diff options
147 files changed, 3269 insertions, 943 deletions
diff --git a/.travis.yml b/.travis.yml index 8e258aef26..f78333611f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -39,7 +39,7 @@ env: - RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true matrix: - ## include creates builds with gcc, linux, sudo: false + ## include creates builds with gcc, linux include: ## We include a single coverage build with the best options for coverage - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" @@ -71,12 +71,6 @@ matrix: ## allow failures by env: ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures exclude: - ## Clang doesn't work in containerized builds, see below. - - compiler: clang - sudo: false - ## Non-containerized gcc are slow and redundant. - - compiler: gcc - sudo: required ## gcc on OSX is less useful, because the default compiler is clang. - compiler: gcc os: osx @@ -92,20 +86,6 @@ matrix: ## TOR_RUST_DEPENDENCIES is spelt RUST_DEPENDENCIES in 0.3.2 env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true HARDENING_OPTIONS="" -## We don't need sudo. (The "apt:" stanza after this allows us to not need -## sudo; otherwise, we would need it for getting dependencies.) -## -## But we use "sudo: required" to force non-containerized builds, working -## around a Travis CI environment issue: clang LeakAnalyzer fails -## because it requires ptrace and the containerized environment no -## longer allows ptrace. -## https://github.com/travis-ci/travis-ci/issues/9033 -## -## In the matrix above, we exclude redundant combinations. -sudo: - - false - - required - ## (Linux only) Use the latest Linux image (Ubuntu Trusty) dist: trusty @@ -1,3 +1,51 @@ +Changes in version 0.4.0.5 - 2019-05-02 + This is the first stable release in the 0.4.0.x series. It contains + improvements for power management and bootstrap reporting, as well as + preliminary backend support for circuit padding to prevent some kinds + of traffic analysis. It also continues our work in refactoring Tor for + long-term maintainability. + + Per our support policy, we will support the 0.4.0.x series for nine + months, or until three months after the release of a stable 0.4.1.x: + whichever is longer. If you need longer-term support, please stick + with 0.3.5.x, which will we plan to support until Feb 2022. + + Below are the changes since 0.4.0.4-rc. For a complete list of changes + since 0.3.5.7, see the ReleaseNotes file. + + o Minor features (continuous integration): + - In Travis, tell timelimit to use stem's backtrace signals, and + launch python directly from timelimit, so python receives the + signals from timelimit, rather than make. Closes ticket 30117. + + o Minor features (diagnostic): + - Add more diagnostic log messages in an attempt to solve the issue + of NUL bytes appearing in a microdescriptor cache. Related to + ticket 28223. + + o Minor features (testing): + - Use the approx_time() function when setting the "Expires" header + in directory replies, to make them more testable. Needed for + ticket 30001. + + o Minor bugfixes (rust): + - Abort on panic in all build profiles, instead of potentially + unwinding into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (shellcheck): + - Look for scripts in their correct locations during "make + shellcheck". Previously we had looked in the wrong place during + out-of-tree builds. Fixes bug 30263; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (testing): + - Check the time in the "Expires" header using approx_time(). Fixes + bug 30001; bugfix on 0.4.0.4-rc. + + o Minor bugfixes (UI): + - Lower log level of unlink() errors during bootstrap. Fixes bug + 29930; bugfix on 0.4.0.1-alpha. + + Changes in version 0.4.0.4-rc - 2019-04-11 Tor 0.4.0.4-rc is the first release candidate in its series; it fixes several bugs from earlier versions, including some that had affected diff --git a/ReleaseNotes b/ReleaseNotes index 93dad1673b..badc5e6d0c 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -2,6 +2,605 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.4.0.5 - 2019-05-02 + This is the first stable release in the 0.4.0.x series. It contains + improvements for power management and bootstrap reporting, as well as + preliminary backend support for circuit padding to prevent some kinds + of traffic analysis. It also continues our work in refactoring Tor for + long-term maintainability. + + Per our support policy, we will support the 0.4.0.x series for nine + months, or until three months after the release of a stable 0.4.1.x: + whichever is longer. If you need longer-term support, please stick + with 0.3.5.x, which will we plan to support until Feb 2022. + + Below are the changes since 0.3.5.7. For a complete list of changes + since 0.4.0.4-rc, see the ChangeLog file. + + o Major features (battery management, client, dormant mode): + - When Tor is running as a client, and it is unused for a long time, + it can now enter a "dormant" state. When Tor is dormant, it avoids + network and CPU activity until it is reawoken either by a user + request or by a controller command. For more information, see the + configuration options starting with "Dormant". Implements tickets + 2149 and 28335. + - The client's memory of whether it is "dormant", and how long it + has spent idle, persists across invocations. Implements + ticket 28624. + - There is a DormantOnFirstStartup option that integrators can use + if they expect that in many cases, Tor will be installed but + not used. + + o Major features (bootstrap reporting): + - When reporting bootstrap progress, report the first connection + uniformly, regardless of whether it's a connection for building + application circuits. This allows finer-grained reporting of early + progress than previously possible, with the improvements of ticket + 27169. Closes tickets 27167 and 27103. Addresses ticket 27308. + - When reporting bootstrap progress, treat connecting to a proxy or + pluggable transport as separate from having successfully used that + proxy or pluggable transport to connect to a relay. Closes tickets + 27100 and 28884. + + o Major features (circuit padding): + - Implement preliminary support for the circuit padding portion of + Proposal 254. The implementation supports Adaptive Padding (aka + WTF-PAD) state machines for use between experimental clients and + relays. Support is also provided for APE-style state machines that + use probability distributions instead of histograms to specify + inter-packet delay. At the moment, Tor does not provide any + padding state machines that are used in normal operation: for now, + this feature exists solely for experimentation. Closes + ticket 28142. + + o Major features (refactoring): + - Tor now uses an explicit list of its own subsystems when + initializing and shutting down. Previously, these systems were + managed implicitly in various places throughout the codebase. + (There may still be some subsystems using the old system.) Closes + ticket 28330. + + o Major bugfixes (cell scheduler, KIST, security): + - Make KIST consider the outbuf length when computing what it can + put in the outbuf. Previously, KIST acted as though the outbuf + were empty, which could lead to the outbuf becoming too full. It + is possible that an attacker could exploit this bug to cause a Tor + client or relay to run out of memory and crash. Fixes bug 29168; + bugfix on 0.3.2.1-alpha. This issue is also being tracked as + TROVE-2019-001 and CVE-2019-8955. + + o Major bugfixes (networking): + - Gracefully handle empty username/password fields in SOCKS5 + username/password auth messsage and allow SOCKS5 handshake to + continue. Previously, we had rejected these handshakes, breaking + certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha. + + o Major bugfixes (NSS, relay): + - When running with NSS, disable TLS 1.2 ciphersuites that use + SHA384 for their PRF. Due to an NSS bug, the TLS key exporters for + these ciphersuites don't work -- which caused relays to fail to + handshake with one another when these ciphersuites were enabled. + Fixes bug 29241; bugfix on 0.3.5.1-alpha. + + o Major bugfixes (windows, startup): + - When reading a consensus file from disk, detect whether it was + written in text mode, and re-read it in text mode if so. Always + write consensus files in binary mode so that we can map them into + memory later. Previously, we had written in text mode, which + confused us when we tried to map the file on windows. Fixes bug + 28614; bugfix on 0.4.0.1-alpha. + + o Minor features (address selection): + - Treat the subnet 100.64.0.0/10 as public for some purposes; + private for others. This subnet is the RFC 6598 (Carrier Grade + NAT) IP range, and is deployed by many ISPs as an alternative to + RFC 1918 that does not break existing internal networks. Tor now + blocks SOCKS and control ports on these addresses and warns users + if client ports or ExtORPorts are listening on a RFC 6598 address. + Closes ticket 28525. Patch by Neel Chauhan. + + o Minor features (bandwidth authority): + - Make bandwidth authorities ignore relays that are reported in the + bandwidth file with the flag "vote=0". This change allows us to + report unmeasured relays for diagnostic reasons without including + their bandwidth in the bandwidth authorities' vote. Closes + ticket 29806. + - When a directory authority is using a bandwidth file to obtain the + bandwidth values that will be included in the next vote, serve + this bandwidth file at /tor/status-vote/next/bandwidth. Closes + ticket 21377. + + o Minor features (bootstrap reporting): + - When reporting bootstrap progress, stop distinguishing between + situations where only internal paths are available and situations + where external paths are available. Previously, Tor would often + erroneously report that it had only internal paths. Closes + ticket 27402. + + o Minor features (compilation): + - Compile correctly when OpenSSL is built with engine support + disabled, or with deprecated APIs disabled. Closes ticket 29026. + Patches from "Mangix". + + o Minor features (continuous integration): + - On Travis Rust builds, cleanup Rust registry and refrain from + caching the "target/" directory to speed up builds. Resolves + issue 29962. + - Log Python version during each Travis CI job. Resolves + issue 28551. + - In Travis, tell timelimit to use stem's backtrace signals, and + launch python directly from timelimit, so python receives the + signals from timelimit, rather than make. Closes ticket 30117. + + o Minor features (controller): + - Add a DROPOWNERSHIP command to undo the effects of TAKEOWNERSHIP. + Implements ticket 28843. + + o Minor features (developer tooling): + - Check that bugfix versions in changes files look like Tor versions + from the versions spec. Warn when bugfixes claim to be on a future + release. Closes ticket 27761. + - Provide a git pre-commit hook that disallows commiting if we have + any failures in our code and changelog formatting checks. It is + now available in scripts/maint/pre-commit.git-hook. Implements + feature 28976. + - Provide a git hook script to prevent "fixup!" and "squash!" + commits from ending up in the master branch, as scripts/main/pre- + push.git-hook. Closes ticket 27993. + + o Minor features (diagnostic): + - Add more diagnostic log messages in an attempt to solve the issue + of NUL bytes appearing in a microdescriptor cache. Related to + ticket 28223. + + o Minor features (directory authority): + - When a directory authority is using a bandwidth file to obtain + bandwidth values, include the digest of that file in the vote. + Closes ticket 26698. + - Directory authorities support a new consensus algorithm, under + which the family lines in microdescriptors are encoded in a + canonical form. This change makes family lines more compressible + in transit, and on the client. Closes ticket 28266; implements + proposal 298. + + o Minor features (directory authority, relay): + - Authorities now vote on a "StaleDesc" flag to indicate that a + relay's descriptor is so old that the relay should upload again + soon. Relays treat this flag as a signal to upload a new + descriptor. This flag will eventually let us remove the + 'published' date from routerstatus entries, and make our consensus + diffs much smaller. Closes ticket 26770; implements proposal 293. + + o Minor features (dormant mode): + - Add a DormantCanceledByStartup option to tell Tor that it should + treat a startup event as cancelling any previous dormant state. + Integrators should use this option with caution: it should only be + used if Tor is being started because of something that the user + did, and not if Tor is being automatically started in the + background. Closes ticket 29357. + + o Minor features (fallback directory mirrors): + - Update the fallback whitelist based on operator opt-ins and opt- + outs. Closes ticket 24805, patch by Phoul. + + o Minor features (FreeBSD): + - On FreeBSD-based systems, warn relay operators if the + "net.inet.ip.random_id" sysctl (IP ID randomization) is disabled. + Closes ticket 28518. + + o Minor features (geoip): + - Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2 + Country database. Closes ticket 29992. + + o Minor features (HTTP standards compliance): + - Stop sending the header "Content-type: application/octet-stream" + along with transparently compressed documents: this confused + browsers. Closes ticket 28100. + + o Minor features (IPv6): + - We add an option ClientAutoIPv6ORPort, to make clients randomly + prefer a node's IPv4 or IPv6 ORPort. The random preference is set + every time a node is loaded from a new consensus or bridge config. + We expect that this option will enable clients to bootstrap more + quickly without having to determine whether they support IPv4, + IPv6, or both. Closes ticket 27490. Patch by Neel Chauhan. + - When using addrs_in_same_network_family(), avoid choosing circuit + paths that pass through the same IPv6 subnet more than once. + Previously, we only checked IPv4 subnets. Closes ticket 24393. + Patch by Neel Chauhan. + + o Minor features (log messages): + - Improve log message in v3 onion services that could print out + negative revision counters. Closes ticket 27707. Patch + by "ffmancera". + + o Minor features (memory usage): + - Save memory by storing microdescriptor family lists with a more + compact representation. Closes ticket 27359. + - Tor clients now use mmap() to read consensus files from disk, so + that they no longer need keep the full text of a consensus in + memory when parsing it or applying a diff. Closes ticket 27244. + + o Minor features (NSS, diagnostic): + - Try to log an error from NSS (if there is any) and a more useful + description of our situation if we are using NSS and a call to + SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241. + + o Minor features (parsing): + - Directory authorities now validate that router descriptors and + ExtraInfo documents are in a valid subset of UTF-8, and reject + them if they are not. Closes ticket 27367. + + o Minor features (performance): + - Cache the results of summarize_protocol_flags(), so that we don't + have to parse the same protocol-versions string over and over. + This should save us a huge number of malloc calls on startup, and + may reduce memory fragmentation with some allocators. Closes + ticket 27225. + - Remove a needless memset() call from get_token_arguments, thereby + speeding up the tokenization of directory objects by about 20%. + Closes ticket 28852. + - Replace parse_short_policy() with a faster implementation, to + improve microdescriptor parsing time. Closes ticket 28853. + - Speed up directory parsing a little by avoiding use of the non- + inlined strcmp_len() function. Closes ticket 28856. + - Speed up microdescriptor parsing by about 30%, to help improve + startup time. Closes ticket 28839. + + o Minor features (pluggable transports): + - Add support for emitting STATUS updates to Tor's control port from + a pluggable transport process. Closes ticket 28846. + - Add support for logging to Tor's logging subsystem from a + pluggable transport process. Closes ticket 28180. + + o Minor features (process management): + - Add a new process API for handling child processes. This new API + allows Tor to have bi-directional communication with child + processes on both Unix and Windows. Closes ticket 28179. + - Use the subsystem manager to initialize and shut down the process + module. Closes ticket 28847. + + o Minor features (relay): + - When listing relay families, list them in canonical form including + the relay's own identity, and try to give a more useful set of + warnings. Part of ticket 28266 and proposal 298. + + o Minor features (required protocols): + - Before exiting because of a missing required protocol, Tor will + now check the publication time of the consensus, and not exit + unless the consensus is newer than the Tor program's own release + date. Previously, Tor would not check the consensus publication + time, and so might exit because of a missing protocol that might + no longer be required in a current consensus. Implements proposal + 297; closes ticket 27735. + + o Minor features (testing): + - Treat all unexpected ERR and BUG messages as test failures. Closes + ticket 28668. + - Allow a HeartbeatPeriod of less than 30 minutes in testing Tor + networks. Closes ticket 28840. Patch by Rob Jansen. + - Use the approx_time() function when setting the "Expires" header + in directory replies, to make them more testable. Needed for + ticket 30001. + + o Minor bugfixes (security): + - Fix a potential double free bug when reading huge bandwidth files. + The issue is not exploitable in the current Tor network because + the vulnerable code is only reached when directory authorities + read bandwidth files, but bandwidth files come from a trusted + source (usually the authorities themselves). Furthermore, the + issue is only exploitable in rare (non-POSIX) 32-bit architectures, + which are not used by any of the current authorities. Fixes bug + 30040; bugfix on 0.3.5.1-alpha. Bug found and fixed by + Tobias Stoeckmann. + - Verify in more places that we are not about to create a buffer + with more than INT_MAX bytes, to avoid possible OOB access in the + event of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and + fixed by Tobias Stoeckmann. + + o Minor bugfix (continuous integration): + - Reset coverage state on disk after Travis CI has finished. This + should prevent future coverage merge errors from causing the test + suite for the "process" subsystem to fail. The process subsystem + was introduced in 0.4.0.1-alpha. Fixes bug 29036; bugfix + on 0.2.9.15. + - Terminate test-stem if it takes more than 9.5 minutes to run. + (Travis terminates the job after 10 minutes of no output.) + Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (build, compatibility, rust): + - Update Cargo.lock file to match the version made by the latest + version of Rust, so that "make distcheck" will pass again. Fixes + bug 29244; bugfix on 0.3.3.4-alpha. + + o Minor bugfixes (C correctness): + - Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug + 29824; bugfix on 0.3.1.1-alpha. This is Coverity warning + CID 1444119. + + o Minor bugfixes (client, clock skew): + - Bootstrap successfully even when Tor's clock is behind the clocks + on the authorities. Fixes bug 28591; bugfix on 0.2.0.9-alpha. + - Select guards even if the consensus has expired, as long as the + consensus is still reasonably live. Fixes bug 24661; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (compilation): + - Fix compilation warnings in test_circuitpadding.c. Fixes bug + 29169; bugfix on 0.4.0.1-alpha. + - Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug + 29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn. + - Compile correctly on OpenBSD; previously, we were missing some + headers required in order to detect it properly. Fixes bug 28938; + bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn. + + o Minor bugfixes (directory clients): + - Mark outdated dirservers when Tor only has a reasonably live + consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (directory mirrors): + - Even when a directory mirror's clock is behind the clocks on the + authorities, we now allow the mirror to serve "future" + consensuses. Fixes bug 28654; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (DNS): + - Gracefully handle an empty or absent resolve.conf file by falling + back to using "localhost" as a DNS server (and hoping it works). + Previously, we would just stop running as an exit. Fixes bug + 21900; bugfix on 0.2.1.10-alpha. + + o Minor bugfixes (documentation): + - Describe the contents of the v3 onion service client authorization + files correctly: They hold public keys, not private keys. Fixes + bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix". + + o Minor bugfixes (guards): + - In count_acceptable_nodes(), the minimum number is now one bridge + or guard node, and two non-guard nodes for a circuit. Previously, + we had added up the sum of all nodes with a descriptor, but that + could cause us to build failing circuits when we had either too + many bridges or not enough guard nodes. Fixes bug 25885; bugfix on + 0.3.6.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (IPv6): + - Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the + IPv6 socket was bound using an address family of AF_INET instead + of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from + Kris Katterjohn. + + o Minor bugfixes (linux seccomp sandbox): + - Fix startup crash when experimental sandbox support is enabled. + Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber. + + o Minor bugfixes (logging): + - Correct a misleading error message when IPv4Only or IPv6Only is + used but the resolved address can not be interpreted as an address + of the specified IP version. Fixes bug 13221; bugfix on + 0.2.3.9-alpha. Patch from Kris Katterjohn. + - Log the correct port number for listening sockets when "auto" is + used to let Tor pick the port number. Previously, port 0 was + logged instead of the actual port number. Fixes bug 29144; bugfix + on 0.3.5.1-alpha. Patch from Kris Katterjohn. + - Stop logging a BUG() warning when Tor is waiting for exit + descriptors. Fixes bug 28656; bugfix on 0.3.5.1-alpha. + - Avoid logging that we are relaxing a circuit timeout when that + timeout is fixed. Fixes bug 28698; bugfix on 0.2.4.7-alpha. + - Log more information at "warning" level when unable to read a + private key; log more information at "info" level when unable to + read a public key. We had warnings here before, but they were lost + during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha. + - Rework rep_hist_log_link_protocol_counts() to iterate through all + link protocol versions when logging incoming/outgoing connection + counts. Tor no longer skips version 5, and we won't have to + remember to update this function when new link protocol version is + developed. Fixes bug 28920; bugfix on 0.2.6.10. + + o Minor bugfixes (memory management): + - Refactor the shared random state's memory management so that it + actually takes ownership of the shared random value pointers. + Fixes bug 29706; bugfix on 0.2.9.1-alpha. + - Stop leaking parts of the shared random state in the shared-random + unit tests. Fixes bug 29599; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (misc): + - The amount of total available physical memory is now determined + using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM) + when it is defined and a 64-bit variant is not available. Fixes + bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn. + + o Minor bugfixes (networking): + - Introduce additional checks into tor_addr_parse() to reject + certain incorrect inputs that previously were not detected. Fixes + bug 23082; bugfix on 0.2.0.10-alpha. + + o Minor bugfixes (onion service v3, client): + - Stop logging a "BUG()" warning and stacktrace when we find a SOCKS + connection waiting for a descriptor that we actually have in the + cache. It turns out that this can actually happen, though it is + rare. Now, tor will recover and retry the descriptor. Fixes bug + 28669; bugfix on 0.3.2.4-alpha. + + o Minor bugfixes (onion services): + - Avoid crashing if ClientOnionAuthDir (incorrectly) contains more + than one private key for a hidden service. Fixes bug 29040; bugfix + on 0.3.5.1-alpha. + - In hs_cache_store_as_client() log an HSDesc we failed to parse at + "debug" level. Tor used to log it as a warning, which caused very + long log lines to appear for some users. Fixes bug 29135; bugfix + on 0.3.2.1-alpha. + - Stop logging "Tried to establish rendezvous on non-OR circuit..." + as a warning. Instead, log it as a protocol warning, because there + is nothing that relay operators can do to fix it. Fixes bug 29029; + bugfix on 0.2.5.7-rc. + + o Minor bugfixes (periodic events): + - Refrain from calling routerlist_remove_old_routers() from + check_descriptor_callback(). Instead, create a new hourly periodic + event. Fixes bug 27929; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (pluggable transports): + - Make sure that data is continously read from standard output and + standard error pipes of a pluggable transport child-process, to + avoid deadlocking when a pipe's buffer is full. Fixes bug 26360; + bugfix on 0.2.3.6-alpha. + + o Minor bugfixes (rust): + - Abort on panic in all build profiles, instead of potentially + unwinding into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (scheduler): + - When re-adding channels to the pending list, check the correct + channel's sched_heap_idx. This issue has had no effect in mainline + Tor, but could have led to bugs down the road in improved versions + of our circuit scheduling code. Fixes bug 29508; bugfix + on 0.3.2.10. + + o Minor bugfixes (shellcheck): + - Look for scripts in their correct locations during "make + shellcheck". Previously we had looked in the wrong place during + out-of-tree builds. Fixes bug 30263; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (single onion services): + - Allow connections to single onion services to remain idle without + being disconnected. Previously, relays acting as rendezvous points + for single onion services were mistakenly closing idle rendezvous + circuits after 60 seconds, thinking that they were unused + directory-fetching circuits that had served their purpose. Fixes + bug 29665; bugfix on 0.2.1.26. + + o Minor bugfixes (stats): + - When ExtraInfoStatistics is 0, stop including PaddingStatistics in + relay and bridge extra-info documents. Fixes bug 29017; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (testing): + - Backport the 0.3.4 src/test/test-network.sh to 0.2.9. We need a + recent test-network.sh to use new chutney features in CI. Fixes + bug 29703; bugfix on 0.2.9.1-alpha. + - Fix a test failure on Windows caused by an unexpected "BUG" + warning in our tests for tor_gmtime_r(-1). Fixes bug 29922; bugfix + on 0.2.9.3-alpha. + - Downgrade some LOG_ERR messages in the address/* tests to + warnings. The LOG_ERR messages were occurring when we had no + configured network. We were failing the unit tests, because we + backported 28668 to 0.3.5.8, but did not backport 29530. Fixes bug + 29530; bugfix on 0.3.5.8. + - Fix our gcov wrapper script to look for object files at the + correct locations. Fixes bug 29435; bugfix on 0.3.5.1-alpha. + - Decrease the false positive rate of stochastic probability + distribution tests. Fixes bug 29693; bugfix on 0.4.0.1-alpha. + - Fix intermittent failures on an adaptive padding test. Fixes one + case of bug 29122; bugfix on 0.4.0.1-alpha. + - Disable an unstable circuit-padding test that was failing + intermittently because of an ill-defined small histogram. Such + histograms will be allowed again after 29298 is implemented. Fixes + a second case of bug 29122; bugfix on 0.4.0.1-alpha. + - Detect and suppress "bug" warnings from the util/time test on + Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha. + - Do not log an error-level message if we fail to find an IPv6 + network interface from the unit tests. Fixes bug 29160; bugfix + on 0.2.7.3-rc. + - Instead of relying on hs_free_all() to clean up all onion service + objects in test_build_descriptors(), we now deallocate them one by + one. This lets Coverity know that we are not leaking memory there + and fixes CID 1442277. Fixes bug 28989; bugfix on 0.3.5.1-alpha. + - Check the time in the "Expires" header using approx_time(). Fixes + bug 30001; bugfix on 0.4.0.4-rc. + + o Minor bugfixes (TLS protocol): + - When classifying a client's selection of TLS ciphers, if the + client ciphers are not yet available, do not cache the result. + Previously, we had cached the unavailability of the cipher list + and never looked again, which in turn led us to assume that the + client only supported the ancient V1 link protocol. This, in turn, + was causing Stem integration tests to stall in some cases. Fixes + bug 30021; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (UI): + - Lower log level of unlink() errors during bootstrap. Fixes bug + 29930; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (usability): + - Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate(). + Some