diff options
102 files changed, 1946 insertions, 689 deletions
diff --git a/.appveyor.yml b/.appveyor.yml index 03cf2f69f6..13d0d116ae 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -8,8 +8,6 @@ clone_depth: 50 image: # Windows Server 2019 - Visual Studio 2019 - # Windows Server 2012 R2 - - Visual Studio 2015 environment: compiler: mingw @@ -37,12 +35,6 @@ matrix: compiler_path: mingw32 mingw_prefix: mingw-w64-i686 hardening: - - image: Visual Studio 2015 - target: x86_64-w64-mingw32 - compiler_path: mingw64 - mingw_prefix: mingw-w64-x86_64 - # hardening doesn't work with mingw-w64-x86_64-gcc, because it's gcc 8 - hardening: --disable-gcc-hardening install: - ps: >- diff --git a/.gitignore b/.gitignore index f1ce903a11..736abbedc3 100644 --- a/.gitignore +++ b/.gitignore @@ -36,6 +36,12 @@ details-*.json uptime-*.json *.full_url *.last_modified +# Core files +core +core.* +!core/ +# ccls file that can be per directory. +*.ccls # / /Makefile @@ -73,6 +79,7 @@ uptime-*.json /Tor*Bundle.dmg /tor-*-win32.exe /warning_flags +/compile_commands.json /coverage_html/ /callgraph/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d2d0d55dd4..ba61c71b2b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,45 +1,228 @@ -before_script: - - apt-get update -qq - - apt-get upgrade -qy - -build: - script: - - apt-get install -qy --fix-missing automake build-essential - libevent-dev libssl-dev zlib1g-dev - libseccomp-dev liblzma-dev libscrypt-dev - - ./autogen.sh - - ./configure --disable-asciidoc --enable-fatal-warnings - --disable-silent-rules - - make check || (e=$?; cat test-suite.log; exit $e) - - make install - -update: - only: - - schedules - script: - - "apt-get install -y --fix-missing git openssh-client" - - # Run ssh-agent (inside the build environment) - - eval $(ssh-agent -s) - - # Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store - - ssh-add <(echo "$DEPLOY_KEY") - - # For Docker builds disable host key checking. Be aware that by adding that - # you are susceptible to man-in-the-middle attacks. - # WARNING: Use this only with the Docker executor, if you use it with shell - # you will overwrite your user's SSH config. - - mkdir -p ~/.ssh - - '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config' - # In order to properly check the server's host key, assuming you created the - # SSH_SERVER_HOSTKEYS variable previously, uncomment the following two lines - # instead. - - mkdir -p ~/.ssh - - '[[ -f /.dockerenv ]] && echo "$SSH_SERVER_HOSTKEYS" > ~/.ssh/known_hosts' - - echo "merging from torgit" - - git config --global user.email "labadmin@oniongit.eu" - - git config --global user.name "gitadmin" - - "mkdir tor" - - "cd tor" - - git clone --bare https://git.torproject.org/tor.git - - git push --mirror git@oniongit.eu:network/tor.git +#### +# DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED +# BRANCH, THEN MERGE FORWARD. +#### + +# This file controls how gitlab validates Tor commits and merge requests. +# +# It is primarily based on a set of scripts and configurations by +# Hans-Christoph Steiner. It only copies parts of those scripts and +# configurations for now. If you want a new piece of functionality +# (more debians, more fedoras, android support) then you shouldn't +# start from scratch: have a look at the original ticket, at +# https://gitlab.torproject.org/tpo/core/tor/-/issues/32193 ! +# +# The file to copy from is +# https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/96/diffs#diff-content-587d266bb27a4dc3022bbed44dfa19849df3044c +# +# Having said that, if there is anything really stupid here, don't +# blame it on Hans-Christoph! Tor probably added it on their own. +# +# Copyright 2020, The Tor Project, Inc. +# See LICENSE for licence information. + +# These variables are set everywhere, unconditionally. +variables: + TERM: "ansi" + DEBUG_CI: "yes" + +# This template is for exporting ephemeral things from the scripts. By +# convention we expect our scripts to copy stuff into artifacts/, rather than +# having a big list of files that be treated as artifacts. +.artifacts-template: &artifacts-template + artifacts: + name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}" + expire_in: 1 week + when: always + paths: + - artifacts/ + +# This template should be usable on any system that's based on apt. +.apt-template: &apt-template | + export LC_ALL=C.UTF-8 + echo Etc/UTC > /etc/timezone + mkdir -p apt-cache + export APT_CACHE_DIR="$(pwd)/apt-cache" + echo 'quiet "1";' \ + 'APT::Install-Recommends "0";' \ + 'APT::Install-Suggests "0";' \ + 'APT::Acquire::Retries "20";' \ + 'APT::Get::Assume-Yes "true";' \ + 'Dpkg::Use-Pty "0";' \ + "Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \ + >> /etc/apt/apt.conf.d/99gitlab + apt-get update -qq + apt-get upgrade -qy + +# This template sets us up for Debian system in particular. +.debian-template: &debian-template + <<: *artifacts-template + variables: + DEBIAN_FRONTEND: "noninteractive" + # TODO: Using "cache" in this way speeds up our downloads. It would be + # even better, though, to start with a pre-upgraded debian image. + # + # TODO: Will we have to do this differently once we have more than one + # debian version that we're using? + cache: + key: apt + paths: + - apt-cache + before_script: + - *apt-template + # Install patches unconditionally. + - apt-get install + automake + build-essential + ca-certificates + git + libevent-dev + liblzma-dev + libscrypt-dev + libseccomp-dev + libssl-dev + pkg-config + python3 + zlib1g-dev + # Install patches that we only need for some use cases. + - if [ "$ASCIIDOC" = yes ]; then apt-get install asciidoc xmlto; fi + - if [ "$DOXYGEN" = yes ]; then apt-get install doxygen; fi + - if [ "$STEM" = yes ]; then apt-get install timelimit; fi + - if [ "$CC" = clang ]; then apt-get install clang; fi + - if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi + # TODO: This next line should not be debian-only. + - if [ "$STEM" = yes ]; then git clone --depth 1 https://git.torproject.org/stem.git ; export STEM_PATH="$(pwd)/stem"; fi + # TODO: This next line should not be debian-only. + - if [ "$CHUTNEY" = yes ]; then git clone --depth 1 https://git.torproject.org/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi + - if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi + +# Minmal check on debian: just make, make check. +# +debian-minimal: + image: debian:stable + <<: *debian-template + script: + - ./scripts/ci/ci-driver.sh + +##### +# Run "make check" with a hardened clang on debian stable. This takes +# care of a hardening check, and a compile-with-clang check. +# +# TODO: This will be faster once we merge #40098 and #40099. +debian-hardened: + image: debian:testing + <<: *debian-template + variables: + ALL_BUGS_ARE_FATAL: "yes" + HARDENING: "yes" + CC: "clang" + script: + - ./scripts/ci/ci-driver.sh + +##### +# Distcheck on debian stable +debian-distcheck: + image: debian:stable + <<: *debian-template + variables: + DISTCHECK: "yes" + CHECK: "no" + script: + - ./scripts/ci/ci-driver.sh + +##### +# Documentation tests on debian stable: doxygen and asciidoc. +debian-docs: + image: debian:stable + <<: *debian-template + variables: + DOXYGEN: "yes" + ASCIIDOC: "yes" + CHECK: "no" + RUN_STAGE_BUILD: "no" + script: + - ./scripts/ci/ci-driver.sh + +##### +# Integration tests on debian stable: chutney and stem. +# +# TODO: It would be cool if this target didn't have to re-build tor, and +# could instead re-use Tor from debian-minimal. That can be done +# with the 'artifacts' mechanism, in theory, but it would be good to +# avoid having to have a system with hundreds of artifacts. +debian-integration: + image: debian:stable + <<: *debian-template + variables: + CHECK: "no" + CHUTNEY: "yes" + CHUTNEY_MAKE_TARGET: "test-network-all" + STEM: "yes" + ALL_BUGS_ARE_FATAL: "yes" + script: + - ./scripts/ci/ci-driver.sh + +##### +# Tracing build on Debian stable. +debian-tracing: + image: debian:stable + <<: *debian-template + variables: + TRACING: "yes" + CHECK: "no" + script: + - ./scripts/ci/ci-driver.sh + # Ensure that we only run tracing when it's implemented. + # + # Once versions before 0.4.5 are obsolete, we can remove this test. + rules: + # This first "if" check prevents us from running a duplicate version of + # this pipeline whenever we push and create an MR. I don't understand why + # it is necessary, though the following URL purports to explain: + # + # https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines + - if: '$CI_PIPELINE_SOURCE == "push"' + exists: + - src/lib/trace/trace_sys.c + +##### +# No-authority mode +debian-disable-dirauth: + image: debian:stable + <<: *debian-template + variables: + DISABLE_DIRAUTH: "yes" + script: + - ./scripts/ci/ci-driver.sh + +##### +# No-relay mode +debian-disable-relay: + image: debian:stable + <<: *debian-template + variables: + DISABLE_RELAY: "yes" + script: + - ./scripts/ci/ci-driver.sh + # Ensure that we only run tracing when it's implemented. + # + # Once versions before 0.4.3 are obsolete, we can remove this test. + rules: + # This first "if" check prevents us from running a duplicate version of + # this pipeline whenever we push and create an MR. I don't understand why + # it is necessary, though the following URL purports to explain: + # + # https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines + - if: '$CI_PIPELINE_SOURCE == "push"' + exists: + - src/feature/relay/relay_stub.c + +##### +# NSS check on debian +debian-nss: + image: debian:stable + <<: *debian-template + variables: + NSS: "yes" + script: + - ./scripts/ci/ci-driver.sh diff --git a/Makefile.am b/Makefile.am index 5d18666edc..c7bc514287 100644 --- a/Makefile.am +++ b/Makefile.am @@ -149,6 +149,8 @@ include src/include.am include doc/include.am include contrib/include.am +manpages: $(nodist_man1_MANS) + EXTRA_DIST+= \ ChangeLog \ CONTRIBUTING \ @@ -468,3 +470,17 @@ show-libs: show-testing-libs: @echo $(TOR_INTERNAL_TESTING_LIBS) + +# Note here that we hardcode this -j2 because if the user would pass too many +# cores, bear actually chockes and dies :S. For this to work, a make clean +# needs to be done else bear will miss some compile flags. +lsp: + @if test -x "`which bear 2>&1;true`"; then \ + echo "Generating LSP compile_commands.json. Might take few minutes..."; \ + $(MAKE) clean 2>&1 >/dev/null; \ + bear >/dev/null 2>&1 -- $(MAKE) -j2 2>&1 >/dev/null; \ + echo "Generating .ccls file..."; \ + ./scripts/maint/gen_ccls_file.sh \ + else \ + echo "No bear command found. On debian, apt install bear"; \ + fi diff --git a/changes/40241 b/changes/40241 new file mode 100644 index 0000000000..c9b2e2c011 --- /dev/null +++ b/changes/40241 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Fix a compilation warning about unreachable fallthrough annotations + when building with "--enable-all-bugs-are-fatal" on some compilers. + Fixes bug 40241; bugfix on 0.3.5.4-alpha. diff --git a/changes/40241_v2 b/changes/40241_v2 new file mode 100644 index 0000000000..85038297f7 --- /dev/null +++ b/changes/40241_v2 @@ -0,0 +1,4 @@ + o Minor bugfixes (compilation): + - Fix another warning about unreachable fallthrough annotations + when building with "--enable-all-bugs-are-fatal" on some compilers. + Fixes bug 40241; bugfix on 0.4.5.3-rc. diff --git a/changes/bug31036 b/changes/bug31036 new file mode 100644 index 0000000000..d9921dba43 --- /dev/null +++ b/changes/bug31036 @@ -0,0 +1,3 @@ + o Minor bugfixes (windows): + - Fix a bug that prevented Tor from starting if its log file + grew above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. diff --git a/changes/bug32588 b/changes/bug32588 new file mode 100644 index 0000000000..f31f2ce1ad --- /dev/null +++ b/changes/bug32588 @@ -0,0 +1,4 @@ + o Minor bugfixes (relays): + - Stop advertising incorrect IPv6 ORPorts in relay and bridge descriptors, + when the IPv6 port was configured as "auto". + Fixes bug 32588; bugfix on 0.2.3.9-alpha diff --git a/changes/bug40076 b/changes/bug40076 new file mode 100644 index 0000000000..9ef5969ae8 --- /dev/null +++ b/changes/bug40076 @@ -0,0 +1,5 @@ + o Minor bugfixes (correctness, buffers): + - Fix a correctness bug that could cause an assertion failure if we ever + tried using the buf_move_all() function with an empty input. + As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug40080 b/changes/bug40080 new file mode 100644 index 0000000000..8162466354 --- /dev/null +++ b/changes/bug40080 @@ -0,0 +1,6 @@ + o Minor bugfixes (security): + - When completing a channel, relays now check more thoroughly to make + sure that it matches any pending circuits before attaching those + circuits. Previously, address correctness and Ed25519 identities were not + checked in this case, but only when extending circuits on an existing + channel. Fixes bug 40080; bugfix on 0.2.7.2-alpha. diff --git a/changes/bug40099 b/changes/bug40099 new file mode 100644 index 0000000000..278ede2023 --- /dev/null +++ b/changes/bug40099 @@ -0,0 +1,4 @@ + o Minor bugfixes (tests): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run on + its own. Previously, it would exit with an error. + Fixes bug 40099; bugfix on 0.2.8.1-alpha. diff --git a/changes/bug40113 b/changes/bug40113 new file mode 100644 index 0000000000..adf4634097 --- /dev/null +++ b/changes/bug40113 @@ -0,0 +1,3 @@ + o Minor bugfixes (compilation): + - Resolve a compilation warning that could occur in test_connection.c. + Fixes bug 40113; bugfix on 0.2.9.3-alpha. diff --git a/changes/bug40117 b/changes/bug40117 new file mode 100644 index 0000000000..77646edf9c --- /dev/null +++ b/changes/bug40117 @@ -0,0 +1,5 @@ + o Major bugfixes (stats, onion services): + - Fix a bug where we were undercounting the Tor network's total onion + service traffic, by only counting rendezvous traffic originating from + services and ignoring any traffic originating from clients. Fixes bug + 40117; bugfix on 0.2.6.2-alpha. diff --git a/changes/bug40179_part1 b/changes/bug40179_part1 new file mode 100644 index 0000000000..c302373534 --- /dev/null +++ b/changes/bug40179_part1 @@ -0,0 +1,4 @@ + o Minor bugfixes (testing, portability): + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib provided + by Python 3.9. Fixes part of bug 40179; bugfix on 0.3.1.6-rc. diff --git a/changes/bug40190 b/changes/bug40190 new file mode 100644 index 0000000000..0f3d6941dc --- /dev/null +++ b/changes/bug40190 @@ -0,0 +1,4 @@ + o Minor bugfixes (SOCKS5): + - Handle partial socks5 messages correctly. Previously, our code would + send an incorrect error message if it got a socks5 request that wasn't + complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug40210 b/changes/bug40210 new file mode 100644 index 0000000000..f492262a11 --- /dev/null +++ b/changes/bug40210 @@ -0,0 +1,5 @@ + o Minor features (crypto): + - Fix undefined behavior on our Keccak library. The bug only appears on + platforms with 32-byte CPU cache lines (e.g. armv5tel) and would result + in wrong digests. Fixes bug 40210; bugfix on 0.2.8.1-alpha. Thanks to + Bernhard Ãœbelacker, Arnd Bergmann and weasel for diagnosing this. diff --git a/changes/log_32868 b/changes/log_32868 new file mode 100644 index 0000000000..34476078b2 --- /dev/null +++ b/changes/log_32868 @@ -0,0 +1,4 @@ + o Minor features (debugging, directory system): + - Don't crash when we find a non-guard with a guard-fraction value set. + Instead, log a bug warning, in an attempt to figure out how this + happened. Diagnostic for ticket 32868. diff --git a/changes/parallel_unit_test b/changes/parallel_unit_test new file mode 100644 index 0000000000..79de28636d --- /dev/null +++ b/changes/parallel_unit_test @@ -0,0 +1,4 @@ + o Minor features (tests): + - Our "make check" target now runs the unit tests in 8 parallel chunks. + Doing this speeds up hardened CI builds by more than a factor of two. + Closes ticket 40098. diff --git a/changes/ticket33747 b/changes/ticket33747 new file mode 100644 index 0000000000..57c72e9d0a --- /dev/null +++ b/changes/ticket33747 @@ -0,0 +1,7 @@ + o Minor bugfixes (rate limiting, bridges, pluggable transports): + - On a bridge, treat all connections from an ExtORPort as remote + by default for the purposes of rate-limiting. Previously, + bridges would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still + count as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. diff --git a/changes/ticket33880 b/changes/ticket33880 new file mode 100644 index 0000000000..c1889bb134 --- /dev/null +++ b/changes/ticket33880 @@ -0,0 +1,6 @@ + o Minor bugfixes (relay, usability): + - Adjust the rules for when to warn about having too many connections + to other relays. Previously we'd tolerate up to 1.5 connections + per relay on average. Now we tolerate more connections for directory + authorities, and raise the number of total connections we need + to see before we warn. Fixes bug 33880; bugfix on 0.3.1.1-alpha. diff --git a/changes/ticket40003 b/changes/ticket40003 new file mode 100644 index 0000000000..240f464353 --- /dev/null +++ b/changes/ticket40003 @@ -0,0 +1,3 @@ + o Deprecated features (onion service v2): + - Add deprecation warning for onion service version 2. Tor now logs a + warning once if a version 2 service is configured. Closes ticket 40003. diff --git a/changes/ticket40035 b/changes/ticket40035 new file mode 100644 index 0000000000..8cdd447199 --- /dev/null +++ b/changes/ticket40035 @@ -0,0 +1,5 @@ + o Major bugfixes (NSS): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as blocking, + but did not tell NSS about the fact, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40061 b/changes/ticket40061 new file mode 100644 index 0000000000..227664d010 --- /dev/null +++ b/changes/ticket40061 @@ -0,0 +1,5 @@ + o Major feature (fallback directory list): + - Replace the 148 fallback directories originally included in + Tor 0.4.1.4-rc (of which around 105 are still functional) with + a list of 144 fallbacks generated in July 2020. + Closes ticket 40061. diff --git a/changes/ticket40073 b/changes/ticket40073 new file mode 100644 index 0000000000..30b028c042 --- /dev/null +++ b/changes/ticket40073 @@ -0,0 +1,3 @@ + o Minor bugfixes (relay configuration, crash): + - Avoid a fatal assert() when failing to create a listener connection for an + address that was in use. Fixes bug 40073; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket40081 b/changes/ticket40081 new file mode 100644 index 0000000000..683ae33518 --- /dev/null +++ b/changes/ticket40081 @@ -0,0 +1,6 @@ + o Minor features (security): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. + (This is only a minor issue, since such channels have no way to + set ed25519 keys, and therefore should always be rejected.) + Closes ticket 40081. diff --git a/changes/ticket40125 b/changes/ticket40125 new file mode 100644 index 0000000000..c68e3ce7b3 --- /dev/null +++ b/changes/ticket40125 @@ -0,0 +1,4 @@ + o Testing (onion service v2): + - Fix a rendezvous cache unit test that was triggering an underflow on the + global rend cache allocation. Fixes bug 40125; bugfix on + 0.2.8.1-alpha. diff --git a/changes/ticket40126 b/changes/ticket40126 new file mode 100644 index 0000000000..1f5806e6cb --- /dev/null +++ b/changes/ticket40126 @@ -0,0 +1,4 @@ + o Testing (onion service v2): + - Fix another rendezvous cache unit test that was triggering an underflow on the + global rend cache allocation. Fixes bug 40126; bugfix on + 0.2.8.1-alpha. diff --git a/changes/ticket40133 b/changes/ticket40133 new file mode 100644 index 0000000000..8bbe00b6b2 --- /dev/null +++ b/changes/ticket40133 @@ -0,0 +1,5 @@ + o Minor features (protocol simplification): + - Tor no longer allows subprotocol versions larger than 63. Previously + versions up to UINT32_MAX were allowed, which significantly complicated + our code. + Implements proposal 318; closes ticket 40133. diff --git a/changes/ticket40135 b/changes/ticket40135 new file mode 100644 index 0000000000..9b60b4f655 --- /dev/null +++ b/changes/ticket40135 @@ -0,0 +1,3 @@ + o Minor bugfix (logging): + - Remove a debug logging statement that uselessly spam the logs. Fixes bug + 40135; bugfix on 0.3.5.0-alpha. diff --git a/changes/ticket40165 b/changes/ticket40165 new file mode 100644 index 0000000000..a8dd0a339b --- /dev/null +++ b/changes/ticket40165 @@ -0,0 +1,5 @@ + o Minor features (compilation): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or later. + There are a number of newly deprecated APIs in OpenSSL 3.0.0 that Tor + still requires. (A later version of Tor will try to stop depending on + these.) Closes ticket 40165. diff --git a/changes/ticket40170 b/changes/ticket40170 new file mode 100644 index 0000000000..cc1c8dbad1 --- /dev/null +++ b/changes/ticket40170 @@ -0,0 +1,3 @@ + o Minor bugfixes (tests): + - Fix the "tortls/openssl/log_one_error" test to work with OpenSSL 3.0.0. + Fixes bug 40170; bugfix on 0.2.8.1-alpha. diff --git a/changes/ticket40227 b/changes/ticket40227 new file mode 100644 index 0000000000..e5efad0f95 --- /dev/null +++ b/changes/ticket40227 @@ -0,0 +1,4 @@ + o Minor feature (build system): + - New "make lsp" command to auto generate the compile_commands.json file + used by the ccls server. The "bear" program is needed for this. Closes + ticket 40227. diff --git a/changes/ticket40237 b/changes/ticket40237 new file mode 100644 index 0000000000..fc32f59cd4 --- /dev/null +++ b/changes/ticket40237 @@ -0,0 +1,5 @@ + o Major bugfixes (onion service v3): + - Stop requiring a live consensus for v3 clients and services to work. The + use of a reasonably live consensus will allow v3 to work properly in most + cases if the network failed to generate a consensus for more than 2 hours + in a row. Fixes bug 40237; bugfix on 0.3.5.1-alpha. diff --git a/configure.ac b/configure.ac index f30a7efa91..c7bda74c8b 100644 --- a/configure.ac +++ b/configure.ac @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2019, The Tor Project, Inc. dnl See LICENSE for licensing information AC_PREREQ([2.63]) -AC_INIT([tor],[0.3.5.11-dev]) +AC_INIT([tor],[0.3.5.13]) AC_CONFIG_SRCDIR([src/app/main/tor_main.c]) AC_CONFIG_MACRO_DIR([m4]) @@ -937,13 +937,30 @@ LIBS="$TOR_OPENSSL_LIBS $LIBS" LDFLAGS="$TOR_LDFLAGS_openssl $LDFLAGS" CPPFLAGS="$TOR_CPPFLAGS_openssl $CPPFLAGS" +dnl Tor currently uses a number of APIs that are deprecated in OpenSSL 3.0.0 +dnl and later. We want to migrate away from them, but that will be a lot of +dnl work. (See ticket tor#40166.) For now, we disable the deprecation +dnl warnings. + +AC_MSG_CHECKING([for OpenSSL >= 3.0.0]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include <openssl/opensslv.h> +#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER <= 0x30000000L +#error "you_have_version_3" +#endif + ]], [[]])], + [ AC_MSG_RESULT([no]) ], + [ AC_MSG_RESULT([yes]); + AC_DEFINE(OPENSSL_SUPPRESS_DEPRECATED, 1, [disable openssl deprecated-function warnings]) ]) + +AC_MSG_CHECKING([for OpenSSL < 1.0.1]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <openssl/opensslv.h> #if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x1000100fL #error "too old" #endif ]], [[]])], - [ : ], + [ AC_MSG_RESULT([no]) ], [ AC_MSG_ERROR([OpenSSL is too old. We require 1.0.1 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ diff --git a/contrib/win32build/tor-mingw.nsi.in b/contrib/win32build/tor-mingw.nsi.in index 638754153b..04a720a171 100644 --- a/contrib/win32build/tor-mingw.nsi.in +++ b/contrib/win32build/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.3.5.11-dev" +!define VERSION "0.3.5.13" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/scripts/ci/ci-driver.sh b/scripts/ci/ci-driver.sh new file mode 100755 index 0000000000..67a95a1f61 --- /dev/null +++ b/scripts/ci/ci-driver.sh @@ -0,0 +1,492 @@ +#!/bin/bash + +#### +# DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED +# BRANCH, THEN MERGE FORWARD. +#### + +# This script is used to build Tor for continuous integration. It should +# be kept the same for all supported Tor versions. +# +# It's subject to the regular Tor license; see LICENSE for copying +# information. + +set -o errexit +set -o nounset + +# Options for this script. +DEBUG_CI="${DEBUG_CI:-no}" +COLOR_CI="${COLOR_CI:-yes}" + +# Options for which CI system this is. +ON_GITLAB="${ON_GITLAB:-yes}" + +# Options for things we usually won't want to skip. +RUN_STAGE_CONFIGURE="${RUN_STAGE_CONFIGURE:-yes}" +RUN_STAGE_BUILD="${RUN_STAGE_BUILD:-yes}" +RUN_STAGE_TEST="${RUN_STAGE_TEST:-yes}" + +# Options for how to build Tor. All should be yes/no. +FATAL_WARNINGS="${FATAL_WARNINGS:-yes}" +HARDENING="${HARDENING:-no}" +COVERAGE="${COVERAGE:-no}" +RUST="${RUST:-no}" +DOXYGEN="${DOXYGEN:-no}" +ASCIIDOC="${ASCIIDOC:-no}" +TRACING="${TRACING:-no}" +ALL_BUGS_ARE_FATAL="${ALL_BUGS_ARE_FATAL:-no}" +DISABLE_DIRAUTH="${DISABLE_DIRAUTH:-no}" +DISABLE_RELAY="${DISABLE_RELAY:-no}" +NSS="${NSS:-no}" + +# Options for which tests to run. All should be yes/no. +CHECK="${CHECK:-yes}" +STEM="${STEM:-no}" +CHUTNEY="${CHUTNEY:-no}" +DISTCHECK="${DISTCHECK:-no}" + +# Options for where the Tor source is. +CI_SRCDIR="${CI_SRCDIR:-.}" + +# Options for where to build. +CI_BUILDDIR="${CI_BUILDDIR:-./build}" + +# How parallel should we run make? +MAKE_J_OPT="${MAKE_J_OPT:--j4}" +# Should we stop after make finds an error? +MAKE_K_OPT="${MAKE_K_OPT:--k}" + +# What make target should we use for chutney? +CHUTNEY_MAKE_TARGET="${CHUTNEY_MAKE_TARGET:-test-network}" + +# Where do we find our additional testing tools? +CHUTNEY_PATH="${CHUTNEY_PATH:-}" +STEM_PATH="${STEM_PATH:-}" + +############################################################################# +# Preliminary functions. + +# Terminal coloring/emphasis stuff. +if [[ "${COLOR_CI}" == "yes" ]]; then + T_RED=$(tput setaf 1 || true) + T_GREEN=$(tput setaf 2 || true) + T_YELLOW=$(tput setaf 3 || true) + T_DIM=$(tput dim || true) + T_BOLD=$(tput bold || true) + T_RESET=$(tput sgr0 || true) +else + T_RED= + T_GREEN= + T_YELLOW= + T_DIM= + T_BOLD= + T_RESET= +fi + +function error() +{ + echo "${T_BOLD}${T_RED}ERROR:${T_RESET} $*" 1>&2 +} +function die() +{ + echo "${T_BOLD}${T_RED}FATAL ERROR:${T_RESET} $*" 1>&2 + exit 1 +} + +function skipping() +{ + echo "${T_BOLD}${T_YELLOW}Skipping $*${T_RESET}" +} + +function hooray() +{ + echo "${T_BOLD}${T_GREEN}$*${T_RESET}" +} + +if [[ "${DEBUG_CI}" == "yes" ]]; then + function debug() + { + echo "${T_DIM}(debug): $*${T_RESET}" + } +else + function debug() + { + : + } +fi + +function yes_or_no() +{ + local varname="$1" + local value="${!varname}" + debug "${varname} is ${value}" + if [[ "${value}" != 'yes' && "${value}" != 'no' ]]; then + die "${varname} must be 'yes' or 'no'. Got unexpected value ${value}". + fi +} + +function incompatible() +{ + local varname1="$1" + local varname2="$2" + local val1="${!varname1}" + local val2="${!varname2}" + if [[ "${val1}" = 'yes' && "${val2}" = 'yes' ]]; then + die "Cannot set both ${varname1} and ${varname2}: they are incompatible." + fi +} + +function runcmd() +{ + echo "${T_BOLD}\$ $*${T_RESET}" + if ! "$@" ; then + error "command '$*' has failed." + return 1 + fi +} + +function show_git_version() +{ + local tool="$1" + local dir="$2" + local version="?????" + if [[ -e "$dir/.git" ]] ; then + version=$(cd "$dir"; git rev-parse HEAD) + fi + echo "${T_BOLD}$tool:${T_RESET} $version" +} + +if [[ "${ON_GITLAB}" == "yes" ]]; then + function start_section() + { + local label="$1" + local stamp + stamp=$(date +%s) + printf "section_start:%s:%s\r\e[0K" "$stamp" "$label" + echo "${T_BOLD}${T_GREEN}========= $label${T_RESET}" + } + function end_section() + { + local label="$1" + local stamp + stamp=$(date +%s) + printf "section_end:%s:%s\r\e[0K" "$stamp" "$label" + } +else + function start_section() + { + true + } + function end_section() + { + true + } +fi + +############################################################################# +# Validate inputs. + +debug Validating inputs +yes_or_no DEBUG_CI +yes_or_no COLOR_CI +yes_or_no ON_GITLAB +yes_or_no FATAL_WARNINGS +yes_or_no HARDENING +yes_or_no COVERAGE +yes_or_no RUST +yes_or_no DOXYGEN +yes_or_no ASCIIDOC +yes_or_no TRACING +yes_or_no ALL_BUGS_ARE_FATAL +yes_or_no DISABLE_DIRAUTH +yes_or_no DISABLE_RELAY +yes_or_no NSS + +yes_or_no RUN_STAGE_CONFIGURE +yes_or_no RUN_STAGE_BUILD +yes_or_no RUN_STAGE_TEST + +yes_or_no CHECK +yes_or_no STEM +yes_or_no DISTCHECK + +incompatible DISTCHECK CHECK +incompatible DISTCHECK CHUTNEY +incompatible DISTCHECK STEM +incompatible DISTCHECK COVERAGE +incompatible DISTCHECK DOXYGEN + +if [[ "${CHUTNEY}" = yes && "${CHUTNEY_PATH}" = '' ]] ; then + die "CHUTNEY is set to 'yes', but CHUTNEY_PATH was not specified." +fi + +if [[ "${STEM}" = yes && "${STEM_PATH}" = '' ]] ; then + die "STEM is set to 'yes', but STEM_PATH was not specified." +fi + +############################################################################# +# Set up options for make and configure. + +make_options=() +if [[ "$MAKE_J_OPT" != "" ]]; then + make_options+=("$MAKE_J_OPT") +fi +if [[ "$MAKE_K_OPT" != "" ]]; then + make_options+=("$MAKE_K_OPT") +fi + +configure_options=() +if [[ "$FATAL_WARNINGS" == "yes" ]]; then + configure_options+=("--enable-fatal-warnings") +fi +if [[ "$HARDENING" == "yes" ]]; then + configure_options+=("--enable-fragile-hardening") +fi +if [[ "$COVERAGE" == "yes" ]]; then + configure_options+=("--enable-coverage") +fi +if [[ "$RUST" == "yes" ]]; then + configure_options+=("--enable-rust") +fi +if [[ "$ASCIIDOC" != "yes" ]]; then + configure_options+=("--disable-asciidoc") +fi +if [[ "$TRACING" == "yes" ]]; then + configure_options+=("--enable-tracing-instrumentation-lttng") +fi +if [[ "$ALL_BUGS_ARE_FATAL" == "yes" ]]; then + configure_options+=("--enable-all-bugs-are-fatal") +fi +if [[ "$DISABLE_DIRAUTH" == "yes" ]]; then + configure_options+=("--disable-module-dirauth") +fi +if [[ "$DISABLE_RELAY" == "yes" ]]; then + configure_options+=("--disable-module-relay") +fi +if [[ "$NSS" == "yes" ]]; then + configure_options+=("--enable-nss") +fi + +############################################################################# +# Tell the user about our versions of different tools and packages. + +uname -a +printf "python: " +python -V || echo "no 'python' binary." +printf "python3: " +python3 -V || echo "no 'python3' binary." + +show_git_version Tor "${CI_SRCDIR}" +if [[ "${STEM}" = "yes" ]]; then + show_git_version Stem "${STEM_PATH}" +fi +if [[ "${CHUTNEY}" = "yes" ]]; then + show_git_version Chutney "${CHUTNEY_PATH}" +fi + +############################################################################# +# Determine the version of Tor. + +TOR_VERSION=$(grep -m 1 AC_INIT configure.ac | sed -e 's/.*\[//; s/\].*//;') + +# Use variables like these when we need to behave differently depending on +# Tor version. Only create the variables we need. +TOR_VER_AT_LEAST_043=no +TOR_VER_AT_LEAST_044=no + +# These are the currently supported Tor versions; no need to work with anything +# ancient in this script. +case "$TOR_VERSION" in + 0.3.*) + TOR_VER_AT_LEAST_043=no + TOR_VER_AT_LEAST_044=no + ;; + 0.4.[012].*) + TOR_VER_AT_LEAST_043=no + TOR_VER_AT_LEAST_044=no + ;; + 0.4.3.*) + TOR_VER_AT_LEAST_043=yes + TOR_VER_AT_LEAST_044=no + ;; + *) + TOR_VER_AT_LEAST_043=yes + TOR_VER_AT_LEAST_044=yes + ;; +esac + +############################################################################# +# Make sure the directories are all there. + +# Make sure CI_SRCDIR exists and has a file we expect. +if [[ ! -d "$CI_SRCDIR" ]] ; then + die "CI_SRCDIR=${CI_SRCDIR} is not a directory" +fi +if [[ ! -f "$CI_SRCDIR/src/core/or/or.h" ]] ; then + die "CI_SRCDIR=${CI_SRCDIR} does not look like a Tor directory." +fi + +# Make CI_SRCDIR absolute. +CI_SRCDIR=$(cd "$CI_SRCDIR" && pwd) + +# Create an "artifacts" directory to copy artifacts into. +mkdir -p ./artifacts + +if [[ "$RUN_STAGE_CONFIGURE" = "yes" ]]; then + + start_section "Autogen" + runcmd cd "${CI_SRCDIR}" + runcmd ./autogen.sh + runcmd mkdir -p "${CI_BUILDDIR}" + runcmd cd "${CI_BUILDDIR}" + end_section "Autogen" + + # make the builddir absolute too. + CI_BUILDDIR=$(pwd) + + start_section "Configure" + if ! runcmd "${CI_SRCDIR}"/configure "${configure_options[@]}" ; then + error "Here is the end of config.log:" + runcmd tail config.log + die "Unable to continue" + fi + end_section "Configure" +else + debug "Skipping configure stage. Making sure that ${CI_BUILDDIR}/config.log exists." + if [[ ! -d "${CI_BUILDDIR}" ]]; then + die "Build directory ${CI_BUILDDIR} did not exist!"; + fi + if [[ ! -f "${CI_BUILDDIR}/config.log" ]]; then + die "Tor was not configured in ${CI_BUILDDIR}!"; + fi + + cp config.log "${CI_SRCDIR}"/artifacts + + runcmd cd "${CI_BUILDDIR}" + CI_BUILDDIR=$(pwd) +fi + +############################### +# Build Tor. + +if [[ "$RUN_STAGE_BUILD" = "yes" ]] ; then + if [[ "$DISTCHECK" = "no" ]]; then + start_section "Build" + runcmd make "${make_options[@]}" all + cp src/app/tor "${CI_SRCDIR}"/artifacts + end_section "Build" + else + export DISTCHECK_CONFIGURE_FLAGS="${configure_options[*]}" + # XXXX Set make options? + start_section Distcheck + if runcmd make "${make_options[@]}" distcheck ; then + hooray "Distcheck was successful. Nothing further will be done." + # We have to exit early here, since we can't do any other tests. + cp tor-*.tar.gz "${CI_SRCDIR}"/artifacts + exit 0 + else + error "Diagnostics:" + runcmd make show-distdir-testlog || true + runcmd make show-distdir-core || true + die "Unable to continue." + fi + end_section Distcheck + fi +fi + +############################## +# Run tests. + +if [[ "$RUN_STAGE_TEST" == "no" ]]; then + echo "Skipping tests. Exiting now." + exit 0 +fi + +FAILED_TESTS="" + +if [[ "${DOXYGEN}" = 'yes' ]]; then + start_section Doxygen + if [[ "${TOR_VER_AT_LEAST_043}" = 'yes' ]]; then + if runcmd make doxygen; then + hooray "make doxygen has succeeded." + else + FAILED_TESTS="${FAILED_TESTS} doxygen" + fi + else + skipping "make doxygen: doxygen is broken for Tor < 0.4.3" + fi + end_section Doxygen +fi + +if [[ "${ASCIIDOC}" = 'yes' ]]; then + start_section Asciidoc + if runcmd make manpages; then + hooray "make manpages has succeeded." + else + FAILED_TESTS="${FAILED_TESTS} asciidoc" + fi + end_section Asciidoc +fi + +if [[ "${CHECK}" = "yes" ]]; then + start_section "Check" + if runcmd make "${make_options[@]}" check; then + hooray "make check has succeeded." + else + error "Here are the contents of the test suite output:" + runcmd cat test-suite.log || true + FAILED_TESTS="${FAILED_TESTS} check" + fi + end_section "Check" +fi + +if [[ "${CHUTNEY}" = "yes" ]]; then + start_section "Chutney" + export CHUTNEY_TOR_SANDBOX=0 + export CHUTNEY_ALLOW_FAILURES=2 + if runcmd make "${CHUTNEY_MAKE_TARGET}"; then + hooray "Chutney tests have succeeded" + else + error "Chutney says:" + export CHUTNEY_DATA_DIR="${CHUTNEY_PATH}/net" + runcmd "${CHUTNEY_PATH}"/tools/diagnostics.sh || true + # XXXX These next two should be part of a make target. + runcmd ls test_network_log || true + runcmd cat test_network_log || true + FAILED_TESTS="${FAILED_TESTS} chutney" + fi + end_section "Chutney" +fi + +if [[ "${STEM}" = "yes" ]]; then + start_section "Stem" + if [[ "${TOR_VER_AT_LEAST_044}" = 'yes' ]]; then + # XXXX This shold probably be part some test-stem make target. + if runcmd timelimit -p -t 520 -s USR1 -T 30 -S ABRT \ + python3 "${STEM_PATH}/run_tests.py" \ + --tor src/app/tor \ + --integ --test control.controller \ + --test control.base_controller \ + --test process \ + --log TRACE \ + --log-file stem.log ; then + hooray "Stem tests have succeeded" + else + error "Stem output:" + runcmd tail -1000 "${STEM_PATH}"/test/data/tor_log + runcmd grep -v "SocketClosed" stem.log | tail -1000 + FAILED_TESTS="${FAILED_TESTS} stem" + fi + else + skipping "Stem: broken with <= 0.4.3. See bug tor#40077" + fi + end_section "Stem" +fi + +# TODO: Coverage + +if [[ "${FAILED_TESTS}" != "" ]]; then + die "Failed tests: ${FAILED_TESTS}" +fi + +hooray "Everything seems fine." diff --git a/scripts/maint/gen_ccls_file.sh b/scripts/maint/gen_ccls_file.sh new file mode 100755 index 0000000000..899e4e9603 --- /dev/null +++ b/scripts/maint/gen_ccls_file.