diff options
37 files changed, 509 insertions, 205 deletions
diff --git a/changes/bug17857 b/changes/bug17857 new file mode 100644 index 0000000000..6c88638231 --- /dev/null +++ b/changes/bug17857 @@ -0,0 +1,6 @@ + o Minor features (defensive programming): + - Create a pair of consensus parameters nf_pad_tor2web and + nf_pad_single_onion that allow us to disable netflow padding in the + consensus for non-anonymous connections, in case the overhead is high. + Closes #17857. + diff --git a/changes/bug22446 b/changes/bug22446 new file mode 100644 index 0000000000..eab65aac00 --- /dev/null +++ b/changes/bug22446 @@ -0,0 +1,4 @@ + o Minor features (code style, backport from 0.3.1.3-alpha): + - Add "Falls through" comments to our codebase, in order to silence + GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas + Stieger. Closes ticket 22446. diff --git a/changes/bug23347 b/changes/bug23347 new file mode 100644 index 0000000000..e73aa48f01 --- /dev/null +++ b/changes/bug23347 @@ -0,0 +1,9 @@ + o Minor fixes (bridge client bootstrap): + - Make bridge clients with no running bridges try to download + bridge descriptors immediately. But when bridge clients have + running bridges, make them wait at least 3 hours before + refreshing recently received bridge descriptors. + Download schedules used to start with an implicit 0, but the + fix for 17750 changed this undocumented behaviour, and made + bridge clients hang for 15 minutes before bootstrapping. + Fixes bug 23347, not in any released version of Tor. diff --git a/changes/ticket21031 b/changes/ticket21031 new file mode 100644 index 0000000000..79ad5267b5 --- /dev/null +++ b/changes/ticket21031 @@ -0,0 +1,5 @@ + o Removed features: + - The ClientDNSRejectInternalAddresses flag can no longer be set on + non-testing networks. It has been deprecated since 0.2.9.2-alpha. + Closes ticket 21031. + diff --git a/changes/ticket22215 b/changes/ticket22215 new file mode 100644 index 0000000000..4abeaf2c53 --- /dev/null +++ b/changes/ticket22215 @@ -0,0 +1,5 @@ + o Code simplification and refactoring: + - Remove some of the code that once supported "Named" and "Unnamed" + routers. Authorities no longer vote for these flags. Closes ticket + 23478. + diff --git a/changes/ticket22281 b/changes/ticket22281 new file mode 100644 index 0000000000..95787580ff --- /dev/null +++ b/changes/ticket22281 @@ -0,0 +1,3 @@ + o Minor features (bug detection): + - Log a warning message, with stack trace, for any attempt to call + get_options() during option validation. Closes ticket 22281. diff --git a/changes/ticket22437 b/changes/ticket22437 new file mode 100644 index 0000000000..8e4c9630c8 --- /dev/null +++ b/changes/ticket22437 @@ -0,0 +1,4 @@ + o Testing: + - The default chutney network tests now include tests for the + v3 hidden service design. Make sure you have the latest + version of chutney if you want to run these. Closes ticket 22437. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index aec1767059..d49dd96336 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1408,12 +1408,6 @@ The following options are useful only for clients (that is, if addresses/ports. See SocksPort for an explanation of isolation flags. (Default: 0) -[[ClientDNSRejectInternalAddresses]] **ClientDNSRejectInternalAddresses** **0**|**1**:: - If true, Tor does not believe any anonymously retrieved DNS answer that - tells it that an address resolves to an internal address (like 127.0.0.1 or - 192.168.0.1). This option prevents certain browser-based attacks; don't - turn it off unless you know what you're doing. (Default: 1) - [[ClientRejectInternalAddresses]] **ClientRejectInternalAddresses** **0**|**1**:: If true, Tor does not try to fulfill requests to connect to an internal address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is @@ -1582,8 +1576,8 @@ The following options are useful only for clients (that is, if live consensus). Only used by clients fetching from a list of fallback directory mirrors. This schedule is advanced by (potentially concurrent) connection attempts, unlike other schedules, which are advanced by - connection failures. (Default: 10, 11, 3600, 10800, 25200, 54000, - 111600, 262800) + connection failures. (Default: 6, 11, 3600, 10800, 25200, 54000, 111600, + 262800) [[ClientBootstrapConsensusFallbackDownloadSchedule]] **ClientBootstrapConsensusFallbackDownloadSchedule** __N__,__N__,__...__:: Schedule for when clients should download consensuses from fallback @@ -1613,7 +1607,7 @@ The following options are useful only for clients (that is, if [[ClientBootstrapConsensusMaxInProgressTries]] **ClientBootstrapConsensusMaxInProgressTries** __NUM__:: Try this many simultaneous connections to download a consensus before - waiting for one to complete, timeout, or error out. (Default: 4) + waiting for one to complete, timeout, or error out. (Default: 3) SERVER OPTIONS -------------- @@ -2468,7 +2462,7 @@ The following options are used for running a testing Tor network. 4 (for 40 seconds), 8, 16, 32, 60 ClientBootstrapConsensusMaxDownloadTries 80 ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80 - ClientDNSRejectInternalAddresses 0 + TestingClientDNSRejectInternalAddresses 0 ClientRejectInternalAddresses 0 CountPrivateBandwidth 1 ExitPolicyRejectPrivate 0 @@ -2486,7 +2480,8 @@ The following options are used for running a testing Tor network. TestingClientDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60 TestingServerConsensusDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60 TestingClientConsensusDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60 - TestingBridgeDownloadSchedule 60, 30, 30, 60 + TestingBridgeDownloadSchedule 10, 30, 60 + TestingBridgeBootstrapDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60 TestingClientMaxIntervalWithoutRequest 5 seconds TestingDirConnectionMaxStall 30 seconds TestingConsensusMaxDownloadTries 80 @@ -2551,8 +2546,16 @@ The following options are used for running a testing Tor network. 1800, 3600, 3600, 3600, 10800, 21600, 43200) [[TestingBridgeDownloadSchedule]] **TestingBridgeDownloadSchedule** __N__,__N__,__...__:: - Schedule for when clients should download bridge descriptors. Changing this - requires that **TestingTorNetwork** is set. (Default: 3600, 900, 900, 3600) + Schedule for when clients should download each bridge descriptor when they + know that one or more of their configured bridges are running. Changing + this requires that **TestingTorNetwork** is set. (Default: 10800, 25200, + 54000, 111600, 262800) + +[[TestingBridgeBootstrapDownloadSchedule]] **TestingBridgeBootstrapDownloadSchedule** __N__,__N__,__...