diff options
| -rw-r--r-- | changes/bug40281 | 6 | ||||
| -rw-r--r-- | changes/ticket40208 | 6 | ||||
| -rw-r--r-- | changes/ticket40221_045 | 6 | ||||
| -rw-r--r-- | src/app/config/resolve_addr.c | 14 | ||||
| -rw-r--r-- | src/core/or/protover.c | 2 | ||||
| -rw-r--r-- | src/feature/nodelist/networkstatus.c | 9 | ||||
| -rw-r--r-- | src/feature/relay/router.c | 13 | ||||
| -rw-r--r-- | src/rust/protover/protover.rs | 4 | ||||
| -rw-r--r-- | src/test/test_config.c | 17 | ||||
| -rw-r--r-- | src/test/test_protover.c | 3 |
10 files changed, 67 insertions, 13 deletions
diff --git a/changes/bug40281 b/changes/bug40281 new file mode 100644 index 0000000000..0708039f04 --- /dev/null +++ b/changes/bug40281 @@ -0,0 +1,6 @@ + o Minor bugfixes (logging): + - Avoid a spurious log message about missing subprotocol versions, when + the consensus that we're reading from is older than the current + release. . Previously we had made this message nonfatal in this case, + but in practice, it is never relevant when the consensus is older than + the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. diff --git a/changes/ticket40208 b/changes/ticket40208 new file mode 100644 index 0000000000..5a3a1aa55e --- /dev/null +++ b/changes/ticket40208 @@ -0,0 +1,6 @@ + o Minor bugfixes (relay): + - Allow relays to have a RFC1918 address if PublishServerDescriptor is set + to 0 and AssumeReachable is set to 1. This is to support the use case of a + bridge on a local network that can be used by restricted users on that + network to reach the Tor network. Fixes bug 40208; bugfix on + 0.4.5.1-alpha. diff --git a/changes/ticket40221_045 b/changes/ticket40221_045 new file mode 100644 index 0000000000..0f3ab894c2 --- /dev/null +++ b/changes/ticket40221_045 @@ -0,0 +1,6 @@ + o Minor features (protocol versions): + - Stop claiming to support the "DirCache=1" subprotocol version. + Technically, we stopped supporting this subprotocol back in + 0.4.5.1-alpha, but we needed to wait for the authorities to stop + listing it as "required" before we can drop support. Closes ticket + 40221. diff --git a/src/app/config/resolve_addr.c b/src/app/config/resolve_addr.c index 080cb967bc..86db6ba680 100644 --- a/src/app/config/resolve_addr.c +++ b/src/app/config/resolve_addr.c @@ -193,7 +193,19 @@ address_can_be_used(const tor_addr_t *addr, const or_options_t *options, goto allow; } - /* We have a private IP address. It is allowed only if we set custom + /* We allow internal addresses to be used if the PublishServerDescriptor is + * unset and AssumeReachable (or for IPv6) is set. + * + * This is to cover the case where a relay/bridge might be run behind a + * firewall on a local network to users can reach the network through it + * using Tor Browser for instance. */ + if (options->PublishServerDescriptor_ == NO_DIRINFO && + (options->AssumeReachable || + (tor_addr_family(addr) == AF_INET6 && options->AssumeReachableIPv6))) { + goto allow; + } + + /* We have a private IP address. This is also allowed if we set custom * directory authorities. */ if (using_default_dir_authorities(options)) { log_fn(warn_severity, LD_CONFIG, diff --git a/src/core/or/protover.c b/src/core/or/protover.c index 5a87ade3da..aa96cafff9 100644 --- a/src/core/or/protover.c +++ b/src/core/or/protover.c @@ -398,7 +398,7 @@ protover_get_supported_protocols(void) return "Cons=1-2 " "Desc=1-2 " - "DirCache=1-2 " + "DirCache=2 " "FlowCtrl=1 " "HSDir=1-2 " "HSIntro=3-5 " diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c index ece3c9e059..80940e6092 100644 --- a/src/feature/nodelist/networkstatus.c +++ b/src/feature/nodelist/networkstatus.c @@ -2723,6 +2723,13 @@ networkstatus_check_required_protocols(const networkstatus_t *ns, const bool consensus_postdates_this_release = ns->valid_after >= tor_get_approx_release_date(); + if (! consensus_postdates_this_release) { + // We can't meaningfully warn about this case: This consensus is from + // before we were released, so whatever is says about required or + // recommended versions may no longer be true. + return 0; + } + tor_assert(warning_out); if (client_mode) { @@ -2740,7 +2747,7 @@ networkstatus_check_required_protocols(const networkstatus_t *ns, "%s on the Tor network. The missing protocols are: %s", func, missing); tor_free(missing); - return consensus_postdates_this_release ? 