summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--changes/bug178576
-rw-r--r--changes/bug224464
-rw-r--r--changes/bug233479
-rw-r--r--changes/ticket210315
-rw-r--r--changes/ticket222155
-rw-r--r--changes/ticket222813
-rw-r--r--changes/ticket224374
-rw-r--r--doc/tor.1.txt36
-rw-r--r--src/common/timers.c26
-rw-r--r--src/common/timers.h4
-rw-r--r--src/or/bridges.c22
-rw-r--r--src/or/bridges.h2
-rw-r--r--src/or/channel.c25
-rw-r--r--src/or/channelpadding.c34
-rw-r--r--src/or/channelpadding.h5
-rw-r--r--src/or/circuitlist.c4
-rw-r--r--src/or/config.c62
-rw-r--r--src/or/connection_edge.c2
-rw-r--r--src/or/directory.c13
-rw-r--r--src/or/hs_circuitmap.c24
-rw-r--r--src/or/hs_client.c17
-rw-r--r--src/or/networkstatus.c63
-rw-r--r--src/or/networkstatus.h2
-rw-r--r--src/or/nodelist.c17
-rw-r--r--src/or/or.h6
-rw-r--r--src/or/relay.c6
-rw-r--r--src/or/router.c11
-rw-r--r--src/or/routerlist.c12
-rw-r--r--src/or/routerlist.h1
-rw-r--r--src/test/include.am9
-rw-r--r--src/test/test_channelpadding.c201
-rw-r--r--src/test/test_dir.c48
-rw-r--r--src/test/test_entrynodes.c2
-rw-r--r--src/test/test_hs_common.c15
-rw-r--r--src/test/test_nodelist.c4
-rw-r--r--src/test/test_options.c1
-rw-r--r--src/test/test_relaycell.c4
37 files changed, 509 insertions, 205 deletions
diff --git a/changes/bug17857 b/changes/bug17857
new file mode 100644
index 0000000000..6c88638231
--- /dev/null
+++ b/changes/bug17857
@@ -0,0 +1,6 @@
+ o Minor features (defensive programming):
+ - Create a pair of consensus parameters nf_pad_tor2web and
+ nf_pad_single_onion that allow us to disable netflow padding in the
+ consensus for non-anonymous connections, in case the overhead is high.
+ Closes #17857.
+
diff --git a/changes/bug22446 b/changes/bug22446
new file mode 100644
index 0000000000..eab65aac00
--- /dev/null
+++ b/changes/bug22446
@@ -0,0 +1,4 @@
+ o Minor features (code style, backport from 0.3.1.3-alpha):
+ - Add "Falls through" comments to our codebase, in order to silence
+ GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
+ Stieger. Closes ticket 22446.
diff --git a/changes/bug23347 b/changes/bug23347
new file mode 100644
index 0000000000..e73aa48f01
--- /dev/null
+++ b/changes/bug23347
@@ -0,0 +1,9 @@
+ o Minor fixes (bridge client bootstrap):
+ - Make bridge clients with no running bridges try to download
+ bridge descriptors immediately. But when bridge clients have
+ running bridges, make them wait at least 3 hours before
+ refreshing recently received bridge descriptors.
+ Download schedules used to start with an implicit 0, but the
+ fix for 17750 changed this undocumented behaviour, and made
+ bridge clients hang for 15 minutes before bootstrapping.
+ Fixes bug 23347, not in any released version of Tor.
diff --git a/changes/ticket21031 b/changes/ticket21031
new file mode 100644
index 0000000000..79ad5267b5
--- /dev/null
+++ b/changes/ticket21031
@@ -0,0 +1,5 @@
+ o Removed features:
+ - The ClientDNSRejectInternalAddresses flag can no longer be set on
+ non-testing networks. It has been deprecated since 0.2.9.2-alpha.
+ Closes ticket 21031.
+
diff --git a/changes/ticket22215 b/changes/ticket22215
new file mode 100644
index 0000000000..4abeaf2c53
--- /dev/null
+++ b/changes/ticket22215
@@ -0,0 +1,5 @@
+ o Code simplification and refactoring:
+ - Remove some of the code that once supported "Named" and "Unnamed"
+ routers. Authorities no longer vote for these flags. Closes ticket
+ 23478.
+
diff --git a/changes/ticket22281 b/changes/ticket22281
new file mode 100644
index 0000000000..95787580ff
--- /dev/null
+++ b/changes/ticket22281
@@ -0,0 +1,3 @@
+ o Minor features (bug detection):
+ - Log a warning message, with stack trace, for any attempt to call
+ get_options() during option validation. Closes ticket 22281.
diff --git a/changes/ticket22437 b/changes/ticket22437
new file mode 100644
index 0000000000..8e4c9630c8
--- /dev/null
+++ b/changes/ticket22437
@@ -0,0 +1,4 @@
+ o Testing:
+ - The default chutney network tests now include tests for the
+ v3 hidden service design. Make sure you have the latest
+ version of chutney if you want to run these. Closes ticket 22437.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index aec1767059..d49dd96336 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1408,12 +1408,6 @@ The following options are useful only for clients (that is, if
addresses/ports. See SocksPort for an explanation of isolation
flags. (Default: 0)
-[[ClientDNSRejectInternalAddresses]] **ClientDNSRejectInternalAddresses** **0**|**1**::
- If true, Tor does not believe any anonymously retrieved DNS answer that
- tells it that an address resolves to an internal address (like 127.0.0.1 or
- 192.168.0.1). This option prevents certain browser-based attacks; don't
- turn it off unless you know what you're doing. (Default: 1)
-
[[ClientRejectInternalAddresses]] **ClientRejectInternalAddresses** **0**|**1**::
If true, Tor does not try to fulfill requests to connect to an internal
address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is
@@ -1582,8 +1576,8 @@ The following options are useful only for clients (that is, if
live consensus). Only used by clients fetching from a list of fallback
directory mirrors. This schedule is advanced by (potentially concurrent)
connection attempts, unlike other schedules, which are advanced by
- connection failures. (Default: 10, 11, 3600, 10800, 25200, 54000,
- 111600, 262800)
+ connection failures. (Default: 6, 11, 3600, 10800, 25200, 54000, 111600,
+ 262800)
[[ClientBootstrapConsensusFallbackDownloadSchedule]] **ClientBootstrapConsensusFallbackDownloadSchedule** __N__,__N__,__...__::
Schedule for when clients should download consensuses from fallback
@@ -1613,7 +1607,7 @@ The following options are useful only for clients (that is, if
[[ClientBootstrapConsensusMaxInProgressTries]] **ClientBootstrapConsensusMaxInProgressTries** __NUM__::
Try this many simultaneous connections to download a consensus before
- waiting for one to complete, timeout, or error out. (Default: 4)
+ waiting for one to complete, timeout, or error out. (Default: 3)
SERVER OPTIONS
--------------
@@ -2468,7 +2462,7 @@ The following options are used for running a testing Tor network.
4 (for 40 seconds), 8, 16, 32, 60
ClientBootstrapConsensusMaxDownloadTries 80
ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80
- ClientDNSRejectInternalAddresses 0
+ TestingClientDNSRejectInternalAddresses 0
ClientRejectInternalAddresses 0
CountPrivateBandwidth 1
ExitPolicyRejectPrivate 0
@@ -2486,7 +2480,8 @@ The following options are used for running a testing Tor network.
TestingClientDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60
TestingServerConsensusDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60
TestingClientConsensusDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60
- TestingBridgeDownloadSchedule 60, 30, 30, 60
+ TestingBridgeDownloadSchedule 10, 30, 60
+ TestingBridgeBootstrapDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60
TestingClientMaxIntervalWithoutRequest 5 seconds
TestingDirConnectionMaxStall 30 seconds
TestingConsensusMaxDownloadTries 80
@@ -2551,8 +2546,16 @@ The following options are used for running a testing Tor network.
1800, 3600, 3600, 3600, 10800, 21600, 43200)
[[TestingBridgeDownloadSchedule]] **TestingBridgeDownloadSchedule** __N__,__N__,__...__::
- Schedule for when clients should download bridge descriptors. Changing this
- requires that **TestingTorNetwork** is set. (Default: 3600, 900, 900, 3600)
+ Schedule for when clients should download each bridge descriptor when they
+ know that one or more of their configured bridges are running. Changing
+ this requires that **TestingTorNetwork** is set. (Default: 10800, 25200,
+ 54000, 111600, 262800)
+
+[[TestingBridgeBootstrapDownloadSchedule]] **TestingBridgeBootstrapDownloadSchedule** __N__,__N__,__...__::
+ Schedule for when clients should download each bridge descriptor when they
+ have just started, or when they can not contact any of their bridges.
+ Changing this requires that **TestingTorNetwork** is set. (Default: 0, 30,
+ 90, 600, 3600, 10800, 25200, 54000, 111600, 262800)
[[TestingClientMaxIntervalWithoutRequest]] **TestingClientMaxIntervalWithoutRequest** __N__ **seconds**|**minutes**::
When directory clients have only a few descriptors to request, they batch
@@ -2670,6 +2673,13 @@ The following options are used for running a testing Tor network.
we replace it and issue a new key?