__:: + Schedule for when clients should download each bridge descriptor when they + have just started, or when they can not contact any of their bridges. + Changing this requires that **TestingTorNetwork** is set. (Default: 0, 30, + 90, 600, 3600, 10800, 25200, 54000, 111600, 262800) [[TestingClientMaxIntervalWithoutRequest]] **TestingClientMaxIntervalWithoutRequest** __N__ **seconds**|**minutes**:: When directory clients have only a few descriptors to request, they batch @@ -2670,6 +2673,13 @@ The following options are used for running a testing Tor network. we replace it and issue a new key? (Default: 3 hours for link and auth; 1 day for signing.) +[[ClientDNSRejectInternalAddresses]] [[TestingClientDNSRejectInternalAddresses]] **TestingClientDNSRejectInternalAddresses** **0**|**1**:: + If true, Tor does not believe any anonymously retrieved DNS answer that + tells it that an address resolves to an internal address (like 127.0.0.1 or + 192.168.0.1). This option prevents certain browser-based attacks; don't + turn it off unless you know what you're doing. (Default: 1) + + NON-PERSISTENT OPTIONS ---------------------- diff --git a/src/common/timers.c b/src/common/timers.c index 6f4a6c30f0..c43c49c083 100644 --- a/src/common/timers.c +++ b/src/common/timers.c @@ -29,6 +29,8 @@ #include "orconfig.h" +#define TOR_TIMERS_PRIVATE + #include "compat.h" #include "compat_libevent.h" #include "timers.h" @@ -148,6 +150,21 @@ libevent_timer_reschedule(void) event_add(global_timer_event, &d); } +/** Run the callback of every timer that has expired, based on the current + * output of monotime_get(). */ +STATIC void +timers_run_pending(void) +{ + monotime_t now; + monotime_get(&now); + timer_advance_to_cur_time(&now); + + tor_timer_t *t; + while ((t = timeouts_get(global_timeouts))) { + t->callback.cb(t, t->callback.arg, &now); + } +} + /** * Invoked when the libevent timer has expired: see which tor_timer_t events * have fired, activate their callbacks, and reschedule the libevent timer. @@ -159,14 +176,7 @@ libevent_timer_callback(evutil_socket_t fd, short what, void *arg) (void)what; (void)arg; - monotime_t now; - monotime_get(&now); - timer_advance_to_cur_time(&now); - - tor_timer_t *t; - while ((t = timeouts_get(global_timeouts))) { - t->callback.cb(t, t->callback.arg, &now); - } + timers_run_pending(); libevent_timer_reschedule(); } diff --git a/src/common/timers.h b/src/common/timers.h index e816630e6d..d9602cd2ae 100644 --- a/src/common/timers.h +++ b/src/common/timers.h @@ -22,5 +22,9 @@ void timer_free(tor_timer_t *t); void timers_initialize(void); void timers_shutdown(void); +#ifdef TOR_TIMERS_PRIVATE +STATIC void timers_run_pending(void); +#endif + #endif diff --git a/src/or/bridges.c b/src/or/bridges.c index 0818fb0812..461f86260f 100644 --- a/src/or/bridges.c +++ b/src/or/bridges.c @@ -454,6 +454,9 @@ bridge_add_from_config(bridge_line_t *bridge_line) b->transport_name = bridge_line->transport_name; b->fetch_status.schedule = DL_SCHED_BRIDGE; b->fetch_status.backoff = DL_SCHED_RANDOM_EXPONENTIAL; + b->fetch_status.increment_on = DL_SCHED_INCREMENT_ATTEMPT; + /* This will fail if UseBridges is not set */ + download_status_reset(&b->fetch_status); b->socks_args = bridge_line->socks_args; if (!bridge_list) bridge_list = smartlist_new(); @@ -632,8 +635,13 @@ fetch_bridge_descriptors(const or_options_t *options, time_t now) continue; } - /* schedule another fetch as if this one will fail, in case it does */ - download_status_failed(&bridge->fetch_status, 0); + /* schedule the next attempt + * we can't increment after a failure, because sometimes we use the + * bridge authority, and sometimes we use the bridge direct */ + download_status_increment_attempt( + &bridge->fetch_status, + safe_str_client(fmt_and_decorate_addr(&bridge->addr)), + now); can_use_bridge_authority = !tor_digest_is_zero(bridge->identity) && num_bridge_auths; @@ -787,8 +795,12 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) if (bridge) { /* if we actually want to use this one */ node_t *node; /* it's here; schedule its re-fetch for a long time from now. */ - if (!from_cache) + if (!from_cache) { + /* This schedules the re-fetch at a constant interval, which produces + * a pattern of bridge traffic. But it's better than trying all + * configured briges several times in the first few minutes. */ download_status_reset(&bridge->fetch_status); + } node = node_get_mutable_by_id(ri->cache_info.identity_digest); tor_assert(node); @@ -820,8 +832,8 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) * We use this function to decide if we're ready to start building * circuits through our bridges, or if we need to wait until the * directory "server/authority" requests finish. */ -int -any_bridge_descriptors_known(void) +MOCK_IMPL(int, +any_bridge_descriptors_known, (void)) { tor_assert(get_options()->UseBridges); diff --git a/src/or/bridges.h b/src/or/bridges.h index 3bfc782f9a..19341818f4 100644 --- a/src/or/bridges.h +++ b/src/or/bridges.h @@ -45,7 +45,7 @@ void bridge_add_from_config(struct bridge_line_t *bridge_line); void retry_bridge_descriptor_fetch_directly(const char *digest); void fetch_bridge_descriptors(const or_options_t *options, time_t now); void learned_bridge_descriptor(routerinfo_t *ri, int from_cache); -int any_bridge_descriptors_known(void); +MOCK_DECL(int, any_bridge_descriptors_known, (void)); const smartlist_t *get_socks_args_by_bridge_addrport(const tor_addr_t *addr, uint16_t port); diff --git a/src/or/channel.c b/src/or/channel.c index 9f8a03683f..56eeccc2a7 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -65,6 +65,8 @@ #include "routerlist.h" #include "scheduler.h" #include "compat_time.h" +#include "networkstatus.h" +#include "rendservice.h" /* Global lists of channels */ @@ -2731,12 +2733,25 @@ channel_do_open_actions(channel_t *chan) /* Disable or reduce padding according to user prefs. */ if (chan->padding_enabled || get_options()->ConnectionPadding == 1) { if (!get_options()->ConnectionPadding) { + /* Disable if torrc disabled */ channelpadding_disable_padding_on_channel(chan); - } - - /* Padding can be forced and/or reduced by clients, regardless of if - * the channel supports it */ - if (get_options()->ReducedConnectionPadding) { + } else if (get_options()->Tor2webMode && + !networkstatus_get_param(NULL, + CHANNELPADDING_TOR2WEB_PARAM, + CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1)) { + /* Disable if we're using tor2web and the consensus disabled padding + * for tor2web */ + channelpadding_disable_padding_on_channel(chan); + } else if (rend_service_allow_non_anonymous_connection(get_options()) && + !networkstatus_get_param(NULL, + CHANNELPADDING_SOS_PARAM, + CHANNELPADDING_SOS_DEFAULT, 0, 1)) { + /* Disable if we're using RSOS and the consensus disabled padding + * for RSOS*/ + channelpadding_disable_padding_on_channel(chan); + } else if (get_options()->ReducedConnectionPadding) { + /* Padding can be forced and/or reduced by clients, regardless of if + * the channel supports it */ channelpadding_reduce_padding_on_channel(chan); } } diff --git a/src/or/channelpadding.c b/src/or/channelpadding.c index bed2489837..ccaf5b4ec8 100644 --- a/src/or/channelpadding.c +++ b/src/or/channelpadding.c @@ -21,6 +21,7 @@ #include "router.h" #include "compat_time.h" #include <event2/event.h> +#include "rendservice.h" STATIC int channelpadding_get_netflow_inactive_timeout_ms(const channel_t *); STATIC int channelpadding_send_disable_command(channel_t *); @@ -46,6 +47,10 @@ static int consensus_nf_conntimeout_clients; static int consensus_nf_pad_before_usage; /** Should we pad relay-to-relay connections? */ static int consensus_nf_pad_relays; +/** Should we pad tor2web connections? */ +static int consensus_nf_pad_tor2web; +/** Should we pad rosos connections? */ +static int consensus_nf_pad_single_onion; #define TOR_MSEC_PER_SEC 1000 #define TOR_USEC_PER_MSEC 1000 @@ -130,6 +135,16 @@ channelpadding_new_consensus_params(networkstatus_t *ns) consensus_nf_pad_relays = networkstatus_get_param(ns, "nf_pad_relays", 0, 0, 1); + + consensus_nf_pad_tor2web = + networkstatus_get_param(ns, + CHANNELPADDING_TOR2WEB_PARAM, + CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1); + + consensus_nf_pad_single_onion = + networkstatus_get_param(ns, + CHANNELPADDING_SOS_PARAM, + CHANNELPADDING_SOS_DEFAULT, 0, 1); } /** @@ -717,6 +732,25 @@ channelpadding_decide_to_pad_channel(channel_t *chan) return CHANNELPADDING_WONTPAD; } + if (options->Tor2webMode && !consensus_nf_pad_tor2web) { + /* If the consensus just changed values, this channel may still + * think padding is enabled. Negotiate it off. */ + if (chan->padding_enabled) + channelpadding_disable_padding_on_channel(chan); + + return CHANNELPADDING_WONTPAD; + } + + if (rend_service_allow_non_anonymous_connection(options) && + !consensus_nf_pad_single_onion) { + /* If the consensus just changed values, this channel may still + * think padding is enabled. Negotiate it off. */ + if (chan->padding_enabled) + channelpadding_disable_padding_on_channel(chan); + + return CHANNELPADDING_WONTPAD; + } + if (!chan->has_queued_writes(chan)) { int is_client_channel = 0; diff --git a/src/or/channelpadding.h b/src/or/channelpadding.h index 2708ee9739..a227e27d5b 100644 --- a/src/or/channelpadding.h +++ b/src/or/channelpadding.h @@ -13,6 +13,11 @@ #include "channelpadding_negotiation.h" +#define CHANNELPADDING_TOR2WEB_PARAM "nf_pad_tor2web" +#define CHANNELPADDING_TOR2WEB_DEFAULT 1 +#define CHANNELPADDING_SOS_PARAM "nf_pad_single_onion" +#define CHANNELPADDING_SOS_DEFAULT 1 + typedef enum { CHANNELPADDING_WONTPAD, CHANNELPADDING_PADLATER, diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 774edc90b4..5cc6252325 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -1912,6 +1912,10 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, int line, circuits_pending_close = smartlist_new(); smartlist_add(circuits_pending_close, circ); + + log_info(LD_GENERAL, "Circuit %u marked for close at %s:%d (orig reason: " + "%u, new reason: %u)", + circ->n_circ_id, file, line, orig_reason, reason); } /** Called immediately before freeing a marked circuit <b>circ</b> from diff --git a/src/or/config.c b/src/or/config.c index c0072fe4ef..55c9531f4b 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -169,6 +169,8 @@ static config_abbrev_t option_abbrevs_[] = { { "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0}, { "HashedControlPassword", "__HashedControlSessionPassword", 1, 0}, { "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0}, + { "ClientDNSRejectInternalAddresses", + "TestingClientDNSRejectInternalAddresses", 0, 1, }, { NULL, NULL, 0, 0}, }; @@ -251,7 +253,7 @@ static config_var_t option_vars_[] = { V(CircuitsAvailableTimeout, INTERVAL, "0"), V(CircuitStreamTimeout, INTERVAL, "0"), V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/ - V(ClientDNSRejectInternalAddresses, BOOL,"1"), + V(TestingClientDNSRejectInternalAddresses, BOOL,"1"), V(ClientOnly, BOOL, "0"), V(ClientPreferIPv6ORPort, AUTOBOOL, "auto"), V(ClientPreferIPv6DirPort, AUTOBOOL, "auto"), @@ -587,7 +589,16 @@ static config_var_t option_vars_[] = { * blackholed. Clients will try 3 directories simultaneously. * (Relays never use simultaneous connections.) */ V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"), - V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "1200, 900, 900, 3600"), + /* When a client has any running bridges, check each bridge occasionally, + * whether or not that bridge is actually up. */ + V(TestingBridgeDownloadSchedule, CSV_INTERVAL, + "10800, 25200, 54000, 111600, 262800"), + /* When a client is just starting, or has no running bridges, check each + * bridge a few times quickly, and then try again later. These schedules + * are much longer than the other schedules, because we try each and every + * configured bridge with this schedule. */ + V(TestingBridgeBootstrapDownloadSchedule, CSV_INTERVAL, + "0, 30, 90, 600, 3600, 10800, 25200, 54000, 111600, 262800"), V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"), V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"), V(TestingConsensusMaxDownloadTries, UINT, "8"), @@ -626,7 +637,7 @@ static const config_var_t testing_tor_network_defaults[] = { "0, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"), V(ClientBootstrapConsensusMaxDownloadTries, UINT, "80"), V(ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries, UINT, "80"), - V(ClientDNSRejectInternalAddresses, BOOL,"0"), // deprecated in 0.2.9.2-alpha + V(TestingClientDNSRejectInternalAddresses, BOOL,"0"), V(ClientRejectInternalAddresses, BOOL, "0"), V(CountPrivateBandwidth, BOOL, "1"), V(ExitPolicyRejectPrivate, BOOL, "0"), @@ -649,7 +660,9 @@ static const config_var_t testing_tor_network_defaults[] = { "15, 20, 30, 60"), V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, " "15, 20, 30, 60"), - V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "60, 30, 30, 60"), + V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "10, 30, 60"), + V(TestingBridgeBootstrapDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, " + "15, 20, 30, 60"), V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"), V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"), V(TestingConsensusMaxDownloadTries, UINT, "80"), @@ -673,8 +686,6 @@ static const config_deprecation_t option_deprecation_notes_[] = { /* Deprecated since 0.2.9.2-alpha... */ { "AllowDotExit", "Unrestricted use of the .exit notation can be used for " "a wide variety of application-level attacks." }, - { "ClientDNSRejectInternalAddresses", "Turning this on makes your client " - "easier to fingerprint, and may open you to esoteric attacks." }, /* End of options deprecated since 0.2.9.2-alpha. */ /* Deprecated since 0.3.2.0-alpha. */ @@ -766,6 +777,9 @@ static int have_parsed_cmdline = 0; static char *global_dirfrontpagecontents = NULL; /** List of port_cfg_t for all configured ports. */ static smartlist_t *configured_ports = NULL; +/** True iff we're currently validating options, and any calls to + * get_options() are likely to be bugs. */ +static int in_option_validation = 0; /** Return the contents of our frontpage string, or NULL if not configured. */ MOCK_IMPL(const char*, @@ -779,6 +793,7 @@ MOCK_IMPL(or_options_t *, get_options_mutable, (void)) { tor_assert(global_options); + tor_assert_nonfatal(! in_option_validation); return global_options; } @@ -2308,24 +2323,36 @@ options_trial_assign(config_line_t *list, unsigned flags, char **msg) return r; } - if (options_validate(get_options_mutable(), trial_options, + setopt_err_t rv; + or_options_t *cur_options = get_options_mutable(); + + in_option_validation = 1; + + if (options_validate(cur_options, trial_options, global_default_options, 1, msg) < 0) { or_options_free(trial_options); - return SETOPT_ERR_PARSE; /*XXX make this a separate return value. */ + rv = SETOPT_ERR_PARSE; /*XXX make this a separate return value. */ + goto done; } - if (options_transition_allowed(get_options(), trial_options, msg) < 0) { + if (options_transition_allowed(cur_options, trial_options, msg) < 0) { or_options_free(trial_options); - return SETOPT_ERR_TRANSITION; + rv = SETOPT_ERR_TRANSITION; + goto done; } + in_option_validation = 0; if (set_options(trial_options, msg)<0) { or_options_free(trial_options); - return SETOPT_ERR_SETTING; + rv = SETOPT_ERR_SETTING; + goto done; } /* we liked it. put it in place. */ - return SETOPT_OK; + rv = SETOPT_OK; + done: + in_option_validation = 0; + return rv; } /** Print a usage message for tor. */ @@ -2828,8 +2855,11 @@ static int options_validate_cb(void *old_options, void *options, void *default_options, int from_setconf, char **msg) { - return options_validate(old_options, options, default_options, + in_option_validation = 1; + int rv = options_validate(old_options, options, default_options, from_setconf, msg); + in_option_validation = 0; + return rv; } #define REJECT(arg) \ @@ -4079,6 +4109,7 @@ options_validate(or_options_t *old_options, or_options_t *options, CHECK_DEFAULT(TestingServerConsensusDownloadSchedule); CHECK_DEFAULT(TestingClientConsensusDownloadSchedule); CHECK_DEFAULT(TestingBridgeDownloadSchedule); + CHECK_DEFAULT(TestingBridgeBootstrapDownloadSchedule); CHECK_DEFAULT(TestingClientMaxIntervalWithoutRequest); CHECK_DEFAULT(TestingDirConnectionMaxStall); CHECK_DEFAULT(TestingConsensusMaxDownloadTries); @@ -4090,6 +4121,7 @@ options_validate(or_options_t *old_options, or_options_t *options, CHECK_DEFAULT(TestingSigningKeySlop); CHECK_DEFAULT(TestingAuthKeySlop); CHECK_DEFAULT(TestingLinkKeySlop); + CHECK_DEFAULT(TestingClientDNSRejectInternalAddresses); #undef CHECK_DEFAULT if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2) @@ -5216,6 +5248,7 @@ options_init_from_string(const char *cf_defaults, const char *cf, } newoptions->IncludeUsed = cf_has_include; + in_option_validation = 1; /* Validate newoptions */ if (options_validate(oldoptions, newoptions, newdefaultoptions, @@ -5228,17 +5261,20 @@ options_init_from_string(const char *cf_defaults, const char *cf, err = SETOPT_ERR_TRANSITION; goto err; } + in_option_validation = 0; if (set_options(newoptions, msg)) { err = SETOPT_ERR_SETTING; goto err; /* frees and replaces old options */ } + or_options_free(global_default_options); global_default_options = newdefaultoptions; return SETOPT_OK; err: + in_option_validation = 0; or_options_free(newoptions); or_options_free(newdefaultoptions); if (*msg) { diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index c5bd39d172..dfa89bc2ce 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -1344,7 +1344,7 @@ connection_ap_handshake_rewrite(entry_connection_t *conn, /* Hang on, did we find an answer saying that this is a reverse lookup for * an internal address? If so, we should reject it if we're configured to * do so. */ - if (options->ClientDNSRejectInternalAddresses) { + if (options->TestingClientDNSRejectInternalAddresses) { /* Don't let clients try to do a reverse lookup on 10.0.0.1. */ tor_addr_t addr; int ok; diff --git a/src/or/directory.c b/src/or/directory.c index 007235d108..fed4277dec 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -5362,7 +5362,14 @@ find_dl_schedule(const download_status_t *dls, const or_options_t *options) } } case DL_SCHED_BRIDGE: - return options->TestingBridgeDownloadSchedule; + /* A bridge client downloading bridge descriptors */ + if (any_bridge_descriptors_known()) { + /* A bridge client with one or more running bridges */ + return options->TestingBridgeDownloadSchedule; + } else { + /* A bridge client with no running bridges */ + return options->TestingBridgeBootstrapDownloadSchedule; + } default: tor_assert(0); } @@ -5683,8 +5690,8 @@ download_status_get_initial_delay_from_now(const download_status_t *dls) * (We find the zeroth element of the download schedule, and set * next_attempt_at to be the appropriate offset from 'now'. In most * cases this means setting it to 'now', so the item will be immediately - * downloadable; in the case of bridge descriptors, the zeroth element - * is an hour from now.) */ + * downloadable; when using authorities with fallbacks, there is a few seconds' + * delay.) */ void download_status_reset(download_status_t *dls) { diff --git a/src/or/hs_circuitmap.c b/src/or/hs_circuitmap.c index 09704d796c..63d5c1ba2e 100644 --- a/src/or/hs_circuitmap.c +++ b/src/or/hs_circuitmap.c @@ -407,9 +407,20 @@ hs_circuitmap_get_rend_circ_service_side(const uint8_t *cookie) } /* Public function: Return client-side rendezvous circuit with rendezvous - * <b>cookie</b>. It will first lookup for the CIRCUIT_PURPOSE_C_REND_READY - * purpose and then try for CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED and then - * finally tries for CIRCUIT_PURPOSE_C_ESTABLISH_REND. + * <b>cookie</b>. It will look for circuits with the following purposes: + + * a) CIRCUIT_PURPOSE_C_REND_READY: Established rend circuit (received + * RENDEZVOUS_ESTABLISHED). Waiting for RENDEZVOUS2 from service, and for + * INTRODUCE_ACK from intro point. + * + * b) CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED: Established rend circuit and + * introduce circuit acked. Waiting for RENDEZVOUS2 from service. + * + * c) CIRCUIT_PURPOSE_C_REND_JOINED: Established rend circuit and received + * RENDEZVOUS2 from service. + * + * d) CIRCUIT_PURPOSE_C_ESTABLISH_REND: Rend circuit open but not yet + * established. * * Return NULL if no such circuit is found in the circuitmap. */ origin_circuit_t * @@ -433,6 +444,13 @@ hs_circuitmap_get_rend_circ_client_side(const uint8_t *cookie) circ = hs_circuitmap_get_origin_circuit(HS_TOKEN_REND_CLIENT_SIDE, REND_TOKEN_LEN, cookie, + CIRCUIT_PURPOSE_C_REND_JOINED); + if (circ) { + return circ; + } + + circ = hs_circuitmap_get_origin_circuit(HS_TOKEN_REND_CLIENT_SIDE, + REND_TOKEN_LEN, cookie, CIRCUIT_PURPOSE_C_ESTABLISH_REND); return circ; } diff --git a/src/or/hs_client.c b/src/or/hs_client.c index 2f8953ba78..620ef3a100 100644 --- a/src/or/hs_client.c +++ b/src/or/hs_client.c @@ -747,6 +747,14 @@ handle_introduce_ack_success(origin_circuit_t *intro_circ) } assert_circ_anonymity_ok(rend_circ, get_options()); + + /* It is possible to get a RENDEZVOUS2 cell before the INTRODUCE_ACK which + * means that the circuit will be joined and already transmitting data. In + * that case, simply skip the purpose change and close the intro circuit + * like it should be. */ + if (TO_CIRCUIT(rend_circ)->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) { + goto end; + } circuit_change_purpose(TO_CIRCUIT(rend_circ), CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED); /* Set timestamp_dirty, because circuit_expire_building expects it to @@ -944,7 +952,10 @@ hs_client_decode_descriptor(const char *desc_str, ret = hs_desc_decode_descriptor(desc_str, subcredential, desc); memwipe(subcredential, 0, sizeof(subcredential)); if (ret < 0) { - log_warn(LD_GENERAL, "Could not parse received descriptor as client"); + log_warn(LD_GENERAL, "Could not parse received descriptor as client."); + if (get_options()->SafeLogging_ == SAFELOG_SCRUB_NONE) { + log_warn(LD_GENERAL, "%s", escaped(desc_str)); + } goto err; } @@ -1007,8 +1018,8 @@ hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk) cached_desc = hs_cache_lookup_as_client(identity_pk); if (cached_desc && hs_client_any_intro_points_usable(identity_pk, cached_desc)) { - log_warn(LD_GENERAL, "We would fetch a v3 hidden service descriptor " - "but we already have a useable descriprot."); + log_info(LD_GENERAL, "We would fetch a v3 hidden service descriptor " + "but we already have a usable descriptor."); return 0; } } diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 76e8fe792a..8b07a88853 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -66,12 +66,6 @@ #include "torcert.h" #include "channelpadding.h" -/** Map from lowercase nickname to identity digest of named server, if any. */ -static strmap_t *named_server_map = NULL; -/** Map from lowercase nickname to (void*)1 for all names that are listed - * as unnamed for some server in the consensus. */ -static strmap_t *unnamed_server_map = NULL; - /** Most recently received and validated v3 "ns"-flavored consensus network * status. */ STATIC networkstatus_t *current_ns_consensus = NULL; @@ -142,7 +136,6 @@ static int have_warned_about_old_version = 0; * listed by the authorities. */ static int have_warned_about_new_version = 0; -static void routerstatus_list_update_named_server_map(void); static void update_consensus_bootstrap_multiple_downloads( time_t now, const or_options_t *options); @@ -250,13 +243,6 @@ router_reload_consensus_networkstatus(void) } } - if (!networkstatus_get_latest_consensus()) { - if (!named_server_map) - named_server_map = strmap_new(); - if (!unnamed_server_map) - unnamed_server_map = strmap_new(); - } - update_certificate_downloads(time(NULL)); routers_update_all_from_networkstatus(time(NULL), 3); @@ -794,26 +780,6 @@ router_get_consensus_status_by_id(const char *digest) return