diff options
Diffstat (limited to 'src')
37 files changed, 574 insertions, 450 deletions
diff --git a/src/app/config/auth_dirs.inc b/src/app/config/auth_dirs.inc index 08a919b053..278f08bfcf 100644 --- a/src/app/config/auth_dirs.inc +++ b/src/app/config/auth_dirs.inc @@ -7,7 +7,7 @@ "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D", "dizum orport=443 " "v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 " - "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755", + "45.66.33.45:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755", "Serge orport=9001 bridge " "66.111.2.131:9030 BA44 A889 E64B 93FA A2B1 14E0 2C2A 279A 8555 C533", "gabelmoo orport=443 " diff --git a/src/app/config/config.c b/src/app/config/config.c index 2a504d3065..0b1b758d96 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -2412,7 +2412,8 @@ options_act(const or_options_t *old_options) if (!bool_eq(directory_fetches_dir_info_early(options), directory_fetches_dir_info_early(old_options)) || !bool_eq(directory_fetches_dir_info_later(options), - directory_fetches_dir_info_later(old_options))) { + directory_fetches_dir_info_later(old_options)) || + !config_lines_eq(old_options->Bridges, options->Bridges)) { /* Make sure update_router_have_minimum_dir_info() gets called. */ router_dir_info_changed(); /* We might need to download a new consensus status later or sooner than @@ -2474,6 +2475,7 @@ static const struct { { "--quiet", TAKES_NO_ARGUMENT }, { "--hush", TAKES_NO_ARGUMENT }, { "--version", TAKES_NO_ARGUMENT }, + { "--list-modules", TAKES_NO_ARGUMENT }, { "--library-versions", TAKES_NO_ARGUMENT }, { "-h", TAKES_NO_ARGUMENT }, { "--help", TAKES_NO_ARGUMENT }, @@ -2695,6 +2697,13 @@ list_deprecated_options(void) } } +/** Print all compile-time modules and their enabled/disabled status. */ +static void +list_enabled_modules(void) +{ + printf("%s: %s\n", "dirauth", have_module_dirauth() ? "yes" : "no"); +} + /** Last value actually set by resolve_my_address. */ static uint32_t last_resolved_addr = 0; @@ -5198,6 +5207,11 @@ options_init_from_torrc(int argc, char **argv) return 1; } + if (config_line_find(cmdline_only_options, "--list-modules")) { + list_enabled_modules(); + return 1; + } + if (config_line_find(cmdline_only_options, "--library-versions")) { printf("Tor version %s. \n", get_version()); printf("Library versions\tCompiled\t\tRuntime\n"); @@ -7080,7 +7094,7 @@ parse_port_config(smartlist_t *out, if (!strcasecmpstart(elt, "SessionGroup=")) { int group = (int)tor_parse_long(elt+strlen("SessionGroup="), 10, 0, INT_MAX, &ok, NULL); - if (!ok || !allow_no_stream_options) { + if (!ok || allow_no_stream_options) { log_warn(LD_CONFIG, "Invalid %sPort option '%s'", portname, escaped(elt)); goto err; diff --git a/src/app/config/fallback_dirs.inc b/src/app/config/fallback_dirs.inc index 9f60f309f8..793f65ce88 100644 --- a/src/app/config/fallback_dirs.inc +++ b/src/app/config/fallback_dirs.inc @@ -1,55 +1,62 @@ /* type=fallback */ /* version=2.0.0 */ -/* timestamp=20181207055710 */ -/* timestamp0=20181207055710 */ -/* timestamp1=20181207193756 */ -/* timestamp2=20181207195255 */ -/* ===== */ -/* 0: Whitelist excluded 1275 of 1462 candidates. */ -/* 1: Whitelist excluded 1279 of 1470 candidates. */ -/* 2: Whitelist excluded 1278 of 1469 candidates. */ +/* timestamp=20190625114911 */ +/* timestamp0=20190625114911 */ +/* timestamp1=20190628085927 */ +/* source=whitelist */ +/* ===== */ +/* 0: Whitelist excluded 1550 of 1711 candidates. */ +/* 1: Whitelist excluded 1601 of 1765 candidates. */ /* Checked IPv4 DirPorts served a consensus within 15.0s. */ /* 0: -Final Count: 148 (Eligible 187, Target 351 (1757 * 0.20), Max 200) -Excluded: 39 (Same Operator 28, Failed/Skipped Download 7, Excess 4) -Bandwidth Range: 0.8 - 43.8 MByte/s +Final Count: 140 (Eligible 161, Target 414 (2072 * 0.20), Max 200) +Excluded: 21 (Same Operator 16, Failed/Skipped Download 3, Excess 2) +Bandwidth Range: 0.5 - 54.5 MByte/s MERGED WITH: 1: -Final Count: 138 (Eligible 191, Target 353 (1768 * 0.20), Max 200) -Excluded: 53 (Same Operator 29, Failed/Skipped Download 20, Excess 4) -Bandwidth Range: 1.0 - 46.9 MByte/s - -MERGED WITH: - -2: -Final Count: 145 (Eligible 191, Target 353 (1768 * 0.20), Max 200) -Excluded: 46 (Same Operator 29, Failed/Skipped Download 13, Excess 4) -Bandwidth Range: 1.0 - 46.9 MByte/s +Final Count: 140 (Eligible 164, Target 414 (2073 * 0.20), Max 200) +Excluded: 24 (Same Operator 16, Failed/Skipped Download 4, Excess 4) +Bandwidth Range: 0.8 - 54.5 MByte/s */ /* -0: Onionoo Source: details Date: 2018-12-07 05:00:00 Version: 7.0 -1: Onionoo Source: details Date: 2018-12-07 18:00:00 Version: 7.0 -2: Onionoo Source: details Date: 2018-12-07 18:00:00 Version: 7.0 +): +Onionoo Source: details Date: 2019-06-25 10:00:00 Version: 7.0 URL: https:onionoo.torproject.orgdetails?fieldsfingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cadvertised_bandwidth%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags%2Ceffective_family%2Cplatform&flagV2Dir&typerelay&last_seen_days-0&first_seen_days90- + +MERGED WITH: + +1: +Onionoo Source: details Date: 2019-06-28 07:00:00 Version: 7.0 +URL: https:onionoo.torproject.orgdetails?fieldsfingerprint%2Cnickname%2Ccontact%2Clast_changed_address_or_port%2Cconsensus_weight%2Cadvertised_bandwidth%2Cor_addresses%2Cdir_address%2Crecommended_version%2Cflags%2Ceffective_family%2Cplatform&last_seen_days-0&flagV2Dir&first_seen_days90-&typerelay&order-consensus_weight%2Cfirst_seen */ /* -0: Onionoo Source: uptime Date: 2018-12-07 05:00:00 Version: 7.0 -1: Onionoo Source: uptime Date: 2018-12-07 18:00:00 Version: 7.0 -2: Onionoo Source: uptime Date: 2018-12-07 18:00:00 Version: 7.0 +0: +Onionoo Source: uptime Date: 2019-06-25 10:00:00 Version: 7.0 URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&last_seen_days-0 + +MERGED WITH: + +1: +Onionoo Source: uptime Date: 2019-06-28 07:00:00 Version: 7.0 +URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&order-consensus_weight%2Cfirst_seen&last_seen_days-0 */ /* ===== */ -"176.10.104.240:80 orport=443 id=0111BA9B604669E636FFD5B503F382A4B7AD6E80" -/* nickname=DigiGesTor1e1 */ +"185.13.39.197:80 orport=443 id=001524DD403D729F08F7E5D77813EF12756CFA8D" +/* nickname=Neldoreth */ /* extrainfo=0 */ /* ===== */ , -"193.171.202.146:9030 orport=9001 id=01A9258A46E97FF8B2CAC7910577862C14F2C524" -" ipv6=[2001:628:200a:f001:20::146]:9001" -/* nickname=ins0 */ +"185.100.85.61:80 orport=443 id=025B66CEBC070FCB0519D206CF0CF4965C20C96E" +/* nickname=nibbana */ +/* extrainfo=0 */ +/* ===== */ +, +"185.225.17.3:80 orport=443 id=0338F9F55111FE8E3570E7DE117EF3AF999CC1D7" +" ipv6=[2a0a:c800:1:5::3]:443" +/* nickname=Nebuchadnezzar */ /* extrainfo=0 */ /* ===== */ , @@ -63,17 +70,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"5.196.88.122:9030 orport=9001 id=0C2C599AFCB26F5CFC2C7592435924C1D63D9484" -" ipv6=[2001:41d0:a:fb7a::1]:9001" -/* nickname=ATo */ -/* extrainfo=0 */ -/* ===== */ -, -"185.100.86.100:80 orport=443 id=0E8C0C8315B66DB5F703804B3889A1DD66C67CE0" -/* nickname=saveyourprivacyex1 */ -/* extrainfo=0 */ -/* ===== */ -, "37.252.185.182:9030 orport=8080 id=113143469021882C3A4B82F084F8125B08EE471E" " ipv6=[2a00:63c1:a:182::2]:8080" /* nickname=parasol */ @@ -86,42 +82,30 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"193.11.114.43:9030 orport=9001 id=12AD30E5D25AA67F519780E2111E611A455FDC89" -" ipv6=[2001:6b0:30:1000::99]:9050" -/* nickname=mdfnet1 */ +"95.85.8.226:80 orport=443 id=1211AC1BBB8A1AF7CBA86BCE8689AA3146B86423" +/* nickname=ccrelaycc */ /* extrainfo=0 */ /* ===== */ , -"193.234.15.59:80 orport=443 id=136F9299A5009A4E0E96494E723BDB556FB0A26B" -" ipv6=[2a00:1c20:4089:1234:bff6:e1bb:1ce3:8dc6]:443" -/* nickname=bakunin2 */ -/* extrainfo=0 */ -/* ===== */ -, -"144.76.14.145:110 orport=143 id=14419131033443AE6E21DA82B0D307F7CAE42BDB" -" ipv6=[2a01:4f8:190:9490::dead]:443" -/* nickname=PedicaboMundi */ -/* extrainfo=0 */ -/* ===== */ -, -"185.220.101.9:10009 orport=20009 id=14877C6384A9E793F422C8D1DDA447CACA4F7C4B" -/* nickname=niftywoodmouse */ +"193.11.114.43:9030 orport=9001 id=12AD30E5D25AA67F519780E2111E611A455FDC89" +" ipv6=[2001:6b0:30:1000::99]:9050" +/* nickname=mdfnet1 */ /* extrainfo=0 */ /* ===== */ , -"54.37.138.138:8080 orport=993 id=1576BE143D8727745BB2BCDDF183291B3C3EFEFC" -/* nickname=anotherone */ +"37.157.195.87:8030 orport=443 id=12FD624EE73CEF37137C90D38B2406A66F68FAA2" +/* nickname=thanatosCZ */ /* extrainfo=0 */ /* ===== */ , -"51.15.78.0:9030 orport=9001 id=15BE17C99FACE24470D40AF782D6A9C692AB36D6" -" ipv6=[2001:bc8:4700:2300::16:c0b]:9001" -/* nickname=rofltor07 */ +"217.182.51.248:80 orport=443 id=183005F78229D94EE51CE7795A42280070A48D0D" +/* nickname=Cosworth02 */ /* extrainfo=0 */ /* ===== */ , -"204.11.50.131:9030 orport=9001 id=185F2A57B0C4620582602761097D17DB81654F70" -/* nickname=BoingBoing */ +"171.25.193.25:80 orport=443 id=185663B7C12777F052B2C2D23D7A239D8DA88A0F" +" ipv6=[2001:67c:289c::25]:443" +/* nickname=DFRI5 */ /* extrainfo=0 */ /* ===== */ , @@ -135,9 +119,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=1 */ /* ===== */ , -"163.172.53.84:143 orport=21 id=1C90D3AEADFF3BCD079810632C8B85637924A58E" -" ipv6=[2001:bc8:24f8::]:21" -/* nickname=Multivac */ +"50.7.74.171:9030 orport=9001 id=1CD17CB202063C51C7DAD3BACEF87ECE81C2350F" +" ipv6=[2001:49f0:d002:2::51]:443" +/* nickname=theia1 */ /* extrainfo=0 */ /* ===== */ , @@ -153,24 +137,13 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"163.172.176.167:80 orport=443 id=230A8B2A8BA861210D9B4BA97745AEC217A94207" -/* nickname=niij01 */ -/* extrainfo=0 */ -/* ===== */ -, -"185.220.101.8:10008 orport=20008 id=24E91955D969AEA1D80413C64FE106FAE7FD2EA9" -/* nickname=niftymouse */ +"77.247.181.164:80 orport=443 id=204DFD2A2C6A0DC1FA0EACB495218E0B661704FD" +/* nickname=HaveHeart */ /* extrainfo=0 */ /* ===== */ , -"138.201.250.33:9012 orport=9011 id=2BA2C8E96B2590E1072AECE2BDB5C48921BF8510" -/* nickname=storm */ -/* extrainfo=0 */ -/* ===== */ -, -"193.234.15.56:80 orport=443 id=2CDCFED0142B28B002E89D305CBA2E26063FADE2" -" ipv6=[2a00:1c20:4089:1234:cd49:b58a:9ebe:67ec]:443" -/* nickname=jaures */ +"163.172.176.167:80 orport=443 id=230A8B2A8BA861210D9B4BA97745AEC217A94207" +/* nickname=niij01 */ /* extrainfo=0 */ /* ===== */ , @@ -179,14 +152,14 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"94.230.208.147:8080 orport=8443 id=311A4533F7A2415F42346A6C8FA77E6FD279594C" -" ipv6=[2a02:418:6017::147]:8443" -/* nickname=DigiGesTor3e2 */ +"212.83.154.33:8080 orport=8443 id=322C6E3A973BC10FC36DE3037AD27BC89F14723B" +/* nickname=bauruine204 */ /* extrainfo=0 */ /* ===== */ , -"212.83.154.33:8080 orport=8443 id=322C6E3A973BC10FC36DE3037AD27BC89F14723B" -/* nickname=bauruine204 */ +"109.105.109.162:52860 orport=60784 id=32EE911D968BE3E016ECA572BB1ED0A9EE43FC2F" +" ipv6=[2001:948:7:2::163]:5001" +/* nickname=ndnr1 */ /* extrainfo=0 */ /* ===== */ , @@ -196,64 +169,53 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"54.37.17.235:9030 orport=9001 id=360CBA08D1E24F513162047BDB54A1015E531534" -/* nickname=Aerodynamik06 */ -/* extrainfo=0 */ -/* ===== */ -, "37.157.255.35:9030 orport=9090 id=361D33C96D0F161275EE67E2C91EE10B276E778B" /* nickname=cxx4freedom */ /* extrainfo=0 */ /* ===== */ , -"37.187.22.87:9030 orport=9001 id=36B9E7AC1E36B62A9D6F330ABEB6012BA7F0D400" -" ipv6=[2001:41d0:a:1657::1]:9001" -/* nickname=kimsufi321 */ -/* extrainfo=0 */ -/* ===== */ -, "64.79.152.132:80 orport=443 id=375DCBB2DBD94E5263BC0C015F0C9E756669617E" /* nickname=ebola */ /* extrainfo=0 */ /* ===== */ , -"62.210.92.11:9130 orport=9101 id=387B065A38E4DAA16D9D41C2964ECBC4B31D30FF" -" ipv6=[2001:bc8:338c::1]:9101" -/* nickname=redjohn1 */ +"213.183.60.21:9030 orport=443 id=39F91959416763AFD34DBEEC05474411B964B2DC" +/* nickname=angeltest11 */ /* extrainfo=0 */ /* ===== */ , -"198.50.191.95:80 orport=443 id=39F096961ED2576975C866D450373A9913AFDC92" -/* nickname=thomas */ +"50.7.74.174:9030 orport=9001 id=3AFDAAD91A15B4C6A7686A53AA8627CA871FF491" +" ipv6=[2001:49f0:d002:2::57]:443" +/* nickname=theia7 */ /* extrainfo=0 */ /* ===== */ , -"66.111.2.16:9030 orport=9001 id=3F092986E9B87D3FDA09B71FA3A602378285C77A" -" ipv6=[2610:1c0:0:5::16]:9001" -/* nickname=NYCBUG1 */ +"199.249.230.83:80 orport=443 id=3CA0D15567024D2E0B557DC0CF3E962B37999A79" +" ipv6=[2620:7:6001::ffff:c759:e653]:80" +/* nickname=QuintexAirVPN30 */ /* extrainfo=0 */ /* ===== */ , -"185.100.85.101:9030 orport=9001 id=4061C553CA88021B8302F0814365070AAE617270" -/* nickname=TorExitRomania */ +"51.38.65.160:9030 orport=9001 id=3CB4193EF4E239FCEDC4DC43468E0B0D6B67ACC3" +" ipv6=[2001:41d0:801:2000::f6e]:9001" +/* nickname=rofltor10 */ /* extrainfo=0 */ /* ===== */ , -"195.191.81.7:9030 orport=9001 id=41A3C16269C7B63DB6EB741DBDDB4E1F586B1592" -" ipv6=[2a00:1908:fffc:ffff:c0a6:ccff:fe62:e1a1]:9001" -/* nickname=rofltor02 */ +"217.79.179.177:9030 orport=9001 id=3E53D3979DB07EFD736661C934A1DED14127B684" +" ipv6=[2001:4ba0:fff9:131:6c4f::90d3]:9001" +/* nickname=Unnamed */ /* extrainfo=0 */ /* ===== */ , -"178.17.170.156:9030 orport=9001 id=41C59606AFE1D1AA6EC6EF6719690B856F0B6587" -" ipv6=[2a00:1dc0:caff:48::9257]:9001" -/* nickname=TorExitMoldova2 */ +"66.111.2.16:9030 orport=9001 id=3F092986E9B87D3FDA09B71FA3A602378285C77A" +" ipv6=[2610:1c0:0:5::16]:9001" +/* nickname=NYCBUG1 */ /* extrainfo=0 */ /* ===== */ , -"81.7.10.251:80 orport=443 id=45362E8ECD651CCAC521156FFBD2FF7F27FA8E88" -" ipv6=[2a02:180:1:1::517:afb]:443" -/* nickname=torpidsDEisppro2 */ +"185.100.85.101:9030 orport=9001 id=4061C553CA88021B8302F0814365070AAE617270" +/* nickname=TorExitRomania */ /* extrainfo=0 */ /* ===== */ , @@ -262,8 +224,8 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"132.248.241.5:9030 orport=9001 id=4661DE96D3F8E923994B05218F23760C8D7935A4" -/* nickname=toritounam */ +"195.123.245.141:9030 orport=443 id=465D17C6FC297E3857B5C6F152006A1E212944EA" +/* nickname=angeltest14 */ /* extrainfo=0 */ /* ===== */ , @@ -272,18 +234,14 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"185.220.101.34:10034 orport=20034 id=47C42E2094EE482E7C9B586B10BABFB67557030B" -/* nickname=niftysugarglider */ -/* extrainfo=0 */ -/* ===== */ -, "193.70.43.76:9030 orport=9001 id=484A10BA2B8D48A5F0216674C8DD50EF27BC32F3" /* nickname=Aerodynamik03 */ /* extrainfo=0 */ /* ===== */ , -"51.254.101.242:9002 orport=9001 id=4CC9CC9195EC38645B699A33307058624F660CCF" -/* nickname=devsum */ +"37.187.102.186:9030 orport=9001 id=489D94333DF66D57FFE34D9D59CC2D97E2CB0053" +" ipv6=[2001:41d0:a:26ba::1]:9001" +/* nickname=txtfileTorNode65536 */ /* extrainfo=0 */ /* ===== */ , @@ -293,9 +251,15 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"212.51.134.123:9030 orport=9001 id=50586E25BE067FD1F739998550EDDCB1A14CA5B2" -/* nickname=Jans */ -/* extrainfo=0 */ +"108.53.208.157:80 orport=443 id=4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2" +/* nickname=Binnacle */ +/* extrainfo=1 */ +/* ===== */ +, +"5.9.158.75:9030 orport=9001 id=509EAB4C5D10C9A9A24B4EA0CE402C047A2D64E6" +" ipv6=[2a01:4f8:190:514a::2]:9001" +/* nickname=zwiebeltoralf2 */ +/* extrainfo=1 */ /* ===== */ , "81.7.16.182:80 orport=443 id=51E1CF613FD6F9F11FE24743C91D6F9981807D82" @@ -304,11 +268,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"85.25.159.65:995 orport=80 id=52BFADA8BEAA01BA46C8F767F83C18E2FE50C1B9" -/* nickname=BeastieJoy63 */ -/* extrainfo=0 */ -/* ===== */ -, "192.160.102.166:80 orport=9001 id=547DA56F6B88B6C596B3E3086803CDA4F0EF8F21" " ipv6=[2620:132:300c:c01d::6]:9002" /* nickname=chaucer */ @@ -321,20 +280,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"95.130.12.119:80 orport=443 id=587E0A9552E4274B251F29B5B2673D38442EE4BF" -/* nickname=Nuath */ -/* extrainfo=0 */ -/* ===== */ -, -"185.21.100.50:9030 orport=9001 id=58ED9C9C35E433EE58764D62892B4FFD518A3CD0" -" ipv6=[2a00:1158:2:cd00:0:74:6f:72]:443" -/* nickname=SamAAdams2 */ -/* extrainfo=0 */ -/* ===== */ -, -"193.234.15.62:80 orport=443 id=5CF8AFA5E4B0BB88942A44A3F3AAE08C3BDFD60B" -" ipv6=[2a00:1c20:4089:1234:a6a4:2926:d0af:dfee]:443" -/* nickname=jaures4 */ +"50.7.74.170:80 orport=443 id=5BF17163CBE73D8CD9FDBE030C944EA05707DA93" +" ipv6=[2001:49f0:d002:2::58]:443" +/* nickname=theia8 */ /* extrainfo=0 */ /* ===== */ , @@ -343,8 +291,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"185.220.101.28:10028 orport=20028 id=609E598FB6A00BCF7872906B602B705B64541C50" -/* nickname=niftychipmunk */ +"95.128.43.164:80 orport=443 id=616081EC829593AF4232550DE6FFAA1D75B37A90" +" ipv6=[2a02:ec0:209:10::4]:443" +/* nickname=AquaRayTerminus */ /* extrainfo=0 */ /* ===== */ , @@ -353,6 +302,12 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , +"94.130.186.5:80 orport=443 id=6A7551EEE18F78A9813096E82BF84F740D32B911" +" ipv6=[2a01:4f8:1c0c:45f7::1]:443" +/* nickname=TorMachine */ +/* extrainfo=0 */ +/* ===== */ +, "80.127.137.19:80 orport=443 id=6EF897645B79B6CB35E853B32506375014DE3621" " ipv6=[2001:981:47c1:1::6]:443" /* nickname=d6relay */ @@ -370,19 +325,27 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"185.220.101.30:10030 orport=20030 id=71CFDEB4D9E00CCC3E31EC4E8A29E109BBC1FB36" -/* nickname=niftypedetidae */ +"85.235.250.88:80 orport=443 id=72B2B12A3F60408BDBC98C6DF53988D3A0B3F0EE" +" ipv6=[2a01:3a0:1:1900:85:235:250:88]:443" +/* nickname=TykRelay01 */ /* extrainfo=0 */ /* ===== */ , -"85.235.250.88:80 orport=443 id=72B2B12A3F60408BDBC98C6DF53988D3A0B3F0EE" -/* nickname=TykRelay01 */ +"178.17.170.23:9030 orport=9001 id=742C45F2D9004AADE0077E528A4418A6A81BC2BA" +" ipv6=[2a00:1dc0:caff:7d::8254]:9001" +/* nickname=TorExitMoldova2 */ /* extrainfo=0 */ /* ===== */ , -"81.7.14.31:9001 orport=443 id=7600680249A22080ECC6173FBBF64D6FCF330A61" -/* nickname=Ichotolot62 */ -/* extrainfo=1 */ +"50.7.74.173:9030 orport=9001 id=745369332749021C6FAF100D327BC3BF1DF4707B" +" ipv6=[2001:49f0:d002:2::55]:443" +/* nickname=theia5 */ +/* extrainfo=0 */ +/* ===== */ +, +"77.247.181.166:80 orport=443 id=77131D7E2EC1CA9B8D737502256DA9103599CE51" +/* nickname=CriticalMass */ +/* extrainfo=0 */ /* ===== */ , "5.196.23.64:9030 orport=9001 id=775B0FAFDE71AADC23FFC8782B7BEB1D5A92733E" @@ -390,13 +353,24 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , +"185.244.193.141:9030 orport=9001 id=79509683AB4C8DDAF90A120C69A4179C6CD5A387" +" ipv6=[2a03:4000:27:192:24:12:1984:4]:9001" +/* nickname=DerDickeReloaded */ +/* extrainfo=0 */ +/* ===== */ +, "51.254.136.195:80 orport=443 id=7BB70F8585DFC27E75D692970C0EEB0F22983A63" /* nickname=torproxy02 */ /* extrainfo=0 */ /* ===== */ , -"185.100.84.82:80 orport=443 id=7D05A38E39FC5D29AFE6BE487B9B4DC9E635D09E" -/* nickname=saveyourprivacyexit */ +"77.247.181.162:80 orport=443 id=7BFB908A3AA5B491DA4CA72CCBEE0E1F2A939B55" +/* nickname=sofia */ +/* extrainfo=0 */ +/* ===== */ +, +"185.220.101.48:10048 orport=20048 id=7E281CD2C315C4F7A84BC7C8721C3BC974DDBFA3" +/* nickname=niftyporcupine */ /* extrainfo=0 */ /* ===== */ , @@ -411,12 +385,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"217.12.199.190:80 orport=443 id=81AFA888F8F8F4A024AB58ECA0ADDEBB93FF01DA" -" ipv6=[2a02:27a8:0:2::486]:993" -/* nickname=torpidsUAitlas */ -/* extrainfo=0 */ -/* ===== */ -, "192.42.116.16:80 orport=443 id=81B75D534F91BFB7C57AB67DA10BCEF622582AE8" /* nickname=hviv104 */ /* extrainfo=0 */ @@ -439,19 +407,19 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"185.96.88.29:80 orport=443 id=86C281AD135058238D7A337D546C902BE8505DDE" -/* nickname=TykRelay05 */ +"85.230.178.139:9030 orport=443 id=855BC2DABE24C861CD887DB9B2E950424B49FC34" +/* nickname=Logforme */ /* extrainfo=0 */ /* ===== */ , -"93.180.156.84:9030 orport=9001 id=8844D87E9B038BE3270938F05AF797E1D3C74C0F" -/* nickname=BARACUDA */ +"178.254.7.88:8080 orport=8443 id=85A885433E50B1874F11CEC9BE98451E24660976" +/* nickname=wr3ck3d0ni0n01 */ /* extrainfo=0 */ /* ===== */ , -"51.15.205.214:9030 orport=9001 id=8B6556601612F1E2AFCE2A12FFFAF8482A76DD1F" -" ipv6=[2001:bc8:4400:2500::5:b07]:9001" -/* nickname=titania1 */ +"185.96.88.29:80 orport=443 id=86C281AD135058238D7A337D546C902BE8505DDE" +" ipv6=[2a00:4020::185:96:88:29]:443" +/* nickname=TykRelay05 */ /* extrainfo=0 */ /* ===== */ , @@ -461,35 +429,46 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , +"5.189.169.190:8030 orport=8080 id=8D79F73DCD91FC4F5017422FAC70074D6DB8DD81" +/* nickname=thanatosDE */ +/* extrainfo=0 */ +/* ===== */ +, "81.7.11.96:9030 orport=9001 id=8FA37B93397015B2BC5A525C908485260BE9F422" /* nickname=Doedel22 */ /* extrainfo=0 */ /* ===== */ , +"54.37.139.118:9030 orport=9001 id=90A5D1355C4B5840E950EB61E673863A6AE3ACA1" +" ipv6=[2001:41d0:601:1100::1b8]:9001" +/* nickname=rofltor09 */ +/* extrainfo=0 */ +/* ===== */ +, "37.187.20.59:80 orport=443 id=91D23D8A539B83D2FB56AA67ECD4D75CC093AC55" " ipv6=[2001:41d0:a:143b::1]:993" /* nickname=torpidsFRovh */ /* extrainfo=0 */ /* ===== */ , -"51.255.41.65:9030 orport=9001 id=9231DF741915AA1630031A93026D88726877E93A" -/* nickname=PrisnCellRelayFR1 */ +"173.255.245.116:9030 orport=9001 id=91E4015E1F82DAF0121D62267E54A1F661AB6DC7" +/* nickname=IWorshipHisShadow */ /* extrainfo=0 */ /* ===== */ , -"54.37.73.111:9030 orport=9001 id=92412EA1B9AA887D462B51D816777002F4D58907" -/* nickname=Aerodynamik05 */ +"96.253.78.108:80 orport=443 id=924B24AFA7F075D059E8EEB284CC400B33D3D036" +/* nickname=NSDFreedom */ /* extrainfo=0 */ /* ===== */ , -"96.253.78.108:80 orport=443 id=924B24AFA7F075D059E8EEB284CC400B33D3D036" -/* nickname=NSDFreedom */ +"92.38.163.21:9030 orport=443 id=9288B75B5FF8861EFF32A6BE8825CC38A4F9F8C2" +/* nickname=angeltest9 */ /* extrainfo=0 */ /* ===== */ , -"193.234.15.57:80 orport=443 id=92CFD9565B24646CAC2D172D3DB503D69E777B8A" -" ipv6=[2a00:1c20:4089:1234:7825:2c5d:1ecd:c66f]:443" -/* nickname=bakunin */ +"163.172.53.84:80 orport=443 id=935F589545B8A271A722E330445BB99F67DBB058" +" ipv6=[2001:bc8:24f8::]:443" +/* nickname=Multivac0 */ /* extrainfo=0 */ /* ===== */ , @@ -508,23 +487,17 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"91.229.20.27:9030 orport=9001 id=9A0D54D3A6D2E0767596BF1515E6162A75B3293F" -/* nickname=gordonkeybag */ -/* extrainfo=0 */ -/* ===== */ -, -"66.111.2.20:9030 orport=9001 id=9A68B85A02318F4E7E87F2828039FBD5D75B0142" -" ipv6=[2610:1c0:0:5::20]:9001" -/* nickname=NYCBUG0 */ -/* extrainfo=0 */ -/* ===== */ -, "185.100.86.128:9030 orport=9001 id=9B31F1F1C1554F9FFB3455911F82E818EF7C7883" " ipv6=[2a06:1700:1::11]:9001" /* nickname=TorExitFinland */ /* extrainfo=0 */ /* ===== */ , +"185.220.101.49:10049 orport=20049 id=9B816A5B3EB20B8E4E9B9D1FBA299BD3F40F0320" +/* nickname=niftypygmyjerboa */ +/* extrainfo=0 */ +/* ===== */ +, "86.105.212.130:9030 orport=443 id=9C900A7F6F5DD034CFFD192DAEC9CCAA813DB022" /* nickname=firstor2 */ /* extrainfo=0 */ @@ -545,54 +518,28 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=1 */ /* ===== */ , -"171.25.193.77:80 orport=443 id=A10C4F666D27364036B562823E5830BC448E046A" -" ipv6=[2001:67c:289c:3::77]:443" -/* nickname=DFRI1 */ -/* extrainfo=0 */ -/* ===== */ -, -"87.118.122.120:80 orport=443 id=A2A6616723B511D8E068BB71705191763191F6B2" -/* nickname=otheontelth */ -/* extrainfo=0 */ -/* ===== */ -, "81.7.3.67:993 orport=443 id=A2E6BB5C391CD46B38C55B4329C35304540771F1" /* nickname=BeastieJoy62 */ /* extrainfo=1 */ /* ===== */ , -"171.25.193.78:80 orport=443 id=A478E421F83194C114F41E94F95999672AED51FE" -" ipv6=[2001:67c:289c:3::78]:443" -/* nickname=DFRI4 */ -/* extrainfo=0 */ -/* ===== */ -, -"193.234.15.58:80 orport=443 id=A4C98CEA3F34E05299417E9F885A642C88EF6029" -" ipv6=[2a00:1c20:4089:1234:cdae:1b3e:cc38:3d45]:443" -/* nickname=jaures2 */ -/* extrainfo=0 */ -/* ===== */ -, "128.31.0.13:80 orport=443 id=A53C46F5B157DD83366D45A8E99A244934A14C46" /* nickname=csailmitexit */ /* extrainfo=0 */ /* ===== */ , -"94.142.242.84:80 orport=443 id=AA0D167E03E298F9A8CD50F448B81FBD7FA80D56" -" ipv6=[2a02:898:24:84::1]:443" -/* nickname=rejozenger */ +"185.246.152.22:9030 orport=443 id=A86EC24F5B8B964F67AC7C27CE92842025983274" +/* nickname=angeltest19 */ /* extrainfo=0 */ /* ===== */ , -"195.154.164.243:80 orport=443 id=AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C" -" ipv6=[2001:bc8:399f:f000::1]:993" -/* nickname=torpidsFRonline3 */ +"163.172.149.122:80 orport=443 id=A9406A006D6E7B5DA30F2C6D4E42A338B5E340B2" +/* nickname=niij03 */ /* extrainfo=0 */ /* ===== */ , -"86.59.119.88:80 orport=443 id=ACD889D86E02EDDAB1AFD81F598C0936238DC6D0" -" ipv6=[2001:858:2:30:86:59:119:88]:443" -/* nickname=ph3x */ +"176.10.107.180:9030 orport=9001 id=AC2BEDD0BAC72838EA7E6F113F856C4E8018ACDB" +/* nickname=schokomilch */ /* extrainfo=0 */ /* ===== */ , @@ -602,12 +549,6 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"188.40.128.246:9030 orport=9001 id=AD19490C7DBB26D3A68EFC824F67E69B0A96E601" -" ipv6=[2a01:4f8:221:1ac1:dead:beef:7005:9001]:9001" -/* nickname=sputnik */ -/* extrainfo=0 */ -/* ===== */ -, "31.185.104.20:80 orport=443 id=ADB2C26629643DBB9F8FE0096E7D16F9414B4F8D" /* nickname=Digitalcourage3ip2 */ /* extrainfo=0 */ @@ -636,14 +577,19 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , +"199.249.230.64:80 orport=443 id=B2197C23A4FF5D1C49EE45BA7688BA8BCCD89A0B" +" ipv6=[2620:7:6001::ffff:c759:e640]:80" +/* nickname=Quintex41 */ +/* extrainfo=0 */ +/* ===== */ +, "136.243.214.137:80 orport=443 id=B291D30517D23299AD7CEE3E60DFE60D0E3A4664" /* nickname=TorKIT */ /* extrainfo=0 */ /* ===== */ , -"193.234.15.60:80 orport=443 id=B44FBE5366AD98B46D829754FA4AC599BAE41A6A" -" ipv6=[2a00:1c20:4089:1234:67bc:79f3:61c0:6e49]:443" -/* nickname=jaures3 */ +"212.47.233.86:9030 orport=9001 id=B4CAFD9CBFB34EC5DAAC146920DC7DFAFE91EA20" +/* nickname=netimanmu */ /* extrainfo=0 */ /* ===== */ , @@ -652,14 +598,8 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"81.2.209.10:443 orport=80 id=B6904ADD4C0D10CDA7179E051962350A69A63243" -" ipv6=[2001:15e8:201:1::d10a]:80" -/* nickname=torzabehlice */ -/* extrainfo=0 */ -/* ===== */ -, -"185.220.101.32:10032 orport=20032 id=B771AA877687F88E6F1CA5354756DF6C8A7B6B24" -/* nickname=niftypika */ +"51.38.134.104:9030 orport=443 id=B57A87009FA838471FB2227DDE68165AB2A2FCC4" +/* nickname=angeltest5 */ /* extrainfo=0 */ /* ===== */ , @@ -679,6 +619,22 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=1 */ /* ===== */ , +"51.15.179.153:110 orport=995 id=BB60F5BA113A0B8B44B7B37DE3567FE561E92F78" +/* nickname=Casper04 */ +/* extrainfo=0 */ +/* ===== */ +, +"198.96.155.3:8080 orport=5001 id=BCEDF6C193AA687AE471B8A22EBF6BC57C2D285E" +/* nickname=gurgle */ +/* extrainfo=0 */ +/* ===== */ +, +"128.199.55.207:9030 orport=9001 id=BCEF908195805E03E92CCFE669C48738E556B9C5" +" ipv6=[2a03:b0c0:2:d0::158:3001]:9001" +/* nickname=EldritchReaper */ +/* extrainfo=0 */ +/* ===== */ +, "213.141.138.174:9030 orport=9001 id=BD552C165E2ED2887D3F1CCE9CFF155DDA2D86E6" /* nickname=Schakalium */ /* extrainfo=0 */ @@ -690,8 +646,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"104.192.5.248:9030 orport=443 id=BF735F669481EE1CCC348F0731551C933D1E2278" -/* nickname=Freeway1a1 */ +"212.47.233.250:9030 orport=9001 id=BF735F669481EE1CCC348F0731551C933D1E2278" +" ipv6=[2001:bc8:4400:2b00::1c:629]:9001" +/* nickname=FreewaySca */ /* extrainfo=0 */ /* ===== */ , @@ -701,8 +658,8 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"185.220.101.6:10006 orport=20006 id=C08DE49658E5B3CFC6F2A952B453C4B608C9A16A" -/* nickname=niftyvolcanorabbit */ +"132.248.241.5:9130 orport=9101 id=C0C4F339046EB824999F711D178472FDF53BE7F5" +/* nickname=toritounam2 */ /* extrainfo=0 */ /* ===== */ , @@ -711,20 +668,9 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"213.239.217.18:1338 orport=1337 id=C37BC191AC389179674578C3E6944E925FE186C2" -" ipv6=[2a01:4f8:a0:746a:101:1:1:1]:1337" -/* nickname=xzdsb */ -/* extrainfo=0 */ -/* ===== */ -, -"188.138.112.60:1433 orport=1521 id=C414F28FD2BEC1553024299B31D4E726BEB8E788" -/* nickname=zebra620 */ -/* extrainfo=0 */ -/* ===== */ -, -"193.234.15.55:80 orport=443 id=C4AEA05CF380BAD2230F193E083B8869B4A29937" -" ipv6=[2a00:1c20:4089:1234:7b2c:11c5:5221:903e]:443" -/* nickname=bakunin4 */ +"50.7.74.170:9030 orport=9001 id=C36A434DB54C66E1A97A5653858CE36024352C4D" +" ipv6=[2001:49f0:d002:2::59]:443" +/* nickname=theia9 */ /* extrainfo=0 */ /* ===== */ , @@ -745,34 +691,37 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"85.25.213.211:465 orport=80 id=CE47F0356D86CF0A1A2008D97623216D560FB0A8" -/* nickname=BeastieJoy61 */ +"51.254.147.57:80 orport=443 id=D15AFF44BE641368B958A32FB6B071AC2136B8B1" +/* nickname=Cosworth01 */ /* extrainfo=0 */ /* ===== */ , -"46.38.237.221:9030 orport=9001 id=D30E9D4D639068611D6D96861C95C2099140B805" -/* nickname=mine */ +"50.7.74.172:80 orport=443 id=D1AFBF3117B308B6D1A7AA762B1315FD86A6B8AF" +" ipv6=[2001:49f0:d002:2::52]:443" +/* nickname=theia2 */ /* extrainfo=0 */ /* ===== */ , -"5.45.111.149:80 orport=443 id=D405FCCF06ADEDF898DF2F29C9348DCB623031BA" -" ipv6=[2a03:4000:6:2388:df98:15f9:b34d:443]:443" -/* nickname=gGDHjdcC6zAlM8k08lY */ +"62.141.38.69:9030 orport=443 id=D379A1CB8285748FFF64AE94296CA89878F25B22" +" ipv6=[2001:4ba0:cafe:ac5::1]:443" +/* nickname=angeltest3 */ /* extrainfo=0 */ /* ===== */ , -"37.187.115.157:9030 orport=9001 id=D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A" -/* nickname=Janky328891 */ +"5.45.111.149:80 orport=443 id=D405FCCF06ADEDF898DF2F29C9348DCB623031BA" +" ipv6=[2a03:4000:6:2388:df98:15f9:b34d:443]:443" +/* nickname=gGDHjdcC6zAlM8k08lY */ /* extrainfo=0 */ /* ===== */ , -"217.182.51.248:80 orport=443 id=D6BA940D3255AB40DC5EE5B0B285FA143E1F9865" -/* nickname=Cosworth02 */ +"50.7.74.174:80 orport=443 id=D50101A2ABD09DC245F7E96C0818D003CDD62351" +" ipv6=[2001:49f0:d002:2::56]:443" +/* nickname=theia6 */ /* extrainfo=0 */ /* ===== */ , -"185.34.33.2:9265 orport=31415 id=D71B1CA1C9DC7E8CA64158E106AD770A21160FEE" -/* nickname=lqdn */ +"37.187.115.157:9030 orport=9001 id=D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A" +/* nickname=Janky328891 */ /* extrainfo=0 */ /* ===== */ , @@ -792,6 +741,11 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , +"176.158.236.102:9030 orport=9001 id=DC163DDEF4B6F0C6BC226F9F6656A5A30C5C5686" +/* nickname=Underworld */ +/* extrainfo=0 */ +/* ===== */ +, "178.33.183.251:80 orport=443 id=DD823AFB415380A802DCAEB9461AE637604107FB" " ipv6=[2001:41d0:2:a683::251]:443" /* nickname=grenouille */ @@ -804,18 +758,17 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"83.212.99.68:80 orport=443 id=DDBB2A38252ADDA53E4492DDF982CA6CC6E10EC0" -" ipv6=[2001:648:2ffc:1225:a800:bff:fe3d:67b5]:443" -/* nickname=zouzounella */ -/* extrainfo=0 */ -/* ===== */ -, "92.222.38.67:80 orport=443 id=DED6892FF89DBD737BA689698A171B2392EB3E82" " ipv6=[2001:41d0:52:100::112a]:443" /* nickname=ThorExit */ /* extrainfo=0 */ /* ===== */ , +"166.70.207.2:9130 orport=9101 id=E41B16F7DDF52EBB1DB4268AB2FE340B37AD8904" +/* nickname=xmission1 */ +/* extrainfo=0 */ +/* ===== */ +, "185.100.86.182:9030 orport=8080 id=E51620B90DCB310138ED89EDEDD0A5C361AAE24E" /* nickname=NormalCitizen */ /* extrainfo=0 */ @@ -826,17 +779,30 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"51.254.147.57:80 orport=443 id=EB80A8D52F07238B576C42CEAB98ADD084EE075E" -/* nickname=Cosworth01 */ +"185.4.132.148:80 orport=443 id=E8D114B3C78D8E6E7FEB1004650DD632C2143C9E" +" ipv6=[2a02:c500:2:f0::5492]:443" +/* nickname=libreonion1 */ /* extrainfo=0 */ /* ===== */ , +"131.188.40.188:1443 orport=80 id=EBE718E1A49EE229071702964F8DB1F318075FF8" +" ipv6=[2001:638:a000:4140::ffff:188]:80" +/* nickname=fluxe4 */ +/* extrainfo=1 */ +/* ===== */ +, "192.87.28.28:9030 orport=9001 id=ED2338CAC2711B3E331392E1ED2831219B794024" " ipv6=[2001:678:230:3028:192:87:28:28]:9001" /* nickname=SEC6xFreeBSD64 */ /* extrainfo=0 */ /* ===== */ , +"37.252.187.111:9030 orport=443 id=EE4AF632058F0734C1426B1AD689F47445CA2056" +" ipv6=[2a00:63c1:c:111::2]:443" +/* nickname=angeltest7 */ +/* extrainfo=0 */ +/* ===== */ +, "217.182.75.181:9030 orport=9001 id=EFEACD781604EB80FBC025EDEDEA2D523AEAAA2F" /* nickname=Aerodynamik02 */ /* extrainfo=0 */ @@ -847,27 +813,20 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=0 */ /* ===== */ , -"129.13.131.140:80 orport=443 id=F2DFE5FA1E4CF54F8E761A6D304B9B4EC69BDAE8" -" ipv6=[2a00:1398:5:f604:cafe:cafe:cafe:9001]:443" -/* nickname=AlleKochenKaffee */ -/* extrainfo=0 */ -/* ===== */ -, "37.187.102.108:80 orport=443 id=F4263275CF54A6836EE7BD527B1328836A6F06E1" " ipv6=[2001:41d0:a:266c::1]:443" /* nickname=EvilMoe */ /* extrainfo=0 */ /* ===== */ , -"192.160.102.168:80 orport=9001 id=F6A358DD367B3282D6EF5824C9D45E1A19C7E815" -" ipv6=[2620:132:300c:c01d::8]:9002" -/* nickname=prawksi */ +"5.199.142.236:9030 orport=9001 