users took this phrasing to mean that the mentioned guard was + under their control or responsibility, which it is not. Fixes bug + 28895; bugfix on Tor 0.3.0.1-alpha. + + o Minor bugfixes (Windows, CI): + - Skip the Appveyor 32-bit Windows Server 2016 job, and 64-bit + Windows Server 2012 R2 job. The remaining 2 jobs still provide + coverage of 64/32-bit, and Windows Server 2016/2012 R2. Also set + fast_finish, so failed jobs terminate the build immediately. Fixes + bug 29601; bugfix on 0.3.5.4-alpha. + + o Code simplification and refactoring: + - Introduce a connection_dir_buf_add() helper function that detects + whether compression is in use, and adds a string accordingly. + Resolves issue 28816. + - Refactor handle_get_next_bandwidth() to use + connection_dir_buf_add(). Implements ticket 29897. + - Reimplement NETINFO cell parsing and generation to rely on + trunnel-generated wire format handling code. Closes ticket 27325. + - Remove unnecessary unsafe code from the Rust macro "cstr!". Closes + ticket 28077. + - Rework SOCKS wire format handling to rely on trunnel-generated + parsing/generation code. Resolves ticket 27620. + - Split out bootstrap progress reporting from control.c into a + separate file. Part of ticket 27402. + - The .may_include files that we use to describe our directory-by- + directory dependency structure now describe a noncircular + dependency graph over the directories that they cover. Our + checkIncludes.py tool now enforces this noncircularity. Closes + ticket 28362. + + o Documentation: + - Clarify that Tor performs stream isolation among *Port listeners + by default. Resolves issue 29121. + - In the manpage entry describing MapAddress torrc setting, use + example IP addresses from ranges specified for use in documentation + by RFC 5737. Resolves issue 28623. + - Mention that you cannot add a new onion service if Tor is already + running with Sandbox enabled. Closes ticket 28560. + - Improve ControlPort documentation. Mention that it accepts + address:port pairs, and can be used multiple times. Closes + ticket 28805. + - Document the exact output of "tor --version". Closes ticket 28889. + + o Removed features: + - Remove the old check-tor script. Resolves issue 29072. + - Stop responding to the 'GETINFO status/version/num-concurring' and + 'GETINFO status/version/num-versioning' control port commands, as + those were deprecated back in 0.2.0.30. Also stop listing them in + output of 'GETINFO info/names'. Resolves ticket 28757. + - The scripts used to generate and maintain the list of fallback + directories have been extracted into a new "fallback-scripts" + repository. Closes ticket 27914. + + o Testing: + - Run shellcheck for scripts in the in scripts/ directory. Closes + ticket 28058. + - Add unit tests for tokenize_string() and get_next_token() + functions. Resolves ticket 27625. + + o Code simplification and refactoring (onion service v3): + - Consolidate the authorized client descriptor cookie computation + code from client and service into one function. Closes + ticket 27549. + + o Code simplification and refactoring (shell scripts): + - Cleanup scan-build.sh to silence shellcheck warnings. Closes + ticket 28007. + - Fix issues that shellcheck found in chutney-git-bisect.sh. + Resolves ticket 28006. + - Fix issues that shellcheck found in updateRustDependencies.sh. + Resolves ticket 28012. + - Fix shellcheck warnings in cov-diff script. Resolves issue 28009. + - Fix shellcheck warnings in run_calltool.sh. Resolves ticket 28011. + - Fix shellcheck warnings in run_trunnel.sh. Resolves issue 28010. + - Fix shellcheck warnings in scripts/test/coverage. Resolves + issue 28008. + + Changes in version 0.3.5.8 - 2019-02-21 Tor 0.3.5.8 backports serveral fixes from later releases, including fixes for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x diff --git a/changes/29241_diagnostic b/changes/29241_diagnostic deleted file mode 100644 index 1e38654957..0000000000 --- a/changes/29241_diagnostic +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (NSS, diagnostic): - - Try to log an error from NSS (if there is any) and a more useful - description of our situation if we are using NSS and a call to - SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241. diff --git a/changes/bug13221 b/changes/bug13221 deleted file mode 100644 index 13935a1921..0000000000 --- a/changes/bug13221 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging): - - Correct a misleading error message when IPv4Only or IPv6Only - is used but the resolved address can not be interpreted as an - address of the specified IP version. Fixes bug 13221; bugfix - on 0.2.3.9-alpha. Patch from Kris Katterjohn. diff --git a/changes/bug27199 b/changes/bug27199 deleted file mode 100644 index f9d2a422f9..0000000000 --- a/changes/bug27199 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (rust): - - Abort on panic in all build profiles, instead of potentially unwinding - into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha. diff --git a/changes/bug28525 b/changes/bug28525 deleted file mode 100644 index 988ffb2192..0000000000 --- a/changes/bug28525 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (address selection): - - Make Tor aware of the RFC 6598 (Carrier Grade NAT) IP range, which is the - subnet 100.64.0.0/10. This is deployed by many ISPs as an alternative to - RFC 1918 that does not break existing internal networks. This patch fixes - security issues caused by RFC 6518 by blocking control ports on these - addresses and warns users if client ports or ExtORPorts are listening on - a RFC 6598 address. Closes ticket 28525. Patch by Neel Chauhan. diff --git a/changes/bug28614_better_logging b/changes/bug28614_better_logging deleted file mode 100644 index 26d19c3c11..0000000000 --- a/changes/bug28614_better_logging +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (logging): - - On Windows, when errors cause us to reload a consensus from disk, tell - the user that we are retrying at log level "notice". Previously we only - logged this information at "info", which was confusing because the - errors themselves were logged at "warning". Improves previous fix for - 28614. Fixes bug 30004; bugfix on 0.4.0.2-alpha. diff --git a/changes/bug28656 b/changes/bug28656 deleted file mode 100644 index d3a13d196c..0000000000 --- a/changes/bug28656 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (logging): - - Stop logging a BUG() warning when tor is waiting for exit descriptors. - Fixes bug 28656; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug28925 b/changes/bug28925 deleted file mode 100644 index a867443885..0000000000 --- a/changes/bug28925 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (bootstrap reporting): - - During bootstrap reporting, correctly distinguish pluggable - transports from plain proxies. Fixes bug 28925; bugfix on - 0.4.0.1-alpha. diff --git a/changes/bug29017 b/changes/bug29017 deleted file mode 100644 index 5c4a53c43f..0000000000 --- a/changes/bug29017 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (stats): - - When ExtraInfoStatistics is 0, stop including PaddingStatistics in - relay and bridge extra-info documents. Fixes bug 29017; - bugfix on 0.3.1.1-alpha. diff --git a/changes/bug29036 b/changes/bug29036 deleted file mode 100644 index 8b96c5c8fa..0000000000 --- a/changes/bug29036 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfix (continuous integration): - - Reset coverage state on disk after Travis CI has finished. This is being - done to prevent future gcda file merge errors which causes the test suite - for the process subsystem to fail. The process subsystem was introduced - in 0.4.0.1-alpha. Fixes bug 29036; bugfix on 0.2.9.15. diff --git a/changes/bug29144 b/changes/bug29144 deleted file mode 100644 index 5801224f14..0000000000 --- a/changes/bug29144 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (logging): - - Log the correct port number for listening sockets when "auto" is - used to let Tor pick the port number. Previously, port 0 was - logged instead of the actual port number. Fixes bug 29144; - bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn. diff --git a/changes/bug29241 b/changes/bug29241 deleted file mode 100644 index 7f25e154d1..0000000000 --- a/changes/bug29241 +++ /dev/null @@ -1,6 +0,0 @@ - o Major bugfixes (NSS, relay): - - When running with NSS, disable TLS 1.2 ciphersuites that use SHA384 - for their PRF. Due to an NSS bug, the TLS key exporters for these - ciphersuites don't work -- which caused relays to fail to handshake - with one another when these ciphersuites were enabled. - Fixes bug 29241; bugfix on 0.3.5.1-alpha. diff --git a/changes/bug29500 b/changes/bug29500 deleted file mode 100644 index 16550935b2..0000000000 --- a/changes/bug29500 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (circuitpadding testing): - - Minor tweaks to avoid very rare test failures related to timers and - monotime. Fixes bug 29500; bugfix on 0.4.0.1-alpha diff --git a/changes/bug29527 b/changes/bug29527 deleted file mode 100644 index 6f36a9e1a0..0000000000 --- a/changes/bug29527 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor features (circuit padding): - - Stop warning about undefined behavior in the probability distribution - tests. Float division by zero may technically be undefined behaviour in - C, but it's well-defined in IEEE 754. Partial backport of 29298. - Closes ticket 29527; bugfix on 0.4.0.1-alpha. diff --git a/changes/bug29530_035 b/changes/bug29530_035 deleted file mode 100644 index 6dfcd51e7b..0000000000 --- a/changes/bug29530_035 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (testing): - - Downgrade some LOG_ERR messages in the address/* tests to warnings. - The LOG_ERR messages were occurring when we had no configured network. - We were failing the unit tests, because we backported 28668 to 0.3.5.8, - but did not backport 29530. Fixes bug 29530; bugfix on 0.3.5.8. diff --git a/changes/bug29562 b/changes/bug29562 deleted file mode 100644 index 0621cd09a0..0000000000 --- a/changes/bug29562 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (pluggable transports): - - Fix an assertion failure crash bug when a pluggable transport process is - terminated during the bootstrap phase. Fixes bug 29562; bugfix on - 0.4.0.1-alpha. diff --git a/changes/bug29599 b/changes/bug29599 deleted file mode 100644 index 14e2f5d077..0000000000 --- a/changes/bug29599 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (memory management, testing): - - Stop leaking parts of the shared random state in the shared-random unit - tests. Fixes bug 29599; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug29601 b/changes/bug29601 deleted file mode 100644 index c4ba5fbc8b..0000000000 --- a/changes/bug29601 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor bugfixes (Windows, CI): - - Skip the Appveyor 32-bit Windows Server 2016 job, and 64-bit Windows - Server 2012 R2 job. The remaining 2 jobs still provide coverage of - 64/32-bit, and Windows Server 2016/2012 R2. Also set fast_finish, so - failed jobs terminate the build immediately. - Fixes bug 29601; bugfix on 0.3.5.4-alpha. diff --git a/changes/bug29665 b/changes/bug29665 deleted file mode 100644 index d89046faf5..0000000000 --- a/changes/bug29665 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor bugfixes (single onion services): - - Allow connections to single onion services to remain idle without - being disconnected. Relays acting as rendezvous points for - single onion services were mistakenly closing idle established - rendezvous circuits after 60 seconds, thinking that they are unused - directory-fetching circuits that had served their purpose. Fixes - bug 29665; bugfix on 0.2.1.26. diff --git a/changes/bug29693 b/changes/bug29693 deleted file mode 100644 index 33ce051c40..0000000000 --- a/changes/bug29693 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (unit tests): - - Decrease the false positive rate of stochastic probability distribution - tests. Fixes bug 29693; bugfix on 0.4.0.1-alpha.
\ No newline at end of file diff --git a/changes/bug29703 b/changes/bug29703 deleted file mode 100644 index 0e17ee45e6..0000000000 --- a/changes/bug29703 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing): - - Backport the 0.3.4 src/test/test-network.sh to 0.2.9. - We need a recent test-network.sh to use new chutney features in CI. - Fixes bug 29703; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug29706_minimal b/changes/bug29706_minimal deleted file mode 100644 index 9d4a43326c..0000000000 --- a/changes/bug29706_minimal +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory management, testing): - - Stop leaking parts of the shared random state in the shared-random unit - tests. The previous fix in 29599 was incomplete. - Fixes bug 29706; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug29706_refactor b/changes/bug29706_refactor deleted file mode 100644 index ba1d0c7edd..0000000000 --- a/changes/bug29706_refactor +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (memory management): - - Refactor the shared random state's memory management so that it actually - takes ownership of the shared random value pointers. - Fixes bug 29706; bugfix on 0.2.9.1-alpha. diff --git a/changes/bug29874 b/changes/bug29874 deleted file mode 100644 index 8534753b51..0000000000 --- a/changes/bug29874 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (pluggable transports): - - Restore old behaviour when it comes to discovering the path of a given - Pluggable Transport exe-file. Fixes bug 29874; bugfix on 0.4.0.1-alpha. - diff --git a/changes/bug29922 b/changes/bug29922 deleted file mode 100644 index dacb951097..0000000000 --- a/changes/bug29922 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (testing, windows): - - Fix a test failure caused by an unexpected bug warning in - our test for tor_gmtime_r(-1). Fixes bug 29922; - bugfix on 0.2.9.3-alpha. diff --git a/changes/bug29930 b/changes/bug29930 deleted file mode 100644 index a99b11430b..0000000000 --- a/changes/bug29930 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (UI): - - Lower log level of unlink() errors during bootstrap. Fixes bug 29930; - bugfix on 0.4.0.1-alpha. - diff --git a/changes/bug29959-040 b/changes/bug29959-040 deleted file mode 100644 index 3740e0169a..0000000000 --- a/changes/bug29959-040 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (directory authorities): - - Actually include the bandwidth-file-digest line in directory authority - votes. Fixes bug 29959; bugfix on 0.4.0.2-alpha. diff --git a/changes/bug30001 b/changes/bug30001 deleted file mode 100644 index 52e58872ef..0000000000 --- a/changes/bug30001 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (testing): - - Use the approx_time() function when setting the "Expires" header - in directory replies, to make them more testable. Needed for - ticket 30001. - o Minor bug fixes (testing): - - Check the time in the "Expires" header with approx_time(). - Fixes bug 30001; bugfix on 0.4.0.4-rc. diff --git a/changes/bug30011 b/changes/bug30011 deleted file mode 100644 index 4c9069e291..0000000000 --- a/changes/bug30011 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (CI): - - Terminate test-stem if it takes more than 9.5 minutes to run. - (Travis terminates the job after 10 minutes of no output.) - Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha. diff --git a/changes/bug30021 b/changes/bug30021 deleted file mode 100644 index 2a887f3cf2..0000000000 --- a/changes/bug30021 +++ /dev/null @@ -1,8 +0,0 @@ - o Minor bugfixes (TLS protocol, integration tests): - - When classifying a client's selection of TLS ciphers, if the client - ciphers are not yet available, do not cache the result. Previously, - we had cached the unavailability of the cipher list and never looked - again, which in turn led us to assume that the client only supported - the ancient V1 link protocol. This, in turn, was causing Stem - integration tests to stall in some cases. - Fixes bug 30021; bugfix on 0.2.4.8-alpha. diff --git a/changes/bug30040 b/changes/bug30040 deleted file mode 100644 index 7d80528a10..0000000000 --- a/changes/bug30040 +++ /dev/null @@ -1,9 +0,0 @@ - o Minor bugfixes (security): - - Fix a potential double free bug when reading huge bandwidth files. The - issue is not exploitable in the current Tor network because the - vulnerable code is only reached when directory authorities read bandwidth - files, but bandwidth files come from a trusted source (usually the - authorities themselves). Furthermore, the issue is only exploitable in - rare (non-POSIX) 32-bit architectures which are not used by any of the - current authorities. Fixes bug 30040; bugfix on 0.3.5.1-alpha. Bug found - and fixed by Tobias Stoeckmann. diff --git a/changes/bug30041 b/changes/bug30041 deleted file mode 100644 index 801c8f67ac..0000000000 --- a/changes/bug30041 +++ /dev/null @@ -1,5 +0,0 @@ - o Minor bugfixes (hardening): - - Verify in more places that we are not about to create a buffer - with more than INT_MAX bytes, to avoid possible OOB access in the event - of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and fixed by - Tobias Stoeckmann. diff --git a/changes/bug30109 b/changes/bug30109 new file mode 100644 index 0000000000..b25aa803bb --- /dev/null +++ b/changes/bug30109 @@ -0,0 +1,3 @@ + o Minor bugfixes (documentation): + - Improve the documentation for MapAddress .exit. + Fixes bug 30109; bugfix on 0.1.0.1-rc. diff --git a/changes/bug30263 b/changes/bug30263 deleted file mode 100644 index ba81c1b8a1..0000000000 --- a/changes/bug30263 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (shellcheck): - - Stop looking for scripts in the build directory during - "make shellcheck". Fixes bug 30263; bugfix on 0.4.0.1-alpha. diff --git a/changes/cid1444119 b/changes/cid1444119 deleted file mode 100644 index bb6854e66f..0000000000 --- a/changes/cid1444119 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (C correctness): - - Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug 29824; - bugfix on 0.3.1.1-alpha. This is Coverity warning CID 1444119. diff --git a/changes/diagnostic_28223_redux b/changes/diagnostic_28223_redux deleted file mode 100644 index 0d7499832e..0000000000 --- a/changes/diagnostic_28223_redux +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (diagnostic): - - Add more diagnostic log messages in an attempt to solve - the issue of NUL bytes appearing in a microdescriptor cache. - Related to ticket 28223. diff --git a/changes/doc29121 b/changes/doc29121 deleted file mode 100644 index dd31cc9c70..0000000000 --- a/changes/doc29121 +++ /dev/null @@ -1,3 +0,0 @@ - o Documentation: - - Clarify that Tor performs stream isolation between *Port listeners by - default. Resolves issue 29121. diff --git a/changes/geoip-2019-03-04 b/changes/geoip-2019-03-04 deleted file mode 100644 index c8ce5dad5d..0000000000 --- a/changes/geoip-2019-03-04 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the March 4 2019 Maxmind GeoLite2 - Country database. Closes ticket 29666. - diff --git a/changes/geoip-2019-04-02 b/changes/geoip-2019-04-02 deleted file mode 100644 index 7302d939f6..0000000000 --- a/changes/geoip-2019-04-02 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (geoip): - - Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2 - Country database. Closes ticket 29992. - diff --git a/changes/ticket21377 b/changes/ticket21377 deleted file mode 100644 index 2bf5149a0a..0000000000 --- a/changes/ticket21377 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor features (dircache): - - When a directory authority is using a bandwidth file to obtain the - bandwidth values that will be included in the next vote, serve this - bandwidth file at /tor/status-vote/next/bandwidth. Closes ticket 21377.
\ No newline at end of file diff --git a/changes/ticket26288 b/changes/ticket26288 new file mode 100644 index 0000000000..59bb856dd2 --- /dev/null +++ b/changes/ticket26288 @@ -0,0 +1,6 @@ + o Major features (flow control): + - Implement authenticated SENDMEs detailed in proposal 289. A SENDME cell + now includes the digest of the last cell received so once the end point + receives the SENDME, it can confirm the other side's knowledge of the + previous cells that were sent. This behavior is controlled by two new + consensus parameters, see proposal for more details. Fixes ticket 26288. diff --git a/changes/ticket29357 b/changes/ticket29357 deleted file mode 100644 index 3aab930cd4..0000000000 --- a/changes/ticket29357 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (dormant mode): - - Add a DormantCanceledByStartup option to tell Tor that it should - treat a startup event as cancelling any previous dormant state. - Integrators should use this option with caution: it should - only be used if Tor is being started because of something that the - user did, and not if Tor is being automatically started in the - background. Closes ticket 29357. diff --git a/changes/ticket29435 b/changes/ticket29435 deleted file mode 100644 index d48ae98e4b..0000000000 --- a/changes/ticket29435 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor bugfixes (testing): - - Fix our gcov wrapper script to look for object files at the - correct locations. Fixes bug 29435; bugfix on 0.3.5.1-alpha. diff --git a/changes/ticket29631 b/changes/ticket29631 deleted file mode 100644 index 9fc194ba96..0000000000 --- a/changes/ticket29631 +++ /dev/null @@ -1,4 +0,0 @@ - o Minor bugfixes (Rust, protover): - - The Rust implementation of protover was missing the "Padding" value in - the translate function from C to Rust. Fixes bug 29631; bugfix on - 0.4.0.1-alpha. diff --git a/changes/ticket29806 b/changes/ticket29806 deleted file mode 100644 index 6afefd4c04..0000000000 --- a/changes/ticket29806 +++ /dev/null @@ -1,7 +0,0 @@ - o Minor features (bandwidth authority): - - Make bandwidth authorities to ignore relays that are reported in the - bandwidth file with the key-value "vote=0". - This change allows to report the relays that were not measured due - some failure and diagnose the reasons without the bandwidth being included in the - bandwidth authorities vote. - Closes ticket 29806. diff --git a/changes/ticket29897 b/changes/ticket29897 deleted file mode 100644 index 232a79fbce..0000000000 --- a/changes/ticket29897 +++ /dev/null @@ -1,3 +0,0 @@ - o Code simplification and refactoring: - - Refactor handle_get_next_bandwidth() to use connection_dir_buf_add(). - Implements ticket 29897. diff --git a/changes/ticket29962 b/changes/ticket29962 deleted file mode 100644 index e36cc0cf9a..0000000000 --- a/changes/ticket29962 +++ /dev/null @@ -1,3 +0,0 @@ - o Minor features (continuous integration): - - On Travis Rust builds, cleanup Rust registry and refrain from caching - target/ directory to speed up builds. Resolves issue 29962. diff --git a/changes/ticket30007 b/changes/ticket30007 new file mode 100644 index 0000000000..e87f6b956f --- /dev/null +++ b/changes/ticket30007 @@ -0,0 +1,3 @@ + o Code simplification and refactoring: + - Abstract out the low-level formatting of replies on the control + port. Implements ticket 30007. diff --git a/changes/ticket30078 b/changes/ticket30078 new file mode 100644 index 0000000000..5ab5abdbfd --- /dev/null +++ b/changes/ticket30078 @@ -0,0 +1,3 @@ + o Code simplification and refactoring (shell scripts): + - Fix shellcheck warnings in src/test/fuzz/fixup_filenames.sh. Resolves + issue 30078. diff --git a/changes/ticket30117 b/changes/ticket30117 deleted file mode 100644 index 5b6e6dabf7..0000000000 --- a/changes/ticket30117 +++ /dev/null @@ -1,4 +0,0 @@ - o Testing (continuous integration): - - In Travis, tell timelimit to use stem's backtrace signals. And launch - python directly from timelimit, so python receives the signals from - timelimit, rather than make. Closes ticket 30117. diff --git a/changes/ticket30213 b/changes/ticket30213 new file mode 100644 index 0000000000..acb7614807 --- /dev/null +++ b/changes/ticket30213 @@ -0,0 +1,3 @@ + o Minor features (continuous integration): + - Remove sudo configuration lines from .travis.yml as they are no longer + needed with current Travis build environment. Resolves issue 30213. diff --git a/changes/ticket30345 b/changes/ticket30345 new file mode 100644 index 0000000000..639db8d7ee --- /dev/null +++ b/changes/ticket30345 @@ -0,0 +1,3 @@ + o Minor features (modularity): + - The --disable-module-dirauth compile-time option now disables + even more dirauth-only code. Closes ticket 30345. diff --git a/doc/HACKING/ReleasingTor.md b/doc/HACKING/ReleasingTor.md index 7334b1b34a..4c87a366cc 100644 --- a/doc/HACKING/ReleasingTor.md +++ b/doc/HACKING/ReleasingTor.md @@ -176,7 +176,8 @@ new Tor release: `/srv/dist-master.torproject.org/htdocs/` on dist-master. Run "static-update-component dist.torproject.org" on dist-master. - In the webwml.git repository, `include/versions.wmi` and `Makefile` + In the webwml.git repository, `include/versions.wmi` and `Makefile`. + In the project/web/tpo.git repository, update `databags/versions.ini` to note the new version. Push these changes to master. (NOTE: Due to #17805, there can only be one stable version listed at diff --git a/doc/tor.1.txt b/doc/tor.1.txt index cbbc3515bb..252a788ebc 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1056,8 +1056,8 @@ The following options are useful only for clients (that is, if [[StrictNodes]] **StrictNodes** **0**|**1**:: If StrictNodes is set to 1, Tor will treat solely the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if - doing so will break functionality for you (StrictNodes applies to neither - ExcludeExitNodes nor to ExitNodes, nor to MiddleNodes). If StrictNodes + doing so will break functionality for you (StrictNodes does not apply to + ExcludeExitNodes, ExitNodes, MiddleNodes, or MapAddress). If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded @@ -1153,7 +1153,9 @@ The following options are useful only for clients (that is, if "MapAddress \*.example.com \*.example.com.torserver.exit". (Note the leading "*." in each part of the directive.) You can also redirect all subdomains of a domain to a single address. For example, "MapAddress - *.example.com www.example.com". + + *.example.com www.example.com". If the specified exit is not available, + or the exit can not connect to the site, Tor will fail any connections + to the mapped address.+ + NOTES: @@ -1181,6 +1183,15 @@ The following options are useful only for clients (that is, if 4. Using a wildcard to match only part of a string (as in *ample.com) is also invalid. + 5. Tor maps hostnames and IP addresses separately. If you MapAddress + a DNS name, but use an IP address to connect, then Tor will ignore the + DNS name mapping. + + 6. MapAddress does not apply to redirects in the application protocol. + For example, HTTP redirects and alt-svc headers will ignore mappings + for the original address. You can use a wildcard mapping to handle + redirects within the same site. + [[NewCircuitPeriod]] **NewCircuitPeriod** __NUM__:: Every NUM seconds consider whether to build a new circuit. (Default: 30 seconds) diff --git a/scripts/coccinelle/ctrl-reply-cleanup.cocci b/scripts/coccinelle/ctrl-reply-cleanup.cocci new file mode 100644 index 0000000000..f085cd4684 --- /dev/null +++ b/scripts/coccinelle/ctrl-reply-cleanup.cocci @@ -0,0 +1,43 @@ +// Script to clean up after ctrl-reply.cocci -- run as a separate step +// because cleanup_write2 (even when disabled) somehow prevents the +// match rule in ctrl-reply.cocci from matching. + +// If it doesn't have to be a printf, turn it into a write + +@ cleanup_write @ +expression E; +constant code, s; +@@ +-control_printf_endreply(E, code, s) ++control_write_endreply(E, code, s) + +// Use send_control_done() instead of explicitly writing it out +@ cleanup_send_done @ +type T; +identifier f != send_control_done; +expression E; +@@ + T f(...) { +<... +-control_write_endreply(E, 250, "OK") ++send_control_done(E) + ...> + } + +// Clean up more printfs that could be writes +// +// For some reason, including this rule, even disabled, causes the +// match rule in ctrl-reply.cocci to fail to match some code that has +// %s in its format strings + +@ cleanup_write2 @ +expression E1, E2; +constant code; +@@ +( +-control_printf_endreply(E1, code, "%s", E2) ++control_write_endreply(E1, code, E2) +| +-control_printf_midreply(E1, code, "%s", E2) ++control_write_midreply(E1, code, E2) +) diff --git a/scripts/coccinelle/ctrl-reply.cocci b/scripts/coccinelle/ctrl-reply.cocci new file mode 100644 index 0000000000..d6e9aeedd7 --- /dev/null +++ b/scripts/coccinelle/ctrl-reply.cocci @@ -0,0 +1,87 @@ +// Script to edit control_*.c for refactored control reply output functions + +@ initialize:python @ +@@ +import re +from coccilib.report import * + +# reply strings "NNN-foo", "NNN+foo", "NNN foo", etc. +r = re.compile(r'^"(\d+)([ +-])(.