router_get_mutable_consensus_status_by_id(digest); } -/** Return the identity digest that's mapped to officially by - * <b>nickname</b>. */ -const char * -networkstatus_get_router_digest_by_nickname(const char *nickname) -{ - if (!named_server_map) - return NULL; - return strmap_get_lc(named_server_map, nickname); -} - -/** Return true iff <b>nickname</b> is disallowed from being the nickname - * of any server. */ -int -networkstatus_nickname_is_unnamed(const char *nickname) -{ - if (!unnamed_server_map) - return 0; - return strmap_get_lc(unnamed_server_map, nickname) != NULL; -} - /** How frequently do directory authorities re-download fresh networkstatus * documents? */ #define AUTHORITY_NS_CACHE_INTERVAL (10*60) @@ -1970,7 +1936,6 @@ networkstatus_set_current_consensus(const char *consensus, update_consensus_networkstatus_fetch_time(now); dirvote_recalculate_timing(options, now); - routerstatus_list_update_named_server_map(); /* Update ewma and adjust policy if needed; first cache the old value */ old_ewma_enabled = cell_ewma_enabled(); @@ -2139,31 +2104,6 @@ routers_update_all_from_networkstatus(time_t now, int dir_version) } } -/** Update our view of the list of named servers from the most recently - * retrieved networkstatus consensus. */ -static void -routerstatus_list_update_named_server_map(void) -{ - networkstatus_t *ns = networkstatus_get_latest_consensus(); - if (!ns) - return; - - strmap_free(named_server_map, tor_free_); - named_server_map = strmap_new(); - strmap_free(unnamed_server_map, NULL); - unnamed_server_map = strmap_new(); - smartlist_t *rslist = ns->routerstatus_list; - SMARTLIST_FOREACH_BEGIN(rslist, const routerstatus_t *, rs) { - if (rs->is_named) { - strmap_set_lc(named_server_map, rs->nickname, - tor_memdup(rs->identity_digest, DIGEST_LEN)); - } - if (rs->is_unnamed) { - strmap_set_lc(unnamed_server_map, rs->nickname, (void*)1); - } - } SMARTLIST_FOREACH_END(rs); -} - /** Given a list <b>routers</b> of routerinfo_t *, update each status field * according to our current consensus networkstatus. May re-order * <b>routers</b>. */ @@ -2649,8 +2589,5 @@ networkstatus_free_all(void) } tor_free(waiting->body); } - - strmap_free(named_server_map, tor_free_); - strmap_free(unnamed_server_map, NULL); } diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h index 145be37d12..adaa108904 100644 --- a/src/or/networkstatus.h +++ b/src/or/networkstatus.h @@ -62,8 +62,6 @@ const routerstatus_t *router_get_consensus_status_by_descriptor_digest( MOCK_DECL(routerstatus_t *, router_get_mutable_consensus_status_by_descriptor_digest, (networkstatus_t *consensus, const char *digest)); -const char *networkstatus_get_router_digest_by_nickname(const char *nickname); -int networkstatus_nickname_is_unnamed(const char *nickname); int we_want_to_fetch_flavor(const or_options_t *options, int flavor); int we_want_to_fetch_unknown_auth_certs(const or_options_t *options); void networkstatus_consensus_download_failed(int status_code, diff --git a/src/or/nodelist.c b/src/or/nodelist.c index 00b8fb144f..01a0e9e856 100644 --- a/src/or/nodelist.c +++ b/src/or/nodelist.c @@ -850,23 +850,6 @@ node_get_by_nickname,(const char *nickname, unsigned flags)) if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME)) return NULL; - /* Okay, so if we get here, the nickname is just a nickname. Is there - * a binding for it in the consensus? */ - { - const char *named_id = - networkstatus_get_router_digest_by_nickname(nickname); - if (named_id) - return node_get_by_id(named_id); - } - - /* Is it marked as owned-by-someone-else? */ - if (networkstatus_nickname_is_unnamed(nickname)) { - log_info(LD_GENERAL, "The name %s is listed as Unnamed: there is some " - "router that holds it, but not one listed in the current " - "consensus.", escaped(nickname)); - return NULL; - } - /* Okay, so the name is not canonical for anybody. */ { smartlist_t *matches = smartlist_new(); diff --git a/src/or/or.h b/src/or/or.h index 161d80ed96..b3c4ed8293 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4212,7 +4212,7 @@ typedef struct { /** If true, do not believe anybody who tells us that a domain resolves * to an internal address, or that an internal address has a PTR mapping. * Helps avoid some cross-site attacks. */ - int ClientDNSRejectInternalAddresses; + int TestingClientDNSRejectInternalAddresses; /** If true, do not accept any requests to connect to internal addresses * over randomly chosen exits. */ @@ -4340,6 +4340,10 @@ typedef struct { * altered on testing networks. */ smartlist_t *TestingBridgeDownloadSchedule; + /** Schedule for when clients should download bridge descriptors when they + * have no running bridges. Only altered on testing networks. */ + smartlist_t *TestingBridgeBootstrapDownloadSchedule; + /** When directory clients have only a few descriptors to request, they * batch them until they have more, or until this amount of time has * passed. Only altered on testing networks. */ diff --git a/src/or/relay.c b/src/or/relay.c index ba9c09b843..c00afc8e72 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -930,7 +930,7 @@ connection_ap_process_end_not_open( connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); return 0; } - if (get_options()->ClientDNSRejectInternalAddresses && + if (get_options()->TestingClientDNSRejectInternalAddresses && tor_addr_is_internal(&addr, 0)) { log_info(LD_APP,"Address '%s' resolved to internal. Closing,", safe_str(conn->socks_request->address)); @@ -1347,7 +1347,7 @@ connection_edge_process_resolved_cell(edge_connection_t *conn, goto done; } - if (get_options()->ClientDNSRejectInternalAddresses) { + if (get_options()->TestingClientDNSRejectInternalAddresses) { int orig_len = smartlist_len(resolved_addresses); SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) { if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) { @@ -1440,7 +1440,7 @@ connection_edge_process_relay_cell_not_open( if (tor_addr_family(&addr) != AF_UNSPEC) { const sa_family_t family = tor_addr_family(&addr); if (tor_addr_is_null(&addr) || - (get_options()->ClientDNSRejectInternalAddresses && + (get_options()->TestingClientDNSRejectInternalAddresses && tor_addr_is_internal(&addr, 0))) { log_info(LD_APP, "...but it claims the IP address was %s. Closing.", fmt_addr(&addr)); diff --git a/src/or/router.c b/src/or/router.c index 665e95d3aa..2bc7a875f1 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -3497,7 +3497,7 @@ router_get_description(char *buf, const routerinfo_t *ri) return "<null>"; return format_node_description(buf, ri->cache_info.identity_digest, - router_is_named(ri), + 0, ri->nickname, NULL, ri->addr); @@ -3623,21 +3623,16 @@ extend_info_describe(const extend_info_t *ei) * verbose representation of the identity of <b>router</b>. The format is: * A dollar sign. * The upper-case hexadecimal encoding of the SHA1 hash of router's identity. - * A "=" if the router is named; a "~" if it is not. + * A "=" if the router is named (no longer implemented); a "~" if it is not. * The router's nickname. **/ void router_get_verbose_nickname(char *buf, const routerinfo_t *router) { - const char *good_digest = networkstatus_get_router_digest_by_nickname( - router->nickname); - int is_named = good_digest && tor_memeq(good_digest, - router->cache_info.identity_digest, - DIGEST_LEN); buf[0] = '$'; base16_encode(buf+1, HEX_DIGEST_LEN+1, router->cache_info.identity_digest, DIGEST_LEN); - buf[1+HEX_DIGEST_LEN] = is_named ? '=' : '~'; + buf[1+HEX_DIGEST_LEN] = '~'; strlcpy(buf+1+HEX_DIGEST_LEN+1, router->nickname, MAX_NICKNAME_LEN+1); } diff --git a/src/or/routerlist.c b/src/or/routerlist.c index cc4c196240..9111d93c3c 