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +############################################################################## +# THIS MUST BE CALLED FROM THE ROOT DIRECTORY. IT IS USED BY THE MAKEFILE SO # +# IN THEORY, YOU SHOULD NEVER CALL THIS. # +############################################################################## + +set -e + +CCLS_FILE=".ccls" + +# Get all #define *_PRIVATE from our source. We need to list them in our .ccls +# file and enable them otherwise ccls will not find their definition thinking +# that they are dead code. +PRIVATE_DEFS=$(grep -r --include \*.h "_PRIVATE" | grep "#ifdef" | cut -d' ' -f2 | sort | uniq) + +echo "clang" > "$CCLS_FILE" +for p in $PRIVATE_DEFS; do + echo "-D$p" >> "$CCLS_FILE" +done diff --git a/src/app/config/config.c b/src/app/config/config.c index 1d61b76310..c1f1f153e7 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -809,9 +809,6 @@ static int normalize_nickname_list(config_line_t **normalized_out, char **msg); static char *get_bindaddr_from_transport_listen_line(const char *line, const char *transport); -static int parse_ports(or_options_t *options, int validate_only, - char **msg_out, int *n_ports_out, - int *world_writable_control_socket); static int check_server_ports(const smartlist_t *ports, const or_options_t *options, int *num_low_ports_out); @@ -7375,7 +7372,7 @@ count_real_listeners(const smartlist_t *ports, int listenertype, * If <b>validate_only</b> is false, set configured_client_ports to the * new list of ports parsed from <b>options</b>. **/ -static int +STATIC int parse_ports(or_options_t *options, int validate_only, char **msg, int *n_ports_out, int *world_writable_control_socket) diff --git a/src/app/config/config.h b/src/app/config/config.h index 301faf7067..6852d352dc 100644 --- a/src/app/config/config.h +++ b/src/app/config/config.h @@ -295,6 +295,10 @@ STATIC int open_and_add_file_log(const log_severity_list_t *severity, const char *fname, int truncate_log); +STATIC int parse_ports(or_options_t *options, int validate_only, + char **msg, int *n_ports_out, + int *world_writable_control_socket); + #endif /* defined(CONFIG_PRIVATE) */ #endif /* !defined(TOR_CONFIG_H) */ diff --git a/src/app/config/fallback_dirs.inc b/src/app/config/fallback_dirs.inc index 793f65ce88..a7ef39bb96 100644 --- a/src/app/config/fallback_dirs.inc +++ b/src/app/config/fallback_dirs.inc @@ -1,65 +1,35 @@ /* type=fallback */ -/* version=2.0.0 */ -/* timestamp=20190625114911 */ -/* timestamp0=20190625114911 */ -/* timestamp1=20190628085927 */ -/* source=whitelist */ -/* ===== */ -/* 0: Whitelist excluded 1550 of 1711 candidates. */ -/* 1: Whitelist excluded 1601 of 1765 candidates. */ +/* version=3.0.0 */ +/* timestamp=20200723133610 */ +/* source=offer-list */ +/* ===== */ +/* Offer list excluded 1807 of 1978 candidates. */ /* Checked IPv4 DirPorts served a consensus within 15.0s. */ /* -0: -Final Count: 140 (Eligible 161, Target 414 (2072 * 0.20), Max 200) -Excluded: 21 (Same Operator 16, Failed/Skipped Download 3, Excess 2) -Bandwidth Range: 0.5 - 54.5 MByte/s - -MERGED WITH: - -1: -Final Count: 140 (Eligible 164, Target 414 (2073 * 0.20), Max 200) -Excluded: 24 (Same Operator 16, Failed/Skipped Download 4, Excess 4) -Bandwidth Range: 0.8 - 54.5 MByte/s +Final Count: 144 (Eligible 171, Target 447 (2239 * 0.20), Max 200) +Excluded: 27 (Same Operator 15, Failed/Skipped Download 6, Excess 6) +Bandwidth Range: 0.6 - 96.1 MByte/s */ /* -): -Onionoo Source: details Date: 2019-06-25 10:00:00 Version: 7.0 -URL: https:onionoo.torproject.orgdetails?fieldsfingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cadvertised_bandwidth%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags%2Ceffective_family%2Cplatform&flagV2Dir&typerelay&last_seen_days-0&first_seen_days90- - -MERGED WITH: - -1: -Onionoo Source: details Date: 2019-06-28 07:00:00 Version: 7.0 -URL: https:onionoo.torproject.orgdetails?fieldsfingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cadvertised_bandwidth%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags%2Ceffective_family%2Cplatform&last_seen_days-0&flagV2Dir&first_seen_days90-&typerelay&order-consensus_weight%2Cfirst_seen +Onionoo Source: details Date: 2020-07-23 13:00:00 Version: 8.0 +URL: https:onionoo.torproject.orgdetails?fieldsfingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cadvertised_bandwidth%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags%2Ceffective_family%2Cplatform&typerelay&first_seen_days90-&last_seen_days-0&flagV2Dir&order-consensus_weight%2Cfirst_seen */ /* -0: -Onionoo Source: uptime Date: 2019-06-25 10:00:00 Version: 7.0 -URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&last_seen_days-0 - -MERGED WITH: - -1: -Onionoo Source: uptime Date: 2019-06-28 07:00:00 Version: 7.0 -URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&order-consensus_weight%2Cfirst_seen&last_seen_days-0 +Onionoo Source: uptime Date: 2020-07-23 13:00:00 Version: 8.0 +URL: https:onionoo.torproject.orguptime?typerelay&first_seen_days90-&last_seen_days-0&flagV2Dir&order-consensus_weight%2Cfirst_seen */ /* ===== */ -"185.13.39.197:80 orport=443 id=001524DD403D729F08F7E5D77813EF12756CFA8D" -/* nickname=Neldoreth */ -/* extrainfo=0 */ -/* ===== */ -, -"185.100.85.61:80 orport=443 id=025B66CEBC070FCB0519D206CF0CF4965C20C96E" -/* nickname=nibbana */ -/* extrainfo=0 */ -/* ===== */ -, "185.225.17.3:80 orport=443 id=0338F9F55111FE8E3570E7DE117EF3AF999CC1D7" " ipv6=[2a0a:c800:1:5::3]:443" /* nickname=Nebuchadnezzar */ /* extrainfo=0 */ /* ===== */ , +"81.7.10.193:9002 orport=993 id=03C3069E814E296EB18776EB61B1ECB754ED89FE" +/* nickname=Ichotolot61 */ +/* extrainfo=1 */ +/* ===== */ +, "163.172.149.155:80 orport=443 id=0B85617241252517E8ECF2CFC7F4C1A32DCD153F" /* nickname=niij02 */ /* extrainfo=0 */ @@ -70,8 +40,19 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"37.252.185.182:9030 orport=8080 id=113143469021882C3A4B82F084F8125B08EE471E" -" ipv6=[2a00:63c1:a:182::2]:8080" +"81.7.18.7:9030 orport=9001 id=0C475BA4D3AA3C289B716F95954CAD616E50C4E5" +/* nickname=Freebird32 */ +/* extrainfo=1 */ +/* ===== */ +, +"193.234.15.60:80 orport=443 id=0F6E5CA4BF5565D9AA9FDDCA165AFC6A5305763D" +" ipv6=[2a00:1c20:4089:1234:67bc:79f3:61c0:6e49]:443" +/* nickname=jaures3 */ +/* extrainfo=0 */ +/* ===== */ +, +"93.177.67.71:9030 orport=8080 id=113143469021882C3A4B82F084F8125B08EE471E" +" ipv6=[2a03:4000:38:559::2]:8080" /* nickname=parasol */ /* extrainfo=0 */ /* ===== */ @@ -82,11 +63,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"95.85.8.226:80 orport=443 id=1211AC1BBB8A1AF7CBA86BCE8689AA3146B86423" -/* nickname=ccrelaycc */ -/* extrainfo=0 */ -/* ===== */ -, "193.11.114.43:9030 orport=9001 id=12AD30E5D25AA67F519780E2111E611A455FDC89" " ipv6=[2001:6b0:30:1000::99]:9050" /* nickname=mdfnet1 */ @@ -98,27 +74,23 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"217.182.51.248:80 orport=443 id=183005F78229D94EE51CE7795A42280070A48D0D" -/* nickname=Cosworth02 */ +"193.234.15.61:80 orport=443 id=158581827034DEF1BAB1FC248D180165452E53D3" +" ipv6=[2a00:1c20:4089:1234:2712:a3d0:666b:88a6]:443" +/* nickname=bakunin3 */ /* extrainfo=0 */ /* ===== */ , -"171.25.193.25:80 orport=443 id=185663B7C12777F052B2C2D23D7A239D8DA88A0F" -" ipv6=[2001:67c:289c::25]:443" -/* nickname=DFRI5 */ +"51.15.78.0:9030 orport=9001 id=15BE17C99FACE24470D40AF782D6A9C692AB36D6" +" ipv6=[2001:bc8:1824:c4b::1]:9001" +/* nickname=rofltor07 */ /* extrainfo=0 */ /* ===== */ , -"149.56.141.138:9030 orport=9001 id=1938EBACBB1A7BFA888D9623C90061130E63BB3F" -/* nickname=Aerodynamik04 */ +"204.11.50.131:9030 orport=9001 id=185F2A57B0C4620582602761097D17DB81654F70" +/* nickname=BoingBoing */ /* extrainfo=0 */ /* ===== */ , -"81.7.14.253:9001 orport=443 id=1AE039EE0B11DB79E4B4B29CBA9F752864A0259E" -/* nickname=Ichotolot60 */ -/* extrainfo=1 */ -/* ===== */ -, "50.7.74.171:9030 orport=9001 id=1CD17CB202063C51C7DAD3BACEF87ECE81C2350F" " ipv6=[2001:49f0:d002:2::51]:443" /* nickname=theia1 */ @@ -132,7 +104,7 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* ===== */ , "212.47.229.2:9030 orport=9001 id=20462CBA5DA4C2D963567D17D0B7249718114A68" -" ipv6=[2001:bc8:4400:2100::f03]:9001" +" ipv6=[2001:bc8:47ac:23a::1]:9001" /* nickname=scaletor */ /* extrainfo=0 */ /* ===== */ @@ -147,13 +119,37 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , +"193.234.15.57:80 orport=443 id=24D0491A2ADAAB52C17625FBC926D84477AEA322" +" ipv6=[2a00:1c20:4089:1234:7825:2c5d:1ecd:c66f]:443" +/* nickname=bakunin */ +/* extrainfo=0 */ +/* ===== */ +, +"185.220.101.137:20137 orport=10137 id=28F4F392F8F19E3FBDE09616D9DB8143A1E2DDD3" +" ipv6=[2a0b:f4c2:1::137]:10137" +/* nickname=niftycottonmouse */ +/* extrainfo=0 */ +/* ===== */ +, +"138.201.250.33:9012 orport=9011 id=2BA2C8E96B2590E1072AECE2BDB5C48921BF8510" +/* nickname=storm */ +/* extrainfo=0 */ +/* ===== */ +, +"5.181.50.99:80 orport=443 id=2BB85DC5BD3C6F0D81A4F2B5882176C6BF7ECF5A" +" ipv6=[2a03:4000:3f:16c:3851:6bff:fe07:bd2]:443" +/* nickname=AlanTuring */ +/* extrainfo=0 */ +/* ===== */ +, "97.74.237.196:9030 orport=9001 id=2F0F32AB1E5B943CA7D062C03F18960C86E70D94" /* nickname=Minotaur */ /* extrainfo=0 */ /* ===== */ , -"212.83.154.33:8080 orport=8443 id=322C6E3A973BC10FC36DE3037AD27BC89F14723B" -/* nickname=bauruine204 */ +"94.230.208.147:8080 orport=8443 id=311A4533F7A2415F42346A6C8FA77E6FD279594C" +" ipv6=[2a02:418:6017::147]:8443" +/* nickname=DigiGesTor3e2 */ /* extrainfo=0 */ /* ===== */ , @@ -169,18 +165,13 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"37.157.255.35:9030 orport=9090 id=361D33C96D0F161275EE67E2C91EE10B276E778B" -/* nickname=cxx4freedom */ -/* extrainfo=0 */ -/* ===== */ -, "64.79.152.132:80 orport=443 id=375DCBB2DBD94E5263BC0C015F0C9E756669617E" /* nickname=ebola */ /* extrainfo=0 */ /* ===== */ , -"213.183.60.21:9030 orport=443 id=39F91959416763AFD34DBEEC05474411B964B2DC" -/* nickname=angeltest11 */ +"198.50.191.95:80 orport=443 id=39F096961ED2576975C866D450373A9913AFDC92" +/* nickname=shhovh */ /* extrainfo=0 */ /* ===== */ , @@ -190,9 +181,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"199.249.230.83:80 orport=443 id=3CA0D15567024D2E0B557DC0CF3E962B37999A79" -" ipv6=[2620:7:6001::ffff:c759:e653]:80" -/* nickname=QuintexAirVPN30 */ +"212.83.154.33:8888 orport=443 id=3C79699D4FBC37DE1A212D5033B56DAE079AC0EF" +" ipv6=[2001:bc8:31d3:1dd::1]:443" +/* nickname=bauruine203 */ /* extrainfo=0 */ /* ===== */ , @@ -202,6 +193,12 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , +"95.216.211.81:80 orport=443 id=3CCF9573F59137E52787D9C322AC19D2BD090B70" +" ipv6=[2a01:4f9:c010:4dfa::1]:443" +/* nickname=BurningMan */ +/* extrainfo=0 */ +/* ===== */ +, "217.79.179.177:9030 orport=9001 id=3E53D3979DB07EFD736661C934A1DED14127B684" " ipv6=[2001:4ba0:fff9:131:6c4f::90d3]:9001" /* nickname=Unnamed */ @@ -224,24 +221,14 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"195.123.245.141:9030 orport=443 id=465D17C6FC297E3857B5C6F152006A1E212944EA" -/* nickname=angeltest14 */ -/* extrainfo=0 */ -/* ===== */ -, -"31.31.78.49:80 orport=443 id=46791D156C9B6C255C2665D4D8393EC7DBAA7798" -/* nickname=KrigHaBandolo */ -/* extrainfo=0 */ -/* ===== */ -, "193.70.43.76:9030 orport=9001 id=484A10BA2B8D48A5F0216674C8DD50EF27BC32F3" /* nickname=Aerodynamik03 */ /* extrainfo=0 */ /* ===== */ , -"37.187.102.186:9030 orport=9001 id=489D94333DF66D57FFE34D9D59CC2D97E2CB0053" -" ipv6=[2001:41d0:a:26ba::1]:9001" -/* nickname=txtfileTorNode65536 */ +"109.70.100.4:80 orport=443 id=4BFC9C631A93FF4BA3AA84BC6931B4310C38A263" +" ipv6=[2a03:e600:100::4]:443" +/* nickname=karotte */ /* extrainfo=0 */ /* ===== */ , @@ -262,38 +249,36 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=1 */ /* ===== */ , -"81.7.16.182:80 orport=443 id=51E1CF613FD6F9F11FE24743C91D6F9981807D82" -" ipv6=[2a02:180:1:1::517:10b6]:993" -/* nickname=torpidsDEisppro3 */ +"69.30.215.42:80 orport=443 id=510176C07005D47B23E6796F02C93241A29AA0E9" +" ipv6=[2604:4300:a:2e:21b:21ff:fe11:392]:443" +/* nickname=torpidsUSwholesale */ /* extrainfo=0 */ /* ===== */ , -"192.160.102.166:80 orport=9001 id=547DA56F6B88B6C596B3E3086803CDA4F0EF8F21" -" ipv6=[2620:132:300c:c01d::6]:9002" -/* nickname=chaucer */ +"176.223.141.106:80 orport=443 id=5262556D44A7F2434990FDE1AE7973C67DF49E58" +/* nickname=Theoden */ /* extrainfo=0 */ /* ===== */ , -"192.160.102.170:80 orport=9001 id=557ACEC850F54EEE65839F83CACE2B0825BE811E" -" ipv6=[2620:132:300c:c01d::a]:9002" -/* nickname=ogopogo */ +"85.25.159.65:995 orport=80 id=52BFADA8BEAA01BA46C8F767F83C18E2FE50C1B9" +/* nickname=BeastieJoy63 */ /* extrainfo=0 */ /* ===== */ , -"50.7.74.170:80 orport=443 id=5BF17163CBE73D8CD9FDBE030C944EA05707DA93" -" ipv6=[2001:49f0:d002:2::58]:443" -/* nickname=theia8 */ +"193.234.15.59:80 orport=443 id=562434D987CF49D45649B76ADCA993BEA8F78471" +" ipv6=[2a00:1c20:4089:1234:bff6:e1bb:1ce3:8dc6]:443" +/* nickname=bakunin2 */ /* extrainfo=0 */ /* ===== */ , -"172.98.193.43:80 orport=443 id=5E56738E7F97AA81DEEF59AF28494293DFBFCCDF" -/* nickname=Backplane */ +"89.234.157.254:80 orport=443 id=578E007E5E4535FBFEF7758D8587B07B4C8C5D06" +" ipv6=[2001:67c:2608::1]:443" +/* nickname=marylou1 */ /* extrainfo=0 */ /* ===== */ , -"95.128.43.164:80 orport=443 id=616081EC829593AF4232550DE6FFAA1D75B37A90" -" ipv6=[2a02:ec0:209:10::4]:443" -/* nickname=AquaRayTerminus */ +"172.98.193.43:80 orport=443 id=5E56738E7F97AA81DEEF59AF28494293DFBFCCDF" +/* nickname=Backplane */ /* extrainfo=0 */ /* ===== */ , @@ -302,26 +287,14 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"94.130.186.5:80 orport=443 id=6A7551EEE18F78A9813096E82BF84F740D32B911" -" ipv6=[2a01:4f8:1c0c:45f7::1]:443" +"95.217.16.212:80 orport=443 id=6A7551EEE18F78A9813096E82BF84F740D32B911" +" ipv6=[2a01:4f9:c010:609a::1]:443" /* nickname=TorMachine */ /* extrainfo=0 */ /* ===== */ , -"80.127.137.19:80 orport=443 id=6EF897645B79B6CB35E853B32506375014DE3621" -" ipv6=[2001:981:47c1:1::6]:443" -/* nickname=d6relay */ -/* extrainfo=0 */ -/* ===== */ -, -"37.139.8.104:9030 orport=9001 id=7088D485934E8A403B81531F8C90BDC75FA43C98" -" ipv6=[2a03:b0c0:0:1010::24c:1001]:9001" -/* nickname=Basil */ -/* extrainfo=0 */ -/* ===== */ -, -"188.138.88.42:80 orport=443 id=70C55A114C0EF3DC5784A4FAEE64388434A3398F" -/* nickname=torpidsFRplusserver */ +"78.156.110.135:9093 orport=9092 id=7262B9D2EDE0B6A266C4B43D6202209BF6BBA888" +/* nickname=SkynetRenegade */ /* extrainfo=0 */ /* ===== */ , @@ -337,9 +310,14 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"50.7.74.173:9030 orport=9001 id=745369332749021C6FAF100D327BC3BF1DF4707B" -" ipv6=[2001:49f0:d002:2::55]:443" -/* nickname=theia5 */ +"81.7.14.31:9001 orport=443 id=7600680249A22080ECC6173FBBF64D6FCF330A61" +/* nickname=Ichotolot62 */ +/* extrainfo=1 */ +/* ===== */ +, +"62.171.144.155:80 orport=443 id=7614EF326635DA810638E2F5D449D10AE2BB7158" +" ipv6=[2a02:c207:3004:8874::1]:443" +/* nickname=Nicenstein */ /* extrainfo=0 */ /* ===== */ , @@ -359,6 +337,12 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , +"82.223.21.74:9030 orport=9001 id=7A32C9519D80CA458FC8B034A28F5F6815649A98" +" ipv6=[2001:ba0:1800:6c::1]:9001" +/* nickname=silentrocket */ +/* extrainfo=0 */ +/* ===== */ +, "51.254.136.195:80 orport=443 id=7BB70F8585DFC27E75D692970C0EEB0F22983A63" /* nickname=torproxy02 */ /* extrainfo=0 */ @@ -369,11 +353,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"185.220.101.48:10048 orport=20048 id=7E281CD2C315C4F7A84BC7C8721C3BC974DDBFA3" -/* nickname=niftyporcupine */ -/* extrainfo=0 */ -/* ===== */ -, "193.11.114.45:9031 orport=9002 id=80AAF8D5956A43C197104CEF2550CD42D165C6FB" /* nickname=mdfnet2 */ /* extrainfo=0 */ @@ -385,14 +364,14 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"192.42.116.16:80 orport=443 id=81B75D534F91BFB7C57AB67DA10BCEF622582AE8" -/* nickname=hviv104 */ +"152.89.106.147:9030 orport=9001 id=8111FEB45EF2950EB8F84BFD8FF070AB07AEE9DD" +" ipv6=[2a03:4000:39:605:c4f2:c9ff:fe64:c215]:9001" +/* nickname=TugaOnionMR3 */ /* extrainfo=0 */ /* ===== */ , -"192.160.102.164:80 orport=9001 id=823AA81E277F366505545522CEDC2F529CE4DC3F" -" ipv6=[2620:132:300c:c01d::4]:9002" -/* nickname=snowfall */ +"192.42.116.16:80 orport=443 id=81B75D534F91BFB7C57AB67DA10BCEF622582AE8" +/* nickname=hviv104 */ /* extrainfo=0 */ /* ===== */ , @@ -402,12 +381,7 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"62.210.254.132:80 orport=443 id=8456DFA94161CDD99E480C2A2992C366C6564410" -/* nickname=turingmachine */ -/* extrainfo=0 */ -/* ===== */ -, -"85.230.178.139:9030 orport=443 id=855BC2DABE24C861CD887DB9B2E950424B49FC34" +"85.228.136.92:9030 orport=443 id=855BC2DABE24C861CD887DB9B2E950424B49FC34" /* nickname=Logforme */ /* extrainfo=0 */ /* ===== */ @@ -417,42 +391,37 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"185.96.88.29:80 orport=443 id=86C281AD135058238D7A337D546C902BE8505DDE" -" ipv6=[2a00:4020::185:96:88:29]:443" -/* nickname=TykRelay05 */ -/* extrainfo=0 */ -/* ===== */ -, "163.172.194.53:9030 orport=9001 id=8C00FA7369A7A308F6A137600F0FA07990D9D451" " ipv6=[2001:bc8:225f:142:6c69:7461:7669:73]:9001" /* nickname=GrmmlLitavis */ /* extrainfo=0 */ /* ===== */ , -"5.189.169.190:8030 orport=8080 id=8D79F73DCD91FC4F5017422FAC70074D6DB8DD81" -/* nickname=thanatosDE */ +"188.138.102.98:465 orport=443 id=8CAA470B905758742203E3EB45941719FCA9FEEC" +/* nickname=BeastieJoy64 */ /* extrainfo=0 */ /* ===== */ , -"81.7.11.96:9030 orport=9001 id=8FA37B93397015B2BC5A525C908485260BE9F422" -/* nickname=Doedel22 */ +"109.70.100.6:80 orport=443 id=8CF987FF43FB7F3D9AA4C4F3D96FFDF247A9A6C2" +" ipv6=[2a03:e600:100::6]:443" +/* nickname=zucchini */ /* extrainfo=0 */ /* ===== */ , -"54.37.139.118:9030 orport=9001 id=90A5D1355C4B5840E950EB61E673863A6AE3ACA1" -" ipv6=[2001:41d0:601:1100::1b8]:9001" -/* nickname=rofltor09 */ +"5.189.169.190:8030 orport=8080 id=8D79F73DCD91FC4F5017422FAC70074D6DB8DD81" +/* nickname=thanatosDE */ /* extrainfo=0 */ /* ===== */ , -"37.187.20.59:80 orport=443 id=91D23D8A539B83D2FB56AA67ECD4D75CC093AC55" -" ipv6=[2001:41d0:a:143b::1]:993" -/* nickname=torpidsFRovh */ +"80.67.172.162:80 orport=443 id=8E6EDA78D8E3ABA88D877C3E37D6D4F0938C7B9F" +" ipv6=[2001:910:1410:600::1]:443" +/* nickname=AlGrothendieck */ /* extrainfo=0 */ /* ===== */ , -"173.255.245.116:9030 orport=9001 id=91E4015E1F82DAF0121D62267E54A1F661AB6DC7" -/* nickname=IWorshipHisShadow */ +"54.37.139.118:9030 orport=9001 id=90A5D1355C4B5840E950EB61E673863A6AE3ACA1" +" ipv6=[2001:41d0:601:1100::1b8]:9001" +/* nickname=rofltor09 */ /* extrainfo=0 */ /* ===== */ , @@ -461,29 +430,21 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"92.38.163.21:9030 orport=443 id=9288B75B5FF8861EFF32A6BE8825CC38A4F9F8C2" -/* nickname=angeltest9 */ +"109.70.100.5:80 orport=443 id=9661AC95717798884F3E3727D360DD98D66727CC" +" ipv6=[2a03:e600:100::5]:443" +/* nickname=erdapfel */ /* extrainfo=0 */ /* ===== */ , -"163.172.53.84:80 orport=443 id=935F589545B8A271A722E330445BB99F67DBB058" -" ipv6=[2001:bc8:24f8::]:443" -/* nickname=Multivac0 */ -/* extrainfo=0 */ -/* ===== */ -, -"204.8.156.142:80 orport=443 id=94C4B7B8C50C86A92B6A20107539EE2678CF9A28" -/* nickname=BostonUCompSci */ -/* extrainfo=0 */ -/* ===== */ -, -"37.153.1.10:9030 orport=9001 id=9772EFB535397C942C3AB8804FB35CFFAD012438" -/* nickname=smallsweatnode */ +"173.212.254.192:31336 orport=31337 id=99E246DB480B313A3012BC3363093CC26CD209C7" +" ipv6=[2a02:c207:3002:3972::1]:31337" +/* nickname=ViDiSrv */ /* extrainfo=0 */ /* ===== */ , -"173.212.254.192:31336 orport=31337 id=99E246DB480B313A3012BC3363093CC26CD209C7" -/* nickname=ViDiSrv */ +"188.127.69.60:80 orport=443 id=9B2BC7EFD661072AFADC533BE8DCF1C19D8C2DCC" +" ipv6=[2a02:29d0:8008:c0de:bad:beef::]:443" +/* nickname=MIGHTYWANG */ /* extrainfo=0 */ /* ===== */ , @@ -493,8 +454,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"185.220.101.49:10049 orport=20049 id=9B816A5B3EB20B8E4E9B9D1FBA299BD3F40F0320" -/* nickname=niftypygmyjerboa */ +"95.142.161.63:80 orport=443 id=9BA84E8C90083676F86C7427C8D105925F13716C" +" ipv6=[2001:4b98:dc0:47:216:3eff:fe3d:888c]:443" +/* nickname=ekumen */ /* extrainfo=0 */ /* ===== */ , @@ -503,11 +465,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"31.185.104.19:80 orport=443 id=9EAD5B2D3DBD96DBC80DCE423B0C345E920A758D" -/* nickname=Digitalcourage3ip1 */ -/* extrainfo=0 */ -/* ===== */ -, "46.28.110.244:80 orport=443 id=9F7D6E6420183C2B76D3CE99624EBC98A21A967E" /* nickname=Nivrim */ /* extrainfo=0 */ @@ -518,9 +475,10 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=1 */ /* ===== */ , -"81.7.3.67:993 orport=443 id=A2E6BB5C391CD46B38C55B4329C35304540771F1" -/* nickname=BeastieJoy62 */ -/* extrainfo=1 */ +"193.234.15.55:80 orport=443 id=A1B28D636A56AAFFE92ADCCA937AA4BD5333BB4C" +" ipv6=[2a00:1c20:4089:1234:7b2c:11c5:5221:903e]:443" +/* nickname=bakunin4 */ +/* extrainfo=0 */ /* ===== */ , "128.31.0.13:80 orport=443 id=A53C46F5B157DD83366D45A8E99A244934A14C46" @@ -528,8 +486,8 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"185.246.152.22:9030 orport=443 id=A86EC24F5B8B964F67AC7C27CE92842025983274" -/* nickname=angeltest19 */ +"212.47.233.86:9130 orport=9101 id=A68097FE97D3065B1A6F4CE7187D753F8B8513F5" +/* nickname=olabobamanmu */ /* extrainfo=0 */ /* ===== */ , @@ -543,26 +501,26 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"185.129.62.62:9030 orport=9001 id=ACDD9E85A05B127BA010466C13C8C47212E8A38F" -" ipv6=[2a06:d380:0:3700::62]:9001" -/* nickname=kramse */ +"195.154.164.243:80 orport=443 id=AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C" +" ipv6=[2001:bc8:399f:f000::1]:993" +/* nickname=torpidsFRonline3 */ /* extrainfo=0 */ /* ===== */ , -"31.185.104.20:80 orport=443 id=ADB2C26629643DBB9F8FE0096E7D16F9414B4F8D" -/* nickname=Digitalcourage3ip2 */ +"185.129.62.62:9030 orport=9001 id=ACDD9E85A05B127BA010466C13C8C47212E8A38F" +" ipv6=[2a06:d380:0:3700::62]:9001" +/* nickname=kramse */ /* extrainfo=0 */ /* ===== */ , -"45.79.108.130:9030 orport=9001 id=AEDAC7081AE14B8D241ECF0FF17A2858AB4383D0" -" ipv6=[2600:3c01:e000:131::8000:0]:9001" -/* nickname=linss */ +"188.40.128.246:9030 orport=9001 id=AD19490C7DBB26D3A68EFC824F67E69B0A96E601" +" ipv6=[2a01:4f8:221:1ac1:dead:beef:7005:9001]:9001" +/* nickname=sputnik */ /* extrainfo=0 */ /* ===== */ , -"5.9.147.226:9030 orport=9001 id=B0553175AADB0501E5A61FC61CEA3970BE130FF2" -" ipv6=[2a01:4f8:190:30e1::2]:9001" -/* nickname=zwiubel */ +"176.10.104.240:8080 orport=8443 id=AD86CD1A49573D52A7B6F4A35750F161AAD89C88" +/* nickname=DigiGesTor1e2 */ /* extrainfo=0 */ /* ===== */ , @@ -577,9 +535,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"199.249.230.64:80 orport=443 id=B2197C23A4FF5D1C49EE45BA7688BA8BCCD89A0B" -" ipv6=[2620:7:6001::ffff:c759:e640]:80" -/* nickname=Quintex41 */ +"109.70.100.2:80 orport=443 id=B27CF1DCEECD50F7992B07D720D7F6BF0EDF9D40" +" ipv6=[2a03:e600:100::2]:443" +/* nickname=radieschen */ /* extrainfo=0 */ /* ===== */ , @@ -588,21 +546,11 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"212.47.233.86:9030 orport=9001 id=B4CAFD9CBFB34EC5DAAC146920DC7DFAFE91EA20" -/* nickname=netimanmu */ -/* extrainfo=0 */ -/* ===== */ -, "93.115.97.242:9030 orport=9001 id=B5212DB685A2A0FCFBAE425738E478D12361710D" /* nickname=firstor */ /* extrainfo=0 */ /* ===== */ , -"51.38.134.104:9030 orport=443 id=B57A87009FA838471FB2227DDE68165AB2A2FCC4" -/* nickname=angeltest5 */ -/* extrainfo=0 */ -/* ===== */ -, "193.11.114.46:9032 orport=9003 id=B83DC1558F0D34353BB992EF93AFEAFDB226A73E" /* nickname=mdfnet3 */ /* extrainfo=0 */ @@ -614,12 +562,8 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"81.7.11.186:1080 orport=443 id=B86137AE9681701901C6720E55C16805B46BD8E3" -/* nickname=BeastieJoy60 */ -/* extrainfo=1 */ -/* ===== */ -, "51.15.179.153:110 orport=995 id=BB60F5BA113A0B8B44B7B37DE3567FE561E92F78" +" ipv6=[2001:bc8:3fec:500:7ea::]:995" /* nickname=Casper04 */ /* extrainfo=0 */ /* ===== */ @@ -648,13 +592,7 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o , "212.47.233.250:9030 orport=9001 id=BF735F669481EE1CCC348F0731551C933D1E2278" " ipv6=[2001:bc8:4400:2b00::1c:629]:9001" -/* nickname=FreewaySca */ -/* extrainfo=0 */ -/* ===== */ -, -"192.160.102.169:80 orport=9001 id=C0192FF43E777250084175F4E59AC1BA2290CE38" -" ipv6=[2620:132:300c:c01d::9]:9002" -/* nickname=manipogo */ +/* nickname=freeway */ /* extrainfo=0 */ /* ===== */ , @@ -663,8 +601,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"31.185.104.21:80 orport=443 id=C2AAB088555850FC434E68943F551072042B85F1" -/* nickname=Digitalcourage3ip3 */ +"109.70.100.3:80 orport=443 id=C282248597D1C8522A2A7525E61C8B77BBC37614" +" ipv6=[2a03:e600:100::3]:443" +/* nickname=erbse */ /* extrainfo=0 */ /* ===== */ , @@ -674,15 +613,25 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , +"188.138.112.60:1433 orport=1521 id=C414F28FD2BEC1553024299B31D4E726BEB8E788" +/* nickname=zebra620 */ +/* extrainfo=0 */ +/* ===== */ +, +"178.20.55.18:80 orport=443 id=C656B41AEFB40A141967EBF49D6E69603C9B4A11" +/* nickname=marcuse2 */ +/* extrainfo=0 */ +/* ===== */ +, "85.248.227.163:443 orport=9001 id=C793AB88565DDD3C9E4C6F15CCB9D8C7EF964CE9" " ipv6=[2a00:1298:8011:212::163]:9003" /* nickname=ori */ /* extrainfo=0 */ /* ===== */ , -"192.160.102.165:80 orport=9001 id=C90CA3B7FE01A146B8268D56977DC4A2C024B9EA" -" ipv6=[2620:132:300c:c01d::5]:9002" -/* nickname=cowcat */ +"50.7.74.173:80 orport=443 id=C87A4D8B534F78FDF0F4639B55F121401FEF259C" +" ipv6=[2001:49f0:d002:2::54]:443" +/* nickname=theia4 */ /* extrainfo=0 */ /* ===== */ , @@ -691,8 +640,14 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"51.254.147.57:80 orport=443 id=D15AFF44BE641368B958A32FB6B071AC2136B8B1" -/* nickname=Cosworth01 */ +"193.234.15.62:80 orport=443 id=CD0F9AA1A5064430B1DE8E645CBA7A502B27ED5F" +" ipv6=[2a00:1c20:4089:1234:a6a4:2926:d0af:dfee]:443" +/* nickname=jaures4 */ +/* extrainfo=0 */ +/* ===== */ +, +"85.25.213.211:465 orport=80 id=CE47F0356D86CF0A1A2008D97623216D560FB0A8" +/* nickname=BeastieJoy61 */ /* extrainfo=0 */ /* ===== */ , @@ -702,9 +657,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"62.141.38.69:9030 orport=443 id=D379A1CB8285748FFF64AE94296CA89878F25B22" -" ipv6=[2001:4ba0:cafe:ac5::1]:443" -/* nickname=angeltest3 */ +"66.111.2.20:9030 orport=9001 id=D317C7889162E9EC4A1DA1A1095C2A0F377536D9" +" ipv6=[2610:1c0:0:5::20]:9001" +/* nickname=NYCBUG0 */ /* extrainfo=0 */ /* ===== */ , @@ -714,25 +669,13 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"50.7.74.174:80 orport=443 id=D50101A2ABD09DC245F7E96C0818D003CDD62351" -" ipv6=[2001:49f0:d002:2::56]:443" -/* nickname=theia6 */ +"12.235.151.200:9030 orport=9029 id=D5C33F3E203728EDF8361EA868B2939CCC43FAFB" +/* nickname=nx1tor */ /* extrainfo=0 */ /* ===== */ , -"37.187.115.157:9030 orport=9001 id=D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A" -/* nickname=Janky328891 */ -/* extrainfo=0 */ -/* ===== */ -, -"85.10.201.47:9030 orport=9001 id=D8B7A3A6542AA54D0946B9DC0257C53B6C376679" -" ipv6=[2a01:4f8:a0:43eb::beef]:9001" -/* nickname=sif */ -/* extrainfo=0 */ -/* ===== */ -, -"193.35.52.53:9030 orport=9001 id=DAA39FC00B196B353C2A271459C305C429AF09E4" -/* nickname=Arne */ +"212.83.166.62:80 orport=443 id=D7082DB97E7F0481CBF4B88CA5F5683399E196A3" +/* nickname=shhop */ /* extrainfo=0 */ /* ===== */ , @@ -741,26 +684,15 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"176.158.236.102:9030 orport=9001 id=DC163DDEF4B6F0C6BC226F9F6656A5A30C5C5686" -/* nickname=Underworld */ -/* extrainfo=0 */ -/* ===== */ -, -"178.33.183.251:80 orport=443 id=DD823AFB415380A802DCAEB9461AE637604107FB" -" ipv6=[2001:41d0:2:a683::251]:443" -/* nickname=grenouille */ -/* extrainfo=0 */ -/* ===== */ -, "171.25.193.20:80 orport=443 id=DD8BD7307017407FCC36F8D04A688F74A0774C02" " ipv6=[2001:67c:289c::20]:443" /* nickname=DFRI0 */ /* extrainfo=0 */ /* ===== */ , -"92.222.38.67:80 orport=443 id=DED6892FF89DBD737BA689698A171B2392EB3E82" -" ipv6=[2001:41d0:52:100::112a]:443" -/* nickname=ThorExit */ +"83.212.99.68:80 orport=443 id=DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0" +" ipv6=[2001:648:2ffc:1225:a800:bff:fe3d:67b5]:443" +/* nickname=zouzounella */ /* extrainfo=0 */ /* ===== */ , @@ -785,8 +717,13 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"131.188.40.188:1443 orport=80 id=EBE718E1A49EE229071702964F8DB1F318075FF8" -" ipv6=[2001:638:a000:4140::ffff:188]:80" +"195.154.105.170:9030 orport=9001 id=E947C029087FA1C3499BEF5D4372947C51223D8F" +/* nickname=dgplug */ +/* extrainfo=0 */ +/* ===== */ +, +"131.188.40.188:1443 orport=11180 id=EBE718E1A49EE229071702964F8DB1F318075FF8" +" ipv6=[2001:638:a000:4140::ffff:188]:11180" /* nickname=fluxe4 */ /* extrainfo=1 */ /* ===== */ @@ -797,9 +734,8 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"37.252.187.111:9030 orport=443 id=EE4AF632058F0734C1426B1AD689F47445CA2056" -" ipv6=[2a00:63c1:c:111::2]:443" -/* nickname=angeltest7 */ +"178.20.55.16:80 orport=443 id=EFAE44728264982224445E96214C15F9075DEE1D" +/* nickname=marcuse1 */ /* extrainfo=0 */ /* ===== */ , @@ -808,8 +744,15 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"193.70.112.165:80 orport=443 id=F10BDE279AE71515DDCCCC61DC19AC8765F8A3CC" -/* nickname=ParkBenchInd001 */ +"193.234.15.58:80 orport=443 id=F24F8BEA2779A79111F33F6832B062BED306B9CB" +" ipv6=[2a00:1c20:4089:1234:cdae:1b3e:cc38:3d45]:443" +/* nickname=jaures2 */ +/* extrainfo=0 */ +/* ===== */ +, +"129.13.131.140:80 orport=443 id=F2DFE5FA1E4CF54F8E761A6D304B9B4EC69BDAE8" +" ipv6=[2a00:1398:5:f604:cafe:cafe:cafe:9001]:443" +/* nickname=AlleKochenKaffee */ /* extrainfo=0 */ /* ===== */ , @@ -824,9 +767,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , -"192.160.102.168:80 orport=9001 id=F6A358DD367B3282D6EF5824C9D45E1A19C7E815" -" ipv6=[2620:132:300c:c01d::8]:9002" -/* nickname=prawksi */ +"163.172.154.162:9030 orport=9001 id=F741E5124CB12700DA946B78C9B2DD175D6CD2A1" +" ipv6=[2001:bc8:47a0:162a::1]:9001" +/* nickname=rofltor06 */ /* extrainfo=0 */ /* ===== */ , @@ -836,10 +779,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=1 */ /* ===== */ , -"185.96.180.29:80 orport=443 id=F93D8F37E35C390BCAD9F9069E13085B745EC216" -" ipv6=[2a00:4820::185:96:180:29]:443" -/* nickname=TykRelay06 */ -/* extrainfo=0 */ +"91.143.88.62:80 orport=443 id=F9246DEF2B653807236DA134F2AEAB103D58ABFE" +/* nickname=Freebird31 */ +/* extrainfo=1 */ /* ===== */ , "149.56.45.200:9030 orport=9001 id=FE296180018833AF03A8EACD5894A614623D3F76" @@ -848,6 +790,12 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&o /* extrainfo=0 */ /* ===== */ , +"62.141.38.69:80 orport=443 id=FF9FC6D130FA26AE3AE8B23688691DC419F0F22E" +" ipv6=[2001:4ba0:cafe:ac5::]:443" +/* nickname=rinderwahnRelay3L */ +/* extrainfo=0 */ +/* ===== */ +, "193.11.164.243:9030 orport=9001 id=FFA72BD683BC2FCF988356E6BEC1E490F313FB07" " ipv6=[2001:6b0:7:125::243]:9001" /* nickname=Lule */ diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index 3595bba85c..21d4332758 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -379,8 +379,12 @@ or_connection_new(int type, int socket_family) connection_or_set_canonical(or_conn, 0); - if (type == CONN_TYPE_EXT_OR) + if (type == CONN_TYPE_EXT_OR) { + /* If we aren't told an address for this connection, we should + * presume it isn't local, and should be rate-limited. */ + TO_CONN(or_conn)->always_rate_limit_as_remote = 1; connection_or_set_ext_or_identifier(or_conn); + } return or_conn; } @@ -2923,7 +2927,14 @@ retry_all_listeners(smartlist_t *new_conns, int close_all_noncontrol) &skip, &addr_in_use); } - tor_assert(new_conn); + /* There are many reasons why we can't open a new listener port so in case + * we hit those, bail early so tor can stop. */ + if (!new_conn) { + log_warn(LD_NET, "Unable to create listener port: %s:%d", + fmt_addr(&r->new_port->addr), r->new_port->port); + retval = -1; + break; + } smartlist_add(new_conns, new_conn); @@ -3025,6 +3036,7 @@ connection_is_rate_limited(connection_t *conn) if (conn->linked) return 0; /* Internal connection */ else if (! options->CountPrivateBandwidth && + ! conn->always_rate_limit_as_remote && (tor_addr_family(&conn->addr) == AF_UNSPEC || /* no address */ tor_addr_family(&conn->addr) == AF_UNIX || /* no address */ tor_addr_is_internal(&conn->addr, 0))) diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c index f0aa37e8da..e67e1299b2 100644 --- a/src/core/mainloop/mainloop.c +++ b/src/core/mainloop/mainloop.c @@ -2511,7 +2511,8 @@ hs_service_callback(time_t now, const or_options_t *options) /* We need to at least be able to build circuits and that we actually have * a working network. */ if (!have_completed_a_circuit() || net_is_disabled() || - networkstatus_get_live_consensus(now) == NULL) { + !networkstatus_get_reasonably_live_consensus(now, + usable_consensus_flavor())) { goto end; } diff --git a/src/core/or/channel.c b/src/core/or/channel.c index 3886906875..9649bdf278 100644 --- a/src/core/or/channel.c +++ b/src/core/or/channel.c @@ -72,6 +72,7 @@ #include "core/or/relay.h" #include "core/or/scheduler.h" #include "feature/client/entrynodes.h" +#include "feature/nodelist/dirlist.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerlist.h" @@ -663,7 +664,7 @@ channel_find_by_global_id(uint64_t global_identifier) /** Return true iff <b>chan</b> matches <b>rsa_id_digest</b> and <b>ed_id</b>. * as its identity keys. If either is NULL, do not check for a match. */ -static int +int channel_remote_identity_matches(const channel_t *chan, const char *rsa_id_digest, const ed25519_public_key_t *ed_id) @@ -749,6 +750,7 @@ channel_check_for_duplicates(void) { channel_idmap_entry_t **iter; channel_t *chan; + int total_dirauth_connections = 0, total_dirauths = 0; int total_relay_connections = 0, total_relays = 0, total_canonical = 0; int total_half_canonical = 0; int total_gt_one_connection = 0, total_gt_two_connections = 0; @@ -756,13 +758,18 @@ channel_check_for_duplicates(void) HT_FOREACH(iter, channel_idmap, &channel_identity_map) { int connections_to_relay = 0; + const char *id_digest = (char *) (*iter)->digest; /* Only consider relay connections */ - if (!connection_or_digest_is_known_relay((char*)(*iter)->digest)) + if (!connection_or_digest_is_known_relay(id_digest)) continue; total_relays++; + const bool is_dirauth = router_digest_is_trusted_dir(id_digest); + if (is_dirauth) + total_dirauths++; + for (chan = TOR_LIST_FIRST(&(*iter)->channel_list); chan; chan = channel_next_with_rsa_identity(chan)) { @@ -771,11 +778,12 @@ channel_check_for_duplicates(void) connections_to_relay++; total_relay_connections++; + if (is_dirauth) + total_dirauth_connections++; - if (chan->is_canonical(chan, 0)) total_canonical++; + if (chan->is_canonical(chan)) total_canonical++; - if (!chan->is_canonical_to_peer && chan->is_canonical(chan, 0) - && chan->is_canonical(chan, 1)) { + if (!chan->is_canonical_to_peer && chan->is_canonical(chan)) { total_half_canonical++; } } @@ -785,11 +793,28 @@ channel_check_for_duplicates(void) if (connections_to_relay > 4) total_gt_four_connections++; } -#define MIN_RELAY_CONNECTIONS_TO_WARN 5 + /* Don't bother warning about excessive connections unless we have + * at least this many connections, total. + */ +#define MIN_RELAY_CONNECTIONS_TO_WARN 25 + /* If the average number of connections for a regular relay is more than + * this, that's too high. + */ +#define MAX_AVG_RELAY_CONNECTIONS 1.5 + /* If the average number of connections for a dirauth is more than + * this, that's too high. + */ +#define MAX_AVG_DIRAUTH_CONNECTIONS 4 + + /* How many connections total would be okay, given the number of + * relays and dirauths that we have connections to? */ + const int max_tolerable_connections = (int)( + (total_relays-total_dirauths) * MAX_AVG_RELAY_CONNECTIONS + + total_dirauths * MAX_AVG_DIRAUTH_CONNECTIONS); /* If we average 1.5 or more connections per relay, something is wrong */ if (total_relays > MIN_RELAY_CONNECTIONS_TO_WARN && - total_relay_connections >= 1.5*total_relays) { + total_relay_connections > max_tolerable_connections) { log_notice(LD_OR, "Your relay has a very large number of connections to other relays. " "Is your outbound address the same as your relay address? " @@ -2431,21 +2456,9 @@ channel_get_for_extend(const char *rsa_id_digest, continue; } - /* Never return a non-canonical connection using a recent link protocol - * if the address is not what we wanted. - * - * The channel_is_canonical_is_reliable() function asks the lower layer - * if we should trust channel_is_canonical(). The below is from the - * comments of the old circuit_or_get_for_extend() and applies when - * the lower-layer transport is channel_tls_t. - * - * (For old link protocols, we can't rely on is_canonical getting - * set properly if we're talking to the right address, since we might - * have an out-of-date descriptor, and we will get no NETINFO cell to - * tell us about the right address.) - */ + /* Only return canonical connections or connections where the address + * is the address we wanted. */ if (!channel_is_canonical(chan) && - channel_is_canonical_is_reliable(chan) && !channel_matches_target_addr_for_extend(chan, target_addr)) { ++n_noncanonical; continue; @@ -2587,16 +2600,12 @@ channel_dump_statistics, (channel_t *chan, int severity)) /* Handle marks */ tor_log(severity, LD_GENERAL, - " * Channel %"PRIu64 " has these marks: %s %s %s " - "%s %s %s", + " * Channel %"PRIu64 " has these marks: %s %s %s %s %s", (chan->global_identifier), channel_is_bad_for_new_circs(chan) ? "bad_for_new_circs" : "!bad_for_new_circs", channel_is_canonical(chan) ? "canonical" : "!canonical", - channel_is_canonical_is_reliable(chan) ? - "is_canonical_is_reliable" : - "!is_canonical_is_reliable", channel_is_client(chan) ? "client" : "!client", channel_is_local(chan) ? @@ -2955,22 +2964,7 @@ channel_is_canonical(channel_t *chan) tor_assert(chan); tor_assert(chan->is_canonical); - return chan->is_canonical(chan, 0); -} - -/** - * Test if the canonical flag is reliable. - * - * This function asks if the lower layer thinks it's safe to trust the - * result of channel_is_canonical(). - */ -int -channel_is_canonical_is_reliable(channel_t *chan) -{ - tor_assert(chan); - tor_assert(chan->is_canonical); - - return chan->is_canonical(chan, 1); + return chan->is_canonical(chan); } /** diff --git a/src/core/or/channel.h b/src/core/or/channel.h index 97aa000337..d41f0d70bb 100644 --- a/src/core/or/channel.h +++ b/src/core/or/channel.h @@ -351,12 +351,10 @@ struct channel_s { /** Check if the lower layer has queued writes */ int (*has_queued_writes)(channel_t *); /** - * If the second param is zero, ask the lower layer if this is - * 'canonical', for a transport-specific definition of canonical; if - * it is 1, ask if the answer to the preceding query is safe to rely - * on. + * Ask the lower layer if this is 'canonical', for a transport-specific + * definition of canonical. */ - int (*is_canonical)(channel_t *, int); + int (*is_canonical)(channel_t *); /** Check if this channel matches a specified extend_info_t */ int (*matches_extend_info)(channel_t *, extend_info_t *); /** Check if this channel matches a target address when extending */ @@ -733,7 +731,6 @@ int channel_has_queued_writes(channel_t *chan); int channel_is_bad_for_new_circs(channel_t *chan); void channel_mark_bad_for_new_circs(channel_t *chan); int channel_is_canonical(channel_t *chan); -int channel_is_canonical_is_reliable(channel_t *chan); int channel_is_client(const channel_t *chan); int channel_is_local(channel_t *chan); int channel_is_incoming(channel_t *chan); @@ -741,6 +738,9 @@ int channel_is_outgoing(channel_t *chan); void channel_mark_client(channel_t *chan); void channel_clear_client(channel_t *chan); int channel_matches_extend_info(channel_t *chan, extend_info_t *extend_info); +int channel_remote_identity_matches(const channel_t *chan, + const char *rsa_id_digest, + const ed25519_public_key_t *ed_id); int channel_matches_target_addr_for_extend(channel_t *chan, const tor_addr_t *target); unsigned int channel_num_circuits(channel_t *chan); diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c index f874e39946..18025ff73a 100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@ -106,7 +106,7 @@ channel_tls_get_transport_name_method(channel_t *chan, char **transport_out); static const char * channel_tls_get_remote_descr_method(channel_t *chan, int flags); static int channel_tls_has_queued_writes_method(channel_t *chan); -static int channel_tls_is_canonical_method(channel_t *chan, int req); +static int channel_tls_is_canonical_method(channel_t *chan); static int channel_tls_matches_extend_info_method(channel_t *chan, extend_info_t *extend_info); @@ -643,12 +643,11 @@ channel_tls_has_queued_writes_method(channel_t *chan) /** * Tell the upper layer if we're canonical. * - * This implements the is_canonical method for channel_tls_t; if req is zero, - * it returns whether this is a canonical channel, and if it is one it returns - * whether that can be relied upon. + * This implements the is_canonical method for channel_tls_t: + * it returns whether this is a canonical channel. */ static int -channel_tls_is_canonical_method(channel_t *chan, int req) +channel_tls_is_canonical_method(channel_t *chan) { int answer = 0; channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan); @@ -656,24 +655,13 @@ channel_tls_is_canonical_method(channel_t *chan, int req) tor_assert(tlschan); if (tlschan->conn) { - switch (req) { - case 0: - answer = tlschan->conn->is_canonical; - break; - case 1: - /* - * Is the is_canonical bit reliable? In protocols version 2 and up - * we get the canonical address from a NETINFO cell, but in older - * versions it might be based on an obsolete descriptor. - */ - answer = (tlschan->conn->link_proto >= 2); - break; - default: - /* This shouldn't happen; channel.c is broken if it does */ - tor_assert_nonfatal_unreached_once(); - } + /* If this bit is set to 0, and link_proto is sufficiently old, then we + * can't actually _rely_ on this being a non-canonical channel. + * Nonetheless, we're going to believe that this is a non-canonical + * channel in this case, since nobody should be using these link protocols + * any more. */ + answer = tlschan->conn->is_canonical; } - /* else return 0 for tlschan->conn == NULL */ return answer; } @@ -1237,8 +1225,7 @@ channel_tls_handle_var_cell(var_cell_t *var_cell, or_connection_t *conn) * the v2 and v3 handshakes. */ /* But that should be happening any longer've disabled bufferevents. */ tor_assert_nonfatal_unreached_once(); - - FALLTHROUGH; + FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL; case OR_CONN_STATE_TLS_SERVER_RENEGOTIATING: if (!