diff options
| -rw-r--r-- | changes/bug34299 | 3 | ||||
| -rw-r--r-- | changes/bug34303 | 5 | ||||
| -rw-r--r-- | changes/ticket24844 | 4 | ||||
| -rw-r--r-- | changes/ticket32873 | 6 | ||||
| -rw-r--r-- | changes/ticket32888 | 4 | ||||
| -rw-r--r-- | changes/ticket33778 | 3 | ||||
| -rw-r--r-- | changes/ticket34211 | 3 | ||||
| -rw-r--r-- | doc/HACKING/CodingStandards.md | 7 | ||||
| -rw-r--r-- | doc/tor.1.txt | 23 | ||||
| -rw-r--r-- | src/app/config/resolve_addr.c | 6 | ||||
| -rw-r--r-- | src/app/config/testnet.inc | 2 | ||||
| -rw-r--r-- | src/app/main/main.c | 21 | ||||
| -rw-r--r-- | src/core/or/circuitlist.c | 2 | ||||
| -rw-r--r-- | src/feature/client/entrynodes.c | 8 | ||||
| -rw-r--r-- | src/feature/control/control_getinfo.c | 18 | ||||
| -rw-r--r-- | src/feature/hs/hs_service.c | 46 | ||||
| -rw-r--r-- | src/feature/hs/hs_service.h | 2 | ||||
| -rw-r--r-- | src/lib/crypt_ops/certs.md | 3 | ||||
| -rw-r--r-- | src/lib/net/address.c | 6 |
19 files changed, 150 insertions, 22 deletions
diff --git a/changes/bug34299 b/changes/bug34299 new file mode 100644 index 0000000000..464cf0d18a --- /dev/null +++ b/changes/bug34299 @@ -0,0 +1,3 @@ + o Minor bugfixes (man page): + - Update the man page to reflect that MinUptimeHidServDirectoryV2 + defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha. diff --git a/changes/bug34303 b/changes/bug34303 new file mode 100644 index 0000000000..dce57f4646 --- /dev/null +++ b/changes/bug34303 @@ -0,0 +1,5 @@ + o Minor bugfixes (client performance): + - Resume being willing to use preemptively-built circuits when + UseEntryGuards is set to 0. We accidentally disabled this feature + with that config setting, leading to slower load times. Fixes bug + 34303; bugfix on 0.3.3.2-alpha. diff --git a/changes/ticket24844 b/changes/ticket24844 new file mode 100644 index 0000000000..da55b4cf67 --- /dev/null +++ b/changes/ticket24844 @@ -0,0 +1,4 @@ + o Minor features (v3 onion servies): + - Add v3 onion service status to the dumpstats() call which is + triggered by a SIGUSR1 signal. Previously, we only did v2 + onion services. Closes ticket 24844. Patch by Neel Chauhan. diff --git a/changes/ticket32873 b/changes/ticket32873 new file mode 100644 index 0000000000..65ea1f64ad --- /dev/null +++ b/changes/ticket32873 @@ -0,0 +1,6 @@ + o Minor features (control port): + - Return a descriptive error message from the 'GETINFO + status/fresh-relay-descs' command on the control port. + Previously, we returned a generic error of "Error + generating descriptor". Closes ticket 32873. Patch by + Neel Chauhan. diff --git a/changes/ticket32888 b/changes/ticket32888 new file mode 100644 index 0000000000..ce7fb40b30 --- /dev/null +++ b/changes/ticket32888 @@ -0,0 +1,4 @@ + o Minor features (logging): + - When trying to find our own address, add debug-level logging + to report the sources of candidate addresses. Closes ticket + 32888. diff --git a/changes/ticket33778 b/changes/ticket33778 new file mode 100644 index 0000000000..a33c647a6e --- /dev/null +++ b/changes/ticket33778 @@ -0,0 +1,3 @@ + o Documentation (manpage): + - Updated the options set by TestingTorNetwork in the man page. + Closes ticket 33778. diff --git a/changes/ticket34211 b/changes/ticket34211 new file mode 100644 index 0000000000..b454873abf --- /dev/null +++ b/changes/ticket34211 @@ -0,0 +1,3 @@ + o Minor features (windows): + - Add support for console control signals like Ctrl+C in Windows + Closes ticket 34211. Patch from Damon Harris (TheDcoder). diff --git a/doc/HACKING/CodingStandards.md b/doc/HACKING/CodingStandards.md index a181759d60..99bc3e5022 