(Default: 3 hours for link and auth; 1 day for signing.)
+[[ClientDNSRejectInternalAddresses]] [[TestingClientDNSRejectInternalAddresses]] **TestingClientDNSRejectInternalAddresses** **0**|**1**::
+ If true, Tor does not believe any anonymously retrieved DNS answer that
+ tells it that an address resolves to an internal address (like 127.0.0.1 or
+ 192.168.0.1). This option prevents certain browser-based attacks; don't
+ turn it off unless you know what you're doing. (Default: 1)
+
+
NON-PERSISTENT OPTIONS
----------------------
diff --git a/src/common/timers.c b/src/common/timers.c
index 6f4a6c30f0..c43c49c083 100644
--- a/src/common/timers.c
+++ b/src/common/timers.c
@@ -29,6 +29,8 @@
#include "orconfig.h"
+#define TOR_TIMERS_PRIVATE
+
#include "compat.h"
#include "compat_libevent.h"
#include "timers.h"
@@ -148,6 +150,21 @@ libevent_timer_reschedule(void)
event_add(global_timer_event, &d);
}
+/** Run the callback of every timer that has expired, based on the current
+ * output of monotime_get(). */
+STATIC void
+timers_run_pending(void)
+{
+ monotime_t now;
+ monotime_get(&now);
+ timer_advance_to_cur_time(&now);
+
+ tor_timer_t *t;
+ while ((t = timeouts_get(global_timeouts))) {
+ t->callback.cb(t, t->callback.arg, &now);
+ }
+}
+
/**
* Invoked when the libevent timer has expired: see which tor_timer_t events
* have fired, activate their callbacks, and reschedule the libevent timer.
@@ -159,14 +176,7 @@ libevent_timer_callback(evutil_socket_t fd, short what, void *arg)
(void)what;
(void)arg;
- monotime_t now;
- monotime_get(&now);
- timer_advance_to_cur_time(&now);
-
- tor_timer_t *t;
- while ((t = timeouts_get(global_timeouts))) {
- t->callback.cb(t, t->callback.arg, &now);
- }
+ timers_run_pending();
libevent_timer_reschedule();
}
diff --git a/src/common/timers.h b/src/common/timers.h
index e816630e6d..d9602cd2ae 100644
--- a/src/common/timers.h
+++ b/src/common/timers.h
@@ -22,5 +22,9 @@ void timer_free(tor_timer_t *t);
void timers_initialize(void);
void timers_shutdown(void);
+#ifdef TOR_TIMERS_PRIVATE
+STATIC void timers_run_pending(void);
+#endif
+
#endif
diff --git a/src/or/bridges.c b/src/or/bridges.c
index 0818fb0812..461f86260f 100644
--- a/src/or/bridges.c
+++ b/src/or/bridges.c
@@ -454,6 +454,9 @@ bridge_add_from_config(bridge_line_t *bridge_line)
b->transport_name = bridge_line->transport_name;
b->fetch_status.schedule = DL_SCHED_BRIDGE;
b->fetch_status.backoff = DL_SCHED_RANDOM_EXPONENTIAL;
+ b->fetch_status.increment_on = DL_SCHED_INCREMENT_ATTEMPT;
+ /* This will fail if UseBridges is not set */
+ download_status_reset(&b->fetch_status);
b->socks_args = bridge_line->socks_args;
if (!bridge_list)
bridge_list = smartlist_new();
@@ -632,8 +635,13 @@ fetch_bridge_descriptors(const or_options_t *options, time_t now)
continue;
}
- /* schedule another fetch as if this one will fail, in case it does */
- download_status_failed(&bridge->fetch_status, 0);
+ /* schedule the next attempt
+ * we can't increment after a failure, because sometimes we use the
+ * bridge authority, and sometimes we use the bridge direct */
+ download_status_increment_attempt(
+ &bridge->fetch_status,
+ safe_str_client(fmt_and_decorate_addr(&bridge->addr)),
+ now);
can_use_bridge_authority = !tor_digest_is_zero(bridge->identity) &&
num_bridge_auths;
@@ -787,8 +795,12 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
if (bridge) { /* if we actually want to use this one */
node_t *node;
/* it's here; schedule its re-fetch for a long time from now. */
- if (!from_cache)
+ if (!from_cache) {
+ /* This schedules the re-fetch at a constant interval, which produces
+ * a pattern of bridge traffic. But it's better than trying all
+ * configured briges several times in the first few minutes. */
download_status_reset(&bridge->fetch_status);
+ }
node = node_get_mutable_by_id(ri->cache_info.identity_digest);
tor_assert(node);
@@ -820,8 +832,8 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
* We use this function to decide if we're ready to start building
* circuits through our bridges, or if we need to wait until the
* directory "server/authority" requests finish. */
-int
-any_bridge_descriptors_known(void)
+MOCK_IMPL(int,
+any_bridge_descriptors_known, (void))
{
tor_assert(get_options()->UseBridges);
diff --git a/src/or/bridges.h b/src/or/bridges.h
index 3bfc782f9a..19341818f4 100644
--- a/src/or/bridges.h
+++ b/src/or/bridges.h
@@ -45,7 +45,7 @@ void bridge_add_from_config(struct bridge_line_t *bridge_line);
void retry_bridge_descriptor_fetch_directly(const char *digest);
void fetch_bridge_descriptors(const or_options_t *options, time_t now);
void learned_bridge_descriptor(routerinfo_t *ri, int from_cache);
-int any_bridge_descriptors_known(void);
+MOCK_DECL(int, any_bridge_descriptors_known, (void));
const smartlist_t *get_socks_args_by_bridge_addrport(const tor_addr_t *addr,
uint16_t port);
diff --git a/src/or/channel.c b/src/or/channel.c
index 9f8a03683f..56eeccc2a7 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -65,6 +65,8 @@
#include "routerlist.h"
#include "scheduler.h"
#include "compat_time.h"
+#include "networkstatus.h"
+#include "rendservice.h"
/* Global lists of channels */
@@ -2731,12 +2733,25 @@ channel_do_open_actions(channel_t *chan)
/* Disable or reduce padding according to user prefs. */
if (chan->padding_enabled || get_options()->ConnectionPadding == 1) {
if (!get_options()->ConnectionPadding) {
+ /* Disable if torrc disabled */
channelpadding_disable_padding_on_channel(chan);
- }
-
- /* Padding can be forced and/or reduced by clients, regardless of if
- * the channel supports it */
- if (get_options()->ReducedConnectionPadding) {
+ } else if (get_options()->Tor2webMode &&
+ !networkstatus_get_param(NULL,
+ CHANNELPADDING_TOR2WEB_PARAM,
+ CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1)) {
+ /* Disable if we're using tor2web and the consensus disabled padding
+ * for tor2web */
+ channelpadding_disable_padding_on_channel(chan);
+ } else if (rend_service_allow_non_anonymous_connection(get_options()) &&
+ !networkstatus_get_param(NULL,
+ CHANNELPADDING_SOS_PARAM,
+ CHANNELPADDING_SOS_DEFAULT, 0, 1)) {
+ /* Disable if we're using RSOS and the consensus disabled padding
+ * for RSOS*/
+ channelpadding_disable_padding_on_channel(chan);
+ } else if (get_options()->ReducedConnectionPadding) {
+ /* Padding can be forced and/or reduced by clients, regardless of if
+ * the channel supports it */
channelpadding_reduce_padding_on_channel(chan);
}
}
diff --git a/src/or/channelpadding.c b/src/or/channelpadding.c
index bed2489837..ccaf5b4ec8 100644
--- a/src/or/channelpadding.c
+++ b/src/or/channelpadding.c
@@ -21,6 +21,7 @@
#include "router.h"
#include "compat_time.h"
#include <event2/event.h>
+#include "rendservice.h"
STATIC int channelpadding_get_netflow_inactive_timeout_ms(const channel_t *);
STATIC int channelpadding_send_disable_command(channel_t *);
@@ -46,6 +47,10 @@ static int consensus_nf_conntimeout_clients;
static int consensus_nf_pad_before_usage;
/** Should we pad relay-to-relay connections? */
static int consensus_nf_pad_relays;
+/** Should we pad tor2web connections? */
+static int consensus_nf_pad_tor2web;
+/** Should we pad rosos connections? */
+static int consensus_nf_pad_single_onion;
#define TOR_MSEC_PER_SEC 1000
#define TOR_USEC_PER_MSEC 1000
@@ -130,6 +135,16 @@ channelpadding_new_consensus_params(networkstatus_t *ns)
consensus_nf_pad_relays =
networkstatus_get_param(ns, "nf_pad_relays", 0, 0, 1);
+
+ consensus_nf_pad_tor2web =
+ networkstatus_get_param(ns,
+ CHANNELPADDING_TOR2WEB_PARAM,
+ CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1);
+