1 : 0; + return 1; } if (! protover_all_supported(recommended, &missing)) { diff --git a/src/feature/relay/router.c b/src/feature/relay/router.c index 0be3eec1dd..2696b8633b 100644 --- a/src/feature/relay/router.c +++ b/src/feature/relay/router.c @@ -2101,8 +2101,7 @@ router_build_fresh_unsigned_routerinfo,(routerinfo_t **ri_out)) ri->ipv4_dirport = routerconf_find_dir_port(options, 0); /* Optionally check for an IPv6. We still publish without one. */ - if (!omit_ipv6_on_publish && - relay_find_addr_to_publish(options, AF_INET6, RELAY_FIND_ADDR_NO_FLAG, + if (relay_find_addr_to_publish(options, AF_INET6, RELAY_FIND_ADDR_NO_FLAG, &ri->ipv6_addr)) { ri->ipv6_orport = routerconf_find_or_port(options, AF_INET6); router_check_descriptor_address_consistency(&ri->ipv6_addr); @@ -2678,9 +2677,13 @@ check_descriptor_ipaddress_changed(time_t now) /* Attempt to discovery the publishable address for the family which will * actively attempt to discover the address if we are configured with a - * port for the family. */ - relay_find_addr_to_publish(get_options(), family, RELAY_FIND_ADDR_NO_FLAG, - ¤t); + * port for the family. + * + * It is OK to ignore the returned value here since in the failure case, + * that is the address was not found, the current value is set to UNSPEC. + * Add this (void) so Coverity is happy. */ + (void) relay_find_addr_to_publish(get_options(), family, + RELAY_FIND_ADDR_NO_FLAG, ¤t); /* The "current" address might be UNSPEC meaning it was not discovered nor * found in our current cache. If we had an address before and we have diff --git a/src/rust/protover/protover.rs b/src/rust/protover/protover.rs index 0060864a2e..da87509ffa 100644 --- a/src/rust/protover/protover.rs +++ b/src/rust/protover/protover.rs @@ -160,7 +160,7 @@ pub(crate) fn get_supported_protocols_cstr() -> &'static CStr { cstr!( "Cons=1-2 \ Desc=1-2 \ - DirCache=1-2 \ + DirCache=2 \ FlowCtrl=1 \ HSDir=1-2 \ HSIntro=3-5 \ @@ -175,7 +175,7 @@ pub(crate) fn get_supported_protocols_cstr() -> &'static CStr { cstr!( "Cons=1-2 \ Desc=1-2 \ - DirCache=1-2 \ + DirCache=2 \ FlowCtrl=1 \ HSDir=1-2 \ HSIntro=3-5 \ diff --git a/src/test/test_config.c b/src/test/test_config.c index cd7a54b97a..73c8ca0549 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -1460,6 +1460,7 @@ test_config_find_my_address(void *arg) options = options_new(); options_init(options); + options->PublishServerDescriptor_ = V3_DIRINFO; /* * Case 0: @@ -1782,6 +1783,22 @@ test_config_find_my_address(void *arg) VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_INTERFACE, NULL); CLEANUP_FOUND_ADDRESS; + /* + * Case 15: Address is a local address (internal) but we unset + * PublishServerDescriptor_ so we are allowed to hold it. + */ + options->PublishServerDescriptor_ = NO_DIRINFO; + if (p->family == AF_INET) { + options->AssumeReachable = 1; + } + config_line_append(&options->Address, "Address", p->internal_ip); + + tor_addr_parse(&test_addr, p->internal_ip); + retval = find_my_address(options, p->family, LOG_NOTICE, &resolved_addr, + &method_used, &hostname_out); + VALIDATE_FOUND_ADDRESS(true, RESOLVED_ADDR_CONFIGURED, NULL); + CLEANUP_FOUND_ADDRESS; + UNMOCK(get_interface_address6); UNMOCK(tor_gethostname); UNMOCK(tor_addr_lookup); diff --git a/src/test/test_protover.c b/src/test/test_protover.c index be3aeb5e40..dd65f4bbf5 100644 --- a/src/test/test_protover.c +++ b/src/test/test_protover.c @@ -469,9 +469,6 @@ test_protover_supported_protocols(void *arg) /* No DirCache versions appear anywhere in the code. */ tt_assert(protocol_list_supports_protocol(supported_protocols, PRT_DIRCACHE, - PROTOVER_DIRCACHE_V1)); - tt_assert(protocol_list_supports_protocol(supported_protocols, - PRT_DIRCACHE, PROTOVER_DIRCACHE_V2)); /* No Desc versions appear anywhere in the code. */ |