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2957,18 +2957,6 @@ hex_digest_nickname_matches(const char *hexdigest, const char *identity_digest, return tor_memeq(digest, identity_digest, DIGEST_LEN); } -/** Return true iff <b>router</b> is listed as named in the current - * consensus. */ -int -router_is_named(const routerinfo_t *router) -{ - const char *digest = - networkstatus_get_router_digest_by_nickname(router->nickname); - - return (digest && - tor_memeq(digest, router->cache_info.identity_digest, DIGEST_LEN)); -} - /** Return true iff <b>digest</b> is the digest of the identity key of a * trusted directory matching at least one bit of <b>type</b>. If <b>type</b> * is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */ diff --git a/src/or/routerlist.h b/src/or/routerlist.h index 931373f5cd..27c8d88f05 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -80,7 +80,6 @@ const node_t *router_choose_random_node(smartlist_t *excludedsmartlist, struct routerset_t *excludedset, router_crn_flags_t flags); -int router_is_named(const routerinfo_t *router); int router_digest_is_trusted_dir_type(const char *digest, dirinfo_type_t type); #define router_digest_is_trusted_dir(d) \ diff --git a/src/test/include.am b/src/test/include.am index d1488057e1..ced16c0a8d 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -39,12 +39,13 @@ TESTS += src/test/test src/test/test-slow src/test/test-memwipe \ $(TESTSCRIPTS) # These flavors are run using automake's test-driver and test-network.sh -TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-min single-onion +TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-v2-min hs-v3-min \ + single-onion-v23 # only run if we can ping6 ::1 (localhost) -TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-ipv6 \ - single-onion-ipv6 +TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-v23-ipv6 \ + single-onion-v23-ipv6 # only run if we can find a stable (or simply another) version of tor -TEST_CHUTNEY_FLAVORS_MIXED = mixed +TEST_CHUTNEY_FLAVORS_MIXED = mixed+hs-v23 ### This is a lovely feature, but it requires automake >= 1.12, and Tor ### doesn't require that yet. diff --git a/src/test/test_channelpadding.c b/src/test/test_channelpadding.c index 3b889991b6..1c6107a872 100644 --- a/src/test/test_channelpadding.c +++ b/src/test/test_channelpadding.c @@ -26,6 +26,7 @@ void test_channelpadding_timers(void *arg); void test_channelpadding_consensus(void *arg); void test_channelpadding_negotiation(void *arg); void test_channelpadding_decide_to_pad_channel(void *arg); +void test_channelpadding_killonehop(void *arg); void dummy_nop_timer(void); @@ -111,8 +112,6 @@ setup_fake_connection_for_channel(channel_tls_t *chan) conn->base_.conn_array_index = smartlist_len(connection_array); smartlist_add(connection_array, conn); - connection_or_set_canonical(conn, 1); - conn->chan = chan; chan->conn = conn; @@ -127,6 +126,8 @@ setup_fake_connection_for_channel(channel_tls_t *chan) conn->tls = (tor_tls_t *)((void *)(&fake_tortls)); conn->link_proto = MIN_LINK_PROTO_FOR_CHANNEL_PADDING; + + connection_or_set_canonical(conn, 1); } static channel_tls_t * @@ -166,16 +167,30 @@ free_fake_channeltls(channel_tls_t *chan) } static void -setup_mock_network(void) +setup_mock_consensus(void) { - routerstatus_t *relay; - connection_array = smartlist_new(); - current_md_consensus = current_ns_consensus = tor_malloc_zero(sizeof(networkstatus_t)); current_md_consensus->net_params = smartlist_new(); current_md_consensus->routerstatus_list = smartlist_new(); channelpadding_new_consensus_params(current_md_consensus); +} + +static void +free_mock_consensus(void) +{ + SMARTLIST_FOREACH(current_md_consensus->routerstatus_list, void *, r, + tor_free(r)); + smartlist_free(current_md_consensus->routerstatus_list); + smartlist_free(current_ns_consensus->net_params); + tor_free(current_ns_consensus); +} + +static void +setup_mock_network(void) +{ + routerstatus_t *relay; + connection_array = smartlist_new(); relay1_relay2 = (channel_t*)new_fake_channeltls(2); relay1_relay2->write_cell = mock_channel_write_cell_relay1; @@ -202,6 +217,11 @@ setup_mock_network(void) client_relay3 = (channel_t*)new_fake_channeltls(3); client_relay3->write_cell = mock_channel_write_cell_client; channel_timestamp_active(client_relay3); + + channel_do_open_actions(relay1_relay2); + channel_do_open_actions(relay2_relay1); + channel_do_open_actions(relay3_client); + channel_do_open_actions(client_relay3); } static void @@ -212,12 +232,7 @@ free_mock_network(void) free_fake_channeltls((channel_tls_t*)relay3_client); free_fake_channeltls((channel_tls_t*)client_relay3); - SMARTLIST_FOREACH(current_md_consensus->routerstatus_list, void *, r, - tor_free(r)); - smartlist_free(current_md_consensus->routerstatus_list); - smartlist_free(current_ns_consensus->net_params); smartlist_free(connection_array); - tor_free(current_ns_consensus); } static void @@ -345,6 +360,155 @@ test_channelpadding_timers(void *arg) } void +test_channelpadding_killonehop(void *arg) +{ + channelpadding_decision_t decision; + (void)arg; + tor_libevent_postfork(); + + routerstatus_t *relay = tor_malloc_zero(sizeof(routerstatus_t)); + monotime_init(); + timers_initialize(); + + setup_mock_consensus(); + setup_mock_network(); + + /* Do we disable padding if tor2webmode or rsos are enabled, and + * the consensus says don't pad? */ + + /* Ensure we can kill tor2web and rsos padding if we want. */ + // First, test that padding works if either is enabled + smartlist_clear(current_md_consensus->net_params); + channelpadding_new_consensus_params(current_md_consensus); + + tried_to_write_cell = 0; + get_options_mutable()->Tor2webMode = 1; + client_relay3->next_padding_time_ms = monotime_coarse_absolute_msec() + 100; + decision = channelpadding_decide_to_pad_channel(client_relay3); + tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED); + tt_assert(client_relay3->pending_padding_callback); + tt_int_op(tried_to_write_cell, OP_EQ, 0); + + decision = channelpadding_decide_to_pad_channel(client_relay3); + tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_ALREADY_SCHEDULED); + + // Wait for the timer + event_base_loop(tor_libevent_get_base(), 0); + tt_int_op(tried_to_write_cell, OP_EQ, 1); + tt_assert(!client_relay3->pending_padding_callback); + + // Then test disabling each via consensus param + smartlist_add(current_md_consensus->net_params, + (void*)"nf_pad_tor2web=0"); + channelpadding_new_consensus_params(current_md_consensus); + + // Before the client tries to pad, the relay will still pad: + tried_to_write_cell = 0; + relay3_client->next_padding_time_ms = monotime_coarse_absolute_msec() + 100; + get_options_mutable()->ORPort_set = 1; + get_options_mutable()->Tor2webMode = 0; + decision = channelpadding_decide_to_pad_channel(relay3_client); + tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED); + tt_assert(relay3_client->pending_padding_callback); + + // Wait for the timer + event_base_loop(tor_libevent_get_base(), 0); + tt_int_op(tried_to_write_cell, OP_EQ, 1); + tt_assert(!client_relay3->pending_padding_callback); + + // Test client side (it should stop immediately, but send a negotiate) + tried_to_write_cell = 0; + tt_assert(relay3_client->padding_enabled); + tt_assert(client_relay3->padding_enabled); + get_options_mutable()->Tor2webMode = 1; + /* For the relay to recieve the negotiate: */ + get_options_mutable()->ORPort_set = 1; + decision = channelpadding_decide_to_pad_channel(client_relay3); + tt_int_op(decision, OP_EQ, CHANNELPADDING_WONTPAD); + tt_int_op(tried_to_write_cell, OP_EQ, 1); + tt_assert(!client_relay3->pending_padding_callback); + tt_assert(!relay3_client->padding_enabled); + + // Test