+ consensus_nf_pad_single_onion =
+ networkstatus_get_param(ns,
+ CHANNELPADDING_SOS_PARAM,
+ CHANNELPADDING_SOS_DEFAULT, 0, 1);
}
/**
@@ -717,6 +732,25 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
return CHANNELPADDING_WONTPAD;
}
+ if (options->Tor2webMode && !consensus_nf_pad_tor2web) {
+ /* If the consensus just changed values, this channel may still
+ * think padding is enabled. Negotiate it off. */
+ if (chan->padding_enabled)
+ channelpadding_disable_padding_on_channel(chan);
+
+ return CHANNELPADDING_WONTPAD;
+ }
+
+ if (rend_service_allow_non_anonymous_connection(options) &&
+ !consensus_nf_pad_single_onion) {
+ /* If the consensus just changed values, this channel may still
+ * think padding is enabled. Negotiate it off. */
+ if (chan->padding_enabled)
+ channelpadding_disable_padding_on_channel(chan);
+
+ return CHANNELPADDING_WONTPAD;
+ }
+
if (!chan->has_queued_writes(chan)) {
int is_client_channel = 0;
diff --git a/src/or/channelpadding.h b/src/or/channelpadding.h
index 2708ee9739..a227e27d5b 100644
--- a/src/or/channelpadding.h
+++ b/src/or/channelpadding.h
@@ -13,6 +13,11 @@
#include "channelpadding_negotiation.h"
+#define CHANNELPADDING_TOR2WEB_PARAM "nf_pad_tor2web"
+#define CHANNELPADDING_TOR2WEB_DEFAULT 1
+#define CHANNELPADDING_SOS_PARAM "nf_pad_single_onion"
+#define CHANNELPADDING_SOS_DEFAULT 1
+
typedef enum {
CHANNELPADDING_WONTPAD,
CHANNELPADDING_PADLATER,
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 774edc90b4..5cc6252325 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -1912,6 +1912,10 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, int line,
circuits_pending_close = smartlist_new();
smartlist_add(circuits_pending_close, circ);
+
+ log_info(LD_GENERAL, "Circuit %u marked for close at %s:%d (orig reason: "
+ "%u, new reason: %u)",
+ circ->n_circ_id, file, line, orig_reason, reason);
}
/** Called immediately before freeing a marked circuit <b>circ</b> from
diff --git a/src/or/config.c b/src/or/config.c
index c0072fe4ef..55c9531f4b 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -169,6 +169,8 @@ static config_abbrev_t option_abbrevs_[] = {
{ "BridgeAuthoritativeDirectory", "BridgeAuthoritativeDir", 0, 0},
{ "HashedControlPassword", "__HashedControlSessionPassword", 1, 0},
{ "VirtualAddrNetwork", "VirtualAddrNetworkIPv4", 0, 0},
+ { "ClientDNSRejectInternalAddresses",
+ "TestingClientDNSRejectInternalAddresses", 0, 1, },
{ NULL, NULL, 0, 0},
};
@@ -251,7 +253,7 @@ static config_var_t option_vars_[] = {
V(CircuitsAvailableTimeout, INTERVAL, "0"),
V(CircuitStreamTimeout, INTERVAL, "0"),
V(CircuitPriorityHalflife, DOUBLE, "-100.0"), /*negative:'Use default'*/
- V(ClientDNSRejectInternalAddresses, BOOL,"1"),
+ V(TestingClientDNSRejectInternalAddresses, BOOL,"1"),
V(ClientOnly, BOOL, "0"),
V(ClientPreferIPv6ORPort, AUTOBOOL, "auto"),
V(ClientPreferIPv6DirPort, AUTOBOOL, "auto"),
@@ -587,7 +589,16 @@ static config_var_t option_vars_[] = {
* blackholed. Clients will try 3 directories simultaneously.
* (Relays never use simultaneous connections.) */
V(ClientBootstrapConsensusMaxInProgressTries, UINT, "3"),
- V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "1200, 900, 900, 3600"),
+ /* When a client has any running bridges, check each bridge occasionally,
+ * whether or not that bridge is actually up. */
+ V(TestingBridgeDownloadSchedule, CSV_INTERVAL,
+ "10800, 25200, 54000, 111600, 262800"),
+ /* When a client is just starting, or has no running bridges, check each
+ * bridge a few times quickly, and then try again later. These schedules
+ * are much longer than the other schedules, because we try each and every
+ * configured bridge with this schedule. */
+ V(TestingBridgeBootstrapDownloadSchedule, CSV_INTERVAL,
+ "0, 30, 90, 600, 3600, 10800, 25200, 54000, 111600, 262800"),
V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "10 minutes"),
V(TestingDirConnectionMaxStall, INTERVAL, "5 minutes"),
V(TestingConsensusMaxDownloadTries, UINT, "8"),
@@ -626,7 +637,7 @@ static const config_var_t testing_tor_network_defaults[] = {
"0, 1, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 8, 16, 32, 60"),
V(ClientBootstrapConsensusMaxDownloadTries, UINT, "80"),
V(ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries, UINT, "80"),
- V(ClientDNSRejectInternalAddresses, BOOL,"0"), // deprecated in 0.2.9.2-alpha
+ V(TestingClientDNSRejectInternalAddresses, BOOL,"0"),
V(ClientRejectInternalAddresses, BOOL, "0"),
V(CountPrivateBandwidth, BOOL, "1"),
V(ExitPolicyRejectPrivate, BOOL, "0"),
@@ -649,7 +660,9 @@ static const config_var_t testing_tor_network_defaults[] = {
"15, 20, 30, 60"),
V(TestingClientConsensusDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
"15, 20, 30, 60"),
- V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "60, 30, 30, 60"),
+ V(TestingBridgeDownloadSchedule, CSV_INTERVAL, "10, 30, 60"),
+ V(TestingBridgeBootstrapDownloadSchedule, CSV_INTERVAL, "0, 0, 5, 10, "
+ "15, 20, 30, 60"),
V(TestingClientMaxIntervalWithoutRequest, INTERVAL, "5 seconds"),
V(TestingDirConnectionMaxStall, INTERVAL, "30 seconds"),
V(TestingConsensusMaxDownloadTries, UINT, "80"),
@@ -673,8 +686,6 @@ static const config_deprecation_t option_deprecation_notes_[] = {
/* Deprecated since 0.2.9.2-alpha... */
{ "AllowDotExit", "Unrestricted use of the .exit notation can be used for "
"a wide variety of application-level attacks." },
- { "ClientDNSRejectInternalAddresses", "Turning this on makes your client "
- "easier to fingerprint, and may open you to esoteric attacks." },
/* End of options deprecated since 0.2.9.2-alpha. */
/* Deprecated since 0.3.2.0-alpha. */
@@ -766,6 +777,9 @@ static int have_parsed_cmdline = 0;
static char *global_dirfrontpagecontents = NULL;
/** List of port_cfg_t for all configured ports. */
static smartlist_t *configured_ports = NULL;
+/** True iff we're currently validating options, and any calls to
+ * get_options() are likely to be bugs. */
+static int in_option_validation = 0;
/** Return the contents of our frontpage string, or NULL if not configured. */
MOCK_IMPL(const char*,
@@ -779,6 +793,7 @@ MOCK_IMPL(or_options_t *,
get_options_mutable, (void))
{
tor_assert(global_options);
+ tor_assert_nonfatal(! in_option_validation);
return global_options;
}
@@ -2308,24 +2323,36 @@ options_trial_assign(config_line_t *list, unsigned flags, char **msg)
return r;
}
- if (options_validate(get_options_mutable(), trial_options,
+ setopt_err_t rv;
+ or_options_t *cur_options = get_options_mutable();
+
+ in_option_validation = 1;
+
+ if (options_validate(cur_options, trial_options,
global_default_options, 1, msg) < 0) {
or_options_free(trial_options);
- return SETOPT_ERR_PARSE; /*XXX make this a separate return value. */
+ rv = SETOPT_ERR_PARSE; /*XXX make this a separate return value. */
+ goto done;
}
- if (options_transition_allowed(get_options(), trial_options, msg) < 0) {
+ if (options_transition_allowed(cur_options, trial_options, msg) < 0) {
or_options_free(trial_options);
- return SETOPT_ERR_TRANSITION;
+ rv = SETOPT_ERR_TRANSITION;
+ goto done;
}
+ in_option_validation = 0;
if (set_options(trial_options, msg)<0) {
or_options_free(trial_options);
- return SETOPT_ERR_SETTING;
+ rv = SETOPT_ERR_SETTING;
+ goto done;
}
/* we liked it. put it in place. */
- return SETOPT_OK;
+ rv = SETOPT_OK;
+ done:
+ in_option_validation = 0;
+ return rv;
}
/** Print a usage message for tor. */
@@ -2828,8 +2855,11 @@ static int
options_validate_cb(void *old_options, void *options, void *default_options,
int from_setconf, char **msg)
{
- return options_validate(old_options, options, default_options,
+ in_option_validation = 1;