*)\\r\\n"$') + +# Generate name of function to call based on which separator character +# comes between the numeric code and the text +def idname(sep, base): + if sep == '+': + return base + "datareply" + elif sep == '-': + return base + "midreply" + else: + return base + "endreply" + +# Generate the actual replacements used by the rules +def gen(s, base, p): + pos = p[0] + print_report(pos, "%s %s" % (base, s)) + m = r.match(s) + if m is None: + # String not correct format, so fail match + cocci.include_match(False) + print_report(pos, "BAD STRING %s" % s) + return + + code, sep, s1 = m.groups() + + if r'\r\n' in s1: + # Extra CRLF in string, so fail match + cocci.include_match(False) + print_report(pos, "extra CRLF in string %s" % s) + return + + coccinelle.code = code + # Need a string that is a single C token, because Coccinelle only allows + # "identifiers" to be output from Python scripts? + coccinelle.body = '"%s"' % s1 + coccinelle.id = idname(sep, base) + return + +@ match @ +identifier f; +position p; +expression E; +constant s; +@@ +( + connection_printf_to_buf@f@p(E, s, ...) +| + connection_write_str_to_buf@f@p(s, E) +) + +@ script:python sc1 @ +s << match.s; +p << match.p; +f << match.f; +id; +body; +code; +@@ +if f == 'connection_printf_to_buf': + gen(s, 'control_printf_', p) +elif f == 'connection_write_str_to_buf': + gen(s, 'control_write_', p) +else: + raise(ValueError("%s: %s" % (f, s))) + +@ replace @ +constant match.s; +expression match.E; +identifier match.f; +identifier sc1.body, sc1.id, sc1.code; +@@ +( +-connection_write_str_to_buf@f(s, E) ++id(E, code, body) +| +-connection_printf_to_buf@f(E, s ++id(E, code, body + , ...) +) diff --git a/scripts/coccinelle/tor-coccinelle.h b/scripts/coccinelle/tor-coccinelle.h new file mode 100644 index 0000000000..8f625dcee4 --- /dev/null +++ b/scripts/coccinelle/tor-coccinelle.h @@ -0,0 +1,3 @@ +#define MOCK_IMPL(a, b, c) a b c +#define CHECK_PRINTF(a, b) +#define STATIC static diff --git a/scripts/maint/practracker/exceptions.txt b/scripts/maint/practracker/exceptions.txt index d90ed1f4bd..21fe9ec351 100644 --- a/scripts/maint/practracker/exceptions.txt +++ b/scripts/maint/practracker/exceptions.txt @@ -29,12 +29,12 @@ # # Remember: It is better to fix the problem than to add a new exception! -problem file-size /src/app/config/config.c 8492 +problem file-size /src/app/config/config.c 8494 problem include-count /src/app/config/config.c 87 problem function-size /src/app/config/config.c:options_act_reversible() 296 problem function-size /src/app/config/config.c:options_act() 588 problem function-size /src/app/config/config.c:resolve_my_address() 192 -problem function-size /src/app/config/config.c:options_validate() 1207 +problem function-size /src/app/config/config.c:options_validate() 1209 problem function-size /src/app/config/config.c:options_init_from_torrc() 202 problem function-size /src/app/config/config.c:options_init_from_string() 173 problem function-size /src/app/config/config.c:options_init_logs() 146 @@ -85,7 +85,7 @@ problem function-size /src/core/or/circuitbuild.c:circuit_extend() 147 problem function-size /src/core/or/circuitbuild.c:choose_good_exit_server_general() 206 problem include-count /src/core/or/circuitlist.c 54 problem function-size /src/core/or/circuitlist.c:HT_PROTOTYPE() 128 -problem function-size /src/core/or/circuitlist.c:circuit_free_() 137 +problem function-size /src/core/or/circuitlist.c:circuit_free_() 143 problem function-size /src/core/or/circuitlist.c:circuit_find_to_cannibalize() 102 problem function-size /src/core/or/circuitlist.c:circuit_about_to_free() 120 problem function-size /src/core/or/circuitlist.c:circuits_handle_oom() 117 @@ -102,8 +102,8 @@ problem function-size /src/core/or/circuituse.c:circuit_get_open_circ_or_launch( problem function-size /src/core/or/circuituse.c:connection_ap_handshake_attach_circuit() 244 problem function-size /src/core/or/command.c:command_process_create_cell() 156 problem function-size /src/core/or/command.c:command_process_relay_cell() 132 -problem file-size /src/core/or/connection_edge.c 4575 -problem include-count /src/core/or/connection_edge.c 64 +problem file-size /src/core/or/connection_edge.c 4595 +problem include-count /src/core/or/connection_edge.c 65 problem function-size /src/core/or/connection_edge.c:connection_ap_expire_beginning() 117 problem function-size /src/core/or/connection_edge.c:connection_ap_handshake_rewrite() 192 problem function-size /src/core/or/connection_edge.c:connection_ap_handle_onion() 188 @@ -122,11 +122,11 @@ problem function-size /src/core/or/policies.c:policy_summarize() 107 problem function-size /src/core/or/protover.c:protover_all_supported() 117 problem file-size /src/core/or/relay.c 3173 problem function-size /src/core/or/relay.c:circuit_receive_relay_cell() 123 -problem function-size /src/core/or/relay.c:relay_send_command_from_edge_() 101 +problem function-size /src/core/or/relay.c:relay_send_command_from_edge_() 112 problem function-size /src/core/or/relay.c:connection_ap_process_end_not_open() 194 problem function-size /src/core/or/relay.c:connection_edge_process_relay_cell_not_open() 139 problem function-size /src/core/or/relay.c:connection_edge_process_relay_cell() 520 -problem function-size /src/core/or/relay.c:connection_edge_package_raw_inbuf() 130 +problem function-size /src/core/or/relay.c:connection_edge_package_raw_inbuf() 132 problem function-size /src/core/or/relay.c:circuit_resume_edge_reading_helper() 148 problem function-size /src/core/or/scheduler_kist.c:kist_scheduler_run() 171 problem function-size /src/core/or/scheduler_vanilla.c:vanilla_scheduler_run() 109 @@ -152,7 +152,7 @@ problem function-size /src/feature/control/control_cmd.c:handle_control_add_onio problem function-size /src/feature/control/control_cmd.c:add_onion_helper_keyarg() 125 problem function-size /src/feature/control/control_cmd.c:handle_control_command() 104 problem function-size /src/feature/control/control_events.c:control_event_stream_status() 119 -problem include-count /src/feature/control/control_getinfo.c 53 +problem include-count /src/feature/control/control_getinfo.c 54 problem function-size /src/feature/control/control_getinfo.c:getinfo_helper_misc() 109 problem function-size /src/feature/control/control_getinfo.c:getinfo_helper_dir() 304 problem function-size /src/feature/control/control_getinfo.c:getinfo_helper_events() 236 @@ -221,7 +221,7 @@ problem function-size /src/feature/nodelist/node_select.c:router_pick_directory_ problem function-size /src/feature/nodelist/node_select.c:compute_weighted_bandwidths() 206 problem function-size /src/feature/nodelist/node_select.c:router_pick_trusteddirserver_impl() 114 problem function-size /src/feature/nodelist/nodelist.c:compute_frac_paths_available() 193 -problem file-size /src/feature/nodelist/routerlist.c 3234 +problem file-size /src/feature/nodelist/routerlist.c 3238 problem function-size /src/feature/nodelist/routerlist.c:router_rebuild_store() 148 problem function-size /src/feature/nodelist/routerlist.c:router_add_to_routerlist() 169 problem function-size /src/feature/nodelist/routerlist.c:routerlist_remove_old_routers() 121 diff --git a/src/app/config/config.c b/src/app/config/config.c index 81a83e2c5f..26a3061a26 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -3556,6 +3556,7 @@ options_validate(or_options_t *old_options, or_options_t *options, options->V3AuthoritativeDir)) REJECT("AuthoritativeDir is set, but none of " "(Bridge/V3)AuthoritativeDir is set."); +#ifdef HAVE_MODULE_DIRAUTH /* If we have a v3bandwidthsfile and it's broken, complain on startup */ if (options->V3BandwidthsFile && !old_options) { dirserv_read_measured_bandwidths(options->V3BandwidthsFile, NULL, NULL, @@ -3565,6 +3566,7 @@ options_validate(or_options_t *old_options, or_options_t *options, if (options->GuardfractionFile && !old_options) { dirserv_read_guardfraction_file(options->GuardfractionFile, NULL); } +#endif } if (options->AuthoritativeDir && !options->DirPort_set) diff --git a/src/app/main/shutdown.c b/src/app/main/shutdown.c index 9239a0cf0f..c302ce455c 100644 --- a/src/app/main/shutdown.c +++ b/src/app/main/shutdown.c @@ -36,10 +36,6 @@ #include "feature/control/control.h" #include "feature/control/control_auth.h" #include "feature/dirauth/authmode.h" -#include "feature/dirauth/bwauth.h" -#include "feature/dirauth/dirvote.h" -#include "feature/dirauth/keypin.h" -#include "feature/dirauth/process_descs.h" #include "feature/dirauth/shared_random.h" #include "feature/dircache/consdiffmgr.h" #include "feature/dircache/dirserv.h" @@ -98,7 +94,6 @@ tor_cleanup(void) } if (authdir_mode_tests_reachability(options)) rep_hist_record_mtbf_data(now, 0); - keypin_close_journal(); } timers_shutdown(); @@ -128,9 +123,7 @@ tor_free_all(int postfork) routerlist_free_all(); networkstatus_free_all(); addressmap_free_all(); - dirserv_free_fingerprint_list(); dirserv_free_all(); - dirserv_clear_measured_bw_cache(); rend_cache_free_all(); rend_service_authorization_free_all(); rep_hist_free_all(); diff --git a/src/core/crypto/relay_crypto.c b/src/core/crypto/relay_crypto.c index 0b83b2d0a5..8931163161 100644 --- a/src/core/crypto/relay_crypto.c +++ b/src/core/crypto/relay_crypto.c @@ -12,6 +12,7 @@ #include "core/crypto/hs_ntor.h" // for HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN #include "core/or/relay.h" #include "core/crypto/relay_crypto.h" +#include "core/or/sendme.h" #include "core/or/cell_st.h" #include "core/or/or_circuit_st.h" @@ -90,6 +91,23 @@ relay_crypt_one_payload(crypto_cipher_t *cipher, uint8_t *in) crypto_cipher_crypt_inplace(cipher, (char*) in, CELL_PAYLOAD_SIZE); } +/** Return the sendme_digest within the <b>crypto</b> object. */ +uint8_t * +relay_crypto_get_sendme_digest(relay_crypto_t *crypto) +{ + tor_assert(crypto); + return crypto->sendme_digest; +} + +/** Record the b_digest from <b>crypto</b> and put it in the sendme_digest. */ +void +relay_crypto_record_sendme_digest(relay_crypto_t *crypto) +{ + tor_assert(crypto); + crypto_digest_get_digest(crypto->b_digest, (char *) crypto->sendme_digest, + sizeof(crypto->sendme_digest)); +} + /** Do the appropriate en/decryptions for <b>cell</b> arriving on * <b>circ</b> in direction <b>cell_direction</b>. * @@ -142,6 +160,11 @@ relay_decrypt_cell(circuit_t *circ, cell_t *cell, if (relay_digest_matches(thishop->crypto.b_digest, cell)) { *recognized = 1; *layer_hint = thishop; + /* This cell is for us. Keep a record of this cell because we will + * use it in the next SENDME cell. */ + if (sendme_circuit_cell_is_next(thishop->deliver_window)) { + sendme_circuit_record_inbound_cell(thishop); + } return 0; } } @@ -212,6 +235,13 @@ relay_encrypt_cell_inbound(cell_t *cell, or_circuit_t *or_circ) { relay_set_digest(or_circ->crypto.b_digest, cell); + + /* We are about to send this cell outbound on the circuit. Keep a record of + * this cell if we are expecting that the next cell is a SENDME. */ + if (sendme_circuit_cell_is_next(TO_CIRCUIT(or_circ)->package_window)) { + sendme_circuit_record_outbound_cell(or_circ); + } + /* encrypt one layer */ relay_crypt_one_payload(or_circ->crypto.b_crypto, cell->payload); } diff --git a/src/core/crypto/relay_crypto.h b/src/core/crypto/relay_crypto.h index 45a21d14ab..bcc1531838 100644 --- a/src/core/crypto/relay_crypto.h +++ b/src/core/crypto/relay_crypto.h @@ -27,5 +27,8 @@ void relay_crypto_clear(relay_crypto_t *crypto); void relay_crypto_assert_ok(const relay_crypto_t *crypto); +uint8_t *relay_crypto_get_sendme_digest(relay_crypto_t *crypto); +void relay_crypto_record_sendme_digest(relay_crypto_t *crypto); + #endif /* !defined(TOR_RELAY_CRYPTO_H) */ diff --git a/src/core/include.am b/src/core/include.am index 4ec42182a6..9493f79552 100644 --- a/src/core/include.am +++ b/src/core/include.am @@ -6,6 +6,7 @@ noinst_LIBRARIES += \ src/core/libtor-app-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. LIBTOR_APP_A_SOURCES = \ src/app/config/config.c \ src/app/config/confparse.c \ @@ -53,6 +54,7 @@ LIBTOR_APP_A_SOURCES = \ src/core/or/scheduler.c \ src/core/or/scheduler_kist.c \ src/core/or/scheduler_vanilla.c \ + src/core/or/sendme.c \ src/core/or/status.c \ src/core/or/versions.c \ src/core/proto/proto_cell.c \ @@ -79,9 +81,9 @@ LIBTOR_APP_A_SOURCES = \ src/feature/control/control_events.c \ src/feature/control/control_fmt.c \ src/feature/control/control_getinfo.c \ + src/feature/control/control_proto.c \ src/feature/control/fmt_serverstatus.c \ src/feature/control/getinfo_geoip.c \ - src/feature/dirauth/keypin.c \ src/feature/dircache/conscache.c \ src/feature/dircache/consdiffmgr.c \ src/feature/dircache/dircache.c \ @@ -118,7 +120,6 @@ LIBTOR_APP_A_SOURCES = \ src/feature/hs_common/replaycache.c \ src/feature/hs_common/shared_random_client.c \ src/feature/keymgt/loadkey.c \ - src/feature/dirauth/keypin.c \ src/feature/nodelist/authcert.c \ src/feature/nodelist/describe.c \ src/feature/nodelist/dirlist.c \ @@ -150,17 +151,6 @@ LIBTOR_APP_A_SOURCES = \ src/feature/stats/rephist.c \ src/feature/stats/predict_ports.c -# These should eventually move into module_dirauth_sources, but for now -# the separation is only in the code location. -LIBTOR_APP_A_SOURCES += \ - src/feature/dirauth/bwauth.c \ - src/feature/dirauth/dsigs_parse.c \ - src/feature/dirauth/guardfraction.c \ - src/feature/dirauth/reachability.c \ - src/feature/dirauth/recommend_pkg.c \ - src/feature/dirauth/process_descs.c \ - src/feature/dirauth/voteflags.c - if BUILD_NT_SERVICES LIBTOR_APP_A_SOURCES += src/app/main/ntmain.c endif @@ -176,12 +166,21 @@ LIBTOR_APP_TESTING_A_SOURCES = $(LIBTOR_APP_A_SOURCES) # The Directory Authority module. MODULE_DIRAUTH_SOURCES = \ src/feature/dirauth/authmode.c \ + src/feature/dirauth/bridgeauth.c \ + src/feature/dirauth/bwauth.c \ src/feature/dirauth/dirauth_periodic.c \ src/feature/dirauth/dirauth_sys.c \ src/feature/dirauth/dircollate.c \ src/feature/dirauth/dirvote.c \ + src/feature/dirauth/dsigs_parse.c \ + src/feature/dirauth/guardfraction.c \ + src/feature/dirauth/keypin.c \ + src/feature/dirauth/process_descs.c \ + src/feature/dirauth/reachability.c \ + src/feature/dirauth/recommend_pkg.c \ src/feature/dirauth/shared_random.c \ - src/feature/dirauth/shared_random_state.c + src/feature/dirauth/shared_random_state.c \ + src/feature/dirauth/voteflags.c if BUILD_MODULE_DIRAUTH LIBTOR_APP_A_SOURCES += $(MODULE_DIRAUTH_SOURCES) @@ -205,6 +204,7 @@ AM_CPPFLAGS += -DSHARE_DATADIR="\"$(datadir)\"" \ src_core_libtor_app_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_core_libtor_app_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/app/config/config.h \ src/app/config/confparse.h \ @@ -276,6 +276,7 @@ noinst_HEADERS += \ src/core/or/relay.h \ src/core/or/relay_crypto_st.h \ src/core/or/scheduler.h \ + src/core/or/sendme.h \ src/core/or/server_port_cfg_st.h \ src/core/or/socks_request_st.h \ src/core/or/status.h \ @@ -307,9 +308,11 @@ noinst_HEADERS += \ src/feature/control/control_events.h \ src/feature/control/control_fmt.h \ src/feature/control/control_getinfo.h \ + src/feature/control/control_proto.h \ src/feature/control/fmt_serverstatus.h \ src/feature/control/getinfo_geoip.h \ src/feature/dirauth/authmode.h \ + src/feature/dirauth/bridgeauth.h \ src/feature/dirauth/bwauth.h \ src/feature/dirauth/dirauth_periodic.h \ src/feature/dirauth/dirauth_sys.h \ diff --git a/src/core/mainloop/mainloop.c b/src/core/mainloop/mainloop.c index 30dad956ae..4401f805d9 100644 --- a/src/core/mainloop/mainloop.c +++ b/src/core/mainloop/mainloop.c @@ -1366,7 +1366,6 @@ CALLBACK(retry_listeners); CALLBACK(rotate_onion_key); CALLBACK(rotate_x509_certificate); CALLBACK(save_state); -CALLBACK(write_bridge_ns); CALLBACK(write_stats_file); CALLBACK(control_per_second_events); CALLBACK(second_elapsed); @@ -1433,9 +1432,6 @@ STATIC periodic_event_item_t mainloop_periodic_events[] = { /* XXXX this could be restricted to CLIENT+NET_PARTICIPANT */ CALLBACK(rend_cache_failure_clean, NET_PARTICIPANT, FL(RUN_ON_DISABLE)), - /* Bridge Authority only. */ - CALLBACK(write_bridge_ns, BRIDGEAUTH, 0), - /* Directory server only. */ CALLBACK(clean_consdiffmgr, DIRSERVER, 0), @@ -2369,22 +2365,6 @@ check_dns_honesty_callback(time_t now, const or_options_t *options) return 12*3600 + crypto_rand_int(12*3600); } -/** - * Periodic callback: if we're the bridge authority, write a networkstatus - * file to disk. - */ -static int -write_bridge_ns_callback(time_t now, const or_options_t *options) -{ - /* 10. write bridge networkstatus file to disk */ - if (options->BridgeAuthoritativeDir) { - networkstatus_dump_bridge_status_to_file(now); -#define BRIDGE_STATUSFILE_INTERVAL (30*60) - return BRIDGE_STATUSFILE_INTERVAL; - } - return PERIODIC_EVENT_NO_UPDATE; -} - static int heartbeat_callback_first_time = 1; /** diff --git a/src/core/or/circuit_st.h b/src/core/or/circuit_st.h index cc21cf62f7..a68547ecb1 100644 --- a/src/core/or/circuit_st.h +++ b/src/core/or/circuit_st.h @@ -104,6 +104,26 @@ struct circuit_t { * circuit-level sendme cells to indicate that we're willing to accept * more. */ int deliver_window; + /** FIFO containing the digest of the cells that are just before a SENDME is + * sent by the client. It is done at the last cell before our package_window + * goes down to 0 which is when we expect a SENDME. + * + * Our current circuit package window is capped to 1000 + * (CIRCWINDOW_START_MAX) which is also the start value. The increment is + * set to 100 (CIRCWINDOW_INCREMENT) which means we don't allow more than + * 1000/100 = 10 outstanding SENDME cells worth of data. Meaning that this + * list can not contain more than 10 digests of DIGEST_LEN bytes (20). + * + * At position i in the list, the digest corresponds to the + * ((CIRCWINDOW_INCREMENT * i) - 1)-nth cell received since we expect the + * (CIRCWINDOW_INCREMENT * i)-nth cell to be the SENDME and thus containing + * the previous cell digest. + * + * For example, position 2 (starting at 0) means that we've received 299 + * cells and the 299th cell digest is kept at index 2. + * + * At maximum, this list contains 200 bytes plus the smartlist overhead. */ + smartlist_t *sendme_last_digests; /** Temporary field used during circuits_handle_oom. */ uint32_t age_tmp; diff --git a/src/core/or/circuitlist.c b/src/core/or/circuitlist.c index afbde06434..6428cdb8a7 100644 --- a/src/core/or/circuitlist.c +++ b/src/core/or/circuitlist.c @@ -1227,6 +1227,12 @@ circuit_free_(circuit_t *circ) * "active" checks will be violated. */ cell_queue_clear(&circ->n_chan_cells); + /* Cleanup possible SENDME state. */ + if (circ->sendme_last_digests) { + SMARTLIST_FOREACH(circ->sendme_last_digests, uint8_t *, d, tor_free(d)); + smartlist_free(circ->sendme_last_digests); + } + log_info(LD_CIRC, "Circuit %u (id: %" PRIu32 ") has been freed.", n_circ_id, CIRCUIT_IS_ORIGIN(circ) ? diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index 33ba723971..8ed4034560 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -73,6 +73,7 @@ #include "core/or/policies.h" #include "core/or/reasons.h" #include "core/or/relay.h" +#include "core/or/sendme.h" #include "core/proto/proto_http.h" #include "core/proto/proto_socks.h" #include "feature/client/addressmap.h" @@ -767,7 +768,7 @@ connection_edge_flushed_some(edge_connection_t *conn) /* falls through. */ case EXIT_CONN_STATE_OPEN: - connection_edge_consider_sending_sendme(conn); + sendme_connection_edge_consider_sending(conn); break; } return 0; @@ -791,7 +792,7 @@ connection_edge_finished_flushing(edge_connection_t *conn) switch (conn->base_.state) { case AP_CONN_STATE_OPEN: case EXIT_CONN_STATE_OPEN: - connection_edge_consider_sending_sendme(conn); + sendme_connection_edge_consider_sending(conn); return 0; case AP_CONN_STATE_SOCKS_WAIT: case AP_CONN_STATE_NATD_WAIT: @@ -4564,6 +4565,25 @@ circuit_clear_isolation(origin_circuit_t *circ) circ->socks_username_len = circ->socks_password_len = 0; } +/** Send an END and mark for close the given edge connection conn using the + * given reason that has to be a stream reason. + * + * Note: We don't unattached the AP connection (if applicable) because we + * don't want to flush the remaining data. This function aims at ending + * everything quickly regardless of the connection state. + * + * This function can't fail and does nothing if conn is NULL. */ +void +connection_edge_end_close(edge_connection_t *conn, uint8_t reason) +{ + if (!conn) { + return; + } + + connection_edge_end(conn, reason); + connection_mark_for_close(TO_CONN(conn)); +} + /** Free all storage held in module-scoped variables for connection_edge.c */ void connection_edge_free_all(void) diff --git a/src/core/or/connection_edge.h b/src/core/or/connection_edge.h index 68d8b19a11..e82b6bd765 100644 --- a/src/core/or/connection_edge.h +++ b/src/core/or/connection_edge.h @@ -80,6 +80,7 @@ int connection_edge_process_inbuf(edge_connection_t *conn, int connection_edge_destroy(circid_t circ_id, edge_connection_t *conn); int connection_edge_end(edge_connection_t *conn, uint8_t reason); int connection_edge_end_errno(edge_connection_t *conn); +void connection_edge_end_close(edge_connection_t *conn, uint8_t reason); int connection_edge_flushed_some(edge_connection_t *conn); int connection_edge_finished_flushing(edge_connection_t *conn); int connection_edge_finished_connecting(edge_connection_t *conn); diff --git a/src/core/or/relay.c b/src/core/or/relay.c index a166904a5f..1b2aafb866 100644 --- a/src/core/or/relay.c +++ b/src/core/or/relay.c @@ -93,13 +93,12 @@ #include "core/or/origin_circuit_st.h" #include "feature/nodelist/routerinfo_st.h" #include "core/or/socks_request_st.h" +#include "core/or/sendme.h" static edge_connection_t *relay_lookup_conn(circuit_t *circ, cell_t *cell, cell_direction_t cell_direction, crypt_path_t *layer_hint); -static void circuit_consider_sending_sendme(circuit_t *circ, - crypt_path_t *layer_hint); static void circuit_resume_edge_reading(circuit_t *circ, crypt_path_t *layer_hint); static int circuit_resume_edge_reading_helper(edge_connection_t *conn, @@ -530,6 +529,60 @@ relay_command_to_string(uint8_t command) } } +/** Return the offset where the padding should start. The <b>data_len</b> is + * the relay payload length expected to be put in the cell. It can not be + * bigger than RELAY_PAYLOAD_SIZE else this function assert(). + * + * Value will always be smaller than CELL_PAYLOAD_SIZE because this offset is + * for the entire cell length not just the data payload length. Zero is + * returned if there is no room for padding. + * + * This function always skips the first 4 bytes after the payload because + * having some unused zero bytes has saved us a lot of times in the past. */ + +STATIC size_t +get_pad_cell_offset(size_t data_len) +{ + /* This is never suppose to happen but in case it does, stop right away + * because if tor is tricked somehow into not adding random bytes to the + * payload with this function returning 0 for a bad data_len, the entire + * authenticated SENDME design can be bypassed leading to bad denial of + * service attacks. */ + tor_assert(data_len <= RELAY_PAYLOAD_SIZE); + + /* If the offset is larger than the cell payload size, we return an offset + * of zero indicating that no padding needs to be added. */ + size_t offset = RELAY_HEADER_SIZE + data_len + 4; + if (offset >= CELL_PAYLOAD_SIZE) { + return 0; + } + return offset; +} + +/* Add random bytes to the unused portion of the payload, to foil attacks + * where the other side can predict all of the bytes in the payload and thus + * compute the authenticated SENDME cells without seeing the traffic. See + * proposal 289. */ +static void +pad_cell_payload(uint8_t *cell_payload, size_t data_len) +{ + size_t pad_offset, pad_len; + + tor_assert(cell_payload); + + pad_offset = get_pad_cell_offset(data_len); + if (pad_offset == 0) { + /* We can't add padding so we are done. */ + return; + } + + /* Remember here that the cell_payload is the length of the header and + * payload size so we offset it using the full lenght of the cell. */ + pad_len = CELL_PAYLOAD_SIZE - pad_offset; + crypto_fast_rng_getbytes(get_thread_fast_rng(), + cell_payload + pad_offset, pad_len); +} + /** Make a relay cell out of <b>relay_command</b> and <b>payload</b>, and send * it onto the open circuit <b>circ</b>. <b>stream_id</b> is the ID on * <b>circ</b> for the stream that's sending the relay cell, or 0 if it's a @@ -573,6 +626,9 @@ relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *circ, if (payload_len) memcpy(cell.payload+RELAY_HEADER_SIZE, payload, payload_len); + /* Add random padding to the cell if we can. */ + pad_cell_payload(cell.payload, payload_len); + log_debug(LD_OR,"delivering %d cell %s.", relay_command, cell_direction == CELL_DIRECTION_OUT ? "forward" : "backward"); @@ -640,6 +696,14 @@ relay_send_command_from_edge_,(streamid_t stream_id, circuit_t *circ, circuit_mark_for_close(circ, END_CIRC_REASON_INTERNAL); return -1; } + + /* If applicable, note the cell digest for the SENDME version 1 purpose if + * we need to. This call needs to be after the circuit_package_relay_cell() + * because the cell digest is set within that function. */ + if (relay_command == RELAY_COMMAND_DATA) { + sendme_record_cell_digest(circ); + } + return 0; } @@ -1429,6 +1493,81 @@ connection_edge_process_relay_cell_not_open( // return -1; } +/** Process a SENDME cell that arrived on <b>circ</b>. If it is a stream level + * cell, it is destined for the given <b>conn</b>. If it is a circuit level + * cell, it is destined for the <b>layer_hint</b>. The <b>domain</b> is the + * logging domain that should be used. + * + * Return 0 if everything went well or a negative value representing a circuit + * end reason on error for which the caller is responsible for closing it. */ +static int +process_sendme_cell(const relay_header_t *rh, const cell_t *cell, + circuit_t *circ, edge_connection_t *conn, + crypt_path_t *layer_hint, int domain) +{ + int ret; + + tor_assert(rh); + + if (!rh->stream_id) { + /* Circuit level SENDME cell. */ + ret = sendme_process_circuit_level(layer_hint, circ, + cell->payload + RELAY_HEADER_SIZE, + rh->length); + if (ret < 0) { + return ret; + } + /* Resume reading on any streams now that we've processed a valid + * SENDME cell that updated our package window. */ + circuit_resume_edge_reading(circ, layer_hint); + /* We are done, the rest of the code is for the stream level. */ + return 0; + } + + /* No connection, might be half edge state. We are done if so. */ + if (!conn) { + if (CIRCUIT_IS_ORIGIN(circ)) { + origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); + if (connection_half_edge_is_valid_sendme(ocirc->half_streams, + rh->stream_id)) { + circuit_read_valid_data(ocirc, rh->length); + log_info(domain, "Sendme cell on circ %u valid on half-closed " + "stream id %d", + ocirc->global_identifier, rh->stream_id); + } + } + + log_info(domain, "SENDME cell dropped, unknown stream (streamid %d).", + rh->stream_id); + return 0; + } + + /* Stream level SENDME cell. */ + ret = sendme_process_stream_level(conn, circ, rh->length); + if (ret < 0) { + /* Means we need to close the circuit with reason ret. */ + return ret; + } + + /* We've now processed properly a SENDME cell, all windows have been + * properly updated, we'll read on the edge connection to see if we can + * get data out towards the end point (Exit or client) since we are now + * allowed to deliver more cells. */ + + if (circuit_queue_streams_are_blocked(circ)) { + /* Still waiting for queue to flush; don't touch conn */ + return 0; + } + connection_start_reading(TO_CONN(conn)); + /* handle whatever might still be on the inbuf */ + if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) { + /* (We already sent an end cell if possible) */ + connection_mark_for_close(TO_CONN(conn)); + return 0; + } + return 0; +} + /** An incoming relay cell has arrived on circuit <b>circ</b>. If * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is * destined for <b>conn</b>. @@ -1549,22 +1688,19 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, return connection_exit_begin_conn(cell, circ); case RELAY_COMMAND_DATA: ++stats_n_data_cells_received; - if (( layer_hint && --layer_hint->deliver_window < 0) || - (!layer_hint && --circ->deliver_window < 0)) { + + /* Update our circuit-level deliver window that we received a DATA cell. + * If the deliver window goes below 0, we end the circuit and stream due + * to a protocol failure. */ + if (sendme_circuit_data_received(circ, layer_hint) < 0) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "(relay data) circ deliver_window below 0. Killing."); - if (conn) { - /* XXXX Do we actually need to do this? Will killing the circuit - * not send an END and mark the stream for close as appropriate? */ - connection_edge_end(conn, END_STREAM_REASON_TORPROTOCOL); - connection_mark_for_close(TO_CONN(conn)); - } + connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL); return -END_CIRC_REASON_TORPROTOCOL; } - log_debug(domain,"circ deliver_window now %d.", layer_hint ? - layer_hint->deliver_window : circ->deliver_window); - circuit_consider_sending_sendme(circ, layer_hint); + /* Consider sending a circuit-level SENDME cell. */ + sendme_circuit_consider_sending(circ, layer_hint); if (rh.stream_id == 0) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay data cell with zero " @@ -1587,9 +1723,14 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, return 0; } - if (--conn->deliver_window < 0) { /* is it below 0 after decrement? */ + /* Update our stream-level deliver window that we just received a DATA + * cell. Going below 0 means we have a protocol level error so the + * stream and circuit are closed. */ + + if (sendme_stream_data_received(conn) < 0) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "(relay data) conn deliver_window below 0. Killing."); + connection_edge_end_close(conn, END_STREAM_REASON_TORPROTOCOL); return -END_CIRC_REASON_TORPROTOCOL; } /* Total all valid application bytes delivered */ @@ -1615,7 +1756,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, /* Only send a SENDME if we're not getting optimistic data; otherwise * a SENDME could arrive before the CONNECTED. */ - connection_edge_consider_sending_sendme(conn); + sendme_connection_edge_consider_sending(conn); } return 0; @@ -1808,99 +1949,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, (unsigned)circ->n_circ_id, rh.stream_id); return 0; case RELAY_COMMAND_SENDME: - if (!rh.stream_id) { - if (layer_hint) { - if (layer_hint->package_window + CIRCWINDOW_INCREMENT > - CIRCWINDOW_START_MAX) { - static struct ratelim_t exit_warn_ratelim = RATELIM_INIT(600); - log_fn_ratelim(&exit_warn_ratelim, LOG_WARN, LD_PROTOCOL, - "Unexpected sendme cell from exit relay. " - "Closing circ."); - return -END_CIRC_REASON_TORPROTOCOL; - } - layer_hint->package_window += CIRCWINDOW_INCREMENT; - log_debug(LD_APP,"circ-level sendme at origin, packagewindow %d.", - layer_hint->package_window); - circuit_resume_edge_reading(circ, layer_hint); - - /* We count circuit-level sendme's as valid delivered data because - * they are rate limited. - */ - if (CIRCUIT_IS_ORIGIN(circ)) { - circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), - rh.length); - } - - } else { - if (circ->package_window + CIRCWINDOW_INCREMENT > - CIRCWINDOW_START_MAX) { - static struct ratelim_t client_warn_ratelim = RATELIM_INIT(600); - log_fn_ratelim(&client_warn_ratelim,LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Unexpected sendme cell from client. " - "Closing circ (window %d).", - circ->package_window); - return -END_CIRC_REASON_TORPROTOCOL; - } - circ->package_window += CIRCWINDOW_INCREMENT; - log_debug(LD_APP, - "circ-level sendme at non-origin, packagewindow %d.", - circ->package_window); - circuit_resume_edge_reading(circ, layer_hint); - } - return 0; - } - if (!conn) { - if (CIRCUIT_IS_ORIGIN(circ)) { - origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); - if (connection_half_edge_is_valid_sendme(ocirc->half_streams, - rh.stream_id)) { - circuit_read_valid_data(ocirc, rh.length); - log_info(domain, - "sendme cell on circ %u valid on half-closed " - "stream id %d", ocirc->global_identifier, rh.stream_id); - } - } - - log_info(domain,"sendme cell dropped, unknown stream (streamid %d).", - rh.stream_id); - return 0; - } - - /* Don't allow the other endpoint to request more than our maximum - * (i.e. initial) stream SENDME window worth of data. Well-behaved - * stock clients will not request more than this max (as per the check - * in the while loop of connection_edge_consider_sending_sendme()). - */ - if (conn->package_window + STREAMWINDOW_INCREMENT > - STREAMWINDOW_START_MAX) { - static struct ratelim_t stream_warn_ratelim = RATELIM_INIT(600); - log_fn_ratelim(&stream_warn_ratelim, LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Unexpected stream sendme cell. Closing circ (window %d).", - conn->package_window); - return -END_CIRC_REASON_TORPROTOCOL; - } - - /* At this point, the stream sendme is valid */ - if (CIRCUIT_IS_ORIGIN(circ)) { - circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), - rh.length); - } - - conn->package_window += STREAMWINDOW_INCREMENT; - log_debug(domain,"stream-level sendme, packagewindow now %d.", - conn->package_window); - if (circuit_queue_streams_are_blocked(circ)) { - /* Still waiting for queue to flush; don't touch conn */ - return 0; - } - connection_start_reading(TO_CONN(conn)); - /* handle whatever might still be on the inbuf */ - if (connection_edge_package_raw_inbuf(conn, 1, NULL) < 0) { - /* (We already sent an end cell if possible) */ - connection_mark_for_close(TO_CONN(conn)); - return 0; - } - return 0; + return process_sendme_cell(&rh, cell, circ, conn, layer_hint, domain); case RELAY_COMMAND_RESOLVE: if (layer_hint) { log_fn(LOG_PROTOCOL_WARN, LD_APP, @@ -2091,15 +2140,17 @@ connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, return 0; } - if (!cpath_layer) { /* non-rendezvous exit */ - tor_assert(circ->package_window > 0); - circ->package_window--; - } else { /* we're an AP, or an exit on a rendezvous circ */ - tor_assert(cpath_layer->package_window > 0); - cpath_layer->package_window--; + /* Handle the circuit-level SENDME package window. */ + if (sendme_note_circuit_data_packaged(circ, cpath_layer) < 0) { + /* Package window has gone under 0. Protocol issue. */ + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Circuit package window is below 0. Closing circuit."); + conn->end_reason = END_STREAM_REASON_TORPROTOCOL; + return -1; } - if (--conn->package_window <= 0) { /* is it 0 after decrement? */ + /* Handle the stream-level SENDME package window. */ + if (sendme_note_stream_data_packaged(conn) < 0) { connection_stop_reading(TO_CONN(conn)); log_debug(domain,"conn->package_window reached 0."); circuit_consider_stop_edge_reading(circ, cpath_layer); @@ -2117,42 +2168,6 @@ connection_edge_package_raw_inbuf(edge_connection_t *conn, int package_partial, goto repeat_connection_edge_package_raw_inbuf; } -/** Called when we've just received a relay data cell, when - * we've just finished flushing all bytes to stream <b>conn</b>, - * or when we've flushed *some* bytes to the stream <b>conn</b>. - * - * If conn->outbuf is not too full, and our deliver window is - * low, send back a suitable number of stream-level sendme cells. - */ -void -connection_edge_consider_sending_sendme(edge_connection_t *conn) -{ - circuit_t *circ; - - if (connection_outbuf_too_full(TO_CONN(conn))) - return; - - circ = circuit_get_by_edge_conn(conn); - if (!circ) { - /* this can legitimately happen if the destroy has already - * arrived and torn down the circuit */ - log_info(LD_APP,"No circuit associated with conn. Skipping."); - return; - } - - while (conn->deliver_window <= STREAMWINDOW_START - STREAMWINDOW_INCREMENT) { - log_debug(conn->base_.type == CONN_TYPE_AP ?LD_APP:LD_EXIT, - "Outbuf %d, Queuing stream sendme.", - (int)conn->base_.outbuf_flushlen); - conn->deliver_window += STREAMWINDOW_INCREMENT; - if (connection_edge_send_command(conn, RELAY_COMMAND_SENDME, - NULL, 0) < 0) { - log_warn(LD_APP,"connection_edge_send_command failed. Skipping."); - return; /* the circuit's closed, don't continue */ - } - } -} - /** The circuit <b>circ</b> has received a circuit-level sendme * (on hop <b>layer_hint</b>, if we're the OP). Go through all the * attached streams and let them resume reading and packaging, if @@ -2369,33 +2384,6 @@ circuit_consider_stop_edge_reading(circuit_t *circ, crypt_path_t *layer_hint) return 0; } -/** Check if the deliver_window for circuit <b>circ</b> (at hop - * <b>layer_hint</b> if it's defined) is low enough that we should - * send a circuit-level sendme back down the circuit. If so, send - * enough sendmes that the window would be overfull if we sent any - * more. - */ -static void -circuit_consider_sending_sendme(circuit_t *circ, crypt_path_t *layer_hint) -{ -// log_fn(LOG_INFO,"Considering: layer_hint is %s", -// layer_hint ? "defined" : "null"); - while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <= - CIRCWINDOW_START - CIRCWINDOW_INCREMENT) { - log_debug(LD_CIRC,"Queuing circuit sendme."); - if (layer_hint) - layer_hint->deliver_window += CIRCWINDOW_INCREMENT; - else - circ->deliver_window += CIRCWINDOW_INCREMENT; - if (relay_send_command_from_edge(0, circ, RELAY_COMMAND_SENDME, - NULL, 0, layer_hint) < 0) { - log_warn(LD_CIRC, - "relay_send_command_from_edge failed. Circuit's closed."); - return; /* the circuit's closed, don't continue */ - } - } -} - /** The total number of cells we have allocated. */ static size_t total_cells_allocated = 0; diff --git a/src/core/or/relay.h b/src/core/or/relay.h index ea1b358ffb..2248cdf381 100644 --- a/src/core/or/relay.h +++ b/src/core/or/relay.h @@ -120,6 +120,7 @@ STATIC int cell_queues_check_size(void); STATIC int connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, edge_connection_t *conn, crypt_path_t *layer_hint); +STATIC size_t get_pad_cell_offset(size_t payload_len); #endif /* defined(RELAY_PRIVATE) */ diff --git a/src/core/or/relay_crypto_st.h b/src/core/or/relay_crypto_st.h index dafce257c7..1f243ccdc8 100644 --- a/src/core/or/relay_crypto_st.h +++ b/src/core/or/relay_crypto_st.h @@ -25,6 +25,8 @@ struct relay_crypto_t { /** Digest state for cells heading away from the OR at this step. */ struct crypto_digest_t *b_digest; + /** Digest used for the next SENDME cell if any. */ + uint8_t sendme_digest[DIGEST_LEN]; }; #undef crypto_cipher_t diff --git a/src/core/or/sendme.c b/src/core/or/sendme.c new file mode 100644 index 0000000000..70ff3798ba --- /dev/null +++ b/src/core/or/sendme.c @@ -0,0 +1,604 @@ +/* Copyright (c) 2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file sendme.c + * \brief Code that is related to SENDME cells both in terms of + * creating/parsing cells and handling the content. + */ + +#define SENDME_PRIVATE + +#include "core/or/or.h" + +#include "app/config/config.h" +#include "core/crypto/relay_crypto.h" +#include "core/mainloop/connection.h" +#include "core/or/cell_st.h" +#include "core/or/circuitlist.h" +#include "core/or/circuituse.h" +#include "core/or/or_circuit_st.h" +#include "core/or/relay.h" +#include "core/or/sendme.h" +#include "feature/nodelist/networkstatus.h" +#include "lib/ctime/di_ops.h" +#include "trunnel/sendme.h" + +/* The maximum supported version. Above that value, the cell can't be + * recognized as a valid SENDME. */ +#define SENDME_MAX_SUPPORTED_VERSION 1 + +/* The cell version constants for when emitting a cell. */ +#define SENDME_EMIT_MIN_VERSION_DEFAULT 0 +#define SENDME_EMIT_MIN_VERSION_MIN 0 +#define SENDME_EMIT_MIN_VERSION_MAX UINT8_MAX + +/* The cell version constants for when accepting a cell. */ +#define SENDME_ACCEPT_MIN_VERSION_DEFAULT 0 +#define SENDME_ACCEPT_MIN_VERSION_MIN 0 +#define SENDME_ACCEPT_MIN_VERSION_MAX UINT8_MAX + +/* Return the minimum version given by the consensus (if any) that should be + * used when emitting a SENDME cell. */ +STATIC int +get_emit_min_version(void) +{ + return networkstatus_get_param(NULL, "sendme_emit_min_version", + SENDME_EMIT_MIN_VERSION_DEFAULT, + SENDME_EMIT_MIN_VERSION_MIN, + SENDME_EMIT_MIN_VERSION_MAX); +} + +/* Return the minimum version given by the consensus (if any) that should be + * accepted when receiving a SENDME cell. */ +STATIC int +get_accept_min_version(void) +{ + return networkstatus_get_param(NULL, "sendme_accept_min_version", + SENDME_ACCEPT_MIN_VERSION_DEFAULT, + SENDME_ACCEPT_MIN_VERSION_MIN, + SENDME_ACCEPT_MIN_VERSION_MAX); +} + +/* Return true iff the given cell digest matches the first digest in the + * circuit sendme list. */ +static bool +v1_digest_matches(const circuit_t *circ, const uint8_t *cell_digest) +{ + bool ret = false; + uint8_t *circ_digest = NULL; + + tor_assert(circ); + tor_assert(cell_digest); + + /* We shouldn't have received a SENDME if we have no digests. Log at + * protocol warning because it can be tricked by sending many SENDMEs + * without prior data cell. */ + if (circ->sendme_last_digests == NULL || + smartlist_len(circ->sendme_last_digests) == 0) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "We received a SENDME but we have no cell digests to match. " + "Closing circuit."); + goto no_match; + } + + /* Pop the first element that was added (FIFO) and compare it. */ + circ_digest = smartlist_get(circ->sendme_last_digests, 0); + smartlist_del_keeporder(circ->sendme_last_digests, 0); + + /* Compare the digest with the one in the SENDME. This cell is invalid + * without a perfect match. */ + if (tor_memneq(circ_digest, cell_digest, TRUNNEL_SENDME_V1_DIGEST_LEN)) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "SENDME v1 cell digest do not match."); + goto no_match; + } + /* Digests matches! */ + ret = true; + + no_match: + /* This digest was popped from the circuit list. Regardless of what happens, + * we have no more use for it. */ + tor_free(circ_digest); + return ret; +} + +/* Return true iff the given decoded SENDME version 1 cell is valid and + * matches the expected digest on the circuit. + * + * Validation is done by comparing the digest in the cell from the previous + * cell we saw which tells us that the other side has in fact seen that cell. + * See proposal 289 for more details. */ +static bool +cell_v1_is_valid(const sendme_cell_t *cell, const circuit_t *circ) +{ + tor_assert(cell); + tor_assert(circ); + + const uint8_t *cell_digest = sendme_cell_getconstarray_data_v1_digest(cell); + return v1_digest_matches(circ, cell_digest); +} + +/* Return true iff the given cell version can be handled or if the minimum + * accepted version from the consensus is known to us. */ +STATIC bool +cell_version_is_valid(uint8_t cell_version) +{ + int accept_version = get_accept_min_version(); + + /* Can we handle this version? */ + if (accept_version > SENDME_MAX_SUPPORTED_VERSION) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Unable to accept SENDME version %u (from consensus). " + "We only support <= %d. Probably your tor is too old?", + accept_version, cell_version); + goto invalid; + } + + /* We only accept a SENDME cell from what the consensus tells us. */ + if (cell_version < accept_version) { + log_info(LD_PROTOCOL, "Unacceptable SENDME version %d. Only " + "accepting %u (from consensus). Closing circuit.", + cell_version, accept_version); + goto invalid; + } + + return 1; + invalid: + return 0; +} + +/* Return true iff the encoded SENDME cell in cell_payload of length + * cell_payload_len is valid. For each version: + * + * 0: No validation + * 1: Authenticated with last cell digest. + * + * This is the main critical function to make sure we can continue to + * send/recv cells on a circuit. If the SENDME is invalid, the circuit should + * be mark for close. */ +STATIC bool +sendme_is_valid(const circuit_t *circ, const uint8_t *cell_payload, + size_t cell_payload_len) +{ + uint8_t cell_version; + sendme_cell_t *cell = NULL; + + tor_assert(circ); + tor_assert(cell_payload); + + /* An empty payload means version 0 so skip trunnel parsing. We won't be + * able to parse a 0 length buffer into a valid SENDME cell. */ + if (cell_payload_len == 0) { + cell_version = 0; + } else { + /* First we'll decode the cell so we can get the version. */ + if (sendme_cell_parse(&cell, cell_payload, cell_payload_len) < 0) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Unparseable SENDME cell received. Closing circuit."); + goto invalid; + } + cell_version = sendme_cell_get_version(cell); + } + + /* Validate that we can handle this cell version. */ + if (!cell_version_is_valid(cell_version)) { + goto invalid; + } + + /* Validate depending on the version now. */ + switch (cell_version) { + case 0x01: + if (!cell_v1_is_valid(cell, circ)) { + goto invalid; + } + break; + case 0x00: + /* Fallthrough. Version 0, there is no work to be done on the payload so + * it is necessarily valid if we pass the version validation. */ + default: + /* Unknown version means we can't handle it so fallback to version 0. */ + break; + } + + /* Valid cell. */ + sendme_cell_free(cell); + return 1; + invalid: + sendme_cell_free(cell); + return 0; +} + +/* Build and encode a version 1 SENDME cell into payload, which must be at + * least of RELAY_PAYLOAD_SIZE bytes, using the digest for the cell data. + * + * Return the size in bytes of the encoded cell in payload. A negative value + * is returned on encoding failure. */ +STATIC ssize_t +build_cell_payload_v1(const uint8_t *cell_digest, uint8_t *payload) +{ + ssize_t len = -1; + sendme_cell_t *cell = NULL; + + tor_assert(cell_digest); + tor_assert(payload); + + cell = sendme_cell_new(); + + /* Building a payload for version 1. */ + sendme_cell_set_version(cell, 0x01); + /* Set the data length field for v1. */ + sendme_cell_set_data_len(cell, TRUNNEL_SENDME_V1_DIGEST_LEN); + + /* Copy the digest into the data payload. */ + memcpy(sendme_cell_getarray_data_v1_digest(cell), cell_digest, + sendme_cell_get_data_len(cell)); + + /* Finally, encode the cell into the payload. */ + len = sendme_cell_encode(payload, RELAY_PAYLOAD_SIZE, cell); + + sendme_cell_free(cell); + return len; +} + +/* Send a circuit-level SENDME on the given circuit using the layer_hint if + * not NULL. The digest is only used for version 1. + * + * Return 0 on success else a negative value and the circuit will be closed + * because we failed to send the cell on it. */ +static int +send_circuit_level_sendme(circuit_t *circ, crypt_path_t *layer_hint, + const uint8_t *cell_digest) +{ + uint8_t emit_version; + uint8_t payload[RELAY_PAYLOAD_SIZE]; + ssize_t payload_len; + + tor_assert(circ); + tor_assert(cell_digest); + + emit_version = get_emit_min_version(); + switch (emit_version) { + case 0x01: + payload_len = build_cell_payload_v1(cell_digest, payload); + if (BUG(payload_len < 0)) { + /* Unable to encode the cell, abort. We can recover from this by closing + * the circuit but in theory it should never happen. */ + return -1; + } + log_debug(LD_PROTOCOL, "Emitting SENDME version 1 cell."); + break; + case 0x00: + /* Fallthrough because default is to use v0. */ + default: + /* Unknown version, fallback to version 0 meaning no payload. */ + payload_len = 0; + break; + } + + if (relay_send_command_from_edge(0, circ, RELAY_COMMAND_SENDME, + (char *) payload, payload_len, + layer_hint) < 0) { + log_warn(LD_CIRC, + "SENDME relay_send_command_from_edge failed. Circuit's closed."); + return -1; /* the circuit's closed, don't continue */ + } + return 0; +} + +/* + * Public API + */ + +/** Keep the current inbound cell digest for the next SENDME digest. This part + * is only done by the client as the circuit came back from the Exit. */ +void +sendme_circuit_record_outbound_cell(or_circuit_t *or_circ) +{ + tor_assert(or_circ); + relay_crypto_record_sendme_digest(&or_circ->crypto); +} + +/** Keep the current inbound cell digest for the next SENDME digest. This part + * is only done by the client as the circuit came back from the Exit. */ +void +sendme_circuit_record_inbound_cell(crypt_path_t *cpath) +{ + tor_assert(cpath); + relay_crypto_record_sendme_digest(&cpath->crypto); +} + +/** Return true iff the next cell for the given cell window is expected to be + * a SENDME. + * + * We are able to know that because the package or deliver window value minus + * one cell (the possible SENDME cell) should be a multiple of the increment + * window value. */ +bool +sendme_circuit_cell_is_next(int window) +{ + /* Is this the last cell before a SENDME? The idea is that if the package or + * deliver window reaches a multiple of the increment, after this cell, we + * should expect a SENDME. */ + if (((window - 1) % CIRCWINDOW_INCREMENT) != 0) { + return false; + } + /* Next cell is expected to be a SENDME. */ + return true; +} + +/** Called when we've just received a relay data cell, when we've just + * finished flushing all bytes to stream <b>conn</b>, or when we've flushed + * *some* bytes to the stream <b>conn</b>. + * + * If conn->outbuf is not too full, and our deliver window is low, send back a + * suitable number of stream-level sendme cells. + */ +void +sendme_connection_edge_consider_sending(edge_connection_t *conn) +{ + tor_assert(conn); + + int log_domain = TO_CONN(conn)->type == CONN_TYPE_AP ? LD_APP : LD_EXIT; + + /* Don't send it if we still have data to deliver. */ + if (connection_outbuf_too_full(TO_CONN(conn))) { + goto end; + } + + if (circuit_get_by_edge_conn(conn) == NULL) { + /* This can legitimately happen if the destroy has already arrived and + * torn down the circuit. */ + log_info(log_domain, "No circuit associated with edge connection. " + "Skipping sending SENDME."); + goto end; + } + + while (conn->deliver_window <= + (STREAMWINDOW_START - STREAMWINDOW_INCREMENT)) { + log_debug(log_domain, "Outbuf %" TOR_PRIuSZ ", queuing stream SENDME.", + TO_CONN(conn)->outbuf_flushlen); + conn->deliver_window += STREAMWINDOW_INCREMENT; + if (connection_edge_send_command(conn, RELAY_COMMAND_SENDME, + NULL, 0) < 0) { + log_warn(LD_BUG, "connection_edge_send_command failed while sending " + "a SENDME. Circuit probably closed, skipping."); + goto end; /* The circuit's closed, don't continue */ + } + } + + end: + return; +} + +/** Check if the deliver_window for circuit <b>circ</b> (at hop + * <b>layer_hint</b> if it's defined) is low enough that we should + * send a circuit-level sendme back down the circuit. If so, send + * enough sendmes that the window would be overfull if we sent any + * more. + */ +void +sendme_circuit_consider_sending(circuit_t *circ, crypt_path_t *layer_hint) +{ + const uint8_t *digest; + + while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <= + CIRCWINDOW_START - CIRCWINDOW_INCREMENT) { + log_debug(LD_CIRC,"Queuing circuit sendme."); + if (layer_hint) { + layer_hint->deliver_window += CIRCWINDOW_INCREMENT; + digest = relay_crypto_get_sendme_digest(&layer_hint->crypto); + } else { + circ->deliver_window += CIRCWINDOW_INCREMENT; + digest = relay_crypto_get_sendme_digest(&TO_OR_CIRCUIT(circ)->crypto); + } + if (send_circuit_level_sendme(circ, layer_hint, digest) < 0) { + return; /* The circuit's closed, don't continue */ + } + } +} + +/* Process a circuit-level SENDME cell that we just received. The layer_hint, + * if not NULL, is the Exit hop of the connection which means that we are a + * client. In that case, circ must be an origin circuit. The cell_body_len is + * the length of the SENDME cell payload (excluding the header). The + * cell_payload is the payload. + * + * Return 0 on success that is the SENDME is valid and the package window has + * been updated properly. + * + * On error, a negative value is returned which indicate that the circuit must + * be closed using the value as the reason for it. */ +int +sendme_process_circuit_level(crypt_path_t *layer_hint, + circuit_t *circ, const uint8_t *cell_payload, + uint16_t cell_payload_len) +{ + tor_assert(circ); + tor_assert(cell_payload); + + /* If we are the origin of the circuit, we are the Client so we use the + * layer hint (the Exit hop) for the package window tracking. */ + if (CIRCUIT_IS_ORIGIN(circ)) { + if ((layer_hint->package_window + CIRCWINDOW_INCREMENT) > + CIRCWINDOW_START_MAX) { + static struct ratelim_t exit_warn_ratelim = RATELIM_INIT(600); + log_fn_ratelim(&exit_warn_ratelim, LOG_WARN, LD_PROTOCOL, + "Unexpected sendme cell from exit relay. " + "Closing circ."); + return -END_CIRC_REASON_TORPROTOCOL; + } + layer_hint->package_window += CIRCWINDOW_INCREMENT; + log_debug(LD_APP, "circ-level sendme at origin, packagewindow %d.", + layer_hint->package_window); + + /* We count circuit-level sendme's as valid delivered data because they + * are rate limited. */ + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), cell_payload_len); + } else { + /* Validate the SENDME cell. Depending on the version, different + * validation can be done. An invalid SENDME requires us to close the + * circuit. It is only done if we are the Exit of the circuit. */ + if (!sendme_is_valid(circ, cell_payload, cell_payload_len)) { + return -END_CIRC_REASON_TORPROTOCOL; + } + + /* We aren't the origin of this circuit so we are the Exit and thus we + * track the package window with the circuit object. */ + if ((circ->package_window + CIRCWINDOW_INCREMENT) > + CIRCWINDOW_START_MAX) { + static struct ratelim_t client_warn_ratelim = RATELIM_INIT(600); + log_fn_ratelim(&client_warn_ratelim, LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Unexpected sendme cell from client. " + "Closing circ (window %d).", circ->package_window); + return -END_CIRC_REASON_TORPROTOCOL; + } + circ->package_window += CIRCWINDOW_INCREMENT; + log_debug(LD_EXIT, "circ-level sendme at non-origin, packagewindow %d.", + circ->package_window); + } + + return 0; +} + +/* Process a stream-level SENDME cell that we just received. The conn is the + * edge connection (stream) that the circuit circ is associated with. The + * cell_body_len is the length of the payload (excluding the header). + * + * Return 0 on success that is the SENDME is valid and the package window has + * been updated properly. + * + * On error, a negative value is returned which indicate that the circuit must + * be closed using the value as the reason for it. */ +int +sendme_process_stream_level(edge_connection_t *conn, circuit_t *circ, + uint16_t cell_body_len) +{ + tor_assert(conn); + tor_assert(circ); + + /* Don't allow the other endpoint to request more than our maximum (i.e. + * initial) stream SENDME window worth of data. Well-behaved stock clients + * will not request more than this max (as per the check in the while loop + * of sendme_connection_edge_consider_sending()). */ + if ((conn->package_window + STREAMWINDOW_INCREMENT) > + STREAMWINDOW_START_MAX) { + static struct ratelim_t stream_warn_ratelim = RATELIM_INIT(600); + log_fn_ratelim(&stream_warn_ratelim, LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Unexpected stream sendme cell. Closing circ (window %d).", + conn->package_window); + return -END_CIRC_REASON_TORPROTOCOL; + } + /* At this point, the stream sendme is valid */ + conn->package_window += STREAMWINDOW_INCREMENT; + + /* We count circuit-level sendme's as valid delivered data because they are + * rate limited. */ + if (CIRCUIT_IS_ORIGIN(circ)) { + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), cell_body_len); + } + + log_debug(CIRCUIT_IS_ORIGIN(circ) ? LD_APP : LD_EXIT, + "stream-level sendme, package_window now %d.", + conn->package_window); + return 0; +} + +/* Called when a relay DATA cell is received on the given circuit. If + * layer_hint is NULL, this means we are the Exit end point else we are the + * Client. Update the deliver window and return its new value. */ +int +sendme_circuit_data_received(circuit_t *circ, crypt_path_t *layer_hint) +{ + int deliver_window, domain; + + if (CIRCUIT_IS_ORIGIN(circ)) { + tor_assert(layer_hint); + --layer_hint->deliver_window; + deliver_window = layer_hint->deliver_window; + domain = LD_APP; + } else { + tor_assert(!layer_hint); + --circ->deliver_window; + deliver_window = circ->deliver_window; + domain = LD_EXIT; + } + + log_debug(domain, "Circuit deliver_window now %d.", deliver_window); + return deliver_window; +} + +/* Called when a relay DATA cell is received for the given edge connection + * conn. Update the deliver window and return its new value. */ +int +sendme_stream_data_received(edge_connection_t *conn) +{ + tor_assert(conn); + return --conn->deliver_window; +} + +/* Called when a relay DATA cell is packaged on the given circuit. If + * layer_hint is NULL, this means we are the Exit end point else we are the + * Client. Update the package window and return its new value. */ +int +sendme_note_circuit_data_packaged(circuit_t *circ, crypt_path_t *layer_hint) +{ + int package_window, domain; + + tor_assert(circ); + + if (CIRCUIT_IS_ORIGIN(circ)) { + /* Client side. */ + tor_assert(layer_hint); + --layer_hint->package_window; + package_window = layer_hint->package_window; + domain = LD_APP; + } else { + /* Exit side. */ + tor_assert(!layer_hint); + --circ->package_window; + package_window = circ->package_window; + domain = LD_EXIT; + } + + log_debug(domain, "Circuit package_window now %d.", package_window); + return package_window; +} + +/* Called when a relay DATA cell is packaged for the given edge connection + * conn. Update the package window and return its new value. */ +int +sendme_note_stream_data_packaged(edge_connection_t *conn) +{ + tor_assert(conn); + return --conn->package_window; +} + +/* Note the cell digest in the circuit sendme last digests FIFO if applicable. + * It is safe to pass a circuit that isn't meant to track those digests. */ +void +sendme_record_cell_digest(circuit_t *circ) +{ + const uint8_t *digest; + + tor_assert(circ); + + /* We only keep the cell digest if we are the Exit on that circuit and if + * this cell is the last one before the client should send a SENDME. */ + if (CIRCUIT_IS_ORIGIN(circ)) { + return; + } + /* Is this the last cell before a SENDME? The idea is that if the + * package_window reaches a multiple of the increment, after this cell, we + * should expect a SENDME. */ + if (!sendme_circuit_cell_is_next(circ->package_window)) { + return; + } + + /* Add the digest to the last seen list in the circuit. */ + digest = relay_crypto_get_sendme_digest(&TO_OR_CIRCUIT(circ)->crypto); + if (circ->sendme_last_digests == NULL) { + circ->sendme_last_digests = smartlist_new(); + } + smartlist_add(circ->sendme_last_digests, tor_memdup(digest, DIGEST_LEN)); +} diff --git a/src/core/or/sendme.h b/src/core/or/sendme.h new file mode 100644 index 0000000000..78273eb9a8 --- /dev/null +++ b/src/core/or/sendme.h @@ -0,0 +1,68 @@ +/* Copyright (c) 2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file sendme.h + * \brief Header file for sendme.c. + **/ + +#ifndef TOR_SENDME_H +#define TOR_SENDME_H + +#include "core/or/edge_connection_st.h" +#include "core/or/crypt_path_st.h" +#include "core/or/circuit_st.h" + +/* Sending SENDME cell. */ +void sendme_connection_edge_consider_sending(edge_connection_t *edge_conn); +void sendme_circuit_consider_sending(circuit_t *circ, + crypt_path_t *layer_hint); + +/* Processing SENDME cell. */ +int sendme_process_circuit_level(crypt_path_t *layer_hint, + circuit_t *circ, const uint8_t *cell_payload, + uint16_t cell_payload_len); +int sendme_process_stream_level(edge_connection_t *conn, circuit_t *circ, + uint16_t cell_body_len); + +/* Update deliver window functions. */ +int sendme_stream_data_received(edge_connection_t *conn); +int sendme_circuit_data_received(circuit_t *circ, crypt_path_t *layer_hint); + +/* Update package window functions. */ +int sendme_note_circuit_data_packaged(circuit_t *circ, + crypt_path_t *layer_hint); +int sendme_note_stream_data_packaged(edge_connection_t *conn); + +/* Track cell digest. */ +void sendme_record_cell_digest(circuit_t *circ); +void sendme_circuit_record_inbound_cell(crypt_path_t *cpath); +void sendme_circuit_record_outbound_cell(or_circuit_t *or_circ); + +/* Circuit level information. */ +bool sendme_circuit_cell_is_next(int window); + +/* Private section starts. */ +#ifdef SENDME_PRIVATE + +/* + * Unit tests declaractions. + */ +#ifdef TOR_UNIT_TESTS + +STATIC int get_emit_min_version(void); +STATIC int get_accept_min_version(void); + +STATIC bool cell_version_is_valid(uint8_t cell_version); + +STATIC ssize_t build_cell_payload_v1(const uint8_t *cell_digest, + uint8_t *payload); +STATIC bool sendme_is_valid(const circuit_t *circ, + const uint8_t *cell_payload, + size_t cell_payload_len); + +#endif /* TOR_UNIT_TESTS */ + +#endif /* SENDME_PRIVATE */ + +#endif /* !defined(TOR_SENDME_H) */ diff --git a/src/feature/control/control.c b/src/feature/control/control.c index 23ef83ef95..436bf423cf 100644 --- a/src/feature/control/control.c +++ b/src/feature/control/control.c @@ -47,7 +47,7 @@ #include "feature/control/control_auth.h" #include "feature/control/control_cmd.h" #include "feature/control/control_events.h" -#include "feature/control/control_fmt.h" +#include "feature/control/control_proto.h" #include "feature/rend/rendcommon.h" #include "feature/rend/rendservice.h" #include "lib/evloop/procmon.h" @@ -401,7 +401,7 @@ connection_control_process_inbuf(control_connection_t *conn) return 0; else if (r == -1) { if (data_len + conn->incoming_cmd_cur_len > MAX_COMMAND_LINE_LENGTH) { - connection_write_str_to_buf("500 Line too long.