relay side (it should have gotten the negotiation to disable) + get_options_mutable()->ORPort_set = 1; + get_options_mutable()->Tor2webMode = 0; + tt_int_op(channelpadding_decide_to_pad_channel(relay3_client), OP_EQ, + CHANNELPADDING_WONTPAD); + tt_assert(!relay3_client->padding_enabled); + + /* Repeat for SOS */ + // First, test that padding works if either is enabled + smartlist_clear(current_md_consensus->net_params); + channelpadding_new_consensus_params(current_md_consensus); + + relay3_client->padding_enabled = 1; + client_relay3->padding_enabled = 1; + + tried_to_write_cell = 0; + get_options_mutable()->ORPort_set = 0; + get_options_mutable()->HiddenServiceSingleHopMode = 1; + get_options_mutable()->HiddenServiceNonAnonymousMode = 1; + client_relay3->next_padding_time_ms = monotime_coarse_absolute_msec() + 100; + decision = channelpadding_decide_to_pad_channel(client_relay3); + tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED); + tt_assert(client_relay3->pending_padding_callback); + tt_int_op(tried_to_write_cell, OP_EQ, 0); + + decision = channelpadding_decide_to_pad_channel(client_relay3); + tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_ALREADY_SCHEDULED); + + // Wait for the timer + event_base_loop(tor_libevent_get_base(), 0); + tt_int_op(tried_to_write_cell, OP_EQ, 1); + tt_assert(!client_relay3->pending_padding_callback); + + // Then test disabling each via consensus param + smartlist_add(current_md_consensus->net_params, + (void*)"nf_pad_single_onion=0"); + channelpadding_new_consensus_params(current_md_consensus); + + // Before the client tries to pad, the relay will still pad: + tried_to_write_cell = 0; + relay3_client->next_padding_time_ms = monotime_coarse_absolute_msec() + 100; + get_options_mutable()->ORPort_set = 1; + get_options_mutable()->HiddenServiceSingleHopMode = 0; + get_options_mutable()->HiddenServiceNonAnonymousMode = 0; + decision = channelpadding_decide_to_pad_channel(relay3_client); + tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED); + tt_assert(relay3_client->pending_padding_callback); + + // Wait for the timer + event_base_loop(tor_libevent_get_base(), 0); + tt_int_op(tried_to_write_cell, OP_EQ, 1); + tt_assert(!client_relay3->pending_padding_callback); + + // Test client side (it should stop immediately) + get_options_mutable()->HiddenServiceSingleHopMode = 1; + get_options_mutable()->HiddenServiceNonAnonymousMode = 1; + /* For the relay to recieve the negotiate: */ + get_options_mutable()->ORPort_set = 1; + decision = channelpadding_decide_to_pad_channel(client_relay3); + tt_int_op(decision, OP_EQ, CHANNELPADDING_WONTPAD); + tt_assert(!client_relay3->pending_padding_callback); + + // Test relay side (it should have gotten the negotiation to disable) + get_options_mutable()->ORPort_set = 1; + get_options_mutable()->HiddenServiceSingleHopMode = 0; + get_options_mutable()->HiddenServiceNonAnonymousMode = 0; + tt_int_op(channelpadding_decide_to_pad_channel(relay3_client), OP_EQ, + CHANNELPADDING_WONTPAD); + tt_assert(!relay3_client->padding_enabled); + + done: + free_mock_consensus(); + free_mock_network(); + tor_free(relay); + + timers_shutdown(); + channel_free_all(); +} + +void test_channelpadding_consensus(void *arg) { channelpadding_decision_t decision; @@ -379,11 +543,7 @@ test_channelpadding_consensus(void *arg) chan = (channel_t*)new_fake_channeltls(0); channel_timestamp_active(chan); - current_md_consensus = current_ns_consensus - = tor_malloc_zero(sizeof(networkstatus_t)); - current_md_consensus->net_params = smartlist_new(); - current_md_consensus->routerstatus_list = smartlist_new(); - channelpadding_new_consensus_params(current_md_consensus); + setup_mock_consensus(); get_options_mutable()->ORPort_set = 1; @@ -441,6 +601,7 @@ test_channelpadding_consensus(void *arg) channelpadding_new_consensus_params(current_md_consensus); tried_to_write_cell = 0; + chan->next_padding_time_ms = monotime_coarse_absolute_msec() + 100; decision = channelpadding_decide_to_pad_channel(chan); tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED); tt_assert(chan->pending_padding_callback); @@ -547,12 +708,9 @@ test_channelpadding_consensus(void *arg) tt_i64_op(val, OP_LE, 24*60*60*2); done: + free_mock_consensus(); free_fake_channeltls((channel_tls_t*)chan); smartlist_free(connection_array); - smartlist_free(current_md_consensus->routerstatus_list); - smartlist_free(current_ns_consensus->net_params); - tor_free(relay); - tor_free(current_ns_consensus); timers_shutdown(); channel_free_all(); @@ -579,6 +737,7 @@ test_channelpadding_negotiation(void *arg) */ monotime_init(); timers_initialize(); + setup_mock_consensus(); setup_mock_network(); /* Test case #1: Do the right things ignore negotiation? */ @@ -680,6 +839,7 @@ test_channelpadding_negotiation(void *arg) done: free_mock_network(); + free_mock_consensus(); timers_shutdown(); channel_free_all(); @@ -892,6 +1052,7 @@ struct testcase_t channelpadding_tests[] = { TEST_CHANNELPADDING(channelpadding_decide_to_pad_channel, TT_FORK), TEST_CHANNELPADDING(channelpadding_negotiation, TT_FORK), TEST_CHANNELPADDING(channelpadding_consensus, TT_FORK), + TEST_CHANNELPADDING(channelpadding_killonehop, TT_FORK), TEST_CHANNELPADDING(channelpadding_timers, TT_FORK), END_OF_TESTCASES }; diff --git a/src/test/test_dir.c b/src/test/test_dir.c index b6b0936f83..dd910cd0c5 100644 --- a/src/test/test_dir.c +++ b/src/test/test_dir.c @@ -18,6 +18,7 @@ #define RELAY_PRIVATE #include "or.h" +#include "bridges.h" #include "confparse.h" #include "config.h" #include "control.h" @@ -4245,7 +4246,7 @@ test_dir_download_status_increment(void *arg) /* Put it in the options */ mock_options = &test_options; reset_options(mock_options, &mock_get_options_calls); - mock_options->TestingBridgeDownloadSchedule = schedule; + mock_options->TestingBridgeBootstrapDownloadSchedule = schedule; mock_options->TestingClientDownloadSchedule = schedule; MOCK(get_options, mock_get_options); @@ -4425,6 +4426,7 @@ test_dir_download_status_increment(void *arg) /* Check that failure increments do happen on attempt-based schedules, * but that the retry is set at the end of time */ + mock_options->UseBridges = 1; mock_get_options_calls = 0; next_at = download_status_increment_failure(&dls_attempt, 404, "test", 0, current_time); @@ -4539,6 +4541,7 @@ test_dir_download_status_increment(void *arg) tt_int_op(download_status_get_n_failures(&dls_attempt), OP_EQ, 0); tt_int_op(download_status_get_n_attempts(&dls_attempt), OP_EQ, 0); tt_int_op(mock_get_options_calls, OP_GE, 1); + mock_options->UseBridges = 0; /* Check that attempt increments don't happen on failure-based schedules, * and that the attempt is set at the end of time */ @@ -5859,9 +5862,17 @@ mock_networkstatus_consensus_can_use_extra_fallbacks( return mock_networkstatus_consensus_can_use_extra_fallbacks_value; } -/* data is a 2 character nul-terminated string. +static int mock_any_bridge_descriptors_known_value = 0; +static int +mock_any_bridge_descriptors_known(void) +{ + return mock_any_bridge_descriptors_known_value; +} + +/* data is a 3 character nul-terminated string. * If data[0] is 'b', set bootstrapping, anything else means not bootstrapping * If data[1] is 'f', set extra fallbacks, anything else means no extra + * If data[2] is 'f', set running bridges, anything else means no extra * fallbacks. */ static void @@ -5869,7 +5880,7 @@ test_dir_find_dl_schedule(void* data) { const char *str = (const char *)data; - tt_assert(strlen(data) == 2); + tt_assert(strlen(data) == 3); if (str[0] == 'b') { mock_networkstatus_consensus_is_bootstrapping_value = 1; @@ -5883,15 +5894,23 @@ test_dir_find_dl_schedule(void* data) mock_networkstatus_consensus_can_use_extra_fallbacks_value = 0; } + if (str[2] == 'r') { + mock_any_bridge_descriptors_known_value = 1; + } else { + mock_any_bridge_descriptors_known_value = 0; + } + MOCK(networkstatus_consensus_is_bootstrapping, mock_networkstatus_consensus_is_bootstrapping); MOCK(networkstatus_consensus_can_use_extra_fallbacks, mock_networkstatus_consensus_can_use_extra_fallbacks); + MOCK(any_bridge_descriptors_known, + mock_any_bridge_descriptors_known); download_status_t dls; smartlist_t server, client, server_cons, client_cons; smartlist_t client_boot_auth_only_cons, client_boot_auth_cons; - smartlist_t client_boot_fallback_cons, bridge; + smartlist_t client_boot_fallback_cons, bridge, bridge_bootstrap; mock_options = tor_malloc(sizeof(or_options_t)); reset_options(mock_options, &mock_get_options_calls); @@ -5908,6 +5927,7 @@ test_dir_find_dl_schedule(void* data) mock_options->ClientBootstrapConsensusFallbackDownloadSchedule = &client_boot_fallback_cons; mock_options->TestingBridgeDownloadSchedule = &bridge; + mock_options->TestingBridgeBootstrapDownloadSchedule = &bridge_bootstrap; dls.schedule = DL_SCHED_GENERIC; /* client */ @@ -5996,11 +6016,17 @@ test_dir_find_dl_schedule(void* data) dls.schedule = DL_SCHED_BRIDGE; /* client */ mock_options->ClientOnly = 1; - tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &bridge); + mock_options->UseBridges = 1; + if (any_bridge_descriptors_known()) { + tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &bridge); + } else { + tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &bridge_bootstrap); + } done: UNMOCK(networkstatus_consensus_is_bootstrapping); UNMOCK(networkstatus_consensus_can_use_extra_fallbacks); + UNMOCK(any_bridge_descriptors_known); UNMOCK(get_options); tor_free(mock_options); mock_options = NULL; @@ -6165,10 +6191,14 @@ struct testcase_t dir_tests[] = { DIR(dump_unparseable_descriptors, 0), DIR(populate_dump_desc_fifo, 0), DIR(populate_dump_desc_fifo_2, 0), - DIR_ARG(find_dl_schedule, TT_FORK, "bf"), - DIR_ARG(find_dl_schedule, TT_FORK, "ba"), - DIR_ARG(find_dl_schedule, TT_FORK, "cf"), - DIR_ARG(find_dl_schedule, TT_FORK, "ca"), + DIR_ARG(find_dl_schedule, TT_FORK, "bfd"), + DIR_ARG(find_dl_schedule, TT_FORK, "bad"), + DIR_ARG(find_dl_schedule, TT_FORK, "cfd"), + DIR_ARG(find_dl_schedule, TT_FORK, "cad"), + DIR_ARG(find_dl_schedule, TT_FORK, "bfr"), + DIR_ARG(find_dl_schedule, TT_FORK, "bar"), + DIR_ARG(find_dl_schedule, TT_FORK, "cfr"), + DIR_ARG(find_dl_schedule, TT_FORK, "car"), DIR(assumed_flags, 0), DIR(networkstatus_compute_bw_weights_v10, 0), END_OF_TESTCASES diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index f30bb5ffa1..d87670d82b 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -917,6 +917,7 @@ test_entry_guard_node_filter(void *arg) routerset_parse(get_options_mutable()->ExcludeNodes, "144.144.0.0/16", ""); /* 4: Bridge. */ + get_options_mutable()->UseBridges = 1; sweep_bridge_list(); bl = tor_malloc_zero(sizeof(bridge_line_t)); tor_addr_from_ipv4h(&bl->addr, n[4]->rs->addr); @@ -924,6 +925,7 @@ test_entry_guard_node_filter(void *arg) memcpy(bl->digest, n[4]->identity, 20); bridge_add_from_config(bl); bl = NULL; // prevent free. + get_options_mutable()->UseBridges = 0; /* 5: Unreachable. This stays in the filter, but isn't in usable-filtered */ g[5]->last_tried_to_connect = approx_time(); // prevent retry. diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c index b0e7f5e1e7..da592eb08f 100644 --- a/src/test/test_hs_common.c +++ b/src/test/test_hs_common.c @@ -1494,9 +1494,6 @@ helper_test_hsdir_sync(networkstatus_t *ns, * the client was also picked by service. */ - cleanup_nodelist(); - smartlist_clear(ns->routerstatus_list); - /* 1) Initialize service time: consensus and real time */ time_t now = helper_set_consensus_and_system_time(ns, service_between_srv_and_tp); @@ -1508,6 +1505,8 @@ helper_test_hsdir_sync(networkstatus_t *ns, /* Now let's upload our desc to all hsdirs */ upload_descriptor_to_all(service, desc); + /* Cleanup right now so we don't memleak on error. */ + cleanup_nodelist(); /* Check that previous hsdirs were populated */ tt_int_op(smartlist_len(desc->previous_hsdirs), OP_EQ, 6); @@ -1515,6 +1514,8 @@ helper_test_hsdir_sync(networkstatus_t *ns, now = helper_set_consensus_and_system_time(ns, client_between_srv_and_tp); cleanup_nodelist(); + SMARTLIST_FOREACH(ns->routerstatus_list, + routerstatus_t *, rs, routerstatus_free(rs)); smartlist_clear(ns->routerstatus_list); helper_initialize_big_hash_ring(ns); @@ -1522,6 +1523,8 @@ helper_test_hsdir_sync(networkstatus_t *ns, char client_hsdir_b64_digest[BASE64_DIGEST_LEN+1] = {0}; helper_client_pick_hsdir(&service->keys.identity_pk, client_hsdir_b64_digest); + /* Cleanup right now so we don't memleak on error. */ + cleanup_nodelist(); /* CHECK: Go through the hsdirs chosen by the service and make sure that it * contains the one picked by the client! */ @@ -1534,6 +1537,9 @@ helper_test_hsdir_sync(networkstatus_t *ns, * need it for next scenario. */ hs_service_free_all(); hs_service_init(); + SMARTLIST_FOREACH(ns->routerstatus_list, + routerstatus_t *, rs, routerstatus_free(rs)); + smartlist_clear(ns->routerstatus_list); } /** This test ensures that client and service will pick the same HSDirs, under @@ -1643,9 +1649,6 @@ test_client_service_hsdir_set_sync(void *arg) helper_test_hsdir_sync(ns, 0, 1, 0); done: - SMARTLIST_FOREACH(ns->routerstatus_list, - routerstatus_t *, rs, routerstatus_free(rs)); - smartlist_clear(ns->routerstatus_list); networkstatus_vote_free(ns); nodelist_free_all(); hs_free_all(); diff --git a/src/test/test_nodelist.c b/src/test/test_nodelist.c index db2a8fd02c..a873003d72 100644 --- a/src/test/test_nodelist.c +++ b/src/test/test_nodelist.c @@ -197,8 +197,8 @@ test_nodelist_ed_id(void *arg) tor_free(ri[i]->cache_info.signing_key_cert); tor_free(ri[i]); } - smartlist_free(ns->routerstatus_list); - tor_free(ns); + smartlist_clear(ns->routerstatus_list); + networkstatus_vote_free(ns); UNMOCK(networkstatus_get_latest_consensus); UNMOCK(networkstatus_get_latest_consensus_by_flavor); } diff --git a/src/test/test_options.c b/src/test/test_options.c index 92e6982823..65b678cf5b 100644 --- a/src/test/test_options.c +++ b/src/test/test_options.c @@ -2232,6 +2232,7 @@ test_options_validate__testing(void *ignored) ENSURE_DEFAULT(TestingServerConsensusDownloadSchedule, 3000); ENSURE_DEFAULT(TestingClientConsensusDownloadSchedule, 3000); ENSURE_DEFAULT(TestingBridgeDownloadSchedule, 3000); + ENSURE_DEFAULT(TestingBridgeBootstrapDownloadSchedule, 3000); ENSURE_DEFAULT(TestingClientMaxIntervalWithoutRequest, 3000); ENSURE_DEFAULT(TestingDirConnectionMaxStall, 3000); ENSURE_DEFAULT(TestingConsensusMaxDownloadTries, 3000); diff --git a/src/test/test_relaycell.c b/src/test/test_relaycell.c index eea1f5dc80..9c010deece 100644 --- a/src/test/test_relaycell.c +++ b/src/test/test_relaycell.c @@ -112,7 +112,7 @@ test_relaycell_resolved(void *arg) MOCK(connection_mark_unattached_ap_, mark_unattached_mock); MOCK(connection_ap_handshake_socks_resolved, socks_resolved_mock); - options->ClientDNSRejectInternalAddresses = 0; + options->TestingClientDNSRejectInternalAddresses = 0; SET_CELL(/* IPv4: 127.0.1.2, ttl 256 */ "\x04\x04\x7f\x00\x01\x02\x00\x00\x01\x00" @@ -151,7 +151,7 @@ test_relaycell_resolved(void *arg) /* But we may be discarding private answers. */ MOCK_RESET(); - options->ClientDNSRejectInternalAddresses = 1; + options->TestingClientDNSRejectInternalAddresses = 1; r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh); tt_int_op(r, OP_EQ, 0); ASSERT_MARK_CALLED(END_STREAM_REASON_DONE| |