+ int rv = options_validate(old_options, options, default_options,
from_setconf, msg);
+ in_option_validation = 0;
+ return rv;
}
#define REJECT(arg) \
@@ -4079,6 +4109,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
CHECK_DEFAULT(TestingServerConsensusDownloadSchedule);
CHECK_DEFAULT(TestingClientConsensusDownloadSchedule);
CHECK_DEFAULT(TestingBridgeDownloadSchedule);
+ CHECK_DEFAULT(TestingBridgeBootstrapDownloadSchedule);
CHECK_DEFAULT(TestingClientMaxIntervalWithoutRequest);
CHECK_DEFAULT(TestingDirConnectionMaxStall);
CHECK_DEFAULT(TestingConsensusMaxDownloadTries);
@@ -4090,6 +4121,7 @@ options_validate(or_options_t *old_options, or_options_t *options,
CHECK_DEFAULT(TestingSigningKeySlop);
CHECK_DEFAULT(TestingAuthKeySlop);
CHECK_DEFAULT(TestingLinkKeySlop);
+ CHECK_DEFAULT(TestingClientDNSRejectInternalAddresses);
#undef CHECK_DEFAULT
if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
@@ -5216,6 +5248,7 @@ options_init_from_string(const char *cf_defaults, const char *cf,
}
newoptions->IncludeUsed = cf_has_include;
+ in_option_validation = 1;
/* Validate newoptions */
if (options_validate(oldoptions, newoptions, newdefaultoptions,
@@ -5228,17 +5261,20 @@ options_init_from_string(const char *cf_defaults, const char *cf,
err = SETOPT_ERR_TRANSITION;
goto err;
}
+ in_option_validation = 0;
if (set_options(newoptions, msg)) {
err = SETOPT_ERR_SETTING;
goto err; /* frees and replaces old options */
}
+
or_options_free(global_default_options);
global_default_options = newdefaultoptions;
return SETOPT_OK;
err:
+ in_option_validation = 0;
or_options_free(newoptions);
or_options_free(newdefaultoptions);
if (*msg) {
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index c5bd39d172..dfa89bc2ce 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1344,7 +1344,7 @@ connection_ap_handshake_rewrite(entry_connection_t *conn,
/* Hang on, did we find an answer saying that this is a reverse lookup for
* an internal address? If so, we should reject it if we're configured to
* do so. */
- if (options->ClientDNSRejectInternalAddresses) {
+ if (options->TestingClientDNSRejectInternalAddresses) {
/* Don't let clients try to do a reverse lookup on 10.0.0.1. */
tor_addr_t addr;
int ok;
diff --git a/src/or/directory.c b/src/or/directory.c
index 007235d108..fed4277dec 100644
--- a/src/or/directory.c
+++ b/src/or/directory.c
@@ -5362,7 +5362,14 @@ find_dl_schedule(const download_status_t *dls, const or_options_t *options)
}
}
case DL_SCHED_BRIDGE:
- return options->TestingBridgeDownloadSchedule;
+ /* A bridge client downloading bridge descriptors */
+ if (any_bridge_descriptors_known()) {
+ /* A bridge client with one or more running bridges */
+ return options->TestingBridgeDownloadSchedule;
+ } else {
+ /* A bridge client with no running bridges */
+ return options->TestingBridgeBootstrapDownloadSchedule;
+ }
default:
tor_assert(0);
}
@@ -5683,8 +5690,8 @@ download_status_get_initial_delay_from_now(const download_status_t *dls)
* (We find the zeroth element of the download schedule, and set
* next_attempt_at to be the appropriate offset from 'now'. In most
* cases this means setting it to 'now', so the item will be immediately
- * downloadable; in the case of bridge descriptors, the zeroth element
- * is an hour from now.) */
+ * downloadable; when using authorities with fallbacks, there is a few seconds'
+ * delay.) */
void
download_status_reset(download_status_t *dls)
{
diff --git a/src/or/hs_circuitmap.c b/src/or/hs_circuitmap.c
index 09704d796c..63d5c1ba2e 100644
--- a/src/or/hs_circuitmap.c
+++ b/src/or/hs_circuitmap.c
@@ -407,9 +407,20 @@ hs_circuitmap_get_rend_circ_service_side(const uint8_t *cookie)
}
/* Public function: Return client-side rendezvous circuit with rendezvous
- * <b>cookie</b>. It will first lookup for the CIRCUIT_PURPOSE_C_REND_READY
- * purpose and then try for CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED and then
- * finally tries for CIRCUIT_PURPOSE_C_ESTABLISH_REND.
+ * <b>cookie</b>. It will look for circuits with the following purposes:
+
+ * a) CIRCUIT_PURPOSE_C_REND_READY: Established rend circuit (received
+ * RENDEZVOUS_ESTABLISHED). Waiting for RENDEZVOUS2 from service, and for
+ * INTRODUCE_ACK from intro point.
+ *
+ * b) CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED: Established rend circuit and
+ * introduce circuit acked. Waiting for RENDEZVOUS2 from service.
+ *
+ * c) CIRCUIT_PURPOSE_C_REND_JOINED: Established rend circuit and received
+ * RENDEZVOUS2 from service.
+ *
+ * d) CIRCUIT_PURPOSE_C_ESTABLISH_REND: Rend circuit open but not yet
+ * established.
*
* Return NULL if no such circuit is found in the circuitmap. */
origin_circuit_t *
@@ -433,6 +444,13 @@ hs_circuitmap_get_rend_circ_client_side(const uint8_t *cookie)
circ = hs_circuitmap_get_origin_circuit(HS_TOKEN_REND_CLIENT_SIDE,
REND_TOKEN_LEN, cookie,
+ CIRCUIT_PURPOSE_C_REND_JOINED);
+ if (circ) {
+ return circ;
+ }
+
+ circ = hs_circuitmap_get_origin_circuit(HS_TOKEN_REND_CLIENT_SIDE,
+ REND_TOKEN_LEN, cookie,
CIRCUIT_PURPOSE_C_ESTABLISH_REND);
return circ;
}
diff --git a/src/or/hs_client.c b/src/or/hs_client.c
index 2f8953ba78..620ef3a100 100644
--- a/src/or/hs_client.c
+++ b/src/or/hs_client.c
@@ -747,6 +747,14 @@ handle_introduce_ack_success(origin_circuit_t *intro_circ)
}
assert_circ_anonymity_ok(rend_circ, get_options());
+
+ /* It is possible to get a RENDEZVOUS2 cell before the INTRODUCE_ACK which
+ * means that the circuit will be joined and already transmitting data. In
+ * that case, simply skip the purpose change and close the intro circuit
+ * like it should be. */
+ if (TO_CIRCUIT(rend_circ)->purpose == CIRCUIT_PURPOSE_C_REND_JOINED) {
+ goto end;
+ }
circuit_change_purpose(TO_CIRCUIT(rend_circ),
CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED);
/* Set timestamp_dirty, because circuit_expire_building expects it to
@@ -944,7 +952,10 @@ hs_client_decode_descriptor(const char *desc_str,
ret = hs_desc_decode_descriptor(desc_str, subcredential, desc);
memwipe(subcredential, 0, sizeof(subcredential));
if (ret < 0) {
- log_warn(LD_GENERAL, "Could not parse received descriptor as client");
+ log_warn(LD_GENERAL, "Could not parse received descriptor as client.");
+ if (get_options()->SafeLogging_ == SAFELOG_SCRUB_NONE) {
+ log_warn(LD_GENERAL, "%s", escaped(desc_str));
+ }
goto err;
}
@@ -1007,8 +1018,8 @@ hs_client_refetch_hsdesc(const ed25519_public_key_t *identity_pk)
cached_desc = hs_cache_lookup_as_client(identity_pk);
if (cached_desc && hs_client_any_intro_points_usable(identity_pk,
cached_desc)) {
- log_warn(LD_GENERAL, "We would fetch a v3 hidden service descriptor "
- "but we already have a useable descriprot.");
+ log_info(LD_GENERAL, "We would fetch a v3 hidden service descriptor "
+ "but we already have a usable descriptor.");
return 0;
}
}
diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c
index 76e8fe792a..8b07a88853 100644
--- a/src/or/networkstatus.c
+++ b/src/or/networkstatus.c
@@ -66,12 +66,6 @@
#include "torcert.h"
#include "channelpadding.h"
-/** Map from lowercase nickname to identity digest of named server, if any. */
-static strmap_t *named_server_map = NULL;
-/** Map from lowercase nickname to (void*)1 for all names that are listed
- * as unnamed for some server in the consensus. */
-static strmap_t *unnamed_server_map = NULL;
-
/** Most recently received and validated v3 "ns"-flavored consensus network
* status. */
STATIC networkstatus_t *current_ns_consensus = NULL;
@@ -142,7 +136,6 @@ static int have_warned_about_old_version = 0;
* listed by the authorities. */
static int have_warned_about_new_version = 0;
