diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/common/crypto.c | 2 | ||||
| -rw-r--r-- | src/or/circuitlist.c | 42 | ||||
| -rw-r--r-- | src/or/circuituse.c | 2 | ||||
| -rw-r--r-- | src/or/dirserv.c | 6 | ||||
| -rw-r--r-- | src/or/or.h | 22 | ||||
| -rw-r--r-- | src/or/rendclient.c | 5 | ||||
| -rw-r--r-- | src/or/routerlist.c | 12 | ||||
| -rw-r--r-- | src/or/routerlist.h | 2 | ||||
| -rw-r--r-- | src/test/test_checkdir.c | 28 |
9 files changed, 77 insertions, 44 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 90a16fab1a..7138ba003e 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -1012,7 +1012,7 @@ crypto_pk_public_checksig(crypto_pk_t *env, char *to, env->key, RSA_PKCS1_PADDING); if (r<0) { - crypto_log_errors(LOG_WARN, "checking RSA signature"); + crypto_log_errors(LOG_INFO, "checking RSA signature"); return -1; } return r; diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index d9da1e7f88..c7287f921d 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -1719,30 +1719,36 @@ circuit_mark_for_close_, (circuit_t *circ, int reason, int line, tor_assert(circ->state == CIRCUIT_STATE_OPEN); tor_assert(ocirc->build_state->chosen_exit); tor_assert(ocirc->rend_data); - /* treat this like getting a nack from it */ - log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). %s", - safe_str_client(ocirc->rend_data->onion_address), - safe_str_client(build_state_get_exit_nickname(ocirc->build_state)), - timed_out ? "Recording timeout." : "Removing from descriptor."); - rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit, - ocirc->rend_data, - timed_out ? - INTRO_POINT_FAILURE_TIMEOUT : - INTRO_POINT_FAILURE_GENERIC); + if (orig_reason != END_CIRC_REASON_IP_NOW_REDUNDANT) { + /* treat this like getting a nack from it */ + log_info(LD_REND, "Failed intro circ %s to %s (awaiting ack). %s", + safe_str_client(ocirc->rend_data->onion_address), + safe_str_client(build_state_get_exit_nickname(ocirc->build_state)), + timed_out ? "Recording timeout." : "Removing from descriptor."); + rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit, + ocirc->rend_data, + timed_out ? + INTRO_POINT_FAILURE_TIMEOUT : + INTRO_POINT_FAILURE_GENERIC); + } } else if (circ->purpose == CIRCUIT_PURPOSE_C_INTRODUCING && reason != END_CIRC_REASON_TIMEOUT) { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); if (ocirc->build_state->chosen_exit && ocirc->rend_data) { - log_info(LD_REND, "Failed intro circ %s to %s " - "(building circuit to intro point). " - "Marking intro point as possibly unreachable.", - safe_str_client(ocirc->rend_data->onion_address), - safe_str_client(build_state_get_exit_nickname(ocirc->build_state))); - rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit, - ocirc->rend_data, - INTRO_POINT_FAILURE_UNREACHABLE); + if (orig_reason != END_CIRC_REASON_IP_NOW_REDUNDANT) { + log_info(LD_REND, "Failed intro circ %s to %s " + "(building circuit to intro point). " + "Marking intro point as possibly unreachable.", + safe_str_client(ocirc->rend_data->onion_address), + safe_str_client(build_state_get_exit_nickname( + ocirc->build_state))); + rend_client_report_intro_point_failure(ocirc->build_state->chosen_exit, + ocirc->rend_data, + INTRO_POINT_FAILURE_UNREACHABLE); + } } } + if (circ->n_chan) { circuit_clear_cell_queue(circ, circ->n_chan); /* Only send destroy if the channel isn't closing anyway */ diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 441a8fcbb5..10bc45f172 