100644 --- a/doc/HACKING/CodingStandards.md +++ b/doc/HACKING/CodingStandards.md @@ -193,8 +193,9 @@ Why use changes files instead of entries in the ChangeLog? ## Whitespace and C conformance -Invoke `make check-spaces` from time to time, so it can tell you about -deviations from our C whitespace style. Generally, we use: +Tor's C code is written in accordance with the C99 standard. Invoke `make +check-spaces` from time to time, so it can tell you about deviations from our C +whitespace style. Generally, we use: - Unix-style line endings - K&R-style indentation @@ -213,6 +214,8 @@ deviations from our C whitespace style. Generally, we use: - Use `void foo(void)` to declare a function with no arguments. Saying `void foo()` is C++ syntax. - Use `const` for new APIs. + - Variables should be initialized when declared, rather than declared at the + top of a scope. If you use an editor that has plugins for editorconfig.org, the file `.editorconfig` will help you to conform this coding style. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index bc09d634bc..7b3150e2a4 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -3037,8 +3037,8 @@ on the public Tor network. unreliable. (Default: 500) [[MinUptimeHidServDirectoryV2]] **MinUptimeHidServDirectoryV2** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**:: - Minimum uptime of a v2 hidden service directory to be accepted as such by - authoritative directories. (Default: 25 hours) + Minimum uptime of a relay to be accepted as a hidden service directory + by directory authorities. (Default: 96 hours) [[RecommendedClientVersions]] **RecommendedClientVersions** __STRING__:: STRING is a comma-separated list of Tor versions currently believed to be @@ -3061,7 +3061,7 @@ on the public Tor network. multiple times: the values from multiple lines are spliced together. When this is set then **VersioningAuthoritativeDirectory** should be set too. -[[V3AuthDistDelay]] **V3AuthDistDelay** __N__ **minutes**|**hours**:: +[[V3AuthDistDelay]] **V3AuthDistDelay** __N__ **seconds**|**minutes**|**hours**:: V3 authoritative directories only. Configures the server's preferred delay between publishing its consensus and signature and assuming it has all the signatures from all the other authorities. Note that the actual time used @@ -3082,7 +3082,7 @@ on the public Tor network. different identity. This feature is used to migrate directory authority keys in the event of a compromise. (Default: 0) -[[V3AuthVoteDelay]] **V3AuthVoteDelay** __N__ **minutes**|**hours**:: +[[V3AuthVoteDelay]] **V3AuthVoteDelay** __N__ **seconds**|**minutes**|**hours**:: V3 authoritative directories only. Configures the server's preferred delay between publishing its vote and assuming it has all the votes from all the other authorities. Note that the actual time used is not the server's @@ -3357,12 +3357,10 @@ The following options are used for running a testing Tor network. running. (Default: 0) + - ServerDNSAllowBrokenConfig 1 DirAllowPrivateAddresses 1 EnforceDistinctSubnets 0 AssumeReachable 1 AuthDirMaxServersPerAddr 0 - AuthDirMaxServersPerAuthAddr 0 ClientBootstrapConsensusAuthorityDownloadInitialDelay 0 ClientBootstrapConsensusFallbackDownloadInitialDelay 0 ClientBootstrapConsensusAuthorityOnlyDownloadInitialDelay 0 @@ -3374,11 +3372,11 @@ The following options are used for running a testing Tor network. V3AuthVotingInterval 5 minutes V3AuthVoteDelay 20 seconds V3AuthDistDelay 20 seconds - MinUptimeHidServDirectoryV2 0 seconds - TestingV3AuthInitialVotingInterval 5 minutes + TestingV3AuthInitialVotingInterval 150 