-static void routerstatus_list_update_named_server_map(void);
static void update_consensus_bootstrap_multiple_downloads(
time_t now,
const or_options_t *options);
@@ -250,13 +243,6 @@ router_reload_consensus_networkstatus(void)
}
}
- if (!networkstatus_get_latest_consensus()) {
- if (!named_server_map)
- named_server_map = strmap_new();
- if (!unnamed_server_map)
- unnamed_server_map = strmap_new();
- }
-
update_certificate_downloads(time(NULL));
routers_update_all_from_networkstatus(time(NULL), 3);
@@ -794,26 +780,6 @@ router_get_consensus_status_by_id(const char *digest)
return router_get_mutable_consensus_status_by_id(digest);
}
-/** Return the identity digest that's mapped to officially by
- * <b>nickname</b>. */
-const char *
-networkstatus_get_router_digest_by_nickname(const char *nickname)
-{
- if (!named_server_map)
- return NULL;
- return strmap_get_lc(named_server_map, nickname);
-}
-
-/** Return true iff <b>nickname</b> is disallowed from being the nickname
- * of any server. */
-int
-networkstatus_nickname_is_unnamed(const char *nickname)
-{
- if (!unnamed_server_map)
- return 0;
- return strmap_get_lc(unnamed_server_map, nickname) != NULL;
-}
-
/** How frequently do directory authorities re-download fresh networkstatus
* documents? */
#define AUTHORITY_NS_CACHE_INTERVAL (10*60)
@@ -1970,7 +1936,6 @@ networkstatus_set_current_consensus(const char *consensus,
update_consensus_networkstatus_fetch_time(now);
dirvote_recalculate_timing(options, now);
- routerstatus_list_update_named_server_map();
/* Update ewma and adjust policy if needed; first cache the old value */
old_ewma_enabled = cell_ewma_enabled();
@@ -2139,31 +2104,6 @@ routers_update_all_from_networkstatus(time_t now, int dir_version)
}
}
-/** Update our view of the list of named servers from the most recently
- * retrieved networkstatus consensus. */
-static void
-routerstatus_list_update_named_server_map(void)
-{
- networkstatus_t *ns = networkstatus_get_latest_consensus();
- if (!ns)
- return;
-
- strmap_free(named_server_map, tor_free_);
- named_server_map = strmap_new();
- strmap_free(unnamed_server_map, NULL);
- unnamed_server_map = strmap_new();
- smartlist_t *rslist = ns->routerstatus_list;
- SMARTLIST_FOREACH_BEGIN(rslist, const routerstatus_t *, rs) {
- if (rs->is_named) {
- strmap_set_lc(named_server_map, rs->nickname,
- tor_memdup(rs->identity_digest, DIGEST_LEN));
- }
- if (rs->is_unnamed) {
- strmap_set_lc(unnamed_server_map, rs->nickname, (void*)1);
- }
- } SMARTLIST_FOREACH_END(rs);
-}
-
/** Given a list <b>routers</b> of routerinfo_t *, update each status field
* according to our current consensus networkstatus. May re-order
* <b>routers</b>. */
@@ -2649,8 +2589,5 @@ networkstatus_free_all(void)
}
tor_free(waiting->body);
}
-
- strmap_free(named_server_map, tor_free_);
- strmap_free(unnamed_server_map, NULL);
}
diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h
index 145be37d12..adaa108904 100644
--- a/src/or/networkstatus.h
+++ b/src/or/networkstatus.h
@@ -62,8 +62,6 @@ const routerstatus_t *router_get_consensus_status_by_descriptor_digest(
MOCK_DECL(routerstatus_t *,
router_get_mutable_consensus_status_by_descriptor_digest,
(networkstatus_t *consensus, const char *digest));
-const char *networkstatus_get_router_digest_by_nickname(const char *nickname);
-int networkstatus_nickname_is_unnamed(const char *nickname);
int we_want_to_fetch_flavor(const or_options_t *options, int flavor);
int we_want_to_fetch_unknown_auth_certs(const or_options_t *options);
void networkstatus_consensus_download_failed(int status_code,
diff --git a/src/or/nodelist.c b/src/or/nodelist.c
index 00b8fb144f..01a0e9e856 100644
--- a/src/or/nodelist.c
+++ b/src/or/nodelist.c
@@ -850,23 +850,6 @@ node_get_by_nickname,(const char *nickname, unsigned flags))
if (!strcasecmp(nickname, UNNAMED_ROUTER_NICKNAME))
return NULL;
- /* Okay, so if we get here, the nickname is just a nickname. Is there
- * a binding for it in the consensus? */
- {
- const char *named_id =
- networkstatus_get_router_digest_by_nickname(nickname);
- if (named_id)
- return node_get_by_id(named_id);
- }
-
- /* Is it marked as owned-by-someone-else? */
- if (networkstatus_nickname_is_unnamed(nickname)) {
- log_info(LD_GENERAL, "The name %s is listed as Unnamed: there is some "
- "router that holds it, but not one listed in the current "
- "consensus.", escaped(nickname));
- return NULL;
- }
-
/* Okay, so the name is not canonical for anybody. */
{
smartlist_t *matches = smartlist_new();
diff --git a/src/or/or.h b/src/or/or.h
index 161d80ed96..b3c4ed8293 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -4212,7 +4212,7 @@ typedef struct {
/** If true, do not believe anybody who tells us that a domain resolves
* to an internal address, or that an internal address has a PTR mapping.
* Helps avoid some cross-site attacks. */
- int ClientDNSRejectInternalAddresses;
+ int TestingClientDNSRejectInternalAddresses;
/** If true, do not accept any requests to connect to internal addresses
* over randomly chosen exits. */
@@ -4340,6 +4340,10 @@ typedef struct {
* altered on testing networks. */
smartlist_t *TestingBridgeDownloadSchedule;
+ /** Schedule for when clients should download bridge descriptors when they
+ * have no running bridges. Only altered on testing networks. */
+ smartlist_t *TestingBridgeBootstrapDownloadSchedule;
+
/** When directory clients have only a few descriptors to request, they
* batch them until they have more, or until this amount of time has
* passed. Only altered on testing networks. */
diff --git a/src/or/relay.c b/src/or/relay.c
index ba9c09b843..c00afc8e72 100644
--- a/src/or/relay.c
+++ b/src/or/relay.c
@@ -930,7 +930,7 @@ connection_ap_process_end_not_open(
connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
return 0;
}
- if (get_options()->ClientDNSRejectInternalAddresses &&
+ if (get_options()->TestingClientDNSRejectInternalAddresses &&
tor_addr_is_internal(&addr, 0)) {
log_info(LD_APP,"Address '%s' resolved to internal. Closing,",
safe_str(conn->socks_request->address));
@@ -1347,7 +1347,7 @@ connection_edge_process_resolved_cell(edge_connection_t *conn,
goto done;
}
- if (get_options()->ClientDNSRejectInternalAddresses) {
+ if (get_options()->TestingClientDNSRejectInternalAddresses) {
int orig_len = smartlist_len(resolved_addresses);
SMARTLIST_FOREACH_BEGIN(resolved_addresses, address_ttl_t *, addr) {
if (addr->hostname == NULL && tor_addr_is_internal(&addr->addr, 0)) {
@@ -1440,7 +1440,7 @@ connection_edge_process_relay_cell_not_open(
if (tor_addr_family(&addr) != AF_UNSPEC) {
const sa_family_t family = tor_addr_family(&addr);
if (tor_addr_is_null(&addr) ||
- (get_options()->ClientDNSRejectInternalAddresses &&
+ (get_options()->TestingClientDNSRejectInternalAddresses &&
tor_addr_is_internal(&addr, 0))) {
log_info(LD_APP, "...but it claims the IP address was %s. Closing.",
fmt_addr(&addr));
diff --git a/src/or/router.c b/src/or/router.c
index 665e95d3aa..2bc7a875f1 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -3497,7 +3497,7 @@ router_get_description(char *buf, const routerinfo_t *ri)
return "<null>";
return format_node_description(buf,
ri->cache_info.identity_digest,
- router_is_named(ri),
+ 0,
ri->nickname,
NULL,
ri->addr);
@@ -3623,21 +3623,16 @@ extend_info_describe(const extend_info_t *ei)
* verbose representation of the identity of <b>router</b>. The format is:
* A dollar sign.
* The upper-case hexadecimal encoding of the SHA1 hash of router's identity.
- * A "=" if the router is named; a "~" if it is not.
+ * A "=" if the router is named (no longer implemented); a "~" if it is not.
* The router's nickname.
