed2cc78b1de13884dd3618f48367a17597a16c1cd7a290b', + 'c6bbcce615839756aed2cc78b1de13884dd3618f48367a17597a16c1cd7a290b', 'c6bbcce615839756aed2cc78b1de13884dd3618f48367a17597a16c1cd7a290b'] # From pprint.pprint([ binascii.b2a_hex(os.urandom(32)) for _ in xrange(8) ]) @@ -181,7 +183,9 @@ BLINDING_PARAMS = [ 'b1fe79d1dec9bc108df69f6612c72812755751f21ecc5af99663b30be8b9081f', '81f1512b63ab5fb5c1711a4ec83d379c420574aedffa8c3368e1c3989a3a0084', '97f45142597c473a4b0e9a12d64561133ad9e1155fe5a9807fe6af8a93557818', - '3f44f6a5a92cde816635dfc12ade70539871078d2ff097278be2a555c9859cd0'] + '3f44f6a5a92cde816635dfc12ade70539871078d2ff097278be2a555c9859cd0', + '0000000000000000000000000000000000000000000000000000000000000000', + '1111111111111111111111111111111111111111111111111111111111111111'] PREFIX = "ED25519_" @@ -193,9 +197,9 @@ def writeArray(name, array): if len(h) > 70: h1 = h[:70] h2 = h[70:] - print(' "{0}"\n "{1}",'.format(h1,h2)) + print(' "{0}"\n "{1}",'.format(h1.decode('utf-8'),h2.decode('utf-8'))) else: - print(' "{0}",'.format(h)) + print(' "{0}",'.format(h.decode('utf-8'))) print("};\n") def comment(text, initial="/**"): diff --git a/src/test/ed25519_vectors.inc b/src/test/ed25519_vectors.inc index 60c863beba..3813282e00 100644 --- a/src/test/ed25519_vectors.inc +++ b/src/test/ed25519_vectors.inc @@ -16,6 +16,8 @@ static const char *ED25519_SECRET_KEYS[] = { "eda433d483059b6d1ff8b7cfbd0fe406bfb23722c8f3c8252629284573b61b86", "4377c40431c30883c5fbd9bc92ae48d1ed8a47b81d13806beac5351739b5533d", "c6bbcce615839756aed2cc78b1de13884dd3618f48367a17597a16c1cd7a290b", + "c6bbcce615839756aed2cc78b1de13884dd3618f48367a17597a16c1cd7a290b", + "c6bbcce615839756aed2cc78b1de13884dd3618f48367a17597a16c1cd7a290b", }; /** @@ -39,6 +41,10 @@ static const char *ED25519_EXPANDED_SECRET_KEYS[] = { "e5fd7ac43794394507ad440ecfdf59c4c255f19b768a273109e06d7d8e", "b003077c1e52a62308eef7950b2d532e1d4a7eea50ad22d8ac11b892851f1c40ffb9c9" "ff8dcd0c6c233f665a2e176324d92416bfcfcd1f787424c0c667452d86", + "b003077c1e52a62308eef7950b2d532e1d4a7eea50ad22d8ac11b892851f1c40ffb9c9" + "ff8dcd0c6c233f665a2e176324d92416bfcfcd1f787424c0c667452d86", + "b003077c1e52a62308eef7950b2d532e1d4a7eea50ad22d8ac11b892851f1c40ffb9c9" + "ff8dcd0c6c233f665a2e176324d92416bfcfcd1f787424c0c667452d86", }; /** @@ -53,6 +59,8 @@ static const char *ED25519_PUBLIC_KEYS[] = { "d21c294db0e64cb2d8976625786ede1d9754186ae8197a64d72f68c792eecc19", "c4d58b4cf85a348ff3d410dd936fa460c4f18da962c01b1963792b9dcc8a6ea6", "95126f14d86494020665face03f2d42ee2b312a85bc729903eb17522954a1c4a", + "95126f14d86494020665face03f2d42ee2b312a85bc729903eb17522954a1c4a", + "95126f14d86494020665face03f2d42ee2b312a85bc729903eb17522954a1c4a", }; /** @@ -69,6 +77,8 @@ static const char *ED25519_CURVE25519_PUBLIC_KEYS[] = { "59e20dcb691c4a345fe86c8a79ac817e5b514d84bbf0512a842a08e43f7f087e", "9e43b820b320eda35f66f122c155b2bf8e2192c468617b7115bf067d19e08369", "861f33296cb57f8f01e4a5e8a7e5d5d7043a6247586ab36dea8a1a3c4403ee30", + "861f33296cb57f8f01e4a5e8a7e5d5d7043a6247586ab36dea8a1a3c4403ee30", + "861f33296cb57f8f01e4a5e8a7e5d5d7043a6247586ab36dea8a1a3c4403ee30", }; /** @@ -83,6 +93,8 @@ static const char *ED25519_BLINDING_PARAMS[] = { "81f1512b63ab5fb5c1711a4ec83d379c420574aedffa8c3368e1c3989a3a0084", "97f45142597c473a4b0e9a12d64561133ad9e1155fe5a9807fe6af8a93557818", "3f44f6a5a92cde816635dfc12ade70539871078d2ff097278be2a555c9859cd0", + "0000000000000000000000000000000000000000000000000000000000000000", + "1111111111111111111111111111111111111111111111111111111111111111", }; /** @@ -107,6 +119,10 @@ static const char *ED25519_BLINDED_SECRET_KEYS[] = { "8f8e556d78f4bdcb9a13b6f6066fe81d3134ae965dc48cd0785b3af2b8", "288cbfd923cb286d48c084555b5bdd06c05e92fb81acdb45271367f57515380e053d9c" "00c81e1331c06ab50087be8cfc7dc11691b132614474f1aa9c2503cccd", + "e5cd03eb4cc456e11bc36724b558873df0045729b22d8b748360067a7770ac02053d9c" + "00c81e1331c06ab50087be8cfc7dc11691b132614474f1aa9c2503cccd", + "2cf7ed8b163f5af960d2fc62e1883aa422a6090736b4f18a5456ddcaf78ede0c053d9c" + "00c81e1331c06ab50087be8cfc7dc11691b132614474f1aa9c2503cccd", }; /** @@ -123,6 +139,8 @@ static const char *ED25519_BLINDED_PUBLIC_KEYS[] = { "2b946a484344eb1c17c89dd8b04196a84f3b7222c876a07a4cece85f676f87d9", "c6b585129b135f8769df2eba987e76e089e80ba3a2a6729134d3b28008ac098e", "0eefdc795b59cabbc194c6174e34ba9451e8355108520554ec285acabebb34ac", + "312404d06a0a9de489904b18d5233e83a50b225977fa8734f2c897a73c067952", + "952a908a4a9e0e5176a2549f8f328955aca6817a9fdc59e3acec5dec50838108", }; /** @@ -146,5 +164,9 @@ static const char *ED25519_SELF_SIGNATURES[] = { "4867daa60f2a82d09ba9652d41e8dde292b624afc8d2c26441b95e3c0e", "815213640a643d198bd056e02bba74e1c8d2d931643e84497adf3347eb485079c9afe0" "afce9284cdc084946b561abbb214f1304ca11228ff82702185cf28f60d", + "815213640a643d198bd056e02bba74e1c8d2d931643e84497adf3347eb485079c9afe0" + "afce9284cdc084946b561abbb214f1304ca11228ff82702185cf28f60d", + "815213640a643d198bd056e02bba74e1c8d2d931643e84497adf3347eb485079c9afe0" + "afce9284cdc084946b561abbb214f1304ca11228ff82702185cf28f60d", }; diff --git a/src/test/fakechans.h b/src/test/fakechans.h index c3accb1637..e84e0233f6 100644 --- a/src/test/fakechans.h +++ b/src/test/fakechans.h @@ -1,4 +1,4 @@ - /* Copyright (c) 2014-2020, The Tor Project, Inc. */ + /* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_FAKECHANS_H diff --git a/src/test/fakecircs.c b/src/test/fakecircs.c index 4d5b97197e..cca3b43483 100644 --- a/src/test/fakecircs.c +++ b/src/test/fakecircs.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/fakecircs.h b/src/test/fakecircs.h index ed8a150a3f..61359e9bab 100644 --- a/src/test/fakecircs.h +++ b/src/test/fakecircs.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/fuzz/fuzz_address.c b/src/test/fuzz/fuzz_address.c new file mode 100644 index 0000000000..6dccd65e9d --- /dev/null +++ b/src/test/fuzz/fuzz_address.c @@ -0,0 +1,26 @@ +#include "lib/net/address.h" +#include "lib/malloc/malloc.h" + +#include "test/fuzz/fuzzing.h" + +int +fuzz_init(void) +{ + return 0; +} + +int +fuzz_cleanup(void) +{ + return 0; +} + +int +fuzz_main(const uint8_t *data, size_t sz) +{ + tor_addr_t addr; + char *fuzzing_data = tor_memdup_nulterm(data, sz); + tor_addr_parse(&addr, fuzzing_data); + tor_free(fuzzing_data); + return 0; +} diff --git a/src/test/fuzz/fuzz_addressPTR.c b/src/test/fuzz/fuzz_addressPTR.c new file mode 100644 index 0000000000..b503d53666 --- /dev/null +++ b/src/test/fuzz/fuzz_addressPTR.c @@ -0,0 +1,32 @@ +#include "lib/net/address.h" +#include "lib/net/socket.h" +#include "lib/cc/ctassert.h" +#include "lib/container/smartlist.h" +#include "lib/ctime/di_ops.h" +#include "lib/log/log.h" +#include "lib/log/escape.h" +#include "lib/malloc/malloc.h" +#include "lib/net/address.h" +#include "test/fuzz/fuzzing.h" + +int +fuzz_init(void) +{ + return 0; +} + +int +fuzz_cleanup(void) +{ + return 0; +} + +int +fuzz_main(const uint8_t *data, size_t sz) +{ + tor_addr_t addr_result; + char *fuzzing_data = tor_memdup_nulterm(data, sz); + tor_addr_parse_PTR_name(&addr_result, fuzzing_data, AF_UNSPEC, 1); + tor_free(fuzzing_data); + return 0; +} diff --git a/src/test/fuzz/fuzz_consensus.c b/src/test/fuzz/fuzz_consensus.c index f2bf29ea78..bf5a2b69e3 100644 --- a/src/test/fuzz/fuzz_consensus.c +++ b/src/test/fuzz/fuzz_consensus.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define SIGCOMMON_PRIVATE #include "core/or/or.h" diff --git a/src/test/fuzz/fuzz_descriptor.c b/src/test/fuzz/fuzz_descriptor.c index eb4d4d507f..db1e921995 100644 --- a/src/test/fuzz/fuzz_descriptor.c +++ b/src/test/fuzz/fuzz_descriptor.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define SIGCOMMON_PRIVATE #include "core/or/or.h" diff --git a/src/test/fuzz/fuzz_diff.c b/src/test/fuzz/fuzz_diff.c index 9cd2116245..9b9b1c706f 100644 --- a/src/test/fuzz/fuzz_diff.c +++ b/src/test/fuzz/fuzz_diff.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONSDIFF_PRIVATE diff --git a/src/test/fuzz/fuzz_diff_apply.c b/src/test/fuzz/fuzz_diff_apply.c index a819c73338..f145bd2625 100644 --- a/src/test/fuzz/fuzz_diff_apply.c +++ b/src/test/fuzz/fuzz_diff_apply.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONSDIFF_PRIVATE diff --git a/src/test/fuzz/fuzz_extrainfo.c b/src/test/fuzz/fuzz_extrainfo.c index ad21254e3e..0cdc3d7ebf 100644 --- a/src/test/fuzz/fuzz_extrainfo.c +++ b/src/test/fuzz/fuzz_extrainfo.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define SIGCOMMON_PRIVATE #include "core/or/or.h" diff --git a/src/test/fuzz/fuzz_hsdescv2.c b/src/test/fuzz/fuzz_hsdescv2.c deleted file mode 100644 index 81d9e5f00e..0000000000 --- a/src/test/fuzz/fuzz_hsdescv2.c +++ /dev/null @@ -1,52 +0,0 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ -#include "core/or/or.h" -#include "feature/dirparse/unparseable.h" -#include "feature/rend/rendcommon.h" -#include "feature/rend/rendparse.h" -#include "lib/crypt_ops/crypto_ed25519.h" -#include "test/fuzz/fuzzing.h" - -static void -mock_dump_desc__nodump(const char *desc, const char *type) -{ - (void)desc; - (void)type; -} - -int -fuzz_init(void) -{ - disable_signature_checking(); - MOCK(dump_desc, mock_dump_desc__nodump); - ed25519_init(); - return 0; -} - -int -fuzz_cleanup(void) -{ - return 0; -} - -int -fuzz_main(const uint8_t *data, size_t sz) -{ - rend_service_descriptor_t *desc = NULL; - char desc_id[64]; - char *ipts = NULL; - size_t ipts_size, esize; - const char *next; - char *str = tor_memdup_nulterm(data, sz); - (void) rend_parse_v2_service_descriptor(&desc, desc_id, &ipts, &ipts_size, - &esize, &next, str, 1); - if (desc) { - log_debug(LD_GENERAL, "Parsing okay"); - rend_service_descriptor_free(desc); - } else { - log_debug(LD_GENERAL, "Parsing failed"); - } - tor_free(ipts); - tor_free(str); - return 0; -} diff --git a/src/test/fuzz/fuzz_hsdescv3.c b/src/test/fuzz/fuzz_hsdescv3.c index 8d7eab1a8d..73e509469a 100644 --- a/src/test/fuzz/fuzz_hsdescv3.c +++ b/src/test/fuzz/fuzz_hsdescv3.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define HS_DESCRIPTOR_PRIVATE diff --git a/src/test/fuzz/fuzz_hsdescv3_inner.c b/src/test/fuzz/fuzz_hsdescv3_inner.c new file mode 100644 index 0000000000..5aa719f5c3 --- /dev/null +++ b/src/test/fuzz/fuzz_hsdescv3_inner.c @@ -0,0 +1,119 @@ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#define HS_DESCRIPTOR_PRIVATE + +#include "core/or/or.h" +#include "trunnel/ed25519_cert.h" /* Trunnel interface. */ +#include "lib/crypt_ops/crypto_ed25519.h" +#include "feature/hs/hs_descriptor.h" +#include "feature/dirparse/unparseable.h" + +#include "test/fuzz/fuzzing.h" + +static void +mock_dump_desc__nodump(const char *desc, const char *type) +{ + (void)desc; + (void)type; +} + +static int +mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert, + const size_t crosscert_len, + const crypto_pk_t *rsa_id_key, + const ed25519_public_key_t *master_key, + const time_t reject_if_expired_before) +{ + (void) crosscert; + (void) crosscert_len; + (void) rsa_id_key; + (void) master_key; + (void) reject_if_expired_before; + return 0; +} + +static size_t +mock_decrypt_desc_layer(const hs_descriptor_t *desc, + const uint8_t *descriptor_cookie, + bool is_superencrypted_layer, + char **decrypted_out) +{ + (void)is_superencrypted_layer; + (void)desc; + (void)descriptor_cookie; + const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN; + const uint8_t *encrypted_blob = (is_superencrypted_layer) + ? desc->plaintext_data.superencrypted_blob + : desc->superencrypted_data.encrypted_blob; + size_t encrypted_blob_size = (is_superencrypted_layer) + ? desc->plaintext_data.superencrypted_blob_size + : desc->superencrypted_data.encrypted_blob_size; + + if (encrypted_blob_size < overhead) + return 0; + *decrypted_out = tor_memdup_nulterm( + encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN, + encrypted_blob_size - overhead); + size_t result = strlen(*decrypted_out); + if (result) { + return result; + } else { + tor_free(*decrypted_out); + return 0; + } +} + +static const uint8_t *decrypted_data = NULL; +static size_t decrypted_len = 0; +static size_t +mock_desc_decrypt_encrypted(const hs_descriptor_t *desc, + const curve25519_secret_key_t *client_auth_sk, + char **decrypted_out) +{ + (void)desc; + (void)client_auth_sk; + *decrypted_out = (char*)tor_memdup_nulterm(decrypted_data, decrypted_len); + return decrypted_len; +} + +int +fuzz_init(void) +{ + disable_signature_checking(); + MOCK(dump_desc, mock_dump_desc__nodump); + MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check); + MOCK(decrypt_desc_layer, mock_decrypt_desc_layer); + MOCK(desc_decrypt_encrypted, mock_desc_decrypt_encrypted); + ed25519_init(); + return 0; +} + +int +fuzz_cleanup(void) +{ + return 0; +} + +int +fuzz_main(const uint8_t *data, size_t sz) +{ + decrypted_data = data; + decrypted_len = sz; + + hs_descriptor_t *desc = tor_malloc_zero(sizeof(hs_descriptor_t)); + hs_desc_encrypted_data_t *output = tor_malloc_zero(sizeof(*output)); + curve25519_secret_key_t *client_auth_sk = NULL; + hs_desc_decode_status_t status; + + status = desc_decode_encrypted_v3(desc, client_auth_sk, output); + if (status == HS_DESC_DECODE_OK) { + log_debug(LD_GENERAL, "Decoding okay"); + } else { + log_debug(LD_GENERAL, "Decoding failed"); + } + + hs_descriptor_free(desc); + hs_desc_encrypted_data_free(output); + return 0; +} diff --git a/src/test/fuzz/fuzz_hsdescv3_middle.c b/src/test/fuzz/fuzz_hsdescv3_middle.c new file mode 100644 index 0000000000..66a9d52cf3 --- /dev/null +++ b/src/test/fuzz/fuzz_hsdescv3_middle.c @@ -0,0 +1,116 @@ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#define HS_DESCRIPTOR_PRIVATE + +#include "core/or/or.h" +#include "trunnel/ed25519_cert.h" /* Trunnel interface. */ +#include "lib/crypt_ops/crypto_ed25519.h" +#include "feature/hs/hs_descriptor.h" +#include "feature/dirparse/unparseable.h" + +#include "test/fuzz/fuzzing.h" + +static void +mock_dump_desc__nodump(const char *desc, const char *type) +{ + (void)desc; + (void)type; +} + +static int +mock_rsa_ed25519_crosscert_check(const uint8_t *crosscert, + const size_t crosscert_len, + const crypto_pk_t *rsa_id_key, + const ed25519_public_key_t *master_key, + const time_t reject_if_expired_before) +{ + (void) crosscert; + (void) crosscert_len; + (void) rsa_id_key; + (void) master_key; + (void) reject_if_expired_before; + return 0; +} + +static size_t +mock_decrypt_desc_layer(const hs_descriptor_t *desc, + const uint8_t *descriptor_cookie, + bool is_superencrypted_layer, + char **decrypted_out) +{ + (void)is_superencrypted_layer; + (void)desc; + (void)descriptor_cookie; + const size_t overhead = HS_DESC_ENCRYPTED_SALT_LEN + DIGEST256_LEN; + const uint8_t *encrypted_blob = (is_superencrypted_layer) + ? desc->plaintext_data.superencrypted_blob + : desc->superencrypted_data.encrypted_blob; + size_t encrypted_blob_size = (is_superencrypted_layer) + ? desc->plaintext_data.superencrypted_blob_size + : desc->superencrypted_data.encrypted_blob_size; + + if (encrypted_blob_size < overhead) + return 0; + *decrypted_out = tor_memdup_nulterm( + encrypted_blob + HS_DESC_ENCRYPTED_SALT_LEN, + encrypted_blob_size - overhead); + size_t result = strlen(*decrypted_out); + if (result) { + return result; + } else { + tor_free(*decrypted_out); + return 0; + } +} + +static const uint8_t *decrypted_data = NULL; +static size_t decrypted_len = 0; +static size_t +mock_desc_decrypt_superencrypted(const hs_descriptor_t *desc, + char **decrypted_out) +{ + (void)desc; + *decrypted_out = (char*)tor_memdup_nulterm(decrypted_data, decrypted_len); + return decrypted_len; +} + +int +fuzz_init(void) +{ + disable_signature_checking(); + MOCK(dump_desc, mock_dump_desc__nodump); + MOCK(rsa_ed25519_crosscert_check, mock_rsa_ed25519_crosscert_check); + MOCK(decrypt_desc_layer, mock_decrypt_desc_layer); + MOCK(desc_decrypt_superencrypted, mock_desc_decrypt_superencrypted); + ed25519_init(); + return 0; +} + +int +fuzz_cleanup(void) +{ + return 0; +} + +int +fuzz_main(const uint8_t *data, size_t sz) +{ + decrypted_data = data; + decrypted_len = sz; + + hs_descriptor_t *desc = tor_malloc_zero(sizeof(hs_descriptor_t)); + hs_desc_superencrypted_data_t *output = tor_malloc_zero(sizeof(*output)); + hs_desc_decode_status_t status; + + status = desc_decode_superencrypted_v3(desc, output); + if (status == HS_DESC_DECODE_OK) { + log_debug(LD_GENERAL, "Decoding okay"); + } else { + log_debug(LD_GENERAL, "Decoding failed"); + } + + hs_descriptor_free(desc); + hs_desc_superencrypted_data_free(output); + return 0; +} diff --git a/src/test/fuzz/fuzz_http.c b/src/test/fuzz/fuzz_http.c index a4fd182f1e..cf5e995ef3 100644 --- a/src/test/fuzz/fuzz_http.c +++ b/src/test/fuzz/fuzz_http.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/fuzz/fuzz_http_connect.c b/src/test/fuzz/fuzz_http_connect.c index 9e5a48ba4d..c71ccb5c1e 100644 --- a/src/test/fuzz/fuzz_http_connect.c +++ b/src/test/fuzz/fuzz_http_connect.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/fuzz/fuzz_iptsv2.c b/src/test/fuzz/fuzz_iptsv2.c index bc51ffcdb8..259be437f0 100644 --- a/src/test/fuzz/fuzz_iptsv2.c +++ b/src/test/fuzz/fuzz_iptsv2.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/fuzz/fuzz_microdesc.c b/src/test/fuzz/fuzz_microdesc.c index 3fc709183b..d77f137b2b 100644 --- a/src/test/fuzz/fuzz_microdesc.c +++ b/src/test/fuzz/fuzz_microdesc.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/fuzz/fuzz_socks.c b/src/test/fuzz/fuzz_socks.c index 4e7cb4d48d..eeb989994d 100644 --- a/src/test/fuzz/fuzz_socks.c +++ b/src/test/fuzz/fuzz_socks.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/fuzz/fuzz_strops.c b/src/test/fuzz/fuzz_strops.c index 05d9101e72..02a74d1d8c 100644 --- a/src/test/fuzz/fuzz_strops.c +++ b/src/test/fuzz/fuzz_strops.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/fuzz/fuzz_vrs.c b/src/test/fuzz/fuzz_vrs.c index d6e88e59e7..e1bb28801a 100644 --- a/src/test/fuzz/fuzz_vrs.c +++ b/src/test/fuzz/fuzz_vrs.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define NS_PARSE_PRIVATE #define NETWORKSTATUS_PRIVATE diff --git a/src/test/fuzz/fuzzing.h b/src/test/fuzz/fuzzing.h index 6cbcdc41ad..b9bec84ce4 100644 --- a/src/test/fuzz/fuzzing.h +++ b/src/test/fuzz/fuzzing.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef FUZZING_H #define FUZZING_H diff --git a/src/test/fuzz/fuzzing_common.c b/src/test/fuzz/fuzzing_common.c index d9719074ad..d64d20e0ba 100644 --- a/src/test/fuzz/fuzzing_common.c +++ b/src/test/fuzz/fuzzing_common.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CRYPTO_ED25519_PRIVATE #define CONFIG_PRIVATE diff --git a/src/test/fuzz/include.am b/src/test/fuzz/include.am index ef952c3812..9fece7d004 100644 --- a/src/test/fuzz/include.am +++ b/src/test/fuzz/include.am @@ -8,7 +8,6 @@ FUZZING_LDFLAG = \ @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) @TOR_LDFLAGS_libevent@ FUZZING_LIBS = \ src/test/libtor-testing.a \ - $(rust_ldadd) \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \ @TOR_LIBEVENT_LIBS@ $(TOR_LIBS_CRYPTLIB) \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@ \ @@ -23,17 +22,36 @@ oss-fuzz-prereqs: \ noinst_HEADERS += \ src/test/fuzz/fuzzing.h -LIBFUZZER = -lFuzzer LIBFUZZER_CPPFLAGS = $(FUZZING_CPPFLAGS) -DLLVM_FUZZ LIBFUZZER_CFLAGS = $(FUZZING_CFLAGS) -LIBFUZZER_LDFLAG = $(FUZZING_LDFLAG) -LIBFUZZER_LIBS = $(FUZZING_LIBS) $(LIBFUZZER) -lstdc++ +LIBFUZZER_LDFLAG = $(FUZZING_LDFLAG) -fsanitize=fuzzer +LIBFUZZER_LIBS = $(FUZZING_LIBS) -lstdc++ LIBOSS_FUZZ_CPPFLAGS = $(FUZZING_CPPFLAGS) -DLLVM_FUZZ LIBOSS_FUZZ_CFLAGS = $(FUZZING_CFLAGS) # ===== AFL fuzzers if UNITTESTS_ENABLED +src_test_fuzz_fuzz_address_SOURCES = \ + src/test/fuzz/fuzzing_common.c \ + src/test/fuzz/fuzz_address.c +src_test_fuzz_fuzz_address_CPPFLAGS = $(FUZZING_CPPFLAGS) +src_test_fuzz_fuzz_address_CFLAGS = $(FUZZING_CFLAGS) +src_test_fuzz_fuzz_address_LDFLAGS = $(FUZZING_LDFLAG) +src_test_fuzz_fuzz_address_LDADD = $(FUZZING_LIBS) +endif + +if UNITTESTS_ENABLED +src_test_fuzz_fuzz_addressPTR_SOURCES = \ + src/test/fuzz/fuzzing_common.c \ + src/test/fuzz/fuzz_addressPTR.c +src_test_fuzz_fuzz_addressPTR_CPPFLAGS = $(FUZZING_CPPFLAGS) +src_test_fuzz_fuzz_addressPTR_CFLAGS = $(FUZZING_CFLAGS) +src_test_fuzz_fuzz_addressPTR_LDFLAGS = $(FUZZING_LDFLAG) +src_test_fuzz_fuzz_addressPTR_LDADD = $(FUZZING_LIBS) +endif + +if UNITTESTS_ENABLED src_test_fuzz_fuzz_consensus_SOURCES = \ src/test/fuzz/fuzzing_common.c \ src/test/fuzz/fuzz_consensus.c @@ -84,16 +102,6 @@ src_test_fuzz_fuzz_extrainfo_LDADD = $(FUZZING_LIBS) endif if UNITTESTS_ENABLED -src_test_fuzz_fuzz_hsdescv2_SOURCES = \ - src/test/fuzz/fuzzing_common.c \ - src/test/fuzz/fuzz_hsdescv2.c -src_test_fuzz_fuzz_hsdescv2_CPPFLAGS = $(FUZZING_CPPFLAGS) -src_test_fuzz_fuzz_hsdescv2_CFLAGS = $(FUZZING_CFLAGS) -src_test_fuzz_fuzz_hsdescv2_LDFLAGS = $(FUZZING_LDFLAG) -src_test_fuzz_fuzz_hsdescv2_LDADD = $(FUZZING_LIBS) -endif - -if UNITTESTS_ENABLED src_test_fuzz_fuzz_hsdescv3_SOURCES = \ src/test/fuzz/fuzzing_common.c \ src/test/fuzz/fuzz_hsdescv3.c @@ -104,6 +112,28 @@ src_test_fuzz_fuzz_hsdescv3_LDADD = $(FUZZING_LIBS) endif if UNITTESTS_ENABLED +src_test_fuzz_fuzz_hsdescv3_inner_SOURCES = \ + src/test/fuzz/fuzzing_common.c \ + src/test/fuzz/fuzz_hsdescv3_inner.c +src_test_fuzz_fuzz_hsdescv3_inner_CPPFLAGS = $(FUZZING_CPPFLAGS) +src_test_fuzz_fuzz_hsdescv3_inner_CFLAGS = $(FUZZING_CFLAGS) +src_test_fuzz_fuzz_hsdescv3_inner_LDFLAGS = $(FUZZING_LDFLAG) +src_test_fuzz_fuzz_hsdescv3_inner_LDADD = $(FUZZING_LIBS) +endif + + +if UNITTESTS_ENABLED +src_test_fuzz_fuzz_hsdescv3_middle_SOURCES = \ + src/test/fuzz/fuzzing_common.c \ + src/test/fuzz/fuzz_hsdescv3_middle.c +src_test_fuzz_fuzz_hsdescv3_middle_CPPFLAGS = $(FUZZING_CPPFLAGS) +src_test_fuzz_fuzz_hsdescv3_middle_CFLAGS = $(FUZZING_CFLAGS) +src_test_fuzz_fuzz_hsdescv3_middle_LDFLAGS = $(FUZZING_LDFLAG) +src_test_fuzz_fuzz_hsdescv3_middle_LDADD = $(FUZZING_LIBS) +endif + + +if UNITTESTS_ENABLED src_test_fuzz_fuzz_http_SOURCES = \ src/test/fuzz/fuzzing_common.c \ src/test/fuzz/fuzz_http.c @@ -124,16 +154,6 @@ src_test_fuzz_fuzz_http_connect_LDADD = $(FUZZING_LIBS) endif if UNITTESTS_ENABLED -src_test_fuzz_fuzz_iptsv2_SOURCES = \ - src/test/fuzz/fuzzing_common.c \ - src/test/fuzz/fuzz_iptsv2.c -src_test_fuzz_fuzz_iptsv2_CPPFLAGS = $(FUZZING_CPPFLAGS) -src_test_fuzz_fuzz_iptsv2_CFLAGS = $(FUZZING_CFLAGS) -src_test_fuzz_fuzz_iptsv2_LDFLAGS = $(FUZZING_LDFLAG) -src_test_fuzz_fuzz_iptsv2_LDADD = $(FUZZING_LIBS) -endif - -if UNITTESTS_ENABLED src_test_fuzz_fuzz_microdesc_SOURCES = \ src/test/fuzz/fuzzing_common.c \ src/test/fuzz/fuzz_microdesc.c @@ -175,16 +195,18 @@ endif if UNITTESTS_ENABLED FUZZERS = \ + src/test/fuzz/fuzz-address \ + src/test/fuzz/fuzz-addressPTR \ src/test/fuzz/fuzz-consensus \ src/test/fuzz/fuzz-descriptor \ src/test/fuzz/fuzz-diff \ src/test/fuzz/fuzz-diff-apply \ src/test/fuzz/fuzz-extrainfo \ - src/test/fuzz/fuzz-hsdescv2 \ src/test/fuzz/fuzz-hsdescv3 \ + src/test/fuzz/fuzz-hsdescv3-inner \ + src/test/fuzz/fuzz-hsdescv3-middle \ src/test/fuzz/fuzz-http \ src/test/fuzz/fuzz-http-connect \ - src/test/fuzz/fuzz-iptsv2 \ src/test/fuzz/fuzz-microdesc \ src/test/fuzz/fuzz-socks \ src/test/fuzz/fuzz-strops \ @@ -195,6 +217,24 @@ endif if LIBFUZZER_ENABLED if UNITTESTS_ENABLED +src_test_fuzz_lf_fuzz_address_SOURCES = \ + $(src_test_fuzz_fuzz_address_SOURCES) +src_test_fuzz_lf_fuzz_address_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) +src_test_fuzz_lf_fuzz_address_CFLAGS = $(LIBFUZZER_CFLAGS) +src_test_fuzz_lf_fuzz_address_LDFLAGS = $(LIBFUZZER_LDFLAG) +src_test_fuzz_lf_fuzz_address_LDADD = $(LIBFUZZER_LIBS) +endif + +if UNITTESTS_ENABLED +src_test_fuzz_lf_fuzz_addressPTR_SOURCES = \ + $(src_test_fuzz_fuzz_addressPTR_SOURCES) +src_test_fuzz_lf_fuzz_addressPTR_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) +src_test_fuzz_lf_fuzz_addressPTR_CFLAGS = $(LIBFUZZER_CFLAGS) +src_test_fuzz_lf_fuzz_addressPTR_LDFLAGS = $(LIBFUZZER_LDFLAG) +src_test_fuzz_lf_fuzz_addressPTR_LDADD = $(LIBFUZZER_LIBS) +endif + +if UNITTESTS_ENABLED src_test_fuzz_lf_fuzz_consensus_SOURCES = \ $(src_test_fuzz_fuzz_consensus_SOURCES) src_test_fuzz_lf_fuzz_consensus_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) @@ -240,15 +280,6 @@ src_test_fuzz_lf_fuzz_extrainfo_LDADD = $(LIBFUZZER_LIBS) endif if UNITTESTS_ENABLED -src_test_fuzz_lf_fuzz_hsdescv2_SOURCES = \ - $(src_test_fuzz_fuzz_hsdescv2_SOURCES) -src_test_fuzz_lf_fuzz_hsdescv2_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) -src_test_fuzz_lf_fuzz_hsdescv2_CFLAGS = $(LIBFUZZER_CFLAGS) -src_test_fuzz_lf_fuzz_hsdescv2_LDFLAGS = $(LIBFUZZER_LDFLAG) -src_test_fuzz_lf_fuzz_hsdescv2_LDADD = $(LIBFUZZER_LIBS) -endif - -if UNITTESTS_ENABLED src_test_fuzz_lf_fuzz_hsdescv3_SOURCES = \ $(src_test_fuzz_fuzz_hsdescv3_SOURCES) src_test_fuzz_lf_fuzz_hsdescv3_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) @@ -258,6 +289,25 @@ src_test_fuzz_lf_fuzz_hsdescv3_LDADD = $(LIBFUZZER_LIBS) endif if UNITTESTS_ENABLED +src_test_fuzz_lf_fuzz_hsdescv3_inner_SOURCES = \ + $(src_test_fuzz_fuzz_hsdescv3_inner_SOURCES) +src_test_fuzz_lf_fuzz_hsdescv3_inner_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) +src_test_fuzz_lf_fuzz_hsdescv3_inner_CFLAGS = $(LIBFUZZER_CFLAGS) +src_test_fuzz_lf_fuzz_hsdescv3_inner_LDFLAGS = $(LIBFUZZER_LDFLAG) +src_test_fuzz_lf_fuzz_hsdescv3_inner_LDADD = $(LIBFUZZER_LIBS) +endif + +if UNITTESTS_ENABLED +src_test_fuzz_lf_fuzz_hsdescv3_middle_SOURCES = \ + $(src_test_fuzz_fuzz_hsdescv3_middle_SOURCES) +src_test_fuzz_lf_fuzz_hsdescv3_middle_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) +src_test_fuzz_lf_fuzz_hsdescv3_middle_CFLAGS = $(LIBFUZZER_CFLAGS) +src_test_fuzz_lf_fuzz_hsdescv3_middle_LDFLAGS = $(LIBFUZZER_LDFLAG) +src_test_fuzz_lf_fuzz_hsdescv3_middle_LDADD = $(LIBFUZZER_LIBS) +endif + + +if UNITTESTS_ENABLED src_test_fuzz_lf_fuzz_http_SOURCES = \ $(src_test_fuzz_fuzz_http_SOURCES) src_test_fuzz_lf_fuzz_http_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) @@ -276,15 +326,6 @@ src_test_fuzz_lf_fuzz_http_connect_LDADD = $(LIBFUZZER_LIBS) endif if UNITTESTS_ENABLED -src_test_fuzz_lf_fuzz_iptsv2_SOURCES = \ - $(src_test_fuzz_fuzz_iptsv2_SOURCES) -src_test_fuzz_lf_fuzz_iptsv2_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) -src_test_fuzz_lf_fuzz_iptsv2_CFLAGS = $(LIBFUZZER_CFLAGS) -src_test_fuzz_lf_fuzz_iptsv2_LDFLAGS = $(LIBFUZZER_LDFLAG) -src_test_fuzz_lf_fuzz_iptsv2_LDADD = $(LIBFUZZER_LIBS) -endif - -if UNITTESTS_ENABLED src_test_fuzz_lf_fuzz_microdesc_SOURCES = \ $(src_test_fuzz_fuzz_microdesc_SOURCES) src_test_fuzz_lf_fuzz_microdesc_CPPFLAGS = $(LIBFUZZER_CPPFLAGS) @@ -321,16 +362,18 @@ src_test_fuzz_lf_fuzz_vrs_LDADD = $(LIBFUZZER_LIBS) endif LIBFUZZER_FUZZERS = \ + src/test/fuzz/lf-fuzz-address \ + src/test/fuzz/lf-fuzz-addressPTR \ src/test/fuzz/lf-fuzz-consensus \ src/test/fuzz/lf-fuzz-descriptor \ src/test/fuzz/lf-fuzz-diff \ src/test/fuzz/lf-fuzz-diff-apply \ src/test/fuzz/lf-fuzz-extrainfo \ - src/test/fuzz/lf-fuzz-hsdescv2 \ src/test/fuzz/lf-fuzz-hsdescv3 \ + src/test/fuzz/lf-fuzz-hsdescv3-inner \ + src/test/fuzz/lf-fuzz-hsdescv3-middle \ src/test/fuzz/lf-fuzz-http \ src/test/fuzz/lf-fuzz-http-connect \ - src/test/fuzz/lf-fuzz-iptsv2 \ src/test/fuzz/lf-fuzz-microdesc \ src/test/fuzz/lf-fuzz-socks \ src/test/fuzz/lf-fuzz-strops \ @@ -344,6 +387,20 @@ endif if OSS_FUZZ_ENABLED if UNITTESTS_ENABLED +src_test_fuzz_liboss_fuzz_address_a_SOURCES = \ + $(src_test_fuzz_fuzz_address_SOURCES) +src_test_fuzz_liboss_fuzz_address_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) +src_test_fuzz_liboss_fuzz_address_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) +endif + +if UNITTESTS_ENABLED +src_test_fuzz_liboss_fuzz_addressPTR_a_SOURCES = \ + $(src_test_fuzz_fuzz_addressPTR_SOURCES) +src_test_fuzz_liboss_fuzz_addressPTR_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) +src_test_fuzz_liboss_fuzz_addressPTR_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) +endif + +if UNITTESTS_ENABLED src_test_fuzz_liboss_fuzz_consensus_a_SOURCES = \ $(src_test_fuzz_fuzz_consensus_SOURCES) src_test_fuzz_liboss_fuzz_consensus_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) @@ -379,13 +436,6 @@ src_test_fuzz_liboss_fuzz_extrainfo_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) endif if UNITTESTS_ENABLED -src_test_fuzz_liboss_fuzz_hsdescv2_a_SOURCES = \ - $(src_test_fuzz_fuzz_hsdescv2_SOURCES) -src_test_fuzz_liboss_fuzz_hsdescv2_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) -src_test_fuzz_liboss_fuzz_hsdescv2_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) -endif - -if UNITTESTS_ENABLED src_test_fuzz_liboss_fuzz_hsdescv3_a_SOURCES = \ $(src_test_fuzz_fuzz_hsdescv3_SOURCES) src_test_fuzz_liboss_fuzz_hsdescv3_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) @@ -393,6 +443,20 @@ src_test_fuzz_liboss_fuzz_hsdescv3_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) endif if UNITTESTS_ENABLED +src_test_fuzz_liboss_fuzz_hsdescv3_inner_a_SOURCES = \ + $(src_test_fuzz_fuzz_hsdescv3_inner_SOURCES) +src_test_fuzz_liboss_fuzz_hsdescv3_inner_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) +src_test_fuzz_liboss_fuzz_hsdescv3_inner_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) +endif + +if UNITTESTS_ENABLED +src_test_fuzz_liboss_fuzz_hsdescv3_middle_a_SOURCES = \ + $(src_test_fuzz_fuzz_hsdescv3_middle_SOURCES) +src_test_fuzz_liboss_fuzz_hsdescv3_middle_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) +src_test_fuzz_liboss_fuzz_hsdescv3_middle_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) +endif + +if UNITTESTS_ENABLED src_test_fuzz_liboss_fuzz_http_a_SOURCES = \ $(src_test_fuzz_fuzz_http_SOURCES) src_test_fuzz_liboss_fuzz_http_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) @@ -407,13 +471,6 @@ src_test_fuzz_liboss_fuzz_http_connect_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) endif if UNITTESTS_ENABLED -src_test_fuzz_liboss_fuzz_iptsv2_a_SOURCES = \ - $(src_test_fuzz_fuzz_iptsv2_SOURCES) -src_test_fuzz_liboss_fuzz_iptsv2_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) -src_test_fuzz_liboss_fuzz_iptsv2_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) -endif - -if UNITTESTS_ENABLED src_test_fuzz_liboss_fuzz_microdesc_a_SOURCES = \ $(src_test_fuzz_fuzz_microdesc_SOURCES) src_test_fuzz_liboss_fuzz_microdesc_a_CPPFLAGS = $(LIBOSS_FUZZ_CPPFLAGS) @@ -442,16 +499,18 @@ src_test_fuzz_liboss_fuzz_vrs_a_CFLAGS = $(LIBOSS_FUZZ_CFLAGS) endif OSS_FUZZ_FUZZERS = \ + src/test/fuzz/liboss-fuzz-address.a \ + src/test/fuzz/liboss-fuzz-addressPTR.a \ src/test/fuzz/liboss-fuzz-consensus.a \ src/test/fuzz/liboss-fuzz-descriptor.a \ src/test/fuzz/liboss-fuzz-diff.a \ src/test/fuzz/liboss-fuzz-diff-apply.a \ src/test/fuzz/liboss-fuzz-extrainfo.a \ - src/test/fuzz/liboss-fuzz-hsdescv2.a \ src/test/fuzz/liboss-fuzz-hsdescv3.a \ + src/test/fuzz/liboss-fuzz-hsdescv3-inner.a \ + src/test/fuzz/liboss-fuzz-hsdescv3-middle.a \ src/test/fuzz/liboss-fuzz-http.a \ src/test/fuzz/liboss-fuzz-http-connect.a \ - src/test/fuzz/liboss-fuzz-iptsv2.a \ src/test/fuzz/liboss-fuzz-microdesc.a \ src/test/fuzz/liboss-fuzz-socks.a \ src/test/fuzz/liboss-fuzz-strops.a \ diff --git a/src/test/hs_build_address.py b/src/test/hs_build_address.py index 91864eabcb..216b7626bf 100644 --- a/src/test/hs_build_address.py +++ b/src/test/hs_build_address.py @@ -10,17 +10,21 @@ import base64 # Python 3.6+, the SHA3 is available in hashlib natively. Else this requires # the pysha3 package (pip install pysha3). +TEST_INPUT = b"Hello World" if sys.version_info < (3, 6): import sha3 + m = sha3.sha3_256(TEST_INPUT) +else: + m = hashlib.sha3_256(TEST_INPUT) # Test vector to make sure the right sha3 version will be used. pysha3 < 1.0 # used the old Keccak implementation. During the finalization of SHA3, NIST # changed the delimiter suffix from 0x01 to 0x06. The Keccak sponge function # stayed the same. pysha3 1.0 provides the previous Keccak hash, too. TEST_VALUE = "e167f68d6563d75bb25f3aa49c29ef612d41352dc00606de7cbd630bb2665f51" -if TEST_VALUE != sha3.sha3_256(b"Hello World").hexdigest(): +if TEST_VALUE != m.hexdigest(): print("pysha3 version is < 1.0. Please install from:") - print("https://github.com/tiran/pysha3https://github.com/tiran/pysha3") + print("https://github.com/tiran/pysha3") sys.exit(1) # Checksum is built like so: @@ -28,7 +32,11 @@ if TEST_VALUE != sha3.sha3_256(b"Hello World").hexdigest(): PREFIX = ".onion checksum".encode() # 32 bytes ed25519 pubkey from first test vector of # https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02#section-6 -PUBKEY = "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a".decode('hex') +PUBKEY_STRING = "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a" +if sys.version_info < (3, 0): + PUBKEY = PUBKEY_STRING.decode('hex') +else: + PUBKEY = bytes.fromhex(PUBKEY_STRING) # Version 3 is proposal224 VERSION = 3 diff --git a/src/test/hs_test_helpers.c b/src/test/hs_test_helpers.c index e9aafa4760..20b225ba4a 100644 --- a/src/test/hs_test_helpers.c +++ b/src/test/hs_test_helpers.c @@ -1,9 +1,10 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define HS_CLIENT_PRIVATE #include "core/or/or.h" +#include "core/or/versions.h" #include "lib/crypt_ops/crypto_ed25519.h" #include "test/test.h" #include "feature/nodelist/torcert.h" @@ -134,7 +135,8 @@ hs_helper_build_intro_point(const ed25519_keypair_t *signing_kp, time_t now, * points are added. */ static hs_descriptor_t * hs_helper_build_hs_desc_impl(unsigned int no_ip, - const ed25519_keypair_t *signing_kp) + const ed25519_keypair_t *signing_kp, + uint64_t rev_counter) { int ret; int i; @@ -161,7 +163,7 @@ hs_helper_build_hs_desc_impl(unsigned int no_ip, &signing_kp->pubkey, now, 3600, CERT_FLAG_INCLUDE_SIGNING_KEY); tt_assert(desc->plaintext_data.signing_key_cert); - desc->plaintext_data.revision_counter = 42; + desc->plaintext_data.revision_counter = rev_counter; desc->plaintext_data.lifetime_sec = 3 * 60 * 60; hs_get_subcredential(&signing_kp->pubkey, &blinded_kp.pubkey, @@ -185,6 +187,7 @@ hs_helper_build_hs_desc_impl(unsigned int no_ip, desc->encrypted_data.create2_ntor = 1; desc->encrypted_data.intro_auth_types = smartlist_new(); desc->encrypted_data.single_onion_service = 1; + desc->encrypted_data.flow_control_pv = tor_strdup("FlowCtrl=1-2"); smartlist_add(desc->encrypted_data.intro_auth_types, tor_strdup("ed25519")); desc->encrypted_data.intro_points = smartlist_new(); if (!no_ip) { @@ -226,18 +229,26 @@ hs_helper_get_subcred_from_identity_keypair(ed25519_keypair_t *signing_kp, subcred_out); } +/* Build a descriptor with a specific rev counter. */ +hs_descriptor_t * +hs_helper_build_hs_desc_with_rev_counter(const ed25519_keypair_t *signing_kp, + uint64_t revision_counter) +{ + return hs_helper_build_hs_desc_impl(0, signing_kp, revision_counter); +} + /* Build a descriptor with introduction points. */ hs_descriptor_t * hs_helper_build_hs_desc_with_ip(const ed25519_keypair_t *signing_kp) { - return hs_helper_build_hs_desc_impl(0, signing_kp); + return hs_helper_build_hs_desc_impl(0, signing_kp, 42); } /* Build a descriptor without any introduction points. */ hs_descriptor_t * hs_helper_build_hs_desc_no_ip(const ed25519_keypair_t *signing_kp) { - return hs_helper_build_hs_desc_impl(1, signing_kp); + return hs_helper_build_hs_desc_impl(1, signing_kp, 42); } hs_descriptor_t * @@ -247,7 +258,7 @@ hs_helper_build_hs_desc_with_client_auth( const ed25519_keypair_t *signing_kp) { curve25519_keypair_t auth_ephemeral_kp; - hs_descriptor_t *desc = hs_helper_build_hs_desc_impl(0, signing_kp); + hs_descriptor_t *desc = hs_helper_build_hs_desc_impl(0, signing_kp, 42); hs_desc_authorized_client_t *desc_client; /* The number of client authorized auth has tobe a multiple of @@ -323,6 +334,10 @@ hs_helper_desc_equal(const hs_descriptor_t *desc1, /* Encrypted data section. */ tt_uint_op(desc1->encrypted_data.create2_ntor, OP_EQ, desc2->encrypted_data.create2_ntor); + tt_uint_op(desc1->encrypted_data.single_onion_service, OP_EQ, + desc2->encrypted_data.single_onion_service); + tt_str_op(desc1->encrypted_data.flow_control_pv, OP_EQ, + desc2->encrypted_data.flow_control_pv); /* Authentication type. */ tt_int_op(!!desc1->encrypted_data.intro_auth_types, OP_EQ, diff --git a/src/test/hs_test_helpers.h b/src/test/hs_test_helpers.h index 23d11f2a4a..ec9ee60116 100644 --- a/src/test/hs_test_helpers.h +++ b/src/test/hs_test_helpers.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_HS_TEST_HELPERS_H @@ -17,6 +17,10 @@ hs_descriptor_t *hs_helper_build_hs_desc_no_ip( const ed25519_keypair_t *signing_kp); hs_descriptor_t *hs_helper_build_hs_desc_with_ip( const ed25519_keypair_t *signing_kp); +hs_descriptor_t * +hs_helper_build_hs_desc_with_rev_counter(const ed25519_keypair_t *signing_kp, + uint64_t revision_counter); + hs_descriptor_t *hs_helper_build_hs_desc_with_client_auth( const uint8_t *descriptor_cookie, const curve25519_public_key_t *client_pk, diff --git a/src/test/include.am b/src/test/include.am index ba802e7b04..2765cf27d0 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -8,11 +8,7 @@ TESTS_ENVIRONMENT = \ export abs_top_builddir="$(abs_top_builddir)"; \ export builddir="$(builddir)"; \ export TESTING_TOR_BINARY="$(TESTING_TOR_BINARY)"; \ - export CARGO="$(CARGO)"; \ - export EXTRA_CARGO_OPTIONS="$(EXTRA_CARGO_OPTIONS)"; \ - export CARGO_ONLINE="$(CARGO_ONLINE)"; \ - export CCLD="$(CCLD)"; \ - export RUSTFLAGS="-C linker=`echo '$(CC)' | cut -d' ' -f 1` $(RUST_LINKER_OPTIONS)"; + export CCLD="$(CCLD)"; TESTSCRIPTS = \ src/test/fuzz_static_testcases.sh \ @@ -35,11 +31,6 @@ TESTSCRIPTS = \ src/test/unittest_part7.sh \ src/test/unittest_part8.sh -if USE_RUST -TESTSCRIPTS += \ - src/test/test_rust.sh -endif - if USEPYTHON TESTSCRIPTS += \ src/test/test_ntor.sh \ @@ -82,7 +73,8 @@ TEST_CHUTNEY_FLAVOR_QUICK_IPV6 = single-onion-v3-ipv6-md TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-v3-min single-onion-v3 # only run if we can ping ::1 (localhost) -TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-v3-ipv6 single-onion-v3-ipv6-md +TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-v3-ipv6 \ + single-onion-v3-ipv6-md # only run if we can find a stable (or simply another) version of tor TEST_CHUTNEY_FLAVORS_MIXED = mixed+hs-v3 @@ -129,7 +121,6 @@ src_test_test_SOURCES += \ src/test/log_test_helpers.c \ src/test/hs_test_helpers.c \ src/test/opts_test_helpers.c \ - src/test/rend_test_helpers.c \ src/test/resolve_test_helpers.c \ src/test/rng_test_helpers.c \ src/test/test.c \ @@ -170,6 +161,7 @@ src_test_test_SOURCES += \ src/test/test_crypto_rng.c \ src/test/test_data.c \ src/test/test_dir.c \ + src/test/test_dirauth_ports.c \ src/test/test_dirvote.c \ src/test/test_dir_common.c \ src/test/test_dir_handle_get.c \ @@ -180,7 +172,6 @@ src_test_test_SOURCES += \ src/test/test_geoip.c \ src/test/test_guardfraction.c \ src/test/test_extorport.c \ - src/test/test_hs.c \ src/test/test_hs_common.c \ src/test/test_hs_config.c \ src/test/test_hs_cell.c \ @@ -195,7 +186,6 @@ src_test_test_SOURCES += \ src/test/test_hs_descriptor.c \ src/test/test_hs_dos.c \ src/test/test_hs_metrics.c \ - src/test/test_introduce.c \ src/test/test_keypin.c \ src/test/test_link_handshake.c \ src/test/test_logging.c \ @@ -205,6 +195,7 @@ src_test_test_SOURCES += \ src/test/test_namemap.c \ src/test/test_netinfo.c \ src/test/test_nodelist.c \ + src/test/test_ntor_v3.c \ src/test/test_oom.c \ src/test/test_oos.c \ src/test/test_options.c \ @@ -226,12 +217,12 @@ src_test_test_SOURCES += \ src/test/test_relay.c \ src/test/test_relaycell.c \ src/test/test_relaycrypt.c \ - src/test/test_rendcache.c \ src/test/test_replay.c \ src/test/test_router.c \ src/test/test_routerkeys.c \ src/test/test_routerlist.c \ src/test/test_routerset.c \ + src/test/test_sandbox.c \ src/test/test_scheduler.c \ src/test/test_sendme.c \ src/test/test_shared_random.c \ @@ -306,7 +297,6 @@ src_test_test_switch_id_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) src_test_test_switch_id_LDFLAGS = @TOR_LDFLAGS_zlib@ src_test_test_switch_id_LDADD = \ $(TOR_UTIL_TESTING_LIBS) \ - $(rust_ldadd) \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_USERENV@ \ @TOR_LZMA_LIBS@ @TOR_ZSTD_LIBS@ @TOR_TRACE_LIBS@ @@ -314,7 +304,6 @@ src_test_test_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \ @TOR_LDFLAGS_libevent@ src_test_test_LDADD = \ src/test/libtor-testing.a \ - $(rust_ldadd) \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \ @CURVE25519_LIBS@ \ @@ -343,7 +332,6 @@ src_test_bench_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \ @TOR_LDFLAGS_libevent@ src_test_bench_LDADD = \ libtor.a \ - $(rust_ldadd) \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \ @CURVE25519_LIBS@ \ @@ -353,7 +341,6 @@ src_test_test_workqueue_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) \ @TOR_LDFLAGS_libevent@ src_test_test_workqueue_LDADD = \ src/test/libtor-testing.a \ - $(rust_ldadd) \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \ @CURVE25519_LIBS@ \ @@ -365,7 +352,6 @@ src_test_test_timers_LDADD = \ src/lib/libtor-evloop-testing.a \ $(TOR_CRYPTO_TESTING_LIBS) \ $(TOR_UTIL_TESTING_LIBS) \ - $(rust_ldadd) \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ @TOR_LIBEVENT_LIBS@ \ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \ @CURVE25519_LIBS@ \ @@ -379,7 +365,6 @@ noinst_HEADERS+= \ src/test/hs_test_helpers.h \ src/test/log_test_helpers.h \ src/test/opts_test_helpers.h \ - src/test/rend_test_helpers.h \ src/test/resolve_test_helpers.h \ src/test/rng_test_helpers.h \ src/test/test.h \ @@ -402,7 +387,6 @@ src_test_test_ntor_cl_SOURCES = src/test/test_ntor_cl.c src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) src_test_test_ntor_cl_LDADD = \ libtor.a \ - $(rust_ldadd) \ @TOR_ZLIB_LIBS@ @TOR_LIB_MATH@ \ $(TOR_LIBS_CRYPTLIB) @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \ @CURVE25519_LIBS@ @TOR_LZMA_LIBS@ @TOR_TRACE_LIBS@ @@ -425,7 +409,6 @@ noinst_PROGRAMS += src/test/test-bt-cl src_test_test_bt_cl_SOURCES = src/test/test_bt_cl.c src_test_test_bt_cl_LDADD = \ $(TOR_UTIL_TESTING_LIBS) \ - $(rust_ldadd) \ @TOR_LIB_MATH@ \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ \ @TOR_TRACE_LIBS@ @@ -447,13 +430,11 @@ EXTRA_DIST += \ src/test/test_include.py \ src/test/zero_length_keys.sh \ scripts/maint/run_check_subsystem_order.sh \ - src/test/rust_supp.txt \ src/test/test_keygen.sh \ src/test/test_key_expiration.sh \ src/test/test_zero_length_keys.sh \ src/test/test_ntor.sh src/test/test_hs_ntor.sh src/test/test_bt.sh \ src/test/test-network.sh \ - src/test/test_rust.sh \ src/test/test_switch_id.sh \ src/test/test_workqueue_cancel.sh \ src/test/test_workqueue_efd.sh \ @@ -471,6 +452,3 @@ EXTRA_DIST += \ src/test/unittest_part6.sh \ src/test/unittest_part7.sh \ src/test/unittest_part8.sh - -test-rust: - $(TESTS_ENVIRONMENT) "$(abs_top_srcdir)/src/test/test_rust.sh" diff --git a/src/test/log_test_helpers.c b/src/test/log_test_helpers.c index 5e60d6b282..8928f39634 100644 --- a/src/test/log_test_helpers.c +++ b/src/test/log_test_helpers.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ +/* Copyright (c) 2015-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define LOG_PRIVATE #include "lib/log/log.h" diff --git a/src/test/log_test_helpers.h b/src/test/log_test_helpers.h index c2d71c6bcd..e7de9b6015 100644 --- a/src/test/log_test_helpers.h +++ b/src/test/log_test_helpers.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/ntor_v3_ref.py b/src/test/ntor_v3_ref.py new file mode 100755 index 0000000000..28bc077105 --- /dev/null +++ b/src/test/ntor_v3_ref.py @@ -0,0 +1,308 @@ +#!/usr/bin/python + +import binascii +import hashlib +import os +import struct + +import donna25519 +from Crypto.Cipher import AES +from Crypto.Util import Counter + +# Define basic wrappers. + +DIGEST_LEN = 32 +ENC_KEY_LEN = 32 +PUB_KEY_LEN = 32 +SEC_KEY_LEN = 32 +IDENTITY_LEN = 32 + +def sha3_256(s): + d = hashlib.sha3_256(s).digest() + assert len(d) == DIGEST_LEN + return d + +def shake_256(s): + # Note: In reality, you wouldn't want to generate more bytes than needed. + MAX_KEY_BYTES = 1024 + return hashlib.shake_256(s).digest(MAX_KEY_BYTES) + +def curve25519(pk, sk): + assert len(pk) == PUB_KEY_LEN + assert len(sk) == SEC_KEY_LEN + private = donna25519.PrivateKey.load(sk) + public = donna25519.PublicKey(pk) + return private.do_exchange(public) + +def keygen(): + private = donna25519.PrivateKey() + public = private.get_public() + return (private.private, public.public) + +def aes256_ctr(k, s): + assert len(k) == ENC_KEY_LEN + cipher = AES.new(k, AES.MODE_CTR, counter=Counter.new(128, initial_value=0)) + return cipher.encrypt(s) + +# Byte-oriented helper. We use this for decoding keystreams and messages. + +class ByteSeq: + def __init__(self, data): + self.data = data + + def take(self, n): + assert n <= len(self.data) + result = self.data[:n] + self.data = self.data[n:] + return result + + def exhausted(self): + return len(self.data) == 0 + + def remaining(self): + return len(self.data) + +# Low-level functions + +MAC_KEY_LEN = 32 +MAC_LEN = DIGEST_LEN + +hash_func = sha3_256 + +def encapsulate(s): + """encapsulate `s` with a length prefix. + + We use this whenever we need to avoid message ambiguities in + cryptographic inputs. + """ + assert len(s) <= 0xffffffff + header = b"\0\0\0\0" + struct.pack("!L", len(s)) + assert len(header) == 8 + return header + s + +def h(s, tweak): + return hash_func(encapsulate(tweak) + s) + +def mac(s, key, tweak): + return hash_func(encapsulate(tweak) + encapsulate(key) + s) + +def kdf(s, tweak): + data = shake_256(encapsulate(tweak) + s) + return ByteSeq(data) + +def enc(s, k): + return aes256_ctr(k, s) + +# Tweaked wrappers + +PROTOID = b"ntor3-curve25519-sha3_256-1" +T_KDF_PHASE1 = PROTOID + b":kdf_phase1" +T_MAC_PHASE1 = PROTOID + b":msg_mac" +T_KDF_FINAL = PROTOID + b":kdf_final" +T_KEY_SEED = PROTOID + b":key_seed" +T_VERIFY = PROTOID + b":verify" +T_AUTH = PROTOID + b":auth_final" + +def kdf_phase1(s): + return kdf(s, T_KDF_PHASE1) + +def kdf_final(s): + return kdf(s, T_KDF_FINAL) + +def mac_phase1(s, key): + return mac(s, key, T_MAC_PHASE1) + +def h_key_seed(s): + return h(s, T_KEY_SEED) + +def h_verify(s): + return h(s, T_VERIFY) + +def h_auth(s): + return h(s, T_AUTH) + +# Handshake. + +def client_phase1(msg, verification, B, ID): + assert len(B) == PUB_KEY_LEN + assert len(ID) == IDENTITY_LEN + + (x,X) = keygen() + p(["x", "X"], locals()) + p(["msg", "verification"], locals()) + Bx = curve25519(B, x) + secret_input_phase1 = Bx + ID + X + B + PROTOID + encapsulate(verification) + + phase1_keys = kdf_phase1(secret_input_phase1) + enc_key = phase1_keys.take(ENC_KEY_LEN) + mac_key = phase1_keys.take(MAC_KEY_LEN) + p(["enc_key", "mac_key"], locals()) + + msg_0 = ID + B + X + enc(msg, enc_key) + mac = mac_phase1(msg_0, mac_key) + p(["mac"], locals()) + + client_handshake = msg_0 + mac + state = dict(x=x, X=X, B=B, ID=ID, Bx=Bx, mac=mac, verification=verification) + + p(["client_handshake"], locals()) + + return (client_handshake, state) + +# server. + +class Reject(Exception): + pass + +def server_part1(cmsg, verification, b, B, ID): + assert len(B) == PUB_KEY_LEN + assert len(ID) == IDENTITY_LEN + assert len(b) == SEC_KEY_LEN + + if len(cmsg) < (IDENTITY_LEN + PUB_KEY_LEN * 2 + MAC_LEN): + raise Reject() + + mac_covered_portion = cmsg[0:-MAC_LEN] + cmsg = ByteSeq(cmsg) + cmsg_id = cmsg.take(IDENTITY_LEN) + cmsg_B = cmsg.take(PUB_KEY_LEN) + cmsg_X = cmsg.take(PUB_KEY_LEN) + cmsg_msg = cmsg.take(cmsg.remaining() - MAC_LEN) + cmsg_mac = cmsg.take(MAC_LEN) + + assert cmsg.exhausted() + + # XXXX for real purposes, you would use constant-time checks here + if cmsg_id != ID or cmsg_B != B: + raise Reject() + + Xb = curve25519(cmsg_X, b) + secret_input_phase1 = Xb + ID + cmsg_X + B + PROTOID + encapsulate(verification) + + phase1_keys = kdf_phase1(secret_input_phase1) + enc_key = phase1_keys.take(ENC_KEY_LEN) + mac_key = phase1_keys.take(MAC_KEY_LEN) + + mac_received = mac_phase1(mac_covered_portion, mac_key) + if mac_received != cmsg_mac: + raise Reject() + + client_msg = enc(cmsg_msg, enc_key) + state = dict( + b=b, + B=B, + X=cmsg_X, + mac_received=mac_received, + Xb=Xb, + ID=ID, + verification=verification) + + return (client_msg, state) + +def server_part2(state, server_msg): + X = state['X'] + Xb = state['Xb'] + B = state['B'] + b = state['b'] + ID = state['ID'] + mac_received = state['mac_received'] + verification = state['verification'] + + p(["server_msg"], locals()) + + (y,Y) = keygen() + p(["y", "Y"], locals()) + Xy = curve25519(X, y) + + secret_input = Xy + Xb + ID + B + X + Y + PROTOID + encapsulate(verification) + key_seed = h_key_seed(secret_input) + verify = h_verify(secret_input) + p(["key_seed", "verify"], locals()) + + keys = kdf_final(key_seed) + server_enc_key = keys.take(ENC_KEY_LEN) + p(["server_enc_key"], locals()) + + smsg_msg = enc(server_msg, server_enc_key) + + auth_input = verify + ID + B + Y + X + mac_received + encapsulate(smsg_msg) + PROTOID + b"Server" + + auth = h_auth(auth_input) + server_handshake = Y + auth + smsg_msg + p(["auth", "server_handshake"], locals()) + + return (server_handshake, keys) + +def client_phase2(state, smsg): + x = state['x'] + X = state['X'] + B = state['B'] + ID = state['ID'] + Bx = state['Bx'] + mac_sent = state['mac'] + verification = state['verification'] + + if len(smsg) < PUB_KEY_LEN + DIGEST_LEN: + raise Reject() + + smsg = ByteSeq(smsg) + Y = smsg.take(PUB_KEY_LEN) + auth_received = smsg.take(DIGEST_LEN) + server_msg = smsg.take(smsg.remaining()) + + Yx = curve25519(Y,x) + + secret_input = Yx + Bx + ID + B + X + Y + PROTOID + encapsulate(verification) + key_seed = h_key_seed(secret_input) + verify = h_verify(secret_input) + + auth_input = verify + ID + B + Y + X + mac_sent + encapsulate(server_msg) + PROTOID + b"Server" + + auth = h_auth(auth_input) + if auth != auth_received: + raise Reject() + + keys = kdf_final(key_seed) + enc_key = keys.take(ENC_KEY_LEN) + + server_msg_decrypted = enc(server_msg, enc_key) + + return (keys, server_msg_decrypted) + +def p(varnames, localvars): + for v in varnames: + label = v + val = localvars[label] + print('{} = "{}"'.format(label, binascii.b2a_hex(val).decode("ascii"))) + +def test(): + (b,B) = keygen() + ID = os.urandom(IDENTITY_LEN) + + p(["b", "B", "ID"], locals()) + + print("# ============") + (c_handshake, c_state) = client_phase1(b"hello world", b"xyzzy", B, ID) + + print("# ============") + + (c_msg_got, s_state) = server_part1(c_handshake, b"xyzzy", b, B, ID) + + #print(repr(c_msg_got)) + + (s_handshake, s_keys) = server_part2(s_state, b"Hola Mundo") + + print("# ============") + + (c_keys, s_msg_got) = client_phase2(c_state, s_handshake) + + #print(repr(s_msg_got)) + + c_keys_256 = c_keys.take(256) + p(["c_keys_256"], locals()) + + assert (c_keys_256 == s_keys.take(256)) + + +if __name__ == '__main__': + test() diff --git a/src/test/opts_test_helpers.c b/src/test/opts_test_helpers.c index 619ca40733..2c0f8dbd82 100644 --- a/src/test/opts_test_helpers.c +++ b/src/test/opts_test_helpers.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/opts_test_helpers.h b/src/test/opts_test_helpers.h index f925194e63..a6d31551a4 100644 --- a/src/test/opts_test_helpers.h +++ b/src/test/opts_test_helpers.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2019, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/prob_distr_mpfr_ref.c b/src/test/prob_distr_mpfr_ref.c index de4179c4e0..060cdf74ae 100644 --- a/src/test/prob_distr_mpfr_ref.c +++ b/src/test/prob_distr_mpfr_ref.c @@ -1,4 +1,4 @@ -/* Copyright 2012-2020, The Tor Project, Inc +/* Copyright 2012-2021, The Tor Project, Inc * See LICENSE for licensing information */ /** prob_distr_mpfr_ref.c diff --git a/src/test/ptr_helpers.c b/src/test/ptr_helpers.c index 0e0995df7c..536006be5d 100644 --- a/src/test/ptr_helpers.c +++ b/src/test/ptr_helpers.