seconds TestingV3AuthInitialVoteDelay 20 seconds TestingV3AuthInitialDistDelay 20 seconds TestingAuthDirTimeToLearnReachability 0 minutes + MinUptimeHidServDirectoryV2 0 minutes TestingServerDownloadInitialDelay 0 TestingClientDownloadInitialDelay 0 TestingServerConsensusDownloadInitialDelay 0 @@ -3389,8 +3387,9 @@ The following options are used for running a testing Tor network. TestingDirConnectionMaxStall 30 seconds TestingEnableConnBwEvent 1 TestingEnableCellStatsEvent 1 + RendPostPeriod 2 minutes -[[TestingAuthDirTimeToLearnReachability]] **TestingAuthDirTimeToLearnReachability** __N__ **minutes**|**hours**:: +[[TestingAuthDirTimeToLearnReachability]] **TestingAuthDirTimeToLearnReachability** __N__ **seconds**|**minutes**|**hours**:: After starting as an authority, do not make claims about whether routers are Running until this much time has passed. Changing this requires that **TestingTorNetwork** is set. (Default: 30 minutes) @@ -3520,17 +3519,17 @@ The following options are used for running a testing Tor network. we replace it and issue a new key? (Default: 3 hours for link and auth; 1 day for signing.) -[[TestingV3AuthInitialDistDelay]] **TestingV3AuthInitialDistDelay** __N__ **minutes**|**hours**:: +[[TestingV3AuthInitialDistDelay]] **TestingV3AuthInitialDistDelay** __N__ **seconds**|**minutes**|**hours**:: Like V3AuthDistDelay, but for initial voting interval before the first consensus has been created. Changing this requires that **TestingTorNetwork** is set. (Default: 5 minutes) -[[TestingV3AuthInitialVoteDelay]] **TestingV3AuthInitialVoteDelay** __N__ **minutes**|**hours**:: +[[TestingV3AuthInitialVoteDelay]] **TestingV3AuthInitialVoteDelay** __N__ **seconds**|**minutes**|**hours**:: Like V3AuthVoteDelay, but for initial voting interval before the first consensus has been created. Changing this requires that **TestingTorNetwork** is set. (Default: 5 minutes) -[[TestingV3AuthInitialVotingInterval]] **TestingV3AuthInitialVotingInterval** __N__ **minutes**|**hours**:: +[[TestingV3AuthInitialVotingInterval]] **TestingV3AuthInitialVotingInterval** __N__ **seconds**|**minutes**|**hours**:: Like V3AuthVotingInterval, but for initial voting interval before the first consensus has been created. Changing this requires that **TestingTorNetwork** is set. (Default: 30 minutes) diff --git a/src/app/config/resolve_addr.c b/src/app/config/resolve_addr.c index aa978e230e..9d1a8e0260 100644 --- a/src/app/config/resolve_addr.c +++ b/src/app/config/resolve_addr.c @@ -110,6 +110,8 @@ resolve_my_address(int warn_severity, const or_options_t *options, if (address && *address) { strlcpy(hostname, address, sizeof(hostname)); + log_debug(LD_CONFIG, "Trying configured Address '%s' as local hostname", + hostname); } else { /* then we need to guess our address */ explicit_ip = 0; /* it's implicit */ explicit_hostname = 0; /* it's implicit */ @@ -129,6 +131,8 @@ resolve_my_address(int warn_severity, const or_options_t *options, if (tor_inet_aton(hostname, &in) == 0) { /* then we have to resolve it */ + log_debug(LD_CONFIG, "Local hostname '%s' is DNS address. " + "Trying to resolve to IP address.", hostname); explicit_ip = 0; if (tor_lookup_hostname(hostname, &addr)) { /* failed to resolve */ uint32_t interface_ip; /* host order */ @@ -180,6 +184,8 @@ resolve_my_address(int warn_severity, const or_options_t *options, } } } else { + log_debug(LD_CONFIG, "Local hostname '%s' is already IP address, " + "skipping DNS resolution", hostname); addr = ntohl(in.s_addr); /* set addr so that addr_string is not * illformed */ } diff --git a/src/app/config/testnet.inc