(command_allowed_before_handshake(var_cell->command))) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c index f3a5791d6c..70b5d8215a 100644 --- a/src/core/or/circuitbuild.c +++ b/src/core/or/circuitbuild.c @@ -623,21 +623,37 @@ circuit_n_chan_done(channel_t *chan, int status, int close_origin_circuits) circ->state != CIRCUIT_STATE_CHAN_WAIT) continue; - if (tor_digest_is_zero(circ->n_hop->identity_digest)) { + const char *rsa_ident = NULL; + const ed25519_public_key_t *ed_ident = NULL; + if (! tor_digest_is_zero(circ->n_hop->identity_digest)) { + rsa_ident = circ->n_hop->identity_digest; + } + if (! ed25519_public_key_is_zero(&circ->n_hop->ed_identity)) { + ed_ident = &circ->n_hop->ed_identity; + } + + if (rsa_ident == NULL && ed_ident == NULL) { /* Look at addr/port. This is an unkeyed connection. */ if (!channel_matches_extend_info(chan, circ->n_hop)) continue; } else { - /* We expected a key. See if it's the right one. */ - if (tor_memneq(chan->identity_digest, - circ->n_hop->identity_digest, DIGEST_LEN)) + /* We expected a key or keys. See if they matched. */ + if (!channel_remote_identity_matches(chan, rsa_ident, ed_ident)) + continue; + + /* If the channel is canonical, great. If not, it needs to match + * the requested address exactly. */ + if (! chan->is_canonical && + ! channel_matches_extend_info(chan, circ->n_hop)) { continue; + } } if (!status) { /* chan failed; close circ */ log_info(LD_CIRC,"Channel failed; closing circ."); circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED); continue; } + if (close_origin_circuits && CIRCUIT_IS_ORIGIN(circ)) { log_info(LD_CIRC,"Channel deprecated for origin circs; closing circ."); circuit_mark_for_close(circ, END_CIRC_REASON_CHANNEL_CLOSED); @@ -707,6 +723,8 @@ circuit_deliver_create_cell(circuit_t *circ, const create_cell_t *create_cell, goto error; } + tor_assert_nonfatal_once(circ->n_chan->is_canonical); + memset(&cell, 0, sizeof(cell_t)); r = relayed ? create_cell_format_relayed(&cell, create_cell) : create_cell_format(&cell, create_cell); diff --git a/src/core/or/circuitlist.c b/src/core/or/circuitlist.c index 03d495cdfd..ccf3041bb4 100644 --- a/src/core/or/circuitlist.c +++ b/src/core/or/circuitlist.c @@ -787,7 +787,7 @@ circuit_purpose_to_controller_hs_state_string(uint8_t purpose) "Unrecognized circuit purpose: %d", (int)purpose); tor_fragile_assert(); - FALLTHROUGH; + FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL; case CIRCUIT_PURPOSE_OR: case CIRCUIT_PURPOSE_C_GENERAL: diff --git a/src/core/or/connection_st.h b/src/core/or/connection_st.h index d1430eda14..c197a81340 100644 --- a/src/core/or/connection_st.h +++ b/src/core/or/connection_st.h @@ -64,6 +64,9 @@ struct connection_t { /** True if connection_handle_write is currently running on this connection. */ unsigned int in_connection_handle_write:1; + /** If true, then we treat this connection as remote for the purpose of + * rate-limiting, no matter what its address is. */ + unsigned int always_rate_limit_as_remote:1; /* For linked connections: */ diff --git a/src/core/or/protover.c b/src/core/or/protover.c index 17979d04ea..dfb0e9e303 100644 --- a/src/core/or/protover.c +++ b/src/core/or/protover.c @@ -113,13 +113,13 @@ proto_entry_free_(proto_entry_t *entry) } /** The largest possible protocol version. */ -#define MAX_PROTOCOL_VERSION (UINT32_MAX-1) +#define MAX_PROTOCOL_VERSION (63) /** * Given a string <b>s</b> and optional end-of-string pointer * <b>end_of_range</b>, parse the protocol range and store it in * <b>low_out</b> and <b>high_out</b>. A protocol range has the format U, or - * U-U, where U is an unsigned 32-bit integer. + * U-U, where U is an unsigned integer between 0 and 63 inclusive. */ static int parse_version_range(const char *s, const char *end_of_range, diff --git a/src/core/proto/proto_socks.c b/src/core/proto/proto_socks.c index c7bf13b9f4..5a7d7ac9be 100644 --- a/src/core/proto/proto_socks.c +++ b/src/core/proto/proto_socks.c @@ -545,6 +545,7 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, if (parsed == -1) { log_warn(LD_APP, "socks5: parsing failed - invalid client request"); res = SOCKS_RESULT_INVALID; + socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); goto end; } else if (parsed == -2) { res = SOCKS_RESULT_TRUNCATED; @@ -556,6 +557,7 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, if (socks5_client_request_get_version(trunnel_req) != 5) { res = SOCKS_RESULT_INVALID; + socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); goto end; } @@ -590,6 +592,7 @@ parse_socks5_client_request(const uint8_t *raw_data, socks_request_t *req, tor_addr_to_str(req->address, &destaddr, sizeof(req->address), 1); } break; default: { + socks_request_set_socks5_error(req, SOCKS5_ADDRESS_TYPE_NOT_SUPPORTED); res = -1; } break; } @@ -770,8 +773,10 @@ handle_socks_message(const uint8_t *raw_data, size_t datalen, } else { res = parse_socks5_client_request(raw_data, req, datalen, drain_out); - if (res != SOCKS_RESULT_DONE) { + if (BUG(res == SOCKS_RESULT_INVALID && req->replylen == 0)) { socks_request_set_socks5_error(req, SOCKS5_GENERAL_ERROR); + } + if (res != SOCKS_RESULT_DONE) { goto end; } diff --git a/src/ext/keccak-tiny/keccak-tiny.h b/src/ext/keccak-tiny/keccak-tiny.h index a9c8ed6420..dd26386a9a 100644 --- a/src/ext/keccak-tiny/keccak-tiny.h +++ b/src/ext/keccak-tiny/keccak-tiny.h @@ -21,7 +21,7 @@ typedef struct keccak_state { size_t offset; uint8_t finalized : 1; -} keccak_state; +} __attribute__((aligned(8))) keccak_state; /* Initialize a Keccak instance suitable for SHA-3 hash functions. */ int keccak_digest_init(keccak_state *s, size_t bits); diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index 8d9230b66b..6c7f8057bd 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -2263,7 +2263,7 @@ entry_guards_note_guard_success(guard_selection_t *gs, break; default: tor_assert_nonfatal_unreached(); - FALLTHROUGH; + FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL; case GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD: if (guard->is_primary) { /* XXXX #20832 -- I don't actually like this logic. It seems to make diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c index 05f9940ae6..042ec55fa4 100644 --- a/src/feature/hs/hs_cache.c +++ b/src/feature/hs/hs_cache.c @@ -17,6 +17,7 @@ #include "feature/hs/hs_common.h" #include "feature/hs/hs_client.h" #include "feature/hs/hs_descriptor.h" +#include "feature/nodelist/microdesc.h" #include "feature/nodelist/networkstatus.h" #include "feature/rend/rendcache.h" @@ -673,7 +674,9 @@ cached_client_descriptor_has_expired(time_t now, /* We use the current consensus time to see if we should expire this * descriptor since we use consensus time for all other parts of the protocol * as well (e.g. to build the blinded key and compute time periods). */ - const networkstatus_t *ns = networkstatus_get_live_consensus(now); + const networkstatus_t *ns = + networkstatus_get_reasonably_live_consensus(now, + usable_consensus_flavor()); /* If we don't have a recent consensus, consider this entry expired since we * will want to fetch a new HS desc when we get a live consensus. */ if (!ns) { diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index c65f857419..e25919ecb7 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -29,6 +29,7 @@ #include "feature/hs/hs_descriptor.h" #include "feature/hs/hs_ident.h" #include "feature/nodelist/describe.h" +#include "feature/nodelist/microdesc.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerset.h" @@ -1181,9 +1182,10 @@ can_client_refetch_desc(const ed25519_public_key_t *identity_pk, goto cannot; } - /* Without a live consensus we can't do any client actions. It is needed to - * compute the hashring for a service. */ - if (!networkstatus_get_live_consensus(approx_time())) { + /* Without a usable consensus we can't do any client actions. It is needed + * to compute the hashring for a service. */ + if (!networkstatus_get_reasonably_live_consensus(approx_time(), + usable_consensus_flavor())) { log_info(LD_REND, "Can't fetch descriptor for service %s because we " "are missing a live consensus. Stalling connection.", safe_str_client(ed25519_fmt(identity_pk))); diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c index ebe49f09a5..de653037d1 100644 --- a/src/feature/hs/hs_common.c +++ b/src/feature/hs/hs_common.c @@ -25,6 +25,7 @@ #include "feature/hs/hs_service.h" #include "feature/hs_common/shared_random_client.h" #include "feature/nodelist/describe.h" +#include "feature/nodelist/microdesc.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerset.h" @@ -272,7 +273,9 @@ hs_get_time_period_num(time_t now) if (now != 0) { current_time = now; } else { - networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); + networkstatus_t *ns = + networkstatus_get_reasonably_live_consensus(approx_time(), + usable_consensus_flavor()); current_time = ns ? ns->valid_after : approx_time(); } @@ -1098,7 +1101,8 @@ hs_in_period_between_tp_and_srv,(const networkstatus_t *consensus, time_t now)) time_t srv_start_time, tp_start_time; if (!consensus) { - consensus = networkstatus_get_live_consensus(now); + consensus = networkstatus_get_reasonably_live_consensus(now, + usable_consensus_flavor()); if (!consensus) { return 0; } @@ -1343,7 +1347,9 @@ hs_get_responsible_hsdirs(const ed25519_public_key_t *blinded_pk, sorted_nodes = smartlist_new(); /* Make sure we actually have a live consensus */ - networkstatus_t *c = networkstatus_get_live_consensus(approx_time()); + networkstatus_t *c = + networkstatus_get_reasonably_live_consensus(approx_time(), + usable_consensus_flavor()); if (!c || smartlist_len(c->routerstatus_list) == 0) { log_warn(LD_REND, "No live consensus so we can't get the responsible " "hidden service directories."); diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 6d32cae86c..e820ce9d0b 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -23,6 +23,7 @@ #include "feature/hs_common/shared_random_client.h" #include "feature/keymgt/loadkey.h" #include "feature/nodelist/describe.h" +#include "feature/nodelist/microdesc.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nickname.h" #include "feature/nodelist/node_select.h" @@ -2500,7 +2501,8 @@ should_rotate_descriptors(hs_service_t *service, time_t now) tor_assert(service); - ns = networkstatus_get_live_consensus(now); + ns = networkstatus_get_reasonably_live_consensus(now, + usable_consensus_flavor()); if (ns == NULL) { goto no_rotation; } @@ -3100,7 +3102,8 @@ should_service_upload_descriptor(const hs_service_t *service, } /* Don't upload desc if we don't have a live consensus */ - if (!networkstatus_get_live_consensus(now)) { + if (!networkstatus_get_reasonably_live_consensus(now, + usable_consensus_flavor())) { goto cannot; } diff --git a/src/feature/hs_common/shared_random_client.c b/src/feature/hs_common/shared_random_client.c index 5772034c6d..ead5d681a9 100644 --- a/src/feature/hs_common/shared_random_client.c +++ b/src/feature/hs_common/shared_random_client.c @@ -13,6 +13,7 @@ #include "app/config/config.h" #include "feature/dircommon/voting_schedule.h" +#include "feature/nodelist/microdesc.h" #include "feature/nodelist/networkstatus.h" #include "lib/encoding/binascii.h" @@ -37,7 +38,9 @@ int get_voting_interval(void) { int interval; - networkstatus_t *consensus = networkstatus_get_live_consensus(time(NULL)); + networkstatus_t *consensus = + networkstatus_get_reasonably_live_consensus(time(NULL), + usable_consensus_flavor()); if (consensus) { interval = (int)(consensus->fresh_until - consensus->valid_after); @@ -142,7 +145,8 @@ sr_get_current(const networkstatus_t *ns) if (ns) { consensus = ns; } else { - consensus = networkstatus_get_live_consensus(approx_time()); + consensus = networkstatus_get_reasonably_live_consensus(approx_time(), + usable_consensus_flavor()); } /* Ideally we would never be asked for an SRV without a live consensus. Make * sure this assumption is correct. */ @@ -165,7 +169,8 @@ sr_get_previous(const networkstatus_t *ns) if (ns) { consensus = ns; } else { - consensus = networkstatus_get_live_consensus(approx_time()); + consensus = networkstatus_get_reasonably_live_consensus(approx_time(), + usable_consensus_flavor()); } /* Ideally we would never be asked for an SRV without a live consensus. Make * sure this assumption is correct. */ @@ -237,10 +242,14 @@ sr_state_get_start_time_of_current_protocol_run(void) int voting_interval = get_voting_interval(); time_t beginning_of_curr_round; - /* This function is not used for voting purposes, so if we have a live - consensus, use its valid-after as the beginning of the current round, - otherwise resort to the voting schedule which should always exist. */ - networkstatus_t *ns = networkstatus_get_live_consensus(approx_time()); + /* This function is not used for voting purposes, so if we have a reasonably + * live consensus, use its valid-after as the beginning of the current + * round. If we have no consensus but we're an authority, use our own + * schedule. Otherwise, try using our view of the voting interval to figure + * out when the current round _should_ be starting. */ + networkstatus_t *ns = + networkstatus_get_reasonably_live_consensus(approx_time(), + usable_consensus_flavor()); if (ns) { beginning_of_curr_round = ns->valid_after; } else { @@ -255,10 +264,6 @@ sr_state_get_start_time_of_current_protocol_run(void) protocol run */ time_t time_elapsed_since_start_of_run = curr_round_slot * voting_interval; - log_debug(LD_GENERAL, "Current SRV proto run: Start of current round: %u. " - "Time elapsed: %u (%d)", (unsigned) beginning_of_curr_round, - (unsigned) time_elapsed_since_start_of_run, voting_interval); - return beginning_of_curr_round - time_elapsed_since_start_of_run; } diff --git a/src/feature/nodelist/node_select.c b/src/feature/nodelist/node_select.c index e31abb247f..7b9e241e5b 100644 --- a/src/feature/nodelist/node_select.c +++ b/src/feature/nodelist/node_select.c @@ -540,6 +540,51 @@ bridge_get_advertised_bandwidth_bounded(routerinfo_t *router) return result; } +/** + * We have found an instance of bug 32868: log our best guess about where the + * routerstatus was found. + **/ +static void +log_buggy_rs_source(const routerstatus_t *rs) +{ + static ratelim_t buggy_rs_ratelim = RATELIM_INIT(1200); + char *m; + if ((m = rate_limit_log(&buggy_rs_ratelim, approx_time()))) { + log_warn(LD_BUG, + "Found a routerstatus %p with has_guardfraction=%u " + " and guardfraction_percentage=%u, but is_possible_guard=%u.%s", + rs, + rs->has_guardfraction, + rs->guardfraction_percentage, + rs->is_possible_guard, + m); + tor_free(m); + networkstatus_t *ns; + int in_ns_count = 0; + if ((ns = networkstatus_get_latest_consensus_by_flavor(FLAV_NS))) { + int pos = smartlist_pos(ns->routerstatus_list, rs); + if (pos >= 0) { + ++in_ns_count; + log_warn(LD_BUG, "Found the routerstatus at position %d of the " + "NS consensus.", pos); + } + } + if ((ns = networkstatus_get_latest_consensus_by_flavor(FLAV_MICRODESC))) { + int pos = smartlist_pos(ns->routerstatus_list, rs); + if (pos >= 0) { + ++in_ns_count; + log_warn(LD_BUG, "Found the routerstatus at position %d of the " + "MD consensus.", pos); + } + } + if (in_ns_count == 0) { + log_warn(LD_BUG, "Could not find the routerstatus in any " + "latest consensus."); + } + tor_assert_nonfatal_unreached(); + } +} + /** Given a list of routers and a weighting rule as in * smartlist_choose_node_by_bandwidth_weights, compute weighted bandwidth * values for each node and store them in a freshly allocated @@ -715,10 +760,11 @@ compute_weighted_bandwidths(const smartlist_t *sl, * choose N proportionally to F*Wpf*B + (1-F)*Wpn*B. */ if (node->rs && node->rs->has_guardfraction && rule != WEIGHT_FOR_GUARD) { - /* XXX The assert should actually check for is_guard. However, - * that crashes dirauths because of #13297. This should be - * equivalent: */ - tor_assert(node->rs->is_possible_guard); + /* We should only have guardfraction set if the node has the Guard + flag. */ + if (! node->rs->is_possible_guard) { + log_buggy_rs_source(node->rs); + } guard_get_guardfraction_bandwidth(&guardfraction_bw, this_bw, diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c index 99d7f746a8..8974d95db6 100644 --- a/src/feature/nodelist/nodelist.c +++ b/src/feature/nodelist/nodelist.c @@ -361,7 +361,7 @@ node_set_hsdir_index(node_t *node, const networkstatus_t *ns) tor_assert(node); tor_assert(ns); - if (!networkstatus_is_live(ns, now)) { + if (!networkstatus_consensus_reasonably_live(ns, now)) { static struct ratelim_t live_consensus_ratelim = RATELIM_INIT(30 * 60); log_fn_ratelim(&live_consensus_ratelim, LOG_INFO, LD_GENERAL, "Not setting hsdir index with a non-live consensus."); diff --git a/src/feature/relay/ext_orport.c b/src/feature/relay/ext_orport.c index 56c5bb96f5..136aee3084 100644 --- a/src/feature/relay/ext_orport.c +++ b/src/feature/relay/ext_orport.c @@ -494,6 +494,10 @@ connection_ext_or_handle_cmd_useraddr(connection_t *conn, } conn->address = tor_addr_to_str_dup(&addr); + /* Now that we know the address, we don't have to manually override rate + * limiting. */ + conn->always_rate_limit_as_remote = 0; + return 0; } @@ -659,4 +663,3 @@ ext_orport_free_all(void) if (ext_or_auth_cookie) /* Free the auth cookie */ tor_free(ext_or_auth_cookie); } - diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index e91550a78c..283f7c326b 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -1433,6 +1433,50 @@ router_get_advertised_or_port_by_af(const or_options_t *options, return port; } +/** As router_get_advertised_or_port(), but returns the IPv6 address and + * port in ipv6_ap_out, which must not be NULL. Returns a null address and + * zero port, if no ORPort is found. */ +void +router_get_advertised_ipv6_or_ap(const or_options_t *options, + tor_addr_port_t *ipv6_ap_out) +{ + /* Bug in calling function, we can't return a sensible result, and it + * shouldn't use the NULL pointer once we return. */ + tor_assert(ipv6_ap_out); + + /* If there is no valid IPv6 ORPort, return a null address and port. */ + tor_addr_make_null(&ipv6_ap_out->addr, AF_INET6); + ipv6_ap_out->port = 0; + + const tor_addr_t *addr = get_first_advertised_addr_by_type_af( + CONN_TYPE_OR_LISTENER, + AF_INET6); + const uint16_t port = router_get_advertised_or_port_by_af( + options, + AF_INET6); + + if (!addr || port == 0) { + log_info(LD_CONFIG, "There is no advertised IPv6 ORPort."); + return; + } + + /* If the relay is configured using the default authorities, disallow + * internal IPs. Otherwise, allow them. For IPv4 ORPorts and DirPorts, + * this check is done in resolve_my_address(). See #33681. */ + const int default_auth = using_default_dir_authorities(options); + if (tor_addr_is_internal(addr, 0) && default_auth) { + log_warn(LD_CONFIG, + "Unable to use configured IPv6 ORPort \"%s\" in a " + "descriptor. Skipping it. " + "Try specifying a globally reachable address