**/
void
router_get_verbose_nickname(char *buf, const routerinfo_t *router)
{
- const char *good_digest = networkstatus_get_router_digest_by_nickname(
- router->nickname);
- int is_named = good_digest && tor_memeq(good_digest,
- router->cache_info.identity_digest,
- DIGEST_LEN);
buf[0] = '$';
base16_encode(buf+1, HEX_DIGEST_LEN+1, router->cache_info.identity_digest,
DIGEST_LEN);
- buf[1+HEX_DIGEST_LEN] = is_named ? '=' : '~';
+ buf[1+HEX_DIGEST_LEN] = '~';
strlcpy(buf+1+HEX_DIGEST_LEN+1, router->nickname, MAX_NICKNAME_LEN+1);
}
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index cc4c196240..9111d93c3c 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -2957,18 +2957,6 @@ hex_digest_nickname_matches(const char *hexdigest, const char *identity_digest,
return tor_memeq(digest, identity_digest, DIGEST_LEN);
}
-/** Return true iff <b>router</b> is listed as named in the current
- * consensus. */
-int
-router_is_named(const routerinfo_t *router)
-{
- const char *digest =
- networkstatus_get_router_digest_by_nickname(router->nickname);
-
- return (digest &&
- tor_memeq(digest, router->cache_info.identity_digest, DIGEST_LEN));
-}
-
/** Return true iff <b>digest</b> is the digest of the identity key of a
* trusted directory matching at least one bit of <b>type</b>. If <b>type</b>
* is zero (NO_DIRINFO), or ALL_DIRINFO, any authority is okay. */
diff --git a/src/or/routerlist.h b/src/or/routerlist.h
index 931373f5cd..27c8d88f05 100644
--- a/src/or/routerlist.h
+++ b/src/or/routerlist.h
@@ -80,7 +80,6 @@ const node_t *router_choose_random_node(smartlist_t *excludedsmartlist,
struct routerset_t *excludedset,
router_crn_flags_t flags);
-int router_is_named(const routerinfo_t *router);
int router_digest_is_trusted_dir_type(const char *digest,
dirinfo_type_t type);
#define router_digest_is_trusted_dir(d) \
diff --git a/src/test/include.am b/src/test/include.am
index d1488057e1..ced16c0a8d 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -39,12 +39,13 @@ TESTS += src/test/test src/test/test-slow src/test/test-memwipe \
$(TESTSCRIPTS)
# These flavors are run using automake's test-driver and test-network.sh
-TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-min single-onion
+TEST_CHUTNEY_FLAVORS = basic-min bridges-min hs-v2-min hs-v3-min \
+ single-onion-v23
# only run if we can ping6 ::1 (localhost)
-TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-ipv6 \
- single-onion-ipv6
+TEST_CHUTNEY_FLAVORS_IPV6 = bridges+ipv6-min ipv6-exit-min hs-v23-ipv6 \
+ single-onion-v23-ipv6
# only run if we can find a stable (or simply another) version of tor
-TEST_CHUTNEY_FLAVORS_MIXED = mixed
+TEST_CHUTNEY_FLAVORS_MIXED = mixed+hs-v23
### This is a lovely feature, but it requires automake >= 1.12, and Tor
### doesn't require that yet.
diff --git a/src/test/test_channelpadding.c b/src/test/test_channelpadding.c
index 3b889991b6..1c6107a872 100644
--- a/src/test/test_channelpadding.c
+++ b/src/test/test_channelpadding.c
@@ -26,6 +26,7 @@ void test_channelpadding_timers(void *arg);
void test_channelpadding_consensus(void *arg);
void test_channelpadding_negotiation(void *arg);
void test_channelpadding_decide_to_pad_channel(void *arg);
+void test_channelpadding_killonehop(void *arg);
void dummy_nop_timer(void);
@@ -111,8 +112,6 @@ setup_fake_connection_for_channel(channel_tls_t *chan)
conn->base_.conn_array_index = smartlist_len(connection_array);
smartlist_add(connection_array, conn);
- connection_or_set_canonical(conn, 1);
-
conn->chan = chan;
chan->conn = conn;
@@ -127,6 +126,8 @@ setup_fake_connection_for_channel(channel_tls_t *chan)
conn->tls = (tor_tls_t *)((void *)(&fake_tortls));
conn->link_proto = MIN_LINK_PROTO_FOR_CHANNEL_PADDING;
+
+ connection_or_set_canonical(conn, 1);
}
static channel_tls_t *
@@ -166,16 +167,30 @@ free_fake_channeltls(channel_tls_t *chan)
}
static void
-setup_mock_network(void)
+setup_mock_consensus(void)
{
- routerstatus_t *relay;
- connection_array = smartlist_new();
-
current_md_consensus = current_ns_consensus
= tor_malloc_zero(sizeof(networkstatus_t));
current_md_consensus->net_params = smartlist_new();
current_md_consensus->routerstatus_list = smartlist_new();
channelpadding_new_consensus_params(current_md_consensus);
+}
+
+static void
+free_mock_consensus(void)
+{
+ SMARTLIST_FOREACH(current_md_consensus->routerstatus_list, void *, r,
+ tor_free(r));
+ smartlist_free(current_md_consensus->routerstatus_list);
+ smartlist_free(current_ns_consensus->net_params);
+ tor_free(current_ns_consensus);
+}
+
+static void
+setup_mock_network(void)
+{
+ routerstatus_t *relay;
+ connection_array = smartlist_new();
relay1_relay2 = (channel_t*)new_fake_channeltls(2);
relay1_relay2->write_cell = mock_channel_write_cell_relay1;
@@ -202,6 +217,11 @@ setup_mock_network(void)
client_relay3 = (channel_t*)new_fake_channeltls(3);
client_relay3->write_cell = mock_channel_write_cell_client;
channel_timestamp_active(client_relay3);
+
+ channel_do_open_actions(relay1_relay2);
+ channel_do_open_actions(relay2_relay1);
+ channel_do_open_actions(relay3_client);
+ channel_do_open_actions(client_relay3);
}
static void
@@ -212,12 +232,7 @@ free_mock_network(void)
free_fake_channeltls((channel_tls_t*)relay3_client);
free_fake_channeltls((channel_tls_t*)client_relay3);
- SMARTLIST_FOREACH(current_md_consensus->routerstatus_list, void *, r,
- tor_free(r));
- smartlist_free(current_md_consensus->routerstatus_list);
- smartlist_free(current_ns_consensus->net_params);
smartlist_free(connection_array);
- tor_free(current_ns_consensus);
}
static void
@@ -345,6 +360,155 @@ test_channelpadding_timers(void *arg)
}
void
+test_channelpadding_killonehop(void *arg)
+{
+ channelpadding_decision_t decision;
+ (void)arg;
+ tor_libevent_postfork();
+
+ routerstatus_t *relay = tor_malloc_zero(sizeof(routerstatus_t));
+ monotime_init();
+ timers_initialize();
+
+ setup_mock_consensus();
+ setup_mock_network();
+
+ /* Do we disable padding if tor2webmode or rsos are enabled, and
+ * the consensus says don't pad? */
+
+ /* Ensure we can kill tor2web and rsos padding if we want. */
+ // First, test that padding works if either is enabled
+ smartlist_clear(current_md_consensus->net_params);
+ channelpadding_new_consensus_params(current_md_consensus);
+
+ tried_to_write_cell = 0;
+ get_options_mutable()->Tor2webMode = 1;
+ client_relay3->next_padding_time_ms = monotime_coarse_absolute_msec() + 100;
+ decision = channelpadding_decide_to_pad_channel(client_relay3);
+ tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
+ tt_assert(client_relay3->pending_padding_callback);
+ tt_int_op(tried_to_write_cell, OP_EQ, 0);
+
+ decision = channelpadding_decide_to_pad_channel(client_relay3);
+ tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_ALREADY_SCHEDULED);
+
+ // Wait for the timer
+ event_base_loop(tor_libevent_get_base(), 0);
+ tt_int_op(tried_to_write_cell, OP_EQ, 1);
+ tt_assert(!client_relay3->pending_padding_callback);
+
+ // Then test disabling each via consensus param
+ smartlist_add(current_md_consensus->net_params,
+ (void*)"nf_pad_tor2web=0");
+ channelpadding_new_consensus_params(current_md_consensus);
+
+ // Before the client tries to pad, the relay will still pad:
+ tried_to_write_cell = 0;
+ relay3_client->next_padding_time_ms = monotime_coarse_absolute_msec() + 100;
+ get_options_mutable()->ORPort_set = 1;
+ get_options_mutable()->Tor2webMode = 0;
+ decision = channelpadding_decide_to_pad_channel(relay3_client);
+ tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
+ tt_assert(relay3_client->pending_padding_callback);
+
+ // Wait for the timer
+ event_base_loop(tor_libevent_get_base(), 0);
+ tt_int_op(tried_to_write_cell, OP_EQ, 1);
+ tt_assert(!client_relay3->pending_padding_callback);
+
+ // Test client side (it should stop immediately, but send a negotiate)
+ tried_to_write_cell = 0;