b/src/app/config/testnet.inc index f146a03cd1..907c35f97c 100644 --- a/src/app/config/testnet.inc +++ b/src/app/config/testnet.inc @@ -1,3 +1,5 @@ +// When modifying, don't forget to update the defaults +// for 'TestingTorNetwork' in 'doc/tor.1.txt' { "DirAllowPrivateAddresses", "1" }, { "EnforceDistinctSubnets", "0" }, { "AssumeReachable", "1" }, diff --git a/src/app/main/main.c b/src/app/main/main.c index 689bc526ab..dc39611f98 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -294,6 +294,19 @@ process_signal(int sig) } } +#ifdef _WIN32 +/** Activate SIGINT on reciving a control signal in console */ +static BOOL WINAPI +process_win32_console_ctrl(DWORD ctrl_type) +{ + /* Ignore type of the ctrl signal */ + (void) ctrl_type; + + activate_signal(SIGINT); + return TRUE; +} +#endif + /** * Write current memory usage information to the log. */ @@ -414,6 +427,7 @@ dumpstats(int severity) rep_hist_dump_stats(now,severity); rend_service_dump_stats(severity); + hs_service_dump_stats(severity); } #ifdef _WIN32 @@ -496,6 +510,13 @@ handle_signals(void) &signal_handlers[i].signal_value); } } + +#ifdef _WIN32 + /* Windows lacks traditional POSIX signals but WinAPI provides a function + * to handle control signals like Ctrl+C in the console, we can use this to + * simulate the SIGINT signal */ + if (enabled) SetConsoleCtrlHandler(process_win32_console_ctrl, TRUE); +#endif } /* Cause the signal handler for signal_num to be called in the event loop. */ diff --git a/src/core/or/circuitlist.c b/src/core/or/circuitlist.c index 4c37ef8b41..90cce47490 100644 --- a/src/core/or/circuitlist.c +++ b/src/core/or/circuitlist.c @@ -1943,7 +1943,7 @@ circuit_find_to_cannibalize(uint8_t purpose_to_produce, extend_info_t *info, } /* Ignore any circuits for which we can't use the Guard. It is possible - * that the Guard was removed from the samepled set after the circuit + * that the Guard was removed from the sampled set after the circuit * was created so avoid using it. */ if (!entry_guard_could_succeed(circ->guard_state)) { goto next; diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index 55cc22cf0c..ded7db969a 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -3454,10 +3454,16 @@ entry_guards_update_state(or_state_t *state) entry_guards_dirty = 0; } -/** Return true iff the circuit's guard can succeed that is can be used. */ +/** Return true iff the circuit's guard can succeed, that is, can be used. */ int entry_guard_could_succeed(const circuit_guard_state_t *guard_state) { + if (get_options()->UseEntryGuards == 0) { + /* we're fine with this circuit's first hop, because we're not + * configured to use entry guards. */ + return 1; + } + if (!guard_state) { return 0; } diff --git a/src/feature/control/control_getinfo.c b/src/feature/control/control_getinfo.c index 3605c23dcd..0823acbe07 100644 --- a/src/feature/control/control_getinfo.c +++ b/src/feature/control/control_getinfo.c @@ -1333,8 +1333,22 @@ getinfo_helper_events(control_connection_t *control_conn, } routerinfo_t *r; extrainfo_t *e; - if (router_build_fresh_descriptor(&r, &e) < 0) { - *errmsg = "Error generating descriptor"; + int result; + if ((result = router_build_fresh_descriptor(&r, &e)) < 0) { + switch (result) { + case TOR_ROUTERINFO_ERROR_NO_EXT_ADDR: + *errmsg = "Cannot get relay address while generating descriptor"; + break; + case TOR_ROUTERINFO_ERROR_DIGEST_FAILED: + *errmsg = "Key digest failed"; + break; + case TOR_ROUTERINFO_ERROR_CANNOT_GENERATE: + *errmsg = "Cannot generate router descriptor"; + break; + default: + *errmsg = "Error generating