explicitly.", + fmt_addrport(addr, port)); + return; + } + + tor_addr_copy(&ipv6_ap_out->addr, addr); + ipv6_ap_out->port = port; +} + /** Return the port that we should advertise as our DirPort; * this is one of three possibilities: * The one that is passed as <b>dirport</b> if the DirPort option is 0, or @@ -1848,34 +1892,11 @@ router_build_fresh_descriptor(routerinfo_t **r, extrainfo_t **e) sizeof(curve25519_public_key_t)); /* For now, at most one IPv6 or-address is being advertised. */ - { - const port_cfg_t *ipv6_orport = NULL; - SMARTLIST_FOREACH_BEGIN(get_configured_ports(), const port_cfg_t *, p) { - if (p->type == CONN_TYPE_OR_LISTENER && - ! p->server_cfg.no_advertise && - ! p->server_cfg.bind_ipv4_only && - tor_addr_family(&p->addr) == AF_INET6) { - /* Like IPv4, if the relay is configured using the default - * authorities, disallow internal IPs. Otherwise, allow them. */ - const int default_auth = using_default_dir_authorities(options); - if (! tor_addr_is_internal(&p->addr, 0) || ! default_auth) { - ipv6_orport = p; - break; - } else { - char addrbuf[TOR_ADDR_BUF_LEN]; - log_warn(LD_CONFIG, - "Unable to use configured IPv6 address \"%s\" in a " - "descriptor. Skipping it. " - "Try specifying a globally reachable address explicitly.", - tor_addr_to_str(addrbuf, &p->addr, sizeof(addrbuf), 1)); - } - } - } SMARTLIST_FOREACH_END(p); - if (ipv6_orport) { - tor_addr_copy(&ri->ipv6_addr, &ipv6_orport->addr); - ri->ipv6_orport = ipv6_orport->port; - } - } + tor_addr_port_t ipv6_orport; + router_get_advertised_ipv6_or_ap(options, &ipv6_orport); + /* If there is no valud IPv6 ORPort, the address and port are null. */ + tor_addr_copy(&ri->ipv6_addr, &ipv6_orport.addr); + ri->ipv6_orport = ipv6_orport.port; ri->identity_pkey = crypto_pk_dup_key(get_server_identity_key()); if (BUG(crypto_pk_get_digest(ri->identity_pkey, diff --git a/src/feature/relay/router.h b/src/feature/relay/router.h index bd6a8a012e..ab1f771017 100644 --- a/src/feature/relay/router.h +++ b/src/feature/relay/router.h @@ -59,6 +59,8 @@ int init_keys_client(void); uint16_t router_get_active_listener_port_by_type_af(int listener_type, sa_family_t family); uint16_t router_get_advertised_or_port(const or_options_t *options); +void router_get_advertised_ipv6_or_ap(const or_options_t *options, + tor_addr_port_t *ipv6_ap_out); uint16_t router_get_advertised_or_port_by_af(const or_options_t *options, sa_family_t family); uint16_t router_get_advertised_dir_port(const or_options_t *options, diff --git a/src/feature/rend/rendclient.c b/src/feature/rend/rendclient.c index cde954da95..6e95142c0b 100644 --- a/src/feature/rend/rendclient.c +++ b/src/feature/rend/rendclient.c @@ -261,8 +261,8 @@ rend_client_send_introduction(origin_circuit_t *introcirc, > MAX_NICKNAME_LEN)) { goto perm_err; } - strncpy(tmp, rendcirc->build_state->chosen_exit->nickname, - (MAX_NICKNAME_LEN+1)); /* nul pads */ + strlcpy(tmp, rendcirc->build_state->chosen_exit->nickname, + sizeof(tmp)); memcpy(tmp+MAX_NICKNAME_LEN+1, rendcirc->rend_data->rend_cookie, REND_COOKIE_LEN); dh_offset = MAX_NICKNAME_LEN+1+REND_COOKIE_LEN; @@ -819,7 +819,7 @@ rend_client_report_intro_point_failure(extend_info_t *failed_intro, log_warn(LD_BUG, "Unknown failure type %u. Removing intro point.", failure_type); tor_fragile_assert(); - FALLTHROUGH; + FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL; case INTRO_POINT_FAILURE_GENERIC: rend_cache_intro_failure_note(failure_type, (uint8_t *)failed_intro->identity_digest, diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c index 3ba48f8858..af02b34e6b 100644 --- a/src/feature/rend/rendmid.c +++ b/src/feature/rend/rendmid.c @@ -333,10 +333,12 @@ rend_mid_rendezvous(or_circuit_t *circ, const uint8_t *request, goto err; } - /* Statistics: Mark this circuit as an RP circuit so that we collect - stats from it. */ + /* Statistics: Mark circuits as RP circuits */ if (options->HiddenServiceStatistics) { + /* `circ` is the RP <-> service circuit */ circ->circuit_carries_hs_traffic_stats = 1; + /* `rend_circ` is the client <-> RP circuit */ + rend_circ->circuit_carries_hs_traffic_stats = 1; } /* Send the RENDEZVOUS2 cell to the client. */ diff --git a/src/feature/rend/rendservice.c b/src/feature/rend/rendservice.c index c96ecec308..eaf0432a7d 100644 --- a/src/feature/rend/rendservice.c +++ b/src/feature/rend/rendservice.c @@ -130,6 +130,22 @@ static smartlist_t *rend_service_list = NULL; * service on config reload. */ static smartlist_t *rend_service_staging_list = NULL; +/** Helper: log the deprecation warning for version 2 only once. */ +static void +log_once_deprecation_warning(void) +{ + static bool logged_once = false; + if (!logged_once) { + log_warn(LD_REND, "DEPRECATED: Onion service version 2 are deprecated. " + "Please use version 3 which is the default now. " + "Currently, version 2 is planned to be obsolete in " + "the Tor version 0.4.6 stable series."); + logged_once = true; + } +} +/** Macro to make it very explicit that we are warning about deprecation. */ +#define WARN_ONCE_DEPRECATION() log_once_deprecation_warning() + /* Like rend_get_service_list_mutable, but returns a read-only list. */ static const smartlist_t* rend_get_service_list(const smartlist_t* substitute_service_list) @@ -731,6 +747,9 @@ rend_config_service(const config_line_t *line_, tor_assert(options); tor_assert(config); + /* We are about to configure a version 2 service. Warn of deprecation. */ + WARN_ONCE_DEPRECATION(); + /* Use the staging service list so that we can check then do the pruning * process using the main list at the end. */ if (rend_service_staging_list == NULL) { diff --git a/src/lib/container/buffers.c b/src/lib/container/buffers.c index 67887f2f30..fe4cf7c385 100644 --- a/src/lib/container/buffers.c +++ b/src/lib/container/buffers.c @@ -689,6 +689,8 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in) tor_assert(buf_out); if (!buf_in) return; + if (buf_datalen(buf_in) == 0) + return; if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX)) return; if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen)) diff --git a/src/lib/crypt_ops/compat_openssl.h b/src/lib/crypt_ops/compat_openssl.h index 9c10386c34..6605d01045 100644 --- a/src/lib/crypt_ops/compat_openssl.h +++ b/src/lib/crypt_ops/compat_openssl.h @@ -32,10 +32,6 @@ #define OPENSSL_1_1_API #endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && ... */ -#ifndef OPENSSL_VERSION -#define OPENSSL_VERSION SSLEAY_VERSION -#endif - #ifndef OPENSSL_1_1_API #define OpenSSL_version(v) SSLeay_version(v) #define OpenSSL_version_num() SSLeay() @@ -54,4 +50,3 @@ #endif /* defined(ENABLE_OPENSSL) */ #endif /* !defined(TOR_COMPAT_OPENSSL_H) */ - diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c index c97815f9a4..e7d6084f6c 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.c +++ b/src/lib/crypt_ops/crypto_openssl_mgt.c @@ -101,13 +101,22 @@ static char *crypto_openssl_version_str = NULL; const char * crypto_openssl_get_version_str(void) { +#ifdef OPENSSL_VERSION + const int query = OPENSSL_VERSION; +#else + /* This old name was changed around OpenSSL 1.1.0 */ + const int query = SSLEAY_VERSION; +#endif + if (crypto_openssl_version_str == NULL) { - const char *raw_version = OpenSSL_version(OPENSSL_VERSION); + const char *raw_version = OpenSSL_version(query); crypto_openssl_version_str = parse_openssl_version_str(raw_version); } return crypto_openssl_version_str; } +#undef QUERY_OPENSSL_VERSION + static char *crypto_openssl_header_version_str = NULL; /* Return a human-readable version of the compile-time openssl version * number. */ @@ -208,7 +217,7 @@ crypto_openssl_early_init(void) setup_openssl_threading(); unsigned long version_num = OpenSSL_version_num(); - const char *version_str = OpenSSL_version(OPENSSL_VERSION); + const char *version_str = crypto_openssl_get_version_str(); if (version_num == OPENSSL_VERSION_NUMBER && !strcmp(version_str, OPENSSL_VERSION_TEXT)) { log_info(LD_CRYPTO, "OpenSSL version matches version from headers " diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.h b/src/lib/crypt_ops/crypto_openssl_mgt.h index a3dd03aa04..8dbadfc9d2 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.h +++ b/src/lib/crypt_ops/crypto_openssl_mgt.h @@ -16,8 +16,7 @@ #include "orconfig.h" #ifdef ENABLE_OPENSSL -#include <openssl/engine.h> - +#include <openssl/opensslv.h> /* Macro to create an arbitrary OpenSSL version number as used by OPENSSL_VERSION_NUMBER or SSLeay(), since the actual numbers are a bit hard diff --git a/src/lib/fdio/fdio.c b/src/lib/fdio/fdio.c index 6c87af791d..d723d04d2a 100644 --- a/src/lib/fdio/fdio.c +++ b/src/lib/fdio/fdio.c @@ -43,7 +43,7 @@ off_t tor_fd_getpos(int fd) { #ifdef _WIN32 - return (off_t) _lseek(fd, 0, SEEK_CUR); + return (off_t) _lseeki64(fd, 0, SEEK_CUR); #else return (off_t) lseek(fd, 0, SEEK_CUR); #endif @@ -56,7 +56,7 @@ int tor_fd_seekend(int fd) { #ifdef _WIN32 - return _lseek(fd, 0, SEEK_END) < 0 ? -1 : 0; + return _lseeki64(fd, 0, SEEK_END) < 0 ? -1 : 0; #else off_t rc = lseek(fd, 0, SEEK_END) < 0 ? -1 : 0; #ifdef ESPIPE @@ -75,7 +75,7 @@ int tor_fd_setpos(int fd, off_t pos) { #ifdef _WIN32 - return _lseek(fd, pos, SEEK_SET) < 0 ? -1 : 0; + return _lseeki64(fd, pos, SEEK_SET) < 0 ? -1 : 0; #else return lseek(fd, pos, SEEK_SET) < 0 ? -1 : 0; #endif diff --git a/src/lib/log/util_bug.h b/src/lib/log/util_bug.h index 2a4d68127e..17e8d0c5a7 100644 --- a/src/lib/log/util_bug.h +++ b/src/lib/log/util_bug.h @@ -215,6 +215,17 @@ IF_BUG_ONCE__(ASSERT_PREDICT_UNLIKELY_(cond), \ IF_BUG_ONCE_VARNAME__(__LINE__)) +/** + * Use this macro after a nonfatal assertion, and before a case statement + * where you would want to fall through. + */ +#ifdef ALL_BUGS_ARE_FATAL +#define FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL \ + abort() +#else +#define FALLTHROUGH_UNLESS_ALL_BUGS_ARE_FATAL FALLTHROUGH +#endif + /** Define this if you want Tor to crash when any problem comes up, * so you can get a coredump and track things down. */ // #define tor_fragile_assert() tor_assert_unreached(0) diff --git a/src/lib/net/address.c b/src/lib/net/address.c index 076ca3eb34..69004ddb0e 100644 --- a/src/lib/net/address.c +++ b/src/lib/net/address.c @@ -337,7 +337,7 @@ tor_addr_to_str(char *dest, const tor_addr_t *addr, size_t len, int decorate) break; case AF_INET6: /* Shortest addr [ :: ] + \0 */ - if (len < (3 + (decorate ? 2 : 0))) + if (len < (3 + (decorate ? 2u : 0u))) return NULL; if (decorate) diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index 1436442e1c..6f6c47674e 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -418,6 +418,16 @@ tor_tls_new(tor_socket_t sock, int is_server) return NULL; } + /* even if though the socket is already nonblocking, we need to tell NSS + * about the fact, so that it knows what to do when it says EAGAIN. */ + PRSocketOptionData data; + data.option = PR_SockOpt_Nonblocking; + data.value.non_blocking = 1; + if (PR_SetSocketOption(ssl, &data) != PR_SUCCESS) { + PR_Close(ssl); + return NULL; + } + tor_tls_t *tls = tor_malloc_zero(sizeof(tor_tls_t)); tls->magic = TOR_TLS_MAGIC; tls->context = ctx; diff --git a/src/rust/protover/errors.rs b/src/rust/protover/errors.rs index dc0d8735f4..04397ac4fe 100644 --- a/src/rust/protover/errors.rs +++ b/src/rust/protover/errors.rs @@ -36,7 +36,7 @@ impl Display for ProtoverError { ProtoverError::Unparseable => write!(f, "The protover string was unparseable."), ProtoverError::ExceedsMax => write!( f, - "The high in a (low, high) protover range exceeds u32::MAX." + "The high in a (low, high) protover range exceeds 63." ), ProtoverError::ExceedsExpansionLimit => write!( f, diff --git a/src/rust/protover/protoset.rs b/src/rust/protover/protoset.rs index 3b283983c8..0ab94457c5 100644 --- a/src/rust/protover/protoset.rs +++ b/src/rust/protover/protoset.rs @@ -294,6 +294,10 @@ impl ProtoSet { } } +/// Largest allowed protocol version. +/// C_RUST_COUPLED: protover.c `MAX_PROTOCOL_VERSION` +const MAX_PROTOCOL_VERSION: Version = 63; + impl FromStr for ProtoSet { type Err = ProtoverError; @@ -370,7 +374,7 @@ impl FromStr for ProtoSet { let pieces: ::std::str::Split<char> = version_string.split(','); for p in pieces { - if p.contains('-') { + let (lo,hi) = if p.contains('-') { let mut pair = p.splitn(2, '-'); let low = pair.next().ok_or(ProtoverError::Unparseable)?; @@ -379,12 +383,17 @@ impl FromStr for ProtoSet { let lo: Version = low.parse().or(Err(ProtoverError::Unparseable))?; let hi: Version = high.parse().or(Err(ProtoverError::Unparseable))?; - pairs.push((lo, hi)); + (lo,hi) } else { let v: u32 = p.parse().or(Err(ProtoverError::Unparseable))?; - pairs.push((v, v)); + (v, v) + }; + + if lo > MAX_PROTOCOL_VERSION || hi > MAX_PROTOCOL_VERSION { + return Err(ProtoverError::ExceedsMax); } + pairs.push((lo, hi)); } ProtoSet::from_slice(&pairs[..]) @@ -674,12 +683,11 @@ mod test { #[test] fn test_protoset_into_vec() { - let ps: ProtoSet = "1-13,42,9001,4294967294".parse().unwrap(); + let ps: ProtoSet = "1-13,42".parse().unwrap(); let v: Vec<Version> = ps.into(); assert!(v.contains(&7)); - assert!(v.contains(&9001)); - assert!(v.contains(&4294967294)); + assert!(v.contains(&42)); } } diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs index 06fdf56c69..536667f61b 100644 --- a/src/rust/protover/protover.rs +++ b/src/rust/protover/protover.rs @@ -866,12 +866,12 @@ mod test { #[test] fn test_protoentry_from_str_allowed_number_of_versions() { - assert_protoentry_is_parseable!("Desc=1-4294967294"); + assert_protoentry_is_parseable!("Desc=1-63"); } #[test] fn test_protoentry_from_str_too_many_versions() { - assert_protoentry_is_unparseable!("Desc=1-4294967295"); + assert_protoentry_is_unparseable!("Desc=1-64"); } #[test] @@ -910,10 +910,10 @@ mod test { #[test] fn test_protoentry_all_supported_unsupported_high_version() { - let protocols: UnvalidatedProtoEntry = "HSDir=12-100".parse().unwrap(); + let protocols: UnvalidatedProtoEntry = "HSDir=12-60".parse().unwrap(); let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); assert_eq!(true, unsupported.is_some()); - assert_eq!("HSDir=12-100", &unsupported.unwrap().to_string()); + assert_eq!("HSDir=12-60", &unsupported.unwrap().to_string()); } #[test] @@ -962,7 +962,7 @@ mod test { ProtoSet::from_str(&versions).unwrap().to_string() ); - versions = "1-3,500"; + versions = "1-3,50"; assert_eq!( String::from(versions), ProtoSet::from_str(&versions).unwrap().to_string() diff --git a/src/rust/protover/tests/protover.rs b/src/rust/protover/tests/protover.rs index 942fe3c6ab..d563202d87 100644 --- a/src/rust/protover/tests/protover.rs +++ b/src/rust/protover/tests/protover.rs @@ -98,10 +98,10 @@ fn protocol_all_supported_with_unsupported_protocol() { #[test] fn protocol_all_supported_with_unsupported_versions() { - let protocols: UnvalidatedProtoEntry = "Link=3-999".parse().unwrap(); + let protocols: UnvalidatedProtoEntry = "Link=3-63".parse().unwrap(); let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); assert_eq!(true, unsupported.is_some()); - assert_eq!("Link=6-999", &unsupported.unwrap().to_string()); + assert_eq!("Link=6-63", &unsupported.unwrap().to_string()); } #[test] @@ -114,10 +114,10 @@ fn protocol_all_supported_with_unsupported_low_version() { #[test] fn protocol_all_supported_with_unsupported_high_version() { - let protocols: UnvalidatedProtoEntry = "Cons=1-2,999".parse().unwrap(); + let protocols: UnvalidatedProtoEntry = "Cons=1-2,60".parse().unwrap(); let unsupported: Option<UnvalidatedProtoEntry> = protocols.all_supported(); assert_eq!(true, unsupported.is_some()); - assert_eq!("Cons=999", &unsupported.unwrap().to_string()); + assert_eq!("Cons=60", &unsupported.unwrap().to_string()); } #[test] @@ -195,27 +195,27 @@ fn protover_compute_vote_returns_protocols_that_it_doesnt_currently_support() { #[test] fn protover_compute_vote_returns_matching_for_mix() { - let protocols: &[UnvalidatedProtoEntry] = &["Link=1-10,500 Cons=1,3-7,8".parse().unwrap()]; + let protocols: &[UnvalidatedProtoEntry] = &["Link=1-10,50 Cons=1,3-7,8".parse().unwrap()]; let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("Cons=1,3-8 Link=1-10,500", listed.to_string()); + assert_eq!("Cons=1,3-8 Link=1-10,50", listed.to_string()); } #[test] fn protover_compute_vote_returns_matching_for_longer_mix() { let protocols: &[UnvalidatedProtoEntry] = &[ - "Desc=1-10,500 Cons=1,3-7,8".parse().unwrap(), - "Link=123-456,78 Cons=2-6,8 Desc=9".parse().unwrap(), + "Desc=1-10,50 Cons=1,3-7,8".parse().unwrap(), + "Link=12-45,8 Cons=2-6,8 Desc=9".parse().unwrap(), ]; let listed = ProtoverVote::compute(protocols, &1); - assert_eq!("Cons=1-8 Desc=1-10,500 Link=78,123-456", listed.to_string()); + assert_eq!("Cons=1-8 Desc=1-10,50 Link=8,12-45", listed.to_string()); } #[test] fn protover_compute_vote_returns_matching_for_longer_mix_with_threshold_two() { let protocols: &[UnvalidatedProtoEntry] = &[ - "Desc=1-10,500 Cons=1,3-7,8".parse().unwrap(), - "Link=123-456,78 Cons=2-6,8 Desc=9".parse().unwrap(), + "Desc=1-10,50 Cons=1,3-7,8".parse().unwrap(), + "Link=8,12-45 Cons=2-6,8 Desc=9".parse().unwrap(), ]; let listed = ProtoverVote::compute(protocols, &2); @@ -320,30 +320,20 @@ fn protocol_all_supported_with_single_protocol_and_protocol_range() { assert_eq!(true, unsupported.is_none()); } -// By allowing us to add to votes, the C implementation allows us to -// exceed the limit. -#[test] -fn protover_compute_vote_may_exceed_limit() { - let proto1: UnvalidatedProtoEntry = "Sleen=1-65535".parse().unwrap(); - let proto2: UnvalidatedProtoEntry = "Sleen=100000".parse().unwrap(); - - let _result: UnvalidatedProtoEntry = ProtoverVote::compute(&[proto1, proto2], &1); -} - #[test] fn protover_all_supported_should_exclude_versions_we_actually_do_support() { - let proto: UnvalidatedProtoEntry = "Link=3-999".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Link=3-63".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Link=6-999".to_string()); + assert_eq!(result, "Link=6-63".to_string()); } #[test] fn protover_all_supported_should_exclude_versions_we_actually_do_support_complex1() { - let proto: UnvalidatedProtoEntry = "Link=1-3,345-666".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Link=1-3,30-63".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Link=345-666".to_string()); + assert_eq!(result, "Link=30-63".to_string()); } #[test] @@ -356,26 +346,10 @@ fn protover_all_supported_should_exclude_versions_we_actually_do_support_complex #[test] fn protover_all_supported_should_exclude_some_versions_and_entire_protocols() { - let proto: UnvalidatedProtoEntry = "Link=1-3,5-12 Quokka=9000-9001".parse().unwrap(); - let result: String = proto.all_supported().unwrap().to_string(); - - assert_eq!(result, "Link=6-12 Quokka=9000-9001".to_string()); -} - -#[test] -fn protover_all_supported_should_not_dos_anyones_computer() { - let proto: UnvalidatedProtoEntry = "Link=1-2147483648".parse().unwrap(); - let result: String = proto.all_supported().unwrap().to_string(); - - assert_eq!(result, "Link=6-2147483648".to_string()); -} - -#[test] -fn protover_all_supported_should_not_dos_anyones_computer_max_versions() { - let proto: UnvalidatedProtoEntry = "Link=1-4294967294".parse().unwrap(); + let proto: UnvalidatedProtoEntry = "Link=1-3,5-12 Quokka=50-51".parse().unwrap(); let result: String = proto.all_supported().unwrap().to_string(); - assert_eq!(result, "Link=6-4294967294".to_string()); + assert_eq!