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "test/ptr_helpers.h" diff --git a/src/test/ptr_helpers.h b/src/test/ptr_helpers.h index 0999fdf5d2..a283c525eb 100644 --- a/src/test/ptr_helpers.h +++ b/src/test/ptr_helpers.h @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_PTR_HELPERS_H diff --git a/src/test/rend_test_helpers.c b/src/test/rend_test_helpers.c deleted file mode 100644 index 8e40167aeb..0000000000 --- a/src/test/rend_test_helpers.c +++ /dev/null @@ -1,99 +0,0 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -#include "core/or/or.h" -#include "core/or/extendinfo.h" -#include "lib/crypt_ops/crypto_rand.h" -#include "test/test.h" -#include "feature/rend/rendcommon.h" -#include "test/rend_test_helpers.h" - -#include "core/or/extend_info_st.h" -#include "feature/rend/rend_intro_point_st.h" -#include "feature/rend/rend_service_descriptor_st.h" - -void -generate_desc(int time_diff, rend_encoded_v2_service_descriptor_t **desc, - char **service_id, int intro_points) -{ - rend_service_descriptor_t *generated = NULL; - smartlist_t *descs = smartlist_new(); - time_t now; - - now = time(NULL) + time_diff; - create_descriptor(&generated, service_id, intro_points); - generated->timestamp = now; - - rend_encode_v2_descriptors(descs, generated, now, 0, REND_NO_AUTH, NULL, - NULL); - tor_assert(smartlist_len(descs) > 1); - *desc = smartlist_get(descs, 0); - smartlist_set(descs, 0, NULL); - - SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d, - rend_encoded_v2_service_descriptor_free(d)); - smartlist_free(descs); - rend_service_descriptor_free(generated); -} - -void -create_descriptor(rend_service_descriptor_t **generated, char **service_id, - int intro_points) -{ - crypto_pk_t *pk1 = NULL; - crypto_pk_t *pk2 = NULL; - int i; - - *service_id = tor_malloc(REND_SERVICE_ID_LEN_BASE32+1); - pk1 = pk_generate(0); - pk2 = pk_generate(1); - - *generated = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - (*generated)->pk = crypto_pk_dup_key(pk1); - rend_get_service_id((*generated)->pk, *service_id); - - (*generated)->version = 2; - (*generated)->protocols = 42; - (*generated)->intro_nodes = smartlist_new(); - - for (i = 0; i < intro_points; i++) { - rend_intro_point_t *intro = tor_malloc_zero(sizeof(rend_intro_point_t)); - crypto_pk_t *okey = pk_generate(2 + i); - intro->extend_info = - extend_info_new(NULL, NULL, NULL, NULL, NULL, NULL, 0); - intro->extend_info->onion_key = okey; - crypto_pk_get_digest(intro->extend_info->onion_key, - intro->extend_info->identity_digest); - intro->extend_info->nickname[0] = '$'; - base16_encode(intro->extend_info->nickname + 1, - sizeof(intro->extend_info->nickname) - 1, - intro->extend_info->identity_digest, DIGEST_LEN); - tor_addr_t addr; - uint16_t port; - /* Does not cover all IP addresses. */ - tor_addr_from_ipv4h(&addr, crypto_rand_int(65536) + 1); - port = 1 + crypto_rand_int(65535); - extend_info_add_orport(intro->extend_info, &addr, port); - intro->intro_key = crypto_pk_dup_key(pk2); - smartlist_add((*generated)->intro_nodes, intro); - } - - crypto_pk_free(pk1); - crypto_pk_free(pk2); -} - -rend_data_t * -mock_rend_data(const char *onion_address) -{ - rend_data_v2_t *v2_data = tor_malloc_zero(sizeof(*v2_data)); - rend_data_t *rend_query = &v2_data->base_; - rend_query->version = 2; - - strlcpy(v2_data->onion_address, onion_address, - sizeof(v2_data->onion_address)); - v2_data->auth_type = REND_NO_AUTH; - rend_query->hsdirs_fp = smartlist_new(); - smartlist_add(rend_query->hsdirs_fp, tor_memdup("aaaaaaaaaaaaaaaaaaaaaaaa", - DIGEST_LEN)); - return rend_query; -} diff --git a/src/test/rend_test_helpers.h b/src/test/rend_test_helpers.h deleted file mode 100644 index b1078ce866..0000000000 --- a/src/test/rend_test_helpers.h +++ /dev/null @@ -1,16 +0,0 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -#include "core/or/or.h" - -#ifndef TOR_REND_TEST_HELPERS_H -#define TOR_REND_TEST_HELPERS_H - -void generate_desc(int time_diff, rend_encoded_v2_service_descriptor_t **desc, - char **service_id, int intro_points); -void create_descriptor(rend_service_descriptor_t **generated, - char **service_id, int intro_points); -rend_data_t *mock_rend_data(const char *onion_address); - -#endif /* !defined(TOR_REND_TEST_HELPERS_H) */ - diff --git a/src/test/resolve_test_helpers.c b/src/test/resolve_test_helpers.c index ed5853c359..6be5ab0b9f 100644 --- a/src/test/resolve_test_helpers.c +++ b/src/test/resolve_test_helpers.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/resolve_test_helpers.h b/src/test/resolve_test_helpers.h index ca642d6c63..c7d610379f 100644 --- a/src/test/resolve_test_helpers.h +++ b/src/test/resolve_test_helpers.h @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/rng_test_helpers.c b/src/test/rng_test_helpers.c index b7d7cb0dfa..058c5e0ccd 100644 --- a/src/test/rng_test_helpers.c +++ b/src/test/rng_test_helpers.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/rng_test_helpers.h b/src/test/rng_test_helpers.h index 6fcdaa2653..a6ca7d792f 100644 --- a/src/test/rng_test_helpers.h +++ b/src/test/rng_test_helpers.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_RNG_TEST_HELPERS_H diff --git a/src/test/test-memwipe.c b/src/test/test-memwipe.c index 5e4cc7678e..192fa9ec31 100644 --- a/src/test/test-memwipe.c +++ b/src/test/test-memwipe.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ +/* Copyright (c) 2015-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test-process.c b/src/test/test-process.c index f5a1f1a54e..a1e37b119a 100644 --- a/src/test/test-process.c +++ b/src/test/test-process.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2011-2020, The Tor Project, Inc. */ +/* Copyright (c) 2011-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test-timers.c b/src/test/test-timers.c index 18e2191a09..b2ba58b9dd 100644 --- a/src/test/test-timers.c +++ b/src/test/test-timers.c @@ -1,4 +1,4 @@ -/* Copyright 2016-2020, The Tor Project, Inc. */ +/* Copyright 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test.c b/src/test/test.c index ffea158141..6b7e0b6442 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -1,6 +1,5 @@ /* Copyright (c) 2001-2004, Roger Dingledine. -->a * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -45,9 +44,6 @@ #include "app/config/config.h" #include "core/or/connection_edge.h" #include "core/or/extendinfo.h" -#include "feature/rend/rendcommon.h" -#include "feature/rend/rendcache.h" -#include "feature/rend/rendparse.h" #include "test/test.h" #include "core/mainloop/mainloop.h" #include "lib/memarea/memarea.h" @@ -56,14 +52,13 @@ #include "core/crypto/onion_fast.h" #include "core/crypto/onion_tap.h" #include "core/or/policies.h" +#include "lib/sandbox/sandbox.h" #include "app/config/statefile.h" #include "lib/crypt_ops/crypto_curve25519.h" +#include "feature/nodelist/networkstatus.h" #include "core/or/extend_info_st.h" #include "core/or/or_circuit_st.h" -#include "feature/rend/rend_encoded_v2_service_descriptor_st.h" -#include "feature/rend/rend_intro_point_st.h" -#include "feature/rend/rend_service_descriptor_st.h" #include "feature/relay/onion_queue.h" /** Run unit tests for the onion handshake code. */ @@ -355,6 +350,227 @@ test_onion_queues(void *arg) tor_free(onionskin); } +/** + * Test onion queue priority, separation, and resulting + * ordering. + * + * create and add a mix of TAP, NTOR2, and NTORv3. Ensure + * they all end up in the right queue. In particular, ntorv2 + * and ntorv3 should share a queue, but TAP should be separate, + * and lower prioritt. + * + * We test this by way of adding TAP first, and then an interleaving + * order of ntor2 and ntor3, and check that the ntor2 and ntor3 are + * still interleaved, but TAP comes last. */ +static void +test_onion_queue_order(void *arg) +{ + uint8_t buf_tap[TAP_ONIONSKIN_CHALLENGE_LEN] = {0}; + uint8_t buf_ntor[NTOR_ONIONSKIN_LEN] = {0}; + uint8_t buf_ntor3[CELL_PAYLOAD_SIZE] = {0}; + + or_circuit_t *circ_tap = or_circuit_new(0, NULL); + or_circuit_t *circ_ntor = or_circuit_new(0, NULL); + or_circuit_t *circ_ntor3 = or_circuit_new(0, NULL); + + create_cell_t *onionskin = NULL; + create_cell_t *create_tap1 = tor_malloc_zero(sizeof(create_cell_t)); + create_cell_t *create_ntor1 = tor_malloc_zero(sizeof(create_cell_t)); + create_cell_t *create_ntor2 = tor_malloc_zero(sizeof(create_cell_t)); + create_cell_t *create_v3ntor1 = tor_malloc_zero(sizeof(create_cell_t)); + create_cell_t *create_v3ntor2 = tor_malloc_zero(sizeof(create_cell_t)); + (void)arg; + + create_cell_init(create_tap1, CELL_CREATE, ONION_HANDSHAKE_TYPE_TAP, + TAP_ONIONSKIN_CHALLENGE_LEN, buf_tap); + create_cell_init(create_ntor1, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR, + NTOR_ONIONSKIN_LEN, buf_ntor); + create_cell_init(create_ntor2, CELL_CREATE, ONION_HANDSHAKE_TYPE_NTOR, + NTOR_ONIONSKIN_LEN, buf_ntor); + create_cell_init(create_v3ntor1, CELL_CREATE2, ONION_HANDSHAKE_TYPE_NTOR_V3, + NTOR_ONIONSKIN_LEN, buf_ntor3); + create_cell_init(create_v3ntor2, CELL_CREATE2, ONION_HANDSHAKE_TYPE_NTOR_V3, + NTOR_ONIONSKIN_LEN, buf_ntor3); + + /* sanity check queue init */ + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + + /* Add tap first so we can ensure it comes out last */ + tt_int_op(0,OP_EQ, onion_pending_add(circ_tap, create_tap1)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + + /* Now add interleaving ntor2 and ntor3, to ensure they share + * the same queue and come out in this order */ + tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor, create_ntor1)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + + tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor3, create_v3ntor1)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + + tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor, create_ntor2)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + + tt_int_op(0,OP_EQ, onion_pending_add(circ_ntor3, create_v3ntor2)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(4,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(4,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + + /* Now remove 5 tasks, ensuring order and queue sizes */ + tt_ptr_op(circ_ntor, OP_EQ, onion_next_task(&onionskin)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(3,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + tt_ptr_op(onionskin, OP_EQ, create_ntor1); + + tt_ptr_op(circ_ntor3, OP_EQ, onion_next_task(&onionskin)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(2,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + tt_ptr_op(onionskin, OP_EQ, create_v3ntor1); + + tt_ptr_op(circ_ntor, OP_EQ, onion_next_task(&onionskin)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + tt_ptr_op(onionskin, OP_EQ, create_ntor2); + + tt_ptr_op(circ_ntor3, OP_EQ, onion_next_task(&onionskin)); + tt_int_op(1,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + tt_ptr_op(onionskin, OP_EQ, create_v3ntor2); + + tt_ptr_op(circ_tap, OP_EQ, onion_next_task(&onionskin)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR_V3)); + tt_ptr_op(onionskin, OP_EQ, create_tap1); + + clear_pending_onions(); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_TAP)); + tt_int_op(0,OP_EQ, onion_num_pending(ONION_HANDSHAKE_TYPE_NTOR)); + + done: + circuit_free_(TO_CIRCUIT(circ_tap)); + circuit_free_(TO_CIRCUIT(circ_ntor)); + circuit_free_(TO_CIRCUIT(circ_ntor3)); + tor_free(create_tap1); + tor_free(create_ntor1); + tor_free(create_ntor2); + tor_free(create_v3ntor1); + tor_free(create_v3ntor2); +} + +static int32_t cbtnummodes = 10; + +static int32_t +mock_xm_networkstatus_get_param( + const networkstatus_t *ns, const char *param_name, int32_t default_val, + int32_t min_val, int32_t max_val) +{ + (void)ns; + (void)default_val; + (void)min_val; + (void)max_val; + // only support cbtnummodes right now + tor_assert(strcmp(param_name, "cbtnummodes")==0); + return cbtnummodes; +} + +static void +test_circuit_timeout_xm_alpha(void *arg) +{ + circuit_build_times_t cbt; + build_time_t Xm; + int alpha_ret; + circuit_build_times_init(&cbt); + (void)arg; + + /* Plan: + * 1. Create array of build times with 10 modes. + * 2. Make sure Xm calc is sane for 1,3,5,10,15,20 modes. + * 3. Make sure alpha calc is sane for 1,3,5,10,15,20 modes. + */ + + /* 110 build times, 9 modes, 8 mode ties, 10 abandoned */ + build_time_t circuit_build_times[] = { + 100, 20, 1000, 500, 200, 5000, 30, 600, 200, 300, CBT_BUILD_ABANDONED, + 101, 21, 1001, 501, 201, 5001, 31, 601, 201, 301, CBT_BUILD_ABANDONED, + 102, 22, 1002, 502, 202, 5002, 32, 602, 202, 302, CBT_BUILD_ABANDONED, + 103, 23, 1003, 503, 203, 5003, 33, 603, 203, 303, CBT_BUILD_ABANDONED, + 104, 24, 1004, 504, 204, 5004, 34, 604, 204, 304, CBT_BUILD_ABANDONED, + 105, 25, 1005, 505, 205, 5005, 35, 605, 205, 305, CBT_BUILD_ABANDONED, + 106, 26, 1006, 506, 206, 5006, 36, 606, 206, 306, CBT_BUILD_ABANDONED, + 107, 27, 1007, 507, 207, 5007, 37, 607, 207, 307, CBT_BUILD_ABANDONED, + 108, 28, 1008, 508, 208, 5008, 38, 608, 208, 308, CBT_BUILD_ABANDONED, + 109, 29, 1009, 509, 209, 5009, 39, 609, 209, 309, CBT_BUILD_ABANDONED + }; + + memcpy(cbt.circuit_build_times, circuit_build_times, + sizeof(circuit_build_times)); + cbt.total_build_times = 110; + + MOCK(networkstatus_get_param, mock_xm_networkstatus_get_param); + +#define CBT_ALPHA_PRECISION 0.00001 + cbtnummodes = 1; + Xm = circuit_build_times_get_xm(&cbt); + alpha_ret = circuit_build_times_update_alpha(&cbt); + tt_int_op(alpha_ret, OP_EQ, 1); + tt_int_op(Xm, OP_EQ, 205); + tt_assert(fabs(cbt.alpha - 1.394401) < CBT_ALPHA_PRECISION); + + cbtnummodes = 3; + Xm = circuit_build_times_get_xm(&cbt); + alpha_ret = circuit_build_times_update_alpha(&cbt); + tt_int_op(alpha_ret, OP_EQ, 1); + tt_int_op(Xm, OP_EQ, 117); + tt_assert(fabs(cbt.alpha - 0.902313) < CBT_ALPHA_PRECISION); + + cbtnummodes = 5; + Xm = circuit_build_times_get_xm(&cbt); + alpha_ret = circuit_build_times_update_alpha(&cbt); + tt_int_op(alpha_ret, OP_EQ, 1); + tt_int_op(Xm, OP_EQ, 146); + tt_assert(fabs(cbt.alpha - 1.049032) < CBT_ALPHA_PRECISION); + + cbtnummodes = 10; + Xm = circuit_build_times_get_xm(&cbt); + alpha_ret = circuit_build_times_update_alpha(&cbt); + tt_int_op(alpha_ret, OP_EQ, 1); + tt_int_op(Xm, OP_EQ, 800); + tt_assert(fabs(cbt.alpha - 4.851754) < CBT_ALPHA_PRECISION); + + cbtnummodes = 15; + Xm = circuit_build_times_get_xm(&cbt); + alpha_ret = circuit_build_times_update_alpha(&cbt); + tt_int_op(alpha_ret, OP_EQ, 1); + tt_int_op(Xm, OP_EQ, 800); + tt_assert(fabs(cbt.alpha - 4.851754) < CBT_ALPHA_PRECISION); + + cbtnummodes = 20; + Xm = circuit_build_times_get_xm(&cbt); + alpha_ret = circuit_build_times_update_alpha(&cbt); + tt_int_op(alpha_ret, OP_EQ, 1); + tt_int_op(Xm, OP_EQ, 800); + tt_assert(fabs(cbt.alpha - 4.851754) < CBT_ALPHA_PRECISION); + + done: +#undef CBT_ALPHA_PRECISION + UNMOCK(networkstatus_get_param); + circuit_build_times_free_timeouts(&cbt); +} + static void test_circuit_timeout(void *arg) { @@ -373,7 +589,6 @@ test_circuit_timeout(void *arg) double timeout1, timeout2; or_state_t *state=NULL; int i, runs; - double close_ms; (void)arg; initialize_periodic_events(); @@ -394,18 +609,11 @@ test_circuit_timeout(void *arg) circuit_build_times_initial_alpha(&initial, CBT_DEFAULT_QUANTILE_CUTOFF/100.0, timeout0); - close_ms = MAX(circuit_build_times_calculate_timeout(&initial, - CBT_DEFAULT_CLOSE_QUANTILE/100.0), - CBT_DEFAULT_TIMEOUT_INITIAL_VALUE); do { for (i=0; i < CBT_DEFAULT_MIN_CIRCUITS_TO_OBSERVE; i++) { build_time_t sample = circuit_build_times_generate_sample(&initial,0,1); - if (sample > close_ms) { - circuit_build_times_add_time(&estimate, CBT_BUILD_ABANDONED); - } else { - circuit_build_times_add_time(&estimate, sample); - } + circuit_build_times_add_time(&estimate, sample); } circuit_build_times_update_alpha(&estimate); timeout1 = circuit_build_times_calculate_timeout(&estimate, @@ -526,127 +734,6 @@ test_circuit_timeout(void *arg) testing_disable_deterministic_rng(); } -/** Test encoding and parsing of rendezvous service descriptors. */ -static void -test_rend_fns(void *arg) -{ - rend_service_descriptor_t *generated = NULL, *parsed = NULL; - char service_id[DIGEST_LEN]; - char service_id_base32[REND_SERVICE_ID_LEN_BASE32+1]; - const char *next_desc; - smartlist_t *descs = smartlist_new(); - char computed_desc_id[DIGEST_LEN]; - char parsed_desc_id[DIGEST_LEN]; - crypto_pk_t *pk1 = NULL, *pk2 = NULL; - time_t now; - char *intro_points_encrypted = NULL; - size_t intro_points_size; - size_t encoded_size; - int i; - - (void)arg; - - /* Initialize the service cache. */ - rend_cache_init(); - - pk1 = pk_generate(0); - pk2 = pk_generate(1); - generated = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - generated->pk = crypto_pk_dup_key(pk1); - crypto_pk_get_digest(generated->pk, service_id); - base32_encode(service_id_base32, REND_SERVICE_ID_LEN_BASE32+1, - service_id, REND_SERVICE_ID_LEN); - now = time(NULL); - generated->timestamp = now; - generated->version = 2; - generated->protocols = 42; - generated->intro_nodes = smartlist_new(); - - for (i = 0; i < 3; i++) { - rend_intro_point_t *intro = tor_malloc_zero(sizeof(rend_intro_point_t)); - crypto_pk_t *okey = pk_generate(2 + i); - intro->extend_info = - extend_info_new(NULL, NULL, NULL, NULL, NULL, NULL, 0); - intro->extend_info->onion_key = okey; - crypto_pk_get_digest(intro->extend_info->onion_key, - intro->extend_info->identity_digest); - //crypto_rand(info->identity_digest, DIGEST_LEN); /* Would this work? */ - intro->extend_info->nickname[0] = '$'; - base16_encode(intro->extend_info->nickname + 1, - sizeof(intro->extend_info->nickname) - 1, - intro->extend_info->identity_digest, DIGEST_LEN); - tor_addr_t addr; - uint16_t port; - /* Does not cover all IP addresses. */ - tor_addr_from_ipv4h(&addr, crypto_rand_int(65536) + 1); - port = 1 + crypto_rand_int(65535); - extend_info_add_orport(intro->extend_info, &addr, port); - intro->intro_key = crypto_pk_dup_key(pk2); - smartlist_add(generated->intro_nodes, intro); - } - int rv = rend_encode_v2_descriptors(descs, generated, now, 0, - REND_NO_AUTH, NULL, NULL); - tt_int_op(rv, OP_GT, 0); - rv = rend_compute_v2_desc_id(computed_desc_id, service_id_base32, NULL, - now, 0); - tt_int_op(rv, OP_EQ, 0); - tt_mem_op(((rend_encoded_v2_service_descriptor_t *) - smartlist_get(descs, 0))->desc_id, OP_EQ, - computed_desc_id, DIGEST_LEN); - rv = rend_parse_v2_service_descriptor(&parsed, parsed_desc_id, - &intro_points_encrypted, &intro_points_size, &encoded_size, - &next_desc, - ((rend_encoded_v2_service_descriptor_t *)smartlist_get(descs, 0)) - ->desc_str, 1); - tt_int_op(rv, OP_EQ, 0); - tt_assert(parsed); - tt_mem_op(((rend_encoded_v2_service_descriptor_t *) - smartlist_get(descs, 0))->desc_id,OP_EQ, parsed_desc_id, DIGEST_LEN); - tt_int_op(rend_parse_introduction_points(parsed, intro_points_encrypted, - intro_points_size),OP_EQ, 3); - tt_assert(!crypto_pk_cmp_keys(generated->pk, parsed->pk)); - tt_int_op(parsed->timestamp,OP_EQ, now); - tt_int_op(parsed->version,OP_EQ, 2); - tt_int_op(parsed->protocols,OP_EQ, 42); - tt_int_op(smartlist_len(parsed->intro_nodes),OP_EQ, 3); - for (i = 0; i < smartlist_len(parsed->intro_nodes); i++) { - rend_intro_point_t *par_intro = smartlist_get(parsed->intro_nodes, i), - *gen_intro = smartlist_get(generated->intro_nodes, i); - extend_info_t *par_info = par_intro->extend_info; - extend_info_t *gen_info = gen_intro->extend_info; - tt_assert(!crypto_pk_cmp_keys(gen_info->onion_key, par_info->onion_key)); - tt_mem_op(gen_info->identity_digest,OP_EQ, par_info->identity_digest, - DIGEST_LEN); - tt_str_op(gen_info->nickname,OP_EQ, par_info->nickname); - const tor_addr_port_t *a1, *a2; - a1 = extend_info_get_orport(gen_info, AF_INET); - a2 = extend_info_get_orport(par_info, AF_INET); - tt_assert(a1 && a2); - tt_assert(tor_addr_eq(&a1->addr, &a2->addr)); - tt_int_op(a2->port,OP_EQ, a2->port); - } - - rend_service_descriptor_free(parsed); - rend_service_descriptor_free(generated); - parsed = generated = NULL; - - done: - if (descs) { - for (i = 0; i < smartlist_len(descs); i++) - rend_encoded_v2_service_descriptor_free_(smartlist_get(descs, i)); - smartlist_free(descs); - } - if (parsed) - rend_service_descriptor_free(parsed); - if (generated) - rend_service_descriptor_free(generated); - if (pk1) - crypto_pk_free(pk1); - if (pk2) - crypto_pk_free(pk2); - tor_free(intro_points_encrypted); -} - #define ENT(name) \ { #name, test_ ## name , 0, NULL, NULL } #define FORK(name) \ @@ -656,10 +743,11 @@ static struct testcase_t test_array[] = { ENT(onion_handshake), { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL }, ENT(onion_queues), + ENT(onion_queue_order), { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL }, { "fast_handshake", test_fast_handshake, 0, NULL, NULL }, FORK(circuit_timeout), - FORK(rend_fns), + FORK(circuit_timeout_xm_alpha), END_OF_TESTCASES }; @@ -707,6 +795,7 @@ struct testgroup_t testgroups[] = { { "crypto/pem/", pem_tests }, { "crypto/rng/", crypto_rng_tests }, { "dir/", dir_tests }, + { "dir/auth/ports/", dirauth_port_tests }, { "dir/auth/process_descs/", process_descs_tests }, { "dir/md/", microdesc_tests }, { "dirauth/dirvote/", dirvote_tests}, @@ -734,15 +823,14 @@ struct testgroup_t testgroups[] = { { "hs_ntor/", hs_ntor_tests }, { "hs_ob/", hs_ob_tests }, { "hs_service/", hs_service_tests }, - { "introduce/", introduce_tests }, { "keypin/", keypin_tests }, - { "legacy_hs/", hs_tests }, { "link-handshake/", link_handshake_tests }, { "mainloop/", mainloop_tests }, { "metrics/", metrics_tests }, { "netinfo/", netinfo_tests }, { "nodelist/", nodelist_tests }, { "oom/", oom_tests }, + { "onion-handshake/ntor-v3/", ntor_v3_tests }, { "oos/", oos_tests }, { "options/", options_tests }, { "options/act/", options_act_tests }, @@ -762,12 +850,14 @@ struct testgroup_t testgroups[] = { { "relay/" , relay_tests }, { "relaycell/", relaycell_tests }, { "relaycrypt/", relaycrypt_tests }, - { "rend_cache/", rend_cache_tests }, { "replaycache/", replaycache_tests }, { "router/", router_tests }, { "routerkeys/", routerkeys_tests }, { "routerlist/", routerlist_tests }, { "routerset/" , routerset_tests }, +#ifdef USE_LIBSECCOMP + { "sandbox/" , sandbox_tests }, +#endif { "scheduler/", scheduler_tests }, { "sendme/", sendme_tests }, { "shared-random/", sr_tests }, diff --git a/src/test/test.h b/src/test/test.h index 56037648d3..e17bce427c 100644 --- a/src/test/test.h +++ b/src/test/test.h @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2003, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_TEST_H @@ -120,6 +120,7 @@ extern struct testcase_t crypto_ope_tests[]; extern struct testcase_t crypto_openssl_tests[]; extern struct testcase_t crypto_rng_tests[]; extern struct testcase_t crypto_tests[]; +extern struct testcase_t dirauth_port_tests[]; extern struct testcase_t dir_handle_get_tests[]; extern struct testcase_t dir_tests[]; extern struct testcase_t dirvote_tests[]; @@ -145,8 +146,6 @@ extern struct testcase_t hs_metrics_tests[]; extern struct testcase_t hs_ntor_tests[]; extern struct testcase_t hs_ob_tests[]; extern struct testcase_t hs_service_tests[]; -extern struct testcase_t hs_tests[]; -extern struct testcase_t introduce_tests[]; extern struct testcase_t keypin_tests[]; extern struct testcase_t link_handshake_tests[]; extern struct testcase_t logging_tests[]; @@ -156,6 +155,7 @@ extern struct testcase_t microdesc_tests[]; extern struct testcase_t namemap_tests[]; extern struct testcase_t netinfo_tests[]; extern struct testcase_t nodelist_tests[]; +extern struct testcase_t ntor_v3_tests[]; extern struct testcase_t oom_tests[]; extern struct testcase_t oos_tests[]; extern struct testcase_t options_tests[]; @@ -179,12 +179,12 @@ extern struct testcase_t pubsub_msg_tests[]; extern struct testcase_t relay_tests[]; extern struct testcase_t relaycell_tests[]; extern struct testcase_t relaycrypt_tests[]; -extern struct testcase_t rend_cache_tests[]; extern struct testcase_t replaycache_tests[]; extern struct testcase_t router_tests[]; extern struct testcase_t routerkeys_tests[]; extern struct testcase_t routerlist_tests[]; extern struct testcase_t routerset_tests[]; +extern struct testcase_t sandbox_tests[]; extern struct testcase_t scheduler_tests[]; extern struct testcase_t sendme_tests[]; extern struct testcase_t socks_tests[]; diff --git a/src/test/test_accounting.c b/src/test/test_accounting.c index 7933df5e35..4cc2c0733c 100644 --- a/src/test/test_accounting.c +++ b/src/test/test_accounting.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/test_addr.c b/src/test/test_addr.c index dbc581288d..f368326902 100644 --- a/src/test/test_addr.c +++ b/src/test/test_addr.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define ADDRESSMAP_PRIVATE diff --git a/src/test/test_address.c b/src/test/test_address.c index e7007f22f3..015ca0807c 100644 --- a/src/test/test_address.c +++ b/src/test/test_address.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define ADDRESS_PRIVATE @@ -1326,6 +1326,42 @@ test_address_dirserv_router_addr_private(void *opt_dir_allow_private) UNMOCK(get_options); } +static void +test_address_parse_port_range(void *arg) +{ + int ret; + uint16_t min_out = 0; + uint16_t max_out = 0; + + (void) arg; + + /* Invalid. */ + ret = parse_port_range("0x00", &min_out, &max_out); + tt_int_op(ret, OP_EQ, -1); + ret = parse_port_range("0x01", &min_out, &max_out); + tt_int_op(ret, OP_EQ, -1); + ret = parse_port_range("1817161", &min_out, &max_out); + tt_int_op(ret, OP_EQ, -1); + ret = parse_port_range("65536", &min_out, &max_out); + tt_int_op(ret, OP_EQ, -1); + ret = parse_port_range("1-65536", &min_out, &max_out); + tt_int_op(ret, OP_EQ, -1); + + /* Valid. */ + ret = parse_port_range("65535", &min_out, &max_out); + tt_int_op(ret, OP_EQ, 0); + tt_int_op(min_out, OP_EQ, 65535); + tt_int_op(max_out, OP_EQ, 65535); + + ret = parse_port_range("1-65535", &min_out, &max_out); + tt_int_op(ret, OP_EQ, 0); + tt_int_op(min_out, OP_EQ, 1); + tt_int_op(max_out, OP_EQ, 65535); + + done: + ; +} + #define ADDRESS_TEST(name, flags) \ { #name, test_address_ ## name, flags, NULL, NULL } #define ADDRESS_TEST_STR_ARG(name, flags, str_arg) \ @@ -1364,5 +1400,6 @@ struct testcase_t address_tests[] = { ADDRESS_TEST(tor_node_in_same_network_family, 0), ADDRESS_TEST(dirserv_router_addr_private, 0), ADDRESS_TEST_STR_ARG(dirserv_router_addr_private, 0, "allow_private"), + ADDRESS_TEST(parse_port_range, 0), END_OF_TESTCASES }; diff --git a/src/test/test_address_set.c b/src/test/test_address_set.c index 37688f4c1d..6860906791 100644 --- a/src/test/test_address_set.c +++ b/src/test/test_address_set.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/test_bridges.c b/src/test/test_bridges.c index 1942a8cb89..f778710e1b 100644 --- a/src/test/test_bridges.c +++ b/src/test/test_bridges.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_bt_cl.c b/src/test/test_bt_cl.c index 5f9a88705c..fd3778d801 100644 --- a/src/test/test_bt_cl.c +++ b/src/test/test_bt_cl.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_btrack.c b/src/test/test_btrack.c index 2b2f34fc23..16fe7c4bd7 100644 --- a/src/test/test_btrack.c +++ b/src/test/test_btrack.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/test_buffers.c b/src/test/test_buffers.c index fbaa628fd7..888adb4956 100644 --- a/src/test/test_buffers.c +++ b/src/test/test_buffers.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define BUFFERS_PRIVATE diff --git a/src/test/test_bwmgt.c b/src/test/test_bwmgt.c index 4cf83e45d0..a034c369d1 100644 --- a/src/test/test_bwmgt.c +++ b/src/test/test_bwmgt.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_cell_formats.c b/src/test/test_cell_formats.c index cae25d00ec..b7b149cd66 100644 --- a/src/test/test_cell_formats.c +++ b/src/test/test_cell_formats.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_cell_queue.c b/src/test/test_cell_queue.c index b778c07802..d9a002c594 100644 --- a/src/test/test_cell_queue.c +++ b/src/test/test_cell_queue.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CIRCUITLIST_PRIVATE diff --git a/src/test/test_channel.c b/src/test/test_channel.c index d43f6e010a..a74d69fefc 100644 --- a/src/test/test_channel.c +++ b/src/test/test_channel.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CHANNEL_OBJECT_PRIVATE diff --git a/src/test/test_channelpadding.c b/src/test/test_channelpadding.c index 63a591583d..261e1f8a37 100644 --- a/src/test/test_channelpadding.c +++ b/src/test/test_channelpadding.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CHANNEL_OBJECT_PRIVATE diff --git a/src/test/test_channeltls.c b/src/test/test_channeltls.c index 0227779e8b..ca7fee2c53 100644 --- a/src/test/test_channeltls.c +++ b/src/test/test_channeltls.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -20,6 +20,7 @@ #include "lib/tls/tortls.h" #include "core/or/or_connection_st.h" +#include "core/or/congestion_control_common.h" /* Test suite stuff */ #include "test/test.h" @@ -155,7 +156,7 @@ test_channeltls_num_bytes_queued(void *arg) * - 2 cells. */ n = ch->num_cells_writeable(ch); - tt_int_op(n, OP_EQ, CEIL_DIV(OR_CONN_HIGHWATER, 512) - 2); + tt_int_op(n, OP_EQ, CEIL_DIV(or_conn_highwatermark(), 512) - 2); UNMOCK(buf_datalen); tlschan_buf_datalen_mock_target = NULL; tlschan_buf_datalen_mock_size = 0; diff --git a/src/test/test_checkdir.c b/src/test/test_checkdir.c index 186a55cc8c..5579be7206 100644 --- a/src/test/test_checkdir.c +++ b/src/test/test_checkdir.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_circuitbuild.c b/src/test/test_circuitbuild.c index 299908ce82..0a5c3530bd 100644 --- a/src/test/test_circuitbuild.c +++ b/src/test/test_circuitbuild.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CIRCUITBUILD_PRIVATE @@ -113,7 +113,7 @@ test_new_route_len_safe_exit(void *arg) /* hidden service connecting to introduction point */ r = new_route_len(CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, &dummy_ei, &dummy_nodes); - tt_int_op(DEFAULT_ROUTE_LEN, OP_EQ, r); + tt_int_op(DEFAULT_ROUTE_LEN+1, OP_EQ, r); /* router testing its own reachability */ r = new_route_len(CIRCUIT_PURPOSE_TESTING, &dummy_ei, &dummy_nodes); diff --git a/src/test/test_circuitlist.c b/src/test/test_circuitlist.c index 63c4418f29..4bcff57fc3 100644 --- a/src/test/test_circuitlist.c +++ b/src/test/test_circuitlist.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CHANNEL_OBJECT_PRIVATE @@ -203,6 +203,10 @@ test_rend_token_maps(void *arg) c4 = or_circuit_new(0, NULL); c5 = origin_circuit_new(); + ed25519_public_key_t intro_pk1 = { {1} }; /* Junk, not important. */ + ed25519_public_key_t intro_pk2 = { {2} }; /* Junk, not important. */ + ed25519_public_key_t intro_pk3 = { {3} }; /* Junk, not important. */ + /* Make sure we really filled up the tok* variables */ tt_int_op(tok1[REND_TOKEN_LEN-1], OP_EQ, 'y'); tt_int_op(tok2[REND_TOKEN_LEN-1], OP_EQ, ' '); @@ -210,31 +214,37 @@ test_rend_token_maps(void *arg) /* No maps; nothing there. */ tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok1)); - tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok1)); + tt_ptr_op(NULL, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk1)); hs_circuitmap_register_rend_circ_relay_side(c1, tok1); - hs_circuitmap_register_intro_circ_v2_relay_side(c2, tok2); + hs_circuitmap_register_intro_circ_v3_relay_side(c2, &intro_pk2); tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok3)); - tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok3)); + tt_ptr_op(NULL, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk3)); tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok2)); - tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok1)); + tt_ptr_op(NULL, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk2)); /* Without purpose set, we don't get the circuits */ tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok1)); - tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok2)); + tt_ptr_op(NULL, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk2)); c1->base_.purpose = CIRCUIT_PURPOSE_REND_POINT_WAITING; c2->base_.purpose = CIRCUIT_PURPOSE_INTRO_POINT; /* Okay, make sure they show up now. */ tt_ptr_op(c1, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok1)); - tt_ptr_op(c2, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok2)); + tt_ptr_op(c2, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk2)); /* Two items at the same place with the same token. */ c3->base_.purpose = CIRCUIT_PURPOSE_REND_POINT_WAITING; hs_circuitmap_register_rend_circ_relay_side(c3, tok2); - tt_ptr_op(c2, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok2)); + tt_ptr_op(c2, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk2)); tt_ptr_op(c3, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok2)); /* Marking a circuit makes it not get returned any more */ @@ -246,31 +256,36 @@ test_rend_token_maps(void *arg) /* Freeing a circuit makes it not get returned any more. */ circuit_free_(TO_CIRCUIT(c2)); c2 = NULL; - tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok2)); + tt_ptr_op(NULL, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk2)); /* c3 -- are you still there? */ tt_ptr_op(c3, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok2)); /* Change its cookie. This never happens in Tor per se, but hey. */ c3->base_.purpose = CIRCUIT_PURPOSE_INTRO_POINT; - hs_circuitmap_register_intro_circ_v2_relay_side(c3, tok3); + hs_circuitmap_register_intro_circ_v3_relay_side(c3, &intro_pk3); tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok2)); - tt_ptr_op(c3, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok3)); + tt_ptr_op(c3, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk3)); /* Now replace c3 with c4. */ c4->base_.purpose = CIRCUIT_PURPOSE_INTRO_POINT; - hs_circuitmap_register_intro_circ_v2_relay_side(c4, tok3); + hs_circuitmap_register_intro_circ_v3_relay_side(c4, &intro_pk3); - tt_ptr_op(c4, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok3)); + tt_ptr_op(c4, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk3)); tt_ptr_op(TO_CIRCUIT(c3)->hs_token, OP_EQ, NULL); tt_ptr_op(TO_CIRCUIT(c4)->hs_token, OP_NE, NULL); - tt_mem_op(TO_CIRCUIT(c4)->hs_token->token, OP_EQ, tok3, REND_TOKEN_LEN); + tt_mem_op(TO_CIRCUIT(c4)->hs_token->token, OP_EQ, &intro_pk3, + REND_TOKEN_LEN); /* Now clear c4's cookie. */ hs_circuitmap_remove_circuit(TO_CIRCUIT(c4)); tt_ptr_op(TO_CIRCUIT(c4)->hs_token, OP_EQ, NULL); - tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok3)); + tt_ptr_op(NULL, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk3)); /* Now let's do a check for the client-side rend circuitmap */ c5->base_.purpose = CIRCUIT_PURPOSE_C_ESTABLISH_REND; @@ -401,6 +416,9 @@ test_hs_circuitmap_isolation(void *arg) hs_circuitmap_init(); + ed25519_public_key_t intro_pk1 = { {1} }; /* Junk, not important. */ + ed25519_public_key_t intro_pk2 = { {2} }; /* Junk, not important. */ + { const uint8_t tok1[REND_TOKEN_LEN] = "bet i got some of th"; @@ -416,7 +434,8 @@ test_hs_circuitmap_isolation(void *arg) /* check that service-side getters don't work */ tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_rend_circ_service_side(tok1)); - tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_intro_circ_v2_service_side(tok1)); + tt_ptr_op(NULL, OP_EQ, + hs_circuitmap_get_intro_circ_v3_service_side(&intro_pk1)); /* Check that the right getter works. */ tt_ptr_op(circ1, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok1)); @@ -436,17 +455,18 @@ test_hs_circuitmap_isolation(void *arg) circ4->base_.purpose = CIRCUIT_PURPOSE_S_ESTABLISH_INTRO; /* Register circ2 with tok2 as service-side intro v2 circ */ - hs_circuitmap_register_intro_circ_v2_service_side(circ2, tok2); + hs_circuitmap_register_intro_circ_v3_service_side(circ2, &intro_pk2); /* Register circ3 with tok2 again but for different purpose */ - hs_circuitmap_register_intro_circ_v2_relay_side(circ3, tok2); + hs_circuitmap_register_intro_circ_v3_relay_side(circ3, &intro_pk2); /* Check that the getters work */ tt_ptr_op(circ2, OP_EQ, - hs_circuitmap_get_intro_circ_v2_service_side(tok2)); - tt_ptr_op(circ3, OP_EQ, hs_circuitmap_get_intro_circ_v2_relay_side(tok2)); + hs_circuitmap_get_intro_circ_v3_service_side(&intro_pk2)); + tt_ptr_op(circ3, OP_EQ, + hs_circuitmap_get_intro_circ_v3_relay_side(&intro_pk2)); /* Register circ4 with tok2: it should override circ2 */ - hs_circuitmap_register_intro_circ_v2_service_side(circ4, tok2); + hs_circuitmap_register_intro_circ_v3_service_side(circ4, &intro_pk2); /* check that relay-side getters don't work */ tt_ptr_op(NULL, OP_EQ, hs_circuitmap_get_rend_circ_relay_side(tok2)); @@ -454,7 +474,7 @@ test_hs_circuitmap_isolation(void *arg) /* Check that the getter returns circ4; the last circuit registered with * that token. */ tt_ptr_op(circ4, OP_EQ, - hs_circuitmap_get_intro_circ_v2_service_side(tok2)); + hs_circuitmap_get_intro_circ_v3_service_side(&intro_pk2)); } done: diff --git a/src/test/test_circuitmux.c b/src/test/test_circuitmux.c index d6e3300a30..43f0af3f5f 100644 --- a/src/test/test_circuitmux.c +++ b/src/test/test_circuitmux.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CHANNEL_OBJECT_PRIVATE diff --git a/src/test/test_circuitmux_ewma.c b/src/test/test_circuitmux_ewma.c index 27601e0c7d..2a1e14eea2 100644 --- a/src/test/test_circuitmux_ewma.c +++ b/src/test/test_circuitmux_ewma.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CIRCUITMUX_PRIVATE diff --git a/src/test/test_circuitpadding.c b/src/test/test_circuitpadding.c index 86baf54f40..63b7136a11 100644 --- a/src/test/test_circuitpadding.c +++ b/src/test/test_circuitpadding.c @@ -1367,7 +1367,7 @@ test_circuitpadding_wronghop(void *arg) tt_ptr_op(client_side->padding_info[0], OP_NE, NULL); tt_ptr_op(relay_side->padding_machine[0], OP_NE, NULL); tt_ptr_op(relay_side->padding_info[0], OP_NE, NULL); - tt_int_op(n_relay_cells, OP_EQ, 3); + tt_int_op(n_relay_cells, OP_EQ, 2); tt_int_op(n_client_cells, OP_EQ, 2); /* 6. Sending negotiated command to relay does nothing */ @@ -1396,11 +1396,9 @@ test_circuitpadding_wronghop(void *arg) /* verify no padding was negotiated */ tt_ptr_op(relay_side->padding_machine[0], OP_EQ, NULL); tt_ptr_op(client_side->padding_machine[0], OP_EQ, NULL); - tt_int_op(n_relay_cells, OP_EQ, 3); - tt_int_op(n_client_cells, OP_EQ, 2); /* verify no echo was sent */ - tt_int_op(n_relay_cells, OP_EQ, 3); + tt_int_op(n_relay_cells, OP_EQ, 2); tt_int_op(n_client_cells, OP_EQ, 2); /* Finish circuit */ @@ -1611,7 +1609,7 @@ simulate_single_hop_extend(circuit_t *client, circuit_t *mid_relay, hop->extend_info = extend_info_new( padding ? "padding" : "non-padding", digest, NULL, NULL, NULL, - &addr, padding); + &addr, padding, NULL, false); cpath_init_circuit_crypto(hop, whatevs_key, sizeof(whatevs_key), 0, 0); diff --git a/src/test/test_circuitstats.c b/src/test/test_circuitstats.c index 00ca1b544c..889adc1523 100644 --- a/src/test/test_circuitstats.c +++ b/src/test/test_circuitstats.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CIRCUITBUILD_PRIVATE diff --git a/src/test/test_circuituse.c b/src/test/test_circuituse.c index 49438d9d3b..b6e945c36e 100644 --- a/src/test/test_circuituse.c +++ b/src/test/test_circuituse.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CIRCUITLIST_PRIVATE diff --git a/src/test/test_compat_libevent.c b/src/test/test_compat_libevent.c index 5376e08fb3..7295550e13 100644 --- a/src/test/test_compat_libevent.c +++ b/src/test/test_compat_libevent.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define COMPAT_LIBEVENT_PRIVATE diff --git a/src/test/test_config.c b/src/test/test_config.c index 1654968705..3ebe095a6a 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -41,8 +41,6 @@ #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nodelist.h" #include "core/or/policies.h" -#include "feature/rend/rendclient.h" -#include "feature/rend/rendservice.h" #include "feature/relay/relay_find_addr.h" #include "feature/relay/router.h" #include "feature/relay/routermode.h" @@ -1217,7 +1215,7 @@ get_interface_address6_replacement(int severity, sa_family_t family, return 0; } -#endif +#endif /* 0 */ static int n_get_interface_address6_failure = 0; @@ -6043,7 +6041,7 @@ test_config_include_wildcards(void *data) tt_ptr_op(result, OP_EQ, NULL); tt_int_op(include_used, OP_EQ, 1); config_free_lines(result); -#endif +#endif /* !defined(_WIN32) */ // test pattern *.conf tor_snprintf(torrc_contents, sizeof(torrc_contents), @@ -6183,9 +6181,9 @@ test_config_include_hidden(void *data) len++; } tt_int_op(len, OP_EQ, 1); -#else +#else /* !defined(_WIN32) */ tt_ptr_op(result, OP_EQ, NULL); -#endif +#endif /* defined(_WIN32) */ config_free_lines(result); // test wildcards match hidden folders when explicitly in the pattern @@ -6995,7 +6993,7 @@ test_config_multifamily_port(void *arg) #define CONFIG_TEST_SETUP(suffix, name, flags, setup, setup_data) \ { #name#suffix, test_config_ ## name, flags, setup, setup_data } -#endif +#endif /* !defined(COCCI) */ struct testcase_t config_tests[] = { CONFIG_TEST(adding_trusted_dir_server, TT_FORK), diff --git a/src/test/test_confmgr.c b/src/test/test_confmgr.c index a647b92e0a..00e24f6123 100644 --- a/src/test/test_confmgr.c +++ b/src/test/test_confmgr.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* diff --git a/src/test/test_confparse.c b/src/test/test_confparse.c index abd53dea68..391f6241da 100644 --- a/src/test/test_confparse.c +++ b/src/test/test_confparse.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* diff --git a/src/test/test_connection.c b/src/test/test_connection.c index cf5626ead7..fbf9d6a5ab 100644 --- a/src/test/test_connection.c +++ b/src/test/test_connection.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ +/* Copyright (c) 2015-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -19,7 +19,6 @@ #include "feature/nodelist/microdesc.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/networkstatus.h" -#include "feature/rend/rendcache.h" #include "feature/dircommon/directory.h" #include "core/or/connection_or.h" #include "lib/net/resolve.h" @@ -38,10 +37,6 @@ static void * test_conn_get_basic_setup(const struct testcase_t *tc); static int test_conn_get_basic_teardown(const struct testcase_t *tc, void *arg); -static void * test_conn_get_rend_setup(const struct testcase_t *tc); -static int test_conn_get_rend_teardown(const struct testcase_t *tc, - void *arg); - static void * test_conn_get_rsrc_setup(const struct testcase_t *tc); static int test_conn_get_rsrc_teardown(const struct testcase_t *tc, void *arg); @@ -179,52 +174,6 @@ test_conn_get_basic_teardown(const struct testcase_t *tc, void *arg) return 0; } -static void * -test_conn_get_rend_setup(const struct testcase_t *tc) -{ - dir_connection_t *conn = DOWNCAST(dir_connection_t, - test_conn_get_connection( - TEST_CONN_STATE, - TEST_CONN_TYPE, - TEST_CONN_REND_PURPOSE)); - tt_assert(conn); - assert_connection_ok(&conn->base_, time(NULL)); - - rend_cache_init(); - - /* TODO: use directory_initiate_request() to do this - maybe? */ - tor_assert(strlen(TEST_CONN_REND_ADDR) == REND_SERVICE_ID_LEN_BASE32); - conn->rend_data = rend_data_client_create(TEST_CONN_REND_ADDR, NULL, NULL, - REND_NO_AUTH); - assert_connection_ok(&conn->base_, time(NULL)); - return conn; - - /* On failure */ - done: - test_conn_get_rend_teardown(tc, conn); - /* Returning NULL causes the unit test to fail */ - return NULL; -} - -static int -test_conn_get_rend_teardown(const struct testcase_t *tc, void *arg) -{ - dir_connection_t *conn = DOWNCAST(dir_connection_t, arg); - int rv = 0; - - tt_assert(conn); - assert_connection_ok(&conn->base_, time(NULL)); - - /* avoid a last-ditch attempt to refetch the descriptor */ - conn->base_.purpose = TEST_CONN_REND_PURPOSE_SUCCESSFUL; - - /* connection_free_() cleans up rend_data */ - rv = test_conn_get_basic_teardown(tc, arg); - done: - rend_cache_free_all(); - return rv; -} - static dir_connection_t * test_conn_download_status_add_a_connection(const char *resource) { @@ -369,10 +318,6 @@ static struct testcase_setup_t test_conn_get_basic_st = { test_conn_get_basic_setup, test_conn_get_basic_teardown }; -static struct testcase_setup_t test_conn_get_rend_st = { - test_conn_get_rend_setup, test_conn_get_rend_teardown -}; - static struct testcase_setup_t test_conn_get_rsrc_st = { test_conn_get_rsrc_setup, test_conn_get_rsrc_teardown }; @@ -489,37 +434,6 @@ test_conn_get_basic(void *arg) ; } -static void -test_conn_get_rend(void *arg) -{ - dir_connection_t *conn = DOWNCAST(dir_connection_t, arg); - tt_assert(conn); - assert_connection_ok(&conn->base_, time(NULL)); - - tt_assert(connection_get_by_type_state_rendquery( - conn->base_.type, - conn->base_.state, - rend_data_get_address( - conn->rend_data)) - == TO_CONN(conn)); - tt_assert(connection_get_by_type_state_rendquery( - TEST_CONN_TYPE, - TEST_CONN_STATE, - TEST_CONN_REND_ADDR) - == TO_CONN(conn)); - tt_assert(connection_get_by_type_state_rendquery(TEST_CONN_REND_TYPE_2, - !conn->base_.state, - "") - == NULL); - tt_assert(connection_get_by_type_state_rendquery(TEST_CONN_REND_TYPE_2, - !TEST_CONN_STATE, - TEST_CONN_REND_ADDR_2) - == NULL); - - done: - ; -} - #define sl_is_conn_assert(sl_input, conn) \ do { \ the_sl = (sl_input); \ @@ -912,6 +826,7 @@ test_failed_orconn_tracker(void *arg) /* Prepare the OR connection that will be used in this test */ or_connection_t or_conn; + memset(&or_conn, 0, sizeof(or_conn)); tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&or_conn.canonical_orport.addr, "18.0.0.1")); tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&or_conn.base_.addr, "18.0.0.1")); @@ -1078,12 +993,12 @@ test_conn_describe(void *arg) #define STR(x) #x /* where arg is an expression (constant, variable, compound expression) */ -#define CONNECTION_TESTCASE_ARG(name, fork, setup, arg) \ - { #name "_" STR(x), \ +#define CONNECTION_TESTCASE_ARG(name, extra, fork, setup, arg) \ + { STR(name)"/"extra, \ test_conn_##name, \ - fork, \ - &setup, \ - (void *)arg } + (fork), \ + &(setup), \ + (void *)(arg) } #endif /* !defined(COCCI) */ static const unsigned int PROXY_CONNECT_ARG = PROXY_CONNECT; @@ -1091,17 +1006,16 @@ static const unsigned int PROXY_HAPROXY_ARG = PROXY_HAPROXY; struct testcase_t connection_tests[] = { CONNECTION_TESTCASE(get_basic, TT_FORK, test_conn_get_basic_st), - CONNECTION_TESTCASE(get_rend, TT_FORK, test_conn_get_rend_st), CONNECTION_TESTCASE(get_rsrc, TT_FORK, test_conn_get_rsrc_st), - CONNECTION_TESTCASE_ARG(download_status, TT_FORK, + CONNECTION_TESTCASE_ARG(download_status, "microdesc", TT_FORK, test_conn_download_status_st, "microdesc"), - CONNECTION_TESTCASE_ARG(download_status, TT_FORK, + CONNECTION_TESTCASE_ARG(download_status, "ns", TT_FORK, test_conn_download_status_st, "ns"), - CONNECTION_TESTCASE_ARG(https_proxy_connect, TT_FORK, + CONNECTION_TESTCASE_ARG(https_proxy_connect, "https", TT_FORK, test_conn_proxy_connect_st, &PROXY_CONNECT_ARG), - CONNECTION_TESTCASE_ARG(haproxy_proxy_connect, TT_FORK, + CONNECTION_TESTCASE_ARG(haproxy_proxy_connect, "haproxy", TT_FORK, test_conn_proxy_connect_st, &PROXY_HAPROXY_ARG), //CONNECTION_TESTCASE(func_suffix, TT_FORK, setup_func_pair), diff --git a/src/test/test_connection.h b/src/test/test_connection.h index bf327c0a3d..dc20c500dc 100644 --- a/src/test/test_connection.h +++ b/src/test/test_connection.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_TEST_CONNECTION_H diff --git a/src/test/test_conscache.c b/src/test/test_conscache.c index c805774fa3..5254efbf00 100644 --- a/src/test/test_conscache.c +++ b/src/test/test_conscache.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/test_consdiff.c b/src/test/test_consdiff.c index 242e2f7818..4527a6df3e 100644 --- a/src/test/test_consdiff.c +++ b/src/test/test_consdiff.c @@ -1,5 +1,5 @@ /* Copyright (c) 2014, Daniel Martí - * Copyright (c) 2014-2020, The Tor Project, Inc. */ + * Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONSDIFF_PRIVATE diff --git a/src/test/test_consdiffmgr.c b/src/test/test_consdiffmgr.c index f4adf43549..808d6f55b6 100644 --- a/src/test/test_consdiffmgr.c +++ b/src/test/test_consdiffmgr.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONSDIFFMGR_PRIVATE diff --git a/src/test/test_containers.c b/src/test/test_containers.c index 6072148d1b..6d390c9584 100644 --- a/src/test/test_containers.c +++ b/src/test/test_containers.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_controller.c b/src/test/test_controller.c index 49efeb5f88..85042e9ec2 100644 --- a/src/test/test_controller.c +++ b/src/test/test_controller.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ +/* Copyright (c) 2015-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONTROL_CMD_PRIVATE @@ -16,7 +16,6 @@ #include "feature/dircache/dirserv.h" #include "feature/hs/hs_common.h" #include "feature/nodelist/networkstatus.h" -#include "feature/rend/rendservice.h" #include "feature/nodelist/authcert.h" #include "feature/nodelist/nodelist.h" #include "feature/stats/rephist.h" @@ -317,110 +316,6 @@ test_add_onion_helper_keyarg_v3(void *arg) } static void -test_add_onion_helper_keyarg_v2(void *arg) -{ - int ret, hs_version; - add_onion_secret_key_t pk; - crypto_pk_t *pk1 = NULL; - const char *key_new_alg = NULL; - char *key_new_blob = NULL; - char *encoded = NULL; - char *arg_str = NULL; - - (void) arg; - MOCK(control_write_reply, mock_control_write_reply); - - memset(&pk, 0, sizeof(pk)); - - /* Test explicit RSA1024 key generation. */ - tor_free(reply_str); - ret = add_onion_helper_keyarg("NEW:RSA1024", 0, &key_new_alg, &key_new_blob, - &pk, &hs_version, NULL); - tt_int_op(ret, OP_EQ, 0); - tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); - tt_assert(pk.v2); - tt_str_op(key_new_alg, OP_EQ, "RSA1024"); - tt_assert(key_new_blob); - tt_ptr_op(reply_str, OP_EQ, NULL); - - /* Test discarding the private key. */ - crypto_pk_free(pk.v2); pk.v2 = NULL; - tor_free(key_new_blob); - ret = add_onion_helper_keyarg("NEW:RSA1024", 1, &key_new_alg, &key_new_blob, - &pk, &hs_version, NULL); - tt_int_op(ret, OP_EQ, 0); - tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); - tt_assert(pk.v2); - tt_ptr_op(key_new_alg, OP_EQ, NULL); - tt_ptr_op(key_new_blob, OP_EQ, NULL); - tt_ptr_op(reply_str, OP_EQ, NULL); - - /* Test generating a invalid key type. */ - crypto_pk_free(pk.v2); pk.v2 = NULL; - ret = add_onion_helper_keyarg("NEW:RSA512", 0, &key_new_alg, &key_new_blob, - &pk, &hs_version, NULL); - tt_int_op(ret, OP_EQ, -1); - tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); - tt_assert(!pk.v2); - tt_ptr_op(key_new_alg, OP_EQ, NULL); - tt_ptr_op(key_new_blob, OP_EQ, NULL); - tt_assert(reply_str); - - /* Test loading a RSA1024 key. */ - tor_free(reply_str); - pk1 = pk_generate(0); - tt_int_op(0, OP_EQ, crypto_pk_base64_encode_private(pk1, &encoded)); - tor_asprintf(&arg_str, "RSA1024:%s", encoded); - ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, - &pk, &hs_version, NULL); - tt_int_op(ret, OP_EQ, 0); - tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); - tt_assert(pk.v2); - tt_ptr_op(key_new_alg, OP_EQ, NULL); - tt_ptr_op(key_new_blob, OP_EQ, NULL); - tt_ptr_op(reply_str, OP_EQ, NULL); - tt_int_op(crypto_pk_cmp_keys(pk1, pk.v2), OP_EQ, 0); - - /* Test loading a invalid key type. */ - tor_free(arg_str); - crypto_pk_free(pk1); pk1 = NULL; - crypto_pk_free(pk.v2); pk.v2 = NULL; - tor_asprintf(&arg_str, "RSA512:%s", encoded); - ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, - &pk, &hs_version, NULL); - tt_int_op(ret, OP_EQ, -1); - tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); - tt_assert(!pk.v2); - tt_ptr_op(key_new_alg, OP_EQ, NULL); - tt_ptr_op(key_new_blob, OP_EQ, NULL); - tt_assert(reply_str); - - /* Test loading a invalid key. */ - tor_free(arg_str); - crypto_pk_free(pk.v2); pk.v2 = NULL; - tor_free(reply_str); - encoded[strlen(encoded)/2] = '\0'; - tor_asprintf(&arg_str, "RSA1024:%s", encoded); - ret = add_onion_helper_keyarg(arg_str, 0, &key_new_alg, &key_new_blob, - &pk, &hs_version, NULL); - tt_int_op(ret, OP_EQ, -1); - tt_int_op(hs_version, OP_EQ, HS_VERSION_TWO); - tt_assert(!pk.v2); - tt_ptr_op(key_new_alg, OP_EQ, NULL); - tt_ptr_op(key_new_blob, OP_EQ, NULL); - tt_assert(reply_str); - - done: - crypto_pk_free(pk1); - crypto_pk_free(pk.v2); - tor_free(key_new_blob); - tor_free(reply_str); - tor_free(encoded); - tor_free(arg_str); - UNMOCK(control_write_reply); -} - -static void test_getinfo_helper_onion(void *arg) { (void)arg; @@ -460,50 +355,50 @@ test_getinfo_helper_onion(void *arg) } static void -test_rend_service_parse_port_config(void *arg) +test_hs_parse_port_config(void *arg) { const char *sep = ","; - rend_service_port_config_t *cfg = NULL; + hs_port_config_t *cfg = NULL; char *err_msg = NULL; (void)arg; /* Test "VIRTPORT" only. */ - cfg = rend_service_parse_port_config("80", sep, &err_msg); + cfg = hs_parse_port_config("80", sep, &err_msg); tt_assert(cfg); tt_ptr_op(err_msg, OP_EQ, NULL); /* Test "VIRTPORT,TARGET" (Target is port). */ - rend_service_port_config_free(cfg); - cfg = rend_service_parse_port_config("80,8080", sep, &err_msg); + hs_port_config_free(cfg); + cfg = hs_parse_port_config("80,8080", sep, &err_msg); tt_assert(cfg); tt_ptr_op(err_msg, OP_EQ, NULL); /* Test "VIRTPORT,TARGET" (Target is IPv4:port). */ - rend_service_port_config_free(cfg); - cfg = rend_service_parse_port_config("80,192.0.2.1:8080", sep, &err_msg); + hs_port_config_free(cfg); + cfg = hs_parse_port_config("80,192.0.2.1:8080", sep, &err_msg); tt_assert(cfg); tt_ptr_op(err_msg, OP_EQ, NULL); /* Test "VIRTPORT,TARGET" (Target is IPv6:port). */ - rend_service_port_config_free(cfg); - cfg = rend_service_parse_port_config("80,[2001:db8::1]:8080", sep, &err_msg); + hs_port_config_free(cfg); + cfg = hs_parse_port_config("80,[2001:db8::1]:8080", sep, &err_msg); tt_assert(cfg); tt_ptr_op(err_msg, OP_EQ, NULL); - rend_service_port_config_free(cfg); + hs_port_config_free(cfg); cfg = NULL; /* XXX: Someone should add tests for AF_UNIX targets if supported. */ /* Test empty config. */ - rend_service_port_config_free(cfg); - cfg = rend_service_parse_port_config("", sep, &err_msg); + hs_port_config_free(cfg); + cfg = hs_parse_port_config("", sep, &err_msg); tt_ptr_op(cfg, OP_EQ, NULL); tt_assert(err_msg); /* Test invalid port. */ tor_free(err_msg); - cfg = rend_service_parse_port_config("90001", sep, &err_msg); + cfg = hs_parse_port_config("90001", sep, &err_msg); tt_ptr_op(cfg, OP_EQ, NULL); tt_assert(err_msg); tor_free(err_msg); @@ -513,24 +408,24 @@ test_rend_service_parse_port_config(void *arg) /* quoted unix port */ tor_free(err_msg); - cfg = rend_service_parse_port_config("100 unix:\"/tmp/foo bar\"", + cfg = hs_parse_port_config("100 unix:\"/tmp/foo bar\"", " ", &err_msg); tt_assert(cfg); tt_ptr_op(err_msg, OP_EQ, NULL); - rend_service_port_config_free(cfg); + hs_port_config_free(cfg); cfg = NULL; /* quoted unix port */ tor_free(err_msg); - cfg = rend_service_parse_port_config("100 unix:\"/tmp/foo bar\"", + cfg = hs_parse_port_config("100 unix:\"/tmp/foo bar\"", " ", &err_msg); tt_assert(cfg); tt_ptr_op(err_msg, OP_EQ, NULL); - rend_service_port_config_free(cfg); + hs_port_config_free(cfg); cfg = NULL; /* quoted unix port, missing end quote */ - cfg = rend_service_parse_port_config("100 unix:\"/tmp/foo bar", + cfg = hs_parse_port_config("100 unix:\"/tmp/foo bar", " ", &err_msg); tt_ptr_op(cfg, OP_EQ, NULL); tt_str_op(err_msg, OP_EQ, "Couldn't process address <unix:\"/tmp/foo bar> " @@ -539,7 +434,7 @@ test_rend_service_parse_port_config(void *arg) /* bogus IP address */ MOCK(tor_addr_lookup, mock_tor_addr_lookup__fail_on_bad_addrs); - cfg = rend_service_parse_port_config("100 foo!!.example.com:9000", + cfg = hs_parse_port_config("100 foo!!.example.com:9000", " ", &err_msg); UNMOCK(tor_addr_lookup); tt_ptr_op(cfg, OP_EQ, NULL); @@ -548,7 +443,7 @@ test_rend_service_parse_port_config(void *arg) tor_free(err_msg); /* bogus port port */ - cfg = rend_service_parse_port_config("100 99999", + cfg = hs_parse_port_config("100 99999", " ", &err_msg); tt_ptr_op(cfg, OP_EQ, NULL); tt_str_op(err_msg, OP_EQ, "Unparseable or out-of-range port \"99999\" " @@ -556,69 +451,17 @@ test_rend_service_parse_port_config(void *arg) tor_free(err_msg); /* Wrong target address and port separation */ - cfg = rend_service_parse_port_config("80,127.0.0.1 1234", sep, + cfg = hs_parse_port_config("80,127.0.0.1 1234", sep, &err_msg); tt_ptr_op(cfg, OP_EQ, NULL); tt_assert(err_msg); tor_free(err_msg); done: - rend_service_port_config_free(cfg); + hs_port_config_free(cfg); tor_free(err_msg); } -static void -test_add_onion_helper_clientauth(void *arg) -{ - rend_authorized_client_t *client = NULL; - int created = 0; - - (void)arg; - - MOCK(control_write_reply, mock_control_write_reply); - /* Test "ClientName" only. */ - tor_free(reply_str); - client = add_onion_helper_clientauth("alice", &created, NULL); - tt_assert(client); - tt_assert(created); - tt_ptr_op(reply_str, OP_EQ, NULL); - rend_authorized_client_free(client); - - /* Test "ClientName:Blob" */ - tor_free(reply_str); - client = add_onion_helper_clientauth("alice:475hGBHPlq7Mc0cRZitK/B", - &created, NULL); - tt_assert(client); - tt_assert(!created); - tt_ptr_op(reply_str, OP_EQ, NULL); - rend_authorized_client_free(client); - - /* Test invalid client names */ - tor_free(reply_str); - client = add_onion_helper_clientauth("no*asterisks*allowed", &created, - NULL); - tt_ptr_op(client, OP_EQ, NULL); - tt_assert(reply_str); - - /* Test invalid auth cookie */ - tor_free(reply_str); - client = add_onion_helper_clientauth("alice:12345", &created, NULL); - tt_ptr_op(client, OP_EQ, NULL); - tt_assert(reply_str); - - /* Test invalid syntax */ - tor_free(reply_str); - client = add_onion_helper_clientauth(":475hGBHPlq7Mc0cRZitK/B", &created, - NULL); - tt_ptr_op(client, OP_EQ, NULL); - tt_assert(reply_str); - - done: - rend_authorized_client_free(client); - tor_free(reply_str); - UNMOCK(control_write_reply); -} - /* Mocks and data/variables used for GETINFO download status tests */ static const download_status_t dl_status_default = @@ -2209,15 +2052,11 @@ struct testcase_t controller_tests[] = { PARSER_TEST(no_args_one_obj), PARSER_TEST(no_args_kwargs), PARSER_TEST(one_arg_kwargs), - { "add_onion_helper_keyarg_v2", test_add_onion_helper_keyarg_v2, 0, - NULL, NULL }, { "add_onion_helper_keyarg_v3", test_add_onion_helper_keyarg_v3, 0, NULL, NULL }, { "getinfo_helper_onion", test_getinfo_helper_onion, 0, NULL, NULL }, - { "rend_service_parse_port_config", test_rend_service_parse_port_config, 0, + { "hs_parse_port_config", test_hs_parse_port_config, 0, NULL, NULL }, - { "add_onion_helper_clientauth", test_add_onion_helper_clientauth, 0, NULL, - NULL }, { "download_status_consensus", test_download_status_consensus, 0, NULL, NULL }, {"getinfo_helper_current_consensus_from_cache", diff --git a/src/test/test_controller_events.c b/src/test/test_controller_events.c index 3cd529fa10..8abe89dc24 100644 --- a/src/test/test_controller_events.c +++ b/src/test/test_controller_events.