+ tt_assert(relay3_client->padding_enabled);
+ tt_assert(client_relay3->padding_enabled);
+ get_options_mutable()->Tor2webMode = 1;
+ /* For the relay to recieve the negotiate: */
+ get_options_mutable()->ORPort_set = 1;
+ decision = channelpadding_decide_to_pad_channel(client_relay3);
+ tt_int_op(decision, OP_EQ, CHANNELPADDING_WONTPAD);
+ tt_int_op(tried_to_write_cell, OP_EQ, 1);
+ tt_assert(!client_relay3->pending_padding_callback);
+ tt_assert(!relay3_client->padding_enabled);
+
+ // Test relay side (it should have gotten the negotiation to disable)
+ get_options_mutable()->ORPort_set = 1;
+ get_options_mutable()->Tor2webMode = 0;
+ tt_int_op(channelpadding_decide_to_pad_channel(relay3_client), OP_EQ,
+ CHANNELPADDING_WONTPAD);
+ tt_assert(!relay3_client->padding_enabled);
+
+ /* Repeat for SOS */
+ // First, test that padding works if either is enabled
+ smartlist_clear(current_md_consensus->net_params);
+ channelpadding_new_consensus_params(current_md_consensus);
+
+ relay3_client->padding_enabled = 1;
+ client_relay3->padding_enabled = 1;
+
+ tried_to_write_cell = 0;
+ get_options_mutable()->ORPort_set = 0;
+ get_options_mutable()->HiddenServiceSingleHopMode = 1;
+ get_options_mutable()->HiddenServiceNonAnonymousMode = 1;
+ client_relay3->next_padding_time_ms = monotime_coarse_absolute_msec() + 100;
+ decision = channelpadding_decide_to_pad_channel(client_relay3);
+ tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
+ tt_assert(client_relay3->pending_padding_callback);
+ tt_int_op(tried_to_write_cell, OP_EQ, 0);
+
+ decision = channelpadding_decide_to_pad_channel(client_relay3);
+ tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_ALREADY_SCHEDULED);
+
+ // Wait for the timer
+ event_base_loop(tor_libevent_get_base(), 0);
+ tt_int_op(tried_to_write_cell, OP_EQ, 1);
+ tt_assert(!client_relay3->pending_padding_callback);
+
+ // Then test disabling each via consensus param
+ smartlist_add(current_md_consensus->net_params,
+ (void*)"nf_pad_single_onion=0");
+ channelpadding_new_consensus_params(current_md_consensus);
+
+ // Before the client tries to pad, the relay will still pad:
+ tried_to_write_cell = 0;
+ relay3_client->next_padding_time_ms = monotime_coarse_absolute_msec() + 100;
+ get_options_mutable()->ORPort_set = 1;
+ get_options_mutable()->HiddenServiceSingleHopMode = 0;
+ get_options_mutable()->HiddenServiceNonAnonymousMode = 0;
+ decision = channelpadding_decide_to_pad_channel(relay3_client);
+ tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
+ tt_assert(relay3_client->pending_padding_callback);
+
+ // Wait for the timer
+ event_base_loop(tor_libevent_get_base(), 0);
+ tt_int_op(tried_to_write_cell, OP_EQ, 1);
+ tt_assert(!client_relay3->pending_padding_callback);
+
+ // Test client side (it should stop immediately)
+ get_options_mutable()->HiddenServiceSingleHopMode = 1;
+ get_options_mutable()->HiddenServiceNonAnonymousMode = 1;
+ /* For the relay to recieve the negotiate: */
+ get_options_mutable()->ORPort_set = 1;
+ decision = channelpadding_decide_to_pad_channel(client_relay3);
+ tt_int_op(decision, OP_EQ, CHANNELPADDING_WONTPAD);
+ tt_assert(!client_relay3->pending_padding_callback);
+
+ // Test relay side (it should have gotten the negotiation to disable)
+ get_options_mutable()->ORPort_set = 1;
+ get_options_mutable()->HiddenServiceSingleHopMode = 0;
+ get_options_mutable()->HiddenServiceNonAnonymousMode = 0;
+ tt_int_op(channelpadding_decide_to_pad_channel(relay3_client), OP_EQ,
+ CHANNELPADDING_WONTPAD);
+ tt_assert(!relay3_client->padding_enabled);
+
+ done:
+ free_mock_consensus();
+ free_mock_network();
+ tor_free(relay);
+
+ timers_shutdown();
+ channel_free_all();
+}
+
+void
test_channelpadding_consensus(void *arg)
{
channelpadding_decision_t decision;
@@ -379,11 +543,7 @@ test_channelpadding_consensus(void *arg)
chan = (channel_t*)new_fake_channeltls(0);
channel_timestamp_active(chan);
- current_md_consensus = current_ns_consensus
- = tor_malloc_zero(sizeof(networkstatus_t));
- current_md_consensus->net_params = smartlist_new();
- current_md_consensus->routerstatus_list = smartlist_new();
- channelpadding_new_consensus_params(current_md_consensus);
+ setup_mock_consensus();
get_options_mutable()->ORPort_set = 1;
@@ -441,6 +601,7 @@ test_channelpadding_consensus(void *arg)
channelpadding_new_consensus_params(current_md_consensus);
tried_to_write_cell = 0;
+ chan->next_padding_time_ms = monotime_coarse_absolute_msec() + 100;
decision = channelpadding_decide_to_pad_channel(chan);
tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
tt_assert(chan->pending_padding_callback);
@@ -547,12 +708,9 @@ test_channelpadding_consensus(void *arg)
tt_i64_op(val, OP_LE, 24*60*60*2);
done:
+ free_mock_consensus();
free_fake_channeltls((channel_tls_t*)chan);
smartlist_free(connection_array);
- smartlist_free(current_md_consensus->routerstatus_list);
- smartlist_free(current_ns_consensus->net_params);
- tor_free(relay);
- tor_free(current_ns_consensus);
timers_shutdown();
channel_free_all();
@@ -579,6 +737,7 @@ test_channelpadding_negotiation(void *arg)
*/
monotime_init();
timers_initialize();
+ setup_mock_consensus();
setup_mock_network();
/* Test case #1: Do the right things ignore negotiation? */
@@ -680,6 +839,7 @@ test_channelpadding_negotiation(void *arg)
done:
free_mock_network();
+ free_mock_consensus();
timers_shutdown();
channel_free_all();
@@ -892,6 +1052,7 @@ struct testcase_t channelpadding_tests[] = {
TEST_CHANNELPADDING(channelpadding_decide_to_pad_channel, TT_FORK),
TEST_CHANNELPADDING(channelpadding_negotiation, TT_FORK),
TEST_CHANNELPADDING(channelpadding_consensus, TT_FORK),
+ TEST_CHANNELPADDING(channelpadding_killonehop, TT_FORK),
TEST_CHANNELPADDING(channelpadding_timers, TT_FORK),
END_OF_TESTCASES
};
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index b6b0936f83..dd910cd0c5 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -18,6 +18,7 @@
#define RELAY_PRIVATE
#include "or.h"
+#include "bridges.h"
#include "confparse.h"
#include "config.h"
#include "control.h"
@@ -4245,7 +4246,7 @@ test_dir_download_status_increment(void *arg)
/* Put it in the options */
mock_options = &test_options;
reset_options(mock_options, &mock_get_options_calls);
- mock_options->TestingBridgeDownloadSchedule = schedule;
+ mock_options->TestingBridgeBootstrapDownloadSchedule = schedule;
mock_options->TestingClientDownloadSchedule = schedule;
MOCK(get_options, mock_get_options);
@@ -4425,6 +4426,7 @@ test_dir_download_status_increment(void *arg)
/* Check that failure increments do happen on attempt-based schedules,
* but that the retry is set at the end of time */
+ mock_options->UseBridges = 1;
mock_get_options_calls = 0;
next_at = download_status_increment_failure(&dls_attempt, 404, "test", 0,
current_time);
@@ -4539,6 +4541,7 @@ test_dir_download_status_increment(void *arg)
tt_int_op(download_status_get_n_failures(&dls_attempt), OP_EQ, 0);
tt_int_op(download_status_get_n_attempts(&dls_attempt), OP_EQ, 0);
tt_int_op(mock_get_options_calls, OP_GE, 1);
+ mock_options->UseBridges = 0;
/* Check that attempt increments don't happen on failure-based schedules,
* and that the attempt is set at the end of time */
@@ -5859,9 +5862,17 @@ mock_networkstatus_consensus_can_use_extra_fallbacks(
return mock_networkstatus_consensus_can_use_extra_fallbacks_value;
}
-/* data is a 2 character nul-terminated string.
+static int mock_any_bridge_descriptors_known_value = 0;
+static int
+mock_any_bridge_descriptors_known(void)
+{
+ return mock_any_bridge_descriptors_known_value;
+}
+
+/* data is a 3 character nul-terminated string.
* If data[0] is 'b', set bootstrapping, anything else means not bootstrapping
* If data[1] is 'f', set extra fallbacks, anything else means no extra
+ * If data[2] is 'f', set running bridges, anything else means no extra
* fallbacks.