id=F4C0EDAA0BF0F7EC138746F8FEF1CE26C7860265" +/* nickname=tornodenumber9004 */ /* extrainfo=0 */ /* ===== */ , -"163.172.154.162:9030 orport=9001 id=F741E5124CB12700DA946B78C9B2DD175D6CD2A1" -" ipv6=[2001:bc8:4400:2100::17:419]:9001" -/* nickname=rofltor06 */ +"192.160.102.168:80 orport=9001 id=F6A358DD367B3282D6EF5824C9D45E1A19C7E815" +" ipv6=[2620:132:300c:c01d::8]:9002" +/* nickname=prawksi */ /* extrainfo=0 */ /* ===== */ , @@ -877,25 +836,21 @@ URL: https:onionoo.torproject.orguptime?first_seen_days90-&flagV2Dir&typerelay&l /* extrainfo=1 */ /* ===== */ , -"178.254.19.101:80 orport=443 id=F9246DEF2B653807236DA134F2AEAB103D58ABFE" -/* nickname=Freebird31 */ -/* extrainfo=1 */ -/* ===== */ -, "185.96.180.29:80 orport=443 id=F93D8F37E35C390BCAD9F9069E13085B745EC216" +" ipv6=[2a00:4820::185:96:180:29]:443" /* nickname=TykRelay06 */ /* extrainfo=0 */ /* ===== */ , -"86.59.119.83:80 orport=443 id=FC9AC8EA0160D88BCCFDE066940D7DD9FA45495B" -" ipv6=[2001:858:2:30:86:59:119:83]:443" -/* nickname=ph3x */ -/* extrainfo=0 */ -/* ===== */ -, "149.56.45.200:9030 orport=9001 id=FE296180018833AF03A8EACD5894A614623D3F76" " ipv6=[2607:5300:201:3000::17d3]:9002" /* nickname=PyotrTorpotkinOne */ /* extrainfo=0 */ /* ===== */ , +"193.11.164.243:9030 orport=9001 id=FFA72BD683BC2FCF988356E6BEC1E490F313FB07" +" ipv6=[2001:6b0:7:125::243]:9001" +/* nickname=Lule */ +/* extrainfo=0 */ +/* ===== */ +, diff --git a/src/app/main/main.c b/src/app/main/main.c index c45c87d8d2..67f2181cd5 100644 --- a/src/app/main/main.c +++ b/src/app/main/main.c @@ -577,6 +577,7 @@ tor_init(int argc, char *argv[]) if (!strcmp(cl->key, "--version") || !strcmp(cl->key, "--digests") || !strcmp(cl->key, "--list-torrc-options") || !strcmp(cl->key, "--library-versions") || + !strcmp(cl->key, "--list-modules") || !strcmp(cl->key, "--hash-password") || !strcmp(cl->key, "-h") || !strcmp(cl->key, "--help")) { if (quiet < 1) diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in index 8d56b0896b..c2ae707e93 100644 --- a/src/config/torrc.sample.in +++ b/src/config/torrc.sample.in @@ -1,5 +1,5 @@ ## Configuration file for a typical Tor user -## Last updated 22 December 2017 for Tor 0.3.2.8-rc. +## Last updated 28 February 2019 for Tor 0.3.5.1-alpha. ## (may or may not work for much older or much newer versions of Tor.) ## ## Lines that begin with "## " try to explain what's going on. Lines @@ -172,14 +172,25 @@ ## Note: do not use MyFamily on bridge relays. #MyFamily $keyid,$keyid,... -## Uncomment this if you do *not* want your relay to allow any exit traffic. -## (Relays allow exit traffic by default.) -#ExitRelay 0 +## Uncomment this if you want your relay to be an exit, with the default +## exit policy (or whatever exit policy you set below). +## (If ReducedExitPolicy or ExitPolicy are set, relays are exits. +## If neither exit policy option is set, relays are non-exits.) +#ExitRelay 1 ## Uncomment this if you want your relay to allow IPv6 exit traffic. -## (Relays only allow IPv4 exit traffic by default.) +## You must also set ExitRelay, ReducedExitPolicy, or ExitPolicy to make your +## relay into an exit. +## (Relays do not allow any exit traffic by default.) #IPv6Exit 1 +## Uncomment this if you want your relay to be an exit, with a reduced set +## of exit ports. +#ReducedExitPolicy 1 + +## Uncomment these lines if you want your relay to be an exit, with the +## specified set of exit IPs and ports. +## ## A comma-separated list of exit policies. They're considered first ## to last, and the first match wins. ## diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index 7b8dc7f364..2f03d919ab 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -182,7 +182,7 @@ static const char *connection_proxy_state_to_string(int state); static int connection_read_https_proxy_response(connection_t *conn); static void connection_send_socks5_connect(connection_t *conn); static const char *proxy_type_to_string(int proxy_type); -static int get_proxy_type(void); +static int conn_get_proxy_type(const connection_t *conn); const tor_addr_t *conn_get_outbound_address(sa_family_t family, const or_options_t *options, unsigned int conn_type); static void reenable_blocked_connection_init(const or_options_t *options); @@ -2260,18 +2260,27 @@ connection_proxy_state_to_string(int state) return states[state]; } -/** Returns the global proxy type used by tor. Use this function for - * logging or high-level purposes, don't use it to fill the +/** Returns the proxy type used by tor for a single connection, for + * logging or high-level purposes. Don't use it to fill the * <b>proxy_type</b> field of or_connection_t; use the actual proxy * protocol instead.*/ static int -get_proxy_type(void) +conn_get_proxy_type(const connection_t *conn) { const or_options_t *options = get_options(); - if (options->ClientTransportPlugin) - return PROXY_PLUGGABLE; - else if (options->HTTPSProxy) + if (options->ClientTransportPlugin) { + /* If we have plugins configured *and* this addr/port is a known bridge + * with a transport, then we should be PROXY_PLUGGABLE. */ + const transport_t *transport = NULL; + int r; + r = get_transport_by_bridge_addrport(&conn->addr, conn->port, &transport); + if (r == 0 && transport) + return PROXY_PLUGGABLE; + } + + /* In all other cases, we're using a global proxy. */ + if (options->HTTPSProxy) return PROXY_CONNECT; else if (options->Socks4Proxy) return PROXY_SOCKS4; @@ -2358,7 +2367,7 @@ connection_proxy_connect(connection_t *conn, int type) arguments to transmit. If we do, compress all arguments to a single string in 'socks_args_string': */ - if (get_proxy_type() == PROXY_PLUGGABLE) { + if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) { socks_args_string = pt_get_socks_args_for_proxy_addrport(&conn->addr, conn->port); if (socks_args_string) @@ -2418,7 +2427,7 @@ connection_proxy_connect(connection_t *conn, int type) Socks5ProxyUsername or if we want to pass arguments to our pluggable transport proxy: */ if ((options->Socks5ProxyUsername) || - (get_proxy_type() == PROXY_PLUGGABLE && + (conn_get_proxy_type(conn) == PROXY_PLUGGABLE && (get_socks_args_by_bridge_addrport(&conn->addr, conn->port)))) { /* number of auth methods */ buf[1] = 2; @@ -2611,16 +2620,16 @@ connection_read_proxy_handshake(connection_t *conn) const char *user, *pass; char *socks_args_string = NULL; - if (get_proxy_type() == PROXY_PLUGGABLE) { + if (conn_get_proxy_type(conn) == PROXY_PLUGGABLE) { socks_args_string = pt_get_socks_args_for_proxy_addrport(&conn->addr, conn->port); if (!socks_args_string) { - log_warn(LD_NET, "Could not create SOCKS args string."); + log_warn(LD_NET, "Could not create SOCKS args string for PT."); ret = -1; break; } - log_debug(LD_NET, "SOCKS5 arguments: %s", socks_args_string); + log_debug(LD_NET, "PT SOCKS5 arguments: %s", socks_args_string); tor_assert(strlen(socks_args_string) > 0); tor_assert(strlen(socks_args_string) <= MAX_SOCKS5_AUTH_SIZE_TOTAL); @@ -3759,6 +3768,10 @@ connection_buf_read_from_socket(connection_t *conn, ssize_t *max_to_read, if (conn->linked_conn) { result = buf_move_to_buf(conn->inbuf, conn->linked_conn->outbuf, &conn->linked_conn->outbuf_flushlen); + if (BUG(result<0)) { + log_warn(LD_BUG, "reading from linked connection buffer failed."); + return -1; + } } else { result = 0; } diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c index a83d54ed37..91a424728d 100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@ -1637,7 +1637,19 @@ channel_tls_process_padding_negotiate_cell(cell_t *cell, channel_tls_t *chan) } /** - * Process a 'netinfo' cell. + * Helper: compute the absolute value of a time_t. + * + * (we need this because labs() doesn't always work for time_t, since + * long can be shorter than time_t.) + */ +static inline time_t +time_abs(time_t val) +{ + return (val < 0) ? -val : val; +} + +/** + * Process a 'netinfo' cell * * This function is called to handle an incoming NETINFO cell; read and act * on its contents, and set the connection state to "open". @@ -1654,7 +1666,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) time_t now = time(NULL); const routerinfo_t *me = router_get_my_routerinfo(); - long apparent_skew = 0; + time_t apparent_skew = 0; tor_addr_t my_apparent_addr = TOR_ADDR_NULL; int started_here = 0; const char *identity_digest = NULL; @@ -1721,7 +1733,11 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) /* Decode the cell. */ timestamp = ntohl(get_uint32(cell->payload)); - if (labs(now - chan->conn->handshake_state->sent_versions_at) < 180) { + const time_t sent_versions_at = + chan->conn->handshake_state->sent_versions_at; + if (now > sent_versions_at && (now - sent_versions_at) < 180) { + /* If we have gotten the NETINFO cell reasonably soon after having + * sent our VERSIONS cell, maybe we can learn skew information from it. */ apparent_skew = now - timestamp; } @@ -1801,7 +1817,7 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) /* Act on apparent skew. */ /** Warn when we get a netinfo skew with at least this value. */ #define NETINFO_NOTICE_SKEW 3600 - if (labs(apparent_skew) > NETINFO_NOTICE_SKEW && + if (time_abs(apparent_skew) > NETINFO_NOTICE_SKEW && (started_here || connection_or_digest_is_known_relay(chan->conn->identity_digest))) { int trusted = router_digest_is_trusted_dir(chan->conn->identity_digest); diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c index 02bfa15fb3..000a7c36da 100644 --- a/src/core/or/circuituse.c +++ b/src/core/or/circuituse.c @@ -3066,6 +3066,12 @@ circuit_change_purpose(circuit_t *circ, uint8_t new_purpose) circ->purpose, circuit_purpose_to_string(new_purpose), new_purpose); + + /* Take specific actions if we are repurposing a hidden service circuit. */ + if (circuit_purpose_is_hidden_service(circ->purpose) && + !circuit_purpose_is_hidden_service(new_purpose)) { + hs_circ_cleanup(circ); + } } old_purpose = circ->purpose; diff --git a/src/ext/getdelim.c b/src/ext/getdelim.c index 8254103ff9..1c29baffd9 100644 --- a/src/ext/getdelim.c +++ b/src/ext/getdelim.c @@ -67,7 +67,8 @@ compat_getdelim_(char **buf, size_t *bufsiz, int delimiter, FILE *fp) char *nbuf; size_t nbufsiz = *bufsiz * 2; ssize_t d = ptr - *buf; - if ((nbuf = raw_realloc(*buf, nbufsiz)) == NULL) + if (nbufsiz < *bufsiz || + (nbuf = raw_realloc(*buf, nbufsiz)) == NULL) return -1; *buf = nbuf; *bufsiz = nbufsiz; diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c index e543289ce0..15ec830594 100644 --- a/src/feature/client/entrynodes.c +++ b/src/feature/client/entrynodes.c @@ -3300,6 +3300,9 @@ num_bridges_usable,(int use_maybe_reachable)) } SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) { + /* Not a bridge, or not one we are configured to be able to use. */ + if (! guard->is_filtered_guard) + continue; /* Definitely not usable */ if (guard->is_reachable == GUARD_REACHABLE_NO) continue; diff --git a/src/feature/dirauth/authmode.h b/src/feature/dirauth/authmode.h index 40a89c7397..876a1f947b 100644 --- a/src/feature/dirauth/authmode.h +++ b/src/feature/dirauth/authmode.h @@ -27,6 +27,8 @@ authdir_mode_v3(const or_options_t *options) return authdir_mode(options) && options->V3AuthoritativeDir != 0; } +#define have_module_dirauth() (1) + #else /* HAVE_MODULE_DIRAUTH */ #define authdir_mode(options) (((void)(options)),0) @@ -37,6 +39,8 @@ authdir_mode_v3(const or_options_t *options) #define authdir_mode_bridge(options) (((void)(options)),0) #define authdir_mode_v3(options) (((void)(options)),0) +#define have_module_dirauth() (0) + #endif /* HAVE_MODULE_DIRAUTH */ #endif /* TOR_MODE_H */ diff --git a/src/feature/dirauth/dirvote.c b/src/feature/dirauth/dirvote.c index 5e426b0f86..af8b3dc207 100644 --- a/src/feature/dirauth/dirvote.c +++ b/src/feature/dirauth/dirvote.c @@ -322,10 +322,10 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, "known-flags %s\n" "flag-thresholds %s\n" "params %s\n" + "%s" /* bandwidth file headers */ "dir-source %s %s %s %s %d %d\n" "contact %s\n" "%s" /* shared randomness information */ - "%s" /* bandwidth file headers */ , v3_ns->type == NS_TYPE_VOTE ? "vote" : "opinion", methods, @@ -338,13 +338,12 @@ format_networkstatus_vote(crypto_pk_t *private_signing_key, flags, flag_thresholds, params, + bw_headers_line ? bw_headers_line : "", voter->nickname, fingerprint, voter->address, fmt_addr32(addr), voter->dir_port, voter->or_port, voter->contact, shared_random_vote_str ? - shared_random_vote_str : "", - bw_headers_line ? - bw_headers_line : ""); + shared_random_vote_str : ""); tor_free(params); tor_free(flags); diff --git a/src/feature/dircommon/consdiff.c b/src/feature/dircommon/consdiff.c index 785205cb6f..d0f7594ce3 100644 --- a/src/feature/dircommon/consdiff.c +++ b/src/feature/dircommon/consdiff.c @@ -1385,7 +1385,7 @@ consensus_diff_apply(const char *consensus, r1 = consensus_compute_digest_as_signed(consensus, &d1); if (BUG(r1 < 0)) - return NULL; // LCOV_EXCL_LINE + goto done; lines1 = smartlist_new(); lines2 = smartlist_new(); diff --git a/src/feature/dirparse/routerparse.c b/src/feature/dirparse/routerparse.c index