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONNECTION_PRIVATE diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index ffd6a25bd5..87e309f25a 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_crypto_ope.c b/src/test/test_crypto_ope.c index 119ebc114a..a17af181db 100644 --- a/src/test/test_crypto_ope.c +++ b/src/test/test_crypto_ope.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_crypto_openssl.c b/src/test/test_crypto_openssl.c index 989f4a56ca..56428f2e8c 100644 --- a/src/test/test_crypto_openssl.c +++ b/src/test/test_crypto_openssl.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_crypto_rng.c b/src/test/test_crypto_rng.c index b0dc4c117c..3ae97bd499 100644 --- a/src/test/test_crypto_rng.c +++ b/src/test/test_crypto_rng.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_crypto_slow.c b/src/test/test_crypto_slow.c index 1702427b08..bcfea10cf6 100644 --- a/src/test/test_crypto_slow.c +++ b/src/test/test_crypto_slow.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_data.c b/src/test/test_data.c index 30c14fcfff..de333f1211 100644 --- a/src/test/test_data.c +++ b/src/test/test_data.c @@ -1,6 +1,6 @@ /* Copyright 2001-2004 Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "test/test.h" diff --git a/src/test/test_dir.c b/src/test/test_dir.c index 63cc621964..186e09f236 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -4848,9 +4848,6 @@ test_dir_purpose_needs_anonymity_returns_true_for_bridges(void *arg) tt_int_op(1, OP_EQ, purpose_needs_anonymity(0, ROUTER_PURPOSE_BRIDGE, NULL)); tt_int_op(1, OP_EQ, purpose_needs_anonymity(0, ROUTER_PURPOSE_BRIDGE, "foobar")); - tt_int_op(1, OP_EQ, - purpose_needs_anonymity(DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2, - ROUTER_PURPOSE_BRIDGE, NULL)); done: ; } @@ -4865,21 +4862,6 @@ test_dir_purpose_needs_anonymity_returns_false_for_own_bridge_desc(void *arg) } static void -test_dir_purpose_needs_anonymity_returns_true_for_sensitive_purpose(void *arg) -{ - (void)arg; - - tt_int_op(1, OP_EQ, purpose_needs_anonymity( - DIR_PURPOSE_HAS_FETCHED_RENDDESC_V2, - ROUTER_PURPOSE_GENERAL, NULL)); - tt_int_op(1, OP_EQ, purpose_needs_anonymity( - DIR_PURPOSE_UPLOAD_RENDDESC_V2, 0, NULL)); - tt_int_op(1, OP_EQ, purpose_needs_anonymity( - DIR_PURPOSE_FETCH_RENDDESC_V2, 0, NULL)); - done: ; -} - -static void test_dir_purpose_needs_anonymity_ret_false_for_non_sensitive_conn(void *arg) { (void)arg; @@ -4937,12 +4919,6 @@ test_dir_fetch_type(void *arg) tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_MICRODESC, ROUTER_PURPOSE_GENERAL, NULL), OP_EQ, MICRODESC_DIRINFO); - /* This will give a warning, because this function isn't supposed to be - * used for HS descriptors. */ - setup_full_capture_of_logs(LOG_WARN); - tt_int_op(dir_fetch_type(DIR_PURPOSE_FETCH_RENDDESC_V2, - ROUTER_PURPOSE_GENERAL, NULL), OP_EQ, NO_DIRINFO); - expect_single_log_msg_containing("Unexpected purpose"); done: teardown_capture_of_logs(); } @@ -5300,10 +5276,6 @@ test_dir_conn_purpose_to_string(void *data) EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_STATUS_VOTE, "status vote fetch"); EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_DETACHED_SIGNATURES, "consensus signature fetch"); - EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_RENDDESC_V2, - "hidden-service v2 descriptor fetch"); - EXPECT_CONN_PURPOSE(DIR_PURPOSE_UPLOAD_RENDDESC_V2, - "hidden-service v2 descriptor upload"); EXPECT_CONN_PURPOSE(DIR_PURPOSE_FETCH_MICRODESC, "microdescriptor fetch"); /* This will give a warning, because there is no purpose 1024. */ @@ -6680,13 +6652,7 @@ test_dir_find_dl_min_delay(void* data) dls.schedule = DL_SCHED_BRIDGE; /* client */ - mock_options->ClientOnly = 1; - mock_options->UseBridges = 1; - if (num_bridges_usable(0) > 0) { - tt_int_op(find_dl_min_delay(&dls, mock_options), OP_EQ, bridge); - } else { - tt_int_op(find_dl_min_delay(&dls, mock_options), OP_EQ, bridge_bootstrap); - } + tt_int_op(find_dl_min_delay(&dls, mock_options), OP_EQ, bridge_bootstrap); done: UNMOCK(networkstatus_consensus_is_bootstrapping); @@ -7286,7 +7252,6 @@ struct testcase_t dir_tests[] = { DIR(purpose_needs_anonymity_returns_true_for_bridges, 0), DIR(purpose_needs_anonymity_returns_false_for_own_bridge_desc, 0), DIR(purpose_needs_anonymity_returns_true_by_default, 0), - DIR(purpose_needs_anonymity_returns_true_for_sensitive_purpose, 0), DIR(purpose_needs_anonymity_ret_false_for_non_sensitive_conn, 0), DIR(post_parsing, 0), DIR(fetch_type, 0), diff --git a/src/test/test_dir_common.c b/src/test/test_dir_common.c index 77e3851183..201ea900ff 100644 --- a/src/test/test_dir_common.c +++ b/src/test/test_dir_common.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_dir_common.h b/src/test/test_dir_common.h index d37496465c..12dd654812 100644 --- a/src/test/test_dir_common.h +++ b/src/test/test_dir_common.h @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_TEST_DIR_COMMON_H diff --git a/src/test/test_dir_handle_get.c b/src/test/test_dir_handle_get.c index 95339160c3..a7f9fa1d7b 100644 --- a/src/test/test_dir_handle_get.c +++ b/src/test/test_dir_handle_get.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define RENDCOMMON_PRIVATE @@ -18,14 +18,11 @@ #include "feature/dircache/dircache.h" #include "test/test.h" #include "lib/compress/compress.h" -#include "feature/rend/rendcommon.h" -#include "feature/rend/rendcache.h" #include "feature/relay/relay_config.h" #include "feature/relay/router.h" #include "feature/nodelist/authcert.h" #include "feature/nodelist/dirlist.h" #include "feature/nodelist/routerlist.h" -#include "test/rend_test_helpers.h" #include "feature/nodelist/microdesc.h" #include "test/test_helpers.h" #include "feature/nodelist/nodelist.h" @@ -44,7 +41,6 @@ #include "feature/dircommon/dir_connection_st.h" #include "feature/dirclient/dir_server_st.h" #include "feature/nodelist/networkstatus_st.h" -#include "feature/rend/rend_encoded_v2_service_descriptor_st.h" #include "feature/nodelist/routerinfo_st.h" #include "feature/nodelist/routerlist_st.h" @@ -261,125 +257,6 @@ test_dir_handle_get_robots_txt(void *data) tor_free(body); } -#define RENDEZVOUS2_GET(descid) GET("/tor/rendezvous2/" descid) -static void -test_dir_handle_get_rendezvous2_not_found_if_not_encrypted(void *data) -{ - dir_connection_t *conn = NULL; - char *header = NULL; - (void) data; - - MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock); - - conn = new_dir_conn(); - - // connection is not encrypted - tt_assert(!connection_dir_is_encrypted(conn)); - - tt_int_op(directory_handle_command_get(conn, RENDEZVOUS2_GET(), NULL, 0), - OP_EQ, 0); - fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE, - NULL, NULL, 1, 0); - - tt_str_op(NOT_FOUND, OP_EQ, header); - - done: - UNMOCK(connection_write_to_buf_impl_); - connection_free_minimal(TO_CONN(conn)); - tor_free(header); -} - -static void -test_dir_handle_get_rendezvous2_on_encrypted_conn_with_invalid_desc_id( - void *data) -{ - dir_connection_t *conn = NULL; - char *header = NULL; - (void) data; - - MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock); - conn = new_dir_conn(); - - // connection is encrypted - TO_CONN(conn)->linked = 1; - tt_assert(connection_dir_is_encrypted(conn)); - - tt_int_op(directory_handle_command_get(conn, - RENDEZVOUS2_GET("invalid-desc-id"), NULL, 0), OP_EQ, 0); - fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE, - NULL, NULL, 1, 0); - - tt_str_op(header, OP_EQ, NOT_FOUND); - - done: - UNMOCK(connection_write_to_buf_impl_); - connection_free_minimal(TO_CONN(conn)); - tor_free(header); -} - -static void -test_dir_handle_get_rendezvous2_on_encrypted_conn_not_well_formed(void *data) -{ - dir_connection_t *conn = NULL; - char *header = NULL; - (void) data; - - MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock); - conn = new_dir_conn(); - - // connection is encrypted - TO_CONN(conn)->linked = 1; - tt_assert(connection_dir_is_encrypted(conn)); - - //TODO: this can't be reached because rend_valid_descriptor_id() prevents - //this case to happen. This test is the same as - //test_dir_handle_get_rendezvous2_on_encrypted_conn_with_invalid_desc_id We - //should refactor to remove the case from the switch. - - const char *req = RENDEZVOUS2_GET("1bababababababababababababababab"); - tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0); - - fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE, - NULL, NULL, 1, 0); - - tt_str_op(header, OP_EQ, NOT_FOUND); - - done: - UNMOCK(connection_write_to_buf_impl_); - connection_free_minimal(TO_CONN(conn)); - tor_free(header); -} - -static void -test_dir_handle_get_rendezvous2_not_found(void *data) -{ - dir_connection_t *conn = NULL; - char *header = NULL; - (void) data; - - MOCK(connection_write_to_buf_impl_, connection_write_to_buf_mock); - conn = new_dir_conn(); - - rend_cache_init(); - - // connection is encrypted - TO_CONN(conn)->linked = 1; - tt_assert(connection_dir_is_encrypted(conn)); - - const char *req = RENDEZVOUS2_GET("3xqunszqnaolrrfmtzgaki7mxelgvkje"); - tt_int_op(directory_handle_command_get(conn, req, NULL, 0), OP_EQ, 0); - fetch_from_buf_http(TO_CONN(conn)->outbuf, &header, MAX_HEADERS_SIZE, - NULL, NULL, 1, 0); - - tt_str_op(NOT_FOUND, OP_EQ, header); - - done: - UNMOCK(connection_write_to_buf_impl_); - connection_free_minimal(TO_CONN(conn)); - tor_free(header); - rend_cache_free_all(); -} - static const routerinfo_t * dhg_tests_router_get_my_routerinfo(void); ATTR_UNUSED static int dhg_tests_router_get_my_routerinfo_called = 0; @@ -2864,10 +2741,6 @@ struct testcase_t dir_handle_get_tests[] = { DIR_HANDLE_CMD(v1_command_not_found, 0), DIR_HANDLE_CMD(v1_command, 0), DIR_HANDLE_CMD(robots_txt, 0), - DIR_HANDLE_CMD(rendezvous2_not_found_if_not_encrypted, 0), - DIR_HANDLE_CMD(rendezvous2_not_found, 0), - DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_with_invalid_desc_id, 0), - DIR_HANDLE_CMD(rendezvous2_on_encrypted_conn_not_well_formed, 0), DIR_HANDLE_CMD(micro_d_not_found, 0), DIR_HANDLE_CMD(micro_d_server_busy, 0), DIR_HANDLE_CMD(micro_d, 0), diff --git a/src/test/test_dirauth_ports.c b/src/test/test_dirauth_ports.c new file mode 100644 index 0000000000..5dc0b0b631 --- /dev/null +++ b/src/test/test_dirauth_ports.c @@ -0,0 +1,152 @@ +/* Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "orconfig.h" +#define CONFIG_PRIVATE + +#include "core/or/or.h" +#include "feature/dirclient/dir_server_st.h" +#include "feature/nodelist/dirlist.h" +#include "app/config/config.h" +#include "test/test.h" +#include "test/log_test_helpers.h" + +static void +test_dirauth_port_parsing(void *arg) +{ + (void)arg; + + // This one is okay. + int rv = parse_dir_authority_line( + "moria1 orport=9101 " + "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " + "upload=http://128.31.0.39:9131/ " + "download=http://128.31.0.39:9131 " + "vote=http://128.31.0.39:9131/ " + "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", + NO_DIRINFO, 1); + tt_int_op(rv,OP_EQ,0); + + // These have bad syntax. + setup_capture_of_logs(LOG_WARN); + rv = parse_dir_authority_line( + "moria1 orport=9101 " + "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " + "uploadx=http://128.31.0.39:9131/ " + "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", + NO_DIRINFO, 1); + tt_int_op(rv,OP_EQ,0); + expect_log_msg_containing("Unrecognized flag"); + mock_clean_saved_logs(); + + rv = parse_dir_authority_line( + "moria1 orport=9101 " + "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " + "upload=https://128.31.0.39:9131/ " // https is not recognized + "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", + NO_DIRINFO, 1); + tt_int_op(rv,OP_EQ,-1); + expect_log_msg_containing("Unsupported URL scheme"); + mock_clean_saved_logs(); + + rv = parse_dir_authority_line( + "moria1 orport=9101 " + "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " + "upload=http://128.31.0.39:9131/tor " // suffix is not supported + "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", + NO_DIRINFO, 1); + tt_int_op(rv,OP_EQ,-1); + expect_log_msg_containing("Unsupported URL prefix"); + mock_clean_saved_logs(); + + rv = parse_dir_authority_line( + "moria1 orport=9101 " + "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " + "upload=http://128.31.0.256:9131/ " // "256" is not ipv4. + "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", + NO_DIRINFO, 1); + tt_int_op(rv,OP_EQ,-1); + expect_log_msg_containing("Unable to parse address"); + + rv = parse_dir_authority_line( + "moria1 orport=9101 " + "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " + "upload=http://xyz.example.com/ " // hostnames not supported. + "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", + NO_DIRINFO, 1); + tt_int_op(rv,OP_EQ,-1); + expect_log_msg_containing("Unable to parse address"); + + done: + teardown_capture_of_logs(); +} + +static void +test_dirauth_port_lookup(void *arg) +{ + (void)arg; + + clear_dir_servers(); + + int rv = parse_dir_authority_line( + "moria1 orport=9101 " + "v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 " + "upload=http://128.31.0.40:9132/ " + "download=http://128.31.0.41:9133 " + "vote=http://128.31.0.42:9134/ " + "128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", + NO_DIRINFO, 0); + tt_int_op(rv,OP_EQ,0); + + rv = parse_dir_authority_line( + "morgoth orport=9101 " + "v3ident=D586D18309DED4CDFFFFFFFFDB97EFA96D330566 " + "upload=http://128.31.0.43:9140/ " + "128.31.0.44:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31", + NO_DIRINFO, 0); + tt_int_op(rv,OP_EQ,0); + + const smartlist_t *servers = router_get_trusted_dir_servers(); + tt_assert(servers); + tt_int_op(smartlist_len(servers), OP_EQ, 2); + const dir_server_t *moria = smartlist_get(servers, 0); + const dir_server_t *morgoth = smartlist_get(servers, 1); + tt_str_op(moria->nickname, OP_EQ, "moria1"); + tt_str_op(morgoth->nickname, OP_EQ, "morgoth"); + + const tor_addr_port_t *dirport; + + dirport = trusted_dir_server_get_dirport(moria, + AUTH_USAGE_UPLOAD, AF_INET); + tt_int_op(dirport->port, OP_EQ, 9132); + dirport = trusted_dir_server_get_dirport(moria, + AUTH_USAGE_DOWNLOAD, AF_INET); + tt_int_op(dirport->port, OP_EQ, 9133); + dirport = trusted_dir_server_get_dirport(moria, + AUTH_USAGE_VOTING, AF_INET); + tt_int_op(dirport->port, OP_EQ, 9134); + + dirport = trusted_dir_server_get_dirport(morgoth, + AUTH_USAGE_UPLOAD, AF_INET); + tt_int_op(dirport->port, OP_EQ, 9140); + dirport = trusted_dir_server_get_dirport(morgoth, + AUTH_USAGE_DOWNLOAD, AF_INET); + tt_int_op(dirport->port, OP_EQ, 9131); // fallback + dirport = trusted_dir_server_get_dirport(morgoth, + AUTH_USAGE_VOTING, AF_INET); + tt_int_op(dirport->port, OP_EQ, 9131); // fallback + + done: + ; +} + +#define T(name) \ + { #name, test_dirauth_port_ ## name, TT_FORK, NULL, NULL } + +struct testcase_t dirauth_port_tests[] = { + T(parsing), + T(lookup), + END_OF_TESTCASES +}; diff --git a/src/test/test_dirvote.c b/src/test/test_dirvote.c index b5e57ad071..2b53955107 100644 --- a/src/test/test_dirvote.c +++ b/src/test/test_dirvote.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -656,6 +656,30 @@ done: ROUTER_FREE(pppp); } +static void +test_dirvote_parse_param_buggy(void *arg) +{ + (void)arg; + + /* Tests for behavior with bug emulation to migrate away from bug 19011. */ + tt_i64_op(extract_param_buggy("blah blah", "bwweightscale", 10000), + OP_EQ, 10000); + tt_i64_op(extract_param_buggy("bwweightscale=7", "bwweightscale", 10000), + OP_EQ, 7); + tt_i64_op(extract_param_buggy("bwweightscale=7 foo=9", + "bwweightscale", 10000), + OP_EQ, 10000); + tt_i64_op(extract_param_buggy("foo=7 bwweightscale=777 bar=9", + "bwweightscale", 10000), + OP_EQ, 10000); + tt_i64_op(extract_param_buggy("foo=7 bwweightscale=1234", + "bwweightscale", 10000), + OP_EQ, 1234); + + done: + ; +} + #define NODE(name, flags) \ { \ #name, test_dirvote_##name, (flags), NULL, NULL \ @@ -668,4 +692,5 @@ struct testcase_t dirvote_tests[] = { NODE(get_sybil_by_ip_version_ipv4, TT_FORK), NODE(get_sybil_by_ip_version_ipv6, TT_FORK), NODE(get_all_possible_sybil, TT_FORK), + NODE(parse_param_buggy, 0), END_OF_TESTCASES}; diff --git a/src/test/test_dispatch.c b/src/test/test_dispatch.c index f7f8ecdc03..902029a85c 100644 --- a/src/test/test_dispatch.c +++ b/src/test/test_dispatch.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define DISPATCH_NEW_PRIVATE diff --git a/src/test/test_dns.c b/src/test/test_dns.c index d2b0777d6b..6612391127 100644 --- a/src/test/test_dns.c +++ b/src/test/test_dns.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ +/* Copyright (c) 2015-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_dos.c b/src/test/test_dos.c index 850bbef59b..a34420024f 100644 --- a/src/test/test_dos.c +++ b/src/test/test_dos.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define DOS_PRIVATE @@ -79,6 +79,9 @@ test_dos_conn_creation(void *arg) { /* Register many conns from this client but not enough to get it blocked */ unsigned int i; for (i = 0; i < max_concurrent_conns; i++) { + /* Don't trigger the connect() rate limitation so advance the clock 1 + * second for each connection. */ + update_approx_time(++now); dos_new_client_conn(&or_conn, NULL); } } @@ -470,7 +473,7 @@ test_known_relay(void *arg) GEOIP_CLIENT_CONNECT); tt_assert(entry); /* We should have a count of 0. */ - tt_uint_op(entry->dos_stats.concurrent_count, OP_EQ, 0); + tt_uint_op(entry->dos_stats.conn_stats.concurrent_count, OP_EQ, 0); /* To make sure that his is working properly, make a unknown client * connection and see if we do get it. */ @@ -483,7 +486,7 @@ test_known_relay(void *arg) GEOIP_CLIENT_CONNECT); tt_assert(entry); /* We should have a count of 2. */ - tt_uint_op(entry->dos_stats.concurrent_count, OP_EQ, 2); + tt_uint_op(entry->dos_stats.conn_stats.concurrent_count, OP_EQ, 2); done: routerstatus_free(rs); routerinfo_free(ri); microdesc_free(md); @@ -496,11 +499,69 @@ test_known_relay(void *arg) UNMOCK(get_param_cc_enabled); } +/** Test that the connection tracker of the DoS subsystem will block clients + * who try to establish too many connections */ +static void +test_dos_conn_rate(void *arg) +{ + (void) arg; + + MOCK(get_param_cc_enabled, mock_enable_dos_protection); + MOCK(get_param_conn_enabled, mock_enable_dos_protection); + + /* Initialize test data */ + or_connection_t or_conn; + time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */ + tt_int_op(AF_INET,OP_EQ, tor_addr_parse(&TO_CONN(&or_conn)->addr, + "18.0.0.1")); + tor_addr_t *addr = &TO_CONN(&or_conn)->addr; + update_approx_time(now); + + /* Get DoS subsystem limits */ + dos_init(); + uint32_t burst_conn = get_param_conn_connect_burst(NULL); + + /* Introduce new client */ + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now); + { /* Register many conns from this client but not enough to get it blocked */ + unsigned int i; + for (i = 0; i < burst_conn - 1; i++) { + dos_new_client_conn(&or_conn, NULL); + } + } + + /* Check that new conns are still permitted */ + tt_int_op(DOS_CONN_DEFENSE_NONE, OP_EQ, + dos_conn_addr_get_defense_type(addr)); + + /* Register another conn and check that new conns are not allowed anymore. + * We should have reached our burst. */ + dos_new_client_conn(&or_conn, NULL); + tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ, + dos_conn_addr_get_defense_type(addr)); + + /* Advance the time 12 hours. It should still be blocked. */ + update_approx_time(now + (12 * 60 * 60)); + tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ, + dos_conn_addr_get_defense_type(addr)); + + /* Advance the time 24 hours plus 13 hours. It should be unblocked. + * Remember, we had a random value between 24 hours and rand(24/2) thus + * adding 13 hours is safe. */ + update_approx_time(now + (37 * 60 * 60)); + tt_int_op(DOS_CONN_DEFENSE_NONE, OP_EQ, + dos_conn_addr_get_defense_type(addr)); + + done: + dos_free_all(); +} + struct testcase_t dos_tests[] = { { "conn_creation", test_dos_conn_creation, TT_FORK, NULL, NULL }, { "circuit_creation", test_dos_circuit_creation, TT_FORK, NULL, NULL }, { "bucket_refill", test_dos_bucket_refill, TT_FORK, NULL, NULL }, { "known_relay" , test_known_relay, TT_FORK, NULL, NULL }, + { "conn_rate", test_dos_conn_rate, TT_FORK, NULL, NULL }, END_OF_TESTCASES }; diff --git a/src/test/test_entryconn.c b/src/test/test_entryconn.c index 75018260f7..9ab43a90ad 100644 --- a/src/test/test_entryconn.c +++ b/src/test/test_entryconn.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -17,7 +17,6 @@ #include "feature/nodelist/nodelist.h" #include "feature/hs/hs_cache.h" -#include "feature/rend/rendcache.h" #include "core/or/entry_connection_st.h" #include "core/or/socks_request_st.h" @@ -307,7 +306,7 @@ test_entryconn_rewrite_cached_dns_ipv4(void *arg) tor_strdup("240.240.241.241"), expires, ADDRMAPSRC_DNS, - 0, 0); + 0, 0, 0); strlcpy(ec->socks_request->address, "www.friendly.example.com", sizeof(ec->socks_request->address)); @@ -359,7 +358,7 @@ test_entryconn_rewrite_cached_dns_ipv6(void *arg) tor_strdup("[::f00f]"), expires, ADDRMAPSRC_DNS, - 0, 0); + 0, 0, 0); strlcpy(ec->socks_request->address, "www.friendly.example.com", sizeof(ec->socks_request->address)); @@ -748,7 +747,6 @@ test_entryconn_rewrite_onion_v3(void *arg) /* Make an onion connection using the SOCKS request */ conn->entry_cfg.onion_traffic = 1; ENTRY_TO_CONN(conn)->state = AP_CONN_STATE_SOCKS_WAIT; - tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data); tt_assert(!ENTRY_TO_EDGE_CONN(conn)->hs_ident); /* Handle SOCKS and rewrite! */ @@ -763,7 +761,6 @@ test_entryconn_rewrite_onion_v3(void *arg) "25njqamcweflpvkl73j4szahhihoc4xt3ktcgjnpaingr5yhkenl5sid"); /* check that HS information got attached to the connection */ tt_assert(ENTRY_TO_EDGE_CONN(conn)->hs_ident); - tt_assert(!ENTRY_TO_EDGE_CONN(conn)->rend_data); done: hs_free_all(); diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index 589876db2a..118b66dfa7 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -92,6 +92,12 @@ bfn_mock_node_get_by_id(const char *id) return NULL; } +static int +mock_router_have_minimum_dir_info(void) +{ + return 1; +} + /* Helper function to free a test node. */ static void test_node_free(node_t *n) @@ -3087,6 +3093,38 @@ test_entry_guard_vanguard_path_selection(void *arg) circuit_free_(circ); } +static void +test_entry_guard_layer2_guards(void *arg) +{ + (void) arg; + MOCK(router_have_minimum_dir_info, mock_router_have_minimum_dir_info); + + /* First check the enable/disable switch */ + get_options_mutable()->VanguardsLiteEnabled = 0; + tt_int_op(vanguards_lite_is_enabled(), OP_EQ, 0); + + get_options_mutable()->VanguardsLiteEnabled = 1; + tt_int_op(vanguards_lite_is_enabled(), OP_EQ, 1); + + get_options_mutable()->VanguardsLiteEnabled = -1; + tt_int_op(vanguards_lite_is_enabled(), OP_EQ, 1); + + /* OK now let's move to actual testing */ + + /* Remove restrictions to route around Big Fake Network restrictions */ + get_options_mutable()->EnforceDistinctSubnets = 0; + + /* Create the L2 guardset */ + maintain_layer2_guards(); + + const routerset_t *l2_guards = get_layer2_guards(); + tt_assert(l2_guards); + tt_int_op(routerset_len(l2_guards), OP_EQ, 4); + + done: + UNMOCK(router_have_minimum_dir_info); +} + static const struct testcase_setup_t big_fake_network = { big_fake_network_setup, big_fake_network_cleanup }; @@ -3152,6 +3190,8 @@ struct testcase_t entrynodes_tests[] = { BFN_TEST(manage_primary), BFN_TEST(correct_cascading_order), + BFN_TEST(layer2_guards), + EN_TEST_FORK(guard_preferred), BFN_TEST(select_for_circuit_no_confirmed), diff --git a/src/test/test_extorport.c b/src/test/test_extorport.c index 7935530653..201a702d19 100644 --- a/src/test/test_extorport.c +++ b/src/test/test_extorport.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONNECTION_PRIVATE @@ -24,60 +24,6 @@ #include <sys/stat.h> #endif -/* Test connection_or_remove_from_ext_or_id_map and - * connection_or_set_ext_or_identifier */ -static void -test_ext_or_id_map(void *arg) -{ - or_connection_t *c1 = NULL, *c2 = NULL, *c3 = NULL; - char *idp = NULL, *idp2 = NULL; - (void)arg; - - /* pre-initialization */ - tt_ptr_op(NULL, OP_EQ, - connection_or_get_by_ext_or_id("xxxxxxxxxxxxxxxxxxxx")); - - c1 = or_connection_new(CONN_TYPE_EXT_OR, AF_INET); - c2 = or_connection_new(CONN_TYPE_EXT_OR, AF_INET); - c3 = or_connection_new(CONN_TYPE_OR, AF_INET); - - tt_ptr_op(c1->ext_or_conn_id, OP_NE, NULL); - tt_ptr_op(c2->ext_or_conn_id, OP_NE, NULL); - tt_ptr_op(c3->ext_or_conn_id, OP_EQ, NULL); - - tt_ptr_op(c1, OP_EQ, connection_or_get_by_ext_or_id(c1->ext_or_conn_id)); - tt_ptr_op(c2, OP_EQ, connection_or_get_by_ext_or_id(c2->ext_or_conn_id)); - tt_ptr_op(NULL, OP_EQ, - connection_or_get_by_ext_or_id("xxxxxxxxxxxxxxxxxxxx")); - - idp = tor_memdup(c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN); - - /* Give c2 a new ID. */ - connection_or_set_ext_or_identifier(c2); - tt_mem_op(idp, OP_NE, c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN); - idp2 = tor_memdup(c2->ext_or_conn_id, EXT_OR_CONN_ID_LEN); - tt_assert(!tor_digest_is_zero(idp2)); - - tt_ptr_op(NULL, OP_EQ, connection_or_get_by_ext_or_id(idp)); - tt_ptr_op(c2, OP_EQ, connection_or_get_by_ext_or_id(idp2)); - - /* Now remove it. */ - connection_or_remove_from_ext_or_id_map(c2); - tt_ptr_op(NULL, OP_EQ, connection_or_get_by_ext_or_id(idp)); - tt_ptr_op(NULL, OP_EQ, connection_or_get_by_ext_or_id(idp2)); - - done: - if (c1) - connection_free_minimal(TO_CONN(c1)); - if (c2) - connection_free_minimal(TO_CONN(c2)); - if (c3) - connection_free_minimal(TO_CONN(c3)); - tor_free(idp); - tor_free(idp2); - connection_or_clear_ext_or_id_map(); -} - /* Simple connection_write_to_buf_impl_ replacement that unconditionally * writes to outbuf. */ static void @@ -527,7 +473,7 @@ test_ext_or_handshake(void *arg) tt_int_op(handshake_start_called,OP_EQ,1); tt_int_op(TO_CONN(conn)->type, OP_EQ, CONN_TYPE_OR); tt_int_op(TO_CONN(conn)->state, OP_EQ, 0); - close_closeable_connections(); + connection_free_(TO_CONN(conn)); conn = NULL; /* Okay, this time let's succeed the handshake but fail the USERADDR @@ -581,7 +527,6 @@ test_ext_or_handshake(void *arg) } struct testcase_t extorport_tests[] = { - { "id_map", test_ext_or_id_map, TT_FORK, NULL, NULL }, { "write_command", test_ext_or_write_command, TT_FORK, NULL, NULL }, { "init_auth", test_ext_or_init_auth, TT_FORK, NULL, NULL }, { "cookie_auth", test_ext_or_cookie_auth, TT_FORK, NULL, NULL }, diff --git a/src/test/test_geoip.c b/src/test/test_geoip.c index 95afe4d6c4..b980f10096 100644 --- a/src/test/test_geoip.c +++ b/src/test/test_geoip.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_guardfraction.c b/src/test/test_guardfraction.c index 6019dfc2b1..77a5425cd0 100644 --- a/src/test/test_guardfraction.c +++ b/src/test/test_guardfraction.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define GUARDFRACTION_PRIVATE diff --git a/src/test/test_handles.c b/src/test/test_handles.c index dbb5b1a18e..52274558ec 100644 --- a/src/test/test_handles.c +++ b/src/test/test_handles.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_helpers.c b/src/test/test_helpers.c index 20d4582e74..2edaa746f1 100644 --- a/src/test/test_helpers.c +++ b/src/test/test_helpers.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_helpers.h b/src/test/test_helpers.h index f02ecbb0ac..e9695c55d5 100644 --- a/src/test/test_helpers.h +++ b/src/test/test_helpers.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TOR_TEST_HELPERS_H diff --git a/src/test/test_hs.c b/src/test/test_hs.c deleted file mode 100644 index 46b4493a3d..0000000000 --- a/src/test/test_hs.c +++ /dev/null @@ -1,1005 +0,0 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -/** - * \file test_hs.c - * \brief Unit tests for hidden service. - **/ - -#define CONTROL_EVENTS_PRIVATE -#define CIRCUITBUILD_PRIVATE -#define RENDCOMMON_PRIVATE -#define RENDSERVICE_PRIVATE -#define HS_SERVICE_PRIVATE - -#include "core/or/or.h" -#include "test/test.h" -#include "feature/control/control.h" -#include "feature/control/control_events.h" -#include "feature/control/control_fmt.h" -#include "app/config/config.h" -#include "feature/hs/hs_common.h" -#include "feature/rend/rendcommon.h" -#include "feature/rend/rendservice.h" -#include "feature/nodelist/routerlist.h" -#include "feature/nodelist/routerset.h" -#include "core/or/circuitbuild.h" - -#include "feature/nodelist/node_st.h" -#include "feature/rend/rend_encoded_v2_service_descriptor_st.h" -#include "feature/rend/rend_intro_point_st.h" -#include "feature/nodelist/routerinfo_st.h" - -#include "test/test_helpers.h" - -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif - -/* mock ID digest and longname for node that's in nodelist */ -#define HSDIR_EXIST_ID "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" \ - "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" -#define STR_HSDIR_EXIST_LONGNAME \ - "$AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=TestDir" -/* mock ID digest and longname for node that's not in nodelist */ -#define HSDIR_NONE_EXIST_ID "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB" \ - "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB" -#define STR_HSDIR_NONE_EXIST_LONGNAME \ - "$BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" - -/* DuckDuckGo descriptor as an example. This one has extra "\r" at the end so - * the control port is happy. */ -static const char *hs_desc_content_control = "\ -rendezvous-service-descriptor g5ojobzupf275beh5ra72uyhb3dkpxwg\r\n\ -version 2\r\n\ -permanent-key\r\n\ ------BEGIN RSA PUBLIC KEY-----\r\n\ -MIGJAoGBAJ/SzzgrXPxTlFrKVhXh3buCWv2QfcNgncUpDpKouLn3AtPH5Ocys0jE\r\n\ -aZSKdvaiQ62md2gOwj4x61cFNdi05tdQjS+2thHKEm/KsB9BGLSLBNJYY356bupg\r\n\ -I5gQozM65ENelfxYlysBjJ52xSDBd8C4f/p9umdzaaaCmzXG/nhzAgMBAAE=\r\n\ ------END RSA PUBLIC KEY-----\r\n\ -secret-id-part anmjoxxwiupreyajjt5yasimfmwcnxlf\r\n\ -publication-time 2015-03-11 19:00:00\r\n\ -protocol-versions 2,3\r\n\ -introduction-points\r\n\ ------BEGIN MESSAGE-----\r\n\ -aW50cm9kdWN0aW9uLXBvaW50IDd1bnd4cmg2dG5kNGh6eWt1Z3EzaGZzdHduc2ll\r\n\ -cmhyCmlwLWFkZHJlc3MgMTg4LjEzOC4xMjEuMTE4Cm9uaW9uLXBvcnQgOTAwMQpv\r\n\ -bmlvbi1rZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dC\r\n\ -QUxGRVVyeVpDbk9ROEhURmV5cDVjMTRObWVqL1BhekFLTTBxRENTNElKUWh0Y3g1\r\n\ -NXpRSFdOVWIKQ2hHZ0JqR1RjV3ZGRnA0N3FkdGF6WUZhVXE2c0lQKzVqeWZ5b0Q4\r\n\ -UmJ1bzBwQmFWclJjMmNhYUptWWM0RDh6Vgpuby9sZnhzOVVaQnZ1cWY4eHIrMDB2\r\n\ -S0JJNmFSMlA2OE1WeDhrMExqcUpUU2RKOE9idm9yQWdNQkFBRT0KLS0tLS1FTkQg\r\n\ -UlNBIFBVQkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQ\r\n\ -VUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTnJHb0ozeTlHNXQzN2F2ekI1cTlwN1hG\r\n\ -VUplRUVYMUNOaExnWmJXWGJhVk5OcXpoZFhyL0xTUQppM1Z6dW5OaUs3cndUVnE2\r\n\ -K2QyZ1lRckhMMmIvMXBBY3ZKWjJiNSs0bTRRc0NibFpjRENXTktRbHJnRWN5WXRJ\r\n\ -CkdscXJTbFFEaXA0ZnNrUFMvNDVkWTI0QmJsQ3NGU1k3RzVLVkxJck4zZFpGbmJr\r\n\ -NEZIS1hBZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJv\r\n\ -ZHVjdGlvbi1wb2ludCBiNGM3enlxNXNheGZzN2prNXFibG1wN3I1b3pwdHRvagpp\r\n\ -cC1hZGRyZXNzIDEwOS4xNjkuNDUuMjI2Cm9uaW9uLXBvcnQgOTAwMQpvbmlvbi1r\r\n\ -ZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dCQU8xSXpw\r\n\ -WFFUTUY3RXZUb1NEUXpzVnZiRVFRQUQrcGZ6NzczMVRXZzVaUEJZY1EyUkRaeVp4\r\n\ -OEQKNUVQSU1FeUE1RE83cGd0ak5LaXJvYXJGMC8yempjMkRXTUlSaXZyU29YUWVZ\r\n\ -ZXlMM1pzKzFIajJhMDlCdkYxZAp6MEswblRFdVhoNVR5V3lyMHdsbGI1SFBnTlI0\r\n\ -MS9oYkprZzkwZitPVCtIeGhKL1duUml2QWdNQkFBRT0KLS0tLS1FTkQgUlNBIFBV\r\n\ -QkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQVUJMSUMg\r\n\ -S0VZLS0tLS0KTUlHSkFvR0JBSzNWZEJ2ajFtQllLL3JrcHNwcm9Ub0llNUtHVmth\r\n\ -QkxvMW1tK1I2YUVJek1VZFE1SjkwNGtyRwpCd3k5NC8rV0lGNFpGYXh5Z2phejl1\r\n\ -N2pKY1k3ZGJhd1pFeG1hYXFCRlRwL2h2ZG9rcHQ4a1ByRVk4OTJPRHJ1CmJORUox\r\n\ -N1FPSmVMTVZZZk5Kcjl4TWZCQ3JQai8zOGh2RUdrbWVRNmRVWElvbVFNaUJGOVRB\r\n\ -Z01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJvZHVjdGlv\r\n\ -bi1wb2ludCBhdjVtcWl0Y2Q3cjJkandsYmN0c2Jlc2R3eGt0ZWtvegppcC1hZGRy\r\n\ -ZXNzIDE0NC43Ni44LjczCm9uaW9uLXBvcnQgNDQzCm9uaW9uLWtleQotLS0tLUJF\r\n\ -R0lOIFJTQSBQVUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTzVweVZzQmpZQmNmMXBE\r\n\ -dklHUlpmWXUzQ05nNldka0ZLMGlvdTBXTGZtejZRVDN0NWhzd3cyVwpjejlHMXhx\r\n\ -MmN0Nkd6VWkrNnVkTDlITTRVOUdHTi9BbW8wRG9GV1hKWHpBQkFXd2YyMVdsd1lW\r\n\ -eFJQMHRydi9WCkN6UDkzcHc5OG5vSmdGUGRUZ05iMjdKYmVUZENLVFBrTEtscXFt\r\n\ -b3NveUN2RitRa25vUS9BZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0t\r\n\ -LS0tCnNlcnZpY2Uta2V5Ci0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLQpN\r\n\ -SUdKQW9HQkFMVjNKSmtWN3lTNU9jc1lHMHNFYzFQOTVRclFRR3ZzbGJ6Wi9zRGxl\r\n\ -RlpKYXFSOUYvYjRUVERNClNGcFMxcU1GbldkZDgxVmRGMEdYRmN2WVpLamRJdHU2\r\n\ -SndBaTRJeEhxeXZtdTRKdUxrcXNaTEFLaXRLVkx4eGsKeERlMjlDNzRWMmJrOTRJ\r\n\ -MEgybTNKS2tzTHVwc3VxWWRVUmhOVXN0SElKZmgyZmNIalF0bEFnTUJBQUU9Ci0t\r\n\ -LS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0KCg==\r\n\ ------END MESSAGE-----\r\n\ -signature\r\n\ ------BEGIN SIGNATURE-----\r\n\ -d4OuCE5OLAOnRB6cQN6WyMEmg/BHem144Vec+eYgeWoKwx3MxXFplUjFxgnMlmwN\r\n\ -PcftsZf2ztN0sbNCtPgDL3d0PqvxY3iHTQAI8EbaGq/IAJUZ8U4y963dD5+Bn6JQ\r\n\ -myE3ctmh0vy5+QxSiRjmQBkuEpCyks7LvWvHYrhnmcg=\r\n\ ------END SIGNATURE-----"; - -/* DuckDuckGo descriptor as an example. */ -static const char *hs_desc_content = "\ -rendezvous-service-descriptor g5ojobzupf275beh5ra72uyhb3dkpxwg\n\ -version 2\n\ -permanent-key\n\ ------BEGIN RSA PUBLIC KEY-----\n\ -MIGJAoGBAJ/SzzgrXPxTlFrKVhXh3buCWv2QfcNgncUpDpKouLn3AtPH5Ocys0jE\n\ -aZSKdvaiQ62md2gOwj4x61cFNdi05tdQjS+2thHKEm/KsB9BGLSLBNJYY356bupg\n\ -I5gQozM65ENelfxYlysBjJ52xSDBd8C4f/p9umdzaaaCmzXG/nhzAgMBAAE=\n\ ------END RSA PUBLIC KEY-----\n\ -secret-id-part anmjoxxwiupreyajjt5yasimfmwcnxlf\n\ -publication-time 2015-03-11 19:00:00\n\ -protocol-versions 2,3\n\ -introduction-points\n\ ------BEGIN MESSAGE-----\n\ -aW50cm9kdWN0aW9uLXBvaW50IDd1bnd4cmg2dG5kNGh6eWt1Z3EzaGZzdHduc2ll\n\ -cmhyCmlwLWFkZHJlc3MgMTg4LjEzOC4xMjEuMTE4Cm9uaW9uLXBvcnQgOTAwMQpv\n\ -bmlvbi1rZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dC\n\ -QUxGRVVyeVpDbk9ROEhURmV5cDVjMTRObWVqL1BhekFLTTBxRENTNElKUWh0Y3g1\n\ -NXpRSFdOVWIKQ2hHZ0JqR1RjV3ZGRnA0N3FkdGF6WUZhVXE2c0lQKzVqeWZ5b0Q4\n\ -UmJ1bzBwQmFWclJjMmNhYUptWWM0RDh6Vgpuby9sZnhzOVVaQnZ1cWY4eHIrMDB2\n\ -S0JJNmFSMlA2OE1WeDhrMExqcUpUU2RKOE9idm9yQWdNQkFBRT0KLS0tLS1FTkQg\n\ -UlNBIFBVQkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQ\n\ -VUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTnJHb0ozeTlHNXQzN2F2ekI1cTlwN1hG\n\ -VUplRUVYMUNOaExnWmJXWGJhVk5OcXpoZFhyL0xTUQppM1Z6dW5OaUs3cndUVnE2\n\ -K2QyZ1lRckhMMmIvMXBBY3ZKWjJiNSs0bTRRc0NibFpjRENXTktRbHJnRWN5WXRJ\n\ -CkdscXJTbFFEaXA0ZnNrUFMvNDVkWTI0QmJsQ3NGU1k3RzVLVkxJck4zZFpGbmJr\n\ -NEZIS1hBZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJv\n\ -ZHVjdGlvbi1wb2ludCBiNGM3enlxNXNheGZzN2prNXFibG1wN3I1b3pwdHRvagpp\n\ -cC1hZGRyZXNzIDEwOS4xNjkuNDUuMjI2Cm9uaW9uLXBvcnQgOTAwMQpvbmlvbi1r\n\ -ZXkKLS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JR0pBb0dCQU8xSXpw\n\ -WFFUTUY3RXZUb1NEUXpzVnZiRVFRQUQrcGZ6NzczMVRXZzVaUEJZY1EyUkRaeVp4\n\ -OEQKNUVQSU1FeUE1RE83cGd0ak5LaXJvYXJGMC8yempjMkRXTUlSaXZyU29YUWVZ\n\ -ZXlMM1pzKzFIajJhMDlCdkYxZAp6MEswblRFdVhoNVR5V3lyMHdsbGI1SFBnTlI0\n\ -MS9oYkprZzkwZitPVCtIeGhKL1duUml2QWdNQkFBRT0KLS0tLS1FTkQgUlNBIFBV\n\ -QkxJQyBLRVktLS0tLQpzZXJ2aWNlLWtleQotLS0tLUJFR0lOIFJTQSBQVUJMSUMg\n\ -S0VZLS0tLS0KTUlHSkFvR0JBSzNWZEJ2ajFtQllLL3JrcHNwcm9Ub0llNUtHVmth\n\ -QkxvMW1tK1I2YUVJek1VZFE1SjkwNGtyRwpCd3k5NC8rV0lGNFpGYXh5Z2phejl1\n\ -N2pKY1k3ZGJhd1pFeG1hYXFCRlRwL2h2ZG9rcHQ4a1ByRVk4OTJPRHJ1CmJORUox\n\ -N1FPSmVMTVZZZk5Kcjl4TWZCQ3JQai8zOGh2RUdrbWVRNmRVWElvbVFNaUJGOVRB\n\ -Z01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCmludHJvZHVjdGlv\n\ -bi1wb2ludCBhdjVtcWl0Y2Q3cjJkandsYmN0c2Jlc2R3eGt0ZWtvegppcC1hZGRy\n\ -ZXNzIDE0NC43Ni44LjczCm9uaW9uLXBvcnQgNDQzCm9uaW9uLWtleQotLS0tLUJF\n\ -R0lOIFJTQSBQVUJMSUMgS0VZLS0tLS0KTUlHSkFvR0JBTzVweVZzQmpZQmNmMXBE\n\ -dklHUlpmWXUzQ05nNldka0ZLMGlvdTBXTGZtejZRVDN0NWhzd3cyVwpjejlHMXhx\n\ -MmN0Nkd6VWkrNnVkTDlITTRVOUdHTi9BbW8wRG9GV1hKWHpBQkFXd2YyMVdsd1lW\n\ -eFJQMHRydi9WCkN6UDkzcHc5OG5vSmdGUGRUZ05iMjdKYmVUZENLVFBrTEtscXFt\n\ -b3NveUN2RitRa25vUS9BZ01CQUFFPQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0t\n\ -LS0tCnNlcnZpY2Uta2V5Ci0tLS0tQkVHSU4gUlNBIFBVQkxJQyBLRVktLS0tLQpN\n\ -SUdKQW9HQkFMVjNKSmtWN3lTNU9jc1lHMHNFYzFQOTVRclFRR3ZzbGJ6Wi9zRGxl\n\ -RlpKYXFSOUYvYjRUVERNClNGcFMxcU1GbldkZDgxVmRGMEdYRmN2WVpLamRJdHU2\n\ -SndBaTRJeEhxeXZtdTRKdUxrcXNaTEFLaXRLVkx4eGsKeERlMjlDNzRWMmJrOTRJ\n\ -MEgybTNKS2tzTHVwc3VxWWRVUmhOVXN0SElKZmgyZmNIalF0bEFnTUJBQUU9Ci0t\n\ -LS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0KCg==\n\ ------END MESSAGE-----\n\ -signature\n\ ------BEGIN SIGNATURE-----\n\ -d4OuCE5OLAOnRB6cQN6WyMEmg/BHem144Vec+eYgeWoKwx3MxXFplUjFxgnMlmwN\n\ -PcftsZf2ztN0sbNCtPgDL3d0PqvxY3iHTQAI8EbaGq/IAJUZ8U4y963dD5+Bn6JQ\n\ -myE3ctmh0vy5+QxSiRjmQBkuEpCyks7LvWvHYrhnmcg=\n\ ------END SIGNATURE-----"; - -/* Helper global variable for hidden service descriptor event test. - * It's used as a pointer to dynamically created message buffer in - * send_control_event_string_replacement function, which mocks - * send_control_event_string function. - * - * Always free it after use! */ -static char *received_msg = NULL; - -/** Mock function for send_control_event_string - */ -static void -queue_control_event_string_replacement(uint16_t event, char *msg) -{ - (void) event; - tor_free(received_msg); - received_msg = msg; -} - -/** Mock function for node_describe_longname_by_id, it returns either - * STR_HSDIR_EXIST_LONGNAME or STR_HSDIR_NONE_EXIST_LONGNAME - */ -static const char * -node_describe_longname_by_id_replacement(const char *id_digest) -{ - if (!strcmp(id_digest, HSDIR_EXIST_ID)) { - return STR_HSDIR_EXIST_LONGNAME; - } else { - return STR_HSDIR_NONE_EXIST_LONGNAME; - } -} - -/** Test that we can parse a hardcoded v2 HS desc. */ -static void -test_hs_parse_static_v2_desc(void *arg) -{ - int ret; - rend_encoded_v2_service_descriptor_t desc; - - (void) arg; - - /* Test an obviously not parseable string */ - desc.desc_str = tor_strdup("ceci n'est pas un HS descriptor"); - ret = rend_desc_v2_is_parsable(&desc); - tor_free(desc.desc_str); - tt_int_op(ret, OP_EQ, 0); - - /* Test an actual descriptor */ - desc.desc_str = tor_strdup(hs_desc_content); - ret = rend_desc_v2_is_parsable(&desc); - tor_free(desc.desc_str); - tt_int_op(ret, OP_EQ, 1); - - done: ; -} - -/** Make sure each hidden service descriptor async event generation - * - * function generates the message in expected format. - */ -static void -test_hs_desc_event(void *arg) -{ - #define STR_HS_ADDR "ajhb7kljbiru65qo" - #define STR_HS_CONTENT_DESC_ID "g5ojobzupf275beh5ra72uyhb3dkpxwg" - #define STR_DESC_ID_BASE32 "hba3gmcgpfivzfhx5rtfqkfdhv65yrj3" - - int ret; - rend_data_v2_t rend_query; - const char *expected_msg; - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - - (void) arg; - MOCK(queue_control_event_string, - queue_control_event_string_replacement); - MOCK(node_describe_longname_by_id, - node_describe_longname_by_id_replacement); - - /* setup rend_query struct */ - memset(&rend_query, 0, sizeof(rend_query)); - rend_query.base_.version = 2; - strncpy(rend_query.onion_address, STR_HS_ADDR, - REND_SERVICE_ID_LEN_BASE32+1); - rend_query.auth_type = REND_NO_AUTH; - rend_query.base_.hsdirs_fp = smartlist_new(); - smartlist_add(rend_query.base_.hsdirs_fp, tor_memdup(HSDIR_EXIST_ID, - DIGEST_LEN)); - - /* Compute descriptor ID for replica 0, should be STR_DESC_ID_BASE32. */ - ret = rend_compute_v2_desc_id(rend_query.descriptor_id[0], - rend_query.onion_address, - NULL, 0, 0); - tt_int_op(ret, OP_EQ, 0); - base32_encode(desc_id_base32, sizeof(desc_id_base32), - rend_query.descriptor_id[0], DIGEST_LEN); - /* Make sure rend_compute_v2_desc_id works properly. */ - tt_mem_op(desc_id_base32, OP_EQ, STR_DESC_ID_BASE32, - sizeof(desc_id_base32)); - - /* test request event */ - control_event_hs_descriptor_requested(rend_query.onion_address, - rend_query.auth_type, HSDIR_EXIST_ID, - STR_DESC_ID_BASE32, NULL); - expected_msg = "650 HS_DESC REQUESTED "STR_HS_ADDR" NO_AUTH "\ - STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32 "\r\n"; - tt_assert(received_msg); - tt_str_op(received_msg,OP_EQ, expected_msg); - tor_free(received_msg); - - /* test received event */ - rend_query.auth_type = REND_BASIC_AUTH; - control_event_hsv2_descriptor_received(rend_query.onion_address, - &rend_query.base_, HSDIR_EXIST_ID); - expected_msg = "650 HS_DESC RECEIVED "STR_HS_ADDR" BASIC_AUTH "\ - STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32"\r\n"; - tt_assert(received_msg); - tt_str_op(received_msg,OP_EQ, expected_msg); - tor_free(received_msg); - - /* test failed event */ - rend_query.auth_type = REND_STEALTH_AUTH; - control_event_hsv2_descriptor_failed(&rend_query.base_, - HSDIR_NONE_EXIST_ID, - "QUERY_REJECTED"); - expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" STEALTH_AUTH "\ - STR_HSDIR_NONE_EXIST_LONGNAME" REASON=QUERY_REJECTED\r\n"; - tt_assert(received_msg); - tt_str_op(received_msg,OP_EQ, expected_msg); - tor_free(received_msg); - - /* test invalid auth type */ - rend_query.auth_type = 999; - control_event_hsv2_descriptor_failed(&rend_query.base_, - HSDIR_EXIST_ID, - "QUERY_REJECTED"); - expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" UNKNOWN "\ - STR_HSDIR_EXIST_LONGNAME " " STR_DESC_ID_BASE32\ - " REASON=QUERY_REJECTED\r\n"; - tt_assert(received_msg); - tt_str_op(received_msg,OP_EQ, expected_msg); - tor_free(received_msg); - - /* test no HSDir fingerprint type */ - rend_query.auth_type = REND_NO_AUTH; - control_event_hsv2_descriptor_failed(&rend_query.base_, NULL, - "QUERY_NO_HSDIR"); - expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" NO_AUTH " \ - "UNKNOWN REASON=QUERY_NO_HSDIR\r\n"; - tt_assert(received_msg); - tt_str_op(received_msg,OP_EQ, expected_msg); - tor_free(received_msg); - - /* test HSDir rate limited */ - rend_query.auth_type = REND_NO_AUTH; - control_event_hsv2_descriptor_failed(&rend_query.base_, NULL, - "QUERY_RATE_LIMITED"); - expected_msg = "650 HS_DESC FAILED "STR_HS_ADDR" NO_AUTH " \ - "UNKNOWN REASON=QUERY_RATE_LIMITED\r\n"; - tt_assert(received_msg); - tt_str_op(received_msg,OP_EQ, expected_msg); - tor_free(received_msg); - - /* Test invalid content with no HSDir fingerprint. */ - char *exp_msg; - control_event_hs_descriptor_content(rend_query.onion_address, - STR_HS_CONTENT_DESC_ID, NULL, NULL); - tor_asprintf(&exp_msg, "650+HS_DESC_CONTENT " STR_HS_ADDR " "\ - STR_HS_CONTENT_DESC_ID " UNKNOWN" \ - "\r\n\r\n.\r\n650 OK\r\n"); - tt_assert(received_msg); - tt_str_op(received_msg, OP_EQ, exp_msg); - tor_free(received_msg); - tor_free(exp_msg); - - /* test valid content. */ - control_event_hs_descriptor_content(rend_query.onion_address, - STR_HS_CONTENT_DESC_ID, HSDIR_EXIST_ID, - hs_desc_content_control); - tor_asprintf(&exp_msg, "650+HS_DESC_CONTENT " STR_HS_ADDR " "\ - STR_HS_CONTENT_DESC_ID " " STR_HSDIR_EXIST_LONGNAME\ - "\r\n%s\r\n.