(result, "Link=6-12 Quokka=50-51".to_string()); } #[test] diff --git a/src/test/hs_ntor_ref.py b/src/test/hs_ntor_ref.py index 1b9772a5d6..d58ac3ca23 100644 --- a/src/test/hs_ntor_ref.py +++ b/src/test/hs_ntor_ref.py @@ -65,14 +65,16 @@ except ImportError: try: # Pull the sha3 functions in. from hashlib import sha3_256, shake_256 - shake_squeeze = shake_256.digest + def shake_squeeze(obj, n): + return obj.digest(n) except ImportError: if hasattr(sha3, "SHA3256"): # If this happens, then we have the old "sha3" module which # hashlib and pysha3 superseded. sha3_256 = sha3.SHA3256 shake_256 = sha3.SHAKE256 - shake_squeeze = shake_256.squeeze + def shake_squeeze(obj, n): + return obj.squeeze(n) else: # error code 77 tells automake to skip this test sys.exit(77) diff --git a/src/test/include.am b/src/test/include.am index ecb7689579..75861fb9ef 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -23,7 +23,15 @@ TESTSCRIPTS = \ src/test/test_workqueue_pipe.sh \ src/test/test_workqueue_pipe2.sh \ src/test/test_workqueue_socketpair.sh \ - src/test/test_switch_id.sh + src/test/test_switch_id.sh \ + src/test/unittest_part1.sh \ + src/test/unittest_part2.sh \ + src/test/unittest_part3.sh \ + src/test/unittest_part4.sh \ + src/test/unittest_part5.sh \ + src/test/unittest_part6.sh \ + src/test/unittest_part7.sh \ + src/test/unittest_part8.sh if USE_RUST TESTSCRIPTS += \ @@ -35,7 +43,7 @@ TESTSCRIPTS += src/test/test_ntor.sh src/test/test_hs_ntor.sh src/test/test_bt.s TESTSCRIPTS += src/test/test_rebind.sh endif -TESTS += src/test/test src/test/test-slow src/test/test-memwipe \ +TESTS += src/test/test-slow src/test/test-memwipe \ src/test/test_workqueue \ src/test/test_keygen.sh \ src/test/test_key_expiration.sh \ @@ -369,7 +377,15 @@ EXTRA_DIST += \ src/test/test_workqueue_efd2.sh \ src/test/test_workqueue_pipe.sh \ src/test/test_workqueue_pipe2.sh \ - src/test/test_workqueue_socketpair.sh + src/test/test_workqueue_socketpair.sh \ + src/test/unittest_part1.sh \ + src/test/unittest_part2.sh \ + src/test/unittest_part3.sh \ + src/test/unittest_part4.sh \ + src/test/unittest_part5.sh \ + src/test/unittest_part6.sh \ + src/test/unittest_part7.sh \ + src/test/unittest_part8.sh test-rust: $(TESTS_ENVIRONMENT) "$(abs_top_srcdir)/src/test/test_rust.sh" diff --git a/src/test/test_buffers.c b/src/test/test_buffers.c index 2f9ad1fbe3..3e7364a5c8 100644 --- a/src/test/test_buffers.c +++ b/src/test/test_buffers.c @@ -303,6 +303,69 @@ test_buffer_pullup(void *arg) } static void +test_buffers_move_all(void *arg) +{ + (void)arg; + buf_t *input = buf_new(); + buf_t *output = buf_new(); + char *s = NULL; + + /* Move from empty buffer to nonempty buffer. (This is a regression test for + * #40076) */ + buf_add(output, "abc", 3); + buf_assert_ok(input); + buf_assert_ok(output); + buf_move_all(output, input); + buf_assert_ok(input); + buf_assert_ok(output); + tt_int_op(buf_datalen(output), OP_EQ, 3); + s = buf_extract(output, NULL); + tt_str_op(s, OP_EQ, "abc"); + buf_free(output); + buf_free(input); + tor_free(s); + + /* Move from empty to empty. */ + output = buf_new(); + input = buf_new(); + buf_move_all(output, input); + buf_assert_ok(input); + buf_assert_ok(output); + tt_int_op(buf_datalen(output), OP_EQ, 0); + buf_free(output); + buf_free(input); + + /* Move from nonempty to empty. */ + output = buf_new(); + input = buf_new(); + buf_add(input, "longstanding bugs", 17); + buf_move_all(output, input); + buf_assert_ok(input); + buf_assert_ok(output); + s = buf_extract(output, NULL); + tt_str_op(s, OP_EQ, "longstanding bugs"); + buf_free(output); + buf_free(input); + tor_free(s); + + /* Move from nonempty to nonempty. */ + output = buf_new(); + input = buf_new(); + buf_add(output, "the start of", 12); + buf_add(input, " a string", 9); + buf_move_all(output, input); + buf_assert_ok(input); + buf_assert_ok(output); + s = buf_extract(output, NULL); + tt_str_op(s, OP_EQ, "the start of a string"); + + done: + buf_free(output); + buf_free(input); + tor_free(s); +} + +static void test_buffer_copy(void *arg) { buf_t *buf=NULL, *buf2=NULL; @@ -799,6 +862,7 @@ struct testcase_t buffer_tests[] = { { "basic", test_buffers_basic, TT_FORK, NULL, NULL }, { "copy", test_buffer_copy, TT_FORK, NULL, NULL }, { "pullup", test_buffer_pullup, TT_FORK, NULL, NULL }, + { "move_all", test_buffers_move_all, 0, NULL, NULL }, { "startswith", test_buffer_peek_startswith, 0, NULL, NULL }, { "allocation_tracking", test_buffer_allocation_tracking, TT_FORK, NULL, NULL }, diff --git a/src/test/test_channel.c b/src/test/test_channel.c index e55b9b0750..afb7db813c 100644 --- a/src/test/test_channel.c +++ b/src/test/test_channel.c @@ -46,7 +46,6 @@ static int dump_statistics_mock_matches = 0; static int test_close_called = 0; static int test_chan_should_be_canonical = 0; static int test_chan_should_match_target = 0; -static int test_chan_canonical_should_be_reliable = 0; static int test_chan_listener_close_fn_called = 0; static int test_chan_listener_fn_called = 0; @@ -357,14 +356,10 @@ scheduler_release_channel_mock(channel_t *ch) } static int -test_chan_is_canonical(channel_t *chan, int req) +test_chan_is_canonical(channel_t *chan) { tor_assert(chan); - if (req && test_chan_canonical_should_be_reliable) { - return 1; - } - if (test_chan_should_be_canonical) { return 1; } @@ -1381,6 +1376,9 @@ test_channel_for_extend(void *arg) /* Make it older than chan1. */ chan2->timestamp_created = chan1->timestamp_created - 1; + /* Say it's all canonical. */ + test_chan_should_be_canonical = 1; + /* Set channel identities and add it to the channel map. The last one to be * added is made the first one in the list so the lookup will always return * that one first. */ @@ -1475,8 +1473,8 @@ test_channel_for_extend(void *arg) chan2->is_bad_for_new_circs = 0; /* Non canonical channels. */ + test_chan_should_be_canonical = 0; test_chan_should_match_target = 0; - test_chan_canonical_should_be_reliable = 1; ret_chan = channel_get_for_extend(digest, &ed_id, &addr, &msg, &launch); tt_assert(!ret_chan); tt_str_op(msg, OP_EQ, "Connections all too old, or too non-canonical. " @@ -1567,4 +1565,3 @@ struct testcase_t channel_tests[] = { NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_config.c b/src/test/test_config.c index 855725411a..d648666f6e 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -4861,6 +4861,71 @@ test_config_parse_port_config__ports__server_options(void *data) } static void +test_config_get_first_advertised(void *data) +{ + (void)data; + int r, w=0, n=0; + char *msg=NULL; + or_options_t *opts = options_new(); + int port; + const tor_addr_t *addr; + + // no ports are configured? We get NULL. + port = get_first_advertised_port_by_type_af(CONN_TYPE_OR_LISTENER, + AF_INET); + tt_int_op(port, OP_EQ, 0); + addr = get_first_advertised_addr_by_type_af(CONN_TYPE_OR_LISTENER, + AF_INET); + tt_ptr_op(addr, OP_EQ, NULL); + + port = get_first_advertised_port_by_type_af(CONN_TYPE_OR_LISTENER, + AF_INET6); + tt_int_op(port, OP_EQ, 0); + addr = get_first_advertised_addr_by_type_af(CONN_TYPE_OR_LISTENER, + AF_INET6); + tt_ptr_op(addr, OP_EQ, NULL); + + config_line_append(&opts->ORPort_lines, "ORPort", "[1234::5678]:8080"); + config_line_append(&opts->ORPort_lines, "ORPort", + "1.2.3.4:9999 noadvertise"); + config_line_append(&opts->ORPort_lines, "ORPort", + "5.6.7.8:9911 nolisten"); + + r = parse_ports(opts, 0, &msg, &n, &w); + tt_assert(r == 0); + + // UNSPEC gets us nothing. + port = get_first_advertised_port_by_type_af(CONN_TYPE_OR_LISTENER, + AF_UNSPEC); + tt_int_op(port, OP_EQ, 0); + addr = get_first_advertised_addr_by_type_af(CONN_TYPE_OR_LISTENER, + AF_UNSPEC); + tt_ptr_op(addr, OP_EQ, NULL); + + // Try AF_INET. + port = get_first_advertised_port_by_type_af(CONN_TYPE_OR_LISTENER, + AF_INET); + tt_int_op(port, OP_EQ, 9911); + addr = get_first_advertised_addr_by_type_af(CONN_TYPE_OR_LISTENER, + AF_INET); + tt_ptr_op(addr, OP_NE, NULL); + tt_str_op(fmt_addrport(addr,port), OP_EQ, "5.6.7.8:9911"); + + // Try AF_INET6 + port = get_first_advertised_port_by_type_af(CONN_TYPE_OR_LISTENER, + AF_INET6); + tt_int_op(port, OP_EQ, 8080); + addr = get_first_advertised_addr_by_type_af(CONN_TYPE_OR_LISTENER, + AF_INET6); + tt_ptr_op(addr, OP_NE, NULL); + tt_str_op(fmt_addrport(addr,port), OP_EQ, "[1234::5678]:8080"); + + done: + or_options_free(opts); + config_free_all(); +} + +static void test_config_parse_log_severity(void *data) { int ret; @@ -5920,6 +5985,7 @@ struct testcase_t config_tests[] = { CONFIG_TEST(parse_port_config__ports__no_ports_given, 0), CONFIG_TEST(parse_port_config__ports__server_options, 0), CONFIG_TEST(parse_port_config__ports__ports_given, 0), + CONFIG_TEST(get_first_advertised, TT_FORK), CONFIG_TEST(parse_log_severity, 0), CONFIG_TEST(include_limit, 0), CONFIG_TEST(include_does_not_exist, 0), diff --git a/src/test/test_connection.c b/src/test/test_connection.c index ebe7c6d36f..6f716f5758 100644 --- a/src/test/test_connection.c +++ b/src/test/test_connection.c @@ -592,7 +592,8 @@ test_conn_download_status(void *arg) connection_t *ap_conn = NULL; const struct testcase_t *tc = arg; - consensus_flavor_t usable_flavor = (consensus_flavor_t)tc->setup_data; + consensus_flavor_t usable_flavor = + networkstatus_parse_flavor_name((const char*) tc->setup_data); /* The "other flavor" trick only works if there are two flavors */ tor_assert(N_CONSENSUS_FLAVORS == 2); @@ -893,9 +894,9 @@ struct testcase_t connection_tests[] = { CONNECTION_TESTCASE(get_rend, TT_FORK, test_conn_get_rend_st), CONNECTION_TESTCASE(get_rsrc, TT_FORK, test_conn_get_rsrc_st), CONNECTION_TESTCASE_ARG(download_status, TT_FORK, - test_conn_download_status_st, FLAV_MICRODESC), + test_conn_download_status_st, "microdesc"), CONNECTION_TESTCASE_ARG(download_status, TT_FORK, - test_conn_download_status_st, FLAV_NS), + test_conn_download_status_st, "ns"), //CONNECTION_TESTCASE(func_suffix, TT_FORK, setup_func_pair), { "failed_orconn_tracker", test_failed_orconn_tracker, TT_FORK, NULL, NULL }, END_OF_TESTCASES diff --git a/src/test/test_hs_cache.c b/src/test/test_hs_cache.c index 9182829116..742fa349d9 100644 --- a/src/test/test_hs_cache.c +++ b/src/test/test_hs_cache.c @@ -443,9 +443,10 @@ test_hsdir_revision_counter_check(void *arg) static networkstatus_t mock_ns; static networkstatus_t * -mock_networkstatus_get_live_consensus(time_t now) +mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) { (void) now; + (void) flavor; return &mock_ns; } @@ -466,8 +467,8 @@ test_client_cache(void *arg) /* Initialize HSDir cache subsystem */ init_test(); - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); /* Set consensus time */ parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c index 2f2bb45581..53ee3c53d2 100644 --- a/src/test/test_hs_client.c +++ b/src/test/test_hs_client.c @@ -62,16 +62,18 @@ static networkstatus_t mock_ns; /* Always return NULL. */ static networkstatus_t * -mock_networkstatus_get_live_consensus_false(time_t now) +mock_networkstatus_get_reasonably_live_consensus_false(time_t now, int flavor) { (void) now; + (void) flavor; return NULL; } static networkstatus_t * -mock_networkstatus_get_live_consensus(time_t now) +mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) { (void) now; + (void) flavor; return &mock_ns; } @@ -340,8 +342,8 @@ test_client_pick_intro(void *arg) ed25519_keypair_t service_kp; hs_descriptor_t *desc = NULL; - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); (void) arg; @@ -565,15 +567,15 @@ test_descriptor_fetch(void *arg) get_options_mutable()->FetchHidServDescriptors = 1; /* 2. We don't have a live consensus. */ - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus_false); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus_false); ret = hs_client_refetch_hsdesc(&service_pk); - UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); tt_int_op(ret, OP_EQ, HS_CLIENT_FETCH_MISSING_INFO); /* From now on, return a live consensus. */ - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); /* 3. Not enough dir information. */ MOCK(router_have_minimum_dir_info, @@ -615,7 +617,7 @@ test_descriptor_fetch(void *arg) done: connection_free_minimal(ENTRY_TO_CONN(ec)); - UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); UNMOCK(router_have_minimum_dir_info); hs_free_all(); } @@ -808,8 +810,8 @@ test_desc_has_arrived_cleanup(void *arg) hs_init(); - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); MOCK(connection_mark_unattached_ap_, mock_connection_mark_unattached_ap_); MOCK(router_have_minimum_dir_info, @@ -880,7 +882,7 @@ test_desc_has_arrived_cleanup(void *arg) tor_free(desc_str); hs_free_all(); - UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); UNMOCK(connection_mark_unattached_ap_); UNMOCK(router_have_minimum_dir_info); } @@ -900,8 +902,8 @@ test_close_intro_circuits_new_desc(void *arg) /* This is needed because of the client cache expiration timestamp is based * on having a consensus. See cached_client_descriptor_has_expired(). */ - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); /* Set consensus time */ parse_rfc1123_time("Sat, 26 Oct 1985 13:00:00 UTC", @@ -968,7 +970,7 @@ test_close_intro_circuits_new_desc(void *arg) tt_int_op(ret, OP_EQ, 0); tt_assert(encoded); - hs_cache_store_as_client(encoded, &service_kp.pubkey); + ret = hs_cache_store_as_client(encoded, &service_kp.pubkey); tt_int_op(ret, OP_EQ, 0); tor_free(encoded); tt_assert(hs_cache_lookup_as_client(&service_kp.pubkey)); @@ -983,7 +985,7 @@ test_close_intro_circuits_new_desc(void *arg) hs_descriptor_free(desc1); hs_descriptor_free(desc2); hs_free_all(); - UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); } struct testcase_t hs_client_tests[] = { diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c index 2aff179687..c6104301e1 100644 --- a/src/test/test_hs_common.c +++ b/src/test/test_hs_common.c @@ -359,9 +359,10 @@ mock_networkstatus_get_latest_consensus(void) } static networkstatus_t * -mock_networkstatus_get_live_consensus(time_t now) +mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) { (void) now; + (void) flavor; tt_assert(mock_ns); @@ -381,6 +382,8 @@ test_responsible_hsdirs(void *arg) MOCK(networkstatus_get_latest_consensus, mock_networkstatus_get_latest_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); ns = networkstatus_get_latest_consensus(); @@ -417,6 +420,8 @@ test_responsible_hsdirs(void *arg) smartlist_clear(ns->routerstatus_list); networkstatus_vote_free(mock_ns); cleanup_nodelist(); + + UNMOCK(networkstatus_get_reasonably_live_consensus); } static void @@ -466,6 +471,8 @@ test_desc_reupload_logic(void *arg) hs_init(); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); MOCK(router_have_minimum_dir_info, mock_router_have_minimum_dir_info); MOCK(get_or_state, @@ -877,9 +884,11 @@ static smartlist_t *service_responsible_hsdirs = NULL; static smartlist_t *client_responsible_hsdirs = NULL; static networkstatus_t * -mock_networkstatus_get_live_consensus_service(time_t now) +mock_networkstatus_get_reasonably_live_consensus_service(time_t now, + int flavor) { (void) now; + (void) flavor; if (mock_service_ns) { return mock_service_ns; @@ -895,13 +904,14 @@ mock_networkstatus_get_live_consensus_service(time_t now) static networkstatus_t * mock_networkstatus_get_latest_consensus_service(void) { - return mock_networkstatus_get_live_consensus_service(0); + return mock_networkstatus_get_reasonably_live_consensus_service(0, 0); } static networkstatus_t * -mock_networkstatus_get_live_consensus_client(time_t now) +mock_networkstatus_get_reasonably_live_consensus_client(time_t now, int flavor) { (void) now; + (void) flavor; if (mock_client_ns) { return mock_client_ns; @@ -917,7 +927,7 @@ mock_networkstatus_get_live_consensus_client(time_t now) static networkstatus_t * mock_networkstatus_get_latest_consensus_client(void) { - return mock_networkstatus_get_live_consensus_client(0); + return mock_networkstatus_get_reasonably_live_consensus_client(0, 0); } /* Mock function because we are not trying to test the close circuit that does @@ -1377,8 +1387,8 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario) * === Client setup === */ - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus_client); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus_client); MOCK(networkstatus_get_latest_consensus, mock_networkstatus_get_latest_consensus_client); @@ -1402,14 +1412,14 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario) tt_int_op(smartlist_len(client_responsible_hsdirs), OP_EQ, 6); UNMOCK(networkstatus_get_latest_consensus); - UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); /* * === Service setup === */ - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus_service); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus_service); MOCK(networkstatus_get_latest_consensus, mock_networkstatus_get_latest_consensus_service); @@ -1436,7 +1446,7 @@ run_reachability_scenario(const reachability_cfg_t *cfg, int num_scenario) tt_int_op(smartlist_len(service_responsible_hsdirs), OP_EQ, 8); UNMOCK(networkstatus_get_latest_consensus); - UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); /* Some testing of the values we just got from the client and service. */ tt_mem_op(&client_blinded_pk, OP_EQ, &service_blinded_pk, @@ -1687,8 +1697,8 @@ test_client_service_hsdir_set_sync(void *arg) MOCK(networkstatus_get_latest_consensus, mock_networkstatus_get_latest_consensus); - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); MOCK(get_or_state, get_or_state_replacement); MOCK(hs_desc_encode_descriptor, diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index 32b08ecf37..c60ab6c930 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -79,9 +79,10 @@ static networkstatus_t mock_ns; static networkstatus_t * -mock_networkstatus_get_live_consensus(time_t now) +mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) { (void) now; + (void) flavor; return &mock_ns; } @@ -1302,8 +1303,8 @@ test_rotate_descriptors(void *arg) hs_init(); MOCK(get_or_state, get_or_state_replacement); MOCK(circuit_mark_for_close_, mock_circuit_mark_for_close); - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); /* Descriptor rotation happens with a consensus with a new SRV. */ @@ -1387,7 +1388,7 @@ test_rotate_descriptors(void *arg) hs_free_all(); UNMOCK(get_or_state); UNMOCK(circuit_mark_for_close_); - UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); } /** Test building descriptors: picking intro points, setting up their link @@ -1408,8 +1409,8 @@ test_build_update_descriptors(void *arg) MOCK(get_or_state, get_or_state_replacement); - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); dummy_state = tor_malloc_zero(sizeof(or_state_t)); @@ -1633,8 +1634,8 @@ test_build_descriptors(void *arg) MOCK(get_or_state, get_or_state_replacement); - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); dummy_state = tor_malloc_zero(sizeof(or_state_t)); @@ -1714,8 +1715,8 @@ test_upload_descriptors(void *arg) hs_init(); MOCK(get_or_state, get_or_state_replacement); - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); dummy_state = tor_malloc_zero(sizeof(or_state_t)); diff --git a/src/test/test_protover.c b/src/test/test_protover.c index 63c508bd13..b4689045cf 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -25,7 +25,7 @@ test_protover_parse(void *arg) #else char *re_encoded = NULL; - const char *orig = "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900"; + const char *orig = "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16"; smartlist_t *elts = parse_protocol_list(orig); tt_assert(elts); @@ -61,7 +61,7 @@ test_protover_parse(void *arg) e = smartlist_get(elts, 3); tt_str_op(e->name, OP_EQ, "Quux"); - tt_int_op(smartlist_len(e->ranges), OP_EQ, 