*/
static void
@@ -5869,7 +5880,7 @@ test_dir_find_dl_schedule(void* data)
{
const char *str = (const char *)data;
- tt_assert(strlen(data) == 2);
+ tt_assert(strlen(data) == 3);
if (str[0] == 'b') {
mock_networkstatus_consensus_is_bootstrapping_value = 1;
@@ -5883,15 +5894,23 @@ test_dir_find_dl_schedule(void* data)
mock_networkstatus_consensus_can_use_extra_fallbacks_value = 0;
}
+ if (str[2] == 'r') {
+ mock_any_bridge_descriptors_known_value = 1;
+ } else {
+ mock_any_bridge_descriptors_known_value = 0;
+ }
+
MOCK(networkstatus_consensus_is_bootstrapping,
mock_networkstatus_consensus_is_bootstrapping);
MOCK(networkstatus_consensus_can_use_extra_fallbacks,
mock_networkstatus_consensus_can_use_extra_fallbacks);
+ MOCK(any_bridge_descriptors_known,
+ mock_any_bridge_descriptors_known);
download_status_t dls;
smartlist_t server, client, server_cons, client_cons;
smartlist_t client_boot_auth_only_cons, client_boot_auth_cons;
- smartlist_t client_boot_fallback_cons, bridge;
+ smartlist_t client_boot_fallback_cons, bridge, bridge_bootstrap;
mock_options = tor_malloc(sizeof(or_options_t));
reset_options(mock_options, &mock_get_options_calls);
@@ -5908,6 +5927,7 @@ test_dir_find_dl_schedule(void* data)
mock_options->ClientBootstrapConsensusFallbackDownloadSchedule =
&client_boot_fallback_cons;
mock_options->TestingBridgeDownloadSchedule = &bridge;
+ mock_options->TestingBridgeBootstrapDownloadSchedule = &bridge_bootstrap;
dls.schedule = DL_SCHED_GENERIC;
/* client */
@@ -5996,11 +6016,17 @@ test_dir_find_dl_schedule(void* data)
dls.schedule = DL_SCHED_BRIDGE;
/* client */
mock_options->ClientOnly = 1;
- tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &bridge);
+ mock_options->UseBridges = 1;
+ if (any_bridge_descriptors_known()) {
+ tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &bridge);
+ } else {
+ tt_ptr_op(find_dl_schedule(&dls, mock_options), OP_EQ, &bridge_bootstrap);
+ }
done:
UNMOCK(networkstatus_consensus_is_bootstrapping);
UNMOCK(networkstatus_consensus_can_use_extra_fallbacks);
+ UNMOCK(any_bridge_descriptors_known);
UNMOCK(get_options);
tor_free(mock_options);
mock_options = NULL;
@@ -6165,10 +6191,14 @@ struct testcase_t dir_tests[] = {
DIR(dump_unparseable_descriptors, 0),
DIR(populate_dump_desc_fifo, 0),
DIR(populate_dump_desc_fifo_2, 0),
- DIR_ARG(find_dl_schedule, TT_FORK, "bf"),
- DIR_ARG(find_dl_schedule, TT_FORK, "ba"),
- DIR_ARG(find_dl_schedule, TT_FORK, "cf"),
- DIR_ARG(find_dl_schedule, TT_FORK, "ca"),
+ DIR_ARG(find_dl_schedule, TT_FORK, "bfd"),
+ DIR_ARG(find_dl_schedule, TT_FORK, "bad"),
+ DIR_ARG(find_dl_schedule, TT_FORK, "cfd"),
+ DIR_ARG(find_dl_schedule, TT_FORK, "cad"),
+ DIR_ARG(find_dl_schedule, TT_FORK, "bfr"),
+ DIR_ARG(find_dl_schedule, TT_FORK, "bar"),
+ DIR_ARG(find_dl_schedule, TT_FORK, "cfr"),
+ DIR_ARG(find_dl_schedule, TT_FORK, "car"),
DIR(assumed_flags, 0),
DIR(networkstatus_compute_bw_weights_v10, 0),
END_OF_TESTCASES
diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c
index f30bb5ffa1..d87670d82b 100644
--- a/src/test/test_entrynodes.c
+++ b/src/test/test_entrynodes.c
@@ -917,6 +917,7 @@ test_entry_guard_node_filter(void *arg)
routerset_parse(get_options_mutable()->ExcludeNodes, "144.144.0.0/16", "");
/* 4: Bridge. */
+ get_options_mutable()->UseBridges = 1;
sweep_bridge_list();
bl = tor_malloc_zero(sizeof(bridge_line_t));
tor_addr_from_ipv4h(&bl->addr, n[4]->rs->addr);
@@ -924,6 +925,7 @@ test_entry_guard_node_filter(void *arg)
memcpy(bl->digest, n[4]->identity, 20);
bridge_add_from_config(bl);
bl = NULL; // prevent free.
+ get_options_mutable()->UseBridges = 0;
/* 5: Unreachable. This stays in the filter, but isn't in usable-filtered */
g[5]->last_tried_to_connect = approx_time(); // prevent retry.
diff --git a/src/test/test_hs_common.c b/src/test/test_hs_common.c
index b0e7f5e1e7..da592eb08f 100644
--- a/src/test/test_hs_common.c
+++ b/src/test/test_hs_common.c
@@ -1494,9 +1494,6 @@ helper_test_hsdir_sync(networkstatus_t *ns,
* the client was also picked by service.
*/
- cleanup_nodelist();
- smartlist_clear(ns->routerstatus_list);
-
/* 1) Initialize service time: consensus and real time */
time_t now = helper_set_consensus_and_system_time(ns,
service_between_srv_and_tp);
@@ -1508,6 +1505,8 @@ helper_test_hsdir_sync(networkstatus_t *ns,
/* Now let's upload our desc to all hsdirs */
upload_descriptor_to_all(service, desc);
+ /* Cleanup right now so we don't memleak on error. */
+ cleanup_nodelist();
/* Check that previous hsdirs were populated */
tt_int_op(smartlist_len(desc->previous_hsdirs), OP_EQ, 6);
@@ -1515,6 +1514,8 @@ helper_test_hsdir_sync(networkstatus_t *ns,
now = helper_set_consensus_and_system_time(ns, client_between_srv_and_tp);
cleanup_nodelist();
+ SMARTLIST_FOREACH(ns->routerstatus_list,
+ routerstatus_t *, rs, routerstatus_free(rs));
smartlist_clear(ns->routerstatus_list);
helper_initialize_big_hash_ring(ns);
@@ -1522,6 +1523,8 @@ helper_test_hsdir_sync(networkstatus_t *ns,
char client_hsdir_b64_digest[BASE64_DIGEST_LEN+1] = {0};
helper_client_pick_hsdir(&service->keys.identity_pk,
client_hsdir_b64_digest);
+ /* Cleanup right now so we don't memleak on error. */
+ cleanup_nodelist();
/* CHECK: Go through the hsdirs chosen by the service and make sure that it
* contains the one picked by the client! */
@@ -1534,6 +1537,9 @@ helper_test_hsdir_sync(networkstatus_t *ns,
* need it for next scenario. */
hs_service_free_all();
hs_service_init();
+ SMARTLIST_FOREACH(ns->routerstatus_list,
+ routerstatus_t *, rs, routerstatus_free(rs));
+ smartlist_clear(ns->routerstatus_list);
}
/** This test ensures that client and service will pick the same HSDirs, under
@@ -1643,9 +1649,6 @@ test_client_service_hsdir_set_sync(void *arg)
helper_test_hsdir_sync(ns, 0, 1, 0);
done:
- SMARTLIST_FOREACH(ns->routerstatus_list,
- routerstatus_t *, rs, routerstatus_free(rs));
- smartlist_clear(ns->routerstatus_list);
networkstatus_vote_free(ns);
nodelist_free_all();
hs_free_all();
diff --git a/src/test/test_nodelist.c b/src/test/test_nodelist.c
index db2a8fd02c..a873003d72 100644
--- a/src/test/test_nodelist.c
+++ b/src/test/test_nodelist.c
@@ -197,8 +197,8 @@ test_nodelist_ed_id(void *arg)
tor_free(ri[i]->cache_info.signing_key_cert);
tor_free(ri[i]);
}
- smartlist_free(ns->routerstatus_list);
- tor_free(ns);
+ smartlist_clear(ns->routerstatus_list);
+ networkstatus_vote_free(ns);
UNMOCK(networkstatus_get_latest_consensus);
UNMOCK(networkstatus_get_latest_consensus_by_flavor);
}
diff --git a/src/test/test_options.c b/src/test/test_options.c
index 92e6982823..65b678cf5b 100644
--- a/src/test/test_options.c
+++ b/src/test/test_options.c
@@ -2232,6 +2232,7 @@ test_options_validate__testing(void *ignored)
ENSURE_DEFAULT(TestingServerConsensusDownloadSchedule, 3000);
ENSURE_DEFAULT(TestingClientConsensusDownloadSchedule, 3000);
ENSURE_DEFAULT(TestingBridgeDownloadSchedule, 3000);
+ ENSURE_DEFAULT(TestingBridgeBootstrapDownloadSchedule, 3000);
ENSURE_DEFAULT(TestingClientMaxIntervalWithoutRequest, 3000);
ENSURE_DEFAULT(TestingDirConnectionMaxStall, 3000);
ENSURE_DEFAULT(TestingConsensusMaxDownloadTries, 3000);
diff --git a/src/test/test_relaycell.c b/src/test/test_relaycell.c
index eea1f5dc80..9c010deece 100644
--- a/src/test/test_relaycell.c
+++ b/src/test/test_relaycell.c
@@ -112,7 +112,7 @@ test_relaycell_resolved(void *arg)
MOCK(connection_mark_unattached_ap_, mark_unattached_mock);
MOCK(connection_ap_handshake_socks_resolved, socks_resolved_mock);
- options->ClientDNSRejectInternalAddresses = 0;
+ options->TestingClientDNSRejectInternalAddresses = 0;
SET_CELL(/* IPv4: 127.0.1.2, ttl 256 */
"\x04\x04\x7f\x00\x01\x02\x00\x00\x01\x00"
@@ -151,7 +151,7 @@ test_relaycell_resolved(void *arg)
/* But we may be discarding private answers. */
MOCK_RESET();
- options->ClientDNSRejectInternalAddresses = 1;
+ options->TestingClientDNSRejectInternalAddresses = 1;
r = connection_edge_process_resolved_cell(edgeconn, &cell, &rh);
tt_int_op(r, OP_EQ, 0);
ASSERT_MARK_CALLED(END_STREAM_REASON_DONE|