\r\n", conn); + control_write_endreply(conn, 500, "Line too long."); connection_stop_reading(TO_CONN(conn)); connection_mark_and_flush(TO_CONN(conn)); } @@ -455,20 +455,20 @@ connection_control_process_inbuf(control_connection_t *conn) /* Otherwise, Quit is always valid. */ if (!strcasecmp(conn->current_cmd, "QUIT")) { - connection_write_str_to_buf("250 closing connection\r\n", conn); + control_write_endreply(conn, 250, "closing connection"); connection_mark_and_flush(TO_CONN(conn)); return 0; } if (conn->base_.state == CONTROL_CONN_STATE_NEEDAUTH && !is_valid_initial_command(conn, conn->current_cmd)) { - connection_write_str_to_buf("514 Authentication required.\r\n", conn); + control_write_endreply(conn, 514, "Authentication required."); connection_mark_for_close(TO_CONN(conn)); return 0; } if (data_len >= UINT32_MAX) { - connection_write_str_to_buf("500 A 4GB command? Nice try.\r\n", conn); + control_write_endreply(conn, 500, "A 4GB command? Nice try."); connection_mark_for_close(TO_CONN(conn)); return 0; } diff --git a/src/feature/control/control_auth.c b/src/feature/control/control_auth.c index a86442c21f..49d4d415c6 100644 --- a/src/feature/control/control_auth.c +++ b/src/feature/control/control_auth.c @@ -15,7 +15,7 @@ #include "feature/control/control_auth.h" #include "feature/control/control_cmd_args_st.h" #include "feature/control/control_connection_st.h" -#include "feature/control/control_fmt.h" +#include "feature/control/control_proto.h" #include "lib/crypt_ops/crypto_rand.h" #include "lib/crypt_ops/crypto_util.h" #include "lib/encoding/confline.h" @@ -141,27 +141,28 @@ handle_control_authchallenge(control_connection_t *conn, char server_nonce_encoded[(2*SAFECOOKIE_SERVER_NONCE_LEN) + 1]; if (strcasecmp(smartlist_get(args->args, 0), "SAFECOOKIE")) { - connection_write_str_to_buf("513 AUTHCHALLENGE only supports SAFECOOKIE " - "authentication\r\n", conn); + control_write_endreply(conn, 513, + "AUTHCHALLENGE only supports SAFECOOKIE " + "authentication"); goto fail; } if (!authentication_cookie_is_set) { - connection_write_str_to_buf("515 Cookie authentication is disabled\r\n", - conn); + control_write_endreply(conn, 515, "Cookie authentication is disabled"); goto fail; } if (args->kwargs == NULL || args->kwargs->next != NULL) { /* connection_write_str_to_buf("512 AUTHCHALLENGE requires exactly " "2 arguments.\r\n", conn); */ - connection_printf_to_buf(conn, - "512 AUTHCHALLENGE dislikes argument list %s\r\n", - escaped(args->raw_body)); + control_printf_endreply(conn, 512, + "AUTHCHALLENGE dislikes argument list %s", + escaped(args->raw_body)); goto fail; } if (strcmp(args->kwargs->key, "")) { - connection_write_str_to_buf("512 AUTHCHALLENGE does not accept keyword " - "arguments.\r\n", conn); + control_write_endreply(conn, 512, + "AUTHCHALLENGE does not accept keyword " + "arguments."); goto fail; } @@ -177,8 +178,7 @@ handle_control_authchallenge(control_connection_t *conn, client_nonce = tor_malloc(client_nonce_len); if (base16_decode(client_nonce, client_nonce_len, hex_nonce, strlen(hex_nonce)) != (int)client_nonce_len) { - connection_write_str_to_buf("513 Invalid base16 client nonce\r\n", - conn); + control_write_endreply(conn, 513, "Invalid base16 client nonce"); tor_free(client_nonce); goto fail; } @@ -223,11 +223,10 @@ handle_control_authchallenge(control_connection_t *conn, base16_encode(server_nonce_encoded, sizeof(server_nonce_encoded), server_nonce, sizeof(server_nonce)); - connection_printf_to_buf(conn, - "250 AUTHCHALLENGE SERVERHASH=%s " - "SERVERNONCE=%s\r\n", - server_hash_encoded, - server_nonce_encoded); + control_printf_endreply(conn, 250, + "AUTHCHALLENGE SERVERHASH=%s SERVERNONCE=%s", + server_hash_encoded, + server_nonce_encoded); tor_free(client_nonce); return 0; @@ -263,13 +262,12 @@ handle_control_authenticate(control_connection_t *conn, password = tor_strdup(""); password_len = 0; } else if (args->kwargs->next) { - connection_write_str_to_buf( - "512 Too many arguments to AUTHENTICATE.\r\n", conn); + control_write_endreply(conn, 512, "Too many arguments to AUTHENTICATE."); connection_mark_for_close(TO_CONN(conn)); return 0; } else if (strcmp(args->kwargs->key, "")) { - connection_write_str_to_buf( - "512 AUTHENTICATE does not accept keyword arguments.\r\n", conn); + control_write_endreply(conn, 512, + "AUTHENTICATE does not accept keyword arguments."); connection_mark_for_close(TO_CONN(conn)); return 0; } else if (strchr(args->raw_body, '\"')) { @@ -282,10 +280,10 @@ handle_control_authenticate(control_connection_t *conn, password = tor_malloc(password_len+1); if (base16_decode(password, password_len+1, hex_passwd, strlen(hex_passwd)) != (int) password_len) { - connection_write_str_to_buf( - "551 Invalid hexadecimal encoding. Maybe you tried a plain text " + control_write_endreply(conn, 551, + "Invalid hexadecimal encoding. Maybe you tried a plain text " "password? If so, the standard requires that you put it in " - "double quotes.\r\n", conn); + "double quotes."); connection_mark_for_close(TO_CONN(conn)); tor_free(password); return 0; @@ -418,7 +416,7 @@ handle_control_authenticate(control_connection_t *conn, err: tor_free(password); - connection_printf_to_buf(conn, "515 Authentication failed: %s\r\n", errstr); + control_printf_endreply(conn, 515, "Authentication failed: %s", errstr); connection_mark_for_close(TO_CONN(conn)); if (sl) { /* clean up */ SMARTLIST_FOREACH(sl, char *, str, tor_free(str)); diff --git a/src/feature/control/control_cmd.c b/src/feature/control/control_cmd.c index 9afa734d86..5555a2c5c4 100644 --- a/src/feature/control/control_cmd.c +++ b/src/feature/control/control_cmd.c @@ -27,8 +27,8 @@ #include "feature/control/control_auth.h" #include "feature/control/control_cmd.h" #include "feature/control/control_events.h" -#include "feature/control/control_fmt.h" #include "feature/control/control_getinfo.h" +#include "feature/control/control_proto.h" #include "feature/hs/hs_control.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerinfo.h" @@ -319,12 +319,12 @@ handle_control_getconf(control_connection_t *conn, if ((len = smartlist_len(unrecognized))) { for (i=0; i < len-1; ++i) - connection_printf_to_buf(conn, - "552-Unrecognized configuration key \"%s\"\r\n", - (char*)smartlist_get(unrecognized, i)); - connection_printf_to_buf(conn, - "552 Unrecognized configuration key \"%s\"\r\n", - (char*)smartlist_get(unrecognized, len-1)); + control_printf_midreply(conn, 552, + "Unrecognized configuration key \"%s\"", + (char*)smartlist_get(unrecognized, i)); + control_printf_endreply(conn, 552, + "Unrecognized configuration key \"%s\"", + (char*)smartlist_get(unrecognized, len-1)); } else if ((len = smartlist_len(answers))) { char *tmp = smartlist_get(answers, len-1); tor_assert(strlen(tmp)>4); @@ -332,7 +332,7 @@ handle_control_getconf(control_connection_t *conn, msg = smartlist_join_strings(answers, "", 0, &msg_len); connection_buf_add(msg, msg_len, TO_CONN(conn)); } else { - connection_write_str_to_buf("250 OK\r\n", conn); + send_control_done(conn); } SMARTLIST_FOREACH(answers, char *, cp, tor_free(cp)); @@ -355,7 +355,6 @@ handle_control_loadconf(control_connection_t *conn, { setopt_err_t retval; char *errstring = NULL; - const char *msg = NULL; retval = options_init_from_string(NULL, args->cmddata, CMD_RUN_TOR, NULL, &errstring); @@ -365,31 +364,29 @@ handle_control_loadconf(control_connection_t *conn, "Controller gave us config file that didn't validate: %s", errstring); +#define SEND_ERRMSG(code, msg) \ + control_printf_endreply(conn, code, msg "%s%s", \ + errstring ? ": " : "", \ + errstring ? errstring : "") switch (retval) { case SETOPT_ERR_PARSE: - msg = "552 Invalid config file"; + SEND_ERRMSG(552, "Invalid config file"); break; case SETOPT_ERR_TRANSITION: - msg = "553 Transition not allowed"; + SEND_ERRMSG(553, "Transition not allowed"); break; case SETOPT_ERR_SETTING: - msg = "553 Unable to set option"; + SEND_ERRMSG(553, "Unable to set option"); break; case SETOPT_ERR_MISC: default: - msg = "550 Unable to load config"; + SEND_ERRMSG(550, "Unable to load config"); break; case SETOPT_OK: - break; - } - if (msg) { - if (errstring) - connection_printf_to_buf(conn, "%s: %s\r\n", msg, errstring); - else - connection_printf_to_buf(conn, "%s\r\n", msg); - } else { send_control_done(conn); + break; } +#undef SEND_ERRMSG tor_free(errstring); return 0; } @@ -427,8 +424,7 @@ handle_control_setevents(control_connection_t *conn, } if (event_code == -1) { - connection_printf_to_buf(conn, "552 Unrecognized event \"%s\"\r\n", - ev); + control_printf_endreply(conn, 552, "Unrecognized event \"%s\"", ev); return 0; } } @@ -458,8 +454,8 @@ handle_control_saveconf(control_connection_t *conn, bool force = config_lines_contain_flag(args->kwargs, "FORCE"); const or_options_t *options = get_options(); if ((!force && options->IncludeUsed) || options_save_current() < 0) { - connection_write_str_to_buf( - "551 Unable to write configuration to disk.\r\n", conn); + control_write_endreply(conn, 551, + "Unable to write configuration to disk."); } else { send_control_done(conn); } @@ -492,8 +488,7 @@ handle_control_signal(control_connection_t *conn, } if (sig < 0) - connection_printf_to_buf(conn, "552 Unrecognized signal code \"%s\"\r\n", - s); + control_printf_endreply(conn, 552, "Unrecognized signal code \"%s\"", s); if (sig < 0) return 0; @@ -600,30 +595,32 @@ control_setconf_helper(control_connection_t *conn, opt_err = options_trial_assign(lines, flags, &errstring); { - const char *msg; +#define SEND_ERRMSG(code, msg) \ + control_printf_endreply(conn, code, msg ": %s", errstring); + switch (opt_err) { case SETOPT_ERR_MISC: - msg = "552 Unrecognized option"; + SEND_ERRMSG(552, "Unrecognized option"); break; case SETOPT_ERR_PARSE: - msg = "513 Unacceptable option value"; + SEND_ERRMSG(513, "Unacceptable option value"); break; case SETOPT_ERR_TRANSITION: - msg = "553 Transition not allowed"; + SEND_ERRMSG(553, "Transition not allowed"); break; case SETOPT_ERR_SETTING: default: - msg = "553 Unable to set option"; + SEND_ERRMSG(553, "Unable to set option"); break; case SETOPT_OK: config_free_lines(lines); send_control_done(conn); return 0; } +#undef SEND_ERRMSG log_warn(LD_CONTROL, "Controller gave us config lines that didn't validate: %s", errstring); - connection_printf_to_buf(conn, "%s: %s\r\n", msg, errstring); config_free_lines(lines); tor_free(errstring); return 0; @@ -777,8 +774,8 @@ handle_control_extendcircuit(control_connection_t *conn, if (purpose_line) { intended_purpose = circuit_purpose_from_string(purpose_line->value); if (intended_purpose == CIRCUIT_PURPOSE_UNKNOWN) { - connection_printf_to_buf(conn, "552 Unknown purpose \"%s\"\r\n", - purpose_line->value); + control_printf_endreply(conn, 552, "Unknown purpose \"%s\"", + purpose_line->value); goto done; } } @@ -788,22 +785,22 @@ handle_control_extendcircuit(control_connection_t *conn, // "EXTENDCIRCUIT 0" with no path. circ = circuit_launch(intended_purpose, CIRCLAUNCH_NEED_CAPACITY); if (!circ) { - connection_write_str_to_buf("551 Couldn't start circuit\r\n", conn); + control_write_endreply(conn, 551, "Couldn't start circuit"); } else { - connection_printf_to_buf(conn, "250 EXTENDED %lu\r\n", - (unsigned long)circ->global_identifier); + control_printf_endreply(conn, 250, "EXTENDED %lu", + (unsigned long)circ->global_identifier); } goto done; } } if (!zero_circ && !(circ = get_circ(circ_id))) { - connection_printf_to_buf(conn, "552 Unknown circuit \"%s\"\r\n", circ_id); + control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id); goto done; } if (!path_str) { - connection_printf_to_buf(conn, "512 syntax error: path required.\r\n"); + control_write_endreply(conn, 512, "syntax error: path required."); goto done; } @@ -814,11 +811,11 @@ handle_control_extendcircuit(control_connection_t *conn, SMARTLIST_FOREACH_BEGIN(router_nicknames, const char *, n) { const node_t *node = node_get_by_nickname(n, 0); if (!node) { - connection_printf_to_buf(conn, "552 No such router \"%s\"\r\n", n); + control_printf_endreply(conn, 552, "No such router \"%s\"", n); goto done; } if (!node_has_preferred_descriptor(node, first_node)) { - connection_printf_to_buf(conn, "552 No descriptor for \"%s\"\r\n", n); + control_printf_endreply(conn, 552, "No descriptor for \"%s\"", n); goto done; } smartlist_add(nodes, (void*)node); @@ -826,7 +823,7 @@ handle_control_extendcircuit(control_connection_t *conn, } SMARTLIST_FOREACH_END(n); if (!smartlist_len(nodes)) { - connection_write_str_to_buf("512 No router names provided\r\n", conn); + control_write_endreply(conn, 512, "No router names provided"); goto done; } @@ -864,7 +861,7 @@ handle_control_extendcircuit(control_connection_t *conn, int err_reason = 0; if ((err_reason = circuit_handle_first_hop(circ)) < 0) { circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason); - connection_write_str_to_buf("551 Couldn't start circuit\r\n", conn); + control_write_endreply(conn, 551, "Couldn't start circuit"); goto done; } } else { @@ -876,14 +873,14 @@ handle_control_extendcircuit(control_connection_t *conn, log_info(LD_CONTROL, "send_next_onion_skin failed; circuit marked for closing."); circuit_mark_for_close(TO_CIRCUIT(circ), -err_reason); - connection_write_str_to_buf("551 Couldn't send onion skin\r\n", conn); + control_write_endreply(conn, 551, "Couldn't send onion skin"); goto done; } } } - connection_printf_to_buf(conn, "250 EXTENDED %lu\r\n", - (unsigned long)circ->global_identifier); + control_printf_endreply(conn, 250, "EXTENDED %lu", + (unsigned long)circ->global_identifier); if (zero_circ) /* send a 'launched' event, for completeness */ circuit_event_status(circ, CIRC_EVENT_LAUNCHED, 0); done: @@ -910,26 +907,26 @@ handle_control_setcircuitpurpose(control_connection_t *conn, const char *circ_id = smartlist_get(args->args,0); if (!(circ = get_circ(circ_id))) { - connection_printf_to_buf(conn, "552 Unknown circuit \"%s\"\r\n", circ_id); + control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id); goto done; } { const config_line_t *purp = config_line_find_case(args->kwargs, "PURPOSE"); if (!purp) { - connection_write_str_to_buf("552 No purpose given\r\n", conn); + control_write_endreply(conn, 552, "No purpose given"); goto done; } new_purpose = circuit_purpose_from_string(purp->value); if (new_purpose == CIRCUIT_PURPOSE_UNKNOWN) { - connection_printf_to_buf(conn, "552 Unknown purpose \"%s\"\r\n", - purp->value); + control_printf_endreply(conn, 552, "Unknown purpose \"%s\"", + purp->value); goto done; } } circuit_change_purpose(TO_CIRCUIT(circ), new_purpose); - connection_write_str_to_buf("250 OK\r\n", conn); + send_control_done(conn); done: return 0; @@ -960,18 +957,18 @@ handle_control_attachstream(control_connection_t *conn, const config_line_t *hoparg = config_line_find_case(args->kwargs, "HOP"); if (!(ap_conn = get_stream(stream_id))) { - connection_printf_to_buf(conn, "552 Unknown stream \"%s\"\r\n", stream_id); + control_printf_endreply(conn, 552, "Unknown stream \"%s\"", stream_id); return 0; } else if (!zero_circ && !(circ = get_circ(circ_id))) { - connection_printf_to_buf(conn, "552 Unknown circuit \"%s\"\r\n", circ_id); + control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id); return 0; } else if (circ) { if (hoparg) { hop = (int) tor_parse_ulong(hoparg->value, 10, 0, INT_MAX, &hop_line_ok, NULL); if (!hop_line_ok) { /* broken hop line */ - connection_printf_to_buf(conn, "552 Bad value hop=%s\r\n", - hoparg->value); + control_printf_endreply(conn, 552, "Bad value hop=%s", + hoparg->value); return 0; } } @@ -980,9 +977,8 @@ handle_control_attachstream(control_connection_t *conn, if (ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONTROLLER_WAIT && ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_CONNECT_WAIT && ENTRY_TO_CONN(ap_conn)->state != AP_CONN_STATE_RESOLVE_WAIT) { - connection_write_str_to_buf( - "555 Connection is not managed by controller.\r\n", - conn); + control_write_endreply(conn, 555, + "Connection is not managed by controller."); return 0; } @@ -1001,15 +997,14 @@ handle_control_attachstream(control_connection_t *conn, } if (circ && (circ->base_.state != CIRCUIT_STATE_OPEN)) { - connection_write_str_to_buf( - "551 Can't attach stream to non-open origin circuit\r\n", - conn); + control_write_endreply(conn, 551, + "Can't attach stream to non-open origin circuit"); return 0; } /* Is this a single hop circuit? */ if (circ && (circuit_get_cpath_len(circ)<2 || hop==1)) { - connection_write_str_to_buf( - "551 Can't attach stream to this one-hop circuit.\r\n", conn); + control_write_endreply(conn, 551, + "Can't attach stream to this one-hop circuit."); return 0; } @@ -1017,13 +1012,12 @@ handle_control_attachstream(control_connection_t *conn, /* find this hop in the circuit, and set cpath */ cpath = circuit_get_cpath_hop(circ, hop); if (!cpath) { - connection_printf_to_buf(conn, - "551 Circuit doesn't have %d hops.\r\n", hop); + control_printf_endreply(conn, 551, "Circuit doesn't have %d hops.", hop); return 0; } } if (connection_ap_handshake_rewrite_and_attach(ap_conn, circ, cpath) < 0) { - connection_write_str_to_buf("551 Unable to attach stream\r\n", conn); + control_write_endreply(conn, 551, "Unable to attach stream"); return 0; } send_control_done(conn); @@ -1055,8 +1049,8 @@ handle_control_postdescriptor(control_connection_t *conn, line = config_line_find_case(args->kwargs, "purpose"); if (line) { purpose = router_purpose_from_string(line->value); - connection_printf_to_buf(conn, "552 Unknown purpose \"%s\"\r\n", - line->value); + control_printf_endreply(conn, 552, "Unknown purpose \"%s\"", + line->value); goto done; } line = config_line_find_case(args->kwargs, "cache"); @@ -1066,8 +1060,8 @@ handle_control_postdescriptor(control_connection_t *conn, else if (!strcasecmp(line->value, "yes")) cache = 1; else { - connection_printf_to_buf(conn, "552 Unknown cache request \"%s\"\r\n", - line->value); + control_printf_endreply(conn, 552, "Unknown cache request \"%s\"", + line->value); goto done; } } @@ -1075,11 +1069,11 @@ handle_control_postdescriptor(control_connection_t *conn, switch (router_load_single_router(args->cmddata, purpose, cache, &msg)) { case -1: if (!msg) msg = "Could not parse descriptor"; - connection_printf_to_buf(conn, "554 %s\r\n", msg); + control_write_endreply(conn, 554, msg); break; case 0: if (!msg) msg = "Descriptor not added"; - connection_printf_to_buf(conn, "251 %s\r\n",msg); + control_write_endreply(conn, 251, msg); break; case 1: send_control_done(conn); @@ -1108,8 +1102,8 @@ handle_control_redirectstream(control_connection_t *conn, if (!(ap_conn = get_stream(smartlist_get(args, 0))) || !ap_conn->socks_request) { - connection_printf_to_buf(conn, "552 Unknown stream \"%s\"\r\n", - (char*)smartlist_get(args, 0)); + control_printf_endreply(conn, 552, "Unknown stream \"%s\"", + (char*)smartlist_get(args, 0)); } else { int ok = 1; if (smartlist_len(args) > 2) { /* they included a port too */ @@ -1117,8 +1111,8 @@ handle_control_redirectstream(control_connection_t *conn, 10, 1, 65535, &ok, NULL); } if (!ok) { - connection_printf_to_buf(conn, "512 Cannot parse port \"%s\"\r\n", - (char*)smartlist_get(args, 2)); + control_printf_endreply(conn, 512, "Cannot parse port \"%s\"", + (char*)smartlist_get(args, 2)); } else { new_addr = tor_strdup(smartlist_get(args, 1)); } @@ -1156,14 +1150,14 @@ handle_control_closestream(control_connection_t *conn, tor_assert(smartlist_len(args) >= 2); if (!(ap_conn = get_stream(smartlist_get(args, 0)))) - connection_printf_to_buf(conn, "552 Unknown stream \"%s\"\r\n", - (char*)smartlist_get(args, 0)); + control_printf_endreply(conn, 552, "Unknown stream \"%s\"", + (char*)smartlist_get(args, 0)); else { reason = (uint8_t) tor_parse_ulong(smartlist_get(args,1), 10, 0, 255, &ok, NULL); if (!ok) { - connection_printf_to_buf(conn, "552 Unrecognized reason \"%s\"\r\n", - (char*)smartlist_get(args, 1)); + control_printf_endreply(conn, 552, "Unrecognized reason \"%s\"", + (char*)smartlist_get(args, 1)); ap_conn = NULL; } } @@ -1193,7 +1187,7 @@ handle_control_closecircuit(control_connection_t *conn, origin_circuit_t *circ = NULL; if (!(circ=get_circ(circ_id))) { - connection_printf_to_buf(conn, "552 Unknown circuit \"%s\"\r\n", circ_id); + control_printf_endreply(conn, 552, "Unknown circuit \"%s\"", circ_id); return 0; } @@ -1278,8 +1272,8 @@ handle_control_protocolinfo(control_connection_t *conn, } }); if (bad_arg) { - connection_printf_to_buf(conn, "513 No such version %s\r\n", - escaped(bad_arg)); + control_printf_endreply(conn, 513, "No such version %s", + escaped(bad_arg)); /* Don't tolerate bad arguments when not authenticated. */ if (!STATE_IS_OPEN(TO_CONN(conn)->state)) connection_mark_for_close(TO_CONN(conn)); @@ -1309,15 +1303,13 @@ handle_control_protocolinfo(control_connection_t *conn, smartlist_free(mlist); } - connection_printf_to_buf(conn, - "250-PROTOCOLINFO 1\r\n" - "250-AUTH METHODS=%s%s%s\r\n" - "250-VERSION Tor=%s\r\n" - "250 OK\r\n", - methods, - cookies?" COOKIEFILE=":"", - cookies?esc_cfile:"", - escaped(VERSION)); + control_write_midreply(conn, 250, "PROTOCOLINFO 1"); + control_printf_midreply(conn, 250, "AUTH METHODS=%s%s%s", methods, + cookies?" COOKIEFILE=":"", + cookies?esc_cfile:""); + control_printf_midreply(conn, 250, "VERSION Tor=%s", escaped(VERSION)); + send_control_done(conn); + tor_free(methods); tor_free(cfile); tor_free(abs_cfile); @@ -1345,8 +1337,8 @@ handle_control_usefeature(control_connection_t *conn, else if (!strcasecmp(arg, "EXTENDED_EVENTS")) ; else { - connection_printf_to_buf(conn, "552 Unrecognized feature \"%s\"\r\n", - arg); + control_printf_endreply(conn, 552, "Unrecognized feature \"%s\"", + arg); bad = 1; break; } @@ -1429,8 +1421,7 @@ handle_control_hsfetch(control_connection_t *conn, version = HS_VERSION_THREE; hs_parse_address(hsaddress, &v3_pk, NULL, NULL); } else { - connection_printf_to_buf(conn, "513 Invalid argument \"%s\"\r\n", - arg1); + control_printf_endreply(conn, 513, "Invalid argument \"%s\"", arg1); goto done; } @@ -1440,8 +1431,7 @@ handle_control_hsfetch(control_connection_t *conn, const node_t *node = node_get_by_hex_id(server, 0); if (!node) { - connection_printf_to_buf(conn, "552 Server \"%s\" not found\r\n", - server); + control_printf_endreply(conn, 552, "Server \"%s\" not found", server); goto done; } if (!hsdirs) { @@ -1459,7 +1449,7 @@ handle_control_hsfetch(control_connection_t *conn, rend_query = rend_data_client_create(hsaddress, desc_id, NULL, REND_NO_AUTH); if (rend_query == NULL) { - connection_printf_to_buf(conn, "551 Error creating the HS query\r\n"); + control_write_endreply(conn, 551, "Error creating the HS query"); goto done; } } @@ -1467,7 +1457,7 @@ handle_control_hsfetch(control_connection_t *conn, /* Using a descriptor ID, we force the user to provide at least one * hsdir server using the SERVER= option. */ if (desc_id && (!hsdirs || !smartlist_len(hsdirs))) { - connection_printf_to_buf(conn, "512 SERVER option is required\r\n"); + control_write_endreply(conn, 512, "SERVER option is required"); goto done; } @@ -1519,8 +1509,8 @@ handle_control_hspost(control_connection_t *conn, const node_t *node = node_get_by_hex_id(server, 0); if (!node || !node->rs) { - connection_printf_to_buf(conn, "552 Server \"%s\" not found\r\n", - server); + control_printf_endreply(conn, 552, "Server \"%s\" not found", + server); goto done; } /* Valid server, add it to our local list. */ @@ -1530,7 +1520,7 @@ handle_control_hspost(control_connection_t *conn, } else if (!strcasecmpstart(line->key, "HSADDRESS")) { const char *address = line->value; if (!hs_address_is_valid(address)) { - connection_printf_to_buf(conn, "512 Malformed onion address\r\n"); + control_write_endreply(conn, 512, "Malformed onion address"); goto done; } onion_address = address; @@ -1542,7 +1532,7 @@ handle_control_hspost(control_connection_t *conn, /* Handle the v3 case. */ if (onion_address) { if (hs_control_hspost_command(encoded_desc, onion_address, hs_dirs) < 0) { - connection_printf_to_buf(conn, "554 Invalid descriptor\r\n"); + control_write_endreply(conn, 554, "Invalid descriptor"); } else { send_control_done(conn); } @@ -1582,7 +1572,7 @@ handle_control_hspost(control_connection_t *conn, rend_service_descriptor_free(parsed); } else { - connection_printf_to_buf(conn, "554 Invalid descriptor\r\n"); + control_write_endreply(conn, 554, "Invalid descriptor"); } tor_free(intro_content); @@ -1688,7 +1678,7 @@ handle_control_add_onion(control_connection_t *conn, rend_service_port_config_t *cfg = rend_service_parse_port_config(arg->value, ",", NULL); if (!cfg) { - connection_printf_to_buf(conn, "512 Invalid VIRTPORT/TARGET\r\n"); + control_write_endreply(conn, 512, "Invalid VIRTPORT/TARGET"); goto out; } smartlist_add(port_cfgs, cfg); @@ -1697,7 +1687,7 @@ handle_control_add_onion(control_connection_t *conn, int ok = 0; max_streams = (int)tor_parse_long(arg->value, 10, 0, 65535, &ok, NULL); if (!ok) { - connection_printf_to_buf(conn, "512 Invalid MaxStreams\r\n"); + control_write_endreply(conn, 512, "Invalid MaxStreams"); goto out; } } else if (!strcasecmp(arg->key, "Flags")) { @@ -1725,7 +1715,7 @@ handle_control_add_onion(control_connection_t *conn, smartlist_split_string(flags, arg->value, ",", SPLIT_IGNORE_BLANK, 0); if (smartlist_len(flags) < 1) { - connection_printf_to_buf(conn, "512 Invalid 'Flags' argument\r\n"); + control_write_endreply(conn, 512, "Invalid 'Flags' argument"); bad = 1; } SMARTLIST_FOREACH_BEGIN(flags, const char *, flag) @@ -1741,9 +1731,8 @@ handle_control_add_onion(control_connection_t *conn, } else if (!strcasecmp(flag, non_anonymous_flag)) { non_anonymous = 1; } else { - connection_printf_to_buf(conn, - "512 Invalid 'Flags' argument: %s\r\n", - escaped(flag)); + control_printf_endreply(conn, 512, "Invalid 'Flags' argument: %s", + escaped(flag)); bad = 1; break; } @@ -1776,8 +1765,7 @@ handle_control_add_onion(control_connection_t *conn, } } SMARTLIST_FOREACH_END(ac); if (bad) { - connection_printf_to_buf(conn, - "512 Duplicate name in ClientAuth\r\n"); + control_write_endreply(conn, 512, "Duplicate name in ClientAuth"); rend_authorized_client_free(client); goto out; } @@ -1795,19 +1783,19 @@ handle_control_add_onion(control_connection_t *conn, } } if (smartlist_len(port_cfgs) == 0) { - connection_printf_to_buf(conn, "512 Missing 'Port' argument\r\n"); + control_write_endreply(conn, 512, "Missing 'Port' argument"); goto out; } else if (auth_type == REND_NO_AUTH && auth_clients != NULL) { - connection_printf_to_buf(conn, "512 No auth type specified\r\n"); + control_write_endreply(conn, 512, "No auth type specified"); goto out; } else if (auth_type != REND_NO_AUTH && auth_clients == NULL) { - connection_printf_to_buf(conn, "512 No auth clients specified\r\n"); + control_write_endreply(conn, 512, "No auth clients specified"); goto out; } else if ((auth_type == REND_BASIC_AUTH && smartlist_len(auth_clients) > 512) || (auth_type == REND_STEALTH_AUTH && smartlist_len(auth_clients) > 16)) { - connection_printf_to_buf(conn, "512 Too many auth clients\r\n"); + control_write_endreply(conn, 512, "Too many auth clients"); goto out; } else if (non_anonymous != rend_service_non_anonymous_mode_enabled( get_options())) { @@ -1818,9 +1806,9 @@ handle_control_add_onion(control_connection_t *conn, * 512 Tor is in non-anonymous hidden service mode * (I've deliberately written them out in full here to aid searchability.) */ - connection_printf_to_buf(conn, "512 Tor is in %sanonymous hidden service " - "mode\r\n", - non_anonymous ? "" : "non-"); + control_printf_endreply(conn, 512, + "Tor is in %sanonymous hidden service " "mode", + non_anonymous ? "" : "non-"); goto out; } @@ -1846,7 +1834,7 @@ handle_control_add_onion(control_connection_t *conn, /* Hidden service version 3 don't have client authentication support so if * ClientAuth was given, send back an error. */ if (hs_version == HS_VERSION_THREE && auth_clients) { - connection_printf_to_buf(conn, "513 ClientAuth not supported\r\n"); + control_write_endreply(conn, 513, "ClientAuth not supported"); goto out; } @@ -1876,11 +1864,11 @@ handle_control_add_onion(control_connection_t *conn, } tor_assert(service_id); - connection_printf_to_buf(conn, "250-ServiceID=%s\r\n", service_id); + control_printf_midreply(conn, 250, "ServiceID=%s", service_id); if (key_new_alg) { tor_assert(key_new_blob); - connection_printf_to_buf(conn, "250-PrivateKey=%s:%s\r\n", - key_new_alg, key_new_blob); + control_printf_midreply(conn, 250, "PrivateKey=%s:%s", + key_new_alg, key_new_blob); } if (auth_created_clients) { SMARTLIST_FOREACH(auth_created_clients, rend_authorized_client_t *, ac, { @@ -1894,24 +1882,24 @@ handle_control_add_onion(control_connection_t *conn, }); } - connection_printf_to_buf(conn, "250 OK\r\n"); + send_control_done(conn); break; } case RSAE_BADPRIVKEY: - connection_printf_to_buf(conn, "551 Failed to generate onion address\r\n"); + control_write_endreply(conn, 551, "Failed to generate onion address"); break; case RSAE_ADDREXISTS: - connection_printf_to_buf(conn, "550 Onion address collision\r\n"); + control_write_endreply(conn, 550, "Onion address collision"); break; case RSAE_BADVIRTPORT: - connection_printf_to_buf(conn, "512 Invalid VIRTPORT/TARGET\r\n"); + control_write_endreply(conn, 512, "Invalid VIRTPORT/TARGET"); break; case RSAE_BADAUTH: - connection_printf_to_buf(conn, "512 Invalid client authorization\r\n"); + control_write_endreply(conn, 512, "Invalid client authorization"); break; case RSAE_INTERNAL: /* FALLSTHROUGH */ default: - connection_printf_to_buf(conn, "551 Failed to add Onion Service\r\n"); + control_write_endreply(conn, 551, "Failed to add Onion Service"); } if (key_new_blob) { memwipe(key_new_blob, 0, strlen(key_new_blob)); @@ -2153,7 +2141,7 @@ handle_control_del_onion(control_connection_t *conn, } else if (hs_address_is_valid(service_id)) { hs_version = HS_VERSION_THREE; } else { - connection_printf_to_buf(conn, "512 Malformed Onion Service id\r\n"); + control_write_endreply(conn, 512, "Malformed Onion Service id"); goto out; } @@ -2177,7 +2165,7 @@ handle_control_del_onion(control_connection_t *conn, } } if (onion_services == NULL) { - connection_printf_to_buf(conn, "552 Unknown Onion Service id\r\n"); + control_write_endreply(conn, 552, "Unknown Onion Service id"); } else { int ret = -1; switch (hs_version) { @@ -2229,7 +2217,7 @@ handle_control_obsolete(control_connection_t *conn, (void)args; char *command = tor_strdup(conn->current_cmd); tor_strupper(command); - connection_printf_to_buf(conn, "511 %s is obsolete.