4); + tt_int_op(smartlist_len(e->ranges), OP_EQ, 3); { r = smartlist_get(e->ranges, 0); tt_int_op(r->low, OP_EQ, 9); @@ -74,10 +74,6 @@ test_protover_parse(void *arg) r = smartlist_get(e->ranges, 2); tt_int_op(r->low, OP_EQ, 15); tt_int_op(r->high, OP_EQ, 16); - - r = smartlist_get(e->ranges, 3); - tt_int_op(r->low, OP_EQ, 900); - tt_int_op(r->high, OP_EQ, 900); } re_encoded = encode_protocol_list(elts); @@ -149,14 +145,14 @@ test_protover_vote(void *arg) tt_str_op(result, OP_EQ, ""); tor_free(result); - smartlist_add(lst, (void*) "Foo=1-10,500 Bar=1,3-7,8"); + smartlist_add(lst, (void*) "Foo=1-10,63 Bar=1,3-7,8"); result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Bar=1,3-8 Foo=1-10,500"); + tt_str_op(result, OP_EQ, "Bar=1,3-8 Foo=1-10,63"); tor_free(result); - smartlist_add(lst, (void*) "Quux=123-456,78 Bar=2-6,8 Foo=9"); + smartlist_add(lst, (void*) "Quux=12-45 Bar=2-6,8 Foo=9"); result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Bar=1-8 Foo=1-10,500 Quux=78,123-456"); + tt_str_op(result, OP_EQ, "Bar=1-8 Foo=1-10,63 Quux=12-45"); tor_free(result); result = protover_compute_vote(lst, 2); @@ -194,45 +190,16 @@ test_protover_vote(void *arg) /* Just below the threshold: Rust */ smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=1-500"); + smartlist_add(lst, (void*) "Sleen=1-50"); result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Sleen=1-500"); + tt_str_op(result, OP_EQ, "Sleen=1-50"); tor_free(result); /* Just below the threshold: C */ smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=1-65536"); - result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Sleen=1-65536"); - tor_free(result); - - /* Large protover lists that exceed the threshold */ - - /* By adding two votes, C allows us to exceed the limit */ - smartlist_add(lst, (void*) "Sleen=1-65536"); - smartlist_add(lst, (void*) "Sleen=100000"); - result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Sleen=1-65536,100000"); - tor_free(result); - - /* Large integers */ - smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=4294967294"); + smartlist_add(lst, (void*) "Sleen=1-63"); result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, "Sleen=4294967294"); - tor_free(result); - - /* This parses, but fails at the vote stage */ - smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=4294967295"); - result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, ""); - tor_free(result); - - smartlist_clear(lst); - smartlist_add(lst, (void*) "Sleen=4294967296"); - result = protover_compute_vote(lst, 1); - tt_str_op(result, OP_EQ, ""); + tt_str_op(result, OP_EQ, "Sleen=1-63"); tor_free(result); /* Protocol name too long */ @@ -272,8 +239,8 @@ test_protover_all_supported(void *arg) tt_assert(! protover_all_supported("Wombat=9", &msg)); tt_str_op(msg, OP_EQ, "Wombat=9"); tor_free(msg); - tt_assert(! protover_all_supported("Link=999", &msg)); - tt_str_op(msg, OP_EQ, "Link=999"); + tt_assert(! protover_all_supported("Link=60", &msg)); + tt_str_op(msg, OP_EQ, "Link=60"); tor_free(msg); // Mix of things we support and things we don't @@ -283,11 +250,11 @@ test_protover_all_supported(void *arg) /* Mix of things we support and don't support within a single protocol * which we do support */ - tt_assert(! protover_all_supported("Link=3-999", &msg)); - tt_str_op(msg, OP_EQ, "Link=6-999"); + tt_assert(! protover_all_supported("Link=3-60", &msg)); + tt_str_op(msg, OP_EQ, "Link=6-60"); tor_free(msg); - tt_assert(! protover_all_supported("Link=1-3,345-666", &msg)); - tt_str_op(msg, OP_EQ, "Link=345-666"); + tt_assert(! protover_all_supported("Link=1-3,50-63", &msg)); + tt_str_op(msg, OP_EQ, "Link=50-63"); tor_free(msg); tt_assert(! protover_all_supported("Link=1-3,5-12", &msg)); tt_str_op(msg, OP_EQ, "Link=6-12"); @@ -295,18 +262,8 @@ test_protover_all_supported(void *arg) /* Mix of protocols we do support and some we don't, where the protocols * we do support have some versions we don't support. */ - tt_assert(! protover_all_supported("Link=1-3,5-12 Quokka=9000-9001", &msg)); - tt_str_op(msg, OP_EQ, "Link=6-12 Quokka=9000-9001"); - tor_free(msg); - - /* We shouldn't be able to DoS ourselves parsing a large range. */ - tt_assert(! protover_all_supported("Sleen=1-2147483648", &msg)); - tt_str_op(msg, OP_EQ, "Sleen=1-2147483648"); - tor_free(msg); - - /* This case is allowed. */ - tt_assert(! protover_all_supported("Sleen=1-4294967294", &msg)); - tt_str_op(msg, OP_EQ, "Sleen=1-4294967294"); + tt_assert(! protover_all_supported("Link=1-3,5-12 Quokka=40-41", &msg)); + tt_str_op(msg, OP_EQ, "Link=6-12 Quokka=40-41"); tor_free(msg); /* If we get a (barely) valid (but unsupported list, we say "yes, that's @@ -566,9 +523,9 @@ test_protover_vote_roundtrip(void *args) /* Will fail because of 4294967295. */ { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967295", NULL }, - { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,900 Zn=1,4294967294", - "Bar=3 Foo=1,3 Quux=9-12,14-16,900 Zn=1,4294967294" }, - { "Zu16=1,65536", "Zu16=1,65536" }, + { "Foo=1,3 Bar=3 Baz= Quux=9-12,14,15-16,50 Zn=1,42", + "Bar=3 Foo=1,3 Quux=9-12,14-16,50 Zn=1,42" }, + { "Zu16=1,63", "Zu16=1,63" }, { "N-1=1,2", "N-1=1-2" }, { "-1=4294967295", NULL }, { "-1=3", "-1=3" }, @@ -602,12 +559,8 @@ test_protover_vote_roundtrip(void *args) /* Large integers */ { "Link=4294967296", NULL }, /* Large range */ - { "Sleen=1-501", "Sleen=1-501" }, + { "Sleen=1-63", "Sleen=1-63" }, { "Sleen=1-65537", NULL }, - /* Both C/Rust implementations should be able to handle this mild DoS. */ - { "Sleen=1-2147483648", NULL }, - /* Rust tests are built in debug mode, so ints are bounds-checked. */ - { "Sleen=1-4294967295", NULL }, }; unsigned u; smartlist_t *votes = smartlist_new(); diff --git a/src/test/test_rendcache.c b/src/test/test_rendcache.c index 4f544cf21c..8b0e2df485 100644 --- a/src/test/test_rendcache.c +++ b/src/test/test_rendcache.c @@ -954,6 +954,7 @@ test_rend_cache_free_all(void *data) one->parsed = desc_one; desc_one->timestamp = time(NULL) + TIME_IN_THE_PAST; desc_one->pk = pk_generate(0); + rend_cache_increment_allocation(rend_cache_entry_allocation(one)); strmap_set_lc(rend_cache, "foo1", one); rend_cache_free_all(); @@ -978,11 +979,13 @@ test_rend_cache_entry_free(void *data) // Handles NULL descriptor correctly e = tor_malloc_zero(sizeof(rend_cache_entry_t)); + rend_cache_increment_allocation(rend_cache_entry_allocation(e)); rend_cache_entry_free(e); // Handles non-NULL descriptor correctly e = tor_malloc_zero(sizeof(rend_cache_entry_t)); e->desc = tor_malloc(10); + rend_cache_increment_allocation(rend_cache_entry_allocation(e)); rend_cache_entry_free(e); /* done: */ @@ -1101,6 +1104,7 @@ test_rend_cache_clean_v2_descs_as_dir(void *data) desc->timestamp = now; desc->pk = pk_generate(0); e->parsed = desc; + rend_cache_increment_allocation(rend_cache_entry_allocation(e)); digestmap_set(rend_cache_v2_dir, key, e); /* Set the cutoff to minus 10 seconds. */ @@ -1250,4 +1254,3 @@ struct testcase_t rend_cache_tests[] = { test_rend_cache_validate_intro_point_failure, 0, NULL, NULL }, END_OF_TESTCASES }; - diff --git a/src/test/test_router.c b/src/test/test_router.c index 601881a124..e0d3adfdbd 100644 --- a/src/test/test_router.c +++ b/src/test/test_router.c @@ -7,9 +7,12 @@ * \brief Unittests for code in router.c **/ +#define CONFIG_PRIVATE +#define CONNECTION_PRIVATE #include "core/or/or.h" #include "app/config/config.h" #include "core/mainloop/mainloop.h" +#include "core/mainloop/connection.h" #include "feature/hibernate/hibernate.h" #include "feature/nodelist/routerinfo_st.h" #include "feature/nodelist/routerlist.h" @@ -17,6 +20,9 @@ #include "feature/stats/rephist.h" #include "lib/crypt_ops/crypto_curve25519.h" #include "lib/crypt_ops/crypto_ed25519.h" +#include "lib/encoding/confline.h" + +#include "core/or/listener_connection_st.h" /* Test suite stuff */ #include "test/test.h" @@ -231,11 +237,124 @@ test_router_check_descriptor_bandwidth_changed(void *arg) UNMOCK(we_are_hibernating); } +static smartlist_t *fake_connection_array = NULL; +static smartlist_t * +mock_get_connection_array(void) +{ + return fake_connection_array; +} + +static void +test_router_get_advertised_or_port(void *arg) +{ + (void)arg; + int r, w=0, n=0; + char *msg=NULL; + or_options_t *opts = options_new(); + listener_connection_t *listener = NULL; + tor_addr_port_t ipv6; + + // Test one failing case of router_get_advertised_ipv6_or_ap(). + router_get_advertised_ipv6_or_ap(opts, &ipv6); + tt_str_op(fmt_addrport(&ipv6.addr, ipv6.port), OP_EQ, "[::]:0"); + + // And one failing case of router_get_advertised_or_port(). + tt_int_op(0, OP_EQ, router_get_advertised_or_port_by_af(opts, AF_INET)); + tt_int_op(0, OP_EQ, router_get_advertised_or_port(opts)); + + // Set up a couple of configured ports. + config_line_append(&opts->ORPort_lines, "ORPort", "[1234::5678]:auto"); + config_line_append(&opts->ORPort_lines, "ORPort", "5.6.7.8:9999"); + r = parse_ports(opts, 0, &msg, &n, &w); + tt_assert(r == 0); + + // There are no listeners, so the "auto" case will turn up no results. + tt_int_op(0, OP_EQ, router_get_advertised_or_port_by_af(opts, AF_INET6)); + router_get_advertised_ipv6_or_ap(opts, &ipv6); + tt_str_op(fmt_addrport(&ipv6.addr, ipv6.port), OP_EQ, "[::]:0"); + + // This will return the matching value from the configured port. + tt_int_op(9999, OP_EQ, router_get_advertised_or_port_by_af(opts, AF_INET)); + tt_int_op(9999, OP_EQ, router_get_advertised_or_port(opts)); + + // Now set up a dummy listener. + MOCK(get_connection_array, mock_get_connection_array); + fake_connection_array = smartlist_new(); + listener = listener_connection_new(CONN_TYPE_OR_LISTENER, AF_INET6); + TO_CONN(listener)->port = 54321; + smartlist_add(fake_connection_array, TO_CONN(listener)); + + // We should get a port this time. + tt_int_op(54321, OP_EQ, router_get_advertised_or_port_by_af(opts, AF_INET6)); + + // Test one succeeding case of router_get_advertised_ipv6_or_ap(). + router_get_advertised_ipv6_or_ap(opts, &ipv6); + tt_str_op(fmt_addrport(&ipv6.addr, ipv6.port), OP_EQ, + "[1234::5678]:54321"); + + // This will return the matching value from the configured port. + tt_int_op(9999, OP_EQ, router_get_advertised_or_port_by_af(opts, AF_INET)); + tt_int_op(9999, OP_EQ, router_get_advertised_or_port(opts)); + + done: + or_options_free(opts); + config_free_all(); + smartlist_free(fake_connection_array); + connection_free_minimal(TO_CONN(listener)); + UNMOCK(get_connection_array); +} + +static void +test_router_get_advertised_or_port_localhost(void *arg) +{ + (void)arg; + int r, w=0, n=0; + char *msg=NULL; + or_options_t *opts = options_new(); + tor_addr_port_t ipv6; + + // Set up a couple of configured ports on localhost. + config_line_append(&opts->ORPort_lines, "ORPort", "[::1]:9999"); + config_line_append(&opts->ORPort_lines, "ORPort", "127.0.0.1:8888"); + r = parse_ports(opts, 0, &msg, &n, &w); + tt_assert(r == 0); + + // We should refuse to advertise them, since we have default dirauths. + router_get_advertised_ipv6_or_ap(opts, &ipv6); + tt_str_op(fmt_addrport(&ipv6.addr, ipv6.port), OP_EQ, "[::]:0"); + // But the lower-level function should still report the correct value + tt_int_op(9999, OP_EQ, router_get_advertised_or_port_by_af(opts, AF_INET6)); + + // The IPv4 checks are done in resolve_my_address(), which doesn't use + // ORPorts so we can't test them here. (See #33681.) Both these lower-level + // functions should still report the correct value. + tt_int_op(8888, OP_EQ, router_get_advertised_or_port_by_af(opts, AF_INET)); + tt_int_op(8888, OP_EQ, router_get_advertised_or_port(opts)); + + // Now try with a fake authority set up. + config_line_append(&opts->DirAuthorities, "DirAuthority", + "127.0.0.1:1066 " + "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); + + tt_int_op(9999, OP_EQ, router_get_advertised_or_port_by_af(opts, AF_INET6)); + router_get_advertised_ipv6_or_ap(opts, &ipv6); + tt_str_op(fmt_addrport(&ipv6.addr, ipv6.port), OP_EQ, "[::1]:9999"); + + tt_int_op(8888, OP_EQ, router_get_advertised_or_port_by_af(opts, AF_INET)); + tt_int_op(8888, OP_EQ, router_get_advertised_or_port(opts)); + + done: + or_options_free(opts); + config_free_all(); +} + #define ROUTER_TEST(name, flags) \ { #name, test_router_ ## name, flags, NULL, NULL } struct testcase_t router_tests[] = { ROUTER_TEST(check_descriptor_bandwidth_changed, TT_FORK), ROUTER_TEST(dump_router_to_string_no_bridge_distribution_method, TT_FORK), + ROUTER_TEST(get_advertised_or_port, TT_FORK), + ROUTER_TEST(get_advertised_or_port_localhost, TT_FORK), END_OF_TESTCASES }; diff --git a/src/test/test_shared_random.c b/src/test/test_shared_random.c index b4fe6eef64..413dfbeb03 100644 --- a/src/test/test_shared_random.c +++ b/src/test/test_shared_random.c @@ -164,6 +164,15 @@ mock_networkstatus_get_live_consensus(time_t now) return &mock_consensus; } +/* Mock function to immediately return our local 'mock_consensus'. */ +static networkstatus_t * +mock_networkstatus_get_reasonably_live_consensus(time_t now, int flavor) +{ + (void) now; + (void) flavor; + return &mock_consensus; +} + static void test_get_state_valid_until_time(void *arg) { @@ -176,6 +185,8 @@ test_get_state_valid_until_time(void *arg) MOCK(networkstatus_get_live_consensus, mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", &mock_consensus.fresh_until); @@ -232,7 +243,7 @@ test_get_state_valid_until_time(void *arg) } done: - UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); } /** Test the function that calculates the start time of the current SRV @@ -248,6 +259,8 @@ test_get_start_time_of_current_run(void *arg) MOCK(networkstatus_get_live_consensus, mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", &mock_consensus.fresh_until); @@ -331,6 +344,7 @@ test_get_start_time_of_current_run(void *arg) /* Next test is testing it without a consensus to use the testing voting * interval . */ UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); /* Now let's alter the voting schedule and check the correctness of the * function. Voting interval of 10 seconds, means that an SRV protocol run @@ -362,8 +376,8 @@ test_get_start_time_functions(void *arg) (void) arg; int retval; - MOCK(networkstatus_get_live_consensus, - mock_networkstatus_get_live_consensus); + MOCK(networkstatus_get_reasonably_live_consensus, + mock_networkstatus_get_reasonably_live_consensus); retval = parse_rfc1123_time("Mon, 20 Apr 2015 01:00:00 UTC", &mock_consensus.fresh_until); @@ -384,7 +398,7 @@ test_get_start_time_functions(void *arg) start_time_of_protocol_run); done: - UNMOCK(networkstatus_get_live_consensus); + UNMOCK(networkstatus_get_reasonably_live_consensus); } static void diff --git a/src/test/test_tortls_openssl.c b/src/test/test_tortls_openssl.c index f039980a25..f4e3430dac 100644 --- a/src/test/test_tortls_openssl.c +++ b/src/test/test_tortls_openssl.c @@ -283,8 +283,7 @@ test_tortls_log_one_error(void *ignored) mock_clean_saved_logs(); tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL); - expect_log_msg("TLS error with 127.hello: " - "BN lib (in unknown library:(null):---)\n"); + expect_log_msg_containing("TLS error with 127.hello"); mock_clean_saved_logs(); tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), diff --git a/src/test/testing_common.c b/src/test/testing_common.c index 2c9c4538b9..daa7aa524a 100644 --- a/src/test/testing_common.c +++ b/src/test/testing_common.c @@ -278,6 +278,8 @@ main(int c, const char **v) control_initialize_event_queue(); configure_backtrace_handler(get_version()); + unsigned num=1, den=1; + for (i_out = i = 1; i < c; ++i) { if (!strcmp(v[i], "--warn")) { loglevel = LOG_WARN; @@ -289,6 +291,19 @@ main(int c, const char **v) loglevel = LOG_DEBUG; } else if (!strcmp(v[i], "--accel")) { accel_crypto = 1; + } else if (!strcmp(v[i], "--fraction")) { + if (i+1 == c) { + printf("--fraction needs an argument.\n"); + return 1; + } + const char *fracstr = v[++i]; + char ch; + if (sscanf(fracstr, "%u/%u%c", &num, &den, &ch) != 2) { + printf("--fraction expects a fraction as an input.\n"); + } + if (den == 0 || num == 0 || num > den) { + printf("--fraction expects a valid fraction as an input.\n"); + } } else { v[i_out++] = v[i]; } @@ -363,6 +378,33 @@ main(int c, const char **v) smartlist_free(skip); } + if (den != 1) { + // count the tests. Linear but fast. + unsigned n_tests = 0; + struct testgroup_t *tg; + struct testcase_t *tc; + for (tg = testgroups; tg->prefix != NULL; ++tg) { + for (tc = tg->cases; tc->name != NULL; ++tc) { + ++n_tests; + } + } + // Which tests should we run? This can give iffy results if den is huge + // but it doesn't actually matter in practice. + unsigned tests_per_chunk = CEIL_DIV(n_tests, den); + unsigned start_at = (num-1) * tests_per_chunk; + + // Skip the tests that are outside of the range. + unsigned idx = 0; + for (tg = testgroups; tg->prefix != NULL; ++tg) { + for (tc = tg->cases; tc->name != NULL; ++tc) { + if (idx < start_at || idx >= start_at + tests_per_chunk) { + tc->flags |= TT_SKIP; + } + ++idx; + } + } + } + int have_failed = (tinytest_main(c, v, testgroups) != 0); free_pregenerated_keys(); diff --git a/src/test/unittest_part1.sh b/src/test/unittest_part1.sh new file mode 100755 index 0000000000..5be0f499f9 --- /dev/null +++ b/src/test/unittest_part1.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"${abs_top_builddir:-.}/src/test/test" --fraction 1/8 diff --git a/src/test/unittest_part2.sh b/src/test/unittest_part2.sh new file mode 100755 index 0000000000..9a614eb8c1 --- /dev/null +++ b/src/test/unittest_part2.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"${abs_top_builddir:-.}/src/test/test" --fraction 2/8 diff --git a/src/test/unittest_part3.sh b/src/test/unittest_part3.sh new file mode 100755 index 0000000000..5cbc3fe495 --- /dev/null +++ b/src/test/unittest_part3.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"${abs_top_builddir:-.}/src/test/test" --fraction 3/8 diff --git a/src/test/unittest_part4.sh b/src/test/unittest_part4.sh new file mode 100755 index 0000000000..bc6fe01f68 --- /dev/null +++ b/src/test/unittest_part4.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"${abs_top_builddir:-.}/src/test/test" --fraction 4/8 diff --git a/src/test/unittest_part5.sh b/src/test/unittest_part5.sh new file mode 100755 index 0000000000..9bbff34fb8 --- /dev/null +++ b/src/test/unittest_part5.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"${abs_top_builddir:-.}/src/test/test" --fraction 5/8 diff --git a/src/test/unittest_part6.sh b/src/test/unittest_part6.sh new file mode 100755 index 0000000000..2d5eaa8a28 --- /dev/null +++ b/src/test/unittest_part6.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"${abs_top_builddir:-.}/src/test/test" --fraction 6/8 diff --git a/src/test/unittest_part7.sh b/src/test/unittest_part7.sh new file mode 100755 index 0000000000..5e6ce2aea5 --- /dev/null +++ b/src/test/unittest_part7.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"${abs_top_builddir:-.}/src/test/test" --fraction 7/8 diff --git a/src/test/unittest_part8.sh b/src/test/unittest_part8.sh new file mode 100755 index 0000000000..7fea9c9c7f --- /dev/null +++ b/src/test/unittest_part8.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +"${abs_top_builddir:-.}/src/test/test" --fraction 8/8 diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index ec7a5b2429..1c0ce18e73 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -218,7 +218,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.3.5.11-dev" +#define VERSION "0.3.5.13" |