\r\n650 OK\r\n", hs_desc_content_control); - - tt_assert(received_msg); - tt_str_op(received_msg, OP_EQ, exp_msg); - tor_free(received_msg); - tor_free(exp_msg); - SMARTLIST_FOREACH(rend_query.base_.hsdirs_fp, char *, d, tor_free(d)); - smartlist_free(rend_query.base_.hsdirs_fp); - - done: - UNMOCK(queue_control_event_string); - UNMOCK(node_describe_longname_by_id); - tor_free(received_msg); -} - -/* Make sure rend_data_t is valid at creation, destruction and when - * duplicated. */ -static void -test_hs_rend_data(void *arg) -{ - int rep; - rend_data_t *client = NULL, *client_dup = NULL; - /* Binary format of a descriptor ID. */ - char desc_id[DIGEST_LEN]; - char client_cookie[REND_DESC_COOKIE_LEN]; - time_t now = time(NULL); - rend_data_t *service_dup = NULL; - rend_data_t *service = NULL; - - (void)arg; - - base32_decode(desc_id, sizeof(desc_id), STR_DESC_ID_BASE32, - REND_DESC_ID_V2_LEN_BASE32); - memset(client_cookie, 'e', sizeof(client_cookie)); - - client = rend_data_client_create(STR_HS_ADDR, desc_id, client_cookie, - REND_NO_AUTH); - tt_assert(client); - rend_data_v2_t *client_v2 = TO_REND_DATA_V2(client); - tt_int_op(client_v2->auth_type, OP_EQ, REND_NO_AUTH); - tt_str_op(client_v2->onion_address, OP_EQ, STR_HS_ADDR); - tt_mem_op(client_v2->desc_id_fetch, OP_EQ, desc_id, sizeof(desc_id)); - tt_mem_op(client_v2->descriptor_cookie, OP_EQ, client_cookie, - sizeof(client_cookie)); - tt_assert(client->hsdirs_fp); - tt_int_op(smartlist_len(client->hsdirs_fp), OP_EQ, 0); - for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) { - int ret = rend_compute_v2_desc_id(desc_id, client_v2->onion_address, - client_v2->descriptor_cookie, now, rep); - /* That shouldn't never fail. */ - tt_int_op(ret, OP_EQ, 0); - tt_mem_op(client_v2->descriptor_id[rep], OP_EQ, desc_id, - sizeof(desc_id)); - } - /* The rest should be zeroed because this is a client request. */ - tt_int_op(tor_digest_is_zero(client_v2->rend_pk_digest), OP_EQ, 1); - tt_int_op(tor_digest_is_zero(client->rend_cookie), OP_EQ, 1); - - /* Test dup(). */ - client_dup = rend_data_dup(client); - tt_assert(client_dup); - rend_data_v2_t *client_dup_v2 = TO_REND_DATA_V2(client_dup); - tt_int_op(client_dup_v2->auth_type, OP_EQ, client_v2->auth_type); - tt_str_op(client_dup_v2->onion_address, OP_EQ, client_v2->onion_address); - tt_mem_op(client_dup_v2->desc_id_fetch, OP_EQ, client_v2->desc_id_fetch, - sizeof(client_dup_v2->desc_id_fetch)); - tt_mem_op(client_dup_v2->descriptor_cookie, OP_EQ, - client_v2->descriptor_cookie, - sizeof(client_dup_v2->descriptor_cookie)); - - tt_assert(client_dup->hsdirs_fp); - tt_int_op(smartlist_len(client_dup->hsdirs_fp), OP_EQ, 0); - for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) { - tt_mem_op(client_dup_v2->descriptor_id[rep], OP_EQ, - client_v2->descriptor_id[rep], DIGEST_LEN); - } - /* The rest should be zeroed because this is a client request. */ - tt_int_op(tor_digest_is_zero(client_dup_v2->rend_pk_digest), OP_EQ, 1); - tt_int_op(tor_digest_is_zero(client_dup->rend_cookie), OP_EQ, 1); - rend_data_free(client); - client = NULL; - rend_data_free(client_dup); - client_dup = NULL; - - /* Reset state. */ - base32_decode(desc_id, sizeof(desc_id), STR_DESC_ID_BASE32, - REND_DESC_ID_V2_LEN_BASE32); - memset(client_cookie, 'e', sizeof(client_cookie)); - - /* Try with different parameters here for which some content should be - * zeroed out. */ - client = rend_data_client_create(NULL, desc_id, NULL, REND_BASIC_AUTH); - tt_assert(client); - client_v2 = TO_REND_DATA_V2(client); - tt_int_op(client_v2->auth_type, OP_EQ, REND_BASIC_AUTH); - tt_int_op(strlen(client_v2->onion_address), OP_EQ, 0); - tt_mem_op(client_v2->desc_id_fetch, OP_EQ, desc_id, sizeof(desc_id)); - tt_int_op(fast_mem_is_zero(client_v2->descriptor_cookie, - sizeof(client_v2->descriptor_cookie)), OP_EQ, 1); - tt_assert(client->hsdirs_fp); - tt_int_op(smartlist_len(client->hsdirs_fp), OP_EQ, 0); - for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) { - tt_int_op(tor_digest_is_zero(client_v2->descriptor_id[rep]), OP_EQ, 1); - } - /* The rest should be zeroed because this is a client request. */ - tt_int_op(tor_digest_is_zero(client_v2->rend_pk_digest), OP_EQ, 1); - tt_int_op(tor_digest_is_zero(client->rend_cookie), OP_EQ, 1); - rend_data_free(client); - client = NULL; - - /* Let's test the service object now. */ - char rend_pk_digest[DIGEST_LEN]; - uint8_t rend_cookie[DIGEST_LEN]; - memset(rend_pk_digest, 'f', sizeof(rend_pk_digest)); - memset(rend_cookie, 'g', sizeof(rend_cookie)); - - service = rend_data_service_create(STR_HS_ADDR, rend_pk_digest, - rend_cookie, REND_NO_AUTH); - tt_assert(service); - rend_data_v2_t *service_v2 = TO_REND_DATA_V2(service); - tt_int_op(service_v2->auth_type, OP_EQ, REND_NO_AUTH); - tt_str_op(service_v2->onion_address, OP_EQ, STR_HS_ADDR); - tt_mem_op(service_v2->rend_pk_digest, OP_EQ, rend_pk_digest, - sizeof(rend_pk_digest)); - tt_mem_op(service->rend_cookie, OP_EQ, rend_cookie, sizeof(rend_cookie)); - tt_assert(service->hsdirs_fp); - tt_int_op(smartlist_len(service->hsdirs_fp), OP_EQ, 0); - for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) { - tt_int_op(tor_digest_is_zero(service_v2->descriptor_id[rep]), OP_EQ, 1); - } - /* The rest should be zeroed because this is a service request. */ - tt_int_op(tor_digest_is_zero(service_v2->descriptor_cookie), OP_EQ, 1); - tt_int_op(tor_digest_is_zero(service_v2->desc_id_fetch), OP_EQ, 1); - - /* Test dup(). */ - service_dup = rend_data_dup(service); - rend_data_v2_t *service_dup_v2 = TO_REND_DATA_V2(service_dup); - tt_assert(service_dup); - tt_int_op(service_dup_v2->auth_type, OP_EQ, service_v2->auth_type); - tt_str_op(service_dup_v2->onion_address, OP_EQ, service_v2->onion_address); - tt_mem_op(service_dup_v2->rend_pk_digest, OP_EQ, service_v2->rend_pk_digest, - sizeof(service_dup_v2->rend_pk_digest)); - tt_mem_op(service_dup->rend_cookie, OP_EQ, service->rend_cookie, - sizeof(service_dup->rend_cookie)); - tt_assert(service_dup->hsdirs_fp); - tt_int_op(smartlist_len(service_dup->hsdirs_fp), OP_EQ, 0); - for (rep = 0; rep < REND_NUMBER_OF_NON_CONSECUTIVE_REPLICAS; rep++) { - tt_assert(tor_digest_is_zero(service_dup_v2->descriptor_id[rep])); - } - /* The rest should be zeroed because this is a service request. */ - tt_int_op(tor_digest_is_zero(service_dup_v2->descriptor_cookie), OP_EQ, 1); - tt_int_op(tor_digest_is_zero(service_dup_v2->desc_id_fetch), OP_EQ, 1); - - done: - rend_data_free(service); - rend_data_free(service_dup); - rend_data_free(client); - rend_data_free(client_dup); -} - -/* Test encoding and decoding service authorization cookies */ -static void -test_hs_auth_cookies(void *arg) -{ -#define TEST_COOKIE_RAW ((const uint8_t *) "abcdefghijklmnop") -#define TEST_COOKIE_ENCODED "YWJjZGVmZ2hpamtsbW5vcA" -#define TEST_COOKIE_ENCODED_STEALTH "YWJjZGVmZ2hpamtsbW5vcB" -#define TEST_COOKIE_ENCODED_INVALID "YWJjZGVmZ2hpamtsbW5vcD" - - char *encoded_cookie = NULL; - uint8_t raw_cookie[REND_DESC_COOKIE_LEN]; - rend_auth_type_t auth_type; - char *err_msg = NULL; - int re; - - (void)arg; - - /* Test that encoding gives the expected result */ - encoded_cookie = rend_auth_encode_cookie(TEST_COOKIE_RAW, REND_BASIC_AUTH); - tt_str_op(encoded_cookie, OP_EQ, TEST_COOKIE_ENCODED); - tor_free(encoded_cookie); - - encoded_cookie = rend_auth_encode_cookie(TEST_COOKIE_RAW, REND_STEALTH_AUTH); - tt_str_op(encoded_cookie, OP_EQ, TEST_COOKIE_ENCODED_STEALTH); - tor_free(encoded_cookie); - - /* Decoding should give the original value */ - re = rend_auth_decode_cookie(TEST_COOKIE_ENCODED, raw_cookie, &auth_type, - &err_msg); - tt_assert(!re); - tt_ptr_op(err_msg, OP_EQ, NULL); - tt_mem_op(raw_cookie, OP_EQ, TEST_COOKIE_RAW, REND_DESC_COOKIE_LEN); - tt_int_op(auth_type, OP_EQ, REND_BASIC_AUTH); - memset(raw_cookie, 0, sizeof(raw_cookie)); - - re = rend_auth_decode_cookie(TEST_COOKIE_ENCODED_STEALTH, raw_cookie, - &auth_type, &err_msg); - tt_assert(!re); - tt_ptr_op(err_msg, OP_EQ, NULL); - tt_mem_op(raw_cookie, OP_EQ, TEST_COOKIE_RAW, REND_DESC_COOKIE_LEN); - tt_int_op(auth_type, OP_EQ, REND_STEALTH_AUTH); - memset(raw_cookie, 0, sizeof(raw_cookie)); - - /* Decoding with padding characters should also work */ - re = rend_auth_decode_cookie(TEST_COOKIE_ENCODED "==", raw_cookie, NULL, - &err_msg); - tt_assert(!re); - tt_ptr_op(err_msg, OP_EQ, NULL); - tt_mem_op(raw_cookie, OP_EQ, TEST_COOKIE_RAW, REND_DESC_COOKIE_LEN); - - /* Decoding with an unknown type should fail */ - re = rend_auth_decode_cookie(TEST_COOKIE_ENCODED_INVALID, raw_cookie, - &auth_type, &err_msg); - tt_int_op(re, OP_LT, 0); - tt_assert(err_msg); - tor_free(err_msg); - - done: - tor_free(encoded_cookie); - tor_free(err_msg); - - return; -} - -static int mock_get_options_calls = 0; -static or_options_t *mock_options = NULL; - -static void -reset_options(or_options_t *options, int *get_options_calls) -{ - memset(options, 0, sizeof(or_options_t)); - options->TestingTorNetwork = 1; - - *get_options_calls = 0; -} - -static const or_options_t * -mock_get_options(void) -{ - ++mock_get_options_calls; - tor_assert(mock_options); - return mock_options; -} - -/* arg can't be 0 (the test fails) or 2 (the test is skipped) */ -#define CREATE_HS_DIR_NONE ((intptr_t)0x04) -#define CREATE_HS_DIR1 ((intptr_t)0x08) -#define CREATE_HS_DIR2 ((intptr_t)0x10) - -/* Test that single onion poisoning works. */ -static void -test_single_onion_poisoning(void *arg) -{ - or_options_t opt; - mock_options = &opt; - reset_options(mock_options, &mock_get_options_calls); - MOCK(get_options, mock_get_options); - - int ret = -1; - intptr_t create_dir_mask = (intptr_t)arg; - /* Get directories with a random suffix so we can repeat the tests */ - mock_options->DataDirectory = tor_strdup(get_fname_rnd("test_data_dir")); - rend_service_t *service_1 = tor_malloc_zero(sizeof(rend_service_t)); - char *dir1 = tor_strdup(get_fname_rnd("test_hs_dir1")); - rend_service_t *service_2 = tor_malloc_zero(sizeof(rend_service_t)); - char *dir2 = tor_strdup(get_fname_rnd("test_hs_dir2")); - smartlist_t *services = smartlist_new(); - char *poison_path = NULL; - char *err_msg = NULL; - - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - - /* Create the data directory, and, if the correct bit in arg is set, - * create a directory for that service. - * The data directory is required for the lockfile, which is used when - * loading keys. */ - ret = check_private_dir(mock_options->DataDirectory, CPD_CREATE, NULL); - tt_int_op(ret, OP_EQ, 0); - if (create_dir_mask & CREATE_HS_DIR1) { - ret = check_private_dir(dir1, CPD_CREATE, NULL); - tt_int_op(ret, OP_EQ, 0); - } - if (create_dir_mask & CREATE_HS_DIR2) { - ret = check_private_dir(dir2, CPD_CREATE, NULL); - tt_int_op(ret, OP_EQ, 0); - } - - service_1->directory = dir1; - service_2->directory = dir2; - /* The services own the directory pointers now */ - dir1 = dir2 = NULL; - /* Add port to service 1 */ - service_1->ports = smartlist_new(); - service_2->ports = smartlist_new(); - rend_service_port_config_t *port1 = rend_service_parse_port_config("80", " ", - &err_msg); - tt_assert(port1); - tt_ptr_op(err_msg, OP_EQ, NULL); - smartlist_add(service_1->ports, port1); - - rend_service_port_config_t *port2 = rend_service_parse_port_config("90", " ", - &err_msg); - /* Add port to service 2 */ - tt_assert(port2); - tt_ptr_op(err_msg, OP_EQ, NULL); - smartlist_add(service_2->ports, port2); - - /* No services, a service to verify, no problem! */ - mock_options->HiddenServiceSingleHopMode = 0; - mock_options->HiddenServiceNonAnonymousMode = 0; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Either way, no problem. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Add the first service */ - ret = hs_check_service_private_dir(mock_options->User, service_1->directory, - service_1->dir_group_readable, 1); - tt_int_op(ret, OP_EQ, 0); - smartlist_add(services, service_1); - /* But don't add the second service yet. */ - - /* Service directories, but no previous keys, no problem! */ - mock_options->HiddenServiceSingleHopMode = 0; - mock_options->HiddenServiceNonAnonymousMode = 0; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Either way, no problem. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Poison! Poison! Poison! - * This can only be done in HiddenServiceSingleHopMode. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_poison_new_single_onion_dir(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - /* Poisoning twice is a no-op. */ - ret = rend_service_poison_new_single_onion_dir(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Poisoned service directories, but no previous keys, no problem! */ - mock_options->HiddenServiceSingleHopMode = 0; - mock_options->HiddenServiceNonAnonymousMode = 0; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Either way, no problem. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Now add some keys, and we'll have a problem. */ - ret = rend_service_load_all_keys(services); - tt_int_op(ret, OP_EQ, 0); - - /* Poisoned service directories with previous keys are not allowed. */ - mock_options->HiddenServiceSingleHopMode = 0; - mock_options->HiddenServiceNonAnonymousMode = 0; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_LT, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* But they are allowed if we're in non-anonymous mode. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Re-poisoning directories with existing keys is a no-op, because - * directories with existing keys are ignored. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_poison_new_single_onion_dir(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - /* And it keeps the poison. */ - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Now add the second service: it has no key and no poison file */ - ret = hs_check_service_private_dir(mock_options->User, service_2->directory, - service_2->dir_group_readable, 1); - tt_int_op(ret, OP_EQ, 0); - smartlist_add(services, service_2); - - /* A new service, and an existing poisoned service. Not ok. */ - mock_options->HiddenServiceSingleHopMode = 0; - mock_options->HiddenServiceNonAnonymousMode = 0; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_LT, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* But ok to add in non-anonymous mode. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Now remove the poisoning from the first service, and we have the opposite - * problem. */ - poison_path = rend_service_sos_poison_path(service_1); - tt_assert(poison_path); - ret = unlink(poison_path); - tt_int_op(ret, OP_EQ, 0); - - /* Unpoisoned service directories with previous keys are ok, as are empty - * directories. */ - mock_options->HiddenServiceSingleHopMode = 0; - mock_options->HiddenServiceNonAnonymousMode = 0; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* But the existing unpoisoned key is not ok in non-anonymous mode, even if - * there is an empty service. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_LT, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Poisoning directories with existing keys is a no-op, because directories - * with existing keys are ignored. But the new directory should poison. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_poison_new_single_onion_dir(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_poison_new_single_onion_dir(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - /* And the old directory remains unpoisoned. */ - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_LT, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* And the new directory should be ignored, because it has no key. */ - mock_options->HiddenServiceSingleHopMode = 0; - mock_options->HiddenServiceNonAnonymousMode = 0; - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - /* Re-poisoning directories without existing keys is a no-op. */ - mock_options->HiddenServiceSingleHopMode = 1; - mock_options->HiddenServiceNonAnonymousMode = 1; - ret = rend_service_poison_new_single_onion_dir(service_1, mock_options); - tt_int_op(ret, OP_EQ, 0); - ret = rend_service_poison_new_single_onion_dir(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - /* And the old directory remains unpoisoned. */ - ret = rend_service_verify_single_onion_poison(service_1, mock_options); - tt_int_op(ret, OP_LT, 0); - ret = rend_service_verify_single_onion_poison(service_2, mock_options); - tt_int_op(ret, OP_EQ, 0); - - done: - /* The test harness deletes the directories at exit */ - tor_free(poison_path); - tor_free(dir1); - tor_free(dir2); - smartlist_free(services); - rend_service_free(service_1); - rend_service_free(service_2); - UNMOCK(get_options); - tor_free(mock_options->DataDirectory); - tor_free(err_msg); -} - -static rend_service_t * -helper_create_rend_service(const char *path) -{ - rend_service_t *s = tor_malloc_zero(sizeof(rend_service_t)); - s->ports = smartlist_new(); - s->intro_nodes = smartlist_new(); - s->expiring_nodes = smartlist_new(); - if (path) { - s->directory = tor_strdup(path); - } - return s; -} - -static void -test_prune_services_on_reload(void *arg) -{ - smartlist_t *new = smartlist_new(), *old = smartlist_new(); - /* Non ephemeral service. */ - rend_service_t *s1 = helper_create_rend_service("SomePath"); - /* Create a non ephemeral service with the _same_ path as so we can test the - * transfer of introduction point between the same services on reload. */ - rend_service_t *s2 = helper_create_rend_service(s1->directory); - /* Ephemeral service (directory is NULL). */ - rend_service_t *e1 = helper_create_rend_service(NULL); - rend_service_t *e2 = helper_create_rend_service(NULL); - - (void) arg; - - { - /* Add both services to the old list. */ - smartlist_add(old, s1); - smartlist_add(old, e1); - /* Only put the non ephemeral in the new list. */ - smartlist_add(new, s1); - set_rend_service_list(old); - set_rend_rend_service_staging_list(new); - rend_service_prune_list_impl_(); - /* We expect that the ephemeral one is in the new list but removed from - * the old one. */ - tt_int_op(smartlist_len(old), OP_EQ, 1); - tt_assert(smartlist_get(old, 0) == s1); - tt_int_op(smartlist_len(new), OP_EQ, 2); - tt_assert(smartlist_get(new, 0) == s1); - tt_assert(smartlist_get(new, 1) == e1); - /* Cleanup for next test. */ - smartlist_clear(new); - smartlist_clear(old); - } - - { - /* This test will make sure that only the ephemeral service is kept if the - * new list is empty. The old list should contain only the non ephemeral - * one. */ - smartlist_add(old, s1); - smartlist_add(old, e1); - set_rend_service_list(old); - set_rend_rend_service_staging_list(new); - rend_service_prune_list_impl_(); - tt_int_op(smartlist_len(old), OP_EQ, 1); - tt_assert(smartlist_get(old, 0) == s1); - tt_int_op(smartlist_len(new), OP_EQ, 1); - tt_assert(smartlist_get(new, 0) == e1); - /* Cleanup for next test. */ - smartlist_clear(new); - smartlist_clear(old); - } - - { - /* This test makes sure that the new list stays the same even from the old - * list being completely different. */ - smartlist_add(new, s1); - smartlist_add(new, e1); - set_rend_service_list(old); - set_rend_rend_service_staging_list(new); - rend_service_prune_list_impl_(); - tt_int_op(smartlist_len(old), OP_EQ, 0); - tt_int_op(smartlist_len(new), OP_EQ, 2); - tt_assert(smartlist_get(new, 0) == s1); - tt_assert(smartlist_get(new, 1) == e1); - /* Cleanup for next test. */ - smartlist_clear(new); - } - - { - rend_intro_point_t ip1; - /* This IP should be found in the s2 service after pruning. */ - smartlist_add(s1->intro_nodes, &ip1); - /* Setup our list. */ - smartlist_add(old, s1); - smartlist_add(new, s2); - set_rend_service_list(old); - set_rend_rend_service_staging_list(new); - rend_service_prune_list_impl_(); - tt_int_op(smartlist_len(old), OP_EQ, 1); - /* Intro nodes have been moved to the s2 in theory so it must be empty. */ - tt_int_op(smartlist_len(s1->intro_nodes), OP_EQ, 0); - tt_int_op(smartlist_len(new), OP_EQ, 1); - rend_service_t *elem = smartlist_get(new, 0); - tt_assert(elem); - tt_assert(elem == s2); - tt_int_op(smartlist_len(elem->intro_nodes), OP_EQ, 1); - tt_assert(smartlist_get(elem->intro_nodes, 0) == &ip1); - smartlist_clear(s1->intro_nodes); - smartlist_clear(s2->intro_nodes); - /* Cleanup for next test. */ - smartlist_clear(new); - smartlist_clear(old); - } - - { - /* Test two ephemeral services. */ - smartlist_add(old, e1); - smartlist_add(old, e2); - set_rend_service_list(old); - set_rend_rend_service_staging_list(new); - rend_service_prune_list_impl_(); - /* Check if they've all been transferred. */ - tt_int_op(smartlist_len(old), OP_EQ, 0); - tt_int_op(smartlist_len(new), OP_EQ, 2); - } - - done: - rend_service_free(s1); - rend_service_free(s2); - rend_service_free(e1); - rend_service_free(e2); - smartlist_free(new); - smartlist_free(old); -} - -struct testcase_t hs_tests[] = { - { "hs_rend_data", test_hs_rend_data, TT_FORK, - NULL, NULL }, - { "hs_parse_static_v2_desc", test_hs_parse_static_v2_desc, TT_FORK, - NULL, NULL }, - { "hs_desc_event", test_hs_desc_event, TT_FORK, - NULL, NULL }, - { "hs_auth_cookies", test_hs_auth_cookies, TT_FORK, - NULL, NULL }, - { "single_onion_poisoning_create_dir_none", test_single_onion_poisoning, - TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR_NONE) }, - { "single_onion_poisoning_create_dir1", test_single_onion_poisoning, - TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR1) }, - { "single_onion_poisoning_create_dir2", test_single_onion_poisoning, - TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR2) }, - { "single_onion_poisoning_create_dir_both", test_single_onion_poisoning, - TT_FORK, &passthrough_setup, (void*)(CREATE_HS_DIR1 | CREATE_HS_DIR2) }, - { "prune_services_on_reload", test_prune_services_on_reload, TT_FORK, - NULL, NULL }, - - END_OF_TESTCASES -}; diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c index df96b2c791..25d98fa819 100644 --- a/src/test/test_hs_cache.c +++ b/src/test/test_hs_cache.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -14,7 +14,6 @@ #include "trunnel/ed25519_cert.h" #include "feature/hs/hs_cache.h" -#include "feature/rend/rendcache.h" #include "feature/dircache/dircache.h" #include "feature/dirclient/dirclient.h" #include "feature/nodelist/networkstatus.h" @@ -51,8 +50,6 @@ init_test(void) { /* Always needed. Initialize the subsystem. */ hs_cache_init(); - /* We need the v2 cache since our OOM and cache cleanup does poke at it. */ - rend_cache_init(); } static void diff --git a/src/test/test_hs_cell.c b/src/test/test_hs_cell.c index 5406339276..cf7af8a38a 100644 --- a/src/test/test_hs_cell.c +++ b/src/test/test_hs_cell.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -20,7 +20,7 @@ #include "feature/hs/hs_service.h" /* Trunnel. */ -#include "trunnel/hs/cell_common.h" +#include "trunnel/extension.h" #include "trunnel/hs/cell_establish_intro.h" /** We simulate the creation of an outgoing ESTABLISH_INTRO cell, and then we @@ -132,7 +132,7 @@ test_gen_establish_intro_dos_ext(void *arg) ssize_t ret; hs_service_config_t config; hs_service_intro_point_t *ip = NULL; - trn_cell_extension_t *extensions = NULL; + trn_extension_t *extensions = NULL; trn_cell_extension_dos_t *dos = NULL; (void) arg; @@ -144,8 +144,8 @@ test_gen_establish_intro_dos_ext(void *arg) /* Case 1: No DoS parameters so no extension to be built. */ extensions = build_establish_intro_extensions(&config, ip); - tt_int_op(trn_cell_extension_get_num(extensions), OP_EQ, 0); - trn_cell_extension_free(extensions); + tt_int_op(trn_extension_get_num(extensions), OP_EQ, 0); + trn_extension_free(extensions); extensions = NULL; /* Case 2: Enable the DoS extension. Parameter set to 0 should indicate to @@ -153,15 +153,15 @@ test_gen_establish_intro_dos_ext(void *arg) * nonetheless in the cell. */ config.has_dos_defense_enabled = 1; extensions = build_establish_intro_extensions(&config, ip); - tt_int_op(trn_cell_extension_get_num(extensions), OP_EQ, 1); + tt_int_op(trn_extension_get_num(extensions), OP_EQ, 1); /* Validate the extension. */ - const trn_cell_extension_field_t *field = - trn_cell_extension_getconst_fields(extensions, 0); - tt_int_op(trn_cell_extension_field_get_field_type(field), OP_EQ, + const trn_extension_field_t *field = + trn_extension_getconst_fields(extensions, 0); + tt_int_op(trn_extension_field_get_field_type(field), OP_EQ, TRUNNEL_CELL_EXTENSION_TYPE_DOS); ret = trn_cell_extension_dos_parse(&dos, - trn_cell_extension_field_getconstarray_field(field), - trn_cell_extension_field_getlen_field(field)); + trn_extension_field_getconstarray_field(field), + trn_extension_field_getlen_field(field)); tt_int_op(ret, OP_EQ, 19); /* Rate per sec param. */ const trn_cell_extension_dos_param_t *param = @@ -175,21 +175,21 @@ test_gen_establish_intro_dos_ext(void *arg) TRUNNEL_DOS_PARAM_TYPE_INTRO2_BURST_PER_SEC); tt_u64_op(trn_cell_extension_dos_param_get_value(param), OP_EQ, 0); trn_cell_extension_dos_free(dos); dos = NULL; - trn_cell_extension_free(extensions); extensions = NULL; + trn_extension_free(extensions); extensions = NULL; /* Case 3: Enable the DoS extension. Parameter set to some normal values. */ config.has_dos_defense_enabled = 1; config.intro_dos_rate_per_sec = 42; config.intro_dos_burst_per_sec = 250; extensions = build_establish_intro_extensions(&config, ip); - tt_int_op(trn_cell_extension_get_num(extensions), OP_EQ, 1); + tt_int_op(trn_extension_get_num(extensions), OP_EQ, 1); /* Validate the extension. */ - field = trn_cell_extension_getconst_fields(extensions, 0); - tt_int_op(trn_cell_extension_field_get_field_type(field), OP_EQ, + field = trn_extension_getconst_fields(extensions, 0); + tt_int_op(trn_extension_field_get_field_type(field), OP_EQ, TRUNNEL_CELL_EXTENSION_TYPE_DOS); ret = trn_cell_extension_dos_parse(&dos, - trn_cell_extension_field_getconstarray_field(field), - trn_cell_extension_field_getlen_field(field)); + trn_extension_field_getconstarray_field(field), + trn_extension_field_getlen_field(field)); tt_int_op(ret, OP_EQ, 19); /* Rate per sec param. */ param = trn_cell_extension_dos_getconst_params(dos, 0); @@ -202,12 +202,12 @@ test_gen_establish_intro_dos_ext(void *arg) TRUNNEL_DOS_PARAM_TYPE_INTRO2_BURST_PER_SEC); tt_u64_op(trn_cell_extension_dos_param_get_value(param), OP_EQ, 250); trn_cell_extension_dos_free(dos); dos = NULL; - trn_cell_extension_free(extensions); extensions = NULL; + trn_extension_free(extensions); extensions = NULL; done: service_intro_point_free(ip); trn_cell_extension_dos_free(dos); - trn_cell_extension_free(extensions); + trn_extension_free(extensions); } struct testcase_t hs_cell_tests[] = { diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c index f59b3a59cd..11a5589d21 100644 --- a/src/test/test_hs_client.c +++ b/src/test/test_hs_client.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -19,7 +19,6 @@ #include "test/test.h" #include "test/test_helpers.h" #include "test/log_test_helpers.h" -#include "test/rend_test_helpers.h" #include "test/hs_test_helpers.h" #include "app/config/config.h" @@ -38,7 +37,6 @@ #include "feature/hs/hs_config.h" #include "feature/hs/hs_ident.h" #include "feature/hs/hs_cache.h" -#include "feature/rend/rendcache.h" #include "core/or/circuitlist.h" #include "core/or/circuitbuild.h" #include "core/or/extendinfo.h" @@ -56,6 +54,9 @@ #include "core/or/origin_circuit_st.h" #include "core/or/socks_request_st.h" +#define TOR_CONGESTION_CONTROL_PRIVATE +#include "core/or/congestion_control_common.h" + static int mock_connection_ap_handshake_send_begin(entry_connection_t *ap_conn) { @@ -137,12 +138,9 @@ helper_add_random_client_auth(const ed25519_public_key_t *service_pk) * hidden service. */ static int helper_get_circ_and_stream_for_test(origin_circuit_t **circ_out, - connection_t **conn_out, - int is_legacy) + connection_t **conn_out) { - int retval; channel_tls_t *n_chan=NULL; - rend_data_t *conn_rend_data = NULL; origin_circuit_t *or_circ = NULL; connection_t *conn = NULL; ed25519_public_key_t service_pk; @@ -151,20 +149,13 @@ helper_get_circ_and_stream_for_test(origin_circuit_t **circ_out, conn = test_conn_get_connection(AP_CONN_STATE_CIRCUIT_WAIT, CONN_TYPE_AP /* ??? */, 0); - if (is_legacy) { - /* Legacy: Setup rend_data of stream */ - char service_id[REND_SERVICE_ID_LEN_BASE32+1] = {0}; - TO_EDGE_CONN(conn)->rend_data = mock_rend_data(service_id); - conn_rend_data = TO_EDGE_CONN(conn)->rend_data; - } else { - /* prop224: Setup hs conn identifier on the stream */ - ed25519_secret_key_t sk; - tt_int_op(0, OP_EQ, ed25519_secret_key_generate(&sk, 0)); - tt_int_op(0, OP_EQ, ed25519_public_key_generate(&service_pk, &sk)); - - /* Setup hs_conn_identifier of stream */ - TO_EDGE_CONN(conn)->hs_ident = hs_ident_edge_conn_new(&service_pk); - } + /* prop224: Setup hs conn identifier on the stream */ + ed25519_secret_key_t sk; + tt_int_op(0, OP_EQ, ed25519_secret_key_generate(&sk, 0)); + tt_int_op(0, OP_EQ, ed25519_public_key_generate(&service_pk, &sk)); + + /* Setup hs_conn_identifier of stream */ + TO_EDGE_CONN(conn)->hs_ident = hs_ident_edge_conn_new(&service_pk); /* Make it wait for circuit */ connection_ap_mark_as_pending_circuit(TO_ENTRY_CONN(conn)); @@ -184,23 +175,8 @@ helper_get_circ_and_stream_for_test(origin_circuit_t **circ_out, or_circ->build_state = tor_malloc_zero(sizeof(cpath_build_state_t)); or_circ->build_state->is_internal = 1; - if (is_legacy) { - /* Legacy: Setup rend data and final cpath */ - or_circ->build_state->pending_final_cpath = - tor_malloc_zero(sizeof(crypt_path_t)); - or_circ->build_state->pending_final_cpath->magic = CRYPT_PATH_MAGIC; - or_circ->build_state->pending_final_cpath->rend_dh_handshake_state = - crypto_dh_new(DH_TYPE_REND); - tt_assert( - or_circ->build_state->pending_final_cpath->rend_dh_handshake_state); - retval = crypto_dh_generate_public( - or_circ->build_state->pending_final_cpath->rend_dh_handshake_state); - tt_int_op(retval, OP_EQ, 0); - or_circ->rend_data = rend_data_dup(conn_rend_data); - } else { - /* prop224: Setup hs ident on the circuit */ - or_circ->hs_ident = hs_ident_circuit_new(&service_pk); - } + /* prop224: Setup hs ident on the circuit */ + or_circ->hs_ident = hs_ident_circuit_new(&service_pk); TO_CIRCUIT(or_circ)->state = CIRCUIT_STATE_OPEN; @@ -219,91 +195,6 @@ helper_get_circ_and_stream_for_test(origin_circuit_t **circ_out, return -1; } -/* Test: Ensure that setting up legacy e2e rendezvous circuits works - * correctly. */ -static void -test_e2e_rend_circuit_setup_legacy(void *arg) -{ - ssize_t retval; - origin_circuit_t *or_circ = NULL; - connection_t *conn = NULL; - - (void) arg; - - /** In this test we create a v2 legacy HS stream and a circuit with the same - * hidden service destination. We make the stream wait for circuits to be - * established to the hidden service, and then we complete the circuit using - * the hs_circuit_setup_e2e_rend_circ_legacy_client() function. We then - * check that the end-to-end cpath was setup correctly and that the stream - * was attached to the circuit as expected. */ - - MOCK(connection_ap_handshake_send_begin, - mock_connection_ap_handshake_send_begin); - - /* Setup */ - retval = helper_get_circ_and_stream_for_test( &or_circ, &conn, 1); - tt_int_op(retval, OP_EQ, 0); - tt_assert(or_circ); - tt_assert(conn); - - /* Check number of hops */ - retval = cpath_get_n_hops(&or_circ->cpath); - tt_int_op(retval, OP_EQ, 0); - - /* Check that our stream is not attached on any circuits */ - tt_ptr_op(TO_EDGE_CONN(conn)->on_circuit, OP_EQ, NULL); - - /********************************************** */ - - /* Make a good RENDEZVOUS1 cell body because it needs to pass key exchange - * digest verification... */ - uint8_t rend_cell_body[DH1024_KEY_LEN+DIGEST_LEN] = {2}; - { - char keys[DIGEST_LEN+CPATH_KEY_MATERIAL_LEN]; - crypto_dh_t *dh_state = - or_circ->build_state->pending_final_cpath->rend_dh_handshake_state; - /* compute and overwrite digest of cell body with the right value */ - retval = crypto_dh_compute_secret(LOG_PROTOCOL_WARN, dh_state, - (char*)rend_cell_body, DH1024_KEY_LEN, - keys, DIGEST_LEN+CPATH_KEY_MATERIAL_LEN); - tt_int_op(retval, OP_GT, 0); - memcpy(rend_cell_body+DH1024_KEY_LEN, keys, DIGEST_LEN); - } - - /* Setup the circuit */ - retval = hs_circuit_setup_e2e_rend_circ_legacy_client(or_circ, - rend_cell_body); - tt_int_op(retval, OP_EQ, 0); - - /**********************************************/ - - /* See that a hop was added to the circuit's cpath */ - retval = cpath_get_n_hops(&or_circ->cpath); - tt_int_op(retval, OP_EQ, 1); - - /* Check the digest algo */ - tt_int_op( - crypto_digest_get_algorithm(or_circ->cpath->pvt_crypto.f_digest), - OP_EQ, DIGEST_SHA1); - tt_int_op( - crypto_digest_get_algorithm(or_circ->cpath->pvt_crypto.b_digest), - OP_EQ, DIGEST_SHA1); - tt_assert(or_circ->cpath->pvt_crypto.f_crypto); - tt_assert(or_circ->cpath->pvt_crypto.b_crypto); - - /* Ensure that circ purpose was changed */ - tt_int_op(or_circ->base_.purpose, OP_EQ, CIRCUIT_PURPOSE_C_REND_JOINED); - - /* Test that stream got attached */ - tt_ptr_op(TO_EDGE_CONN(conn)->on_circuit, OP_EQ, TO_CIRCUIT(or_circ)); - - done: - connection_free_minimal(conn); - if (or_circ) - tor_free(TO_CIRCUIT(or_circ)->n_chan); - circuit_free_(TO_CIRCUIT(or_circ)); -} - /* Test: Ensure that setting up v3 rendezvous circuits works correctly. */ static void test_e2e_rend_circuit_setup(void *arg) @@ -326,7 +217,7 @@ test_e2e_rend_circuit_setup(void *arg) mock_connection_ap_handshake_send_begin); /* Setup */ - retval = helper_get_circ_and_stream_for_test(&or_circ, &conn, 0); + retval = helper_get_circ_and_stream_for_test(&or_circ, &conn); tt_int_op(retval, OP_EQ, 0); tt_assert(or_circ); tt_assert(conn); @@ -883,6 +774,7 @@ test_desc_has_arrived_cleanup(void *arg) (void) arg; hs_init(); + congestion_control_set_cc_enabled(); MOCK(networkstatus_get_reasonably_live_consensus, mock_networkstatus_get_reasonably_live_consensus); @@ -974,7 +866,6 @@ test_close_intro_circuits_new_desc(void *arg) (void) arg; hs_init(); - rend_cache_init(); /* This is needed because of the client cache expiration timestamp is based * on having a consensus. See cached_client_descriptor_has_expired(). */ @@ -1120,7 +1011,6 @@ test_close_intro_circuits_cache_clean(void *arg) (void) arg; hs_init(); - rend_cache_init(); /* This is needed because of the client cache expiration timestamp is based * on having a consensus. See cached_client_descriptor_has_expired(). */ @@ -1189,7 +1079,6 @@ test_close_intro_circuits_cache_clean(void *arg) circuit_free(circ); hs_descriptor_free(desc1); hs_free_all(); - rend_cache_free_all(); UNMOCK(networkstatus_get_reasonably_live_consensus); } @@ -1301,7 +1190,7 @@ test_socks_hs_errors(void *arg) /* Code path will log this exit so build it. */ ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest, NULL, NULL, NULL, &addr, - 4242); + 4242, NULL, false); /* Attach socks connection to this rendezvous circuit. */ ocirc->p_streams = ENTRY_TO_EDGE_CONN(socks_conn); /* Trigger the rendezvous failure. Timeout the circuit and free. */ @@ -1396,7 +1285,7 @@ test_close_intro_circuit_failure(void *arg) /* Code path will log this exit so build it. */ ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest, NULL, NULL, NULL, &addr, - 4242); + 4242, NULL, false); ed25519_pubkey_copy(ô->hs_ident->intro_auth_pk, &intro_kp.pubkey); /* We'll make for close the circuit for a timeout failure. It should _NOT_ @@ -1423,7 +1312,7 @@ test_close_intro_circuit_failure(void *arg) /* Code path will log this exit so build it. */ ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest, NULL, NULL, NULL, &addr, - 4242); + 4242, NULL, false); ed25519_pubkey_copy(ô->hs_ident->intro_auth_pk, &intro_kp.pubkey); /* On free, we should get an unreachable failure. */ @@ -1446,7 +1335,7 @@ test_close_intro_circuit_failure(void *arg) /* Code path will log this exit so build it. */ ocirc->build_state->chosen_exit = extend_info_new("TestNickname", digest, NULL, NULL, NULL, &addr, - 4242); + 4242, NULL, false); ed25519_pubkey_copy(ô->hs_ident->intro_auth_pk, &intro_kp.pubkey); circuit_mark_for_close(circ, END_CIRC_REASON_TIMEOUT); @@ -1554,8 +1443,6 @@ test_purge_ephemeral_client_auth(void *arg) } struct testcase_t hs_client_tests[] = { - { "e2e_rend_circuit_setup_legacy", test_e2e_rend_circuit_setup_legacy, - TT_FORK, NULL, NULL }, { "e2e_rend_circuit_setup", test_e2e_rend_circuit_setup, TT_FORK, NULL, NULL }, { "client_pick_intro", test_client_pick_intro, diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c index fccf638a07..347a5b7174 100644 --- a/src/test/test_hs_common.c +++ b/src/test/test_hs_common.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -787,7 +787,6 @@ test_parse_extended_hostname(void *arg) hostname_type_t type; char address1[] = "fooaddress.onion"; - char address2[] = "aaaaaaaaaaaaaaaa.onion"; char address3[] = "fooaddress.exit"; char address4[] = "www.torproject.org"; char address5[] = "foo.abcdefghijklmnop.onion"; @@ -803,9 +802,6 @@ test_parse_extended_hostname(void *arg) tt_assert(!parse_extended_hostname(address1, &type)); tt_int_op(type, OP_EQ, BAD_HOSTNAME); - tt_assert(!parse_extended_hostname(address2, &type)); - tt_int_op(type, OP_EQ, BAD_HOSTNAME); - tt_assert(parse_extended_hostname(address3, &type)); tt_int_op(type, OP_EQ, EXIT_HOSTNAME); diff --git a/src/test/test_hs_config.c b/src/test/test_hs_config.c index 20e6b014ee..74f823f897 100644 --- a/src/test/test_hs_config.c +++ b/src/test/test_hs_config.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -18,7 +18,6 @@ #include "feature/hs/hs_common.h" #include "feature/hs/hs_config.h" #include "feature/hs/hs_service.h" -#include "feature/rend/rendservice.h" static int helper_config_service(const char *conf, int validate_only) @@ -53,18 +52,6 @@ test_invalid_service(void *arg) teardown_capture_of_logs(); } - /* Version 2 not accepted anymore. */ - { - const char *conf = - "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs1\n" - "HiddenServiceVersion 2\n"; - setup_full_capture_of_logs(LOG_WARN); - ret = helper_config_service(conf, 1); - tt_int_op(ret, OP_EQ, -1); - expect_log_msg_containing("HiddenServiceVersion must be 3, not 2"); - teardown_capture_of_logs(); - } - /* Bad value of HiddenServiceAllowUnknownPorts. */ { const char *conf = @@ -194,7 +181,6 @@ test_valid_service(void *arg) (void) arg; - /* v3. */ { const char *conf = "HiddenServiceDir /tmp/tor-test-hs-RANDOM/hs2\n" @@ -342,8 +328,6 @@ test_staging_service_v3(void *arg) tt_int_op(ret, OP_EQ, 0); /* Ok, we have a service in our map! Registration went well. */ tt_int_op(get_hs_service_staging_list_size(), OP_EQ, 1); - /* Make sure we don't have a magic v2 service out of this. */ - tt_int_op(rend_num_services(), OP_EQ, 0); done: hs_free_all(); diff --git a/src/test/test_hs_control.c b/src/test/test_hs_control.c index 6e41c4994f..c32803b380 100644 --- a/src/test/test_hs_control.c +++ b/src/test/test_hs_control.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -7,15 +7,17 @@ **/ #define CONTROL_EVENTS_PRIVATE +#define CONTROL_CMD_PRIVATE #define HS_CLIENT_PRIVATE +#define HS_SERVICE_PRIVATE #include "core/or/or.h" #include "test/test.h" #include "test/test_helpers.h" #include "core/mainloop/connection.h" #include "feature/control/control.h" -#include "feature/control/control_events.h" #include "feature/control/control_cmd.h" +#include "feature/control/control_events.h" #include "feature/control/control_fmt.h" #include "feature/control/control_connection_st.h" #include "app/config/config.h" @@ -26,6 +28,7 @@ #include "feature/nodelist/node_st.h" #include "feature/nodelist/routerstatus_st.h" +#include "lib/container/smartlist.h" #include "lib/crypt_ops/crypto_format.h" #ifdef HAVE_SYS_STAT_H @@ -735,6 +738,130 @@ test_hs_control_add_onion_with_bad_pubkey(void *arg) tor_free(conn.current_cmd); } +/** Test that we can add the service via the control port. */ +static void +test_hs_control_add_auth_onion_service(void *arg) +{ + control_connection_t conn; + char *args = NULL, *cp1 = NULL; + size_t sz; + + (void) arg; + + hs_init(); + + memset(&conn, 0, sizeof(control_connection_t)); + TO_CONN(&conn)->outbuf = buf_new(); + conn.current_cmd = tor_strdup("ADD_ONION"); + args = tor_strdup("ED25519-V3:KLMQ4CLKwlDCHuMPn8j3od33cU5LhnrLNoZh7CWChl3VkY" + "pNAkeP5dGW8xeKR9HxQBWQ/w7Kr12lA/U8Pd/oxw== " + "ClientAuthV3=dz4q5xqlb4ldnbs72iarrml4ephk3du4i7o2cgiva5lwr6wkquja " + "Flags=V3Auth Port=9735,127.0.0.1"); + handle_control_command(&conn, (uint32_t) strlen(args), args); + cp1 = buf_get_contents(TO_CONN(&conn)->outbuf, &sz); + tt_str_op(cp1, OP_EQ, + "250-ServiceID=n35etu3yjxrqjpntmfziom5sjwspoydchmelc4xleoy4jk2u4lziz2yd\r\n" + "250-ClientAuthV3=dz4q5xqlb4ldnbs72iarrml4ephk3du4i7o2cgiva5lwr6wkquja\r\n" + "250 OK\r\n"); + tor_free(args); + tor_free(cp1); + + args = tor_strdup("ED25519-V3:iIU8EBi71qE7G6UTsROU1kWN0JMrRP/YukC0Xk5WLGyil3" + "gm4u3wEBXr+/TaCpXS+65Pcdqz+PG+4+oWHLN05A== " + "ClientAuthV3=dummy Flags=V3Auth Port=9735,127.0.0.1"); + handle_control_command(&conn, (uint32_t) strlen(args), args); + cp1 = buf_get_contents(TO_CONN(&conn)->outbuf, &sz); + tt_str_op(cp1, OP_EQ, "512 Cannot decode v3 client auth key\r\n"); + + done: + tor_free(args); + tor_free(cp1); + tor_free(conn.current_cmd); + buf_free(TO_CONN(&conn)->outbuf); + SMARTLIST_FOREACH(conn.ephemeral_onion_services, char *, + service, tor_free(service)); + smartlist_free(conn.ephemeral_onion_services); + hs_client_free_all(); +} + +/** Test that add_onion_helper_add_service can add the service. */ +static void +test_hs_control_add_onion_helper_add_service(void *arg) +{ + int hs_version_good, hs_version_bad; + add_onion_secret_key_t sk_good, sk_bad; + ed25519_public_key_t pk_good, pk_bad; + char *key_new_blob_good = NULL, *key_new_blob_bad = NULL; + const char *key_new_alg_good = NULL, *key_new_alg_bad = NULL; + hs_service_authorized_client_t *client_good, *client_bad; + smartlist_t *list_good, *list_bad; + hs_service_ht *global_map; + hs_port_config_t *portcfg; + smartlist_t *portcfgs; + char *address_out_good = NULL, *address_out_bad = NULL; + hs_service_t *service_good = NULL; + hs_service_t *service_bad = NULL; + + (void) arg; + + hs_init(); + global_map = get_hs_service_map(); + + portcfg = hs_parse_port_config("8080", ",", NULL); + portcfgs = smartlist_new(); + smartlist_add(portcfgs, portcfg); + + memset(&sk_good, 0, sizeof(sk_good)); + memset(&sk_bad, 0, sizeof(sk_bad)); + + add_onion_helper_keyarg("NEW:ED25519-V3", 0, &key_new_alg_good, + &key_new_blob_good, &sk_good, &hs_version_good, NULL); + add_onion_helper_keyarg("NEW:ED25519-V3", 0, &key_new_alg_bad, + &key_new_blob_bad, &sk_bad, &hs_version_bad, NULL); + + ed25519_public_key_generate(&pk_good, sk_good.v3); + ed25519_public_key_generate(&pk_bad, sk_bad.v3); + + client_good = parse_authorized_client_key( + "N2NU7BSRL6YODZCYPN4CREB54TYLKGIE2KYOQWLFYC23ZJVCE5DQ", LOG_INFO); + client_bad = parse_authorized_client_key("dummy", LOG_INFO); + + list_good = smartlist_new(); + smartlist_add(list_good, client_good); + + add_onion_helper_add_service(HS_VERSION_THREE, &sk_good, portcfgs, 1, 1, + list_good, &address_out_good); + + service_good = find_service(global_map, &pk_good); + tt_int_op(smartlist_len(service_good->config.clients), OP_EQ, 1); + + remove_service(global_map, service_good); + hs_service_free(service_good); + + list_bad = smartlist_new(); + smartlist_add(list_bad, client_bad); + + portcfg = hs_parse_port_config("8080", ",", NULL); + portcfgs = smartlist_new(); + smartlist_add(portcfgs, portcfg); + + add_onion_helper_add_service(HS_VERSION_THREE, &sk_bad, portcfgs, 1, 1, + list_bad, &address_out_bad); + + service_bad = find_service(global_map, &pk_bad); + + tt_int_op(smartlist_len(service_bad->config.clients), OP_EQ, 0); + + done: + tor_free(key_new_blob_good); + tor_free(key_new_blob_bad); + tor_free(address_out_good); + tor_free(address_out_bad); + + hs_service_free(service_good); + hs_service_free(service_bad); +} + struct testcase_t hs_control_tests[] = { { "hs_desc_event", test_hs_desc_event, TT_FORK, NULL, NULL }, @@ -748,6 +875,10 @@ struct testcase_t hs_control_tests[] = { test_hs_control_store_permanent_creds, TT_FORK, NULL, NULL }, { "hs_control_add_onion_with_bad_pubkey", test_hs_control_add_onion_with_bad_pubkey, TT_FORK, NULL, NULL }, + { "hs_control_add_auth_onion_service", + test_hs_control_add_auth_onion_service, TT_FORK, NULL, NULL}, + { "hs_control_add_onion_helper_add_service", + test_hs_control_add_onion_helper_add_service, TT_FORK, NULL, NULL}, END_OF_TESTCASES }; diff --git a/src/test/test_hs_descriptor.c b/src/test/test_hs_descriptor.c index b6e13c79a8..469e3c39f9 100644 --- a/src/test/test_hs_descriptor.c +++ b/src/test/test_hs_descriptor.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -24,6 +24,9 @@ #include "test/log_test_helpers.h" #include "test/rng_test_helpers.h" +#define TOR_CONGESTION_CONTROL_PRIVATE +#include "core/or/congestion_control_common.h" + #ifdef HAVE_CFLAG_WOVERLENGTH_STRINGS DISABLE_GCC_WARNING("-Woverlength-strings") /* We allow huge string constants in the unit tests, but not in the code @@ -247,6 +250,8 @@ test_decode_descriptor(void *arg) (void) arg; + congestion_control_set_cc_enabled(); + ret = ed25519_keypair_generate(&signing_kp, 0); tt_int_op(ret, OP_EQ, 0); desc = hs_helper_build_hs_desc_with_ip(&signing_kp); @@ -835,6 +840,44 @@ test_build_authorized_client(void *arg) testing_disable_prefilled_rng(); } +static void +test_validate_sendme(void *arg) +{ + (void)arg; + + /* Test basic operation: factors of 2X in either direction are OK */ + cc_sendme_inc = 31; + tt_assert(congestion_control_validate_sendme_increment(15)); + tt_assert(congestion_control_validate_sendme_increment(62)); + + /* Test basic operation: Exceeding 2X fails */ + cc_sendme_inc = 31; + tt_assert(!congestion_control_validate_sendme_increment(14)); + tt_assert(!congestion_control_validate_sendme_increment(63)); + + /* Test potential overflow conditions */ + cc_sendme_inc = 129; + tt_assert(congestion_control_validate_sendme_increment(255)); + tt_assert(congestion_control_validate_sendme_increment(64)); + tt_assert(!congestion_control_validate_sendme_increment(63)); + + cc_sendme_inc = 127; + tt_assert(!congestion_control_validate_sendme_increment(255)); + tt_assert(congestion_control_validate_sendme_increment(254)); + + cc_sendme_inc = 255; + tt_assert(congestion_control_validate_sendme_increment(255)); + tt_assert(congestion_control_validate_sendme_increment(127)); + tt_assert(!congestion_control_validate_sendme_increment(126)); + + /* Test 0 case */ + cc_sendme_inc = 1; + tt_assert(!congestion_control_validate_sendme_increment(0)); + +done: + ; +} + struct testcase_t hs_descriptor[] = { /* Encoding tests. */ { "cert_encoding", test_cert_encoding, TT_FORK, @@ -855,6 +898,8 @@ struct testcase_t hs_descriptor[] = { NULL, NULL }, { "decode_bad_signature", test_decode_bad_signature, TT_FORK, NULL, NULL }, + { "validate_sendme", test_validate_sendme, TT_FORK, + NULL, NULL }, /* Misc. */ { "version", test_supported_version, TT_FORK, diff --git a/src/test/test_hs_dos.c b/src/test/test_hs_dos.c index 642513efce..70f2ef412f 100644 --- a/src/test/test_hs_dos.c +++ b/src/test/test_hs_dos.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c index 5f7dfc4f84..cbcdeade92 100644 --- a/src/test/test_hs_intropoint.c +++ b/src/test/test_hs_intropoint.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -21,7 +21,6 @@ #include "core/or/circuituse.h" #include "ht.h" #include "core/or/relay.h" -#include "feature/rend/rendservice.h" #include "feature/hs/hs_cell.h" #include "feature/hs/hs_circuitmap.h" @@ -34,9 +33,9 @@ #include "core/or/or_circuit_st.h" /* Trunnel. */ +#include "trunnel/extension.h" #include "trunnel/hs/cell_establish_intro.h" #include "trunnel/hs/cell_introduce1.h" -#include "trunnel/hs/cell_common.h" static size_t new_establish_intro_cell(const char *circ_nonce, @@ -160,8 +159,8 @@ helper_create_introduce1_cell(void) /* Set the cell extensions to none. */ { - trn_cell_extension_t *ext = trn_cell_extension_new(); - trn_cell_extension_set_num(ext, 0); + trn_extension_t *ext = trn_extension_new(); + trn_extension_set_num(ext, 0); trn_cell_introduce1_set_extensions(cell, ext); } @@ -535,7 +534,7 @@ test_circuitmap_free_all(void) ; } -/** Successfully register a v2 intro point and a v3 intro point. Ensure that HS +/** Successfully register a v3 intro point. Ensure that HS * circuitmap is maintained properly. */ static void test_intro_point_registration(void *arg) @@ -656,31 +655,6 @@ test_introduce1_suitable_circuit(void *arg) } static void -test_introduce1_is_legacy(void *arg) -{ - int ret; - uint8_t request[256]; - - (void) arg; - - /* For a cell to be considered legacy, according to the specification, the - * first 20 bytes MUST BE non-zero else it's a v3 cell. */ - memset(request, 'a', DIGEST_LEN); - memset(request + DIGEST_LEN, 0, sizeof(request) - DIGEST_LEN); - ret = introduce1_cell_is_legacy(request); - tt_int_op(ret, OP_EQ, 1); - - /* This is a NON legacy cell. */ - memset(request, 0, DIGEST_LEN); - memset(request + DIGEST_LEN, 'a', sizeof(request) - DIGEST_LEN); - ret = introduce1_cell_is_legacy(request); - tt_int_op(ret, OP_EQ, 0); - - done: - ; -} - -static void test_introduce1_validation(void *arg) { int ret; @@ -693,20 +667,6 @@ test_introduce1_validation(void *arg) cell = helper_create_introduce1_cell(); tt_assert(cell); -#ifndef ALL_BUGS_ARE_FATAL - /* It should NOT be a legacy cell which will trigger a BUG(). */ - memset(cell->legacy_key_id, 'a', sizeof(cell->legacy_key_id)); - tor_capture_bugs_(1); - ret = validate_introduce1_parsed_cell(cell); - tor_end_capture_bugs_(); - tt_int_op(ret, OP_EQ, -1); -#endif /* !defined(ALL_BUGS_ARE_FATAL) */ - - /* Reset legacy ID and make sure it's correct. */ - memset(cell->legacy_key_id, 0, sizeof(cell->legacy_key_id)); - ret = validate_introduce1_parsed_cell(cell); - tt_int_op(ret, OP_EQ, 0); - /* Non existing auth key type. */ cell->auth_key_type = 42; ret = validate_introduce1_parsed_cell(cell); @@ -813,35 +773,6 @@ test_received_introduce1_handling(void *arg) tt_int_op(ret, OP_EQ, 0); } - /* Valid legacy cell. */ - { - tor_free(request); - trn_cell_introduce1_free(cell); - cell = helper_create_introduce1_cell(); - uint8_t *legacy_key_id = trn_cell_introduce1_getarray_legacy_key_id(cell); - memset(legacy_key_id, 'a', DIGEST_LEN); - /* Add an arbitrary amount of data for the payload of a v2 cell. */ - size_t request_len = trn_cell_introduce1_encoded_len(cell) + 256; - tt_size_op(request_len, OP_GT, 0); - request = tor_malloc_zero(request_len + 256); - ssize_t encoded_len = - trn_cell_introduce1_encode(request, request_len, cell); - tt_int_op((int)encoded_len, OP_GT, 0); - - circ = helper_create_intro_circuit(); - or_circuit_t *service_circ = helper_create_intro_circuit(); - circuit_change_purpose(TO_CIRCUIT(service_circ), - CIRCUIT_PURPOSE_INTRO_POINT); - /* Register the circuit in the map for the auth key of the cell. */ - uint8_t token[REND_TOKEN_LEN]; - memcpy(token, legacy_key_id, sizeof(token)); - hs_circuitmap_register_intro_circ_v2_relay_side(service_circ, token); - ret = hs_intro_received_introduce1(circ, request, request_len); - circuit_free_(TO_CIRCUIT(circ)); - circuit_free_(TO_CIRCUIT(service_circ)); - tt_int_op(ret, OP_EQ, 0); - } - done: trn_cell_introduce1_free(cell); tor_free(request); @@ -1045,9 +976,6 @@ struct testcase_t hs_intropoint_tests[] = { { "introduce1_suitable_circuit", test_introduce1_suitable_circuit, TT_FORK, NULL, &test_setup}, - { "introduce1_is_legacy", - test_introduce1_is_legacy, TT_FORK, NULL, &test_setup}, - { "introduce1_validation", test_introduce1_validation, TT_FORK, NULL, &test_setup}, diff --git a/src/test/test_hs_metrics.c b/src/test/test_hs_metrics.c index 326212ae1d..8625933df7 100644 --- a/src/test/test_hs_metrics.c +++ b/src/test/test_hs_metrics.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_hs_ntor.c b/src/test/test_hs_ntor.c index 7867740a1a..c507b95a60 100644 --- a/src/test/test_hs_ntor.c +++ b/src/test/test_hs_ntor.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_hs_ntor_cl.c b/src/test/test_hs_ntor_cl.c index 3acd7ef0bc..cbce9c45b5 100644 --- a/src/test/test_hs_ntor_cl.c +++ b/src/test/test_hs_ntor_cl.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** This is a wrapper over the little-t-tor HS ntor functions. The wrapper is diff --git a/src/test/test_hs_ob.c b/src/test/test_hs_ob.c index 7f40187b5f..2f69bf31e0 100644 --- a/src/test/test_hs_ob.c +++ b/src/test/test_hs_ob.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -174,6 +174,7 @@ test_get_subcredentials(void *arg) hs_subcredential_t *subcreds = NULL; (void) arg; + memset(&config, 0, sizeof(config)); MOCK(networkstatus_get_live_consensus, mock_networkstatus_get_live_consensus); diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index 287d25f825..482ee1a014 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -26,7 +26,6 @@ #include "test/test.h" #include "test/test_helpers.h" #include "test/log_test_helpers.h" -#include "test/rend_test_helpers.h" #include "test/hs_test_helpers.h" #include "core/or/or.h" @@ -58,7 +57,6 @@ #include "feature/hs/hs_service.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nodelist.h" -#include "feature/rend/rendservice.