\r\n", command); + control_printf_endreply(conn, 511, "%s is obsolete.", command); tor_free(command); return 0; } @@ -2362,9 +2350,8 @@ handle_single_control_command(const control_cmd_def_t *def, cmd_data_len, args, &err); if (!parsed_args) { - connection_printf_to_buf(conn, - "512 Bad arguments to %s: %s\r\n", - conn->current_cmd, err?err:""); + control_printf_endreply(conn, 512, "Bad arguments to %s: %s", + conn->current_cmd, err?err:""); tor_free(err); } else { if (BUG(err)) @@ -2404,8 +2391,8 @@ handle_control_command(control_connection_t *conn, } } - connection_printf_to_buf(conn, "510 Unrecognized command \"%s\"\r\n", - conn->current_cmd); + control_printf_endreply(conn, 510, "Unrecognized command \"%s\"", + conn->current_cmd); return 0; } diff --git a/src/feature/control/control_events.c b/src/feature/control/control_events.c index 129776f49f..e596a8aee2 100644 --- a/src/feature/control/control_events.c +++ b/src/feature/control/control_events.c @@ -24,6 +24,7 @@ #include "feature/control/control.h" #include "feature/control/control_events.h" #include "feature/control/control_fmt.h" +#include "feature/control/control_proto.h" #include "feature/dircommon/directory.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nodelist.h" diff --git a/src/feature/control/control_fmt.c b/src/feature/control/control_fmt.c index b2ab4f10bb..e0e77eb2d0 100644 --- a/src/feature/control/control_fmt.c +++ b/src/feature/control/control_fmt.c @@ -3,7 +3,7 @@ /* See LICENSE for licensing information */ /** - * \file control.c + * \file control_fmt.c * \brief Formatting functions for controller data. */ @@ -14,6 +14,7 @@ #include "core/or/circuitlist.h" #include "core/or/connection_edge.h" #include "feature/control/control_fmt.h" +#include "feature/control/control_proto.h" #include "feature/nodelist/nodelist.h" #include "core/or/cpath_build_state_st.h" @@ -23,39 +24,6 @@ #include "core/or/socks_request_st.h" #include "feature/control/control_connection_st.h" -/** Append a NUL-terminated string <b>s</b> to the end of - * <b>conn</b>-\>outbuf. - */ -void -connection_write_str_to_buf(const char *s, control_connection_t *conn) -{ - size_t len = strlen(s); - connection_buf_add(s, len, TO_CONN(conn)); -} - -/** Acts like sprintf, but writes its formatted string to the end of - * <b>conn</b>-\>outbuf. */ -void -connection_printf_to_buf(control_connection_t *conn, const char *format, ...) -{ - va_list ap; - char *buf = NULL; - int len; - - va_start(ap,format); - len = tor_vasprintf(&buf, format, ap); - va_end(ap); - - if (len < 0) { - log_err(LD_BUG, "Unable to format string for controller."); - tor_assert(0); - } - - connection_buf_add(buf, (size_t)len, TO_CONN(conn)); - - tor_free(buf); -} - /** Given an AP connection <b>conn</b> and a <b>len</b>-character buffer * <b>buf</b>, determine the address:port combination requested on * <b>conn</b>, and write it to <b>buf</b>. Return 0 on success, -1 on @@ -197,114 +165,6 @@ circuit_describe_status_for_controller(origin_circuit_t *circ) return rv; } -/** Given a <b>len</b>-character string in <b>data</b>, made of lines - * terminated by CRLF, allocate a new string in *<b>out</b>, and copy the - * contents of <b>data</b> into *<b>out</b>, adding a period before any period - * that appears at the start of a line, and adding a period-CRLF line at - * the end. Replace all LF characters sequences with CRLF. Return the number - * of bytes in *<b>out</b>. - */ -size_t -write_escaped_data(const char *data, size_t len, char **out) -{ - tor_assert(len < SIZE_MAX - 9); - size_t sz_out = len+8+1; - char *outp; - const char *start = data, *end; - size_t i; - int start_of_line; - for (i=0; i < len; ++i) { - if (data[i] == '\n') { - sz_out += 2; /* Maybe add a CR; maybe add a dot. */ - if (sz_out >= SIZE_T_CEILING) { - log_warn(LD_BUG, "Input to write_escaped_data was too long"); - *out = tor_strdup(".\r\n"); - return 3; - } - } - } - *out = outp = tor_malloc(sz_out); - end = data+len; - start_of_line = 1; - while (data < end) { - if (*data == '\n') { - if (data > start && data[-1] != '\r') - *outp++ = '\r'; - start_of_line = 1; - } else if (*data == '.') { - if (start_of_line) { - start_of_line = 0; - *outp++ = '.'; - } - } else { - start_of_line = 0; - } - *outp++ = *data++; - } - if (outp < *out+2 || fast_memcmp(outp-2, "\r\n", 2)) { - *outp++ = '\r'; - *outp++ = '\n'; - } - *outp++ = '.'; - *outp++ = '\r'; - *outp++ = '\n'; - *outp = '\0'; /* NUL-terminate just in case. */ - tor_assert(outp >= *out); - tor_assert((size_t)(outp - *out) <= sz_out); - return outp - *out; -} - -/** Given a <b>len</b>-character string in <b>data</b>, made of lines - * terminated by CRLF, allocate a new string in *<b>out</b>, and copy - * the contents of <b>data</b> into *<b>out</b>, removing any period - * that appears at the start of a line, and replacing all CRLF sequences - * with LF. Return the number of - * bytes in *<b>out</b>. */ -size_t -read_escaped_data(const char *data, size_t len, char **out) -{ - char *outp; - const char *next; - const char *end; - - *out = outp = tor_malloc(len+1); - - end = data+len; - - while (data < end) { - /* we're at the start of a line. */ - if (*data == '.') - ++data; - next = memchr(data, '\n', end-data); - if (next) { - size_t n_to_copy = next-data; - /* Don't copy a CR that precedes this LF. */ - if (n_to_copy && *(next-1) == '\r') - --n_to_copy; - memcpy(outp, data, n_to_copy); - outp += n_to_copy; - data = next+1; /* This will point at the start of the next line, - * or the end of the string, or a period. */ - } else { - memcpy(outp, data, end-data); - outp += (end-data); - *outp = '\0'; - return outp - *out; - } - *outp++ = '\n'; - } - - *outp = '\0'; - return outp - *out; -} - -/** Send a "DONE" message down the control connection <b>conn</b>. */ -void -send_control_done(control_connection_t *conn) -{ - connection_write_str_to_buf("250 OK\r\n", conn); -} - /** Return a longname the node whose identity is <b>id_digest</b>. If * node_get_by_id() returns NULL, base 16 encoding of <b>id_digest</b> is * returned instead. diff --git a/src/feature/control/control_fmt.h b/src/feature/control/control_fmt.h index 8bbbaa95d0..6446e37079 100644 --- a/src/feature/control/control_fmt.h +++ b/src/feature/control/control_fmt.h @@ -12,21 +12,12 @@ #ifndef TOR_CONTROL_FMT_H #define TOR_CONTROL_FMT_H -void connection_write_str_to_buf(const char *s, control_connection_t *conn); -void connection_printf_to_buf(control_connection_t *conn, - const char *format, ...) - CHECK_PRINTF(2,3); - int write_stream_target_to_buf(entry_connection_t *conn, char *buf, size_t len); void orconn_target_get_name(char *buf, size_t len, or_connection_t *conn); char *circuit_describe_status_for_controller(origin_circuit_t *circ); -size_t write_escaped_data(const char *data, size_t len, char **out); -size_t read_escaped_data(const char *data, size_t len, char **out); -void send_control_done(control_connection_t *conn); - MOCK_DECL(const char *, node_describe_longname_by_id,(const char *id_digest)); #endif /* !defined(TOR_CONTROL_FMT_H) */ diff --git a/src/feature/control/control_getinfo.c b/src/feature/control/control_getinfo.c index 5c6a0d4aa2..3e31bb9e8f 100644 --- a/src/feature/control/control_getinfo.c +++ b/src/feature/control/control_getinfo.c @@ -28,6 +28,7 @@ #include "feature/control/control_events.h" #include "feature/control/control_fmt.h" #include "feature/control/control_getinfo.h" +#include "feature/control/control_proto.h" #include "feature/control/fmt_serverstatus.h" #include "feature/control/getinfo_geoip.h" #include "feature/dircache/dirserv.h" @@ -1607,7 +1608,7 @@ handle_control_getinfo(control_connection_t *conn, if (handle_getinfo_helper(conn, q, &ans, &errmsg) < 0) { if (!errmsg) errmsg = "Internal error"; - connection_printf_to_buf(conn, "551 %s\r\n", errmsg); + control_write_endreply(conn, 551, errmsg); goto done; } if (!ans) { @@ -1624,13 +1625,10 @@ handle_control_getinfo(control_connection_t *conn, if (smartlist_len(unrecognized)) { /* control-spec section 2.3, mid-reply '-' or end of reply ' ' */ for (i=0; i < smartlist_len(unrecognized)-1; ++i) - connection_printf_to_buf(conn, - "552-%s\r\n", - (char *)smartlist_get(unrecognized, i)); - - connection_printf_to_buf(conn, - "552 %s\r\n", + control_write_midreply(conn, 552, (char *)smartlist_get(unrecognized, i)); + + control_write_endreply(conn, 552, (char *)smartlist_get(unrecognized, i)); goto done; } @@ -1638,19 +1636,13 @@ handle_control_getinfo(control_connection_t *conn, char *k = smartlist_get(answers, i); char *v = smartlist_get(answers, i+1); if (!strchr(v, '\n') && !strchr(v, '\r')) { - connection_printf_to_buf(conn, "250-%s=", k); - connection_write_str_to_buf(v, conn); - connection_write_str_to_buf("\r\n", conn); + control_printf_midreply(conn, 250, "%s=%s", k, v); } else { - char *esc = NULL; - size_t esc_len; - esc_len = write_escaped_data(v, strlen(v), &esc); - connection_printf_to_buf(conn, "250+%s=\r\n", k); - connection_buf_add(esc, esc_len, TO_CONN(conn)); - tor_free(esc); + control_printf_datareply(conn, 250, "%s=", k); + control_write_data(conn, v); } } - connection_write_str_to_buf("250 OK\r\n", conn); + send_control_done(conn); done: SMARTLIST_FOREACH(answers, char *, cp, tor_free(cp)); diff --git a/src/feature/control/control_proto.c b/src/feature/control/control_proto.c new file mode 100644 index 0000000000..1dd62da2be --- /dev/null +++ b/src/feature/control/control_proto.c @@ -0,0 +1,276 @@ +/* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file control_proto.c + * \brief Formatting functions for controller data. + */ + +#include "core/or/or.h" + +#include "core/mainloop/connection.h" +#include "core/or/circuitbuild.h" +#include "core/or/circuitlist.h" +#include "core/or/connection_edge.h" +#include "feature/control/control_proto.h" +#include "feature/nodelist/nodelist.h" + +#include "core/or/cpath_build_state_st.h" +#include "core/or/entry_connection_st.h" +#include "core/or/or_connection_st.h" +#include "core/or/origin_circuit_st.h" +#include "core/or/socks_request_st.h" +#include "feature/control/control_connection_st.h" + +/** Append a NUL-terminated string <b>s</b> to the end of + * <b>conn</b>-\>outbuf. + */ +void +connection_write_str_to_buf(const char *s, control_connection_t *conn) +{ + size_t len = strlen(s); + connection_buf_add(s, len, TO_CONN(conn)); +} + +/** Acts like sprintf, but writes its formatted string to the end of + * <b>conn</b>-\>outbuf. */ +void +connection_printf_to_buf(control_connection_t *conn, const char *format, ...) +{ + va_list ap; + char *buf = NULL; + int len; + + va_start(ap,format); + len = tor_vasprintf(&buf, format, ap); + va_end(ap); + + if (len < 0) { + log_err(LD_BUG, "Unable to format string for controller."); + tor_assert(0); + } + + connection_buf_add(buf, (size_t)len, TO_CONN(conn)); + + tor_free(buf); +} + +/** Given a <b>len</b>-character string in <b>data</b>, made of lines + * terminated by CRLF, allocate a new string in *<b>out</b>, and copy the + * contents of <b>data</b> into *<b>out</b>, adding a period before any period + * that appears at the start of a line, and adding a period-CRLF line at + * the end. Replace all LF characters sequences with CRLF. Return the number + * of bytes in *<b>out</b>. + * + * This corresponds to CmdData in control-spec.txt. + */ +size_t +write_escaped_data(const char *data, size_t len, char **out) +{ + tor_assert(len < SIZE_MAX - 9); + size_t sz_out = len+8+1; + char *outp; + const char *start = data, *end; + size_t i; + int start_of_line; + for (i=0; i < len; ++i) { + if (data[i] == '\n') { + sz_out += 2; /* Maybe add a CR; maybe add a dot. */ + if (sz_out >= SIZE_T_CEILING) { + log_warn(LD_BUG, "Input to write_escaped_data was too long"); + *out = tor_strdup(".\r\n"); + return 3; + } + } + } + *out = outp = tor_malloc(sz_out); + end = data+len; + start_of_line = 1; + while (data < end) { + if (*data == '\n') { + if (data > start && data[-1] != '\r') + *outp++ = '\r'; + start_of_line = 1; + } else if (*data == '.') { + if (start_of_line) { + start_of_line = 0; + *outp++ = '.'; + } + } else { + start_of_line = 0; + } + *outp++ = *data++; + } + if (outp < *out+2 || fast_memcmp(outp-2, "\r\n", 2)) { + *outp++ = '\r'; + *outp++ = '\n'; + } + *outp++ = '.'; + *outp++ = '\r'; + *outp++ = '\n'; + *outp = '\0'; /* NUL-terminate just in case. */ + tor_assert(outp >= *out); + tor_assert((size_t)(outp - *out) <= sz_out); + return outp - *out; +} + +/** Given a <b>len</b>-character string in <b>data</b>, made of lines + * terminated by CRLF, allocate a new string in *<b>out</b>, and copy + * the contents of <b>data</b> into *<b>out</b>, removing any period + * that appears at the start of a line, and replacing all CRLF sequences + * with LF. Return the number of + * bytes in *<b>out</b>. + * + * This corresponds to CmdData in control-spec.txt. + */ +size_t +read_escaped_data(const char *data, size_t len, char **out) +{ + char *outp; + const char *next; + const char *end; + + *out = outp = tor_malloc(len+1); + + end = data+len; + + while (data < end) { + /* we're at the start of a line. */ + if (*data == '.') + ++data; + next = memchr(data, '\n', end-data); + if (next) { + size_t n_to_copy = next-data; + /* Don't copy a CR that precedes this LF. */ + if (n_to_copy && *(next-1) == '\r') + --n_to_copy; + memcpy(outp, data, n_to_copy); + outp += n_to_copy; + data = next+1; /* This will point at the start of the next line, + * or the end of the string, or a period. */ + } else { + memcpy(outp, data, end-data); + outp += (end-data); + *outp = '\0'; + return outp - *out; + } + *outp++ = '\n'; + } + + *outp = '\0'; + return outp - *out; +} + +/** Send a "DONE" message down the control connection <b>conn</b>. */ +void +send_control_done(control_connection_t *conn) +{ + control_write_endreply(conn, 250, "OK"); +} + +/** Write a reply to the control channel. + * + * @param conn control connection + * @param code numeric result code + * @param c separator character, usually ' ', '-', or '+' + * @param s string + */ +void +control_write_reply(control_connection_t *conn, int code, int c, const char *s) +{ + connection_printf_to_buf(conn, "%03d%c%s\r\n", code, c, s); +} + +/** Write a formatted reply to the control channel. + * + * @param conn control connection + * @param code numeric result code + * @param c separator character, usually ' ', '-', or '+' + * @param fmt format string + * @param ap va_list from caller + */ +void +control_vprintf_reply(control_connection_t *conn, int code, int c, + const char *fmt, va_list ap) +{ + char *buf = NULL; + int len; + + len = tor_vasprintf(&buf, fmt, ap); + if (len < 0) { + log_err(LD_BUG, "Unable to format string for controller."); + tor_assert(0); + } + control_write_reply(conn, code, c, buf); + tor_free(buf); +} + +/** Write an EndReplyLine */ +void +control_write_endreply(control_connection_t *conn, int code, const char *s) +{ + control_write_reply(conn, code, ' ', s); +} + +/** Write a formatted EndReplyLine */ +void +control_printf_endreply(control_connection_t *conn, int code, + const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + control_vprintf_reply(conn, code, ' ', fmt, ap); + va_end(ap); +} + +/** Write a MidReplyLine */ +void +control_write_midreply(control_connection_t *conn, int code, const char *s) +{ + control_write_reply(conn, code, '-', s); +} + +/** Write a formatted MidReplyLine */ +void +control_printf_midreply(control_connection_t *conn, int code, const char *fmt, + ...) +{ + va_list ap; + + va_start(ap, fmt); + control_vprintf_reply(conn, code, '-', fmt, ap); + va_end(ap); +} + +/** Write a DataReplyLine */ +void +control_write_datareply(control_connection_t *conn, int code, const char *s) +{ + control_write_reply(conn, code, '+', s); +} + +/** Write a formatted DataReplyLine */ +void +control_printf_datareply(control_connection_t *conn, int code, const char *fmt, + ...) +{ + va_list ap; + + va_start(ap, fmt); + control_vprintf_reply(conn, code, '+', fmt, ap); + va_end(ap); +} + +/** Write a CmdData */ +void +control_write_data(control_connection_t *conn, const char *data) +{ + char *esc = NULL; + size_t esc_len; + + esc_len = write_escaped_data(data, strlen(data), &esc); + connection_buf_add(esc, esc_len, TO_CONN(conn)); + tor_free(esc); +} diff --git a/src/feature/control/control_proto.h b/src/feature/control/control_proto.h new file mode 100644 index 0000000000..101b808d88 --- /dev/null +++ b/src/feature/control/control_proto.h @@ -0,0 +1,48 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file control_proto.h + * \brief Header file for control_proto.c. + **/ + +#ifndef TOR_CONTROL_PROTO_H +#define TOR_CONTROL_PROTO_H + +void connection_write_str_to_buf(const char *s, control_connection_t *conn); +void connection_printf_to_buf(control_connection_t *conn, + const char *format, ...) + CHECK_PRINTF(2,3); + +size_t write_escaped_data(const char *data, size_t len, char **out); +size_t read_escaped_data(const char *data, size_t len, char **out); +void send_control_done(control_connection_t *conn); + +void control_write_reply(control_connection_t *conn, int code, int c, + const char *s); +void control_vprintf_reply(control_connection_t *conn, int code, int c, + const char *fmt, va_list ap) + CHECK_PRINTF(4, 0); +void control_write_endreply(control_connection_t *conn, int code, + const char *s); +void control_printf_endreply(control_connection_t *conn, int code, + const char *fmt, ...) + CHECK_PRINTF(3, 4); +void control_write_midreply(control_connection_t *conn, int code, + const char *s); +void control_printf_midreply(control_connection_t *conn, int code, + const char *fmt, + ...) + CHECK_PRINTF(3, 4); +void control_write_datareply(control_connection_t *conn, int code, + const char *s); +void control_printf_datareply(control_connection_t *conn, int code, + const char *fmt, + ...) + CHECK_PRINTF(3, 4); +void control_write_data(control_connection_t *conn, const char *data); + +#endif /* !defined(TOR_CONTROL_PROTO_H) */ diff --git a/src/feature/control/fmt_serverstatus.c b/src/feature/control/fmt_serverstatus.c index d224a1d234..a80bf50ad9 100644 --- a/src/feature/control/fmt_serverstatus.c +++ b/src/feature/control/fmt_serverstatus.c @@ -76,7 +76,6 @@ list_server_status_v1(smartlist_t *routers, char **router_status_out, SMARTLIST_FOREACH_BEGIN(routers, routerinfo_t *, ri) { const node_t *node = node_get_by_id(ri->cache_info.identity_digest); tor_assert(node); - if (for_controller) { char name_buf[MAX_VERBOSE_NICKNAME_LEN+2]; char *cp = name_buf; diff --git a/src/feature/dirauth/bridgeauth.c b/src/feature/dirauth/bridgeauth.c new file mode 100644 index 0000000000..4aaefc7a6d --- /dev/null +++ b/src/feature/dirauth/bridgeauth.c @@ -0,0 +1,55 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#include "core/or/or.h" +#include "feature/dirauth/bridgeauth.h" +#include "feature/dirauth/voteflags.h" +#include "feature/nodelist/networkstatus.h" +#include "feature/relay/router.h" +#include "app/config/config.h" + +#include "feature/nodelist/routerinfo_st.h" + +/** Write out router status entries for all our bridge descriptors. Here, we + * also mark routers as running. */ +void +bridgeauth_dump_bridge_status_to_file(time_t now) +{ + char *status; + char *fname = NULL; + char *thresholds = NULL; + char *published_thresholds_and_status = NULL; + char published[ISO_TIME_LEN+1]; + const routerinfo_t *me = router_get_my_routerinfo(); + char fingerprint[FINGERPRINT_LEN+1]; + char *fingerprint_line = NULL; + + dirserv_set_bridges_running(now); + status = networkstatus_getinfo_by_purpose("bridge", now); + + if (me && crypto_pk_get_fingerprint(me->identity_pkey, + fingerprint, 0) >= 0) { + tor_asprintf(&fingerprint_line, "fingerprint %s\n", fingerprint); + } else { + log_warn(LD_BUG, "Error computing fingerprint for bridge status."); + } + format_iso_time(published, now); + dirserv_compute_bridge_flag_thresholds(); + thresholds = dirserv_get_flag_thresholds_line(); + tor_asprintf(&published_thresholds_and_status, + "published %s\nflag-thresholds %s\n%s%s", + published, thresholds, fingerprint_line ? fingerprint_line : "", + status); + fname = get_datadir_fname("networkstatus-bridges"); + if (write_str_to_file(fname,published_thresholds_and_status,0)<0) { + log_warn(LD_DIRSERV, "Unable to write networkstatus-bridges file."); + } + tor_free(thresholds); + tor_free(published_thresholds_and_status); + tor_free(fname); + tor_free(status); + tor_free(fingerprint_line); +} diff --git a/src/feature/dirauth/bridgeauth.h b/src/feature/dirauth/bridgeauth.h new file mode 100644 index 0000000000..cc80fd6375 --- /dev/null +++ b/src/feature/dirauth/bridgeauth.h @@ -0,0 +1,12 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +#ifndef TOR_DIRAUTH_BRIDGEAUTH_H +#define TOR_DIRAUTH_BRIDGEAUTH_H + +void bridgeauth_dump_bridge_status_to_file(time_t now); + +#endif diff --git a/src/feature/dirauth/dirauth_periodic.c b/src/feature/dirauth/dirauth_periodic.c index cfbb156b9f..02727d61b4 100644 --- a/src/feature/dirauth/dirauth_periodic.c +++ b/src/feature/dirauth/dirauth_periodic.c @@ -11,6 +11,7 @@ #include "feature/dirauth/reachability.h" #include "feature/stats/rephist.h" +#include "feature/dirauth/bridgeauth.h" #include "feature/dirauth/dirvote.h" #include "feature/dirauth/dirauth_periodic.h" #include "feature/dirauth/authmode.h" @@ -131,6 +132,23 @@ downrate_stability_callback(time_t now, const or_options_t *options) DECLARE_EVENT(downrate_stability, AUTHORITIES, 0); +/** + * Periodic callback: if we're the bridge authority, write a networkstatus + * file to disk. + */ +static int +write_bridge_ns_callback(time_t now, const or_options_t *options) +{ + if (options->BridgeAuthoritativeDir) { + bridgeauth_dump_bridge_status_to_file(now); +#define BRIDGE_STATUSFILE_INTERVAL (30*60) + return BRIDGE_STATUSFILE_INTERVAL; + } + return PERIODIC_EVENT_NO_UPDATE; +} + +DECLARE_EVENT(write_bridge_ns, BRIDGEAUTH, 0); + void dirauth_register_periodic_events(void) { @@ -139,4 +157,5 @@ dirauth_register_periodic_events(void) periodic_events_register(&save_stability_event); periodic_events_register(&check_authority_cert_event); periodic_events_register(&dirvote_event); + periodic_events_register(&write_bridge_ns_event); } diff --git a/src/feature/dirauth/dirauth_sys.c b/src/feature/dirauth/dirauth_sys.c index bb482f2685..e38d391300 100644 --- a/src/feature/dirauth/dirauth_sys.c +++ b/src/feature/dirauth/dirauth_sys.c @@ -6,9 +6,13 @@ #include "core/or/or.h" +#include "feature/dirauth/bwauth.h" #include "feature/dirauth/dirauth_sys.h" #include "feature/dirauth/dirvote.h" #include "feature/dirauth/dirauth_periodic.h" +#include "feature/dirauth/keypin.h" +#include "feature/dirauth/process_descs.h" + #include "lib/subsys/subsys.h" static int @@ -21,7 +25,10 @@ subsys_dirauth_initialize(void) static void subsys_dirauth_shutdown(void) { + dirserv_free_fingerprint_list(); dirvote_free_all(); + dirserv_clear_measured_bw_cache(); + keypin_close_journal(); } const struct subsys_fns_t sys_dirauth = { diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index a02933b298..b841ab240f 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -4545,8 +4545,8 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_t *private_key, vrs = tor_malloc_zero(sizeof(vote_routerstatus_t)); rs = &vrs->status; - set_routerstatus_from_routerinfo(rs, node, ri, now, - listbadexits); + dirauth_set_routerstatus_from_routerinfo(rs, node, ri, now, + listbadexits); if (ri->cache_info.signing_key_cert) { memcpy(vrs->ed25519_id, diff --git a/src/feature/dirauth/recommend_pkg.h b/src/feature/dirauth/recommend_pkg.h index 8200d78f72..1f97d50177 100644 --- a/src/feature/dirauth/recommend_pkg.h +++ b/src/feature/dirauth/recommend_pkg.h @@ -12,6 +12,18 @@ #ifndef TOR_RECOMMEND_PKG_H #define TOR_RECOMMEND_PKG_H +#ifdef HAVE_MODULE_DIRAUTH int validate_recommended_package_line(const char *line); +#else + +static inline int +validate_recommended_package_line(const char *line) +{ + (void) line; + return 0; +} + +#endif + #endif diff --git a/src/feature/dirauth/voteflags.c b/src/feature/dirauth/voteflags.c index 957ebe4a4f..f552af98c4 100644 --- a/src/feature/dirauth/voteflags.c +++ b/src/feature/dirauth/voteflags.c @@ -546,38 +546,31 @@ should_publish_node_ipv6(const node_t *node, const routerinfo_t *ri, router_is_me(ri)); } -/** Extract status information from <b>ri</b> and from other authority - * functions and store it in <b>rs</b>. <b>rs</b> is zeroed out before it is - * set. - * - * We assume that ri-\>is_running has already been set, e.g. by - * dirserv_set_router_is_running(ri, now); +/** + * Extract status information from <b>ri</b> and from other authority + * functions and store it in <b>rs</b>, as per + * <b>set_routerstatus_from_routerinfo</b>. Additionally, sets information + * in from the authority subsystem. */ void -set_routerstatus_from_routerinfo(routerstatus_t *rs, - node_t *node, - const routerinfo_t *ri, - time_t now, - int listbadexits) +dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, + node_t *node, + const routerinfo_t *ri, + time_t now, + int listbadexits) { const or_options_t *options = get_options(); uint32_t routerbw_kb = dirserv_get_credible_bandwidth_kb(ri); - memset(rs, 0, sizeof(routerstatus_t)); - - rs->is_authority = - router_digest_is_trusted_dir(ri->cache_info.identity_digest); - - /* Already set by compute_performance_thresholds. */ - rs->is_exit = node->is_exit; - rs->is_stable = node->is_stable = - !dirserv_thinks_router_is_unreliable(now, ri, 1, 0); - rs->is_fast = node->is_fast = - !dirserv_thinks_router_is_unreliable(now, ri, 0, 1); - rs->is_flagged_running = node->is_running; /* computed above */ + /* Set these flags so that set_routerstatus_from_routerinfo can copy them. + */ + node->is_stable = !dirserv_thinks_router_is_unreliable(now, ri, 