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -2324,7 +2324,7 @@ connection_ap_handshake_attach_circuit(entry_connection_t *conn) tor_assert(rendcirc); /* one is already established, attach */ log_info(LD_REND, - "rend joined circ %d already here. attaching. " + "rend joined circ %u already here. attaching. " "(stream %d sec old)", (unsigned)rendcirc->base_.n_circ_id, conn_age); /* Mark rendezvous circuits as 'newly dirty' every time you use diff --git a/src/or/dirserv.c b/src/or/dirserv.c index 730f005a96..d31bb72361 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -512,7 +512,7 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose, if (!n_parsed) { *msg = "No descriptors found in your POST."; if (WRA_WAS_ADDED(r)) - r = ROUTER_WAS_NOT_NEW; + r = ROUTER_IS_ALREADY_KNOWN; } else { *msg = "(no message)"; } @@ -574,7 +574,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) ri->cache_info.signed_descriptor_body, ri->cache_info.signed_descriptor_len, *msg); routerinfo_free(ri); - return ROUTER_WAS_NOT_NEW; + return ROUTER_IS_ALREADY_KNOWN; } /* Make a copy of desc, since router_add_to_routerlist might free @@ -646,7 +646,7 @@ dirserv_add_extrainfo(extrainfo_t *ei, const char **msg) if ((r = routerinfo_incompatible_with_extrainfo(ri, ei, NULL, msg))) { extrainfo_free(ei); - return r < 0 ? ROUTER_WAS_NOT_NEW : ROUTER_BAD_EI; + return r < 0 ? ROUTER_IS_ALREADY_KNOWN : ROUTER_BAD_EI; } router_add_extrainfo_to_routerlist(ei, msg, 0, 0); return ROUTER_ADDED_SUCCESSFULLY; diff --git a/src/or/or.h b/src/or/or.h index b95bfb15a9..5ebe7bfac3 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -676,6 +676,10 @@ typedef enum { /* Negative reasons are internal: we never send them in a DESTROY or TRUNCATE * call; they only go to the controller for tracking */ + +/* Closing introduction point that were opened in parallel. */ +#define END_CIRC_REASON_IP_NOW_REDUNDANT -4 + /** Our post-timeout circuit time measurement period expired. * We must give up now */ #define END_CIRC_REASON_MEASUREMENT_EXPIRED -3 @@ -4999,14 +5003,30 @@ typedef enum { /** Return value for router_add_to_routerlist() and dirserv_add_descriptor() */ typedef enum was_router_added_t { + /* Router was added successfully. */ ROUTER_ADDED_SUCCESSFULLY = 1, + /* Router descriptor was added with warnings to submitter. */ ROUTER_ADDED_NOTIFY_GENERATOR = 0, + /* Extrainfo document was rejected because no corresponding router + * descriptor was found OR router descriptor was rejected because + * it was incompatible with its extrainfo document. */ ROUTER_BAD_EI = -1, - ROUTER_WAS_NOT_NEW = -2, + /* Router descriptor was rejected because it is already known. */ + ROUTER_IS_ALREADY_KNOWN = -2, + /* General purpose router was rejected, because it was not listed + * in consensus. */ ROUTER_NOT_IN_CONSENSUS = -3, + /* Router was neither in directory consensus nor in any of + * networkstatus documents. Caching it to access later. + * (Applies to fetched descriptors only.) */ ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS = -4, + /* Router was rejected by directory authority. */ ROUTER_AUTHDIR_REJECTS = -5, + /* Bridge descriptor was rejected because such bridge was not one + * of the bridges we have listed in our configuration. */ ROUTER_WAS_NOT_WANTED = -6, + /* Router descriptor was rejected because it was older than + * OLD_ROUTER_DESC_MAX_AGE. */ ROUTER_WAS_TOO_OLD = -7, } was_router_added_t; diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 10d13a37bb..5e5a09e41f 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -370,8 +370,7 @@ rend_client_rendcirc_has_opened(origin_circuit_t *circ) } /** - * Called to close other intro circuits we launched in parallel - * due to timeout. + * Called to close other intro circuits we launched in parallel. */ static void rend_client_close_other_intros(const char *onion_address) @@ -388,7 +387,7 @@ rend_client_close_other_intros(const char *onion_address) log_info(LD_REND|LD_CIRC, "Closing introduction circuit %d that we " "built in parallel (Purpose %d).", oc->global_identifier, c->purpose); - circuit_mark_for_close(c, END_CIRC_REASON_TIMEOUT); + circuit_mark_for_close(c, END_CIRC_REASON_IP_NOW_REDUNDANT); } } } diff --git a/src/or/routerlist.c b/src/or/routerlist.c index d81dae4676..0ebdac6851 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2945,6 +2945,7 @@ MOCK_IMPL(STATIC was_router_added_t, extrainfo_insert,(routerlist_t *rl, extrainfo_t *ei)) { was_router_added_t r; + const char *compatibility_error_msg; routerinfo_t *ri = rimap_get(rl->identity_map, ei->cache_info.identity_digest); signed_descriptor_t *sd = @@ -2961,9 +2962,14 @@ extrainfo_insert,(routerlist_t *rl, extrainfo_t *ei)) r = ROUTER_NOT_IN_CONSENSUS; goto done; } - if (routerinfo_incompatible_with_extrainfo(ri, ei, sd, NULL)) { + if (routerinfo_incompatible_with_extrainfo(ri, ei, sd, + &compatibility_error_msg)) { r = (ri->cache_info.extrainfo_is_bogus) ? ROUTER_BAD_EI : ROUTER_NOT_IN_CONSENSUS; + + log_warn(LD_DIR,"router info incompatible with extra info (reason: %s)", + compatibility_error_msg); + goto done; } @@ -3376,7 +3382,7 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg, router_describe(router)); *msg = "Router descriptor was not new."; routerinfo_free(router); - return ROUTER_WAS_NOT_NEW; + return ROUTER_IS_ALREADY_KNOWN; } } @@ -3461,7 +3467,7 @@ router_add_to_routerlist(routerinfo_t *router, const char **msg, &routerlist->desc_store); routerlist_insert_old(routerlist, router); *msg = "Router descriptor was not new."; - return ROUTER_WAS_NOT_NEW; + return ROUTER_IS_ALREADY_KNOWN; } else { /* Same key, and either new, or listed in the consensus. */ log_debug(LD_DIR, "Replacing entry for router %s", diff --git a/src/or/routerlist.h b/src/or/routerlist.h index c6151deb49..e73e69b63a 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -118,7 +118,7 @@ WRA_WAS_ADDED(was_router_added_t s) { static INLINE int WRA_WAS_OUTDATED(was_router_added_t s) { return (s == ROUTER_WAS_TOO_OLD || - s == ROUTER_WAS_NOT_NEW || + s == ROUTER_IS_ALREADY_KNOWN || s == ROUTER_NOT_IN_CONSENSUS || s == ROUTER_NOT_IN_CONSENSUS_OR_NETWORKSTATUS); } diff --git a/src/test/test_checkdir.c b/src/test/test_checkdir.c index 185e5fbef1..5135816270 100644 --- a/src/test/test_checkdir.c +++ b/src/test/test_checkdir.c @@ -10,6 +10,9 @@ #ifdef _WIN32 #define mkdir(a,b) mkdir(a) +#define tt_int_op_nowin(a,op,b) do { (void)(a); (void)(b); } while (0) +#else +#define tt_int_op_nowin(a,op,b) tt_int_op((a),op,(b)) #endif /** Run unit tests for private dir permission enforcement logic. */ @@ -19,7 +22,7 @@ test_checkdir_perms(void *testdata) (void)testdata; or_options_t *options = get_options_mutable(); const char *subdir = "test_checkdir"; - char *testdir; + char *testdir = NULL; cpd_check_t cpd_chkopts; cpd_check_t unix_create_opts; cpd_check_t unix_verify_optsmask; @@ -36,7 +39,7 @@ test_checkdir_perms(void *testdata) unix_verify_optsmask = 0077; tt_int_op(0, ==, check_private_dir(testdir, cpd_chkopts, NULL)); tt_int_op(0, ==, stat(testdir, &st)); - tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); + tt_int_op_nowin(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); /* test: create new dir, CPD_GROUP_OK option set. */ @@ -45,7 +48,7 @@ test_checkdir_perms(void *testdata) unix_verify_optsmask = 0077; tt_int_op(0, ==, check_private_dir(testdir, cpd_chkopts, NULL)); tt_int_op(0, ==, stat(testdir, &st)); - tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); + tt_int_op_nowin(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); /* test: should get an error on existing dir with @@ -53,7 +56,7 @@ test_checkdir_perms(void *testdata) testdir = get_datadir_fname("checkdir_new_groupok_err"); tt_int_op(0, ==, mkdir(testdir, 027)); cpd_chkopts = CPD_CHECK_MODE_ONLY|CPD_CREATE|CPD_GROUP_OK; - tt_int_op(-1, ==, check_private_dir(testdir, cpd_chkopts, NULL)); + tt_int_op_nowin(-1, ==, check_private_dir(testdir, cpd_chkopts, NULL)); tor_free(testdir); /* test: create new dir, CPD_GROUP_READ option set. */ @@ -62,7 +65,7 @@ test_checkdir_perms(void *testdata) unix_verify_optsmask = 0027; tt_int_op(0, ==, check_private_dir(testdir, cpd_chkopts, NULL)); tt_int_op(0, ==, stat(testdir, &st)); - tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); + tt_int_op_nowin(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); /* test: check existing dir created with defaults, @@ -75,7 +78,7 @@ test_checkdir_perms(void *testdata) tt_int_op(0, ==, mkdir(testdir, unix_create_opts)); tt_int_op(0, ==, check_private_dir(testdir, cpd_chkopts, NULL)); tt_int_op(0, ==, stat(testdir, &st)); - tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); + tt_int_op_nowin(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); /* test: check existing dir created with defaults, @@ -87,7 +90,7 @@ test_checkdir_perms(void *testdata) cpd_chkopts = CPD_GROUP_OK; tt_int_op(0, ==, check_private_dir(testdir, cpd_chkopts, NULL)); tt_int_op(0, ==, stat(testdir, &st)); - tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); + tt_int_op_nowin(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); /* test: check existing dir created with defaults, @@ -99,7 +102,7 @@ test_checkdir_perms(void *testdata) cpd_chkopts = CPD_GROUP_READ; tt_int_op(0, ==, check_private_dir(testdir, cpd_chkopts, NULL)); tt_int_op(0, ==, stat(testdir, &st)); - tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); + tt_int_op_nowin(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); /* test: check existing dir created with CPD_GROUP_READ, @@ -111,7 +114,7 @@ test_checkdir_perms(void *testdata) cpd_chkopts = CPD_GROUP_OK; tt_int_op(0, ==, check_private_dir(testdir, cpd_chkopts, NULL)); tt_int_op(0, ==, stat(testdir, &st)); - tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); + tt_int_op_nowin(0, ==, (st.st_mode & unix_verify_optsmask)); tor_free(testdir); /* test: check existing dir created with CPD_GROUP_READ, @@ -121,11 +124,10 @@ test_checkdir_perms(void *testdata) unix_verify_optsmask = 0027; tt_int_op(0, ==, check_private_dir(testdir, cpd_chkopts, NULL)); tt_int_op(0, ==, stat(testdir, &st)); - tt_int_op(0, ==, (st.st_mode & unix_verify_optsmask)); - tor_free(testdir); + tt_int_op_nowin(0, ==, (st.st_mode & unix_verify_optsmask)); - done: - ; + done: + tor_free(testdir); } #define CHECKDIR(name,flags) \ |