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/fs/dir.h" @@ -343,7 +341,6 @@ helper_create_service_with_clients(int num_clients) int i; hs_service_t *service = helper_create_service(); tt_assert(service); - service->config.is_client_auth_enabled = 1; service->config.clients = smartlist_new(); for (i = 0; i < num_clients; i++) { @@ -383,14 +380,13 @@ test_load_keys(void *arg) { int ret; char *conf = NULL; - char *hsdir_v2 = tor_strdup(get_fname("hs2")); char *hsdir_v3 = tor_strdup(get_fname("hs3")); char addr[HS_SERVICE_ADDR_LEN_BASE32 + 1]; (void) arg; - /* We'll register two services, a v2 and a v3, then we'll load keys and - * validate that both are in a correct state. */ + /* We'll register one service then we'll load keys and validate that both + * are in a correct state. */ hs_init(); @@ -399,12 +395,6 @@ test_load_keys(void *arg) "HiddenServiceVersion %d\n" \ "HiddenServicePort 65535\n" - /* v2 service. */ - tor_asprintf(&conf, conf_fmt, hsdir_v2, HS_VERSION_TWO); - ret = helper_config_service(conf); - tor_free(conf); - tt_int_op(ret, OP_EQ, -1); - /* v3 service. */ tor_asprintf(&conf, conf_fmt, hsdir_v3, HS_VERSION_THREE); ret = helper_config_service(conf); @@ -434,11 +424,7 @@ test_load_keys(void *arg) tt_int_op(hs_address_is_valid(addr), OP_EQ, 1); tt_str_op(addr, OP_EQ, s->onion_address); - /* Check that the is_client_auth_enabled is not set. */ - tt_assert(!s->config.is_client_auth_enabled); - done: - tor_free(hsdir_v2); tor_free(hsdir_v3); hs_free_all(); } @@ -587,9 +573,6 @@ test_load_keys_with_client_auth(void *arg) tt_int_op(smartlist_len(service->config.clients), OP_EQ, smartlist_len(pubkey_b32_list)); - /* Test that the is_client_auth_enabled flag is set. */ - tt_assert(service->config.is_client_auth_enabled); - /* Test that the keys in clients are correct. */ SMARTLIST_FOREACH_BEGIN(pubkey_b32_list, char *, pubkey_b32) { @@ -631,8 +614,8 @@ test_access_service(void *arg) (void) arg; - /* We'll register two services, a v2 and a v3, then we'll load keys and - * validate that both are in a correct state. */ + /* We'll register one service then we'll load keys and validate that both + * are in a correct state. */ hs_init(); @@ -2347,6 +2330,7 @@ test_intro2_handling(void *arg) intro_circ->cpath->prev = intro_circ->cpath; intro_circ->hs_ident = tor_malloc_zero(sizeof(*intro_circ->hs_ident)); origin_circuit_t rend_circ; + TO_CIRCUIT(&rend_circ)->ccontrol = NULL; rend_circ.hs_ident = tor_malloc_zero(sizeof(*rend_circ.hs_ident)); curve25519_keypair_generate(&rend_circ.hs_ident->rendezvous_client_kp, 0); memset(rend_circ.hs_ident->rendezvous_cookie, 'r', HS_REND_COOKIE_LEN); diff --git a/src/test/test_include.sh b/src/test/test_include.sh index 6cf695fe44..10d3bc502d 100755 --- a/src/test/test_include.sh +++ b/src/test/test_include.sh @@ -48,6 +48,9 @@ if "${TOR_BINARY}" --list-modules | grep -q "relay: no"; then fi tmpdir= +# For some reasons, shellcheck is not seeing that we can call this +# function from the trap below. +# shellcheck disable=SC2317 clean () { if [ -n "$tmpdir" ] && [ -d "$tmpdir" ]; then rm -rf "$tmpdir" diff --git a/src/test/test_introduce.c b/src/test/test_introduce.c deleted file mode 100644 index 0ae78496b2..0000000000 --- a/src/test/test_introduce.c +++ /dev/null @@ -1,539 +0,0 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -#include "orconfig.h" -#include "lib/crypt_ops/crypto_cipher.h" -#include "core/or/or.h" -#include "test/test.h" - -#define RENDSERVICE_PRIVATE -#include "feature/rend/rendservice.h" - -static uint8_t v0_test_plaintext[] = - /* 20 bytes of rendezvous point nickname */ - { 0x4e, 0x69, 0x63, 0x6b, 0x6e, 0x61, 0x6d, 0x65, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, - /* 20 bytes dummy rendezvous cookie */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, - /* 128 bytes dummy DH handshake data */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 }; - -static uint8_t v1_test_plaintext[] = - /* Version byte */ - { 0x01, - /* 42 bytes of dummy rendezvous point hex digest */ - 0x24, 0x30, 0x30, 0x30, 0x31, 0x30, 0x32, 0x30, - 0x33, 0x30, 0x34, 0x30, 0x35, 0x30, 0x36, 0x30, - 0x37, 0x30, 0x38, 0x30, 0x39, 0x30, 0x41, 0x30, - 0x42, 0x30, 0x43, 0x30, 0x44, 0x30, 0x45, 0x30, - 0x46, 0x31, 0x30, 0x31, 0x31, 0x31, 0x32, 0x31, - 0x33, 0x00, - /* 20 bytes dummy rendezvous cookie */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, - /* 128 bytes dummy DH handshake data */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 }; - -static uint8_t v2_test_plaintext[] = - /* Version byte */ - { 0x02, - /* 4 bytes rendezvous point's IP address */ - 0xc0, 0xa8, 0x00, 0x01, - /* 2 bytes rendezvous point's OR port */ - 0x23, 0x5a, - /* 20 bytes dummy rendezvous point's identity digest */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, - /* 2 bytes length of onion key */ - 0x00, 0x8c, - /* Onion key (140 bytes taken from live test) */ - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1, - 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8, - 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4, - 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6, - 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61, - 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa, - 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11, - 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1, - 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d, - 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0, - 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f, - 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4, - 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31, - 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb, - 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f, - 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92, - 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02, - 0x03, 0x01, 0x00, 0x01, - /* 20 bytes dummy rendezvous cookie */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, - /* 128 bytes dummy DH handshake data */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 }; - -static uint8_t v3_no_auth_test_plaintext[] = - /* Version byte */ - { 0x03, - /* Auth type (0 for no auth len/auth data) */ - 0x00, - /* Timestamp */ - 0x50, 0x0b, 0xb5, 0xaa, - /* 4 bytes rendezvous point's IP address */ - 0xc0, 0xa8, 0x00, 0x01, - /* 2 bytes rendezvous point's OR port */ - 0x23, 0x5a, - /* 20 bytes dummy rendezvous point's identity digest */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, - /* 2 bytes length of onion key */ - 0x00, 0x8c, - /* Onion key (140 bytes taken from live test) */ - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1, - 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8, - 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4, - 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6, - 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61, - 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa, - 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11, - 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1, - 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d, - 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0, - 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f, - 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4, - 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31, - 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb, - 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f, - 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92, - 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02, - 0x03, 0x01, 0x00, 0x01, - /* 20 bytes dummy rendezvous cookie */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, - /* 128 bytes dummy DH handshake data */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 }; - -static uint8_t v3_basic_auth_test_plaintext[] = - /* Version byte */ - { 0x03, - /* Auth type (1 for REND_BASIC_AUTH) */ - 0x01, - /* Auth len (must be 16 bytes for REND_BASIC_AUTH) */ - 0x00, 0x10, - /* Auth data (a 16-byte dummy descriptor cookie) */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - /* Timestamp */ - 0x50, 0x0b, 0xb5, 0xaa, - /* 4 bytes rendezvous point's IP address */ - 0xc0, 0xa8, 0x00, 0x01, - /* 2 bytes rendezvous point's OR port */ - 0x23, 0x5a, - /* 20 bytes dummy rendezvous point's identity digest */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, - /* 2 bytes length of onion key */ - 0x00, 0x8c, - /* Onion key (140 bytes taken from live test) */ - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xb1, - 0xcd, 0x46, 0xa9, 0x18, 0xd2, 0x0f, 0x01, 0xf8, - 0xb2, 0xad, 0xa4, 0x79, 0xb4, 0xbb, 0x4b, 0xf4, - 0x54, 0x1e, 0x3f, 0x03, 0x54, 0xcf, 0x7c, 0xb6, - 0xb5, 0xf0, 0xfe, 0xed, 0x4b, 0x7d, 0xd7, 0x61, - 0xdb, 0x6d, 0xd9, 0x19, 0xe2, 0x72, 0x04, 0xaa, - 0x3e, 0x89, 0x26, 0x14, 0x62, 0x9a, 0x6c, 0x11, - 0x0b, 0x35, 0x99, 0x2c, 0x9f, 0x2c, 0x64, 0xa1, - 0xd9, 0xe2, 0x88, 0xce, 0xf6, 0x54, 0xfe, 0x1d, - 0x37, 0x5e, 0x6d, 0x73, 0x95, 0x54, 0x90, 0xf0, - 0x7b, 0xfa, 0xd4, 0x44, 0xac, 0xb2, 0x23, 0x9f, - 0x75, 0x36, 0xe2, 0x78, 0x62, 0x82, 0x80, 0xa4, - 0x23, 0x22, 0xc9, 0xbf, 0xc4, 0x36, 0xd1, 0x31, - 0x33, 0x8e, 0x64, 0xb4, 0xa9, 0x74, 0xa1, 0xcb, - 0x42, 0x8d, 0x60, 0xc7, 0xbb, 0x8e, 0x6e, 0x0f, - 0x36, 0x74, 0x8e, 0xf4, 0x08, 0x99, 0x06, 0x92, - 0xb1, 0x3f, 0xb3, 0xdd, 0xed, 0xf7, 0xc9, 0x02, - 0x03, 0x01, 0x00, 0x01, - /* 20 bytes dummy rendezvous cookie */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, - /* 128 bytes dummy DH handshake data */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x0f, 0x0e, 0x0d, 0x0c, 0x0b, 0x0a, 0x09, 0x08, - 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00 }; - -static void do_decrypt_test(uint8_t *plaintext, size_t plaintext_len); -static void do_early_parse_test(uint8_t *plaintext, size_t plaintext_len); -static void do_late_parse_test(uint8_t *plaintext, size_t plaintext_len); -static void do_parse_test(uint8_t *plaintext, size_t plaintext_len, int phase); -static ssize_t make_intro_from_plaintext( - void *buf, size_t len, crypto_pk_t *key, void **cell_out); - -#define EARLY_PARSE_ONLY 1 -#define DECRYPT_ONLY 2 -#define ALL_PARSING 3 - -static void -do_early_parse_test(uint8_t *plaintext, size_t plaintext_len) -{ - do_parse_test(plaintext, plaintext_len, EARLY_PARSE_ONLY); -} - -static void -do_decrypt_test(uint8_t *plaintext, size_t plaintext_len) -{ - do_parse_test(plaintext, plaintext_len, DECRYPT_ONLY); -} - -static void -do_late_parse_test(uint8_t *plaintext, size_t plaintext_len) -{ - do_parse_test(plaintext, plaintext_len, ALL_PARSING); -} - -/** Test utility function: checks that the <b>plaintext_len</b>-byte string at - * <b>plaintext</b> is at least superficially parseable. - */ -static void -do_parse_test(uint8_t *plaintext, size_t plaintext_len, int phase) -{ - crypto_pk_t *k = NULL; - ssize_t r; - uint8_t *cell = NULL; - size_t cell_len; - rend_intro_cell_t *parsed_req = NULL; - char *err_msg = NULL; - char digest[DIGEST_LEN]; - - /* Get a key */ - k = crypto_pk_new(); - tt_assert(k); - r = crypto_pk_read_private_key_from_string(k, AUTHORITY_SIGNKEY_1, -1); - tt_assert(!r); - - /* Get digest for future comparison */ - r = crypto_pk_get_digest(k, digest); - tt_assert(r >= 0); - - /* Make a cell out of it */ - r = make_intro_from_plaintext( - plaintext, plaintext_len, - k, (void **)(&cell)); - tt_assert(r > 0); - tt_assert(cell); - cell_len = r; - - /* Do early parsing */ - parsed_req = rend_service_begin_parse_intro(cell, cell_len, 2, &err_msg); - tt_assert(parsed_req); - tt_ptr_op(err_msg, OP_EQ, NULL); - tt_mem_op(parsed_req->pk,OP_EQ, digest, DIGEST_LEN); - tt_assert(parsed_req->ciphertext); - tt_assert(parsed_req->ciphertext_len > 0); - - if (phase == EARLY_PARSE_ONLY) - goto done; - - /* Do decryption */ - r = rend_service_decrypt_intro(parsed_req, k, &err_msg); - tt_assert(!r); - tt_ptr_op(err_msg, OP_EQ, NULL); - tt_assert(parsed_req->plaintext); - tt_assert(parsed_req->plaintext_len > 0); - - if (phase == DECRYPT_ONLY) - goto done; - - /* Do late parsing */ - r = rend_service_parse_intro_plaintext(parsed_req, &err_msg); - tt_assert(!r); - tt_ptr_op(err_msg, OP_EQ, NULL); - tt_assert(parsed_req->parsed); - - done: - tor_free(cell); - crypto_pk_free(k); - rend_service_free_intro(parsed_req); - tor_free(err_msg); -} - -/** Given the plaintext of the encrypted part of an INTRODUCE1/2 and a key, - * construct the encrypted cell for testing. - */ - -static ssize_t -make_intro_from_plaintext( - void *buf, size_t len, crypto_pk_t *key, void **cell_out) -{ - char *cell = NULL; - ssize_t cell_len = -1, r; - /* Assemble key digest and ciphertext, then construct the cell */ - ssize_t ciphertext_size; - - if (!(buf && key && len > 0 && cell_out)) goto done; - - /* - * Figure out an upper bound on how big the ciphertext will be - * (see crypto_pk_obsolete_public_hybrid_encrypt()) - */ - ciphertext_size = PKCS1_OAEP_PADDING_OVERHEAD; - ciphertext_size += crypto_pk_keysize(key); - ciphertext_size += CIPHER_KEY_LEN; - ciphertext_size += len; - - /* - * Allocate space for the cell - */ - cell = tor_malloc(DIGEST_LEN + ciphertext_size); - - /* Compute key digest (will be first DIGEST_LEN octets of cell) */ - r = crypto_pk_get_digest(key, cell); - tt_assert(r >= 0); - - /* Do encryption */ - r = crypto_pk_obsolete_public_hybrid_encrypt( - key, cell + DIGEST_LEN, ciphertext_size, - buf, len, - PK_PKCS1_OAEP_PADDING, 0); - tt_assert(r >= 0); - - /* Figure out cell length */ - cell_len = DIGEST_LEN + r; - - /* Output the cell */ - *cell_out = cell; - cell = NULL; - - done: - tor_free(cell); - return cell_len; -} - -/** Test v0 INTRODUCE2 parsing through decryption only - */ - -static void -test_introduce_decrypt_v0(void *arg) -{ - (void)arg; - do_decrypt_test(v0_test_plaintext, sizeof(v0_test_plaintext)); -} - -/** Test v1 INTRODUCE2 parsing through decryption only - */ - -static void -test_introduce_decrypt_v1(void *arg) -{ - (void)arg; - do_decrypt_test(v1_test_plaintext, sizeof(v1_test_plaintext)); -} - -/** Test v2 INTRODUCE2 parsing through decryption only - */ - -static void -test_introduce_decrypt_v2(void *arg) -{ - (void)arg; - do_decrypt_test(v2_test_plaintext, sizeof(v2_test_plaintext)); -} - -/** Test v3 INTRODUCE2 parsing through decryption only - */ - -static void -test_introduce_decrypt_v3(void *arg) -{ - (void)arg; - do_decrypt_test( - v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext)); - do_decrypt_test( - v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext)); -} - -/** Test v0 INTRODUCE2 parsing through early parsing only - */ - -static void -test_introduce_early_parse_v0(void *arg) -{ - (void)arg; - do_early_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext)); -} - -/** Test v1 INTRODUCE2 parsing through early parsing only - */ - -static void -test_introduce_early_parse_v1(void *arg) -{ - (void)arg; - do_early_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext)); -} - -/** Test v2 INTRODUCE2 parsing through early parsing only - */ - -static void -test_introduce_early_parse_v2(void *arg) -{ - (void)arg; - do_early_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext)); -} - -/** Test v3 INTRODUCE2 parsing through early parsing only - */ - -static void -test_introduce_early_parse_v3(void *arg) -{ - (void)arg; - do_early_parse_test( - v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext)); - do_early_parse_test( - v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext)); -} - -/** Test v0 INTRODUCE2 parsing - */ - -static void -test_introduce_late_parse_v0(void *arg) -{ - (void)arg; - do_late_parse_test(v0_test_plaintext, sizeof(v0_test_plaintext)); -} - -/** Test v1 INTRODUCE2 parsing - */ - -static void -test_introduce_late_parse_v1(void *arg) -{ - (void)arg; - do_late_parse_test(v1_test_plaintext, sizeof(v1_test_plaintext)); -} - -/** Test v2 INTRODUCE2 parsing - */ - -static void -test_introduce_late_parse_v2(void *arg) -{ - (void)arg; - do_late_parse_test(v2_test_plaintext, sizeof(v2_test_plaintext)); -} - -/** Test v3 INTRODUCE2 parsing - */ - -static void -test_introduce_late_parse_v3(void *arg) -{ - (void)arg; - do_late_parse_test( - v3_no_auth_test_plaintext, sizeof(v3_no_auth_test_plaintext)); - do_late_parse_test( - v3_basic_auth_test_plaintext, sizeof(v3_basic_auth_test_plaintext)); -} - -#define INTRODUCE_LEGACY(name) \ - { #name, test_introduce_ ## name , 0, NULL, NULL } - -struct testcase_t introduce_tests[] = { - INTRODUCE_LEGACY(early_parse_v0), - INTRODUCE_LEGACY(early_parse_v1), - INTRODUCE_LEGACY(early_parse_v2), - INTRODUCE_LEGACY(early_parse_v3), - INTRODUCE_LEGACY(decrypt_v0), - INTRODUCE_LEGACY(decrypt_v1), - INTRODUCE_LEGACY(decrypt_v2), - INTRODUCE_LEGACY(decrypt_v3), - INTRODUCE_LEGACY(late_parse_v0), - INTRODUCE_LEGACY(late_parse_v1), - INTRODUCE_LEGACY(late_parse_v2), - INTRODUCE_LEGACY(late_parse_v3), - END_OF_TESTCASES -}; diff --git a/src/test/test_key_expiration.sh b/src/test/test_key_expiration.sh index 1ba8179aa1..2e2745e0a3 100755 --- a/src/test/test_key_expiration.sh +++ b/src/test/test_key_expiration.sh @@ -107,7 +107,7 @@ TOR="${TOR_BINARY} --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --Ex # Step 1: Start Tor with --list-fingerprint --quiet. Make sure everything is there. echo "Setup step #1" -${TOR} --list-fingerprint ${SILENTLY} > /dev/null +${TOR} ${SILENTLY} --list-fingerprint > /dev/null check_dir "${DATA_DIR}/keys" check_file "${DATA_DIR}/keys/ed25519_master_id_public_key" diff --git a/src/test/test_keygen.sh b/src/test/test_keygen.sh index 6812f8883d..be1fde9e32 100755 --- a/src/test/test_keygen.sh +++ b/src/test/test_keygen.sh @@ -120,7 +120,7 @@ TOR="${TOR_BINARY} ${QUIETLY} --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort # Step 1: Start Tor with --list-fingerprint --quiet. Make sure everything is there. mkdir "${DATA_DIR}/orig" -${TOR} --DataDirectory "${DATA_DIR}/orig" --list-fingerprint ${SILENTLY} > /dev/null +${TOR} --DataDirectory "${DATA_DIR}/orig" ${SILENTLY} --list-fingerprint > /dev/null check_dir "${DATA_DIR}/orig/keys" check_file "${DATA_DIR}/orig/keys/ed25519_master_id_public_key" @@ -206,7 +206,7 @@ SRC="${DATA_DIR}/orig" mkdir -p "${ME}/keys" cp "${SRC}/keys/ed25519_master_id_"* "${ME}/keys/" -${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} >/dev/null || die "Tor failed when starting with only master key" +${TOR} --DataDirectory "${ME}" ${SILENTLY} --list-fingerprint >/dev/null || die "Tor failed when starting with only master key" check_files_eq "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/ed25519_master_id_public_key" check_files_eq "${SRC}/keys/ed25519_master_id_secret_key" "${ME}/keys/ed25519_master_id_secret_key" check_file "${ME}/keys/ed25519_signing_cert" @@ -264,11 +264,11 @@ SRC="${DATA_DIR}/orig" mkdir -p "${ME}/keys" cp "${SRC}/keys/ed25519_master_id_secret_key" "${ME}/keys/" -${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} > "${ME}/fp1" || die "Tor wouldn't start with only unencrypted secret key" +${TOR} --DataDirectory "${ME}" ${SILENTLY} --list-fingerprint > "${ME}/fp1" || die "Tor wouldn't start with only unencrypted secret key" check_file "${ME}/keys/ed25519_master_id_public_key" check_file "${ME}/keys/ed25519_signing_cert" check_file "${ME}/keys/ed25519_signing_secret_key" -${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} > "${ME}/fp2" || die "Tor wouldn't start again after starting once with only unencrypted secret key." +${TOR} --DataDirectory "${ME}" ${SILENTLY} --list-fingerprint > "${ME}/fp2" || die "Tor wouldn't start again after starting once with only unencrypted secret key." check_files_eq "${ME}/fp1" "${ME}/fp2" @@ -330,7 +330,7 @@ cp "${SRC}/keys/ed25519_master_id_secret_key" "${ME}/keys/" cp "${SRC}/keys/ed25519_signing_cert" "${ME}/keys/" cp "${SRC}/keys/ed25519_signing_secret_key" "${ME}/keys/" -${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} >/dev/null || die "Failed when starting with missing public key" +${TOR} --DataDirectory "${ME}" ${SILENTLY} --list-fingerprint >/dev/null || die "Failed when starting with missing public key" check_keys_eq ed25519_master_id_secret_key check_keys_eq ed25519_master_id_public_key check_keys_eq ed25519_signing_secret_key @@ -352,7 +352,7 @@ cp "${SRC}/keys/ed25519_master_id_public_key" "${ME}/keys/" cp "${SRC}/keys/ed25519_signing_cert" "${ME}/keys/" cp "${SRC}/keys/ed25519_signing_secret_key" "${ME}/keys/" -${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} >/dev/null || die "Failed when starting with offline secret key" +${TOR} --DataDirectory "${ME}" ${SILENTLY} --list-fingerprint >/dev/null || die "Failed when starting with offline secret key" check_no_file "${ME}/keys/ed25519_master_id_secret_key" check_keys_eq ed25519_master_id_public_key check_keys_eq ed25519_signing_secret_key @@ -373,7 +373,7 @@ mkdir -p "${ME}/keys" cp "${SRC}/keys/ed25519_signing_cert" "${ME}/keys/" cp "${SRC}/keys/ed25519_signing_secret_key" "${ME}/keys/" -${TOR} --DataDirectory "${ME}" --list-fingerprint ${SILENTLY} >/dev/null || die "Failed when starting with only signing material" +${TOR} --DataDirectory "${ME}" ${SILENTLY} --list-fingerprint >/dev/null || die "Failed when starting with only signing material" check_no_file "${ME}/keys/ed25519_master_id_secret_key" check_file "${ME}/keys/ed25519_master_id_public_key" check_keys_eq ed25519_signing_secret_key diff --git a/src/test/test_keypin.c b/src/test/test_keypin.c index ff6397f8c7..7b73e94b3a 100644 --- a/src/test/test_keypin.c +++ b/src/test/test_keypin.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_link_handshake.c b/src/test/test_link_handshake.c index 06af299056..c9ddc843ac 100644 --- a/src/test/test_link_handshake.c +++ b/src/test/test_link_handshake.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_logging.c b/src/test/test_logging.c index 58d0f24bd3..a77136deec 100644 --- a/src/test/test_logging.c +++ b/src/test/test_logging.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONFIG_PRIVATE diff --git a/src/test/test_mainloop.c b/src/test/test_mainloop.c index c4e60d9da5..ccd3378be5 100644 --- a/src/test/test_mainloop.c +++ b/src/test/test_mainloop.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -231,6 +231,8 @@ test_mainloop_check_participation(void *arg) const time_t start = 1542658829; const time_t ONE_DAY = 24*60*60; + options->DormantTimeoutEnabled = 1; + // Suppose we've been idle for a day or two reset_user_activity(start - 2*ONE_DAY); set_network_participation(true); diff --git a/src/test/test_metrics.c b/src/test/test_metrics.c index 58628e8483..ba1a763f0c 100644 --- a/src/test/test_metrics.c +++ b/src/test/test_metrics.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2020, The Tor Project, Inc. */ +/* Copyright (c) 2020-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_microdesc.c b/src/test/test_microdesc.c index 6bd1f56859..c564805ecf 100644 --- a/src/test/test_microdesc.c +++ b/src/test/test_microdesc.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_namemap.c b/src/test/test_namemap.c index e93d3fbc3c..4397784170 100644 --- a/src/test/test_namemap.c +++ b/src/test/test_namemap.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "test/test.h" diff --git a/src/test/test_netinfo.c b/src/test/test_netinfo.c index 93892978dc..03a7a8a905 100644 --- a/src/test/test_netinfo.c +++ b/src/test/test_netinfo.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_nodelist.c b/src/test/test_nodelist.c index 96fb5a65ad..250db9a964 100644 --- a/src/test/test_nodelist.c +++ b/src/test/test_nodelist.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_ntor_cl.c b/src/test/test_ntor_cl.c index a1508d0afc..94270f1fd6 100644 --- a/src/test/test_ntor_cl.c +++ b/src/test/test_ntor_cl.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_ntor_v3.c b/src/test/test_ntor_v3.c new file mode 100644 index 0000000000..1d06403076 --- /dev/null +++ b/src/test/test_ntor_v3.c @@ -0,0 +1,311 @@ +/* Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "orconfig.h" +#define ONION_NTOR_V3_PRIVATE +#include "core/or/or.h" +#include "test/test.h" +#include "lib/crypt_ops/crypto_curve25519.h" +#include "lib/crypt_ops/crypto_ed25519.h" +#include "core/crypto/onion_ntor_v3.h" +#include "core/crypto/onion_crypto.h" +#include "core/or/extend_info_st.h" +#include "core/or/crypt_path_st.h" +#define TOR_CONGESTION_CONTROL_PRIVATE +#include "core/or/congestion_control_common.h" +#include "app/config/config.h" + +#define unhex(arry, s) \ + { tt_int_op(sizeof(arry), OP_EQ, \ + base16_decode((char*)arry, sizeof(arry), s, strlen(s))); \ + } + +static void +test_ntor3_testvecs(void *arg) +{ + (void)arg; + char *mem_op_hex_tmp = NULL; // temp val to make test_memeq_hex work. + + ntor3_server_handshake_state_t *relay_state = NULL; + uint8_t *onion_skin = NULL; + size_t onion_skin_len; + ntor3_handshake_state_t *client_state = NULL; + uint8_t *cm = NULL, *sm = NULL; + size_t cm_len, sm_len; + di_digest256_map_t *private_keys = NULL; + uint8_t *server_handshake = NULL; + size_t server_handshake_len; + + // Test vectors from python implementation, confirmed with rust + // implementation. + curve25519_keypair_t relay_keypair_b; + curve25519_keypair_t client_keypair_x; + curve25519_keypair_t relay_keypair_y; + ed25519_public_key_t relay_id; + + unhex(relay_keypair_b.seckey.secret_key, + "4051daa5921cfa2a1c27b08451324919538e79e788a81b38cbed097a5dff454a"); + unhex(relay_keypair_b.pubkey.public_key, + "f8307a2bc1870b00b828bb74dbb8fd88e632a6375ab3bcd1ae706aaa8b6cdd1d"); + unhex(relay_id.pubkey, + "9fad2af287ef942632833d21f946c6260c33fae6172b60006e86e4a6911753a2"); + unhex(client_keypair_x.seckey.secret_key, + "b825a3719147bcbe5fb1d0b0fcb9c09e51948048e2e3283d2ab7b45b5ef38b49"); + unhex(client_keypair_x.pubkey.public_key, + "252fe9ae91264c91d4ecb8501f79d0387e34ad8ca0f7c995184f7d11d5da4f46"); + unhex(relay_keypair_y.seckey.secret_key, + "4865a5b7689dafd978f529291c7171bc159be076b92186405d13220b80e2a053"); + unhex(relay_keypair_y.pubkey.public_key, + "4bf4814326fdab45ad5184f5518bd7fae25dc59374062698201a50a22954246d"); + + uint8_t client_message[11]; + uint8_t verification[5]; + unhex(client_message, "68656c6c6f20776f726c64"); + unhex(verification, "78797a7a79"); + + // ========= Client handshake 1. + + onion_skin_ntor3_create_nokeygen( + &client_keypair_x, + &relay_id, + &relay_keypair_b.pubkey, + verification, + sizeof(verification), + client_message, + sizeof(client_message), + &client_state, + &onion_skin, + &onion_skin_len); + + const char expect_client_handshake[] = "9fad2af287ef942632833d21f946c6260c" + "33fae6172b60006e86e4a6911753a2f8307a2bc1870b00b828bb74dbb8fd88e632a6375" + "ab3bcd1ae706aaa8b6cdd1d252fe9ae91264c91d4ecb8501f79d0387e34ad8ca0f7c995" + "184f7d11d5da4f463bebd9151fd3b47c180abc9e044d53565f04d82bbb3bebed3d06cea" + "65db8be9c72b68cd461942088502f67"; + + tt_int_op(onion_skin_len, OP_EQ, strlen(expect_client_handshake)/2); + test_memeq_hex(onion_skin, expect_client_handshake); + + // ========= Relay handshake. + + dimap_add_entry(&private_keys, + relay_keypair_b.pubkey.public_key, + &relay_keypair_b); + + int r = onion_skin_ntor3_server_handshake_part1( + private_keys, + &client_keypair_x, + &relay_id, + onion_skin, + onion_skin_len, + verification, + sizeof(verification), + &cm, + &cm_len, + &relay_state); + tt_int_op(r, OP_EQ, 0); + tt_int_op(cm_len, OP_EQ, sizeof(client_message)); + tt_mem_op(cm, OP_EQ, client_message, cm_len); + + uint8_t server_message[10]; + unhex(server_message, "486f6c61204d756e646f"); + + uint8_t server_keys[256]; + onion_skin_ntor3_server_handshake_part2_nokeygen( + &relay_keypair_y, + relay_state, + verification, + sizeof(verification), + server_message, + sizeof(server_message), + &server_handshake, + &server_handshake_len, + server_keys, + sizeof(server_keys)); + + const char expect_server_handshake[] = "4bf4814326fdab45ad5184f5518bd7fae25" + "dc59374062698201a50a22954246d2fc5f8773ca824542bc6cf6f57c7c29bbf4e5476461" + "ab130c5b18ab0a91276651202c3e1e87c0d32054c"; + tt_int_op(server_handshake_len, OP_EQ, strlen(expect_server_handshake)/2); + test_memeq_hex(server_handshake, expect_server_handshake); + + uint8_t expect_keys[256]; + unhex(expect_keys, "9c19b631fd94ed86a817e01f6c80b0743a43f5faebd39cfaa8b00f" + "a8bcc65c3bfeaa403d91acbd68a821bf6ee8504602b094a254392a07737d5662768" + "c7a9fb1b2814bb34780eaee6e867c773e28c212ead563e98a1cd5d5b4576f5ee61c" + "59bde025ff2851bb19b721421694f263818e3531e43a9e4e3e2c661e2ad547d8984" + "caa28ebecd3e4525452299be26b9185a20a90ce1eac20a91f2832d731b54502b097" + "49b5a2a2949292f8cfcbeffb790c7790ed935a9d251e7e336148ea83b063a5618fc" + "ff674a44581585fd22077ca0e52c59a24347a38d1a1ceebddbf238541f226b8f88d" + "0fb9c07a1bcd2ea764bbbb5dacdaf5312a14c0b9e4f06309b0333b4a"); + tt_mem_op(server_keys, OP_EQ, expect_keys, 256); + + // ===== Client handshake 2 + + uint8_t client_keys[256]; + r = onion_ntor3_client_handshake( + client_state, + server_handshake, + server_handshake_len, + verification, + sizeof(verification), + client_keys, + sizeof(client_keys), + &sm, + &sm_len); + + tt_int_op(r, OP_EQ, 0); + tt_int_op(sm_len, OP_EQ, sizeof(server_message)); + tt_mem_op(sm, OP_EQ, server_message, sizeof(server_message)); + tt_mem_op(client_keys, OP_EQ, server_keys, 256); + + done: + tor_free(onion_skin); + tor_free(server_handshake); + tor_free(mem_op_hex_tmp); + ntor3_handshake_state_free(client_state); + ntor3_server_handshake_state_free(relay_state); + tor_free(cm); + tor_free(sm); + dimap_free(private_keys, NULL); +} + +static void +run_full_handshake(circuit_params_t *serv_params_in, + circuit_params_t *client_params_out, + circuit_params_t *serv_params_out) +{ + extend_info_t info = {0}; + uint8_t onionskin[CELL_PAYLOAD_SIZE]; + int onionskin_len = 0; + int reply_len = 0; + onion_handshake_state_t handshake_state = {0}; + server_onion_keys_t server_keys = {0}; + curve25519_keypair_t relay_onion_key; + uint8_t serv_reply[CELL_PAYLOAD_SIZE]; + uint8_t serv_keys[100]; + uint8_t rend_nonce[DIGEST_LEN]; + uint8_t client_keys[CELL_PAYLOAD_SIZE]; + uint8_t rend_auth[DIGEST_LEN]; + + info.exit_supports_congestion_control = 1; + + unhex(relay_onion_key.seckey.secret_key, + "4051daa5921cfa2a1c27b08451324919538e79e788a81b38cbed097a5dff454a"); + unhex(relay_onion_key.pubkey.public_key, + "f8307a2bc1870b00b828bb74dbb8fd88e632a6375ab3bcd1ae706aaa8b6cdd1d"); + + memcpy(&info.curve25519_onion_key, + &relay_onion_key.pubkey, sizeof(info.curve25519_onion_key)); + unhex(info.ed_identity.pubkey, + "9fad2af287ef942632833d21f946c6260c33fae6172b60006e86e4a6911753a2"); + + memcpy(&server_keys.my_ed_identity, &info.ed_identity, + sizeof(server_keys.my_ed_identity)); + + dimap_add_entry(&server_keys.curve25519_key_map, + relay_onion_key.pubkey.public_key, + &relay_onion_key); + + onionskin_len = onion_skin_create(ONION_HANDSHAKE_TYPE_NTOR_V3, &info, + &handshake_state, onionskin, + sizeof(onionskin)); + tt_int_op(onionskin_len, OP_NE, -1); + + server_keys.junk_keypair = &handshake_state.u.ntor3->client_keypair; + + reply_len = onion_skin_server_handshake(ONION_HANDSHAKE_TYPE_NTOR_V3, + onionskin, onionskin_len, + &server_keys, serv_params_in, + serv_reply, sizeof(serv_reply), + serv_keys, sizeof(serv_keys), + rend_nonce, serv_params_out); + tt_int_op(reply_len, OP_NE, -1); + + tt_int_op(onion_skin_client_handshake(ONION_HANDSHAKE_TYPE_NTOR_V3, + &handshake_state, + serv_reply, reply_len, + client_keys, sizeof(client_keys), + rend_auth, client_params_out, + NULL), OP_EQ, 0); + + done: + dimap_free(server_keys.curve25519_key_map, NULL); + ntor3_handshake_state_free(handshake_state.u.ntor3); + + return; +} + +/** + * Test congestion control negotiation logic. + * + * This tests that congestion control is only enabled when both + * client and server agree, via consensus param or torrc. + * + * It also tests that when they agree, they agree on the server's + * version of sendme_inc. + */ +static void +test_ntor3_handshake(void *arg) +{ + (void)arg; + circuit_params_t client_params, serv_params, serv_ns_params; + + serv_ns_params.sendme_inc_cells = congestion_control_sendme_inc(); + + /* client off, serv off -> off */ + serv_ns_params.cc_enabled = 0; + run_full_handshake(&serv_ns_params, &client_params, &serv_params); + tt_int_op(client_params.cc_enabled, OP_EQ, 0); + tt_int_op(serv_params.cc_enabled, OP_EQ, 0); + + /* client off, serv on -> off */ + serv_ns_params.cc_enabled = 1; + run_full_handshake(&serv_ns_params, &client_params, &serv_params); + tt_int_op(client_params.cc_enabled, OP_EQ, 0); + tt_int_op(serv_params.cc_enabled, OP_EQ, 0); + + /* client off + param, serv on -> on */ + serv_ns_params.cc_enabled = 1; + get_options_mutable()->AlwaysCongestionControl = 1; + run_full_handshake(&serv_ns_params, &client_params, &serv_params); + tt_int_op(client_params.cc_enabled, OP_EQ, 1); + tt_int_op(serv_params.cc_enabled, OP_EQ, 1); + + /* client on, serv off -> off */ + serv_ns_params.cc_enabled = 0; + congestion_control_set_cc_enabled(); + run_full_handshake(&serv_ns_params, &client_params, &serv_params); + tt_int_op(client_params.cc_enabled, OP_EQ, 0); + tt_int_op(serv_params.cc_enabled, OP_EQ, 0); + + /* client on, serv on -> on */ + serv_ns_params.cc_enabled = 1; + run_full_handshake(&serv_ns_params, &client_params, &serv_params); + tt_int_op(client_params.cc_enabled, OP_EQ, 1); + tt_int_op(serv_params.cc_enabled, OP_EQ, 1); + + /* client on, serv on, sendme_inc diff -> serv sendme_inc */ + serv_ns_params.cc_enabled = 1; + serv_ns_params.sendme_inc_cells += 1; + run_full_handshake(&serv_ns_params, &client_params, &serv_params); + tt_int_op(client_params.cc_enabled, OP_EQ, 1); + tt_int_op(serv_params.cc_enabled, OP_EQ, 1); + tt_int_op(serv_params.sendme_inc_cells, OP_EQ, + client_params.sendme_inc_cells); + tt_int_op(client_params.sendme_inc_cells, OP_EQ, + serv_ns_params.sendme_inc_cells); + tt_int_op(client_params.sendme_inc_cells, OP_NE, + congestion_control_sendme_inc()); + + done: + return; +} + +struct testcase_t ntor_v3_tests[] = { + { "testvecs", test_ntor3_testvecs, 0, NULL, NULL, }, + { "handshake_negtotiation", test_ntor3_handshake, 0, NULL, NULL, }, + END_OF_TESTCASES, +}; diff --git a/src/test/test_oom.c b/src/test/test_oom.c index 51c237ec2e..7cab0933f7 100644 --- a/src/test/test_oom.c +++ b/src/test/test_oom.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* Unit tests for OOM handling logic */ diff --git a/src/test/test_oos.c b/src/test/test_oos.c index f8c712a6b6..157f3aa9b3 100644 --- a/src/test/test_oos.c +++ b/src/test/test_oos.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* Unit tests for OOS handler */ diff --git a/src/test/test_options.c b/src/test/test_options.c index 714ee4767f..182e6dd572 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONFIG_PRIVATE @@ -302,8 +302,6 @@ test_options_validate(void *arg) "ServerTransportOptions did not parse", LOG_WARN, "\"slingsnappy\" is not a k=v", PH_VALIDATE); - WANT_ERR("DirPort 8080\nDirCache 0", - "DirPort configured but DirCache disabled.", PH_VALIDATE); WANT_ERR("BridgeRelay 1\nDirCache 0", "We're a bridge but DirCache is disabled.", PH_VALIDATE); @@ -1932,18 +1930,6 @@ test_options_validate__publish_server_descriptor(void *ignored) "PublishServerDescriptor line."); tor_free(msg); - free_options_test_data(tdata); - tdata = get_options_test_data("BridgeRelay 1\n" - "DirPort 999\n"); - - mock_clean_saved_logs(); - ret = options_validate(NULL, tdata->opt, &msg); - tt_int_op(ret, OP_EQ, -1); - expect_log_msg("Can't set a DirPort on a bridge " - "relay; disabling DirPort\n"); - tt_assert(!tdata->opt->DirPort_lines); - tt_assert(!tdata->opt->DirPort_set); - done: teardown_capture_of_logs(); policies_free_all(); @@ -2389,14 +2375,6 @@ test_options_validate__rend(void *ignored) "Failed to configure rendezvous options. See logs for details."); tor_free(msg); - free_options_test_data(tdata); - tdata = get_options_test_data("HidServAuth failed\n"); - ret = options_validate(NULL, tdata->opt, &msg); - tt_int_op(ret, OP_EQ, -1); - tt_str_op(msg, OP_EQ, "Failed to configure client authorization for hidden " - "services. See logs for details."); - tor_free(msg); - done: policies_free_all(); teardown_capture_of_logs(); @@ -3464,35 +3442,6 @@ test_options_validate__constrained_sockets(void *ignored) "between 2048 and 262144 in 1024 byte increments."); tor_free(msg); - free_options_test_data(tdata); - tdata = get_options_test_data("ConstrainedSockets 1\n" - "ConstrainedSockSize 2048\n" - "DirPort 999\n" - "DirCache 1\n" - ); - mock_clean_saved_logs(); - ret = options_validate(NULL, tdata->opt, &msg); - tt_int_op(ret, OP_EQ, 0); - expect_log_msg("You have requested constrained " - "socket buffers while also serving directory entries via DirPort." - " It is strongly suggested that you disable serving directory" - " requests when system TCP buffer resources are scarce.\n"); - tor_free(msg); - - free_options_test_data(tdata); - tdata = get_options_test_data("ConstrainedSockets 1\n" - "ConstrainedSockSize 2048\n" - ); - mock_clean_saved_logs(); - ret = options_validate(NULL, tdata->opt, &msg); - tt_int_op(ret, OP_EQ, 0); - expect_no_log_msg( - "You have requested constrained socket buffers while also serving" - " directory entries via DirPort. It is strongly suggested that " - "you disable serving directory requests when system TCP buffer " - "resources are scarce.\n"); - tor_free(msg); - done: policies_free_all(); teardown_capture_of_logs(); diff --git a/src/test/test_options_act.c b/src/test/test_options_act.c index 942584bffd..0044598962 100644 --- a/src/test/test_options_act.c +++ b/src/test/test_options_act.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONFIG_PRIVATE diff --git a/src/test/test_parsecommon.c b/src/test/test_parsecommon.c index 9c22266da1..b32840264e 100644 --- a/src/test/test_parsecommon.c +++ b/src/test/test_parsecommon.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" @@ -326,18 +326,15 @@ test_parsecommon_get_next_token_parse_keys(void *arg) const char *end2 = str2 + strlen(str2); const char **s2 = (const char **)&str2; - token_rule_t rule2 = T01("client-key", C_CLIENT_KEY, NO_ARGS, - NEED_SKEY_1024); - + token_rule_t rule2 = T01("client-key", C_CLIENT_KEY, NO_ARGS, OBJ_OK); token2 = get_next_token(area, s2, end2, &rule2); tt_assert(token2); - tt_int_op(token2->tp, OP_EQ, C_CLIENT_KEY); tt_int_op(token2->n_args, OP_EQ, 0); tt_str_op(token2->object_type, OP_EQ, "RSA PRIVATE KEY"); tt_int_op(token2->object_size, OP_EQ, 608); tt_assert(token2->object_body); - tt_assert(token2->key); + tt_assert(token2->key == NULL); tt_assert(!token->error); done: diff --git a/src/test/test_pem.c b/src/test/test_pem.c index 9772be124b..6397cbddfa 100644 --- a/src/test/test_pem.c +++ b/src/test/test_pem.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_periodic_event.c b/src/test/test_periodic_event.c index d3bc89673b..6a9569ae89 100644 --- a/src/test/test_periodic_event.c +++ b/src/test/test_periodic_event.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_policy.c b/src/test/test_policy.c index 0a0548d161..97606476a6 100644 --- a/src/test/test_policy.c +++ b/src/test/test_policy.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2020, The Tor Project, Inc. */ +/* Copyright (c) 2013-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CONFIG_PRIVATE diff --git a/src/test/test_prob_distr.c b/src/test/test_prob_distr.c index da65a0f26d..0eca435ab5 100644 --- a/src/test/test_prob_distr.c +++ b/src/test/test_prob_distr.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_process.c b/src/test/test_process.c index b5185242d3..fcfbc13431 100644 --- a/src/test/test_process.c +++ b/src/test/test_process.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_process_descs.c b/src/test/test_process_descs.c index 5c2301f873..abcb6ae2fe 100644 --- a/src/test/test_process_descs.c +++ b/src/test/test_process_descs.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -21,9 +21,9 @@ test_process_descs_versions(void *arg) // a non-tor program: don't reject. { "Wombat 0.1.2.3-alpha", false }, // some unsupported versions: reject. + { "Tor 0.2.9.100", true }, { "Tor 0.2.9.4-alpha", true }, { "Tor 0.2.9.5-alpha", true }, - { "Tor 0.2.9.100", true }, { "Tor 0.3.0.0-alpha-dev", true }, { "Tor 0.3.0.2-alpha", true }, { "Tor 0.3.0.5", true }, @@ -34,17 +34,34 @@ test_process_descs_versions(void *arg) { "Tor 0.3.4.100", true }, { "Tor 0.3.5.1-alpha", true }, { "Tor 0.3.5.6-rc", true}, + { "Tor 0.3.5.7", true }, + { "Tor 0.3.5.8", true }, { "Tor 0.4.0.1-alpha", true }, { "Tor 0.4.0.5", true }, { "Tor 0.4.1.1-alpha", true }, { "Tor 0.4.1.4-rc", true }, { "Tor 0.4.1.5", true }, - // new enough to be supported - { "Tor 0.3.5.7", false }, - { "Tor 0.3.5.8", false }, - { "Tor 0.4.2.1-alpha", false }, - { "Tor 0.4.2.4-rc", false }, - { "Tor 0.4.3.0-alpha-dev", false }, + { "Tor 0.4.2.1-alpha", true }, + { "Tor 0.4.2.4-rc", true }, + { "Tor 0.4.2.5", true }, + { "Tor 0.4.3.0-alpha-dev", true }, + { "Tor 0.4.3.8", true }, + { "Tor 0.4.4.9", true }, + + /* The 0.4.5.x series stable is supported. */ + { "Tor 0.4.5.5-rc", true }, + { "Tor 0.4.5.6", false }, + { "Tor 0.4.5.15", false }, + + { "Tor 0.4.6.0-alpha-dev", true }, + { "Tor 0.4.6.1-alpha", true }, + { "Tor 0.4.6.5", true }, + { "Tor 0.4.6.50", true }, /* Non existing one in the 0.4.6 series */ + + { "Tor 0.4.7.0-alpha-dev", false }, + { "Tor 0.4.7.3-alpha", false }, + { "Tor 0.4.7.12", false }, + // Very far in the future { "Tor 100.100.1.5", false }, }; diff --git a/src/test/test_process_slow.c b/src/test/test_process_slow.c index f74d4adc9a..6cb1b01b50 100644 --- a/src/test/test_process_slow.c +++ b/src/test/test_process_slow.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_procmon.c b/src/test/test_procmon.c index 1752008f63..3e459edecc 100644 --- a/src/test/test_procmon.c +++ b/src/test/test_procmon.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_proto_haproxy.c b/src/test/test_proto_haproxy.c index 040354ec1f..dade0d77ca 100644 --- a/src/test/test_proto_haproxy.c +++ b/src/test/test_proto_haproxy.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2019-2020, The Tor Project, Inc. */ +/* Copyright (c) 2019-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_proto_http.c b/src/test/test_proto_http.c index 481d78b2c1..6c859c0cb0 100644 --- a/src/test/test_proto_http.c +++ b/src/test/test_proto_http.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_proto_misc.c b/src/test/test_proto_misc.c index 64bf5c4993..d575b8b3da 100644 --- a/src/test/test_proto_misc.c +++ b/src/test/test_proto_misc.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_protover.c b/src/test/test_protover.c index 16f0279871..9d14fd678a 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define PROTOVER_PRIVATE @@ -23,13 +23,6 @@ static void test_protover_parse(void *arg) { (void) arg; -#ifdef HAVE_RUST - /** This test is disabled on rust builds, because it only exists to test - * internal C functions. */ - tt_skip(); - done: - ; -#else /* !defined(HAVE_RUST) */ char *re_encoded = NULL; const char *orig = "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16"; @@ -64,18 +57,12 @@ test_protover_parse(void *arg) SMARTLIST_FOREACH(elts, proto_entry_t *, ent, proto_entry_free(ent)); smartlist_free(elts); tor_free(re_encoded); -#endif /* defined(HAVE_RUST) */ } static void test_protover_parse_fail(void *arg) { (void)arg; -#ifdef HAVE_RUST - /** This test is disabled on rust builds, because it only exists to test - * internal C functions. */ - tt_skip(); -#else smartlist_t *elts; /* random junk */ @@ -108,7 +95,6 @@ test_protover_parse_fail(void *arg) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); tt_ptr_op(elts, OP_EQ, NULL); -#endif /* defined(HAVE_RUST) */ done: ; } @@ -265,7 +251,7 @@ test_protover_all_supported(void *arg) #endif /* !defined(ALL_BUGS_ARE_FATAL) */ /* Protocol name too long */ -#if !defined(HAVE_RUST) && !defined(ALL_BUGS_ARE_FATAL) +#if !defined(ALL_BUGS_ARE_FATAL) tor_capture_bugs_(1); tt_assert(protover_all_supported( "DoSaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" @@ -273,7 +259,7 @@ test_protover_all_supported(void *arg) "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaa=1-65536", &msg)); tor_end_capture_bugs_(); -#endif /* !defined(HAVE_RUST) && !defined(ALL_BUGS_ARE_FATAL) */ +#endif /* !defined(ALL_BUGS_ARE_FATAL) */ done: tor_end_capture_bugs_(); @@ -370,6 +356,8 @@ test_protover_supports_version(void *arg) #define PROTOVER_FLOWCTRL_V1 1 +#define PROTOVER_RELAY_NTOR_V3 4 + /* Make sure we haven't forgotten any supported protocols */ static void test_protover_supported_protocols(void *arg) @@ -641,7 +629,7 @@ test_protover_vote_roundtrip_ours(void *args) */ #define PROTOVER(proto_string, version_macro) \ (proto_string "=" STR(version_macro)) -#endif +#endif /* defined(COCCI) */ #define DEBUG_PROTOVER(flags) \ STMT_BEGIN \ @@ -658,7 +646,8 @@ test_protover_vote_roundtrip_ours(void *args) "supports_establish_intro_dos_extension: %d,\n" \ "supports_v3_hsdir: %d,\n" \ "supports_v3_rendezvous_point: %d,\n" \ - "supports_hs_setup_padding: %d.", \ + "supports_hs_setup_padding: %d,\n" \ + "supports_congestion_control: %d.", \ (flags).protocols_known, \ (flags).supports_extend2_cells, \ (flags).supports_accepting_ipv6_extends, \ @@ -670,7 +659,8 @@ test_protover_vote_roundtrip_ours(void *args) (flags).supports_establish_intro_dos_extension, \ (flags).supports_v3_hsdir, \ (flags).supports_v3_rendezvous_point, \ - (flags).supports_hs_setup_padding); \ + (flags).supports_hs_setup_padding, \ + (flags).supports_congestion_control); \ STMT_END /* Test that the proto_string version version_macro sets summary_flag. */ diff --git a/src/test/test_pt.c b/src/test/test_pt.c index 893fec3674..07c5032933 100644 --- a/src/test/test_pt.c +++ b/src/test/test_pt.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -233,6 +233,10 @@ test_pt_protocol(void *arg) handle_proxy_line(line, mp); tt_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS); + strlcpy(line,"CMETHOD-ERROR fakename not supported",sizeof(line)); + handle_proxy_line(line, mp); + tt_assert(mp->conf_state == PT_PROTO_ACCEPTING_METHODS); + strlcpy(line,"CMETHODS DONE",sizeof(line)); handle_proxy_line(line, mp); tt_assert(mp->conf_state == PT_PROTO_CONFIGURED); diff --git a/src/test/test_ptr_slow.c b/src/test/test_ptr_slow.c index 25b893c4c0..7f72f0a578 100644 --- a/src/test/test_ptr_slow.c +++ b/src/test/test_ptr_slow.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_pubsub_build.c b/src/test/test_pubsub_build.c index 5f9005926c..288e075144 100644 --- a/src/test/test_pubsub_build.c +++ b/src/test/test_pubsub_build.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define DISPATCH_PRIVATE diff --git a/src/test/test_pubsub_msg.c b/src/test/test_pubsub_msg.c index 3054db885d..566038dd28 100644 --- a/src/test/test_pubsub_msg.c +++ b/src/test/test_pubsub_msg.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define DISPATCH_PRIVATE diff --git a/src/test/test_rebind.sh b/src/test/test_rebind.sh index 879008c1c1..aae2a9a6a0 100755 --- a/src/test/test_rebind.sh +++ b/src/test/test_rebind.sh @@ -46,6 +46,9 @@ if "${TOR_BINARY}" --list-modules | grep -q "relay: no"; then fi tmpdir= +# For some reasons, shellcheck is not seeing that we can call this +# function from the trap below. +# shellcheck disable=SC2317 clean () { if [ -n "$tmpdir" ] && [ -d "$tmpdir" ]; then rm -rf "$tmpdir" diff --git a/src/test/test_relay.c b/src/test/test_relay.c index 8ed29b6282..dbedc021e4 100644 --- a/src/test/test_relay.c +++ b/src/test/test_relay.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CIRCUITBUILD_PRIVATE diff --git a/src/test/test_relaycell.c b/src/test/test_relaycell.c index 6f5bc7e770..05e2b2e347 100644 --- a/src/test/test_relaycell.c +++ b/src/test/test_relaycell.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* Unit tests for handling different kinds of relay cell */ diff --git a/src/test/test_relaycrypt.c b/src/test/test_relaycrypt.c index 737c243e2d..3a615c53a3 100644 --- a/src/test/test_relaycrypt.c +++ b/src/test/test_relaycrypt.c @@ -1,6 +1,6 @@ /* Copyright 2001-2004 Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define CRYPT_PATH_PRIVATE diff --git a/src/test/test_rendcache.c b/src/test/test_rendcache.c deleted file mode 100644 index 06167635c1..0000000000 --- a/src/test/test_rendcache.c +++ /dev/null @@ -1,1248 +0,0 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ -/* See LICENSE for licensing information */ - -#include "orconfig.h" -#include "core/or/or.h" - -#include "test/test.h" -#define RENDCACHE_PRIVATE -#include "feature/rend/rendcache.h" -#include "feature/relay/router.h" -#include "feature/nodelist/routerlist.h" -#include "app/config/config.h" -#include "feature/hs/hs_common.h" - -#include "core/or/extend_info_st.h" -#include "feature/rend/rend_encoded_v2_service_descriptor_st.h" -#include "feature/rend/rend_intro_point_st.h" -#include "feature/rend/rend_service_descriptor_st.h" -#include "feature/nodelist/routerinfo_st.h" - -#include "test/rend_test_helpers.h" -#include "test/log_test_helpers.h" - -static const int RECENT_TIME = -10; -static const int TIME_IN_THE_PAST = -(REND_CACHE_MAX_AGE + \ - REND_CACHE_MAX_SKEW + 60); -static const int TIME_IN_THE_FUTURE = REND_CACHE_MAX_SKEW + 60; - -static void -test_rend_cache_lookup_entry(void *data) -{ - int ret; - rend_data_t *mock_rend_query = NULL; - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - rend_cache_entry_t *entry = NULL; - rend_encoded_v2_service_descriptor_t *desc_holder = NULL; - char *service_id = NULL; - (void)data; - - rend_cache_init(); - - generate_desc(RECENT_TIME, &desc_holder, &service_id, 3); - - ret = rend_cache_lookup_entry("abababababababab", 0, NULL); - tt_int_op(ret, OP_EQ, -ENOENT); - - ret = rend_cache_lookup_entry("invalid query", 2, NULL); - tt_int_op(ret, OP_EQ, -EINVAL); - - ret = rend_cache_lookup_entry("abababababababab", 2, NULL); - tt_int_op(ret, OP_EQ, -ENOENT); - - ret = rend_cache_lookup_entry("abababababababab", 4224, NULL); - tt_int_op(ret, OP_EQ, -ENOENT); - - mock_rend_query = mock_rend_data(service_id); - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - rend_cache_store_v2_desc_as_client(desc_holder->desc_str, desc_id_base32, - mock_rend_query, NULL); - - ret = rend_cache_lookup_entry(service_id, 2, NULL); - tt_int_op(ret, OP_EQ, 0); - - ret = rend_cache_lookup_entry(service_id, 2, &entry); - tt_int_op(ret, OP_EQ, 0); - tt_assert(entry); - tt_int_op(entry->len, OP_EQ, strlen(desc_holder->desc_str)); - tt_str_op(entry->desc, OP_EQ, desc_holder->desc_str); - - done: - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_cache_free_all(); - rend_data_free(mock_rend_query); -} - -static void -test_rend_cache_store_v2_desc_as_client(void *data) -{ - int ret; - rend_data_t *mock_rend_query; - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - rend_cache_entry_t *entry = NULL; - rend_encoded_v2_service_descriptor_t *desc_holder = NULL; - char *service_id = NULL; - char client_cookie[REND_DESC_COOKIE_LEN]; - (void)data; - - rend_cache_init(); - - generate_desc(RECENT_TIME, &desc_holder, &service_id, 3); - - // Test success - mock_rend_query = mock_rend_data(service_id); - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, mock_rend_query, - &entry); - - tt_int_op(ret, OP_EQ, 0); - tt_assert(entry); - tt_int_op(entry->len, OP_EQ, strlen(desc_holder->desc_str)); - tt_str_op(entry->desc, OP_EQ, desc_holder->desc_str); - - // Test various failure modes - - // TODO: a too long desc_id_base32 argument crashes the function - /* ret = rend_cache_store_v2_desc_as_client( */ - /* desc_holder->desc_str, */ - /* "3TOOLONG3TOOLONG3TOOLONG3TOOLONG3TOOLONG3TOOLONG", */ - /* &mock_rend_query, NULL); */ - /* tt_int_op(ret, OP_EQ, -1); */ - - // Test bad base32 failure - // This causes an assertion failure if we're running with assertions. - // But when building without asserts, we can test it. -#ifdef DISABLE_ASSERTS_IN_UNIT_TESTS - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - "!xqunszqnaolrrfmtzgaki7mxelgvkj", mock_rend_query, NULL); - tt_int_op(ret, OP_EQ, -1); -#endif - - // Test invalid descriptor - ret = rend_cache_store_v2_desc_as_client("invalid descriptor", - "3xqunszqnaolrrfmtzgaki7mxelgvkje", mock_rend_query, NULL); - tt_int_op(ret, OP_EQ, -1); - - // TODO: it doesn't seem to be possible to test invalid service ID condition. - // that means it is likely not possible to have that condition without - // earlier conditions failing first (such as signature checking of the desc) - - rend_cache_free_all(); - - // Test mismatch between service ID and onion address - rend_cache_init(); - strncpy(TO_REND_DATA_V2(mock_rend_query)->onion_address, "abc", - REND_SERVICE_ID_LEN_BASE32+1); - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, - mock_rend_query, NULL); - tt_int_op(ret, OP_EQ, -1); - rend_cache_free_all(); - rend_data_free(mock_rend_query); - - // Test incorrect descriptor ID - rend_cache_init(); - mock_rend_query = mock_rend_data(service_id); - char orig = desc_id_base32[0]; - if (desc_id_base32[0] == 'a') - desc_id_base32[0] = 'b'; - else - desc_id_base32[0] = 'a'; - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, mock_rend_query, - NULL); - tt_int_op(ret, OP_EQ, -1); - desc_id_base32[0] = orig; - rend_cache_free_all(); - - // Test too old descriptor - rend_cache_init(); - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_data_free(mock_rend_query); - - generate_desc(TIME_IN_THE_PAST, &desc_holder, &service_id, 3); - mock_rend_query = mock_rend_data(service_id); - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, - mock_rend_query, NULL); - tt_int_op(ret, OP_EQ, -1); - rend_cache_free_all(); - - // Test too new descriptor (in the future) - rend_cache_init(); - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_data_free(mock_rend_query); - - generate_desc(TIME_IN_THE_FUTURE, &desc_holder, &service_id, 3); - mock_rend_query = mock_rend_data(service_id); - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, mock_rend_query, - NULL); - tt_int_op(ret, OP_EQ, -1); - rend_cache_free_all(); - - // Test when a descriptor is already in the cache - rend_cache_init(); - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_data_free(mock_rend_query); - - generate_desc(RECENT_TIME, &desc_holder, &service_id, 3); - mock_rend_query = mock_rend_data(service_id); - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - - rend_cache_store_v2_desc_as_client(desc_holder->desc_str, desc_id_base32, - mock_rend_query, NULL); - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, mock_rend_query, - NULL); - tt_int_op(ret, OP_EQ, 0); - - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, mock_rend_query, - &entry); - tt_int_op(ret, OP_EQ, 0); - tt_assert(entry); - rend_cache_free_all(); - - // Test unsuccessful decrypting of introduction points - rend_cache_init(); - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_data_free(mock_rend_query); - - generate_desc(RECENT_TIME, &desc_holder, &service_id, 3); - mock_rend_query = mock_rend_data(service_id); - TO_REND_DATA_V2(mock_rend_query)->auth_type = REND_BASIC_AUTH; - client_cookie[0] = 'A'; - memcpy(TO_REND_DATA_V2(mock_rend_query)->descriptor_cookie, client_cookie, - REND_DESC_COOKIE_LEN); - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, mock_rend_query, - NULL); - tt_int_op(ret, OP_EQ, 0); - rend_cache_free_all(); - - // Test successful run when we have REND_BASIC_AUTH but not cookie - rend_cache_init(); - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_data_free(mock_rend_query); - - generate_desc(RECENT_TIME, &desc_holder, &service_id, 3); - mock_rend_query = mock_rend_data(service_id); - TO_REND_DATA_V2(mock_rend_query)->auth_type = REND_BASIC_AUTH; - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, mock_rend_query, - NULL); - tt_int_op(ret, OP_EQ, 0); - - rend_cache_free_all(); - - // Test when we have no introduction points - rend_cache_init(); - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_data_free(mock_rend_query); - - generate_desc(RECENT_TIME, &desc_holder, &service_id, 0); - mock_rend_query = mock_rend_data(service_id); - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, mock_rend_query, - NULL); - tt_int_op(ret, OP_EQ, -1); - rend_cache_free_all(); - - // Test when we have too many intro points - rend_cache_init(); - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_data_free(mock_rend_query); - - generate_desc(RECENT_TIME, &desc_holder, &service_id, MAX_INTRO_POINTS+1); - mock_rend_query = mock_rend_data(service_id); - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - ret = rend_cache_store_v2_desc_as_client(desc_holder->desc_str, - desc_id_base32, mock_rend_query, - NULL); - tt_int_op(ret, OP_EQ, -1); - - done: - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_cache_free_all(); - rend_data_free(mock_rend_query); -} - -static void -test_rend_cache_store_v2_desc_as_client_with_different_time(void *data) -{ - int ret; - rend_data_t *mock_rend_query; - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - rend_service_descriptor_t *generated = NULL; - smartlist_t *descs = smartlist_new(); - time_t t; - char *service_id = NULL; - rend_encoded_v2_service_descriptor_t *desc_holder_newer; - rend_encoded_v2_service_descriptor_t *desc_holder_older; - - t = time(NULL); - rend_cache_init(); - - create_descriptor(&generated, &service_id, 3); - - generated->timestamp = t + RECENT_TIME; - rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0, - REND_NO_AUTH, NULL, NULL); - desc_holder_newer = ((rend_encoded_v2_service_descriptor_t *) - smartlist_get(descs, 0)); - smartlist_set(descs, 0, NULL); - - SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d, - rend_encoded_v2_service_descriptor_free(d)); - smartlist_free(descs); - descs = smartlist_new(); - - generated->timestamp = (t + RECENT_TIME) - 20; - rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0, - REND_NO_AUTH, NULL, NULL); - desc_holder_older = ((rend_encoded_v2_service_descriptor_t *) - smartlist_get(descs, 0)); - smartlist_set(descs, 0, NULL); - (void)data; - - // Test when a descriptor is already in the cache and it is newer than the - // one we submit - mock_rend_query = mock_rend_data(service_id); - base32_encode(desc_id_base32, sizeof(desc_id_base32), - desc_holder_newer->desc_id, DIGEST_LEN); - rend_cache_store_v2_desc_as_client(desc_holder_newer->desc_str, - desc_id_base32, mock_rend_query, NULL); - ret = rend_cache_store_v2_desc_as_client(desc_holder_older->desc_str, - desc_id_base32, mock_rend_query, - NULL); - tt_int_op(ret, OP_EQ, 0); - - rend_cache_free_all(); - - // Test when an old descriptor is in the cache and we submit a newer one - rend_cache_init(); - rend_cache_store_v2_desc_as_client(desc_holder_older->desc_str, - desc_id_base32, mock_rend_query, NULL); - ret = rend_cache_store_v2_desc_as_client(desc_holder_newer->desc_str, - desc_id_base32, mock_rend_query, - NULL); - tt_int_op(ret, OP_EQ, 0); - - done: - rend_encoded_v2_service_descriptor_free(desc_holder_newer); - rend_encoded_v2_service_descriptor_free(desc_holder_older); - SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d, - rend_encoded_v2_service_descriptor_free(d)); - smartlist_free(descs); - rend_service_descriptor_free(generated); - tor_free(service_id); - rend_cache_free_all(); - rend_data_free(mock_rend_query); -} - -static const routerinfo_t *rcache_lookup_v2_as_dir_get_my_routerinfo(void); - -static routerinfo_t *mock_routerinfo; - -static const routerinfo_t * -rcache_lookup_v2_as_dir_get_my_routerinfo(void) -{ - if (!mock_routerinfo) { - mock_routerinfo = tor_malloc(sizeof(routerinfo_t)); - } - - return mock_routerinfo; -} - -static void -test_rend_cache_lookup_v2_desc_as_dir(void *data) -{ - int ret; - char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1]; - rend_encoded_v2_service_descriptor_t *desc_holder = NULL; - char *service_id = NULL; - const char *ret_desc = NULL; - - (void)data; - - MOCK(router_get_my_routerinfo, - rcache_lookup_v2_as_dir_get_my_routerinfo); - - rend_cache_init(); - - // Test invalid base32 - ret = rend_cache_lookup_v2_desc_as_dir("!bababababababab", NULL); - tt_int_op(ret, OP_EQ, -1); - - // Test non-existent descriptor but well formed - ret = rend_cache_lookup_v2_desc_as_dir("3xqunszqnaolrrfmtzgaki7mxelgvkje", - NULL); - tt_int_op(ret, OP_EQ, 0); - - // Test existing descriptor - generate_desc(RECENT_TIME, &desc_holder, &service_id, 3); - rend_cache_store_v2_desc_as_dir(desc_holder->desc_str); - base32_encode(desc_id_base32, sizeof(desc_id_base32), desc_holder->desc_id, - DIGEST_LEN); - ret = rend_cache_lookup_v2_desc_as_dir(desc_id_base32, &ret_desc); - tt_int_op(ret, OP_EQ, 1); - tt_assert(ret_desc); - - done: - UNMOCK(router_get_my_routerinfo); - tor_free(mock_routerinfo); - rend_cache_free_all(); - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); -} - -static const routerinfo_t *rcache_store_v2_as_dir_get_my_routerinfo(void); - -static const routerinfo_t * -rcache_store_v2_as_dir_get_my_routerinfo(void) -{ - return mock_routerinfo; -} - -static void -test_rend_cache_store_v2_desc_as_dir(void *data) -{ - (void)data; - int ret; - rend_encoded_v2_service_descriptor_t *desc_holder = NULL; - char *service_id = NULL; - - MOCK(router_get_my_routerinfo, - rcache_store_v2_as_dir_get_my_routerinfo); - - rend_cache_init(); - - // Test when we can't parse the descriptor - mock_routerinfo = tor_malloc(sizeof(routerinfo_t)); - ret = rend_cache_store_v2_desc_as_dir("unparseable"); - tt_int_op(ret, OP_EQ, -1); - - // Test when we have an old descriptor - generate_desc(TIME_IN_THE_PAST, &desc_holder, &service_id, 3); - ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str); - tt_int_op(ret, OP_EQ, 0); - - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - - // Test when we have a descriptor in the future - generate_desc(TIME_IN_THE_FUTURE, &desc_holder, &service_id, 3); - ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str); - tt_int_op(ret, OP_EQ, 0); - - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - - // Test when two descriptors - generate_desc(TIME_IN_THE_FUTURE, &desc_holder, &service_id, 3); - ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str); - tt_int_op(ret, OP_EQ, 0); - - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - - // Test when asking for hidden service statistics HiddenServiceStatistics - rend_cache_purge(); - generate_desc(RECENT_TIME, &desc_holder, &service_id, 3); - get_options_mutable()->HiddenServiceStatistics = 1; - ret = rend_cache_store_v2_desc_as_dir(desc_holder->desc_str); - tt_int_op(ret, OP_EQ, 0); - - done: - UNMOCK(router_get_my_routerinfo); - rend_encoded_v2_service_descriptor_free(desc_holder); - tor_free(service_id); - rend_cache_free_all(); - tor_free(mock_routerinfo); -} - -static void -test_rend_cache_store_v2_desc_as_dir_with_different_time(void *data) -{ - (void)data; - - int ret; - rend_service_descriptor_t *generated = NULL; - smartlist_t *descs = smartlist_new(); - time_t t; - char *service_id = NULL; - rend_encoded_v2_service_descriptor_t *desc_holder_newer; - rend_encoded_v2_service_descriptor_t *desc_holder_older; - - MOCK(router_get_my_routerinfo, - rcache_store_v2_as_dir_get_my_routerinfo); - - rend_cache_init(); - - t = time(NULL); - - create_descriptor(&generated, &service_id, 3); - generated->timestamp = t + RECENT_TIME; - rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0, - REND_NO_AUTH, NULL, NULL); - desc_holder_newer = ((rend_encoded_v2_service_descriptor_t *) - smartlist_get(descs, 0)); - smartlist_set(descs, 0, NULL); - SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d, - rend_encoded_v2_service_descriptor_free(d)); - smartlist_free(descs); - descs = smartlist_new(); - - generated->timestamp = (t + RECENT_TIME) - 20; - rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0, - REND_NO_AUTH, NULL, NULL); - desc_holder_older = ((rend_encoded_v2_service_descriptor_t *) - smartlist_get(descs, 0)); - smartlist_set(descs, 0, NULL); - - // Test when we have a newer descriptor stored - mock_routerinfo = tor_malloc(sizeof(routerinfo_t)); - rend_cache_store_v2_desc_as_dir(desc_holder_newer->desc_str); - ret = rend_cache_store_v2_desc_as_dir(desc_holder_older->desc_str); - tt_int_op(ret, OP_EQ, 0); - - // Test when we have an old descriptor stored - rend_cache_purge(); - rend_cache_store_v2_desc_as_dir(desc_holder_older->desc_str); - ret = rend_cache_store_v2_desc_as_dir(desc_holder_newer->desc_str); - tt_int_op(ret, OP_EQ, 0); - - done: - UNMOCK(router_get_my_routerinfo); - rend_cache_free_all(); - rend_service_descriptor_free(generated); - tor_free(service_id); - SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d, - rend_encoded_v2_service_descriptor_free(d)); - smartlist_free(descs); - rend_encoded_v2_service_descriptor_free(desc_holder_newer); - rend_encoded_v2_service_descriptor_free(desc_holder_older); - tor_free(mock_routerinfo); -} - -static void -test_rend_cache_store_v2_desc_as_dir_with_different_content(void *data) -{ - (void)data; - - int ret; - rend_service_descriptor_t *generated = NULL; - smartlist_t *descs = smartlist_new(); - time_t t; - char *service_id = NULL; - rend_encoded_v2_service_descriptor_t *desc_holder_one = NULL; - rend_encoded_v2_service_descriptor_t *desc_holder_two = NULL; - - MOCK(router_get_my_routerinfo, - rcache_store_v2_as_dir_get_my_routerinfo); - - rend_cache_init(); - - t = time(NULL); - - create_descriptor(&generated, &service_id, 3); - generated->timestamp = t + RECENT_TIME; - rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0, - REND_NO_AUTH, NULL, NULL); - desc_holder_one = ((rend_encoded_v2_service_descriptor_t *) - smartlist_get(descs, 0)); - smartlist_set(descs, 0, NULL); - - SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d, - rend_encoded_v2_service_descriptor_free(d)); - smartlist_free(descs); - descs = smartlist_new(); - - generated->timestamp = t + RECENT_TIME; - generated->protocols = 41; - rend_encode_v2_descriptors(descs, generated, t + RECENT_TIME, 0, - REND_NO_AUTH, NULL, NULL); - desc_holder_two = ((rend_encoded_v2_service_descriptor_t *) - smartlist_get(descs, 0)); - smartlist_set(descs, 0, NULL); - - // Test when we have another descriptor stored, with a different descriptor - mock_routerinfo = tor_malloc(sizeof(routerinfo_t)); - rend_cache_store_v2_desc_as_dir(desc_holder_one->desc_str); - ret = rend_cache_store_v2_desc_as_dir(desc_holder_two->desc_str); - tt_int_op(ret, OP_EQ, 0); - - done: - UNMOCK(router_get_my_routerinfo); - rend_cache_free_all(); - rend_service_descriptor_free(generated); - tor_free(service_id); - SMARTLIST_FOREACH(descs, rend_encoded_v2_service_descriptor_t *, d, - rend_encoded_v2_service_descriptor_free(d)); - smartlist_free(descs); - rend_encoded_v2_service_descriptor_free(desc_holder_one); - rend_encoded_v2_service_descriptor_free(desc_holder_two); -} - -static void -test_rend_cache_init(void *data) -{ - (void)data; - - tt_assert_msg(!rend_cache, "rend_cache should be NULL when starting"); - tt_assert_msg(!rend_cache_v2_dir, "rend_cache_v2_dir should be NULL " - "when starting"); - tt_assert_msg(!rend_cache_failure, "rend_cache_failure should be NULL when " - "starting"); - - rend_cache_init(); - - tt_assert_msg(rend_cache, "rend_cache should not be NULL after initing"); - tt_assert_msg(rend_cache_v2_dir, "rend_cache_v2_dir should not be NULL " - "after initing"); - tt_assert_msg(rend_cache_failure, "rend_cache_failure should not be NULL " - "after initing"); - - tt_int_op(strmap_size(rend_cache), OP_EQ, 0); - tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0); - tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_decrement_allocation(void *data) -{ - (void)data; - - // Test when the cache has enough allocations - rend_cache_total_allocation = 10; - rend_cache_decrement_allocation(3); - tt_int_op(rend_cache_total_allocation, OP_EQ, 7); - - // Test when there are not enough allocations - rend_cache_total_allocation = 1; - setup_full_capture_of_logs(LOG_WARN); - rend_cache_decrement_allocation(2); - tt_int_op(rend_cache_total_allocation, OP_EQ, 0); - expect_single_log_msg_containing( - "Underflow in rend_cache_decrement_allocation"); - teardown_capture_of_logs(); - - // And again - rend_cache_decrement_allocation(2); - tt_int_op(rend_cache_total_allocation, OP_EQ, 0); - - done: - teardown_capture_of_logs(); -} - -static void -test_rend_cache_increment_allocation(void *data) -{ - (void)data; - - // Test when the cache is not overflowing - rend_cache_total_allocation = 5; - rend_cache_increment_allocation(3); - tt_int_op(rend_cache_total_allocation, OP_EQ, 8); - - // Test when there are too many allocations - rend_cache_total_allocation = SIZE_MAX-1; - setup_full_capture_of_logs(LOG_WARN); - rend_cache_increment_allocation(2); - tt_u64_op(rend_cache_total_allocation, OP_EQ, SIZE_MAX); - expect_single_log_msg_containing( - "Overflow in rend_cache_increment_allocation"); - teardown_capture_of_logs(); - - // And again - rend_cache_increment_allocation(2); - tt_u64_op(rend_cache_total_allocation, OP_EQ, SIZE_MAX); - - done: - teardown_capture_of_logs(); -} - -static void -test_rend_cache_failure_intro_entry_new(void *data) -{ - time_t now; - rend_cache_failure_intro_t *entry; - rend_intro_point_failure_t failure; - - (void)data; - - failure = INTRO_POINT_FAILURE_TIMEOUT; - now = time(NULL); - entry = rend_cache_failure_intro_entry_new(failure); - - tt_int_op(entry->failure_type, OP_EQ, INTRO_POINT_FAILURE_TIMEOUT); - tt_int_op(entry->created_ts, OP_GE, now-5); - tt_int_op(entry->created_ts, OP_LE, now+5); - - done: - tor_free(entry); -} - -static void -test_rend_cache_failure_intro_lookup(void *data) -{ - (void)data; - int ret; - rend_cache_failure_t *failure; - rend_cache_failure_intro_t *ip; - rend_cache_failure_intro_t *entry; - const char key_ip_one[DIGEST_LEN] = "ip1"; - const char key_ip_two[DIGEST_LEN] = "ip2"; - const char key_foo[DIGEST_LEN] = "foo1"; - - rend_cache_init(); - - failure = rend_cache_failure_entry_new(); - ip = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT); - digestmap_set(failure->intro_failures, key_ip_one, ip); - strmap_set_lc(rend_cache_failure, "foo1", failure); - - // Test not found - ret = cache_failure_intro_lookup((const uint8_t *) key_foo, "foo2", NULL); - tt_int_op(ret, OP_EQ, 0); - - // Test found with no intro failures in it - ret = cache_failure_intro_lookup((const uint8_t *) key_ip_two, "foo1", NULL); - tt_int_op(ret, OP_EQ, 0); - - // Test found - ret = cache_failure_intro_lookup((const uint8_t *) key_ip_one, "foo1", NULL); - tt_int_op(ret, OP_EQ, 1); - - // Test found and asking for entry - cache_failure_intro_lookup((const uint8_t *) key_ip_one, "foo1", &entry); - tt_assert(entry); - tt_assert(entry == ip); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_clean(void *data) -{ - rend_cache_entry_t *one, *two; - rend_service_descriptor_t *desc_one, *desc_two; - strmap_iter_t *iter = NULL; - const char *key; - void *val; - - (void)data; - - rend_cache_init(); - - // Test with empty rendcache - rend_cache_clean(time(NULL), REND_CACHE_TYPE_CLIENT); - tt_int_op(strmap_size(rend_cache), OP_EQ, 0); - - // Test with two old entries - one = tor_malloc_zero(sizeof(rend_cache_entry_t)); - two = tor_malloc_zero(sizeof(rend_cache_entry_t)); - desc_one = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - desc_two = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - one->parsed = desc_one; - two->parsed = desc_two; - - desc_one->timestamp = time(NULL) + TIME_IN_THE_PAST; - desc_two->timestamp = (time(NULL) + TIME_IN_THE_PAST) - 10; - desc_one->pk = pk_generate(0); - desc_two->pk = pk_generate(1); - - strmap_set_lc(rend_cache, "foo1", one); - rend_cache_increment_allocation(rend_cache_entry_allocation(one)); - strmap_set_lc(rend_cache, "foo2", two); - rend_cache_increment_allocation(rend_cache_entry_allocation(two)); - - rend_cache_clean(time(NULL), REND_CACHE_TYPE_CLIENT); - tt_int_op(strmap_size(rend_cache), OP_EQ, 0); - - // Test with one old entry and one newer entry - one = tor_malloc_zero(sizeof(rend_cache_entry_t)); - two = tor_malloc_zero(sizeof(rend_cache_entry_t)); - desc_one = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - desc_two = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - one->parsed = desc_one; - two->parsed = desc_two; - - desc_one->timestamp = (time(NULL) + TIME_IN_THE_PAST) - 10; - desc_two->timestamp = time(NULL) - 100; - desc_one->pk = pk_generate(0); - desc_two->pk = pk_generate(1); - - rend_cache_increment_allocation(rend_cache_entry_allocation(one)); - strmap_set_lc(rend_cache, "foo1", one); - rend_cache_increment_allocation(rend_cache_entry_allocation(two)); - strmap_set_lc(rend_cache, "foo2", two); - - rend_cache_clean(time(NULL), REND_CACHE_TYPE_CLIENT); - tt_int_op(strmap_size(rend_cache), OP_EQ, 1); - - iter = strmap_iter_init(rend_cache); - strmap_iter_get(iter, &key, &val); - tt_str_op(key, OP_EQ, "foo2"); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_failure_entry_new(void *data) -{ - rend_cache_failure_t *failure; - - (void)data; - - failure = rend_cache_failure_entry_new(); - tt_assert(failure); - tt_int_op(digestmap_size(failure->intro_failures), OP_EQ, 0); - - done: - rend_cache_failure_entry_free(failure); -} - -static void -test_rend_cache_failure_entry_free(void *data) -{ - (void)data; - - // Test that it can deal with a NULL argument - rend_cache_failure_entry_free_(NULL); - - /* done: */ - /* (void)0; */ -} - -static void -test_rend_cache_failure_clean(void *data) -{ - rend_cache_failure_t *failure; - rend_cache_failure_intro_t *ip_one, *ip_two; - - const char key_one[DIGEST_LEN] = "ip1"; - const char key_two[DIGEST_LEN] = "ip2"; - - (void)data; - - rend_cache_init(); - - // Test with empty failure cache - rend_cache_failure_clean(time(NULL)); - tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0); - - // Test with one empty failure entry - failure = rend_cache_failure_entry_new(); - strmap_set_lc(rend_cache_failure, "foo1", failure); - rend_cache_failure_clean(time(NULL)); - tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0); - - // Test with one new intro point - failure = rend_cache_failure_entry_new(); - ip_one = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT); - digestmap_set(failure->intro_failures, key_one, ip_one); - strmap_set_lc(rend_cache_failure, "foo1", failure); - rend_cache_failure_clean(time(NULL)); - tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 1); - - // Test with one old intro point - rend_cache_failure_purge(); - failure = rend_cache_failure_entry_new(); - ip_one = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT); - ip_one->created_ts = time(NULL) - 7*60; - digestmap_set(failure->intro_failures, key_one, ip_one); - strmap_set_lc(rend_cache_failure, "foo1", failure); - rend_cache_failure_clean(time(NULL)); - tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0); - - // Test with one old intro point and one new one - rend_cache_failure_purge(); - failure = rend_cache_failure_entry_new(); - ip_one = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT); - ip_one->created_ts = time(NULL) - 7*60; - digestmap_set(failure->intro_failures, key_one, ip_one); - ip_two = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT); - ip_two->created_ts = time(NULL) - 2*60; - digestmap_set(failure->intro_failures, key_two, ip_two); - strmap_set_lc(rend_cache_failure, "foo1", failure); - rend_cache_failure_clean(time(NULL)); - tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 1); - tt_int_op(digestmap_size(failure->intro_failures), OP_EQ, 1); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_failure_remove(void *data) -{ - rend_service_descriptor_t *desc; - (void)data; - - rend_cache_init(); - - // Test that it deals well with a NULL desc - rend_cache_failure_remove(NULL); - - // Test a descriptor that isn't in the cache - desc = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - desc->pk = pk_generate(0); - rend_cache_failure_remove(desc); - - // There seems to not exist any way of getting rend_cache_failure_remove() - // to fail because of a problem with rend_get_service_id from here - rend_cache_free_all(); - - rend_service_descriptor_free(desc); - /* done: */ - /* (void)0; */ -} - -static void -test_rend_cache_free_all(void *data) -{ - rend_cache_failure_t *failure; - rend_cache_entry_t *one; - rend_service_descriptor_t *desc_one; - - (void)data; - - rend_cache_init(); - - failure = rend_cache_failure_entry_new(); - strmap_set_lc(rend_cache_failure, "foo1", failure); - - one = tor_malloc_zero(sizeof(rend_cache_entry_t)); - desc_one = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - one->parsed = desc_one; - desc_one->timestamp = time(NULL) + TIME_IN_THE_PAST; - desc_one->pk = pk_generate(0); - rend_cache_increment_allocation(rend_cache_entry_allocation(one)); - strmap_set_lc(rend_cache, "foo1", one); - - rend_cache_free_all(); - - tt_ptr_op(rend_cache, OP_EQ, NULL); - tt_ptr_op(rend_cache_v2_dir, OP_EQ, NULL); - tt_ptr_op(rend_cache_failure, OP_EQ, NULL); - tt_assert(!rend_cache_total_allocation); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_entry_free(void *data) -{ - (void)data; - rend_cache_entry_t *e; - - // Handles NULL correctly - rend_cache_entry_free_(NULL); - - // Handles NULL descriptor correctly - e = tor_malloc_zero(sizeof(rend_cache_entry_t)); - rend_cache_increment_allocation(rend_cache_entry_allocation(e)); - rend_cache_entry_free(e); - - // Handles non-NULL descriptor correctly - e = tor_malloc_zero(sizeof(rend_cache_entry_t)); - e->desc = tor_malloc(10); - rend_cache_increment_allocation(rend_cache_entry_allocation(e)); - rend_cache_entry_free(e); - - /* done: */ - /* (void)0; */ -} - -static void -test_rend_cache_purge(void *data) -{ - (void)data; - - // Deals with a NULL rend_cache - rend_cache_purge(); - tt_assert(rend_cache); - tt_assert(strmap_size(rend_cache) == 0); - - // Deals with existing rend_cache - rend_cache_free_all(); - rend_cache_init(); - tt_assert(rend_cache); - tt_assert(strmap_size(rend_cache) == 0); - - rend_cache_purge(); - tt_assert(rend_cache); - tt_assert(strmap_size(rend_cache) == 0); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_failure_intro_add(void *data) -{ - (void)data; - rend_cache_failure_t *fail_entry; - rend_cache_failure_intro_t *entry; - const char identity[DIGEST_LEN] = "foo1"; - - rend_cache_init(); - - // Adds non-existing entry - cache_failure_intro_add((const uint8_t *) identity, "foo2", - INTRO_POINT_FAILURE_TIMEOUT); - fail_entry = strmap_get_lc(rend_cache_failure, "foo2"); - tt_assert(fail_entry); - tt_int_op(digestmap_size(fail_entry->intro_failures), OP_EQ, 1); - entry = digestmap_get(fail_entry->intro_failures, identity); - tt_assert(entry); - - // Adds existing entry - cache_failure_intro_add((const uint8_t *) identity, "foo2", - INTRO_POINT_FAILURE_TIMEOUT); - fail_entry = strmap_get_lc(rend_cache_failure, "foo2"); - tt_assert(fail_entry); - tt_int_op(digestmap_size(fail_entry->intro_failures), OP_EQ, 1); - entry = digestmap_get(fail_entry->intro_failures, identity); - tt_assert(entry); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_intro_failure_note(void *data) -{ - (void)data; - rend_cache_failure_t *fail_entry; - rend_cache_failure_intro_t *entry; - const char key[DIGEST_LEN] = "foo1"; - - rend_cache_init(); - - // Test not found - rend_cache_intro_failure_note(INTRO_POINT_FAILURE_TIMEOUT, - (const uint8_t *) key, "foo2"); - fail_entry = strmap_get_lc(rend_cache_failure, "foo2"); - tt_assert(fail_entry); - tt_int_op(digestmap_size(fail_entry->intro_failures), OP_EQ, 1); - entry = digestmap_get(fail_entry->intro_failures, key); - tt_assert(entry); - tt_int_op(entry->failure_type, OP_EQ, INTRO_POINT_FAILURE_TIMEOUT); - - // Test found - rend_cache_intro_failure_note(INTRO_POINT_FAILURE_UNREACHABLE, - (const uint8_t *) key, "foo2"); - tt_int_op(entry->failure_type, OP_EQ, INTRO_POINT_FAILURE_UNREACHABLE); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_clean_v2_descs_as_dir(void *data) -{ - rend_cache_entry_t *e; - time_t now, cutoff; - rend_service_descriptor_t *desc; - now = time(NULL); - cutoff = now - (REND_CACHE_MAX_AGE + REND_CACHE_MAX_SKEW); - const char key[DIGEST_LEN] = "abcde"; - - (void)data; - - rend_cache_init(); - - // Test running with an empty cache - rend_cache_clean_v2_descs_as_dir(cutoff); - tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0); - - // Test with only one new entry - e = tor_malloc_zero(sizeof(rend_cache_entry_t)); - e->last_served = now; - desc = tor_malloc_zero(sizeof(rend_service_descriptor_t)); - desc->timestamp = now; - desc->pk = pk_generate(0); - e->parsed = desc; - rend_cache_increment_allocation(rend_cache_entry_allocation(e)); - digestmap_set(rend_cache_v2_dir, key, e); - - /* Set the cutoff to minus 10 seconds. */ - rend_cache_clean_v2_descs_as_dir(cutoff - 10); - tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 1); - - // Test with one old entry - desc->timestamp = cutoff - 1000; - rend_cache_clean_v2_descs_as_dir(cutoff); - tt_int_op(digestmap_size(rend_cache_v2_dir), OP_EQ, 0); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_entry_allocation(void *data) -{ - (void)data; - - size_t ret; - rend_cache_entry_t *e = NULL; - - // Handles a null argument - ret = rend_cache_entry_allocation(NULL); - tt_int_op(ret, OP_EQ, 0); - - // Handles a non-null argument - e = tor_malloc_zero(sizeof(rend_cache_entry_t)); - ret = rend_cache_entry_allocation(e); - tt_int_op(ret, OP_GT, sizeof(rend_cache_entry_t)); - - done: - tor_free(e); -} - -static void -test_rend_cache_failure_intro_entry_free(void *data) -{ - (void)data; - rend_cache_failure_intro_t *entry; - - // Handles a null argument - rend_cache_failure_intro_entry_free_(NULL); - - // Handles a non-null argument - entry = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT); - rend_cache_failure_intro_entry_free(entry); -} - -static void -test_rend_cache_failure_purge(void *data) -{ - (void)data; - - // Handles a null failure cache - strmap_free(rend_cache_failure, rend_cache_failure_entry_free_void); - rend_cache_failure = NULL; - - rend_cache_failure_purge(); - - tt_ptr_op(rend_cache_failure, OP_NE, NULL); - tt_int_op(strmap_size(rend_cache_failure), OP_EQ, 0); - - done: - rend_cache_free_all(); -} - -static void -test_rend_cache_validate_intro_point_failure(void *data) -{ - (void)data; - rend_service_descriptor_t *desc = NULL; - char *service_id = NULL; - rend_intro_point_t *intro = NULL; - const char *identity = NULL; - rend_cache_failure_t *failure; - rend_cache_failure_intro_t *ip; - - rend_cache_init(); - - create_descriptor(&desc, &service_id, 3); - desc->timestamp = time(NULL) + RECENT_TIME; - - intro = (rend_intro_point_t *)smartlist_get(desc->intro_nodes, 0); - identity = intro->extend_info->identity_digest; - - failure = rend_cache_failure_entry_new(); - ip = rend_cache_failure_intro_entry_new(INTRO_POINT_FAILURE_TIMEOUT); - digestmap_set(failure->intro_failures, identity, ip); - strmap_set_lc(rend_cache_failure, service_id, failure); - - // Test when we have an intro point in our cache - validate_intro_point_failure(desc, service_id); - tt_int_op(smartlist_len(desc->intro_nodes), OP_EQ, 2); - - done: - rend_cache_free_all(); - rend_service_descriptor_free(desc); - tor_free(service_id); -} - -struct testcase_t rend_cache_tests[] = { - { "init", test_rend_cache_init, 0, NULL, NULL }, - { "decrement_allocation", test_rend_cache_decrement_allocation, 0, - NULL, NULL }, - { "increment_allocation", test_rend_cache_increment_allocation, 0, - NULL, NULL }, - { "clean", test_rend_cache_clean, TT_FORK, NULL, NULL }, - { "clean_v2_descs_as_dir", test_rend_cache_clean_v2_descs_as_dir, 0, - NULL, NULL }, - { "entry_allocation", test_rend_cache_entry_allocation, 0, NULL, NULL }, - { "entry_free", test_rend_cache_entry_free, 0, NULL, NULL }, - { "failure_intro_entry_free", test_rend_cache_failure_intro_entry_free, 0, - NULL, NULL }, - { "free_all", test_rend_cache_free_all, 0, NULL, NULL }, - { "purge", test_rend_cache_purge, 0, NULL, NULL }, - { "failure_clean", test_rend_cache_failure_clean, 0, NULL, NULL }, - { "failure_entry_new", test_rend_cache_failure_entry_new, 0, NULL, NULL }, - { "failure_entry_free", test_rend_cache_failure_entry_free, 0, NULL, NULL }, - { "failure_intro_add", test_rend_cache_failure_intro_add, 0, NULL, NULL }, - { "failure_intro_entry_new", test_rend_cache_failure_intro_entry_new, 0, - NULL, NULL }, - { "failure_intro_lookup", test_rend_cache_failure_intro_lookup, 0, - NULL, NULL }, - { "failure_purge", test_rend_cache_failure_purge, 0, NULL, NULL }, - { "failure_remove", test_rend_cache_failure_remove, 0, NULL, NULL }, - { "intro_failure_note", test_rend_cache_intro_failure_note, 0, NULL, NULL }, - { "lookup", test_rend_cache_lookup_entry, 0, NULL, NULL }, - { "lookup_v2_desc_as_dir", test_rend_cache_lookup_v2_desc_as_dir, 0, - NULL, NULL }, - { "store_v2_desc_as_client", test_rend_cache_store_v2_desc_as_client, 0, - NULL, NULL }, - { "store_v2_desc_as_client_with_different_time", - test_rend_cache_store_v2_desc_as_client_with_different_time, 0, - NULL, NULL }, - { "store_v2_desc_as_dir", test_rend_cache_store_v2_desc_as_dir, 0, - NULL, NULL }, - { "store_v2_desc_as_dir_with_different_time", - test_rend_cache_store_v2_desc_as_dir_with_different_time, 0, NULL, NULL }, - { "store_v2_desc_as_dir_with_different_content", - test_rend_cache_store_v2_desc_as_dir_with_different_content, 0, - NULL, NULL }, - { "validate_intro_point_failure", - test_rend_cache_validate_intro_point_failure, 0, NULL, NULL }, - END_OF_TESTCASES -}; diff --git a/src/test/test_replay.c b/src/test/test_replay.c index 1487b0a29d..e21ab5eca3 100644 --- a/src/test/test_replay.c +++ b/src/test/test_replay.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2012-2020, The Tor Project, Inc. */ +/* Copyright (c) 2012-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define REPLAYCACHE_PRIVATE diff --git a/src/test/test_rng.c b/src/test/test_rng.c index ebaffb74f5..6b830eda15 100644 --- a/src/test/test_rng.c +++ b/src/test/test_rng.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* diff --git a/src/test/test_router.c b/src/test/test_router.c index 895178f788..15cc93fbfc 100644 --- a/src/test/test_router.c +++ b/src/test/test_router.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* Copyright (c) 2017, isis agora lovecruft */ /* See LICENSE for licensing information */ diff --git a/src/test/test_routerkeys.c b/src/test/test_routerkeys.c index e5314046b9..1ff05d57c3 100644 --- a/src/test/test_routerkeys.c +++ b/src/test/test_routerkeys.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c index c7b65006f0..aaa647710a 100644 --- a/src/test/test_routerlist.c +++ b/src/test/test_routerlist.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_routerset.c b/src/test/test_routerset.c index d00eefa23f..aff6bcb9c2 100644 --- a/src/test/test_routerset.c +++ b/src/test/test_routerset.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define ROUTERSET_PRIVATE diff --git a/src/test/test_rust.sh b/src/test/test_rust.sh deleted file mode 100755 index 804d2ada36..0000000000 --- a/src/test/test_rust.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -# Test all Rust crates - -set -e - -export LSAN_OPTIONS=suppressions=${abs_top_srcdir:-../../..}/src/test/rust_supp.txt - -# When testing Cargo we pass a number of very specific linker flags down -# through Cargo. We do not, however, want these flags to affect things like -# build scripts, only the tests that we're compiling. To ensure this happens -# we unconditionally pass `--target` into Cargo, ensuring that `RUSTFLAGS` in -# the environment won't make their way into build scripts. -rustc_host=$(rustc -vV | grep host | sed 's/host: //') - -for cargo_toml_dir in "${abs_top_srcdir:-../../..}"/src/rust/*; do - if [ -e "${cargo_toml_dir}/Cargo.toml" ]; then - # shellcheck disable=SC2086 - cd "${abs_top_builddir:-../../..}/src/rust" && \ - CARGO_TARGET_DIR="${abs_top_builddir:-../../..}/src/rust/target" \ - "${CARGO:-cargo}" test "${CARGO_ONLINE-'--frozen'}" \ - --features "test_linking_hack" \ - --target "$rustc_host" \ - ${EXTRA_CARGO_OPTIONS} \ - --manifest-path "${cargo_toml_dir}/Cargo.toml" || exitcode=1 - fi -done - -exit $exitcode diff --git a/src/test/test_sandbox.c b/src/test/test_sandbox.c new file mode 100644 index 0000000000..7ec08a3546 --- /dev/null +++ b/src/test/test_sandbox.c @@ -0,0 +1,349 @@ +/* Copyright (c) 2021, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef _LARGEFILE64_SOURCE +/** + * Temporarily required for O_LARGEFILE flag. Needs to be removed + * with the libevent fix. + */ +#define _LARGEFILE64_SOURCE +#endif /* !defined(_LARGEFILE64_SOURCE) */ + +#include "orconfig.h" + +#include "lib/sandbox/sandbox.h" + +#ifdef USE_LIBSECCOMP + +#include <dirent.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#include "core/or/or.h" + +#include "test/test.h" +#include "test/log_test_helpers.h" + +typedef struct { + sandbox_cfg_t *cfg; + + char *file_ops_allowed; + char *file_ops_blocked; + + char *file_rename_target_allowed; + + char *dir_ops_allowed; + char *dir_ops_blocked; +} sandbox_data_t; + +/* All tests are skipped when coverage support is enabled (see further below) + * as the sandbox interferes with the use of gcov. Prevent a compiler warning + * by omitting these definitions in that case. */ +#ifndef ENABLE_COVERAGE +static void * +setup_sandbox(const struct testcase_t *testcase) +{ + sandbox_data_t *data = tor_malloc_zero(sizeof(*data)); + + (void)testcase; + + /* Establish common file and directory names within the test suite's + * temporary directory. */ + data->file_ops_allowed = tor_strdup(get_fname("file_ops_allowed")); + data->file_ops_blocked = tor_strdup(get_fname("file_ops_blocked")); + + data->file_rename_target_allowed = + tor_strdup(get_fname("file_rename_target_allowed")); + + data->dir_ops_allowed = tor_strdup(get_fname("dir_ops_allowed")); + data->dir_ops_blocked = tor_strdup(get_fname("dir_ops_blocked")); + + /* Create the corresponding filesystem objects. */ + creat(data->file_ops_allowed, S_IRWXU); + creat(data->file_ops_blocked, S_IRWXU); + mkdir(data->dir_ops_allowed, S_IRWXU); + mkdir(data->dir_ops_blocked, S_IRWXU); + + /* Create the sandbox configuration. */ + data->cfg = sandbox_cfg_new(); + + sandbox_cfg_allow_open_filename(&data->cfg, + tor_strdup(data->file_ops_allowed)); + sandbox_cfg_allow_open_filename(&data->cfg, + tor_strdup(data->dir_ops_allowed)); + + sandbox_cfg_allow_chmod_filename(&data->cfg, + tor_strdup(data->file_ops_allowed)); + sandbox_cfg_allow_chmod_filename(&data->cfg, + tor_strdup(data->dir_ops_allowed)); + sandbox_cfg_allow_chown_filename(&data->cfg, + tor_strdup(data->file_ops_allowed)); + sandbox_cfg_allow_chown_filename(&data->cfg, + tor_strdup(data->dir_ops_allowed)); + + sandbox_cfg_allow_rename(&data->cfg, tor_strdup(data->file_ops_allowed), + tor_strdup(data->file_rename_target_allowed)); + + sandbox_cfg_allow_openat_filename(&data->cfg, + tor_strdup(data->dir_ops_allowed)); + + sandbox_cfg_allow_opendir_dirname(&data->cfg, + tor_strdup(data->dir_ops_allowed)); + + sandbox_cfg_allow_stat_filename(&data->cfg, + tor_strdup(data->file_ops_allowed)); + sandbox_cfg_allow_stat_filename(&data->cfg, + tor_strdup(data->dir_ops_allowed)); + + /* Activate the sandbox, which will remain in effect until the process + * terminates. */ + sandbox_init(data->cfg); + + return data; +} + +static int +cleanup_sandbox(const struct testcase_t *testcase, void *data_) +{ + sandbox_data_t *data = data_; + + (void)testcase; + + tor_free(data->dir_ops_blocked); + tor_free(data->dir_ops_allowed); + tor_free(data->file_rename_target_allowed); + tor_free(data->file_ops_blocked); + tor_free(data->file_ops_allowed); + + tor_free(data); + + return 1; +} + +static const struct testcase_setup_t sandboxed_testcase_setup = { + .setup_fn = setup_sandbox, + .cleanup_fn = cleanup_sandbox +}; +#endif /* !defined(ENABLE_COVERAGE) */ + +static void +test_sandbox_is_active(void *ignored) +{ + (void)ignored; + + tt_assert(!sandbox_is_active()); + + sandbox_init(sandbox_cfg_new()); + tt_assert(sandbox_is_active()); + + done: + (void)0; +} + +static void +test_sandbox_open_filename(void *arg) +{ + sandbox_data_t *data = arg; + int fd, errsv; + + fd = open(sandbox_intern_string(data->file_ops_allowed), O_RDONLY); + if (fd == -1) + tt_abort_perror("open"); + close(fd); + + /* It might be nice to use sandbox_intern_string() in the line below as well + * (and likewise in the test cases that follow) but this would require + * capturing the warning message it logs, and the mechanism for doing so + * relies on system calls that are normally blocked by the sandbox and may + * vary across architectures. */ + fd = open(data->file_ops_blocked, O_RDONLY); + errsv = errno; + tt_int_op(fd, OP_EQ, -1); + tt_int_op(errsv, OP_EQ, EPERM); + + done: + if (fd >= 0) + close(fd); +} + +static void +test_sandbox_chmod_filename(void *arg) +{ + sandbox_data_t *data = arg; + int rc, errsv; + + if (chmod(sandbox_intern_string(data->file_ops_allowed), + S_IRUSR | S_IWUSR) != 0) + tt_abort_perror("chmod"); + + rc = chmod(data->file_ops_blocked, S_IRUSR | S_IWUSR); + errsv = errno; + tt_int_op(rc, OP_EQ, -1); + tt_int_op(errsv, OP_EQ, EPERM); + + done: + (void)0; +} + +static void +test_sandbox_chown_filename(void *arg) +{ + sandbox_data_t *data = arg; + int rc, errsv; + + if (chown(sandbox_intern_string(data->file_ops_allowed), -1, -1) != 0) + tt_abort_perror("chown"); + + rc = chown(data->file_ops_blocked, -1, -1); + errsv = errno; + tt_int_op(rc, OP_EQ, -1); + tt_int_op(errsv, OP_EQ, EPERM); + + done: + (void)0; +} + +static void +test_sandbox_rename_filename(void *arg) +{ + sandbox_data_t *data = arg; + const char *fname_old = sandbox_intern_string(data->file_ops_allowed), + *fname_new = sandbox_intern_string(data->file_rename_target_allowed); + int rc, errsv; + + if (rename(fname_old, fname_new) != 0) + tt_abort_perror("rename"); + + rc = rename(fname_new, fname_old); + errsv = errno; + tt_int_op(rc, OP_EQ, -1); + tt_int_op(errsv, OP_EQ, EPERM); + + done: + (void)0; +} + +static void +test_sandbox_openat_filename(void *arg) +{ + sandbox_data_t *data = arg; + int flags = O_RDONLY | O_NONBLOCK | O_LARGEFILE | O_DIRECTORY | O_CLOEXEC; + int fd, errsv; + + fd = openat(AT_FDCWD, sandbox_intern_string(data->dir_ops_allowed), flags); + if (fd < 0) + tt_abort_perror("openat"); + close(fd); + + fd = openat(AT_FDCWD, data->dir_ops_blocked, flags); + errsv = errno; + tt_int_op(fd, OP_EQ, -1); + tt_int_op(errsv, OP_EQ, EPERM); + + done: + if (fd >= 0) + close(fd); +} + +static void +test_sandbox_opendir_dirname(void *arg) +{ + sandbox_data_t *data = arg; + DIR *dir; + int errsv; + + dir = opendir(sandbox_intern_string(data->dir_ops_allowed)); + if (dir == NULL) + tt_abort_perror("opendir"); + closedir(dir); + + dir = opendir(data->dir_ops_blocked); + errsv = errno; + tt_ptr_op(dir, OP_EQ, NULL); + tt_int_op(errsv, OP_EQ, EPERM); + + done: + if (dir) + closedir(dir); +} + +static void +test_sandbox_stat_filename(void *arg) +{ + sandbox_data_t *data = arg; + struct stat st; + + if (stat(sandbox_intern_string(data->file_ops_allowed), &st) != 0) + tt_abort_perror("stat"); + + int rc = stat(data->file_ops_blocked, &st); + int errsv = errno; + tt_int_op(rc, OP_EQ, -1); + tt_int_op(errsv, OP_EQ, EPERM); + + done: + (void)0; +} + +#define SANDBOX_TEST_SKIPPED(name) \ + { #name, test_sandbox_ ## name, TT_SKIP, NULL, NULL } + +/* Skip all tests when coverage support is enabled, as the sandbox interferes + * with gcov and prevents it from producing any results. */ +#ifdef ENABLE_COVERAGE +#define SANDBOX_TEST(name, flags) SANDBOX_TEST_SKIPPED(name) +#define SANDBOX_TEST_IN_SANDBOX(name) SANDBOX_TEST_SKIPPED(name) +#else +#define SANDBOX_TEST(name, flags) \ + { #name, test_sandbox_ ## name, flags, NULL, NULL } +#define SANDBOX_TEST_IN_SANDBOX(name) \ + { #name, test_sandbox_ ## name, TT_FORK, &sandboxed_testcase_setup, NULL } +#endif /* defined(ENABLE_COVERAGE) */ + +struct testcase_t sandbox_tests[] = { + SANDBOX_TEST(is_active, TT_FORK), + +/* When Tor is built with fragile compiler-hardening the sandbox is unable to + * filter requests to open files or directories (on systems where glibc uses + * the "open" system call to provide this functionality), as doing so would + * interfere with the address sanitizer as it retrieves information about the + * running process via the filesystem. Skip these tests in that case as the + * corresponding functions are likely to have no effect and this will cause the + * tests to fail. */ +#ifdef ENABLE_FRAGILE_HARDENING + SANDBOX_TEST_SKIPPED(open_filename), + SANDBOX_TEST_SKIPPED(opendir_dirname), +#else + SANDBOX_TEST_IN_SANDBOX(open_filename), + SANDBOX_TEST_IN_SANDBOX(opendir_dirname), +#endif /* defined(ENABLE_FRAGILE_HARDENING) */ + + SANDBOX_TEST_IN_SANDBOX(openat_filename), + SANDBOX_TEST_IN_SANDBOX(chmod_filename), + SANDBOX_TEST_IN_SANDBOX(chown_filename), + SANDBOX_TEST_IN_SANDBOX(rename_filename), + +/* Currently the sandbox is unable to filter stat() calls on systems where + * glibc implements this function using either of the legacy "stat" or "stat64" + * system calls, or (in glibc version 2.33 and later) either of the newer + * "newfstatat" or "statx" syscalls. + * + * Skip testing sandbox_cfg_allow_stat_filename() if it seems the likely the + * function will have no effect and the test will therefore not succeed. */ +#if !defined(__NR_stat) && !defined(__NR_stat64) && !defined(__NR_newfstatat) \ + && !(defined(__i386__) && defined(__NR_statx)) + SANDBOX_TEST_IN_SANDBOX(stat_filename), +#else + SANDBOX_TEST_SKIPPED(stat_filename), +#endif + END_OF_TESTCASES +}; + +#endif /* defined(USE_SECCOMP) */ diff --git a/src/test/test_scheduler.c b/src/test/test_scheduler.c index 9ec15948e8..7e41a4be25 100644 --- a/src/test/test_scheduler.c +++ b/src/test/test_scheduler.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_sendme.c b/src/test/test_sendme.c index b34c7ae143..ea7ccd0b3c 100644 --- a/src/test/test_sendme.c +++ b/src/test/test_sendme.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /* Unit tests for handling different kinds of relay cell */ @@ -348,6 +348,50 @@ test_package_payload_len(void *arg) tor_free(c); } +/* Check that circuit_sendme_is_next works with a window of 1000, + * and a sendme_inc of 100 (old school tor compat) */ +static void +test_sendme_is_next1000(void *arg) +{ + (void)arg; + tt_int_op(circuit_sendme_cell_is_next(1000, 100), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(999, 100), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(901, 100), OP_EQ, 1); + + tt_int_op(circuit_sendme_cell_is_next(900, 100), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(899, 100), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(801, 100), OP_EQ, 1); + + tt_int_op(circuit_sendme_cell_is_next(101, 100), OP_EQ, 1); + tt_int_op(circuit_sendme_cell_is_next(100, 100), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(99, 100), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(1, 100), OP_EQ, 1); + tt_int_op(circuit_sendme_cell_is_next(0, 100), OP_EQ, 0); + +done: + ; +} + +/* Check that circuit_sendme_is_next works with a window of 31 */ +static void +test_sendme_is_next(void *arg) +{ + (void)arg; + tt_int_op(circuit_sendme_cell_is_next(1000, 31), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(970, 31), OP_EQ, 1); + tt_int_op(circuit_sendme_cell_is_next(969, 31), OP_EQ, 0); + + /* deliver_window should never get this low, but test anyway */ + tt_int_op(circuit_sendme_cell_is_next(9, 31), OP_EQ, 1); + tt_int_op(circuit_sendme_cell_is_next(8, 31), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(7, 31), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(1, 31), OP_EQ, 0); + tt_int_op(circuit_sendme_cell_is_next(0, 31), OP_EQ, 0); + + done: + ; +} + struct testcase_t sendme_tests[] = { { "v1_record_digest", test_v1_record_digest, TT_FORK, NULL, NULL }, @@ -360,6 +404,8 @@ struct testcase_t sendme_tests[] = { { "cell_version_validation", test_cell_version_validation, TT_FORK, NULL, NULL }, { "package_payload_len", test_package_payload_len, 0, NULL, NULL }, + { "sendme_is_next1000", test_sendme_is_next1000, 0, NULL, NULL }, + { "sendme_is_next", test_sendme_is_next, 0, NULL, NULL }, END_OF_TESTCASES }; diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index 678f53234f..c28d5920a3 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2016-2020, The Tor Project, Inc. */ +/* Copyright (c) 2016-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define SHARED_RANDOM_PRIVATE diff --git a/src/test/test_slow.c b/src/test/test_slow.c index 49b1066dac..5f42b43103 100644 --- a/src/test/test_slow.c +++ b/src/test/test_slow.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_socks.c b/src/test/test_socks.c index 4a465c7361..94c772419b 100644 --- a/src/test/test_socks.c +++ b/src/test/test_socks.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/test_statefile.c b/src/test/test_statefile.c index dc9ecfee3e..aedf76a694 100644 --- a/src/test/test_statefile.c +++ b/src/test/test_statefile.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_stats.c b/src/test/test_stats.c index d45afc7b15..22d65b1e54 100644 --- a/src/test/test_stats.c +++ b/src/test/test_stats.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** @@ -12,6 +12,8 @@ #include "lib/crypt_ops/crypto_rand.h" #include "app/config/or_state_st.h" #include "test/rng_test_helpers.h" +#include "feature/hs/hs_cache.h" +#include "test/hs_test_helpers.h" #include <stdio.h> @@ -31,6 +33,7 @@ #define MAINLOOP_PRIVATE #define STATEFILE_PRIVATE #define BWHIST_PRIVATE +#define REPHIST_PRIVATE #define ROUTER_PRIVATE #include "core/or/or.h" @@ -48,6 +51,8 @@ #include "feature/stats/bw_array_st.h" #include "feature/relay/router.h" +#include <event2/dns.h> + /** Run unit tests for some stats code. */ static void test_stats(void *arg) @@ -495,6 +500,133 @@ test_get_bandwidth_lines(void *arg) bwhist_free_all(); } +static bool +mock_should_collect_v3_stats(void) +{ + return true; +} + +/* Test v3 metrics */ +static void +test_rephist_v3_onions(void *arg) +{ + int ret; + + char *stats_string = NULL; + char *desc1_str = NULL; + ed25519_keypair_t signing_kp1; + hs_descriptor_t *desc1 = NULL; + + const hs_v3_stats_t *hs_v3_stats = NULL; + + (void) arg; + + MOCK(should_collect_v3_stats, mock_should_collect_v3_stats); + + get_options_mutable()->HiddenServiceStatistics = 1; + + /* Initialize the subsystems */ + hs_cache_init(); + rep_hist_hs_stats_init(0); + + /* Change time to 03-01-2002 23:36 UTC */ + update_approx_time(1010101010); + + /* HS stats should be zero here */ + hs_v3_stats = rep_hist_get_hs_v3_stats(); + tt_int_op(digest256map_size(hs_v3_stats->v3_onions_seen_this_period), + OP_EQ, 0); + + /* Generate a valid descriptor */ + ret = ed25519_keypair_generate(&signing_kp1, 0); + tt_int_op(ret, OP_EQ, 0); + desc1 = hs_helper_build_hs_desc_with_rev_counter(&signing_kp1, 42); + tt_assert(desc1); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str); + tt_int_op(ret, OP_EQ, 0); + + /* Store descriptor and check that stats got updated */ + ret = hs_cache_store_as_dir(desc1_str); + tt_int_op(ret, OP_EQ, 0); + hs_v3_stats = rep_hist_get_hs_v3_stats(); + tt_int_op(digest256map_size(hs_v3_stats->v3_onions_seen_this_period), + OP_EQ, 1); + + /* cleanup */ + hs_descriptor_free(desc1); + tor_free(desc1_str); + + /* Generate another valid descriptor */ + ret = ed25519_keypair_generate(&signing_kp1, 0); + tt_int_op(ret, OP_EQ, 0); + desc1 = hs_helper_build_hs_desc_with_rev_counter(&signing_kp1, 42); + tt_assert(desc1); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str); + tt_int_op(ret, OP_EQ, 0); + + /* Store descriptor and check that stats are updated */ + ret = hs_cache_store_as_dir(desc1_str); + tt_int_op(ret, OP_EQ, 0); + hs_v3_stats = rep_hist_get_hs_v3_stats(); + tt_int_op(digest256map_size(hs_v3_stats->v3_onions_seen_this_period), + OP_EQ, 2); + + /* Check that storing the same descriptor twice does not work */ + ret = hs_cache_store_as_dir(desc1_str); + tt_int_op(ret, OP_EQ, -1); + + /* cleanup */ + hs_descriptor_free(desc1); + tor_free(desc1_str); + + /* Create a descriptor with the same identity key but diff rev counter and + same blinded key */ + desc1 = hs_helper_build_hs_desc_with_rev_counter(&signing_kp1, 43); + tt_assert(desc1); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str); + tt_int_op(ret, OP_EQ, 0); + + /* Store descriptor and check that stats are updated */ + ret = hs_cache_store_as_dir(desc1_str); + tt_int_op(ret, OP_EQ, 0); + tt_int_op(digest256map_size(hs_v3_stats->v3_onions_seen_this_period), + OP_EQ, 2); + + /* cleanup */ + hs_descriptor_free(desc1); + tor_free(desc1_str); + + /* Now let's skip to four days forward so that the blinded key rolls + forward */ + update_approx_time(approx_time() + 345600); + + /* Now create a descriptor with the same identity key but diff rev counter + and different blinded key */ + desc1 = hs_helper_build_hs_desc_with_rev_counter(&signing_kp1, 44); + tt_assert(desc1); + ret = hs_desc_encode_descriptor(desc1, &signing_kp1, NULL, &desc1_str); + tt_int_op(ret, OP_EQ, 0); + + /* Store descriptor and check that stats are updated */ + ret = hs_cache_store_as_dir(desc1_str); + tt_int_op(ret, OP_EQ, 0); + tt_int_op(digest256map_size(hs_v3_stats->v3_onions_seen_this_period), + OP_EQ, 3); + + /* cleanup */ + hs_descriptor_free(desc1); + tor_free(desc1_str); + + /* Because of differential privacy we can't actually check the stat value, + but let's just check that it's formatted correctly. */ + stats_string = rep_hist_format_hs_stats(approx_time(), true); + tt_assert(strstr(stats_string, "hidserv-dir-v3-onions-seen")); + + done: + UNMOCK(should_collect_v3_stats); + tor_free(stats_string); +} + static void test_load_stats_file(void *arg) { @@ -573,6 +705,227 @@ test_load_stats_file(void *arg) tor_free(content); } +/** Test the overload stats logic. */ +static void +test_overload_stats(void *arg) +{ + time_t current_time = 1010101010; + char *stats_str = NULL; + (void) arg; + + /* Change time to 03-01-2002 23:36 UTC */ + /* This should make the extrainfo timestamp be "2002-01-03 23:00:00" */ + update_approx_time(current_time); + + /* With an empty rephist we shouldn't get anything back */ + stats_str = rep_hist_get_overload_stats_lines(); + tt_assert(!stats_str); + + /* Note an overload */ + rep_hist_note_overload(OVERLOAD_GENERAL); + + /* Move the time forward one hour */ + current_time += 3600; + update_approx_time(current_time); + + /* Now check the string */ + stats_str = rep_hist_get_overload_general_line(); + tt_str_op("overload-general 1 2002-01-03 23:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + /* Move the time forward 72 hours: see that the line has disappeared. */ + current_time += 3600*72; + update_approx_time(current_time); + + stats_str = rep_hist_get_overload_general_line(); + tt_assert(!stats_str); + + /* Now the time should be 2002-01-07 00:00:00 */ + + /* Note an overload */ + rep_hist_note_overload(OVERLOAD_GENERAL); + + stats_str = rep_hist_get_overload_general_line(); + tt_str_op("overload-general 1 2002-01-07 00:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + /* Also note an fd exhaustion event */ + rep_hist_note_overload(OVERLOAD_FD_EXHAUSTED); + + stats_str = rep_hist_get_overload_general_line(); + tt_str_op("overload-general 1 2002-01-07 00:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + stats_str = rep_hist_get_overload_stats_lines(); + tt_str_op("overload-fd-exhausted 1 2002-01-07 00:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + /* Move the time forward. Register overload. See that the time changed */ + current_time += 3600*2; + update_approx_time(current_time); + + rep_hist_note_overload(OVERLOAD_GENERAL); + + stats_str = rep_hist_get_overload_general_line(); + tt_str_op("overload-general 1 2002-01-07 02:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + stats_str = rep_hist_get_overload_stats_lines(); + tt_str_op("overload-fd-exhausted 1 2002-01-07 00:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + /* Move the time forward. Register a bandwidth ratelimit event. See that the + string is added */ + current_time += 3600*2; + update_approx_time(current_time); + + /* Register the rate limit event */ + rep_hist_note_overload(OVERLOAD_READ); + /* Also set some rate limiting values that should be reflected on the log */ + get_options_mutable()->BandwidthRate = 1000; + get_options_mutable()->BandwidthBurst = 2000; + + stats_str = rep_hist_get_overload_general_line(); + tt_str_op("overload-general 1 2002-01-07 02:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + stats_str = rep_hist_get_overload_stats_lines(); + tt_str_op("overload-ratelimits 1 2002-01-07 04:00:00 1000 2000 1 0\n" + "overload-fd-exhausted 1 2002-01-07 00:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + /* Move the time forward 24 hours: no rate limit line anymore. */ + current_time += 3600*24; + update_approx_time(current_time); + + stats_str = rep_hist_get_overload_general_line(); + tt_str_op("overload-general 1 2002-01-07 02:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + stats_str = rep_hist_get_overload_stats_lines(); + tt_str_op("overload-fd-exhausted 1 2002-01-07 00:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + /* Move the time forward 44 hours: no fd exhausted line anymore. */ + current_time += 3600*44; + update_approx_time(current_time); + + stats_str = rep_hist_get_overload_general_line(); + tt_str_op("overload-general 1 2002-01-07 02:00:00\n", OP_EQ, stats_str); + tor_free(stats_str); + + /* Move the time forward 2 hours: there is nothing left. */ + current_time += 3600*2; + update_approx_time(current_time); + + stats_str = rep_hist_get_overload_general_line(); + tt_assert(!stats_str); + + stats_str = rep_hist_get_overload_stats_lines(); + tt_assert(!stats_str); + + /* Now test the rate-limit rate-limiter ;) */ + for (int i = 0; i < 10; i++) { + rep_hist_note_overload(OVERLOAD_READ); + } + /* We already have an event registered from the previous tests. We just + * registered ten more overload events, but only one should have been counted + * because of the rate limiter */ + stats_str = rep_hist_get_overload_stats_lines(); + tt_str_op("overload-ratelimits 1 2002-01-10 02:00:00 1000 2000 2 0\n", + OP_EQ, stats_str); + tor_free(stats_str); + + /* Increment time by 59 secs and try again. No additional events should + register */ + current_time += 59; + update_approx_time(current_time); + + for (int i = 0; i < 10; i++) { + rep_hist_note_overload(OVERLOAD_READ); + } + stats_str = rep_hist_get_overload_stats_lines(); + tt_str_op("overload-ratelimits 1 2002-01-10 02:00:00 1000 2000 2 0\n", + OP_EQ, stats_str); + tor_free(stats_str); + + /* Now increment time by 2 secs -- taking it after the minute rate limiting + and see that events will register again */ + current_time += 2; + update_approx_time(current_time); + + for (int i = 0; i < 10; i++) { + rep_hist_note_overload(OVERLOAD_READ); + rep_hist_note_overload(OVERLOAD_WRITE); + } + stats_str = rep_hist_get_overload_stats_lines(); + tt_str_op("overload-ratelimits 1 2002-01-10 02:00:00 1000 2000 3 1\n", + OP_EQ, stats_str); + tor_free(stats_str); + + done: + tor_free(stats_str); +} + +/** Test the overload stats logic. */ +static void +test_overload_onionskin_ntor(void *arg) +{ + char *stats_str = NULL; + (void) arg; + uint16_t type = ONION_HANDSHAKE_TYPE_NTOR_V3; + + /* Lets simulate a series of timeouts but below our default 1% threshold. */ + + for (int i = 0; i < 1000; i++) { + rep_hist_note_circuit_handshake_requested(type); + /* This should trigger 9 drop which is just below 1% (10) */ + if (i > 0 && !