1, 0); + node->is_fast = !dirserv_thinks_router_is_unreliable(now, ri, 0, 1); + node->is_hs_dir = dirserv_thinks_router_is_hs_dir(ri, node, now); - rs->is_valid = node->is_valid; + set_routerstatus_from_routerinfo(rs, node, ri); + /* Override rs->is_possible_guard. */ if (node->is_fast && node->is_stable && ri->supports_tunnelled_dir_requests && ((options->AuthDirGuardBWGuarantee && @@ -593,31 +586,16 @@ set_routerstatus_from_routerinfo(routerstatus_t *rs, rs->is_possible_guard = 0; } + /* Override rs->is_bad_exit */ rs->is_bad_exit = listbadexits && node->is_bad_exit; - rs->is_hs_dir = node->is_hs_dir = - dirserv_thinks_router_is_hs_dir(ri, node, now); - - rs->is_named = rs->is_unnamed = 0; - - rs->published_on = ri->cache_info.published_on; - memcpy(rs->identity_digest, node->identity, DIGEST_LEN); - memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest, - DIGEST_LEN); - rs->addr = ri->addr; - strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname)); - rs->or_port = ri->or_port; - rs->dir_port = ri->dir_port; - rs->is_v2_dir = ri->supports_tunnelled_dir_requests; + /* Set rs->is_staledesc. */ rs->is_staledesc = (ri->cache_info.published_on + DESC_IS_STALE_INTERVAL) < now; - if (should_publish_node_ipv6(node, ri, now)) { - /* We're configured as having IPv6 connectivity. There's an IPv6 - OR port and it's reachable so copy it to the routerstatus. */ - tor_addr_copy(&rs->ipv6_addr, &ri->ipv6_addr); - rs->ipv6_orport = ri->ipv6_orport; - } else { + if (! should_publish_node_ipv6(node, ri, now)) { + /* We're not configured as having IPv6 connectivity or the node isn't: + * zero its IPv6 information. */ tor_addr_make_null(&rs->ipv6_addr, AF_INET6); rs->ipv6_orport = 0; } diff --git a/src/feature/dirauth/voteflags.h b/src/feature/dirauth/voteflags.h index 18b29a5183..ee809a290d 100644 --- a/src/feature/dirauth/voteflags.h +++ b/src/feature/dirauth/voteflags.h @@ -12,18 +12,20 @@ #ifndef TOR_VOTEFLAGS_H #define TOR_VOTEFLAGS_H +#ifdef HAVE_MODULE_DIRAUTH void dirserv_set_router_is_running(routerinfo_t *router, time_t now); char *dirserv_get_flag_thresholds_line(void); void dirserv_compute_bridge_flag_thresholds(void); int running_long_enough_to_decide_unreachable(void); -void set_routerstatus_from_routerinfo(routerstatus_t *rs, - node_t *node, - const routerinfo_t *ri, - time_t now, - int listbadexits); +void dirauth_set_routerstatus_from_routerinfo(routerstatus_t *rs, + node_t *node, + const routerinfo_t *ri, + time_t now, + int listbadexits); void dirserv_compute_performance_thresholds(digestmap_t *omit_as_sybil); +#endif void dirserv_set_bridges_running(time_t now); diff --git a/src/feature/nodelist/fmt_routerstatus.c b/src/feature/nodelist/fmt_routerstatus.c index 9a7d3082ef..fea7cf4c65 100644 --- a/src/feature/nodelist/fmt_routerstatus.c +++ b/src/feature/nodelist/fmt_routerstatus.c @@ -14,55 +14,14 @@ #include "core/or/or.h" #include "feature/nodelist/fmt_routerstatus.h" -/* #include "lib/container/buffers.h" */ -/* #include "app/config/config.h" */ -/* #include "app/config/confparse.h" */ -/* #include "core/or/channel.h" */ -/* #include "core/or/channeltls.h" */ -/* #include "core/or/command.h" */ -/* #include "core/mainloop/connection.h" */ -/* #include "core/or/connection_or.h" */ -/* #include "feature/dircache/conscache.h" */ -/* #include "feature/dircache/consdiffmgr.h" */ -/* #include "feature/control/control.h" */ -/* #include "feature/dircache/directory.h" */ -/* #include "feature/dircache/dirserv.h" */ -/* #include "feature/hibernate/hibernate.h" */ -/* #include "feature/dirauth/keypin.h" */ -/* #include "core/mainloop/mainloop.h" */ -/* #include "feature/nodelist/microdesc.h" */ -/* #include "feature/nodelist/networkstatus.h" */ -/* #include "feature/nodelist/nodelist.h" */ #include "core/or/policies.h" -/* #include "core/or/protover.h" */ -/* #include "feature/stats/rephist.h" */ -/* #include "feature/relay/router.h" */ -/* #include "feature/nodelist/dirlist.h" */ #include "feature/nodelist/routerlist.h" - -/* #include "feature/nodelist/routerparse.h" */ -/* #include "feature/nodelist/routerset.h" */ -/* #include "feature/nodelist/torcert.h" */ -/* #include "feature/dircommon/voting_schedule.h" */ - #include "feature/dirauth/dirvote.h" -/* #include "feature/dircache/cached_dir_st.h" */ -/* #include "feature/dircommon/dir_connection_st.h" */ -/* #include "feature/nodelist/extrainfo_st.h" */ -/* #include "feature/nodelist/microdesc_st.h" */ -/* #include "feature/nodelist/node_st.h" */ #include "feature/nodelist/routerinfo_st.h" -/* #include "feature/nodelist/routerlist_st.h" */ -/* #include "core/or/tor_version_st.h" */ #include "feature/nodelist/vote_routerstatus_st.h" -/* #include "lib/compress/compress.h" */ -/* #include "lib/container/order.h" */ #include "lib/crypt_ops/crypto_format.h" -/* #include "lib/encoding/confline.h" */ - -/* #include "lib/encoding/keyval.h" */ /** Helper: write the router-status information in <b>rs</b> into a newly * allocated character buffer. Use the same format as in network-status diff --git a/src/feature/nodelist/networkstatus.c b/src/feature/nodelist/networkstatus.c index 22fef81085..c7e337309e 100644 --- a/src/feature/nodelist/networkstatus.c +++ b/src/feature/nodelist/networkstatus.c @@ -2366,6 +2366,49 @@ networkstatus_getinfo_helper_single(const routerstatus_t *rs) NULL); } +/** + * Extract status information from <b>ri</b> and from other authority + * functions and store it in <b>rs</b>. <b>rs</b> is zeroed out before it is + * set. + * + * We assume that node-\>is_running has already been set, e.g. by + * dirserv_set_router_is_running(ri, now); + */ +void +set_routerstatus_from_routerinfo(routerstatus_t *rs, + const node_t *node, + const routerinfo_t *ri) +{ + memset(rs, 0, sizeof(routerstatus_t)); + + rs->is_authority = + router_digest_is_trusted_dir(ri->cache_info.identity_digest); + + /* Set by compute_performance_thresholds or from consensus */ + rs->is_exit = node->is_exit; + rs->is_stable = node->is_stable; + rs->is_fast = node->is_fast; + rs->is_flagged_running = node->is_running; + rs->is_valid = node->is_valid; + rs->is_possible_guard = node->is_possible_guard; + rs->is_bad_exit = node->is_bad_exit; + rs->is_hs_dir = node->is_hs_dir; + rs->is_named = rs->is_unnamed = 0; + + rs->published_on = ri->cache_info.published_on; + memcpy(rs->identity_digest, node->identity, DIGEST_LEN); + memcpy(rs->descriptor_digest, ri->cache_info.signed_descriptor_digest, + DIGEST_LEN); + rs->addr = ri->addr; + strlcpy(rs->nickname, ri->nickname, sizeof(rs->nickname)); + rs->or_port = ri->or_port; + rs->dir_port = ri->dir_port; + rs->is_v2_dir = ri->supports_tunnelled_dir_requests; + + tor_addr_copy(&rs->ipv6_addr, &ri->ipv6_addr); + rs->ipv6_orport = ri->ipv6_orport; +} + /** Alloc and return a string describing routerstatuses for the most * recent info of each router we know about that is of purpose * <b>purpose_string</b>. Return NULL if unrecognized purpose. @@ -2398,8 +2441,7 @@ networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now) continue; if (ri->purpose != purpose) continue; - /* then generate and write out status lines for each of them */ - set_routerstatus_from_routerinfo(&rs, node, ri, now, 0); + set_routerstatus_from_routerinfo(&rs, node, ri); smartlist_add(statuses, networkstatus_getinfo_helper_single(&rs)); } SMARTLIST_FOREACH_END(ri); @@ -2409,47 +2451,6 @@ networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now) return answer; } -/** Write out router status entries for all our bridge descriptors. Here, we - * also mark routers as running. */ -void -networkstatus_dump_bridge_status_to_file(time_t now) -{ - char *status; - char *fname = NULL; - char *thresholds = NULL; - char *published_thresholds_and_status = NULL; - char published[ISO_TIME_LEN+1]; - const routerinfo_t *me = router_get_my_routerinfo(); - char fingerprint[FINGERPRINT_LEN+1]; - char *fingerprint_line = NULL; - - dirserv_set_bridges_running(now); - status = networkstatus_getinfo_by_purpose("bridge", now); - - if (me && crypto_pk_get_fingerprint(me->identity_pkey, - fingerprint, 0) >= 0) { - tor_asprintf(&fingerprint_line, "fingerprint %s\n", fingerprint); - } else { - log_warn(LD_BUG, "Error computing fingerprint for bridge status."); - } - format_iso_time(published, now); - dirserv_compute_bridge_flag_thresholds(); - thresholds = dirserv_get_flag_thresholds_line(); - tor_asprintf(&published_thresholds_and_status, - "published %s\nflag-thresholds %s\n%s%s", - published, thresholds, fingerprint_line ? fingerprint_line : "", - status); - fname = get_datadir_fname("networkstatus-bridges"); - if (write_str_to_file(fname,published_thresholds_and_status,0)<0) { - log_warn(LD_DIRSERV, "Unable to write networkstatus-bridges file."); - } - tor_free(thresholds); - tor_free(published_thresholds_and_status); - tor_free(fname); - tor_free(status); - tor_free(fingerprint_line); -} - /* DOCDOC get_net_param_from_list */ static int32_t get_net_param_from_list(smartlist_t *net_params, const char *param_name, diff --git a/src/feature/nodelist/networkstatus.h b/src/feature/nodelist/networkstatus.h index 8269fc6182..600fd7fbd5 100644 --- a/src/feature/nodelist/networkstatus.h +++ b/src/feature/nodelist/networkstatus.h @@ -122,7 +122,6 @@ void signed_descs_update_status_from_consensus_networkstatus( char *networkstatus_getinfo_helper_single(const routerstatus_t *rs); char *networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now); -void networkstatus_dump_bridge_status_to_file(time_t now); MOCK_DECL(int32_t, networkstatus_get_param, (const networkstatus_t *ns, const char *param_name, int32_t default_val, int32_t min_val, int32_t max_val)); @@ -149,6 +148,10 @@ void vote_routerstatus_free_(vote_routerstatus_t *rs); #define vote_routerstatus_free(rs) \ FREE_AND_NULL(vote_routerstatus_t, vote_routerstatus_free_, (rs)) +void set_routerstatus_from_routerinfo(routerstatus_t *rs, + const node_t *node, + const routerinfo_t *ri); + #ifdef NETWORKSTATUS_PRIVATE #ifdef TOR_UNIT_TESTS STATIC int networkstatus_set_current_consensus_from_ns(networkstatus_t *c, diff --git a/src/feature/nodelist/routerlist.c b/src/feature/nodelist/routerlist.c index 5fea1d1a8b..5788347a0e 100644 --- a/src/feature/nodelist/routerlist.c +++ b/src/feature/nodelist/routerlist.c @@ -1926,6 +1926,8 @@ routerlist_remove_old_routers(void) void routerlist_descriptors_added(smartlist_t *sl, int from_cache) { + // XXXX use pubsub mechanism here. + tor_assert(sl); control_event_descriptors_changed(sl); SMARTLIST_FOREACH_BEGIN(sl, routerinfo_t *, ri) { @@ -1933,7 +1935,9 @@ routerlist_descriptors_added(smartlist_t *sl, int from_cache) learned_bridge_descriptor(ri, from_cache); if (ri->needs_retest_if_added) { ri->needs_retest_if_added = 0; +#ifdef HAVE_MODULE_DIRAUTH dirserv_single_reachability_test(approx_time(), ri); +#endif } } SMARTLIST_FOREACH_END(ri); } diff --git a/src/lib/arch/include.am b/src/lib/arch/include.am index f92ee9222f..c5926c6330 100644 --- a/src/lib/arch/include.am +++ b/src/lib/arch/include.am @@ -1,3 +1,4 @@ +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/arch/bytes.h diff --git a/src/lib/buf/include.am b/src/lib/buf/include.am index 3338c3dbdb..27430d1d38 100644 --- a/src/lib/buf/include.am +++ b/src/lib/buf/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-buf-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_buf_a_SOURCES = \ src/lib/buf/buffers.c @@ -13,5 +14,6 @@ src_lib_libtor_buf_testing_a_SOURCES = \ src_lib_libtor_buf_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_buf_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/buf/buffers.h diff --git a/src/lib/cc/include.am b/src/lib/cc/include.am index 52cf8a9f72..1aa722dd82 100644 --- a/src/lib/cc/include.am +++ b/src/lib/cc/include.am @@ -1,4 +1,5 @@ +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/cc/compat_compiler.h \ src/lib/cc/ctassert.h \ diff --git a/src/lib/compress/include.am b/src/lib/compress/include.am index b952779578..60dd447d4e 100644 --- a/src/lib/compress/include.am +++ b/src/lib/compress/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-compress-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_compress_a_SOURCES = \ src/lib/compress/compress.c \ src/lib/compress/compress_buf.c \ @@ -18,6 +19,7 @@ src_lib_libtor_compress_testing_a_SOURCES = \ src_lib_libtor_compress_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_compress_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/compress/compress.h \ src/lib/compress/compress_lzma.h \ diff --git a/src/lib/container/include.am b/src/lib/container/include.am index 50d35e749b..00d7b8e587 100644 --- a/src/lib/container/include.am +++ b/src/lib/container/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-container-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_container_a_SOURCES = \ src/lib/container/bloomfilt.c \ src/lib/container/map.c \ @@ -17,6 +18,7 @@ src_lib_libtor_container_testing_a_SOURCES = \ src_lib_libtor_container_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_container_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/container/bitarray.h \ src/lib/container/bloomfilt.h \ diff --git a/src/lib/crypt_ops/include.am b/src/lib/crypt_ops/include.am index c90ef6eca8..1f58a33d38 100644 --- a/src/lib/crypt_ops/include.am +++ b/src/lib/crypt_ops/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-crypt-ops-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_crypt_ops_a_SOURCES = \ src/lib/crypt_ops/crypto_cipher.c \ src/lib/crypt_ops/crypto_curve25519.c \ @@ -52,6 +53,7 @@ src_lib_libtor_crypt_ops_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_crypt_ops_testing_a_CFLAGS = \ $(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/crypt_ops/aes.h \ src/lib/crypt_ops/compat_openssl.h \ diff --git a/src/lib/ctime/include.am b/src/lib/ctime/include.am index b46c43ba0c..83942ca4e0 100644 --- a/src/lib/ctime/include.am +++ b/src/lib/ctime/include.am @@ -11,6 +11,7 @@ else mulodi4_source= endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_ctime_a_SOURCES = \ $(mulodi4_source) \ src/ext/csiphash.c \ @@ -21,5 +22,6 @@ src_lib_libtor_ctime_testing_a_SOURCES = \ src_lib_libtor_ctime_a_CFLAGS = @CFLAGS_CONSTTIME@ src_lib_libtor_ctime_testing_a_CFLAGS = @CFLAGS_CONSTTIME@ $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/ctime/di_ops.h diff --git a/src/lib/defs/include.am b/src/lib/defs/include.am index 6a7f9114ea..dfddc92e55 100644 --- a/src/lib/defs/include.am +++ b/src/lib/defs/include.am @@ -1,4 +1,5 @@ +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/defs/dh_sizes.h \ src/lib/defs/digest_sizes.h \ diff --git a/src/lib/dispatch/include.am b/src/lib/dispatch/include.am index 4ec5b75cd1..4a0e0dfd90 100644 --- a/src/lib/dispatch/include.am +++ b/src/lib/dispatch/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-dispatch-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_dispatch_a_SOURCES = \ src/lib/dispatch/dispatch_cfg.c \ src/lib/dispatch/dispatch_core.c \ @@ -16,6 +17,7 @@ src_lib_libtor_dispatch_testing_a_SOURCES = \ src_lib_libtor_dispatch_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_dispatch_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/dispatch/dispatch.h \ src/lib/dispatch/dispatch_cfg.h \ diff --git a/src/lib/encoding/include.am b/src/lib/encoding/include.am index 8272e4e5fa..48d0120bfc 100644 --- a/src/lib/encoding/include.am +++ b/src/lib/encoding/include.am @@ -4,6 +4,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-encoding-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_encoding_a_SOURCES = \ src/lib/encoding/binascii.c \ src/lib/encoding/confline.c \ @@ -19,6 +20,7 @@ src_lib_libtor_encoding_testing_a_SOURCES = \ src_lib_libtor_encoding_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_encoding_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/encoding/binascii.h \ src/lib/encoding/confline.h \ diff --git a/src/lib/err/include.am b/src/lib/err/include.am index 43adcd2694..883ac91511 100644 --- a/src/lib/err/include.am +++ b/src/lib/err/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-err-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_err_a_SOURCES = \ src/lib/err/backtrace.c \ src/lib/err/torerr.c \ @@ -15,6 +16,7 @@ src_lib_libtor_err_testing_a_SOURCES = \ src_lib_libtor_err_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_err_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/err/backtrace.h \ src/lib/err/torerr.h \ diff --git a/src/lib/evloop/include.am b/src/lib/evloop/include.am index 6b0076272a..6595b3a34b 100644 --- a/src/lib/evloop/include.am +++ b/src/lib/evloop/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-evloop-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_evloop_a_SOURCES = \ src/lib/evloop/compat_libevent.c \ src/lib/evloop/procmon.c \ @@ -12,12 +13,12 @@ src_lib_libtor_evloop_a_SOURCES = \ src/lib/evloop/token_bucket.c \ src/lib/evloop/workqueue.c - src_lib_libtor_evloop_testing_a_SOURCES = \ $(src_lib_libtor_evloop_a_SOURCES) src_lib_libtor_evloop_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_evloop_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/evloop/compat_libevent.h \ src/lib/evloop/procmon.h \ diff --git a/src/lib/fdio/include.am b/src/lib/fdio/include.am index 6c18f00a0d..545bbc929e 100644 --- a/src/lib/fdio/include.am +++ b/src/lib/fdio/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-fdio-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_fdio_a_SOURCES = \ src/lib/fdio/fdio.c @@ -13,5 +14,6 @@ src_lib_libtor_fdio_testing_a_SOURCES = \ src_lib_libtor_fdio_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_fdio_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/fdio/fdio.h diff --git a/src/lib/fs/include.am b/src/lib/fs/include.am index f33e4d6430..493db8f044 100644 --- a/src/lib/fs/include.am +++ b/src/lib/fs/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-fs-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_fs_a_SOURCES = \ src/lib/fs/conffile.c \ src/lib/fs/dir.c \ @@ -25,6 +26,7 @@ src_lib_libtor_fs_testing_a_SOURCES = \ src_lib_libtor_fs_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_fs_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/fs/conffile.h \ src/lib/fs/dir.h \ diff --git a/src/lib/geoip/include.am b/src/lib/geoip/include.am index 9710d75ac7..ea426d14bc 100644 --- a/src/lib/geoip/include.am +++ b/src/lib/geoip/include.am @@ -4,6 +4,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-geoip-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_geoip_a_SOURCES = \ src/lib/geoip/geoip.c @@ -12,6 +13,7 @@ src_lib_libtor_geoip_testing_a_SOURCES = \ src_lib_libtor_geoip_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_geoip_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/geoip/geoip.h \ src/lib/geoip/country.h diff --git a/src/lib/intmath/include.am b/src/lib/intmath/include.am index 45ee3bd53b..155ffa145a 100644 --- a/src/lib/intmath/include.am +++ b/src/lib/intmath/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-intmath-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_intmath_a_SOURCES = \ src/lib/intmath/addsub.c \ src/lib/intmath/bits.c \ @@ -16,6 +17,7 @@ src_lib_libtor_intmath_testing_a_SOURCES = \ src_lib_libtor_intmath_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_intmath_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/intmath/addsub.h \ src/lib/intmath/cmp.h \ diff --git a/src/lib/lock/include.am b/src/lib/lock/include.am index 4e6f444347..1475b9911b 100644 --- a/src/lib/lock/include.am +++ b/src/lib/lock/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-lock-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_lock_a_SOURCES = \ src/lib/lock/compat_mutex.c @@ -20,5 +21,6 @@ src_lib_libtor_lock_testing_a_SOURCES = \ src_lib_libtor_lock_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_lock_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/lock/compat_mutex.h diff --git a/src/lib/log/include.am b/src/lib/log/include.am index 9d3dbe3104..5b9f7113ba 100644 --- a/src/lib/log/include.am +++ b/src/lib/log/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-log-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_log_a_SOURCES = \ src/lib/log/escape.c \ src/lib/log/ratelim.c \ @@ -21,6 +22,7 @@ src_lib_libtor_log_testing_a_SOURCES = \ src_lib_libtor_log_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_log_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/log/escape.h \ src/lib/log/ratelim.h \ diff --git a/src/lib/log/util_bug.h b/src/lib/log/util_bug.h index 2e220b7286..fb223b35f4 100644 --- a/src/lib/log/util_bug.h +++ b/src/lib/log/util_bug.h @@ -143,12 +143,13 @@ #ifdef ALL_BUGS_ARE_FATAL #define tor_assert_nonfatal_unreached() tor_assert(0) #define tor_assert_nonfatal(cond) tor_assert((cond)) -#define tor_assertf_nonfatal(cond, fmt, ...) tor_assertf(cond, fmt, ...) +#define tor_assertf_nonfatal(cond, fmt, ...) \ + tor_assertf(cond, fmt, ##__VA_ARGS__) #define tor_assert_nonfatal_unreached_once() tor_assert(0) #define tor_assert_nonfatal_once(cond) tor_assert((cond)) #define BUG(cond) \ (ASSERT_PREDICT_UNLIKELY_(cond) ? \ - (tor_assertion_failed_(SHORT_FILE__,__LINE__,__func__,"!("#cond")"), \ + (tor_assertion_failed_(SHORT_FILE__,__LINE__,__func__,"!("#cond")",NULL), \ tor_abort_(), 1) \ : 0) #elif defined(TOR_UNIT_TESTS) && defined(DISABLE_ASSERTS_IN_UNIT_TESTS) diff --git a/src/lib/malloc/include.am b/src/lib/malloc/include.am index 95d96168e1..b74292bc6e 100644 --- a/src/lib/malloc/include.am +++ b/src/lib/malloc/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-malloc-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_malloc_a_SOURCES = \ src/lib/malloc/malloc.c \ src/lib/malloc/map_anon.c @@ -18,6 +19,7 @@ src_lib_libtor_malloc_testing_a_SOURCES = \ src_lib_libtor_malloc_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_malloc_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/malloc/malloc.h \ src/lib/malloc/map_anon.h diff --git a/src/lib/math/include.am b/src/lib/math/include.am index 6d65ce90a7..b2ca280f47 100644 --- a/src/lib/math/include.am +++ b/src/lib/math/include.am @@ -5,17 +5,18 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-math-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_math_a_SOURCES = \ src/lib/math/fp.c \ src/lib/math/laplace.c \ src/lib/math/prob_distr.c - src_lib_libtor_math_testing_a_SOURCES = \ $(src_lib_libtor_math_a_SOURCES) src_lib_libtor_math_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_math_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/math/fp.h \ src/lib/math/laplace.h \ diff --git a/src/lib/memarea/include.am b/src/lib/memarea/include.am index 94343dcead..83fb99ec73 100644 --- a/src/lib/memarea/include.am +++ b/src/lib/memarea/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-memarea-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_memarea_a_SOURCES = \ src/lib/memarea/memarea.c @@ -13,5 +14,6 @@ src_lib_libtor_memarea_testing_a_SOURCES = \ src_lib_libtor_memarea_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_memarea_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/memarea/memarea.h diff --git a/src/lib/meminfo/include.am b/src/lib/meminfo/include.am index d1fdde6313..12c1bff72d 100644 --- a/src/lib/meminfo/include.am +++ b/src/lib/meminfo/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-meminfo-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_meminfo_a_SOURCES = \ src/lib/meminfo/meminfo.c @@ -13,5 +14,6 @@ src_lib_libtor_meminfo_testing_a_SOURCES = \ src_lib_libtor_meminfo_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_meminfo_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/meminfo/meminfo.h diff --git a/src/lib/net/include.am b/src/lib/net/include.am index 8a88f0f2ae..485019f4b7 100644 --- a/src/lib/net/include.am +++ b/src/lib/net/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-net-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_net_a_SOURCES = \ src/lib/net/address.c \ src/lib/net/alertsock.c \ @@ -21,6 +22,7 @@ src_lib_libtor_net_testing_a_SOURCES = \ src_lib_libtor_net_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_net_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/net/address.h \ src/lib/net/alertsock.h \ diff --git a/src/lib/osinfo/include.am b/src/lib/osinfo/include.am index 16c5812604..84bd7feb00 100644 --- a/src/lib/osinfo/include.am +++ b/src/lib/osinfo/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-osinfo-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_osinfo_a_SOURCES = \ src/lib/osinfo/uname.c @@ -13,5 +14,6 @@ src_lib_libtor_osinfo_testing_a_SOURCES = \ src_lib_libtor_osinfo_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_osinfo_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/osinfo/uname.h diff --git a/src/lib/process/include.am b/src/lib/process/include.am index 83b67bf029..af5f99617b 100644 --- a/src/lib/process/include.am +++ b/src/lib/process/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-process-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_process_a_SOURCES = \ src/lib/process/daemon.c \ src/lib/process/env.c \ @@ -23,6 +24,7 @@ src_lib_libtor_process_testing_a_SOURCES = \ src_lib_libtor_process_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_process_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/process/daemon.h \ src/lib/process/env.h \ diff --git a/src/lib/pubsub/include.am b/src/lib/pubsub/include.am index c0ec13d039..e2abebcd40 100644 --- a/src/lib/pubsub/include.am +++ b/src/lib/pubsub/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-pubsub-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_pubsub_a_SOURCES = \ src/lib/pubsub/pubsub_build.c \ src/lib/pubsub/pubsub_check.c \ @@ -15,6 +16,7 @@ src_lib_libtor_pubsub_testing_a_SOURCES = \ src_lib_libtor_pubsub_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_pubsub_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/pubsub/pub_binding_st.h \ src/lib/pubsub/pubsub.h \ diff --git a/src/lib/sandbox/include.am b/src/lib/sandbox/include.am index adfda6bde5..e81f14b55f 100644 --- a/src/lib/sandbox/include.am +++ b/src/lib/sandbox/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-sandbox-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_sandbox_a_SOURCES = \ src/lib/sandbox/sandbox.c @@ -13,6 +14,7 @@ src_lib_libtor_sandbox_testing_a_SOURCES = \ src_lib_libtor_sandbox_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_sandbox_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/sandbox/linux_syscalls.inc \ src/lib/sandbox/sandbox.h diff --git a/src/lib/smartlist_core/include.am b/src/lib/smartlist_core/include.am index 99d65f0b23..548179bc4f 100644 --- a/src/lib/smartlist_core/include.am +++ b/src/lib/smartlist_core/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-smartlist-core-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_smartlist_core_a_SOURCES = \ src/lib/smartlist_core/smartlist_core.c \ src/lib/smartlist_core/smartlist_split.c @@ -15,6 +16,7 @@ src_lib_libtor_smartlist_core_testing_a_CPPFLAGS = \ $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_smartlist_core_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/smartlist_core/smartlist_core.h \ src/lib/smartlist_core/smartlist_foreach.h \ diff --git a/src/lib/string/include.am b/src/lib/string/include.am index edd74b8a3e..82d35cc5af 100644 --- a/src/lib/string/include.am +++ b/src/lib/string/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-string-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_string_a_SOURCES = \ src/lib/string/compat_ctype.c \ src/lib/string/compat_string.c \ @@ -18,6 +19,7 @@ src_lib_libtor_string_testing_a_SOURCES = \ src_lib_libtor_string_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_string_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/string/compat_ctype.h \ src/lib/string/compat_string.h \ diff --git a/src/lib/subsys/include.am b/src/lib/subsys/include.am index 4741126b14..c9ab54ca73 100644 --- a/src/lib/subsys/include.am +++ b/src/lib/subsys/include.am @@ -1,3 +1,4 @@ +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/subsys/subsys.h diff --git a/src/lib/term/include.am b/src/lib/term/include.am index 55fe548ebc..a120bba0cb 100644 --- a/src/lib/term/include.am +++ b/src/lib/term/include.am @@ -11,6 +11,7 @@ else readpassphrase_source= endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_term_a_SOURCES = \ src/lib/term/getpass.c \ $(readpassphrase_source) @@ -20,5 +21,6 @@ src_lib_libtor_term_testing_a_SOURCES = \ src_lib_libtor_term_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_term_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/term/getpass.h diff --git a/src/lib/testsupport/include.am b/src/lib/testsupport/include.am index b2aa620985..a5ed46eb67 100644 --- a/src/lib/testsupport/include.am +++ b/src/lib/testsupport/include.am @@ -1,3 +1,4 @@ +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/testsupport/testsupport.h diff --git a/src/lib/thread/include.am b/src/lib/thread/include.am index 695795a2c8..cd8016b5df 100644 --- a/src/lib/thread/include.am +++ b/src/lib/thread/include.am @@ -12,6 +12,7 @@ if THREADS_WIN32 threads_impl_source=src/lib/thread/compat_winthreads.c endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_thread_a_SOURCES = \ src/lib/thread/compat_threads.c \ src/lib/thread/numcpus.c \ @@ -22,6 +23,7 @@ src_lib_libtor_thread_testing_a_SOURCES = \ src_lib_libtor_thread_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_thread_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/thread/numcpus.h \ src/lib/thread/thread_sys.h \ diff --git a/src/lib/time/include.am b/src/lib/time/include.am index dae16f49ac..dcb199b142 100644 --- a/src/lib/time/include.am +++ b/src/lib/time/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-time-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_time_a_SOURCES = \ src/lib/time/compat_time.c \ src/lib/time/time_sys.c \ @@ -15,6 +16,7 @@ src_lib_libtor_time_testing_a_SOURCES = \ src_lib_libtor_time_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_time_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/time/compat_time.h \ src/lib/time/time_sys.h \ diff --git a/src/lib/tls/include.am b/src/lib/tls/include.am index 1817739eef..7e05ef4f8c 100644 --- a/src/lib/tls/include.am +++ b/src/lib/tls/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-tls-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_tls_a_SOURCES = \ src/lib/tls/buffers_tls.c \ src/lib/tls/tortls.c \ @@ -29,6 +30,7 @@ src_lib_libtor_tls_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_tls_testing_a_CFLAGS = \ $(AM_CFLAGS) $(TOR_CFLAGS_CRYPTLIB) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/tls/ciphers.inc \ src/lib/tls/buffers_tls.h \ diff --git a/src/lib/trace/include.am b/src/lib/trace/include.am index 6f10c98744..98098c87f4 100644 --- a/src/lib/trace/include.am +++ b/src/lib/trace/include.am @@ -2,6 +2,7 @@ noinst_LIBRARIES += \ src/lib/libtor-trace.a +# ADD_C_FILE: INSERT HEADERS HERE. TRACEHEADERS = \ src/lib/trace/trace.h \ src/lib/trace/events.h @@ -11,7 +12,7 @@ TRACEHEADERS += \ src/lib/trace/debug.h endif -# Library source files. +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_trace_a_SOURCES = \ src/lib/trace/trace.c diff --git a/src/lib/version/include.am b/src/lib/version/include.am index 6944eb05e3..0ae31be1b2 100644 --- a/src/lib/version/include.am +++ b/src/lib/version/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-version-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_version_a_SOURCES = \ src/lib/version/git_revision.c \ src/lib/version/version.c @@ -20,6 +21,7 @@ src/lib/version/git_revision.