descriptor"; + break; + } return -1; } size_t size = r->cache_info.signed_descriptor_len + 1; diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 5b8f661832..a42879a48f 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -3115,7 +3115,7 @@ log_cant_upload_desc(const hs_service_t *service, * control that value in the code flow but will be apparent during * development if a reason is added but LOG_DESC_UPLOAD_REASON_NUM_ is not * updated. */ - if (BUG(reason > LOG_DESC_UPLOAD_REASON_MAX || reason < 0)) { + if (BUG(reason > LOG_DESC_UPLOAD_REASON_MAX)) { return; } @@ -4103,6 +4103,50 @@ hs_service_load_all_keys(void) return -1; } +/** Log the status of introduction points for all version 3 onion services + * at log severity <b>severity</b>. + */ +void +hs_service_dump_stats(int severity) +{ + origin_circuit_t *circ; + + FOR_EACH_SERVICE_BEGIN(hs) { + + tor_log(severity, LD_GENERAL, "Service configured in %s:", + service_escaped_dir(hs)); + FOR_EACH_DESCRIPTOR_BEGIN(hs, desc) { + + DIGEST256MAP_FOREACH(desc->intro_points.map, key, + hs_service_intro_point_t *, ip) { + const node_t *intro_node; + const char *nickname; + + intro_node = get_node_from_intro_point(ip); + if (!intro_node) { + tor_log(severity, LD_GENERAL, " Couldn't find intro point, " + "skipping"); + continue; + } + nickname = node_get_nickname(intro_node); + if (!nickname) { + continue; + } + + circ = hs_circ_service_get_intro_circ(ip); + if (!circ) { + tor_log(severity, LD_GENERAL, " Intro point at %s: no circuit", + nickname); + continue; + } + tor_log(severity, LD_GENERAL, " Intro point %s: circuit is %s", + nickname, circuit_state_to_string(circ->base_.state)); + } DIGEST256MAP_FOREACH_END; + + } FOR_EACH_DESCRIPTOR_END; + } FOR_EACH_SERVICE_END; +} + /** Put all service object in the given service list. After this, the caller * looses ownership of every elements in the list and responsible to free the * list pointer. */ diff --git a/src/feature/hs/hs_service.h b/src/feature/hs/hs_service.h index 0f6a2c2358..b5bff5bee5 100644 --- a/src/feature/hs/hs_service.h +++ b/src/feature/hs/hs_service.h @@ -373,6 +373,8 @@ void hs_service_upload_desc_to_dir(const char *encoded_desc, hs_circuit_id_protocol_t hs_service_exports_circuit_id(const ed25519_public_key_t *pk); +void hs_service_dump_stats(int severity); + #ifdef HS_SERVICE_PRIVATE #ifdef TOR_UNIT_TESTS diff --git a/src/lib/crypt_ops/certs.md b/src/lib/crypt_ops/certs.md index 2768548b2a..f3bd8c2c96 100644 --- a/src/lib/crypt_ops/certs.md +++ b/src/lib/crypt_ops/certs.md @@ -1,5 +1,5 @@ -@page certificates Certificates in Tor. +@page certificates Certificates in Tor We have, alas, several certificate types in Tor. @@ -27,4 +27,3 @@ their associated keys. documents that include keys and which are signed by keys. You can consider these documents to be an additional kind of certificate if you want.) - diff --git a/src/lib/net/address.c b/src/lib/net/address.c index 567048b5a6..6d46f9b955 100644 --- a/src/lib/net/address.c +++ b/src/lib/net/address.c @@ -1704,11 +1704,15 @@ get_interface_address6,(int severity, sa_family_t family, tor_addr_t *addr)) * Ideally, we want the default route, see #12377 for details */ SMARTLIST_FOREACH_BEGIN(addrs, tor_addr_t *, a) { tor_addr_copy(addr, a); + const bool is_internal = tor_addr_is_internal(a, 0); rv = 0; + log_debug(LD_NET, "Found %s interface address '%s'", + (is_internal ? "internal" : "external"), fmt_addr(addr)); + /* If we found a non-internal address, declare success. Otherwise, * keep looking. */ - if (!tor_addr_is_internal(a, 0)) + if (!is_internal) break; } SMARTLIST_FOREACH_END(a); |