(i % 100)) { + rep_hist_note_circuit_handshake_dropped(type); + } + } + + /* No overload yet. */ + stats_str = rep_hist_get_overload_general_line(); + tt_assert(!stats_str); + + /* Move it 6 hours in the future and see if we get a general overload. */ + update_approx_time(approx_time() + 21600); + + /* This request should NOT trigger the general overload because we are below + * our default of 1%. */ + rep_hist_note_circuit_handshake_requested(type); + stats_str = rep_hist_get_overload_general_line(); + tt_assert(!stats_str); + + /* We'll now go above our 1% threshold. */ + for (int i = 0; i < 1000; i++) { + rep_hist_note_circuit_handshake_requested(type); + /* This should trigger 10 timeouts which is our threshold of 1% (10) */ + if (!(i % 10)) { + rep_hist_note_circuit_handshake_dropped(type); + } + } + + /* Move it 6 hours in the future and see if we get a general overload. */ + update_approx_time(approx_time() + 21600); + + /* This request should trigger the general overload because above 1%. */ + rep_hist_note_circuit_handshake_requested(type); + stats_str = rep_hist_get_overload_general_line(); + tt_assert(stats_str); + tor_free(stats_str); + + /* Move 72h in the future, we should NOT get an overload anymore. */ + update_approx_time(approx_time() + (72 * 3600)); + + stats_str = rep_hist_get_overload_general_line(); + tt_assert(!stats_str); + + done: + tor_free(stats_str); +} + #define ENT(name) \ { #name, test_ ## name , 0, NULL, NULL } #define FORK(name) \ @@ -586,7 +939,10 @@ struct testcase_t stats_tests[] = { FORK(add_obs), FORK(fill_bandwidth_history), FORK(get_bandwidth_lines), + FORK(rephist_v3_onions), FORK(load_stats_file), + FORK(overload_stats), + FORK(overload_onionskin_ntor), END_OF_TESTCASES }; diff --git a/src/test/test_status.c b/src/test/test_status.c index b938b86326..1d371645ae 100644 --- a/src/test/test_status.c +++ b/src/test/test_status.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2014-2020, The Tor Project, Inc. */ +/* Copyright (c) 2014-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define STATUS_PRIVATE @@ -359,8 +359,10 @@ test_status_hb_not_in_consensus(void *arg) "initiated 0 and received 0 v3 connections; " "initiated 0 and received 0 v4 connections; " "initiated 0 and received 0 v5 connections.\n"); - expect_log_msg("DoS mitigation since startup: 0 circuits killed with " - "too many cells. [cc not enabled] [conn not enabled] " + expect_log_msg("Heartbeat: DoS mitigation since startup: 0 circuits killed " + "with too many cells, [DoSCircuitCreationEnabled disabled], " + "[DoSConnectionEnabled disabled], " + "[DoSRefuseSingleHopClientRendezvous disabled], " "0 INTRODUCE2 rejected.\n"); tt_int_op(mock_saved_log_n_entries(), OP_EQ, 6); diff --git a/src/test/test_storagedir.c b/src/test/test_storagedir.c index eb3779cfee..16ff4da0b3 100644 --- a/src/test/test_storagedir.c +++ b/src/test/test_storagedir.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2017-2020, The Tor Project, Inc. */ +/* Copyright (c) 2017-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/test_switch_id.c b/src/test/test_switch_id.c index f97af55d17..9b3edb55ef 100644 --- a/src/test/test_switch_id.c +++ b/src/test/test_switch_id.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2015-2020, The Tor Project, Inc. */ +/* Copyright (c) 2015-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/test_threads.c b/src/test/test_threads.c index d5a1834aef..cc27e455b8 100644 --- a/src/test/test_threads.c +++ b/src/test/test_threads.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_token_bucket.c b/src/test/test_token_bucket.c index cf315f2944..097c5a156b 100644 --- a/src/test/test_token_bucket.c +++ b/src/test/test_token_bucket.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/test_tortls.c b/src/test/test_tortls.c index 12ba873650..99c759e276 100644 --- a/src/test/test_tortls.c +++ b/src/test/test_tortls.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define TORTLS_PRIVATE diff --git a/src/test/test_tortls.h b/src/test/test_tortls.h index 21c6fa0a8f..c14aba417b 100644 --- a/src/test/test_tortls.h +++ b/src/test/test_tortls.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #ifndef TEST_TORTLS_H diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c index c1a87fbb4f..010e09c8eb 100644 --- a/src/test/test_tortls_openssl.c +++ b/src/test/test_tortls_openssl.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define TORTLS_PRIVATE diff --git a/src/test/test_util.c b/src/test/test_util.c index f567a18367..1dae2c617e 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -4554,7 +4554,7 @@ test_util_glob(void *ptr) #else const char *results_test3[] = {"dir1", "dir2", "file1", "file2", "forbidden"}; -#endif +#endif /* defined(_WIN32) */ TEST("*i*"); EXPECT(results_test3); @@ -4584,15 +4584,8 @@ test_util_glob(void *ptr) TEST("file1"); EXPECT(results_test9); -#if defined(__APPLE__) || defined(__darwin__) || \ - defined(__FreeBSD__) || defined(__NetBSD__) || defined(OpenBSD) TEST("file1"PATH_SEPARATOR); EXPECT_EMPTY(); -#else - const char *results_test10[] = {"file1"}; - TEST("file1"PATH_SEPARATOR); - EXPECT(results_test10); -#endif // test path separator at end - with wildcards and linux path separator const char *results_test11[] = {"dir1", "dir2", "forbidden"}; @@ -4606,7 +4599,7 @@ test_util_glob(void *ptr) #else const char *results_test12[] = {"dir1", "dir2", "empty", "file1", "file2", "forbidden"}; -#endif +#endif /* defined(_WIN32) */ TEST("*"); EXPECT(results_test12); @@ -4653,7 +4646,7 @@ test_util_glob(void *ptr) tor_free(pattern); tt_assert(!results); } -#endif +#endif /* !defined(_WIN32) */ #undef TEST #undef EXPECT @@ -4665,7 +4658,7 @@ test_util_glob(void *ptr) (void) chmod(dir1_forbidden, 0700); (void) chmod(dir2_forbidden, 0700); (void) chmod(forbidden_forbidden, 0700); -#endif +#endif /* !defined(_WIN32) */ tor_free(dir1); tor_free(dir2); tor_free(forbidden); @@ -4679,11 +4672,11 @@ test_util_glob(void *ptr) SMARTLIST_FOREACH(results, char *, f, tor_free(f)); smartlist_free(results); } -#else +#else /* !defined(HAVE_GLOB) */ tt_skip(); done: return; -#endif +#endif /* defined(HAVE_GLOB) */ } static void @@ -4791,7 +4784,7 @@ test_util_get_glob_opened_files(void *ptr) // dot files are not special on windows const char *results_test3[] = {"", ".test-hidden", "dir1", "dir2", "empty", "file1", "file2", "forbidden"}; -#endif +#endif /* !defined(_WIN32) */ TEST("*"PATH_SEPARATOR"*"); EXPECT(results_test3); @@ -4803,7 +4796,7 @@ test_util_get_glob_opened_files(void *ptr) // dot files are not special on windows const char *results_test4[] = {"", ".test-hidden", "dir1", "dir2", "empty", "file1", "file2", "forbidden"}; -#endif +#endif /* !defined(_WIN32) */ TEST("*"PATH_SEPARATOR"*"PATH_SEPARATOR); EXPECT(results_test4); @@ -4868,7 +4861,7 @@ test_util_get_glob_opened_files(void *ptr) TT_FAIL(("unable to chmod a file on cleanup: %s", strerror(errno))); } } -#endif +#endif /* !defined(_WIN32) */ tor_free(dir1); tor_free(dir2); tor_free(forbidden); @@ -4882,11 +4875,11 @@ test_util_get_glob_opened_files(void *ptr) SMARTLIST_FOREACH(results, char *, f, tor_free(f)); smartlist_free(results); } -#else +#else /* !defined(HAVE_GLOB) */ tt_skip(); done: return; -#endif +#endif /* defined(HAVE_GLOB) */ } static void @@ -4994,7 +4987,7 @@ test_util_num_cpus(void *arg) tt_skip(); tt_int_op(num, OP_GE, 1); - tt_int_op(num, OP_LE, 16); + tt_int_op(num, OP_LE, 128); done: ; @@ -5949,7 +5942,7 @@ static int fd_is_cloexec(tor_socket_t fd) { int flags = fcntl(fd, F_GETFD, 0); - return (flags & FD_CLOEXEC) == FD_CLOEXEC; + return (flags & FD_CLOEXEC) != 0; } #endif /* defined(FD_CLOEXEC) */ @@ -5959,7 +5952,7 @@ static int fd_is_nonblocking(tor_socket_t fd) { int flags = fcntl(fd, F_GETFL, 0); - return (flags & O_NONBLOCK) == O_NONBLOCK; + return (flags & O_NONBLOCK) != 0; } #endif /* !defined(_WIN32) */ diff --git a/src/test/test_util_format.c b/src/test/test_util_format.c index 726e8e7427..f0ee58a445 100644 --- a/src/test/test_util_format.c +++ b/src/test/test_util_format.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_util_process.c b/src/test/test_util_process.c index fc79fe9b1f..28d5737cad 100644 --- a/src/test/test_util_process.c +++ b/src/test/test_util_process.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_voting_flags.c b/src/test/test_voting_flags.c index 72f70b9865..457b0fa796 100644 --- a/src/test/test_voting_flags.c +++ b/src/test/test_voting_flags.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -62,7 +62,8 @@ check_result(flag_vote_test_cfg_t *c) bool result = false; routerstatus_t rs; memset(&rs, 0, sizeof(rs)); - dirauth_set_routerstatus_from_routerinfo(&rs, &c->node, &c->ri, c->now, 0); + dirauth_set_routerstatus_from_routerinfo(&rs, &c->node, &c->ri, c->now, + 0, 0); tt_i64_op(rs.published_on, OP_EQ, c->expected.published_on); tt_str_op(rs.nickname, OP_EQ, c->expected.nickname); diff --git a/src/test/test_voting_schedule.c b/src/test/test_voting_schedule.c index df64b79167..6baf9e2e2e 100644 --- a/src/test/test_voting_schedule.c +++ b/src/test/test_voting_schedule.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2018-2020, The Tor Project, Inc. */ +/* Copyright (c) 2018-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" diff --git a/src/test/test_workqueue.c b/src/test/test_workqueue.c index 3734c08e48..19f8934f3c 100644 --- a/src/test/test_workqueue.c +++ b/src/test/test_workqueue.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "core/or/or.h" diff --git a/src/test/test_x509.c b/src/test/test_x509.c index 94e7db33de..ff21debb64 100644 --- a/src/test/test_x509.c +++ b/src/test/test_x509.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2010-2020, The Tor Project, Inc. */ +/* Copyright (c) 2010-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #define TOR_X509_PRIVATE diff --git a/src/test/testing_common.c b/src/test/testing_common.c index 9b50de07a8..2fd424c07e 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/test/testing_rsakeys.c b/src/test/testing_rsakeys.c index e058f72d01..7d3c7301dc 100644 --- a/src/test/testing_rsakeys.c +++ b/src/test/testing_rsakeys.c @@ -1,6 +1,6 @@ /* Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "lib/crypt_ops/crypto_rand.h" diff --git a/src/tools/include.am b/src/tools/include.am index 6daa27f6de..86cd0acbfd 100644 --- a/src/tools/include.am +++ b/src/tools/include.am @@ -10,7 +10,6 @@ src_tools_tor_resolve_LDADD = \ src/trunnel/libor-trunnel.a \ $(TOR_UTIL_LIBS) \ $(TOR_CRYPTO_LIBS) $(TOR_LIBS_CRYPTLIB)\ - $(rust_ldadd) \ @TOR_LIB_MATH@ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_USERENV@ if COVERAGE_ENABLED @@ -34,7 +33,6 @@ src_tools_tor_gencert_LDFLAGS = @TOR_LDFLAGS_zlib@ $(TOR_LDFLAGS_CRYPTLIB) src_tools_tor_gencert_LDADD = \ $(TOR_CRYPTO_LIBS) \ $(TOR_UTIL_LIBS) \ - $(rust_ldadd) \ @TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ $(TOR_LIBS_CRYPTLIB) \ @TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_SHLWAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@ endif diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index e4f6530b46..efd4d000fb 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include "orconfig.h" @@ -248,6 +248,8 @@ generate_key(int bits) return rsa; } +#define MIN_PASSPHRASE_LEN 4 + /** Try to read the identity key from <b>identity_key_file</b>. If no such * file exists and create_identity_key is set, make a new identity key and * store it. Return 0 on success, nonzero on failure. @@ -288,11 +290,16 @@ load_identity_key(void) * the terminal. */ if (!PEM_write_PKCS8PrivateKey_nid(f, identity_key, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, - passphrase, (int)passphrase_len, + passphrase, (int) passphrase_len, NULL, NULL)) { - log_err(LD_GENERAL, "Couldn't write identity key to %s", - identity_key_file); - crypto_openssl_log_errors(LOG_ERR, "Writing identity key"); + if ((int) passphrase_len < MIN_PASSPHRASE_LEN) { + log_err(LD_GENERAL, "Passphrase empty or too short. Passphrase needs " + "to be at least %d characters.", MIN_PASSPHRASE_LEN); + } else { + log_err(LD_GENERAL, "Couldn't write identity key to %s", + identity_key_file); + crypto_openssl_log_errors(LOG_ERR, "Writing identity key"); + } abort_writing_to_file(open_file); return 1; } diff --git a/src/tools/tor-print-ed-signing-cert.c b/src/tools/tor-print-ed-signing-cert.c index 7836293df4..7d4e0b1944 100644 --- a/src/tools/tor-print-ed-signing-cert.c +++ b/src/tools/tor-print-ed-signing-cert.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2007-2020, The Tor Project, Inc. */ +/* Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ #include <errno.h> diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c index e6d6bddcdb..ad52fdaa22 100644 --- a/src/tools/tor-resolve.c +++ b/src/tools/tor-resolve.c @@ -1,5 +1,5 @@ /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson - * Copyright (c) 2007-2020, The Tor Project, Inc. + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ @@ -253,7 +253,7 @@ build_socks_resolve_request(uint8_t **out, } static void -onion_warning(const char *hostname) +onion_hs_warning(const char *hostname) { log_warn(LD_NET, "%s is a hidden service; those don't have IP addresses. " @@ -264,6 +264,15 @@ onion_warning(const char *hostname) hostname); } +static void +onion_exit_warning(const char *hostname) +{ + log_warn(LD_NET, + "%s is a link pointing to an exit node; however, .exit domains" + "have been long defunct and are not valid anymore.", + hostname); +} + /** Given a <b>len</b>-byte SOCKS4a response in <b>response</b>, set * *<b>addr_out</b> to the address it contains (in host order). * Return 0 on success, -1 on error. @@ -306,9 +315,15 @@ parse_socks4a_resolve_response(const char *hostname, if (status != 90) { log_warn(LD_NET,"Got status response '%d': socks request failed.", status); if (!strcasecmpend(hostname, ".onion")) { - onion_warning(hostname); + onion_hs_warning(hostname); result = -1; goto cleanup; } + + if (!strcasecmpend(hostname, ".exit")) { + onion_exit_warning(hostname); + result = -1; goto cleanup; + } + result = -1; goto cleanup; } @@ -493,7 +508,11 @@ do_resolve(const char *hostname, (unsigned)reply_field, socks5_reason_to_string(reply_field)); if (reply_field == 4 && !strcasecmpend(hostname, ".onion")) { - onion_warning(hostname); + onion_hs_warning(hostname); + } + + if (reply_field == 4 && !strcasecmpend(hostname, ".exit")) { + onion_exit_warning(hostname); } socks5_server_reply_free(reply); diff --git a/src/tools/tor_runner.c b/src/tools/tor_runner.c index 83f1a495cd..360f9c57ac 100644 --- a/src/tools/tor_runner.c +++ b/src/tools/tor_runner.c @@ -1,7 +1,7 @@ /* Copyright (c) 2001 Matej Pfajfar. * Copyright (c) 2001-2004, Roger Dingledine. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. - * Copyright (c) 2007-2020, The Tor Project, Inc. */ + * Copyright (c) 2007-2021, The Tor Project, Inc. */ /* See LICENSE for licensing information */ /** diff --git a/src/trunnel/congestion_control.c b/src/trunnel/congestion_control.c new file mode 100644 index 0000000000..371612bfe0 --- /dev/null +++ b/src/trunnel/congestion_control.c @@ -0,0 +1,183 @@ +/* congestion_control.c -- generated by Trunnel v1.5.3. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#include <stdlib.h> +#include "trunnel-impl.h" + +#include "congestion_control.h" + +#define TRUNNEL_SET_ERROR_CODE(obj) \ + do { \ + (obj)->trunnel_error_code_ = 1; \ + } while (0) + +#if defined(__COVERITY__) || defined(__clang_analyzer__) +/* If we're running a static analysis tool, we don't want it to complain + * that some of our remaining-bytes checks are dead-code. */ +int congestioncontrol_deadcode_dummy__ = 0; +#define OR_DEADCODE_DUMMY || congestioncontrol_deadcode_dummy__ +#else +#define OR_DEADCODE_DUMMY +#endif + +#define CHECK_REMAINING(nbytes, label) \ + do { \ + if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \ + goto label; \ + } \ + } while (0) + +trn_extension_field_cc_t * +trn_extension_field_cc_new(void) +{ + trn_extension_field_cc_t *val = trunnel_calloc(1, sizeof(trn_extension_field_cc_t)); + if (NULL == val) + return NULL; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +trn_extension_field_cc_clear(trn_extension_field_cc_t *obj) +{ + (void) obj; +} + +void +trn_extension_field_cc_free(trn_extension_field_cc_t *obj) +{ + if (obj == NULL) + return; + trn_extension_field_cc_clear(obj); + trunnel_memwipe(obj, sizeof(trn_extension_field_cc_t)); + trunnel_free_(obj); +} + +uint8_t +trn_extension_field_cc_get_sendme_inc(const trn_extension_field_cc_t *inp) +{ + return inp->sendme_inc; +} +int +trn_extension_field_cc_set_sendme_inc(trn_extension_field_cc_t *inp, uint8_t val) +{ + inp->sendme_inc = val; + return 0; +} +const char * +trn_extension_field_cc_check(const trn_extension_field_cc_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + return NULL; +} + +ssize_t +trn_extension_field_cc_encoded_len(const trn_extension_field_cc_t *obj) +{ + ssize_t result = 0; + + if (NULL != trn_extension_field_cc_check(obj)) + return -1; + + + /* Length of u8 sendme_inc */ + result += 1; + return result; +} +int +trn_extension_field_cc_clear_errors(trn_extension_field_cc_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +trn_extension_field_cc_encode(uint8_t *output, const size_t avail, const trn_extension_field_cc_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = trn_extension_field_cc_encoded_len(obj); +#endif + + if (NULL != (msg = trn_extension_field_cc_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 sendme_inc */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->sendme_inc)); + written += 1; ptr += 1; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As trn_extension_field_cc_parse(), but do not allocate the output + * object. + */ +static ssize_t +trn_extension_field_cc_parse_into(trn_extension_field_cc_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 sendme_inc */ + CHECK_REMAINING(1, truncated); + obj->sendme_inc = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; +} + +ssize_t +trn_extension_field_cc_parse(trn_extension_field_cc_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = trn_extension_field_cc_new(); + if (NULL == *output) + return -1; + result = trn_extension_field_cc_parse_into(*output, input, len_in); + if (result < 0) { + trn_extension_field_cc_free(*output); + *output = NULL; + } + return result; +} diff --git a/src/trunnel/congestion_control.h b/src/trunnel/congestion_control.h new file mode 100644 index 0000000000..0cc21a1db5 --- /dev/null +++ b/src/trunnel/congestion_control.h @@ -0,0 +1,67 @@ +/* congestion_control.h -- generated by Trunnel v1.5.3. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#ifndef TRUNNEL_CONGESTION_CONTROL_H +#define TRUNNEL_CONGESTION_CONTROL_H + +#include <stdint.h> +#include "trunnel.h" + +#define TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST 1 +#define TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE 2 +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_EXTENSION_FIELD_CC) +struct trn_extension_field_cc_st { + uint8_t sendme_inc; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct trn_extension_field_cc_st trn_extension_field_cc_t; +/** Return a newly allocated trn_extension_field_cc with all elements + * set to zero. + */ +trn_extension_field_cc_t *trn_extension_field_cc_new(void); +/** Release all storage held by the trn_extension_field_cc in + * 'victim'. (Do nothing if 'victim' is NULL.) + */ +void trn_extension_field_cc_free(trn_extension_field_cc_t *victim); +/** Try to parse a trn_extension_field_cc from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated trn_extension_field_cc_t. On failure, return -2 if the + * input appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t trn_extension_field_cc_parse(trn_extension_field_cc_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * trn_extension_field_cc in 'obj'. On failure, return a negative + * value. Note that this value may be an overestimate, and can even be + * an underestimate for certain unencodeable objects. + */ +ssize_t trn_extension_field_cc_encoded_len(const trn_extension_field_cc_t *obj); +/** Try to encode the trn_extension_field_cc from 'input' into the + * buffer at 'output', using up to 'avail' bytes of the output buffer. + * On success, return the number of bytes used. On failure, return -2 + * if the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t trn_extension_field_cc_encode(uint8_t *output, size_t avail, const trn_extension_field_cc_t *input); +/** Check whether the internal state of the trn_extension_field_cc in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *trn_extension_field_cc_check(const trn_extension_field_cc_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int trn_extension_field_cc_clear_errors(trn_extension_field_cc_t *obj); +/** Return the value of the sendme_inc field of the + * trn_extension_field_cc_t in 'inp' + */ +uint8_t trn_extension_field_cc_get_sendme_inc(const trn_extension_field_cc_t *inp); +/** Set the value of the sendme_inc field of the + * trn_extension_field_cc_t in 'inp' to 'val'. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int trn_extension_field_cc_set_sendme_inc(trn_extension_field_cc_t *inp, uint8_t val); + + +#endif diff --git a/src/trunnel/congestion_control.trunnel b/src/trunnel/congestion_control.trunnel new file mode 100644 index 0000000000..50697a0cd2 --- /dev/null +++ b/src/trunnel/congestion_control.trunnel @@ -0,0 +1,22 @@ +/* This file contains the definition for the encrypted payload of a circuit + * parameter negotiation request/response portion of the trn_ntorv3 onionskin + * handshake. Currently only supports congestion control params. */ + +/* The following is encoded in the extension format. */ + +/* Field types. */ +const TRUNNEL_EXT_TYPE_CC_FIELD_REQUEST = 0x01; +const TRUNNEL_EXT_TYPE_CC_FIELD_RESPONSE = 0x02; + +/* + * "Request" is an empty payload signalling that CC is enabled. + */ + +/* + * "Response" consists of 1 single byte: + * SENDME_INC -- Min: 0, Max: 255 + */ + +struct trn_extension_field_cc { + u8 sendme_inc; +}; diff --git a/src/trunnel/hs/cell_common.c b/src/trunnel/extension.c index 1f50961d69..538ac62928 100644 --- a/src/trunnel/hs/cell_common.c +++ b/src/trunnel/extension.c @@ -1,11 +1,11 @@ -/* cell_common.c -- generated by Trunnel v1.5.3. +/* extension.c -- generated by Trunnel v1.5.3. * https://gitweb.torproject.org/trunnel.git * You probably shouldn't edit this file. */ #include <stdlib.h> #include "trunnel-impl.h" -#include "cell_common.h" +#include "extension.h" #define TRUNNEL_SET_ERROR_CODE(obj) \ do { \ @@ -15,8 +15,8 @@ #if defined(__COVERITY__) || defined(__clang_analyzer__) /* If we're running a static analysis tool, we don't want it to complain * that some of our remaining-bytes checks are dead-code. */ -int cellcommon_deadcode_dummy__ = 0; -#define OR_DEADCODE_DUMMY || cellcommon_deadcode_dummy__ +int extension_deadcode_dummy__ = 0; +#define OR_DEADCODE_DUMMY || extension_deadcode_dummy__ #else #define OR_DEADCODE_DUMMY #endif @@ -28,10 +28,10 @@ int cellcommon_deadcode_dummy__ = 0; } \ } while (0) -trn_cell_extension_field_t * -trn_cell_extension_field_new(void) +trn_extension_field_t * +trn_extension_field_new(void) { - trn_cell_extension_field_t *val = trunnel_calloc(1, sizeof(trn_cell_extension_field_t)); + trn_extension_field_t *val = trunnel_calloc(1, sizeof(trn_extension_field_t)); if (NULL == val) return NULL; return val; @@ -40,7 +40,7 @@ trn_cell_extension_field_new(void) /** Release all storage held inside 'obj', but do not free 'obj'. */ static void -trn_cell_extension_field_clear(trn_cell_extension_field_t *obj) +trn_extension_field_clear(trn_extension_field_t *obj) { (void) obj; TRUNNEL_DYNARRAY_WIPE(&obj->field); @@ -48,62 +48,62 @@ trn_cell_extension_field_clear(trn_cell_extension_field_t *obj) } void -trn_cell_extension_field_free(trn_cell_extension_field_t *obj) +trn_extension_field_free(trn_extension_field_t *obj) { if (obj == NULL) return; - trn_cell_extension_field_clear(obj); - trunnel_memwipe(obj, sizeof(trn_cell_extension_field_t)); + trn_extension_field_clear(obj); + trunnel_memwipe(obj, sizeof(trn_extension_field_t)); trunnel_free_(obj); } uint8_t -trn_cell_extension_field_get_field_type(const trn_cell_extension_field_t *inp) +trn_extension_field_get_field_type(const trn_extension_field_t *inp) { return inp->field_type; } int -trn_cell_extension_field_set_field_type(trn_cell_extension_field_t *inp, uint8_t val) +trn_extension_field_set_field_type(trn_extension_field_t *inp, uint8_t val) { inp->field_type = val; return 0; } uint8_t -trn_cell_extension_field_get_field_len(const trn_cell_extension_field_t *inp) +trn_extension_field_get_field_len(const trn_extension_field_t *inp) { return inp->field_len; } int -trn_cell_extension_field_set_field_len(trn_cell_extension_field_t *inp, uint8_t val) +trn_extension_field_set_field_len(trn_extension_field_t *inp, uint8_t val) { inp->field_len = val; return 0; } size_t -trn_cell_extension_field_getlen_field(const trn_cell_extension_field_t *inp) +trn_extension_field_getlen_field(const trn_extension_field_t *inp) { return TRUNNEL_DYNARRAY_LEN(&inp->field); } uint8_t -trn_cell_extension_field_get_field(trn_cell_extension_field_t *inp, size_t idx) +trn_extension_field_get_field(trn_extension_field_t *inp, size_t idx) { return TRUNNEL_DYNARRAY_GET(&inp->field, idx); } uint8_t -trn_cell_extension_field_getconst_field(const trn_cell_extension_field_t *inp, size_t idx) +trn_extension_field_getconst_field(const trn_extension_field_t *inp, size_t idx) { - return trn_cell_extension_field_get_field((trn_cell_extension_field_t*)inp, idx); + return trn_extension_field_get_field((trn_extension_field_t*)inp, idx); } int -trn_cell_extension_field_set_field(trn_cell_extension_field_t *inp, size_t idx, uint8_t elt) +trn_extension_field_set_field(trn_extension_field_t *inp, size_t idx, uint8_t elt) { TRUNNEL_DYNARRAY_SET(&inp->field, idx, elt); return 0; } int -trn_cell_extension_field_add_field(trn_cell_extension_field_t *inp, uint8_t elt) +trn_extension_field_add_field(trn_extension_field_t *inp, uint8_t elt) { #if SIZE_MAX >= UINT8_MAX if (inp->field.n_ == UINT8_MAX) @@ -117,17 +117,17 @@ trn_cell_extension_field_add_field(trn_cell_extension_field_t *inp, uint8_t elt) } uint8_t * -trn_cell_extension_field_getarray_field(trn_cell_extension_field_t *inp) +trn_extension_field_getarray_field(trn_extension_field_t *inp) { return inp->field.elts_; } const uint8_t * -trn_cell_extension_field_getconstarray_field(const trn_cell_extension_field_t *inp) +trn_extension_field_getconstarray_field(const trn_extension_field_t *inp) { - return (const uint8_t *)trn_cell_extension_field_getarray_field((trn_cell_extension_field_t*)inp); + return (const uint8_t *)trn_extension_field_getarray_field((trn_extension_field_t*)inp); } int -trn_cell_extension_field_setlen_field(trn_cell_extension_field_t *inp, size_t newlen) +trn_extension_field_setlen_field(trn_extension_field_t *inp, size_t newlen) { uint8_t *newptr; #if UINT8_MAX < SIZE_MAX @@ -147,7 +147,7 @@ trn_cell_extension_field_setlen_field(trn_cell_extension_field_t *inp, size_t ne return -1; } const char * -trn_cell_extension_field_check(const trn_cell_extension_field_t *obj) +trn_extension_field_check(const trn_extension_field_t *obj) { if (obj == NULL) return "Object was NULL"; @@ -159,11 +159,11 @@ trn_cell_extension_field_check(const trn_cell_extension_field_t *obj) } ssize_t -trn_cell_extension_field_encoded_len(const trn_cell_extension_field_t *obj) +trn_extension_field_encoded_len(const trn_extension_field_t *obj) { ssize_t result = 0; - if (NULL != trn_cell_extension_field_check(obj)) + if (NULL != trn_extension_field_check(obj)) return -1; @@ -178,24 +178,24 @@ trn_cell_extension_field_encoded_len(const trn_cell_extension_field_t *obj) return result; } int -trn_cell_extension_field_clear_errors(trn_cell_extension_field_t *obj) +trn_extension_field_clear_errors(trn_extension_field_t *obj) { int r = obj->trunnel_error_code_; obj->trunnel_error_code_ = 0; return r; } ssize_t -trn_cell_extension_field_encode(uint8_t *output, const size_t avail, const trn_cell_extension_field_t *obj) +trn_extension_field_encode(uint8_t *output, const size_t avail, const trn_extension_field_t *obj) { ssize_t result = 0; size_t written = 0; uint8_t *ptr = output; const char *msg; #ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = trn_cell_extension_field_encoded_len(obj); + const ssize_t encoded_len = trn_extension_field_encoded_len(obj); #endif - if (NULL != (msg = trn_cell_extension_field_check(obj))) + if (NULL != (msg = trn_extension_field_check(obj))) goto check_failed; #ifdef TRUNNEL_CHECK_ENCODED_LEN @@ -252,11 +252,11 @@ trn_cell_extension_field_encode(uint8_t *output, const size_t avail, const trn_c return result; } -/** As trn_cell_extension_field_parse(), but do not allocate the - * output object. +/** As trn_extension_field_parse(), but do not allocate the output + * object. */ static ssize_t -trn_cell_extension_field_parse_into(trn_cell_extension_field_t *obj, const uint8_t *input, const size_t len_in) +trn_extension_field_parse_into(trn_extension_field_t *obj, const uint8_t *input, const size_t len_in) { const uint8_t *ptr = input; size_t remaining = len_in; @@ -290,23 +290,23 @@ trn_cell_extension_field_parse_into(trn_cell_extension_field_t *obj, const uint8 } ssize_t -trn_cell_extension_field_parse(trn_cell_extension_field_t **output, const uint8_t *input, const size_t len_in) +trn_extension_field_parse(trn_extension_field_t **output, const uint8_t *input, const size_t len_in) { ssize_t result; - *output = trn_cell_extension_field_new(); + *output = trn_extension_field_new(); if (NULL == *output) return -1; - result = trn_cell_extension_field_parse_into(*output, input, len_in); + result = trn_extension_field_parse_into(*output, input, len_in); if (result < 0) { - trn_cell_extension_field_free(*output); + trn_extension_field_free(*output); *output = NULL; } return result; } -trn_cell_extension_t * -trn_cell_extension_new(void) +trn_extension_t * +trn_extension_new(void) { - trn_cell_extension_t *val = trunnel_calloc(1, sizeof(trn_cell_extension_t)); + trn_extension_t *val = trunnel_calloc(1, sizeof(trn_extension_t)); if (NULL == val) return NULL; return val; @@ -315,14 +315,14 @@ trn_cell_extension_new(void) /** Release all storage held inside 'obj', but do not free 'obj'. */ static void -trn_cell_extension_clear(trn_cell_extension_t *obj) +trn_extension_clear(trn_extension_t *obj) { (void) obj; { unsigned idx; for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->fields); ++idx) { - trn_cell_extension_field_free(TRUNNEL_DYNARRAY_GET(&obj->fields, idx)); + trn_extension_field_free(TRUNNEL_DYNARRAY_GET(&obj->fields, idx)); } } TRUNNEL_DYNARRAY_WIPE(&obj->fields); @@ -330,92 +330,92 @@ trn_cell_extension_clear(trn_cell_extension_t *obj) } void -trn_cell_extension_free(trn_cell_extension_t *obj) +trn_extension_free(trn_extension_t *obj) { if (obj == NULL) return; - trn_cell_extension_clear(obj); - trunnel_memwipe(obj, sizeof(trn_cell_extension_t)); + trn_extension_clear(obj); + trunnel_memwipe(obj, sizeof(trn_extension_t)); trunnel_free_(obj); } uint8_t -trn_cell_extension_get_num(const trn_cell_extension_t *inp) +trn_extension_get_num(const trn_extension_t *inp) { return inp->num; } int -trn_cell_extension_set_num(trn_cell_extension_t *inp, uint8_t val) +trn_extension_set_num(trn_extension_t *inp, uint8_t val) { inp->num = val; return 0; } size_t -trn_cell_extension_getlen_fields(const trn_cell_extension_t *inp) +trn_extension_getlen_fields(const trn_extension_t *inp) { return TRUNNEL_DYNARRAY_LEN(&inp->fields); } -struct trn_cell_extension_field_st * -trn_cell_extension_get_fields(trn_cell_extension_t *inp, size_t idx) +struct trn_extension_field_st * +trn_extension_get_fields(trn_extension_t *inp, size_t idx) { return TRUNNEL_DYNARRAY_GET(&inp->fields, idx); } - const struct trn_cell_extension_field_st * -trn_cell_extension_getconst_fields(const trn_cell_extension_t *inp, size_t idx) + const struct trn_extension_field_st * +trn_extension_getconst_fields(const trn_extension_t *inp, size_t idx) { - return trn_cell_extension_get_fields((trn_cell_extension_t*)inp, idx); + return trn_extension_get_fields((trn_extension_t*)inp, idx); } int -trn_cell_extension_set_fields(trn_cell_extension_t *inp, size_t idx, struct trn_cell_extension_field_st * elt) +trn_extension_set_fields(trn_extension_t *inp, size_t idx, struct trn_extension_field_st * elt) { - trn_cell_extension_field_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->fields, idx); + trn_extension_field_t *oldval = TRUNNEL_DYNARRAY_GET(&inp->fields, idx); if (oldval && oldval != elt) - trn_cell_extension_field_free(oldval); - return trn_cell_extension_set0_fields(inp, idx, elt); + trn_extension_field_free(oldval); + return trn_extension_set0_fields(inp, idx, elt); } int -trn_cell_extension_set0_fields(trn_cell_extension_t *inp, size_t idx, struct trn_cell_extension_field_st * elt) +trn_extension_set0_fields(trn_extension_t *inp, size_t idx, struct trn_extension_field_st * elt) { TRUNNEL_DYNARRAY_SET(&inp->fields, idx, elt); return 0; } int -trn_cell_extension_add_fields(trn_cell_extension_t *inp, struct trn_cell_extension_field_st * elt) +trn_extension_add_fields(trn_extension_t *inp, struct trn_extension_field_st * elt) { #if SIZE_MAX >= UINT8_MAX if (inp->fields.n_ == UINT8_MAX) goto trunnel_alloc_failed; #endif - TRUNNEL_DYNARRAY_ADD(struct trn_cell_extension_field_st *, &inp->fields, elt, {}); + TRUNNEL_DYNARRAY_ADD(struct trn_extension_field_st *, &inp->fields, elt, {}); return 0; trunnel_alloc_failed: TRUNNEL_SET_ERROR_CODE(inp); return -1; } -struct trn_cell_extension_field_st * * -trn_cell_extension_getarray_fields(trn_cell_extension_t *inp) +struct trn_extension_field_st * * +trn_extension_getarray_fields(trn_extension_t *inp) { return inp->fields.elts_; } -const struct trn_cell_extension_field_st * const * -trn_cell_extension_getconstarray_fields(const trn_cell_extension_t *inp) +const struct trn_extension_field_st * const * +trn_extension_getconstarray_fields(const trn_extension_t *inp) { - return (const struct trn_cell_extension_field_st * const *)trn_cell_extension_getarray_fields((trn_cell_extension_t*)inp); + return (const struct trn_extension_field_st * const *)trn_extension_getarray_fields((trn_extension_t*)inp); } int -trn_cell_extension_setlen_fields(trn_cell_extension_t *inp, size_t newlen) +trn_extension_setlen_fields(trn_extension_t *inp, size_t newlen) { - struct trn_cell_extension_field_st * *newptr; + struct trn_extension_field_st * *newptr; #if UINT8_MAX < SIZE_MAX if (newlen > UINT8_MAX) goto trunnel_alloc_failed; #endif newptr = trunnel_dynarray_setlen(&inp->fields.allocated_, &inp->fields.n_, inp->fields.elts_, newlen, - sizeof(inp->fields.elts_[0]), (trunnel_free_fn_t) trn_cell_extension_field_free, + sizeof(inp->fields.elts_[0]), (trunnel_free_fn_t) trn_extension_field_free, &inp->trunnel_error_code_); if (newlen != 0 && newptr == NULL) goto trunnel_alloc_failed; @@ -426,7 +426,7 @@ trn_cell_extension_setlen_fields(trn_cell_extension_t *inp, size_t newlen) return -1; } const char * -trn_cell_extension_check(const trn_cell_extension_t *obj) +trn_extension_check(const trn_extension_t *obj) { if (obj == NULL) return "Object was NULL"; @@ -437,7 +437,7 @@ trn_cell_extension_check(const trn_cell_extension_t *obj) unsigned idx; for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->fields); ++idx) { - if (NULL != (msg = trn_cell_extension_field_check(TRUNNEL_DYNARRAY_GET(&obj->fields, idx)))) + if (NULL != (msg = trn_extension_field_check(TRUNNEL_DYNARRAY_GET(&obj->fields, idx)))) return msg; } } @@ -447,46 +447,46 @@ trn_cell_extension_check(const trn_cell_extension_t *obj) } ssize_t -trn_cell_extension_encoded_len(const trn_cell_extension_t *obj) +trn_extension_encoded_len(const trn_extension_t *obj) { ssize_t result = 0; - if (NULL != trn_cell_extension_check(obj)) + if (NULL != trn_extension_check(obj)) return -1; /* Length of u8 num */ result += 1; - /* Length of struct trn_cell_extension_field fields[num] */ + /* Length of struct trn_extension_field fields[num] */ { unsigned idx; for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->fields); ++idx) { - result += trn_cell_extension_field_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->fields, idx)); + result += trn_extension_field_encoded_len(TRUNNEL_DYNARRAY_GET(&obj->fields, idx)); } } return result; } int -trn_cell_extension_clear_errors(trn_cell_extension_t *obj) +trn_extension_clear_errors(trn_extension_t *obj) { int r = obj->trunnel_error_code_; obj->trunnel_error_code_ = 0; return r; } ssize_t -trn_cell_extension_encode(uint8_t *output, const size_t avail, const trn_cell_extension_t *obj) +trn_extension_encode(uint8_t *output, const size_t avail, const trn_extension_t *obj) { ssize_t result = 0; size_t written = 0; uint8_t *ptr = output; const char *msg; #ifdef TRUNNEL_CHECK_ENCODED_LEN - const ssize_t encoded_len = trn_cell_extension_encoded_len(obj); + const ssize_t encoded_len = trn_extension_encoded_len(obj); #endif - if (NULL != (msg = trn_cell_extension_check(obj))) + if (NULL != (msg = trn_extension_check(obj))) goto check_failed; #ifdef TRUNNEL_CHECK_ENCODED_LEN @@ -500,13 +500,13 @@ trn_cell_extension_encode(uint8_t *output, const size_t avail, const trn_cell_ex trunnel_set_uint8(ptr, (obj->num)); written += 1; ptr += 1; - /* Encode struct trn_cell_extension_field fields[num] */ + /* Encode struct trn_extension_field fields[num] */ { unsigned idx; for (idx = 0; idx < TRUNNEL_DYNARRAY_LEN(&obj->fields); ++idx) { trunnel_assert(written <= avail); - result = trn_cell_extension_field_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->fields, idx)); + result = trn_extension_field_encode(ptr, avail - written, TRUNNEL_DYNARRAY_GET(&obj->fields, idx)); if (result < 0) goto fail; /* XXXXXXX !*/ written += result; ptr += result; @@ -537,11 +537,10 @@ trn_cell_extension_encode(uint8_t *output, const size_t avail, const trn_cell_ex return result; } -/** As trn_cell_extension_parse(), but do not allocate the output - * object. +/** As trn_extension_parse(), but do not allocate the output object. */ static ssize_t -trn_cell_extension_parse_into(trn_cell_extension_t *obj, const uint8_t *input, const size_t len_in) +trn_extension_parse_into(trn_extension_t *obj, const uint8_t *input, const size_t len_in) { const uint8_t *ptr = input; size_t remaining = len_in; @@ -553,18 +552,18 @@ trn_cell_extension_parse_into(trn_cell_extension_t *obj, const uint8_t *input, c obj->num = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; - /* Parse struct trn_cell_extension_field fields[num] */ - TRUNNEL_DYNARRAY_EXPAND(trn_cell_extension_field_t *, &obj->fields, obj->num, {}); + /* Parse struct trn_extension_field fields[num] */ + TRUNNEL_DYNARRAY_EXPAND(trn_extension_field_t *, &obj->fields, obj->num, {}); { - trn_cell_extension_field_t * elt; + trn_extension_field_t * elt; unsigned idx; for (idx = 0; idx < obj->num; ++idx) { - result = trn_cell_extension_field_parse(&elt, ptr, remaining); + result = trn_extension_field_parse(&elt, ptr, remaining); if (result < 0) goto relay_fail; trunnel_assert((size_t)result <= remaining); remaining -= result; ptr += result; - TRUNNEL_DYNARRAY_ADD(trn_cell_extension_field_t *, &obj->fields, elt, {trn_cell_extension_field_free(elt);}); + TRUNNEL_DYNARRAY_ADD(trn_extension_field_t *, &obj->fields, elt, {trn_extension_field_free(elt);}); } } trunnel_assert(ptr + remaining == input + len_in); @@ -580,15 +579,15 @@ trn_cell_extension_parse_into(trn_cell_extension_t *obj, const uint8_t *input, c } ssize_t -trn_cell_extension_parse(trn_cell_extension_t **output, const uint8_t *input, const size_t len_in) +trn_extension_parse(trn_extension_t **output, const uint8_t *input, const size_t len_in) { ssize_t result; - *output = trn_cell_extension_new(); + *output = trn_extension_new(); if (NULL == *output) return -1; - result = trn_cell_extension_parse_into(*output, input, len_in); + result = trn_extension_parse_into(*output, input, len_in); if (result < 0) { - trn_cell_extension_free(*output); + trn_extension_free(*output); *output = NULL; } return result; diff --git a/src/trunnel/extension.h b/src/trunnel/extension.h new file mode 100644 index 0000000000..eed89d140e --- /dev/null +++ b/src/trunnel/extension.h @@ -0,0 +1,197 @@ +/* extension.h -- generated by Trunnel v1.5.3. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#ifndef TRUNNEL_EXTENSION_H +#define TRUNNEL_EXTENSION_H + +#include <stdint.h> +#include "trunnel.h" + +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_EXTENSION_FIELD) +struct trn_extension_field_st { + uint8_t field_type; + uint8_t field_len; + TRUNNEL_DYNARRAY_HEAD(, uint8_t) field; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct trn_extension_field_st trn_extension_field_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_EXTENSION) +struct trn_extension_st { + uint8_t num; + TRUNNEL_DYNARRAY_HEAD(, struct trn_extension_field_st *) fields; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct trn_extension_st trn_extension_t; +/** Return a newly allocated trn_extension_field with all elements set + * to zero. + */ +trn_extension_field_t *trn_extension_field_new(void); +/** Release all storage held by the trn_extension_field in 'victim'. + * (Do nothing if 'victim' is NULL.) + */ +void trn_extension_field_free(trn_extension_field_t *victim); +/** Try to parse a trn_extension_field from the buffer in 'input', + * using up to 'len_in' bytes from the input buffer. On success, + * return the number of bytes consumed and set *output to the newly + * allocated trn_extension_field_t. On failure, return -2 if the input + * appears truncated, and -1 if the input is otherwise invalid. + */ +ssize_t trn_extension_field_parse(trn_extension_field_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * trn_extension_field in 'obj'. On failure, return a negative value. + * Note that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t trn_extension_field_encoded_len(const trn_extension_field_t *obj); +/** Try to encode the trn_extension_field from 'input' into the buffer + * at 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t trn_extension_field_encode(uint8_t *output, size_t avail, const trn_extension_field_t *input); +/** Check whether the internal state of the trn_extension_field in + * 'obj' is consistent. Return NULL if it is, and a short message if + * it is not. + */ +const char *trn_extension_field_check(const trn_extension_field_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int trn_extension_field_clear_errors(trn_extension_field_t *obj); +/** Return the value of the field_type field of the + * trn_extension_field_t in 'inp' + */ +uint8_t trn_extension_field_get_field_type(const trn_extension_field_t *inp); +/** Set the value of the field_type field of the trn_extension_field_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int trn_extension_field_set_field_type(trn_extension_field_t *inp, uint8_t val); +/** Return the value of the field_len field of the + * trn_extension_field_t in 'inp' + */ +uint8_t trn_extension_field_get_field_len(const trn_extension_field_t *inp); +/** Set the value of the field_len field of the trn_extension_field_t + * in 'inp' to 'val'. Return 0 on success; return -1 and set the error + * code on 'inp' on failure. + */ +int trn_extension_field_set_field_len(trn_extension_field_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the field field of + * the trn_extension_field_t in 'inp'. + */ +size_t trn_extension_field_getlen_field(const trn_extension_field_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * field of the trn_extension_field_t in 'inp'. + */ +uint8_t trn_extension_field_get_field(trn_extension_field_t *inp, size_t idx); +/** As trn_extension_field_get_field, but take and return a const + * pointer + */ +uint8_t trn_extension_field_getconst_field(const trn_extension_field_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * field of the trn_extension_field_t in 'inp', so that it will hold + * the value 'elt'. + */ +int trn_extension_field_set_field(trn_extension_field_t *inp, size_t idx, uint8_t elt); +/** Append a new element 'elt' to the dynamic array field field of the + * trn_extension_field_t in 'inp'. + */ +int trn_extension_field_add_field(trn_extension_field_t *inp, uint8_t elt); +/** Return a pointer to the variable-length array field field of + * 'inp'. + */ +uint8_t * trn_extension_field_getarray_field(trn_extension_field_t *inp); +/** As trn_extension_field_get_field, but take and return a const + * pointer + */ +const uint8_t * trn_extension_field_getconstarray_field(const trn_extension_field_t *inp); +/** Change the length of the variable-length array field field of + * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success; + * return -1 and set the error code on 'inp' on failure. + */ +int trn_extension_field_setlen_field(trn_extension_field_t *inp, size_t newlen); +/** Return a newly allocated trn_extension with all elements set to + * zero. + */ +trn_extension_t *trn_extension_new(void); +/** Release all storage held by the trn_extension in 'victim'. (Do + * nothing if 'victim' is NULL.) + */ +void trn_extension_free(trn_extension_t *victim); +/** Try to parse a trn_extension from the buffer in 'input', using up + * to 'len_in' bytes from the input buffer. On success, return the + * number of bytes consumed and set *output to the newly allocated + * trn_extension_t. On failure, return -2 if the input appears + * truncated, and -1 if the input is otherwise invalid. + */ +ssize_t trn_extension_parse(trn_extension_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * trn_extension in 'obj'. On failure, return a negative value. Note + * that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t trn_extension_encoded_len(const trn_extension_t *obj); +/** Try to encode the trn_extension from 'input' into the buffer at + * 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t trn_extension_encode(uint8_t *output, size_t avail, const trn_extension_t *input); +/** Check whether the internal state of the trn_extension in 'obj' is + * consistent. Return NULL if it is, and a short message if it is not. + */ +const char *trn_extension_check(const trn_extension_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int trn_extension_clear_errors(trn_extension_t *obj); +/** Return the value of the num field of the trn_extension_t in 'inp' + */ +uint8_t trn_extension_get_num(const trn_extension_t *inp); +/** Set the value of the num field of the trn_extension_t in 'inp' to + * 'val'. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int trn_extension_set_num(trn_extension_t *inp, uint8_t val); +/** Return the length of the dynamic array holding the fields field of + * the trn_extension_t in 'inp'. + */ +size_t trn_extension_getlen_fields(const trn_extension_t *inp); +/** Return the element at position 'idx' of the dynamic array field + * fields of the trn_extension_t in 'inp'. + */ +struct trn_extension_field_st * trn_extension_get_fields(trn_extension_t *inp, size_t idx); +/** As trn_extension_get_fields, but take and return a const pointer + */ + const struct trn_extension_field_st * trn_extension_getconst_fields(const trn_extension_t *inp, size_t idx); +/** Change the element at position 'idx' of the dynamic array field + * fields of the trn_extension_t in 'inp', so that it will hold the + * value 'elt'. Free the previous value, if any. + */ +int trn_extension_set_fields(trn_extension_t *inp, size_t idx, struct trn_extension_field_st * elt); +/** As trn_extension_set_fields, but does not free the previous value. + */ +int trn_extension_set0_fields(trn_extension_t *inp, size_t idx, struct trn_extension_field_st * elt); +/** Append a new element 'elt' to the dynamic array field fields of + * the trn_extension_t in 'inp'. + */ +int trn_extension_add_fields(trn_extension_t *inp, struct trn_extension_field_st * elt); +/** Return a pointer to the variable-length array field fields of + * 'inp'. + */ +struct trn_extension_field_st * * trn_extension_getarray_fields(trn_extension_t *inp); +/** As trn_extension_get_fields, but take and return a const pointer + */ +const struct trn_extension_field_st * const * trn_extension_getconstarray_fields(const trn_extension_t *inp); +/** Change the length of the variable-length array field fields of + * 'inp' to 'newlen'.Fill extra elements with NULL; free removed + * elements. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int trn_extension_setlen_fields(trn_extension_t *inp, size_t newlen); + + +#endif diff --git a/src/trunnel/extension.trunnel b/src/trunnel/extension.trunnel new file mode 100644 index 0000000000..177eba0596 --- /dev/null +++ b/src/trunnel/extension.trunnel @@ -0,0 +1,14 @@ + +/* The cell extension ABI that is also used within other type of structures + * such as the ntorv3 data payload. */ + +struct trn_extension_field { + u8 field_type; + u8 field_len; + u8 field[field_len]; +}; + +struct trn_extension { + u8 num; + struct trn_extension_field fields[num]; +}; diff --git a/src/trunnel/flow_control_cells.c b/src/trunnel/flow_control_cells.c new file mode 100644 index 0000000000..df44756d6b --- /dev/null +++ b/src/trunnel/flow_control_cells.c @@ -0,0 +1,382 @@ +/* flow_control_cells.c -- generated by Trunnel v1.5.3. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#include <stdlib.h> +#include "trunnel-impl.h" + +#include "flow_control_cells.h" + +#define TRUNNEL_SET_ERROR_CODE(obj) \ + do { \ + (obj)->trunnel_error_code_ = 1; \ + } while (0) + +#if defined(__COVERITY__) || defined(__clang_analyzer__) +/* If we're running a static analysis tool, we don't want it to complain + * that some of our remaining-bytes checks are dead-code. */ +int flowcontrolcells_deadcode_dummy__ = 0; +#define OR_DEADCODE_DUMMY || flowcontrolcells_deadcode_dummy__ +#else +#define OR_DEADCODE_DUMMY +#endif + +#define CHECK_REMAINING(nbytes, label) \ + do { \ + if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \ + goto label; \ + } \ + } while (0) + +xoff_cell_t * +xoff_cell_new(void) +{ + xoff_cell_t *val = trunnel_calloc(1, sizeof(xoff_cell_t)); + if (NULL == val) + return NULL; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +xoff_cell_clear(xoff_cell_t *obj) +{ + (void) obj; +} + +void +xoff_cell_free(xoff_cell_t *obj) +{ + if (obj == NULL) + return; + xoff_cell_clear(obj); + trunnel_memwipe(obj, sizeof(xoff_cell_t)); + trunnel_free_(obj); +} + +uint8_t +xoff_cell_get_version(const xoff_cell_t *inp) +{ + return inp->version; +} +int +xoff_cell_set_version(xoff_cell_t *inp, uint8_t val) +{ + if (! ((val == 0))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +const char * +xoff_cell_check(const xoff_cell_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 0)) + return "Integer out of bounds"; + return NULL; +} + +ssize_t +xoff_cell_encoded_len(const xoff_cell_t *obj) +{ + ssize_t result = 0; + + if (NULL != xoff_cell_check(obj)) + return -1; + + + /* Length of u8 version IN [0] */ + result += 1; + return result; +} +int +xoff_cell_clear_errors(xoff_cell_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +xoff_cell_encode(uint8_t *output, const size_t avail, const xoff_cell_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = xoff_cell_encoded_len(obj); +#endif + + if (NULL != (msg = xoff_cell_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [0] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As xoff_cell_parse(), but do not allocate the output object. + */ +static ssize_t +xoff_cell_parse_into(xoff_cell_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [0] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 0)) + goto fail; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +xoff_cell_parse(xoff_cell_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = xoff_cell_new(); + if (NULL == *output) + return -1; + result = xoff_cell_parse_into(*output, input, len_in); + if (result < 0) { + xoff_cell_free(*output); + *output = NULL; + } + return result; +} +xon_cell_t * +xon_cell_new(void) +{ + xon_cell_t *val = trunnel_calloc(1, sizeof(xon_cell_t)); + if (NULL == val) + return NULL; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +xon_cell_clear(xon_cell_t *obj) +{ + (void) obj; +} + +void +xon_cell_free(xon_cell_t *obj) +{ + if (obj == NULL) + return; + xon_cell_clear(obj); + trunnel_memwipe(obj, sizeof(xon_cell_t)); + trunnel_free_(obj); +} + +uint8_t +xon_cell_get_version(const xon_cell_t *inp) +{ + return inp->version; +} +int +xon_cell_set_version(xon_cell_t *inp, uint8_t val) +{ + if (! ((val == 0))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint32_t +xon_cell_get_kbps_ewma(const xon_cell_t *inp) +{ + return inp->kbps_ewma; +} +int +xon_cell_set_kbps_ewma(xon_cell_t *inp, uint32_t val) +{ + inp->kbps_ewma = val; + return 0; +} +const char * +xon_cell_check(const xon_cell_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 0)) + return "Integer out of bounds"; + return NULL; +} + +ssize_t +xon_cell_encoded_len(const xon_cell_t *obj) +{ + ssize_t result = 0; + + if (NULL != xon_cell_check(obj)) + return -1; + + + /* Length of u8 version IN [0] */ + result += 1; + + /* Length of u32 kbps_ewma */ + result += 4; + return result; +} +int +xon_cell_clear_errors(xon_cell_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +xon_cell_encode(uint8_t *output, const size_t avail, const xon_cell_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = xon_cell_encoded_len(obj); +#endif + + if (NULL != (msg = xon_cell_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [0] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u32 kbps_ewma */ + trunnel_assert(written <= avail); + if (avail - written < 4) + goto truncated; + trunnel_set_uint32(ptr, trunnel_htonl(obj->kbps_ewma)); + written += 4; ptr += 4; + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As xon_cell_parse(), but do not allocate the output object. + */ +static ssize_t +xon_cell_parse_into(xon_cell_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [0] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 0)) + goto fail; + + /* Parse u32 kbps_ewma */ + CHECK_REMAINING(4, truncated); + obj->kbps_ewma = trunnel_ntohl(trunnel_get_uint32(ptr)); + remaining -= 4; ptr += 4; + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +xon_cell_parse(xon_cell_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = xon_cell_new(); + if (NULL == *output) + return -1; + result = xon_cell_parse_into(*output, input, len_in); + if (result < 0) { + xon_cell_free(*output); + *output = NULL; + } + return result; +} diff --git a/src/trunnel/flow_control_cells.h b/src/trunnel/flow_control_cells.h new file mode 100644 index 0000000000..b8108b9a24 --- /dev/null +++ b/src/trunnel/flow_control_cells.h @@ -0,0 +1,120 @@ +/* flow_control_cells.h -- generated by Trunnel v1.5.3. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#ifndef TRUNNEL_FLOW_CONTROL_CELLS_H +#define TRUNNEL_FLOW_CONTROL_CELLS_H + +#include <stdint.h> +#include "trunnel.h" + +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_XOFF_CELL) +struct xoff_cell_st { + uint8_t version; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct xoff_cell_st xoff_cell_t; +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_XON_CELL) +struct xon_cell_st { + uint8_t version; + uint32_t kbps_ewma; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct xon_cell_st xon_cell_t; +/** Return a newly allocated xoff_cell with all elements set to zero. + */ +xoff_cell_t *xoff_cell_new(void); +/** Release all storage held by the xoff_cell in 'victim'. (Do nothing + * if 'victim' is NULL.) + */ +void xoff_cell_free(xoff_cell_t *victim); +/** Try to parse a xoff_cell from the buffer in 'input', using up to + * 'len_in' bytes from the input buffer. On success, return the number + * of bytes consumed and set *output to the newly allocated + * xoff_cell_t. On failure, return -2 if the input appears truncated, + * and -1 if the input is otherwise invalid. + */ +ssize_t xoff_cell_parse(xoff_cell_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * xoff_cell in 'obj'. On failure, return a negative value. Note that + * this value may be an overestimate, and can even be an underestimate + * for certain unencodeable objects. + */ +ssize_t xoff_cell_encoded_len(const xoff_cell_t *obj); +/** Try to encode the xoff_cell from 'input' into the buffer at + * 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t xoff_cell_encode(uint8_t *output, size_t avail, const xoff_cell_t *input); +/** Check whether the internal state of the xoff_cell in 'obj' is + * consistent. Return NULL if it is, and a short message if it is not. + */ +const char *xoff_cell_check(const xoff_cell_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int xoff_cell_clear_errors(xoff_cell_t *obj); +/** Return the value of the version field of the xoff_cell_t in 'inp' + */ +uint8_t xoff_cell_get_version(const xoff_cell_t *inp); +/** Set the value of the version field of the xoff_cell_t in 'inp' to + * 'val'. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int xoff_cell_set_version(xoff_cell_t *inp, uint8_t val); +/** Return a newly allocated xon_cell with all elements set to zero. + */ +xon_cell_t *xon_cell_new(void); +/** Release all storage held by the xon_cell in 'victim'. (Do nothing + * if 'victim' is NULL.) + */ +void xon_cell_free(xon_cell_t *victim); +/** Try to parse a xon_cell from the buffer in 'input', using up to + * 'len_in' bytes from the input buffer. On success, return the number + * of bytes consumed and set *output to the newly allocated + * xon_cell_t. On failure, return -2 if the input appears truncated, + * and -1 if the input is otherwise invalid. + */ +ssize_t xon_cell_parse(xon_cell_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * xon_cell in 'obj'. On failure, return a negative value. Note that + * this value may be an overestimate, and can even be an underestimate + * for certain unencodeable objects. + */ +ssize_t xon_cell_encoded_len(const xon_cell_t *obj); +/** Try to encode the xon_cell from 'input' into the buffer at + * 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t xon_cell_encode(uint8_t *output, size_t avail, const xon_cell_t *input); +/** Check whether the internal state of the xon_cell in 'obj' is + * consistent. Return NULL if it is, and a short message if it is not. + */ +const char *xon_cell_check(const xon_cell_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int xon_cell_clear_errors(xon_cell_t *obj); +/** Return the value of the version field of the xon_cell_t in 'inp' + */ +uint8_t xon_cell_get_version(const xon_cell_t *inp); +/** Set the value of the version field of the xon_cell_t in 'inp' to + * 'val'. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int xon_cell_set_version(xon_cell_t *inp, uint8_t val); +/** Return the value of the kbps_ewma field of the xon_cell_t in 'inp' + */ +uint32_t xon_cell_get_kbps_ewma(const xon_cell_t *inp); +/** Set the value of the kbps_ewma field of the xon_cell_t in 'inp' to + * 'val'. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int xon_cell_set_kbps_ewma(xon_cell_t *inp, uint32_t val); + + +#endif diff --git a/src/trunnel/flow_control_cells.trunnel b/src/trunnel/flow_control_cells.trunnel new file mode 100644 index 0000000000..9d07b568a9 --- /dev/null +++ b/src/trunnel/flow_control_cells.trunnel @@ -0,0 +1,20 @@ +/* This file contains the xon and xoff cell definitions, for flow control. */ + +/* xoff cell definition. Tells the other endpoint to stop sending, because + * we have too much data queued for this stream. */ +struct xoff_cell { + /* Version field. */ + u8 version IN [0x00]; +} + +/* xon cell declaration. Tells the other endpoint to resume sending and/or + * update its sending rate on this stream based on advisory information. */ +struct xon_cell { + /* Version field. */ + u8 version IN [0x00]; + + /* Advisory field: The ewma rate of socket drain we have seen so far + * on this stream, in kilobytes/sec (1000 bytes/sec). May be zero, + * which means no rate advice. */ + u32 kbps_ewma; +} diff --git a/src/trunnel/hs/cell_common.h b/src/trunnel/hs/cell_common.h deleted file mode 100644 index beb65e015f..0000000000 --- a/src/trunnel/hs/cell_common.h +++ /dev/null @@ -1,203 +0,0 @@ -/* cell_common.h -- generated by Trunnel v1.5.3. - * https://gitweb.torproject.org/trunnel.git - * You probably shouldn't edit this file. - */ -#ifndef TRUNNEL_CELL_COMMON_H -#define TRUNNEL_CELL_COMMON_H - -#include <stdint.h> -#include "trunnel.h" - -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_CELL_EXTENSION_FIELD) -struct trn_cell_extension_field_st { - uint8_t field_type; - uint8_t field_len; - TRUNNEL_DYNARRAY_HEAD(, uint8_t) field; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct trn_cell_extension_field_st trn_cell_extension_field_t; -#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_CELL_EXTENSION) -struct trn_cell_extension_st { - uint8_t num; - TRUNNEL_DYNARRAY_HEAD(, struct trn_cell_extension_field_st *) fields; - uint8_t trunnel_error_code_; -}; -#endif -typedef struct trn_cell_extension_st trn_cell_extension_t; -/** Return a newly allocated trn_cell_extension_field with all - * elements set to zero. - */ -trn_cell_extension_field_t *trn_cell_extension_field_new(void); -/** Release all storage held by the trn_cell_extension_field in - * 'victim'. (Do nothing if 'victim' is NULL.) - */ -void trn_cell_extension_field_free(trn_cell_extension_field_t *victim); -/** Try to parse a trn_cell_extension_field from the buffer in - * 'input', using up to 'len_in' bytes from the input buffer. On - * success, return the number of bytes consumed and set *output to the - * newly allocated trn_cell_extension_field_t. On failure, return -2 - * if the input appears truncated, and -1 if the input is otherwise - * invalid. - */ -ssize_t trn_cell_extension_field_parse(trn_cell_extension_field_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * trn_cell_extension_field in 'obj'. On failure, return a negative - * value. Note that this value may be an overestimate, and can even be - * an underestimate for certain unencodeable objects. - */ -ssize_t trn_cell_extension_field_encoded_len(const trn_cell_extension_field_t *obj); -/** Try to encode the trn_cell_extension_field from 'input' into the - * buffer at 'output', using up to 'avail' bytes of the output buffer. - * On success, return the number of bytes used. On failure, return -2 - * if the buffer was not long enough, and -1 if the input was invalid. - */ -ssize_t trn_cell_extension_field_encode(uint8_t *output, size_t avail, const trn_cell_extension_field_t *input); -/** Check whether the internal state of the trn_cell_extension_field - * in 'obj' is consistent. Return NULL if it is, and a short message - * if it is not. - */ -const char *trn_cell_extension_field_check(const trn_cell_extension_field_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int trn_cell_extension_field_clear_errors(trn_cell_extension_field_t *obj); -/** Return the value of the field_type field of the - * trn_cell_extension_field_t in 'inp' - */ -uint8_t trn_cell_extension_field_get_field_type(const trn_cell_extension_field_t *inp); -/** Set the value of the field_type field of the - * trn_cell_extension_field_t in 'inp' to 'val'. Return 0 on success; - * return -1 and set the error code on 'inp' on failure. - */ -int trn_cell_extension_field_set_field_type(trn_cell_extension_field_t *inp, uint8_t val); -/** Return the value of the field_len field of the - * trn_cell_extension_field_t in 'inp' - */ -uint8_t trn_cell_extension_field_get_field_len(const trn_cell_extension_field_t *inp); -/** Set the value of the field_len field of the - * trn_cell_extension_field_t in 'inp' to 'val'. Return 0 on success; - * return -1 and set the error code on 'inp' on failure. - */ -int trn_cell_extension_field_set_field_len(trn_cell_extension_field_t *inp, uint8_t val); -/** Return the length of the dynamic array holding the field field of - * the trn_cell_extension_field_t in 'inp'. - */ -size_t trn_cell_extension_field_getlen_field(const trn_cell_extension_field_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * field of the trn_cell_extension_field_t in 'inp'. - */ -uint8_t trn_cell_extension_field_get_field(trn_cell_extension_field_t *inp, size_t idx); -/** As trn_cell_extension_field_get_field, but take and return a const - * pointer - */ -uint8_t trn_cell_extension_field_getconst_field(const trn_cell_extension_field_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * field of the trn_cell_extension_field_t in 'inp', so that it will - * hold the value 'elt'. - */ -int trn_cell_extension_field_set_field(trn_cell_extension_field_t *inp, size_t idx, uint8_t elt); -/** Append a new element 'elt' to the dynamic array field field of the - * trn_cell_extension_field_t in 'inp'. - */ -int trn_cell_extension_field_add_field(trn_cell_extension_field_t *inp, uint8_t elt); -/** Return a pointer to the variable-length array field field of - * 'inp'. - */ -uint8_t * trn_cell_extension_field_getarray_field(trn_cell_extension_field_t *inp); -/** As trn_cell_extension_field_get_field, but take and return a const - * pointer - */ -const uint8_t * trn_cell_extension_field_getconstarray_field(const trn_cell_extension_field_t *inp); -/** Change the length of the variable-length array field field of - * 'inp' to 'newlen'.Fill extra elements with 0. Return 0 on success; - * return -1 and set the error code on 'inp' on failure. - */ -int trn_cell_extension_field_setlen_field(trn_cell_extension_field_t *inp, size_t newlen); -/** Return a newly allocated trn_cell_extension with all elements set - * to zero. - */ -trn_cell_extension_t *trn_cell_extension_new(void); -/** Release all storage held by the trn_cell_extension in 'victim'. - * (Do nothing if 'victim' is NULL.) - */ -void trn_cell_extension_free(trn_cell_extension_t *victim); -/** Try to parse a trn_cell_extension from the buffer in 'input', - * using up to 'len_in' bytes from the input buffer. On success, - * return the number of bytes consumed and set *output to the newly - * allocated trn_cell_extension_t. On failure, return -2 if the input - * appears truncated, and -1 if the input is otherwise invalid. - */ -ssize_t trn_cell_extension_parse(trn_cell_extension_t **output, const uint8_t *input, const size_t len_in); -/** Return the number of bytes we expect to need to encode the - * trn_cell_extension in 'obj'. On failure, return a negative value. - * Note that this value may be an overestimate, and can even be an - * underestimate for certain unencodeable objects. - */ -ssize_t trn_cell_extension_encoded_len(const trn_cell_extension_t *obj); -/** Try to encode the trn_cell_extension from 'input' into the buffer - * at 'output', using up to 'avail' bytes of the output buffer. On - * success, return the number of bytes used. On failure, return -2 if - * the buffer was not long enough, and -1 if the input was invalid. - */ -ssize_t trn_cell_extension_encode(uint8_t *output, size_t avail, const trn_cell_extension_t *input); -/** Check whether the internal state of the trn_cell_extension in - * 'obj' is consistent. Return NULL if it is, and a short message if - * it is not. - */ -const char *trn_cell_extension_check(const trn_cell_extension_t *obj); -/** Clear any errors that were set on the object 'obj' by its setter - * functions. Return true iff errors were cleared. - */ -int trn_cell_extension_clear_errors(trn_cell_extension_t *obj); -/** Return the value of the num field of the trn_cell_extension_t in - * 'inp' - */ -uint8_t trn_cell_extension_get_num(const trn_cell_extension_t *inp); -/** Set the value of the num field of the trn_cell_extension_t in - * 'inp' to 'val'. Return 0 on success; return -1 and set the error - * code on 'inp' on failure. - */ -int trn_cell_extension_set_num(trn_cell_extension_t *inp, uint8_t val); -/** Return the length of the dynamic array holding the fields field of - * the trn_cell_extension_t in 'inp'. - */ -size_t trn_cell_extension_getlen_fields(const trn_cell_extension_t *inp); -/** Return the element at position 'idx' of the dynamic array field - * fields of the trn_cell_extension_t in 'inp'. - */ -struct trn_cell_extension_field_st * trn_cell_extension_get_fields(trn_cell_extension_t *inp, size_t idx); -/** As trn_cell_extension_get_fields, but take and return a const - * pointer - */ - const struct trn_cell_extension_field_st * trn_cell_extension_getconst_fields(const trn_cell_extension_t *inp, size_t idx); -/** Change the element at position 'idx' of the dynamic array field - * fields of the trn_cell_extension_t in 'inp', so that it will hold - * the value 'elt'. Free the previous value, if any. - */ -int trn_cell_extension_set_fields(trn_cell_extension_t *inp, size_t idx, struct trn_cell_extension_field_st * elt); -/** As trn_cell_extension_set_fields, but does not free the previous - * value. - */ -int trn_cell_extension_set0_fields(trn_cell_extension_t *inp, size_t idx, struct trn_cell_extension_field_st * elt); -/** Append a new element 'elt' to the dynamic array field fields of - * the trn_cell_extension_t in 'inp'. - */ -int trn_cell_extension_add_fields(trn_cell_extension_t *inp, struct trn_cell_extension_field_st * elt); -/** Return a pointer to the variable-length array field fields of - * 'inp'. - */ -struct trn_cell_extension_field_st * * trn_cell_extension_getarray_fields(trn_cell_extension_t *inp); -/** As trn_cell_extension_get_fields, but take and return a const - * pointer - */ -const struct trn_cell_extension_field_st * const * trn_cell_extension_getconstarray_fields(const trn_cell_extension_t *inp); -/** Change the length of the variable-length array field fields of - * 'inp' to 'newlen'.Fill extra elements with NULL; free removed - * elements. Return 0 on success; return -1 and set the error code on - * 'inp' on failure. - */ -int trn_cell_extension_setlen_fields(trn_cell_extension_t *inp, size_t newlen); - - -#endif diff --git a/src/trunnel/hs/cell_common.trunnel b/src/trunnel/hs/cell_common.trunnel deleted file mode 100644 index 7e99cbfa66..0000000000 --- a/src/trunnel/hs/cell_common.trunnel +++ /dev/null @@ -1,12 +0,0 @@ -/* This file contains common data structure that cells use. */ - -struct trn_cell_extension_field { - u8 field_type; - u8 field_len; - u8 field[field_len]; -}; - -struct trn_cell_extension { - u8 num; - struct trn_cell_extension_field fields[num]; -}; diff --git a/src/trunnel/hs/cell_establish_intro.c b/src/trunnel/hs/cell_establish_intro.c index f31404c55f..0f561b121b 100644 --- a/src/trunnel/hs/cell_establish_intro.c +++ b/src/trunnel/hs/cell_establish_intro.c @@ -28,14 +28,14 @@ int cellestablishintro_deadcode_dummy__ = 0; } \ } while (0) -typedef struct trn_cell_extension_st trn_cell_extension_t; -trn_cell_extension_t *trn_cell_extension_new(void); -void trn_cell_extension_free(trn_cell_extension_t *victim); -ssize_t trn_cell_extension_parse(trn_cell_extension_t **output, const uint8_t *input, const size_t len_in); -ssize_t trn_cell_extension_encoded_len(const trn_cell_extension_t *obj); -ssize_t trn_cell_extension_encode(uint8_t *output, size_t avail, const trn_cell_extension_t *input); -const char *trn_cell_extension_check(const trn_cell_extension_t *obj); -int trn_cell_extension_clear_errors(trn_cell_extension_t *obj); +typedef struct trn_extension_st trn_extension_t; +trn_extension_t *trn_extension_new(void); +void trn_extension_free(trn_extension_t *victim); +ssize_t trn_extension_parse(trn_extension_t **output, const uint8_t *input, const size_t len_in); +ssize_t trn_extension_encoded_len(const trn_extension_t *obj); +ssize_t trn_extension_encode(uint8_t *output, size_t avail, const trn_extension_t *input); +const char *trn_extension_check(const trn_extension_t *obj); +int trn_extension_clear_errors(trn_extension_t *obj); trn_cell_extension_dos_param_t * trn_cell_extension_dos_param_new(void) { @@ -232,7 +232,7 @@ trn_cell_establish_intro_clear(trn_cell_establish_intro_t *obj) (void) obj; TRUNNEL_DYNARRAY_WIPE(&obj->auth_key); TRUNNEL_DYNARRAY_CLEAR(&obj->auth_key); - trn_cell_extension_free(obj->extensions); + trn_extension_free(obj->extensions); obj->extensions = NULL; TRUNNEL_DYNARRAY_WIPE(&obj->sig); TRUNNEL_DYNARRAY_CLEAR(&obj->sig); @@ -346,25 +346,25 @@ trn_cell_establish_intro_setlen_auth_key(trn_cell_establish_intro_t *inp, size_t TRUNNEL_SET_ERROR_CODE(inp); return -1; } -struct trn_cell_extension_st * +struct trn_extension_st * trn_cell_establish_intro_get_extensions(trn_cell_establish_intro_t *inp) { return inp->extensions; } -const struct trn_cell_extension_st * +const struct trn_extension_st * trn_cell_establish_intro_getconst_extensions(const trn_cell_establish_intro_t *inp) { return trn_cell_establish_intro_get_extensions((trn_cell_establish_intro_t*) inp); } int -trn_cell_establish_intro_set_extensions(trn_cell_establish_intro_t *inp, struct trn_cell_extension_st *val) +trn_cell_establish_intro_set_extensions(trn_cell_establish_intro_t *inp, struct trn_extension_st *val) { if (inp->extensions && inp->extensions != val) - trn_cell_extension_free(inp->extensions); + trn_extension_free(inp->extensions); return trn_cell_establish_intro_set0_extensions(inp, val); } int -trn_cell_establish_intro_set0_extensions(trn_cell_establish_intro_t *inp, struct trn_cell_extension_st *val) +trn_cell_establish_intro_set0_extensions(trn_cell_establish_intro_t *inp, struct trn_extension_st *val) { inp->extensions = val; return 0; @@ -506,7 +506,7 @@ trn_cell_establish_intro_check(const trn_cell_establish_intro_t *obj) return "Length mismatch for auth_key"; { const char *msg; - if (NULL != (msg = trn_cell_extension_check(obj->extensions))) + if (NULL != (msg = trn_extension_check(obj->extensions))) return msg; } if (TRUNNEL_DYNARRAY_LEN(&obj->sig) != obj->sig_len) @@ -532,8 +532,8 @@ trn_cell_establish_intro_encoded_len(const trn_cell_establish_intro_t *obj) /* Length of u8 auth_key[auth_key_len] */ result += TRUNNEL_DYNARRAY_LEN(&obj->auth_key); - /* Length of struct trn_cell_extension extensions */ - result += trn_cell_extension_encoded_len(obj->extensions); + /* Length of struct trn_extension extensions */ + result += trn_extension_encoded_len(obj->extensions); /* Length of u8 handshake_mac[TRUNNEL_SHA3_256_LEN] */ result += TRUNNEL_SHA3_256_LEN; @@ -596,9 +596,9 @@ trn_cell_establish_intro_encode(uint8_t *output, const size_t avail, const trn_c written += elt_len; ptr += elt_len; } - /* Encode struct trn_cell_extension extensions */ + /* Encode struct trn_extension extensions */ trunnel_assert(written <= avail); - result = trn_cell_extension_encode(ptr, avail - written, obj->extensions); + result = trn_extension_encode(ptr, avail - written, obj->extensions); if (result < 0) goto fail; /* XXXXXXX !*/ written += result; ptr += result; @@ -685,8 +685,8 @@ trn_cell_establish_intro_parse_into(trn_cell_establish_intro_t *obj, const uint8 memcpy(obj->auth_key.elts_, ptr, obj->auth_key_len); ptr += obj->auth_key_len; remaining -= obj->auth_key_len; - /* Parse struct trn_cell_extension extensions */ - result = trn_cell_extension_parse(&obj->extensions, ptr, remaining); + /* Parse struct trn_extension extensions */ + result = trn_extension_parse(&obj->extensions, ptr, remaining); if (result < 0) goto relay_fail; trunnel_assert((size_t)result <= remaining); @@ -1045,7 +1045,7 @@ static void trn_cell_intro_established_clear(trn_cell_intro_established_t *obj) { (void) obj; - trn_cell_extension_free(obj->extensions); + trn_extension_free(obj->extensions); obj->extensions = NULL; } @@ -1059,25 +1059,25 @@ trn_cell_intro_established_free(trn_cell_intro_established_t *obj) trunnel_free_(obj); } -struct trn_cell_extension_st * +struct trn_extension_st * trn_cell_intro_established_get_extensions(trn_cell_intro_established_t *inp) { return inp->extensions; } -const struct trn_cell_extension_st * +const struct trn_extension_st * trn_cell_intro_established_getconst_extensions(const trn_cell_intro_established_t *inp) { return trn_cell_intro_established_get_extensions((trn_cell_intro_established_t*) inp); } int -trn_cell_intro_established_set_extensions(trn_cell_intro_established_t *inp, struct trn_cell_extension_st *val) +trn_cell_intro_established_set_extensions(trn_cell_intro_established_t *inp, struct trn_extension_st *val) { if (inp->extensions && inp->extensions != val) - trn_cell_extension_free(inp->extensions); + trn_extension_free(inp->extensions); return trn_cell_intro_established_set0_extensions(inp, val); } int -trn_cell_intro_established_set0_extensions(trn_cell_intro_established_t *inp, struct trn_cell_extension_st *val) +trn_cell_intro_established_set0_extensions(trn_cell_intro_established_t *inp, struct trn_extension_st *val) { inp->extensions = val; return 0; @@ -1091,7 +1091,7 @@ trn_cell_intro_established_check(const trn_cell_intro_established_t *obj) return "A set function failed on this object"; { const char *msg; - if (NULL != (msg = trn_cell_extension_check(obj->extensions))) + if (NULL != (msg = trn_extension_check(obj->extensions))) return msg; } return NULL; @@ -1106,8 +1106,8 @@ trn_cell_intro_established_encoded_len(const trn_cell_intro_established_t *obj) return -1; - /* Length of struct trn_cell_extension extensions */ - result += trn_cell_extension_encoded_len(obj->extensions); + /* Length of struct trn_extension extensions */ + result += trn_extension_encoded_len(obj->extensions); return result; } int @@ -1135,9 +1135,9 @@ trn_cell_intro_established_encode(uint8_t *output, const size_t avail, const trn trunnel_assert(encoded_len >= 0); #endif - /* Encode struct trn_cell_extension extensions */ + /* Encode struct trn_extension extensions */ trunnel_assert(written <= avail); - result = trn_cell_extension_encode(ptr, avail - written, obj->extensions); + result = trn_extension_encode(ptr, avail - written, obj->extensions); if (result < 0) goto fail; /* XXXXXXX !*/ written += result; ptr += result; @@ -1174,8 +1174,8 @@ trn_cell_intro_established_parse_into(trn_cell_intro_established_t *obj, const u ssize_t result = 0; (void)result; - /* Parse struct trn_cell_extension extensions */ - result = trn_cell_extension_parse(&obj->extensions, ptr, remaining); + /* Parse struct trn_extension extensions */ + result = trn_extension_parse(&obj->extensions, ptr, remaining); if (result < 0) goto relay_fail; trunnel_assert((size_t)result <= remaining); diff --git a/src/trunnel/hs/cell_establish_intro.h b/src/trunnel/hs/cell_establish_intro.h index 1924d9cab6..8be1531ed1 100644 --- a/src/trunnel/hs/cell_establish_intro.h +++ b/src/trunnel/hs/cell_establish_intro.h @@ -8,7 +8,7 @@ #include <stdint.h> #include "trunnel.h" -struct trn_cell_extension_st; +struct trn_extension_st; #define TRUNNEL_SHA3_256_LEN 32 #define TRUNNEL_CELL_EXTENSION_TYPE_DOS 1 #define TRUNNEL_DOS_PARAM_TYPE_INTRO2_RATE_PER_SEC 1 @@ -27,7 +27,7 @@ struct trn_cell_establish_intro_st { uint8_t auth_key_type; uint16_t auth_key_len; TRUNNEL_DYNARRAY_HEAD(, uint8_t) auth_key; - struct trn_cell_extension_st *extensions; + struct trn_extension_st *extensions; const uint8_t *end_mac_fields; uint8_t handshake_mac[TRUNNEL_SHA3_256_LEN]; const uint8_t *end_sig_fields; @@ -47,7 +47,7 @@ struct trn_cell_extension_dos_st { typedef struct trn_cell_extension_dos_st trn_cell_extension_dos_t; #if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_CELL_INTRO_ESTABLISHED) struct trn_cell_intro_established_st { - struct trn_cell_extension_st *extensions; + struct trn_extension_st *extensions; uint8_t trunnel_error_code_; }; #endif @@ -203,21 +203,21 @@ int trn_cell_establish_intro_setlen_auth_key(trn_cell_establish_intro_t *inp, si /** Return the value of the extensions field of the * trn_cell_establish_intro_t in 'inp' */ -struct trn_cell_extension_st * trn_cell_establish_intro_get_extensions(trn_cell_establish_intro_t *inp); +struct trn_extension_st * trn_cell_establish_intro_get_extensions(trn_cell_establish_intro_t *inp); /** As trn_cell_establish_intro_get_extensions, but take and return a * const pointer */ -const struct trn_cell_extension_st * trn_cell_establish_intro_getconst_extensions(const trn_cell_establish_intro_t *inp); +const struct trn_extension_st * trn_cell_establish_intro_getconst_extensions(const trn_cell_establish_intro_t *inp); /** Set the value of the extensions field of the * trn_cell_establish_intro_t in 'inp' to 'val'. Free the old value if * any. Steals the referenceto 'val'.Return 0 on success; return -1 * and set the error code on 'inp' on failure. */ -int trn_cell_establish_intro_set_extensions(trn_cell_establish_intro_t *inp, struct trn_cell_extension_st *val); +int trn_cell_establish_intro_set_extensions(trn_cell_establish_intro_t *inp, struct trn_extension_st *val); /** As trn_cell_establish_intro_set_extensions, but does not free the * previous value. */ -int trn_cell_establish_intro_set0_extensions(trn_cell_establish_intro_t *inp, struct trn_cell_extension_st *val); +int trn_cell_establish_intro_set0_extensions(trn_cell_establish_intro_t *inp, struct trn_extension_st *val); /** Return the position for end_mac_fields when we parsed this object */ const uint8_t * trn_cell_establish_intro_get_end_mac_fields(const trn_cell_establish_intro_t *inp); @@ -415,21 +415,21 @@ int trn_cell_intro_established_clear_errors(trn_cell_intro_established_t *obj); /** Return the value of the extensions field of the * trn_cell_intro_established_t in 'inp' */ -struct trn_cell_extension_st * trn_cell_intro_established_get_extensions(trn_cell_intro_established_t *inp); +struct trn_extension_st * trn_cell_intro_established_get_extensions(trn_cell_intro_established_t *inp); /** As trn_cell_intro_established_get_extensions, but take and return * a const pointer */ -const struct trn_cell_extension_st * trn_cell_intro_established_getconst_extensions(const trn_cell_intro_established_t *inp); +const struct trn_extension_st * trn_cell_intro_established_getconst_extensions(const trn_cell_intro_established_t *inp); /** Set the value of the extensions field of the * trn_cell_intro_established_t in 'inp' to 'val'. Free the old value * if any. Steals the referenceto 'val'.Return 0 on success; return -1 * and set the error code on 'inp' on failure. */ -int trn_cell_intro_established_set_extensions(trn_cell_intro_established_t *inp, struct trn_cell_extension_st *val); +int trn_cell_intro_established_set_extensions(trn_cell_intro_established_t *inp, struct trn_extension_st *val); /** As trn_cell_intro_established_set_extensions, but does not free * the previous value. */ -int trn_cell_intro_established_set0_extensions(trn_cell_intro_established_t *inp, struct trn_cell_extension_st *val); +int trn_cell_intro_established_set0_extensions(trn_cell_intro_established_t *inp, struct trn_extension_st *val); #endif diff --git a/src/trunnel/hs/cell_establish_intro.trunnel b/src/trunnel/hs/cell_establish_intro.trunnel index e30938f6c2..b33f8c1c93 100644 --- a/src/trunnel/hs/cell_establish_intro.trunnel +++ b/src/trunnel/hs/cell_establish_intro.trunnel @@ -4,7 +4,7 @@ * specified in proposal 224 section 3.1. */ -extern struct trn_cell_extension; +extern struct trn_extension; const TRUNNEL_SHA3_256_LEN = 32; @@ -19,7 +19,7 @@ struct trn_cell_establish_intro { u8 auth_key[auth_key_len]; /* Extension(s). Reserved fields. */ - struct trn_cell_extension extensions; + struct trn_extension extensions; @ptr end_mac_fields; /* Handshake MAC. */ @@ -37,7 +37,7 @@ struct trn_cell_establish_intro { * to version >= 3. */ struct trn_cell_intro_established { /* Extension(s). Reserved fields. */ - struct trn_cell_extension extensions; + struct trn_extension extensions; }; /* diff --git a/src/trunnel/hs/cell_introduce1.c b/src/trunnel/hs/cell_introduce1.c index 016c9fa8d6..a6873b4199 100644 --- a/src/trunnel/hs/cell_introduce1.c +++ b/src/trunnel/hs/cell_introduce1.c @@ -28,14 +28,14 @@ int cellintroduce_deadcode_dummy__ = 0; } \ } while (0) -typedef struct trn_cell_extension_st trn_cell_extension_t; -trn_cell_extension_t *trn_cell_extension_new(void); -void trn_cell_extension_free(trn_cell_extension_t *victim); -ssize_t trn_cell_extension_parse(trn_cell_extension_t **output, const uint8_t *input, const size_t len_in); -ssize_t trn_cell_extension_encoded_len(const trn_cell_extension_t *obj); -ssize_t trn_cell_extension_encode(uint8_t *output, size_t avail, const trn_cell_extension_t *input); -const char *trn_cell_extension_check(const trn_cell_extension_t *obj); -int trn_cell_extension_clear_errors(trn_cell_extension_t *obj); +typedef struct trn_extension_st trn_extension_t; +trn_extension_t *trn_extension_new(void); +void trn_extension_free(trn_extension_t *victim); +ssize_t trn_extension_parse(trn_extension_t **output, const uint8_t *input, const size_t len_in); +ssize_t trn_extension_encoded_len(const trn_extension_t *obj); +ssize_t trn_extension_encode(uint8_t *output, size_t avail, const trn_extension_t *input); +const char *trn_extension_check(const trn_extension_t *obj); +int trn_extension_clear_errors(trn_extension_t *obj); typedef struct link_specifier_st link_specifier_t; link_specifier_t *link_specifier_new(void); void link_specifier_free(link_specifier_t *victim); @@ -62,7 +62,7 @@ trn_cell_introduce1_clear(trn_cell_introduce1_t *obj) (void) obj; TRUNNEL_DYNARRAY_WIPE(&obj->auth_key); TRUNNEL_DYNARRAY_CLEAR(&obj->auth_key); - trn_cell_extension_free(obj->extensions); + trn_extension_free(obj->extensions); obj->extensions = NULL; TRUNNEL_DYNARRAY_WIPE(&obj->encrypted); TRUNNEL_DYNARRAY_CLEAR(&obj->encrypted); @@ -207,25 +207,25 @@ trn_cell_introduce1_setlen_auth_key(trn_cell_introduce1_t *inp, size_t newlen) TRUNNEL_SET_ERROR_CODE(inp); return -1; } -struct trn_cell_extension_st * +struct trn_extension_st * trn_cell_introduce1_get_extensions(trn_cell_introduce1_t *inp) { return inp->extensions; } -const struct trn_cell_extension_st * +const struct trn_extension_st * trn_cell_introduce1_getconst_extensions(const trn_cell_introduce1_t *inp) { return trn_cell_introduce1_get_extensions((trn_cell_introduce1_t*) inp); } int -trn_cell_introduce1_set_extensions(trn_cell_introduce1_t *inp, struct trn_cell_extension_st *val) +trn_cell_introduce1_set_extensions(trn_cell_introduce1_t *inp, struct trn_extension_st *val) { if (inp->extensions && inp->extensions != val) - trn_cell_extension_free(inp->extensions); + trn_extension_free(inp->extensions); return trn_cell_introduce1_set0_extensions(inp, val); } int -trn_cell_introduce1_set0_extensions(trn_cell_introduce1_t *inp, struct trn_cell_extension_st *val) +trn_cell_introduce1_set0_extensions(trn_cell_introduce1_t *inp, struct trn_extension_st *val) { inp->extensions = val; return 0; @@ -302,7 +302,7 @@ trn_cell_introduce1_check(const trn_cell_introduce1_t *obj) return "Length mismatch for auth_key"; { const char *msg; - if (NULL != (msg = trn_cell_extension_check(obj->extensions))) + if (NULL != (msg = trn_extension_check(obj->extensions))) return msg; } return NULL; @@ -329,8 +329,8 @@ trn_cell_introduce1_encoded_len(const trn_cell_introduce1_t *obj) /* Length of u8 auth_key[auth_key_len] */ result += TRUNNEL_DYNARRAY_LEN(&obj->auth_key); - /* Length of struct trn_cell_extension extensions */ - result += trn_cell_extension_encoded_len(obj->extensions); + /* Length of struct trn_extension extensions */ + result += trn_extension_encoded_len(obj->extensions); /* Length of u8 encrypted[] */ result += TRUNNEL_DYNARRAY_LEN(&obj->encrypted); @@ -394,9 +394,9 @@ trn_cell_introduce1_encode(uint8_t *output, const size_t avail, const trn_cell_i written += elt_len; ptr += elt_len; } - /* Encode struct trn_cell_extension extensions */ + /* Encode struct trn_extension extensions */ trunnel_assert(written <= avail); - result = trn_cell_extension_encode(ptr, avail - written, obj->extensions); + result = trn_extension_encode(ptr, avail - written, obj->extensions); if (result < 0) goto fail; /* XXXXXXX !*/ written += result; ptr += result; @@ -472,8 +472,8 @@ trn_cell_introduce1_parse_into(trn_cell_introduce1_t *obj, const uint8_t *input, memcpy(obj->auth_key.elts_, ptr, obj->auth_key_len); ptr += obj->auth_key_len; remaining -= obj->auth_key_len; - /* Parse struct trn_cell_extension extensions */ - result = trn_cell_extension_parse(&obj->extensions, ptr, remaining); + /* Parse struct trn_extension extensions */ + result = trn_extension_parse(&obj->extensions, ptr, remaining); if (result < 0) goto relay_fail; trunnel_assert((size_t)result <= remaining); @@ -529,7 +529,7 @@ static void trn_cell_introduce_ack_clear(trn_cell_introduce_ack_t *obj) { (void) obj; - trn_cell_extension_free(obj->extensions); + trn_extension_free(obj->extensions); obj->extensions = NULL; } @@ -554,25 +554,25 @@ trn_cell_introduce_ack_set_status(trn_cell_introduce_ack_t *inp, uint16_t val) inp->status = val; return 0; } -struct trn_cell_extension_st * +struct trn_extension_st * trn_cell_introduce_ack_get_extensions(trn_cell_introduce_ack_t *inp) { return inp->extensions; } -const struct trn_cell_extension_st * +const struct trn_extension_st * trn_cell_introduce_ack_getconst_extensions(const trn_cell_introduce_ack_t *inp) { return trn_cell_introduce_ack_get_extensions((trn_cell_introduce_ack_t*) inp); } int -trn_cell_introduce_ack_set_extensions(trn_cell_introduce_ack_t *inp, struct trn_cell_extension_st *val) +trn_cell_introduce_ack_set_extensions(trn_cell_introduce_ack_t *inp, struct trn_extension_st *val) { if (inp->extensions && inp->extensions != val) - trn_cell_extension_free(inp->extensions); + trn_extension_free(inp->extensions); return trn_cell_introduce_ack_set0_extensions(inp, val); } int -trn_cell_introduce_ack_set0_extensions(trn_cell_introduce_ack_t *inp, struct trn_cell_extension_st *val) +trn_cell_introduce_ack_set0_extensions(trn_cell_introduce_ack_t *inp, struct trn_extension_st *val) { inp->extensions = val; return 0; @@ -586,7 +586,7 @@ trn_cell_introduce_ack_check(const trn_cell_introduce_ack_t *obj) return "A set function failed on this object"; { const char *msg; - if (NULL != (msg = trn_cell_extension_check(obj->extensions))) + if (NULL != (msg = trn_extension_check(obj->extensions))) return msg; } return NULL; @@ -604,8 +604,8 @@ trn_cell_introduce_ack_encoded_len(const trn_cell_introduce_ack_t *obj) /* Length of u16 status */ result += 2; - /* Length of struct trn_cell_extension extensions */ - result += trn_cell_extension_encoded_len(obj->extensions); + /* Length of struct trn_extension extensions */ + result += trn_extension_encoded_len(obj->extensions); return result; } int @@ -640,9 +640,9 @@ trn_cell_introduce_ack_encode(uint8_t *output, const size_t avail, const trn_cel trunnel_set_uint16(ptr, trunnel_htons(obj->status)); written += 2; ptr += 2; - /* Encode struct trn_cell_extension extensions */ + /* Encode struct trn_extension extensions */ trunnel_assert(written <= avail); - result = trn_cell_extension_encode(ptr, avail - written, obj->extensions); + result = trn_extension_encode(ptr, avail - written, obj->extensions); if (result < 0) goto fail; /* XXXXXXX !*/ written += result; ptr += result; @@ -687,8 +687,8 @@ trn_cell_introduce_ack_parse_into(trn_cell_introduce_ack_t *obj, const uint8_t * obj->status = trunnel_ntohs(trunnel_get_uint16(ptr)); remaining -= 2; ptr += 2; - /* Parse struct trn_cell_extension extensions */ - result = trn_cell_extension_parse(&obj->extensions, ptr, remaining); + /* Parse struct trn_extension extensions */ + result = trn_extension_parse(&obj->extensions, ptr, remaining); if (result < 0) goto relay_fail; trunnel_assert((size_t)result <= remaining); @@ -733,7 +733,7 @@ static void trn_cell_introduce_encrypted_clear(trn_cell_introduce_encrypted_t *obj) { (void) obj; - trn_cell_extension_free(obj->extensions); + trn_extension_free(obj->extensions); obj->extensions = NULL; TRUNNEL_DYNARRAY_WIPE(&obj->onion_key); TRUNNEL_DYNARRAY_CLEAR(&obj->onion_key); @@ -796,25 +796,25 @@ trn_cell_introduce_encrypted_getconstarray_rend_cookie(const trn_cell_introduce_ { return (const uint8_t *)trn_cell_introduce_encrypted_getarray_rend_cookie((trn_cell_introduce_encrypted_t*)inp); } -struct trn_cell_extension_st * +struct trn_extension_st * trn_cell_introduce_encrypted_get_extensions(trn_cell_introduce_encrypted_t *inp) { return inp->extensions; } -const struct trn_cell_extension_st * +const struct trn_extension_st * trn_cell_introduce_encrypted_getconst_extensions(const trn_cell_introduce_encrypted_t *inp) { return trn_cell_introduce_encrypted_get_extensions((trn_cell_introduce_encrypted_t*) inp); } int -trn_cell_introduce_encrypted_set_extensions(trn_cell_introduce_encrypted_t *inp, struct trn_cell_extension_st *val) +trn_cell_introduce_encrypted_set_extensions(trn_cell_introduce_encrypted_t *inp, struct trn_extension_st *val) { if (inp->extensions && inp->extensions != val) - trn_cell_extension_free(inp->extensions); + trn_extension_free(inp->extensions); return trn_cell_introduce_encrypted_set0_extensions(inp, val); } int -trn_cell_introduce_encrypted_set0_extensions(trn_cell_introduce_encrypted_t *inp, struct trn_cell_extension_st *val) +trn_cell_introduce_encrypted_set0_extensions(trn_cell_introduce_encrypted_t *inp, struct trn_extension_st *val) { inp->extensions = val; return 0; @@ -1066,7 +1066,7 @@ trn_cell_introduce_encrypted_check(const trn_cell_introduce_encrypted_t *obj) return "A set function failed on this object"; { const char *msg; - if (NULL != (msg = trn_cell_extension_check(obj->extensions))) + if (NULL != (msg = trn_extension_check(obj->extensions))) return msg; } if (! (obj->onion_key_type == TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR)) @@ -1099,8 +1099,8 @@ trn_cell_introduce_encrypted_encoded_len(const trn_cell_introduce_encrypted_t *o /* Length of u8 rend_cookie[TRUNNEL_REND_COOKIE_LEN] */ result += TRUNNEL_REND_COOKIE_LEN; - /* Length of struct trn_cell_extension extensions */ - result += trn_cell_extension_encoded_len(obj->extensions); + /* Length of struct trn_extension extensions */ + result += trn_extension_encoded_len(obj->extensions); /* Length of u8 onion_key_type IN [TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR] */ result += 1; @@ -1159,9 +1159,9 @@ trn_cell_introduce_encrypted_encode(uint8_t *output, const size_t avail, const t memcpy(ptr, obj->rend_cookie, TRUNNEL_REND_COOKIE_LEN); written += TRUNNEL_REND_COOKIE_LEN; ptr += TRUNNEL_REND_COOKIE_LEN; - /* Encode struct trn_cell_extension extensions */ + /* Encode struct trn_extension extensions */ trunnel_assert(written <= avail); - result = trn_cell_extension_encode(ptr, avail - written, obj->extensions); + result = trn_extension_encode(ptr, avail - written, obj->extensions); if (result < 0) goto fail; /* XXXXXXX !*/ written += result; ptr += result; @@ -1263,8 +1263,8 @@ trn_cell_introduce_encrypted_parse_into(trn_cell_introduce_encrypted_t *obj, con memcpy(obj->rend_cookie, ptr, TRUNNEL_REND_COOKIE_LEN); remaining -= TRUNNEL_REND_COOKIE_LEN; ptr += TRUNNEL_REND_COOKIE_LEN; - /* Parse struct trn_cell_extension extensions */ - result = trn_cell_extension_parse(&obj->extensions, ptr, remaining); + /* Parse struct trn_extension extensions */ + result = trn_extension_parse(&obj->extensions, ptr, remaining); if (result < 0) goto relay_fail; trunnel_assert((size_t)result <= remaining); diff --git a/src/trunnel/hs/cell_introduce1.h b/src/trunnel/hs/cell_introduce1.h index 8dabff3cb5..ea37502d8e 100644 --- a/src/trunnel/hs/cell_introduce1.h +++ b/src/trunnel/hs/cell_introduce1.h @@ -8,7 +8,7 @@ #include <stdint.h> #include "trunnel.h" -struct trn_cell_extension_st; +struct trn_extension_st; struct link_specifier_st; #define TRUNNEL_SHA1_LEN 20 #define TRUNNEL_REND_COOKIE_LEN 20 @@ -25,7 +25,7 @@ struct trn_cell_introduce1_st { uint8_t auth_key_type; uint16_t auth_key_len; TRUNNEL_DYNARRAY_HEAD(, uint8_t) auth_key; - struct trn_cell_extension_st *extensions; + struct trn_extension_st *extensions; TRUNNEL_DYNARRAY_HEAD(, uint8_t) encrypted; uint8_t trunnel_error_code_; }; @@ -34,7 +34,7 @@ typedef struct trn_cell_introduce1_st trn_cell_introduce1_t; #if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_CELL_INTRODUCE_ACK) struct trn_cell_introduce_ack_st { uint16_t status; - struct trn_cell_extension_st *extensions; + struct trn_extension_st *extensions; uint8_t trunnel_error_code_; }; #endif @@ -42,7 +42,7 @@ typedef struct trn_cell_introduce_ack_st trn_cell_introduce_ack_t; #if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_CELL_INTRODUCE_ENCRYPTED) struct trn_cell_introduce_encrypted_st { uint8_t rend_cookie[TRUNNEL_REND_COOKIE_LEN]; - struct trn_cell_extension_st *extensions; + struct trn_extension_st *extensions; uint8_t onion_key_type; uint16_t onion_key_len; TRUNNEL_DYNARRAY_HEAD(, uint8_t) onion_key; @@ -169,21 +169,21 @@ int trn_cell_introduce1_setlen_auth_key(trn_cell_introduce1_t *inp, size_t newle /** Return the value of the extensions field of the * trn_cell_introduce1_t in 'inp' */ -struct trn_cell_extension_st * trn_cell_introduce1_get_extensions(trn_cell_introduce1_t *inp); +struct trn_extension_st * trn_cell_introduce1_get_extensions(trn_cell_introduce1_t *inp); /** As trn_cell_introduce1_get_extensions, but take and return a const * pointer */ -const struct trn_cell_extension_st * trn_cell_introduce1_getconst_extensions(const trn_cell_introduce1_t *inp); +const struct trn_extension_st * trn_cell_introduce1_getconst_extensions(const trn_cell_introduce1_t *inp); /** Set the value of the extensions field of the trn_cell_introduce1_t * in 'inp' to 'val'. Free the old value if any. Steals the * referenceto 'val'.Return 0 on success; return -1 and set the error * code on 'inp' on failure. */ -int trn_cell_introduce1_set_extensions(trn_cell_introduce1_t *inp, struct trn_cell_extension_st *val); +int trn_cell_introduce1_set_extensions(trn_cell_introduce1_t *inp, struct trn_extension_st *val); /** As trn_cell_introduce1_set_extensions, but does not free the * previous value. */ -int trn_cell_introduce1_set0_extensions(trn_cell_introduce1_t *inp, struct trn_cell_extension_st *val); +int trn_cell_introduce1_set0_extensions(trn_cell_introduce1_t *inp, struct trn_extension_st *val); /** Return the length of the dynamic array holding the encrypted field * of the trn_cell_introduce1_t in 'inp'. */ @@ -266,21 +266,21 @@ int trn_cell_introduce_ack_set_status(trn_cell_introduce_ack_t *inp, uint16_t va /** Return the value of the extensions field of the * trn_cell_introduce_ack_t in 'inp' */ -struct trn_cell_extension_st * trn_cell_introduce_ack_get_extensions(trn_cell_introduce_ack_t *inp); +struct trn_extension_st * trn_cell_introduce_ack_get_extensions(trn_cell_introduce_ack_t *inp); /** As trn_cell_introduce_ack_get_extensions, but take and return a * const pointer */ -const struct trn_cell_extension_st * trn_cell_introduce_ack_getconst_extensions(const trn_cell_introduce_ack_t *inp); +const struct trn_extension_st * trn_cell_introduce_ack_getconst_extensions(const trn_cell_introduce_ack_t *inp); /** Set the value of the extensions field of the * trn_cell_introduce_ack_t in 'inp' to 'val'. Free the old value if * any. Steals the referenceto 'val'.Return 0 on success; return -1 * and set the error code on 'inp' on failure. */ -int trn_cell_introduce_ack_set_extensions(trn_cell_introduce_ack_t *inp, struct trn_cell_extension_st *val); +int trn_cell_introduce_ack_set_extensions(trn_cell_introduce_ack_t *inp, struct trn_extension_st *val); /** As trn_cell_introduce_ack_set_extensions, but does not free the * previous value. */ -int trn_cell_introduce_ack_set0_extensions(trn_cell_introduce_ack_t *inp, struct trn_cell_extension_st *val); +int trn_cell_introduce_ack_set0_extensions(trn_cell_introduce_ack_t *inp, struct trn_extension_st *val); /** Return a newly allocated trn_cell_introduce_encrypted with all * elements set to zero. */ @@ -347,21 +347,21 @@ const uint8_t * trn_cell_introduce_encrypted_getconstarray_rend_cookie(const tr /** Return the value of the extensions field of the * trn_cell_introduce_encrypted_t in 'inp' */ -struct trn_cell_extension_st * trn_cell_introduce_encrypted_get_extensions(trn_cell_introduce_encrypted_t *inp); +struct trn_extension_st * trn_cell_introduce_encrypted_get_extensions(trn_cell_introduce_encrypted_t *inp); /** As trn_cell_introduce_encrypted_get_extensions, but take and * return a const pointer */ -const struct trn_cell_extension_st * trn_cell_introduce_encrypted_getconst_extensions(const trn_cell_introduce_encrypted_t *inp); +const struct trn_extension_st * trn_cell_introduce_encrypted_getconst_extensions(const trn_cell_introduce_encrypted_t *inp); /** Set the value of the extensions field of the * trn_cell_introduce_encrypted_t in 'inp' to 'val'. Free the old * value if any. Steals the referenceto 'val'.Return 0 on success; * return -1 and set the error code on 'inp' on failure. */ -int trn_cell_introduce_encrypted_set_extensions(trn_cell_introduce_encrypted_t *inp, struct trn_cell_extension_st *val); +int trn_cell_introduce_encrypted_set_extensions(trn_cell_introduce_encrypted_t *inp, struct trn_extension_st *val); /** As trn_cell_introduce_encrypted_set_extensions, but does not free * the previous value. */ -int trn_cell_introduce_encrypted_set0_extensions(trn_cell_introduce_encrypted_t *inp, struct trn_cell_extension_st *val); +int trn_cell_introduce_encrypted_set0_extensions(trn_cell_introduce_encrypted_t *inp, struct trn_extension_st *val); /** Return the value of the onion_key_type field of the * trn_cell_introduce_encrypted_t in 'inp' */ diff --git a/src/trunnel/hs/cell_introduce1.trunnel b/src/trunnel/hs/cell_introduce1.trunnel index 5911c695a2..6682227b44 100644 --- a/src/trunnel/hs/cell_introduce1.trunnel +++ b/src/trunnel/hs/cell_introduce1.trunnel @@ -5,7 +5,7 @@ */ /* From cell_common.trunnel. */ -extern struct trn_cell_extension; +extern struct trn_extension; /* From ed25519_cert.trunnel. */ extern struct link_specifier; @@ -38,7 +38,7 @@ struct trn_cell_introduce1 { u8 auth_key[auth_key_len]; /* Extension(s). Reserved fields. */ - struct trn_cell_extension extensions; + struct trn_extension extensions; /* Variable length, up to the end of cell. */ u8 encrypted[]; @@ -50,7 +50,7 @@ struct trn_cell_introduce_ack { u16 status; /* Extension(s). Reserved fields. */ - struct trn_cell_extension extensions; + struct trn_extension extensions; }; /* Encrypted section of the INTRODUCE1/INTRODUCE2 cell. */ @@ -59,7 +59,7 @@ struct trn_cell_introduce_encrypted { u8 rend_cookie[TRUNNEL_REND_COOKIE_LEN]; /* Extension(s). Reserved fields. */ - struct trn_cell_extension extensions; + struct trn_extension extensions; /* Onion key material. */ u8 onion_key_type IN [TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR]; diff --git a/src/trunnel/include.am b/src/trunnel/include.am index 6c3a5ff06b..b2aee81da9 100644 --- a/src/trunnel/include.am +++ b/src/trunnel/include.am @@ -8,24 +8,29 @@ endif TRUNNELINPUTS = \ src/trunnel/ed25519_cert.trunnel \ + src/trunnel/extension.trunnel \ src/trunnel/link_handshake.trunnel \ src/trunnel/pwbox.trunnel \ src/trunnel/channelpadding_negotiation.trunnel \ src/trunnel/sendme_cell.trunnel \ + src/trunnel/flow_control_cells.trunnel \ + src/trunnel/congestion_control.trunnel \ src/trunnel/socks5.trunnel \ src/trunnel/circpad_negotiation.trunnel TRUNNELSOURCES = \ src/ext/trunnel/trunnel.c \ src/trunnel/ed25519_cert.c \ + src/trunnel/extension.c \ src/trunnel/link_handshake.c \ src/trunnel/pwbox.c \ - src/trunnel/hs/cell_common.c \ src/trunnel/hs/cell_establish_intro.c \ src/trunnel/hs/cell_introduce1.c \ src/trunnel/hs/cell_rendezvous.c \ src/trunnel/channelpadding_negotiation.c \ src/trunnel/sendme_cell.c \ + src/trunnel/flow_control_cells.c \ + src/trunnel/congestion_control.c \ src/trunnel/socks5.c \ src/trunnel/netinfo.c \ src/trunnel/circpad_negotiation.c @@ -35,14 +40,16 @@ TRUNNELHEADERS = \ src/ext/trunnel/trunnel-impl.h \ src/trunnel/trunnel-local.h \ src/trunnel/ed25519_cert.h \ + src/trunnel/extension.h \ src/trunnel/link_handshake.h \ src/trunnel/pwbox.h \ - src/trunnel/hs/cell_common.h \ src/trunnel/hs/cell_establish_intro.h \ src/trunnel/hs/cell_introduce1.h \ src/trunnel/hs/cell_rendezvous.h \ src/trunnel/channelpadding_negotiation.h \ src/trunnel/sendme_cell.h \ + src/trunnel/flow_control_cells.h \ + src/trunnel/congestion_control.h \ src/trunnel/socks5.h \ src/trunnel/netinfo.h \ src/trunnel/circpad_negotiation.h diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index b724fa2c26..4397216f31 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -217,7 +217,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.4.5.16-dev" +#define VERSION "0.4.7.13" #define HAVE_STRUCT_SOCKADDR_IN6 #define HAVE_STRUCT_IN6_ADDR |