$(OBJEXT) \ src/lib/version/src_lib_libtor_version_testing_a-git_revision.$(OBJEXT): \ micro-revision.i +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/version/git_revision.h \ src/lib/version/torversion.h diff --git a/src/lib/wallclock/include.am b/src/lib/wallclock/include.am index 2351252e0c..2b50d6ccbb 100644 --- a/src/lib/wallclock/include.am +++ b/src/lib/wallclock/include.am @@ -5,6 +5,7 @@ if UNITTESTS_ENABLED noinst_LIBRARIES += src/lib/libtor-wallclock-testing.a endif +# ADD_C_FILE: INSERT SOURCES HERE. src_lib_libtor_wallclock_a_SOURCES = \ src/lib/wallclock/approx_time.c \ src/lib/wallclock/time_to_tm.c \ @@ -15,6 +16,7 @@ src_lib_libtor_wallclock_testing_a_SOURCES = \ src_lib_libtor_wallclock_testing_a_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS) src_lib_libtor_wallclock_testing_a_CFLAGS = $(AM_CFLAGS) $(TEST_CFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ src/lib/wallclock/approx_time.h \ src/lib/wallclock/timeval.h \ diff --git a/src/test/fuzz/fixup_filenames.sh b/src/test/fuzz/fixup_filenames.sh index 68efc1abc5..f730d532a5 100755 --- a/src/test/fuzz/fixup_filenames.sh +++ b/src/test/fuzz/fixup_filenames.sh @@ -8,9 +8,9 @@ if [ ! -d "$1" ] ; then fi for fn in "$1"/* ; do - prev=`basename "$fn"` - post=`sha256sum "$fn" | sed -e 's/ .*//;'` - if [ "$prev" == "$post" ] ; then + prev=$(basename "$fn") + post=$(sha256sum "$fn" | sed -e 's/ .*//;') + if [ "$prev" = "$post" ] ; then echo "OK $prev" else echo "mv $prev $post" diff --git a/src/test/include.am b/src/test/include.am index 022cdbe035..899e0de7d9 100644 --- a/src/test/include.am +++ b/src/test/include.am @@ -85,6 +85,8 @@ src_test_AM_CPPFLAGS = -DSHARE_DATADIR="\"$(datadir)\"" \ src_test_test_SOURCES = if UNITTESTS_ENABLED + +# ADD_C_FILE: INSERT SOURCES HERE. src_test_test_SOURCES += \ src/test/log_test_helpers.c \ src/test/hs_test_helpers.c \ @@ -180,6 +182,7 @@ src_test_test_SOURCES += \ src/test/test_routerlist.c \ src/test/test_routerset.c \ src/test/test_scheduler.c \ + src/test/test_sendme.c \ src/test/test_shared_random.c \ src/test/test_socks.c \ src/test/test_status.c \ @@ -316,6 +319,7 @@ src_test_test_timers_LDADD = \ @TOR_LZMA_LIBS@ src_test_test_timers_LDFLAGS = $(src_test_test_LDFLAGS) +# ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS+= \ src/test/fakechans.h \ src/test/hs_test_helpers.h \ diff --git a/src/test/test.c b/src/test/test.c index 77c58ee681..cac98dd839 100644 --- a/src/test/test.c +++ b/src/test/test.c @@ -911,6 +911,7 @@ struct testgroup_t testgroups[] = { { "routerlist/", routerlist_tests }, { "routerset/" , routerset_tests }, { "scheduler/", scheduler_tests }, + { "sendme/", sendme_tests }, { "shared-random/", sr_tests }, { "socks/", socks_tests }, { "status/" , status_tests }, diff --git a/src/test/test.h b/src/test/test.h index 7d19af9b20..167fd090ac 100644 --- a/src/test/test.h +++ b/src/test/test.h @@ -266,6 +266,7 @@ extern struct testcase_t routerkeys_tests[]; extern struct testcase_t routerlist_tests[]; extern struct testcase_t routerset_tests[]; extern struct testcase_t scheduler_tests[]; +extern struct testcase_t sendme_tests[]; extern struct testcase_t socks_tests[]; extern struct testcase_t sr_tests[]; extern struct testcase_t status_tests[]; diff --git a/src/test/test_sendme.c b/src/test/test_sendme.c new file mode 100644 index 0000000000..d40fbaf862 --- /dev/null +++ b/src/test/test_sendme.c @@ -0,0 +1,267 @@ +/* Copyright (c) 2014-2019, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/* Unit tests for handling different kinds of relay cell */ + +#define CIRCUITLIST_PRIVATE +#define NETWORKSTATUS_PRIVATE +#define SENDME_PRIVATE +#define RELAY_PRIVATE + +#include "core/or/circuit_st.h" +#include "core/or/or_circuit_st.h" +#include "core/or/origin_circuit_st.h" +#include "core/or/circuitlist.h" +#include "core/or/relay.h" +#include "core/or/sendme.h" + +#include "feature/nodelist/networkstatus.h" +#include "feature/nodelist/networkstatus_st.h" + +#include "lib/crypt_ops/crypto_digest.h" + +#include "test/test.h" +#include "test/log_test_helpers.h" + +static void +setup_mock_consensus(void) +{ + current_md_consensus = current_ns_consensus = + tor_malloc_zero(sizeof(networkstatus_t)); + current_md_consensus->net_params = smartlist_new(); + current_md_consensus->routerstatus_list = smartlist_new(); +} + +static void +free_mock_consensus(void) +{ + SMARTLIST_FOREACH(current_md_consensus->routerstatus_list, void *, r, + tor_free(r)); + smartlist_free(current_md_consensus->routerstatus_list); + smartlist_free(current_ns_consensus->net_params); + tor_free(current_ns_consensus); +} + +static void +test_v1_record_digest(void *arg) +{ + or_circuit_t *or_circ = NULL; + origin_circuit_t *orig_circ = NULL; + circuit_t *circ = NULL; + + (void) arg; + + /* Create our dummy circuits. */ + orig_circ = origin_circuit_new(); + tt_assert(orig_circ); + or_circ = or_circuit_new(1, NULL); + + /* Start by pointing to the origin circuit. */ + circ = TO_CIRCUIT(orig_circ); + circ->purpose = CIRCUIT_PURPOSE_S_REND_JOINED; + + /* We should never note SENDME digest on origin circuit. */ + sendme_record_cell_digest(circ); + tt_assert(!circ->sendme_last_digests); + /* We do not need the origin circuit for now. */ + orig_circ = NULL; + circuit_free_(circ); + /* Points it to the OR circuit now. */ + circ = TO_CIRCUIT(or_circ); + + /* The package window has to be a multiple of CIRCWINDOW_INCREMENT minus 1 + * in order to catched the CIRCWINDOW_INCREMENT-nth cell. Try something that + * shouldn't be noted. */ + circ->package_window = CIRCWINDOW_INCREMENT; + sendme_record_cell_digest(circ); + tt_assert(!circ->sendme_last_digests); + + /* This should work now. Package window at CIRCWINDOW_INCREMENT + 1. */ + circ->package_window++; + sendme_record_cell_digest(circ); + tt_assert(circ->sendme_last_digests); + tt_int_op(smartlist_len(circ->sendme_last_digests), OP_EQ, 1); + + /* Next cell in the package window shouldn't do anything. */ + circ->package_window++; + sendme_record_cell_digest(circ); + tt_int_op(smartlist_len(circ->sendme_last_digests), OP_EQ, 1); + + /* The next CIRCWINDOW_INCREMENT should add one more digest. */ + circ->package_window = (CIRCWINDOW_INCREMENT * 2) + 1; + sendme_record_cell_digest(circ); + tt_int_op(smartlist_len(circ->sendme_last_digests), OP_EQ, 2); + + done: + circuit_free_(circ); +} + +static void +test_v1_consensus_params(void *arg) +{ + (void) arg; + + setup_mock_consensus(); + tt_assert(current_md_consensus); + + /* Both zeroes. */ + smartlist_add(current_md_consensus->net_params, + (void *) "sendme_emit_min_version=0"); + smartlist_add(current_md_consensus->net_params, + (void *) "sendme_accept_min_version=0"); + tt_int_op(get_emit_min_version(), OP_EQ, 0); + tt_int_op(get_accept_min_version(), OP_EQ, 0); + smartlist_clear(current_md_consensus->net_params); + + /* Both ones. */ + smartlist_add(current_md_consensus->net_params, + (void *) "sendme_emit_min_version=1"); + smartlist_add(current_md_consensus->net_params, + (void *) "sendme_accept_min_version=1"); + tt_int_op(get_emit_min_version(), OP_EQ, 1); + tt_int_op(get_accept_min_version(), OP_EQ, 1); + smartlist_clear(current_md_consensus->net_params); + + /* Different values from each other. */ + smartlist_add(current_md_consensus->net_params, + (void *) "sendme_emit_min_version=1"); + smartlist_add(current_md_consensus->net_params, + (void *) "sendme_accept_min_version=0"); + tt_int_op(get_emit_min_version(), OP_EQ, 1); + tt_int_op(get_accept_min_version(), OP_EQ, 0); + smartlist_clear(current_md_consensus->net_params); + + /* Validate is the cell version is coherent with our internal default value + * and the one in the consensus. */ + smartlist_add(current_md_consensus->net_params, + (void *) "sendme_accept_min_version=1"); + /* Minimum acceptable value is 1. */ + tt_int_op(cell_version_is_valid(1), OP_EQ, true); + /* Minimum acceptable value is 1 so a cell version of 0 is refused. */ + tt_int_op(cell_version_is_valid(0), OP_EQ, false); + + done: + free_mock_consensus(); +} + +static void +test_v1_build_cell(void *arg) +{ + uint8_t payload[RELAY_PAYLOAD_SIZE], digest[DIGEST_LEN]; + ssize_t ret; + crypto_digest_t *cell_digest = NULL; + or_circuit_t *or_circ = NULL; + circuit_t *circ = NULL; + + (void) arg; + + or_circ = or_circuit_new(1, NULL); + circ = TO_CIRCUIT(or_circ); + + cell_digest = crypto_digest_new(); + tt_assert(cell_digest); + crypto_digest_add_bytes(cell_digest, "AAAAAAAAAAAAAAAAAAAA", 20); + crypto_digest_get_digest(cell_digest, (char *) digest, sizeof(digest)); + + /* SENDME v1 payload is 3 bytes + 20 bytes digest. See spec. */ + ret = build_cell_payload_v1(digest, payload); + tt_int_op(ret, OP_EQ, 23); + + /* Validation. */ + + /* An empty payload means SENDME version 0 thus valid. */ + tt_int_op(sendme_is_valid(circ, payload, 0), OP_EQ, true); + + /* An unparseable cell means invalid. */ + setup_full_capture_of_logs(LOG_INFO); + tt_int_op(sendme_is_valid(circ, (const uint8_t *) "A", 1), OP_EQ, false); + expect_log_msg_containing("Unparseable SENDME cell received. " + "Closing circuit."); + teardown_capture_of_logs(); + + /* No cell digest recorded for this. */ + setup_full_capture_of_logs(LOG_INFO); + tt_int_op(sendme_is_valid(circ, payload, sizeof(payload)), OP_EQ, false); + expect_log_msg_containing("We received a SENDME but we have no cell digests " + "to match. Closing circuit."); + teardown_capture_of_logs(); + + /* Note the wrong digest in the circuit, cell should fail validation. */ + circ->package_window = CIRCWINDOW_INCREMENT + 1; + sendme_record_cell_digest(circ); + tt_int_op(smartlist_len(circ->sendme_last_digests), OP_EQ, 1); + setup_full_capture_of_logs(LOG_INFO); + tt_int_op(sendme_is_valid(circ, payload, sizeof(payload)), OP_EQ, false); + /* After a validation, the last digests is always popped out. */ + tt_int_op(smartlist_len(circ->sendme_last_digests), OP_EQ, 0); + expect_log_msg_containing("SENDME v1 cell digest do not match."); + teardown_capture_of_logs(); + + /* Record the cell digest into the circuit, cell should validate. */ + memcpy(or_circ->crypto.sendme_digest, digest, sizeof(digest)); + circ->package_window = CIRCWINDOW_INCREMENT + 1; + sendme_record_cell_digest(circ); + tt_int_op(smartlist_len(circ->sendme_last_digests), OP_EQ, 1); + tt_int_op(sendme_is_valid(circ, payload, sizeof(payload)), OP_EQ, true); + /* After a validation, the last digests is always popped out. */ + tt_int_op(smartlist_len(circ->sendme_last_digests), OP_EQ, 0); + + done: + crypto_digest_free(cell_digest); + circuit_free_(circ); +} + +static void +test_cell_payload_pad(void *arg) +{ + size_t pad_offset, payload_len, expected_offset; + + (void) arg; + + /* Offset should be 0, not enough room for padding. */ + payload_len = RELAY_PAYLOAD_SIZE; + pad_offset = get_pad_cell_offset(payload_len); + tt_int_op(pad_offset, OP_EQ, 0); + tt_int_op(CELL_PAYLOAD_SIZE - pad_offset, OP_LE, CELL_PAYLOAD_SIZE); + + /* Still no room because we keep 4 extra bytes. */ + pad_offset = get_pad_cell_offset(payload_len - 4); + tt_int_op(pad_offset, OP_EQ, 0); + tt_int_op(CELL_PAYLOAD_SIZE - pad_offset, OP_LE, CELL_PAYLOAD_SIZE); + + /* We should have 1 byte of padding. Meaning, the offset should be the + * CELL_PAYLOAD_SIZE minus 1 byte. */ + expected_offset = CELL_PAYLOAD_SIZE - 1; + pad_offset = get_pad_cell_offset(payload_len - 5); + tt_int_op(pad_offset, OP_EQ, expected_offset); + tt_int_op(CELL_PAYLOAD_SIZE - pad_offset, OP_LE, CELL_PAYLOAD_SIZE); + + /* Now some arbitrary small payload length. The cell size is header + 10 + + * extra 4 bytes we keep so the offset should be there. */ + expected_offset = RELAY_HEADER_SIZE + 10 + 4; + pad_offset = get_pad_cell_offset(10); + tt_int_op(pad_offset, OP_EQ, expected_offset); + tt_int_op(CELL_PAYLOAD_SIZE - pad_offset, OP_LE, CELL_PAYLOAD_SIZE); + + /* Data length of 0. */ + expected_offset = RELAY_HEADER_SIZE + 4; + pad_offset = get_pad_cell_offset(0); + tt_int_op(pad_offset, OP_EQ, expected_offset); + tt_int_op(CELL_PAYLOAD_SIZE - pad_offset, OP_LE, CELL_PAYLOAD_SIZE); + + done: + ; +} + +struct testcase_t sendme_tests[] = { + { "v1_record_digest", test_v1_record_digest, TT_FORK, + NULL, NULL }, + { "v1_consensus_params", test_v1_consensus_params, TT_FORK, + NULL, NULL }, + { "v1_build_cell", test_v1_build_cell, TT_FORK, + NULL, NULL }, + { "cell_payload_pad", test_cell_payload_pad, TT_FORK, + NULL, NULL }, + + END_OF_TESTCASES +}; diff --git a/src/test/test_util.c b/src/test/test_util.c index 1c6ac61eba..79df2825be 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -15,7 +15,7 @@ #include "lib/buf/buffers.h" #include "app/config/config.h" #include "feature/control/control.h" -#include "feature/control/control_fmt.h" +#include "feature/control/control_proto.h" #include "feature/client/transports.h" #include "lib/crypt_ops/crypto_format.h" #include "lib/crypt_ops/crypto_rand.h" diff --git a/src/test/test_voting_flags.c b/src/test/test_voting_flags.c index 5c9eebd00e..c8111ea5df 100644 --- a/src/test/test_voting_flags.c +++ b/src/test/test_voting_flags.c @@ -60,7 +60,7 @@ check_result(flag_vote_test_cfg_t *c) bool result = false; routerstatus_t rs; memset(&rs, 0, sizeof(rs)); - set_routerstatus_from_routerinfo(&rs, &c->node, &c->ri, c->now, 0); + dirauth_set_routerstatus_from_routerinfo(&rs, &c->node, &c->ri, c->now, 0); tt_i64_op(rs.published_on, OP_EQ, c->expected.published_on); tt_str_op(rs.nickname, OP_EQ, c->expected.nickname); diff --git a/src/trunnel/include.am b/src/trunnel/include.am index 4f4f1d3624..82e7a66959 100644 --- a/src/trunnel/include.am +++ b/src/trunnel/include.am @@ -11,6 +11,7 @@ TRUNNELINPUTS = \ src/trunnel/link_handshake.trunnel \ src/trunnel/pwbox.trunnel \ src/trunnel/channelpadding_negotiation.trunnel \ + src/trunnel/sendme.trunnelĀ \ src/trunnel/socks5.trunnel \ src/trunnel/circpad_negotiation.trunnel @@ -24,6 +25,7 @@ TRUNNELSOURCES = \ src/trunnel/hs/cell_introduce1.c \ src/trunnel/hs/cell_rendezvous.c \ src/trunnel/channelpadding_negotiation.c \ + src/trunnel/sendme.c \ src/trunnel/socks5.c \ src/trunnel/netinfo.c \ src/trunnel/circpad_negotiation.c @@ -40,6 +42,7 @@ TRUNNELHEADERS = \ src/trunnel/hs/cell_introduce1.h \ src/trunnel/hs/cell_rendezvous.h \ src/trunnel/channelpadding_negotiation.h \ + src/trunnel/sendme.h \ src/trunnel/socks5.h \ src/trunnel/netinfo.h \ src/trunnel/circpad_negotiation.h diff --git a/src/trunnel/sendme.c b/src/trunnel/sendme.c new file mode 100644 index 0000000000..262b915234 --- /dev/null +++ b/src/trunnel/sendme.c @@ -0,0 +1,347 @@ +/* sendme.c -- generated by Trunnel v1.5.2. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#include <stdlib.h> +#include "trunnel-impl.h" + +#include "sendme.h" + +#define TRUNNEL_SET_ERROR_CODE(obj) \ + do { \ + (obj)->trunnel_error_code_ = 1; \ + } while (0) + +#if defined(__COVERITY__) || defined(__clang_analyzer__) +/* If we're running a static analysis tool, we don't want it to complain + * that some of our remaining-bytes checks are dead-code. */ +int sendme_deadcode_dummy__ = 0; +#define OR_DEADCODE_DUMMY || sendme_deadcode_dummy__ +#else +#define OR_DEADCODE_DUMMY +#endif + +#define CHECK_REMAINING(nbytes, label) \ + do { \ + if (remaining < (nbytes) OR_DEADCODE_DUMMY) { \ + goto label; \ + } \ + } while (0) + +sendme_cell_t * +sendme_cell_new(void) +{ + sendme_cell_t *val = trunnel_calloc(1, sizeof(sendme_cell_t)); + if (NULL == val) + return NULL; + return val; +} + +/** Release all storage held inside 'obj', but do not free 'obj'. + */ +static void +sendme_cell_clear(sendme_cell_t *obj) +{ + (void) obj; +} + +void +sendme_cell_free(sendme_cell_t *obj) +{ + if (obj == NULL) + return; + sendme_cell_clear(obj); + trunnel_memwipe(obj, sizeof(sendme_cell_t)); + trunnel_free_(obj); +} + +uint8_t +sendme_cell_get_version(const sendme_cell_t *inp) +{ + return inp->version; +} +int +sendme_cell_set_version(sendme_cell_t *inp, uint8_t val) +{ + if (! ((val == 0 || val == 1))) { + TRUNNEL_SET_ERROR_CODE(inp); + return -1; + } + inp->version = val; + return 0; +} +uint16_t +sendme_cell_get_data_len(const sendme_cell_t *inp) +{ + return inp->data_len; +} +int +sendme_cell_set_data_len(sendme_cell_t *inp, uint16_t val) +{ + inp->data_len = val; + return 0; +} +size_t +sendme_cell_getlen_data_v1_digest(const sendme_cell_t *inp) +{ + (void)inp; return TRUNNEL_SENDME_V1_DIGEST_LEN; +} + +uint8_t +sendme_cell_get_data_v1_digest(sendme_cell_t *inp, size_t idx) +{ + trunnel_assert(idx < TRUNNEL_SENDME_V1_DIGEST_LEN); + return inp->data_v1_digest[idx]; +} + +uint8_t +sendme_cell_getconst_data_v1_digest(const sendme_cell_t *inp, size_t idx) +{ + return sendme_cell_get_data_v1_digest((sendme_cell_t*)inp, idx); +} +int +sendme_cell_set_data_v1_digest(sendme_cell_t *inp, size_t idx, uint8_t elt) +{ + trunnel_assert(idx < TRUNNEL_SENDME_V1_DIGEST_LEN); + inp->data_v1_digest[idx] = elt; + return 0; +} + +uint8_t * +sendme_cell_getarray_data_v1_digest(sendme_cell_t *inp) +{ + return inp->data_v1_digest; +} +const uint8_t * +sendme_cell_getconstarray_data_v1_digest(const sendme_cell_t *inp) +{ + return (const uint8_t *)sendme_cell_getarray_data_v1_digest((sendme_cell_t*)inp); +} +const char * +sendme_cell_check(const sendme_cell_t *obj) +{ + if (obj == NULL) + return "Object was NULL"; + if (obj->trunnel_error_code_) + return "A set function failed on this object"; + if (! (obj->version == 0 || obj->version == 1)) + return "Integer out of bounds"; + switch (obj->version) { + + case 0: + break; + + case 1: + break; + + default: + return "Bad tag for union"; + break; + } + return NULL; +} + +ssize_t +sendme_cell_encoded_len(const sendme_cell_t *obj) +{ + ssize_t result = 0; + + if (NULL != sendme_cell_check(obj)) + return -1; + + + /* Length of u8 version IN [0, 1] */ + result += 1; + + /* Length of u16 data_len */ + result += 2; + switch (obj->version) { + + case 0: + break; + + case 1: + + /* Length of u8 data_v1_digest[TRUNNEL_SENDME_V1_DIGEST_LEN] */ + result += TRUNNEL_SENDME_V1_DIGEST_LEN; + break; + + default: + trunnel_assert(0); + break; + } + return result; +} +int +sendme_cell_clear_errors(sendme_cell_t *obj) +{ + int r = obj->trunnel_error_code_; + obj->trunnel_error_code_ = 0; + return r; +} +ssize_t +sendme_cell_encode(uint8_t *output, const size_t avail, const sendme_cell_t *obj) +{ + ssize_t result = 0; + size_t written = 0; + uint8_t *ptr = output; + const char *msg; +#ifdef TRUNNEL_CHECK_ENCODED_LEN + const ssize_t encoded_len = sendme_cell_encoded_len(obj); +#endif + + uint8_t *backptr_data_len = NULL; + + if (NULL != (msg = sendme_cell_check(obj))) + goto check_failed; + +#ifdef TRUNNEL_CHECK_ENCODED_LEN + trunnel_assert(encoded_len >= 0); +#endif + + /* Encode u8 version IN [0, 1] */ + trunnel_assert(written <= avail); + if (avail - written < 1) + goto truncated; + trunnel_set_uint8(ptr, (obj->version)); + written += 1; ptr += 1; + + /* Encode u16 data_len */ + backptr_data_len = ptr; + trunnel_assert(written <= avail); + if (avail - written < 2) + goto truncated; + trunnel_set_uint16(ptr, trunnel_htons(obj->data_len)); + written += 2; ptr += 2; + { + size_t written_before_union = written; + + /* Encode union data[version] */ + trunnel_assert(written <= avail); + switch (obj->version) { + + case 0: + break; + + case 1: + + /* Encode u8 data_v1_digest[TRUNNEL_SENDME_V1_DIGEST_LEN] */ + trunnel_assert(written <= avail); + if (avail - written < TRUNNEL_SENDME_V1_DIGEST_LEN) + goto truncated; + memcpy(ptr, obj->data_v1_digest, TRUNNEL_SENDME_V1_DIGEST_LEN); + written += TRUNNEL_SENDME_V1_DIGEST_LEN; ptr += TRUNNEL_SENDME_V1_DIGEST_LEN; + break; + + default: + trunnel_assert(0); + break; + } + /* Write the length field back to data_len */ + trunnel_assert(written >= written_before_union); +#if UINT16_MAX < SIZE_MAX + if (written - written_before_union > UINT16_MAX) + goto check_failed; +#endif + trunnel_set_uint16(backptr_data_len, trunnel_htons(written - written_before_union)); + } + + + trunnel_assert(ptr == output + written); +#ifdef TRUNNEL_CHECK_ENCODED_LEN + { + trunnel_assert(encoded_len >= 0); + trunnel_assert((size_t)encoded_len == written); + } + +#endif + + return written; + + truncated: + result = -2; + goto fail; + check_failed: + (void)msg; + result = -1; + goto fail; + fail: + trunnel_assert(result < 0); + return result; +} + +/** As sendme_cell_parse(), but do not allocate the output object. + */ +static ssize_t +sendme_cell_parse_into(sendme_cell_t *obj, const uint8_t *input, const size_t len_in) +{ + const uint8_t *ptr = input; + size_t remaining = len_in; + ssize_t result = 0; + (void)result; + + /* Parse u8 version IN [0, 1] */ + CHECK_REMAINING(1, truncated); + obj->version = (trunnel_get_uint8(ptr)); + remaining -= 1; ptr += 1; + if (! (obj->version == 0 || obj->version == 1)) + goto fail; + + /* Parse u16 data_len */ + CHECK_REMAINING(2, truncated); + obj->data_len = trunnel_ntohs(trunnel_get_uint16(ptr)); + remaining -= 2; ptr += 2; + { + size_t remaining_after; + CHECK_REMAINING(obj->data_len, truncated); + remaining_after = remaining - obj->data_len; + remaining = obj->data_len; + + /* Parse union data[version] */ + switch (obj->version) { + + case 0: + /* Skip to end of union */ + ptr += remaining; remaining = 0; + break; + + case 1: + + /* Parse u8 data_v1_digest[TRUNNEL_SENDME_V1_DIGEST_LEN] */ + CHECK_REMAINING(TRUNNEL_SENDME_V1_DIGEST_LEN, fail); + memcpy(obj->data_v1_digest, ptr, TRUNNEL_SENDME_V1_DIGEST_LEN); + remaining -= TRUNNEL_SENDME_V1_DIGEST_LEN; ptr += TRUNNEL_SENDME_V1_DIGEST_LEN; + break; + + default: + goto fail; + break; + } + if (remaining != 0) + goto fail; + remaining = remaining_after; + } + trunnel_assert(ptr + remaining == input + len_in); + return len_in - remaining; + + truncated: + return -2; + fail: + result = -1; + return result; +} + +ssize_t +sendme_cell_parse(sendme_cell_t **output, const uint8_t *input, const size_t len_in) +{ + ssize_t result; + *output = sendme_cell_new(); + if (NULL == *output) + return -1; + result = sendme_cell_parse_into(*output, input, len_in); + if (result < 0) { + sendme_cell_free(*output); + *output = NULL; + } + return result; +} diff --git a/src/trunnel/sendme.h b/src/trunnel/sendme.h new file mode 100644 index 0000000000..f3c3dd78c4 --- /dev/null +++ b/src/trunnel/sendme.h @@ -0,0 +1,101 @@ +/* sendme.h -- generated by Trunnel v1.5.2. + * https://gitweb.torproject.org/trunnel.git + * You probably shouldn't edit this file. + */ +#ifndef TRUNNEL_SENDME_H +#define TRUNNEL_SENDME_H + +#include <stdint.h> +#include "trunnel.h" + +#define TRUNNEL_SENDME_V1_DIGEST_LEN 20 +#if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_SENDME_CELL) +struct sendme_cell_st { + uint8_t version; + uint16_t data_len; + uint8_t data_v1_digest[TRUNNEL_SENDME_V1_DIGEST_LEN]; + uint8_t trunnel_error_code_; +}; +#endif +typedef struct sendme_cell_st sendme_cell_t; +/** Return a newly allocated sendme_cell with all elements set to + * zero. + */ +sendme_cell_t *sendme_cell_new(void); +/** Release all storage held by the sendme_cell in 'victim'. (Do + * nothing if 'victim' is NULL.) + */ +void sendme_cell_free(sendme_cell_t *victim); +/** Try to parse a sendme_cell from the buffer in 'input', using up to + * 'len_in' bytes from the input buffer. On success, return the number + * of bytes consumed and set *output to the newly allocated + * sendme_cell_t. On failure, return -2 if the input appears + * truncated, and -1 if the input is otherwise invalid. + */ +ssize_t sendme_cell_parse(sendme_cell_t **output, const uint8_t *input, const size_t len_in); +/** Return the number of bytes we expect to need to encode the + * sendme_cell in 'obj'. On failure, return a negative value. Note + * that this value may be an overestimate, and can even be an + * underestimate for certain unencodeable objects. + */ +ssize_t sendme_cell_encoded_len(const sendme_cell_t *obj); +/** Try to encode the sendme_cell from 'input' into the buffer at + * 'output', using up to 'avail' bytes of the output buffer. On + * success, return the number of bytes used. On failure, return -2 if + * the buffer was not long enough, and -1 if the input was invalid. + */ +ssize_t sendme_cell_encode(uint8_t *output, size_t avail, const sendme_cell_t *input); +/** Check whether the internal state of the sendme_cell in 'obj' is + * consistent. Return NULL if it is, and a short message if it is not. + */ +const char *sendme_cell_check(const sendme_cell_t *obj); +/** Clear any errors that were set on the object 'obj' by its setter + * functions. Return true iff errors were cleared. + */ +int sendme_cell_clear_errors(sendme_cell_t *obj); +/** Return the value of the version field of the sendme_cell_t in + * 'inp' + */ +uint8_t sendme_cell_get_version(const sendme_cell_t *inp); +/** Set the value of the version field of the sendme_cell_t in 'inp' + * to 'val'. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int sendme_cell_set_version(sendme_cell_t *inp, uint8_t val); +/** Return the value of the data_len field of the sendme_cell_t in + * 'inp' + */ +uint16_t sendme_cell_get_data_len(const sendme_cell_t *inp); +/** Set the value of the data_len field of the sendme_cell_t in 'inp' + * to 'val'. Return 0 on success; return -1 and set the error code on + * 'inp' on failure. + */ +int sendme_cell_set_data_len(sendme_cell_t *inp, uint16_t val); +/** Return the (constant) length of the array holding the + * data_v1_digest field of the sendme_cell_t in 'inp'. + */ +size_t sendme_cell_getlen_data_v1_digest(const sendme_cell_t *inp); +/** Return the element at position 'idx' of the fixed array field + * data_v1_digest of the sendme_cell_t in 'inp'. + */ +uint8_t sendme_cell_get_data_v1_digest(sendme_cell_t *inp, size_t idx); +/** As sendme_cell_get_data_v1_digest, but take and return a const + * pointer + */ +uint8_t sendme_cell_getconst_data_v1_digest(const sendme_cell_t *inp, size_t idx); +/** Change the element at position 'idx' of the fixed array field + * data_v1_digest of the sendme_cell_t in 'inp', so that it will hold + * the value 'elt'. + */ +int sendme_cell_set_data_v1_digest(sendme_cell_t *inp, size_t idx, uint8_t elt); +/** Return a pointer to the TRUNNEL_SENDME_V1_DIGEST_LEN-element array + * field data_v1_digest of 'inp'. + */ +uint8_t * sendme_cell_getarray_data_v1_digest(sendme_cell_t *inp); +/** As sendme_cell_get_data_v1_digest, but take and return a const + * pointer + */ +const uint8_t * sendme_cell_getconstarray_data_v1_digest(const sendme_cell_t *inp); + + +#endif diff --git a/src/trunnel/sendme.trunnel b/src/trunnel/sendme.trunnel new file mode 100644 index 0000000000..300963e679 --- /dev/null +++ b/src/trunnel/sendme.trunnel @@ -0,0 +1,19 @@ +/* This file contains the SENDME cell definition. */ + +/* v1 digest length in bytes. */ +const TRUNNEL_SENDME_V1_DIGEST_LEN = 20; + +/* SENDME cell declaration. */ +struct sendme_cell { + /* Version field. */ + u8 version IN [0x00, 0x01]; + + /* Length of data contained in this cell. */ + u16 data_len; + + /* The data content depends on the version. */ + union data[version] with length data_len { + 0x00: ignore; + 0x01: u8 v1_digest[TRUNNEL_SENDME_V1_DIGEST_LEN]; + }; +} |