a819302631..e44fbf77f9 100644 --- a/src/feature/dirparse/routerparse.c +++ b/src/feature/dirparse/routerparse.c @@ -556,6 +556,9 @@ router_parse_entry_from_string(const char *s, const char *end, if ((tok = find_opt_by_keyword(tokens, A_PURPOSE))) { tor_assert(tok->n_args); router->purpose = router_purpose_from_string(tok->args[0]); + if (router->purpose == ROUTER_PURPOSE_UNKNOWN) { + goto err; + } } else { router->purpose = ROUTER_PURPOSE_GENERAL; } diff --git a/src/feature/hs/hs_cell.c b/src/feature/hs/hs_cell.c index 597982b34e..613ffe7260 100644 --- a/src/feature/hs/hs_cell.c +++ b/src/feature/hs/hs_cell.c @@ -161,11 +161,12 @@ parse_introduce2_encrypted(const uint8_t *decrypted_data, } if (trn_cell_introduce_encrypted_get_onion_key_type(enc_cell) != - HS_CELL_ONION_KEY_TYPE_NTOR) { + TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR) { log_info(LD_REND, "INTRODUCE2 onion key type is invalid. Got %u but " "expected %u on circuit %u for service %s", trn_cell_introduce_encrypted_get_onion_key_type(enc_cell), - HS_CELL_ONION_KEY_TYPE_NTOR, TO_CIRCUIT(circ)->n_circ_id, + TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR, + TO_CIRCUIT(circ)->n_circ_id, safe_str_client(service->onion_address)); goto err; } @@ -258,7 +259,7 @@ introduce1_set_encrypted_onion_key(trn_cell_introduce_encrypted_t *cell, tor_assert(onion_pk); /* There is only one possible key type for a non legacy cell. */ trn_cell_introduce_encrypted_set_onion_key_type(cell, - HS_CELL_ONION_KEY_TYPE_NTOR); + TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR); trn_cell_introduce_encrypted_set_onion_key_len(cell, CURVE25519_PUBKEY_LEN); trn_cell_introduce_encrypted_setlen_onion_key(cell, CURVE25519_PUBKEY_LEN); memcpy(trn_cell_introduce_encrypted_getarray_onion_key(cell), onion_pk, @@ -442,7 +443,8 @@ introduce1_set_auth_key(trn_cell_introduce1_t *cell, tor_assert(cell); tor_assert(data); /* There is only one possible type for a non legacy cell. */ - trn_cell_introduce1_set_auth_key_type(cell, HS_INTRO_AUTH_KEY_TYPE_ED25519); + trn_cell_introduce1_set_auth_key_type(cell, + TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519); trn_cell_introduce1_set_auth_key_len(cell, ED25519_PUBKEY_LEN); trn_cell_introduce1_setlen_auth_key(cell, ED25519_PUBKEY_LEN); memcpy(trn_cell_introduce1_getarray_auth_key(cell), @@ -515,7 +517,7 @@ hs_cell_build_establish_intro(const char *circ_nonce, /* Set AUTH_KEY_TYPE: 2 means ed25519 */ trn_cell_establish_intro_set_auth_key_type(cell, - HS_INTRO_AUTH_KEY_TYPE_ED25519); + TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519); /* Set AUTH_KEY and AUTH_KEY_LEN field. Must also set byte-length of * AUTH_KEY to match */ @@ -882,9 +884,9 @@ hs_cell_parse_introduce_ack(const uint8_t *payload, size_t payload_len) * do a special case. */ if (payload_len <= 1) { if (payload_len == 0) { - ret = HS_CELL_INTRO_ACK_SUCCESS; + ret = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS; } else { - ret = HS_CELL_INTRO_ACK_FAILURE; + ret = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID; } goto end; } diff --git a/src/feature/hs/hs_cell.h b/src/feature/hs/hs_cell.h index abdaba4fba..9569de535e 100644 --- a/src/feature/hs/hs_cell.h +++ b/src/feature/hs/hs_cell.h @@ -16,19 +16,6 @@ * 3.2.2 of the specification). Below this value, the cell must be padded. */ #define HS_CELL_INTRODUCE1_MIN_SIZE 246 -/* Status code of an INTRODUCE_ACK cell. */ -typedef enum { - HS_CELL_INTRO_ACK_SUCCESS = 0x0000, /* Cell relayed to service. */ - HS_CELL_INTRO_ACK_FAILURE = 0x0001, /* Service ID not recognized */ - HS_CELL_INTRO_ACK_BADFMT = 0x0002, /* Bad message format */ - HS_CELL_INTRO_ACK_NORELAY = 0x0003, /* Can't relay cell to service */ -} hs_cell_introd_ack_status_t; - -/* Onion key type found in the INTRODUCE1 cell. */ -typedef enum { - HS_CELL_ONION_KEY_TYPE_NTOR = 1, -} hs_cell_onion_key_type_t; - /* This data structure contains data that we need to build an INTRODUCE1 cell * used by the INTRODUCE1 build function. */ typedef struct hs_cell_introduce1_data_t { diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c index bd43ef6132..2a5765aec2 100644 --- a/src/feature/hs/hs_client.c +++ b/src/feature/hs/hs_client.c @@ -47,6 +47,8 @@ * public key to hs_client_service_authorization_t *. */ static digest256map_t *client_auths = NULL; +#include "trunnel/hs/cell_introduce1.h" + /* Return a human-readable string for the client fetch status code. */ static const char * fetch_status_to_string(hs_client_fetch_status_t status) @@ -1067,23 +1069,21 @@ handle_introduce_ack(origin_circuit_t *circ, const uint8_t *payload, status = hs_cell_parse_introduce_ack(payload, payload_len); switch (status) { - case HS_CELL_INTRO_ACK_SUCCESS: + case TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS: ret = 0; handle_introduce_ack_success(circ); goto end; - case HS_CELL_INTRO_ACK_FAILURE: - case HS_CELL_INTRO_ACK_BADFMT: - case HS_CELL_INTRO_ACK_NORELAY: + case TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID: + case TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT: + /* It is possible that the intro point can send us an unknown status code + * for the NACK that we do not know about like a new code for instance. + * Just fallthrough so we can note down the NACK and re-extend. */ + default: handle_introduce_ack_bad(circ, status); /* We are going to see if we have to close the circuits (IP and RP) or we * can re-extend to a new intro point. */ ret = close_or_reextend_intro_circ(circ); break; - default: - log_info(LD_PROTOCOL, "Unknown INTRODUCE_ACK status code %u from %s", - status, - safe_str_client(extend_info_describe(circ->build_state->chosen_exit))); - break; } end: diff --git a/src/feature/hs/hs_intropoint.c b/src/feature/hs/hs_intropoint.c index b28a5c2b80..7717ed53d4 100644 --- a/src/feature/hs/hs_intropoint.c +++ b/src/feature/hs/hs_intropoint.c @@ -78,7 +78,7 @@ verify_establish_intro_cell(const trn_cell_establish_intro_t *cell, /* We only reach this function if the first byte of the cell is 0x02 which * means that auth_key_type is of ed25519 type, hence this check should * always pass. See hs_intro_received_establish_intro(). */ - if (BUG(cell->auth_key_type != HS_INTRO_AUTH_KEY_TYPE_ED25519)) { + if (BUG(cell->auth_key_type != TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519)) { return -1; } @@ -318,10 +318,10 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, * ESTABLISH_INTRO and pass it to the appropriate cell handler */ const uint8_t first_byte = request[0]; switch (first_byte) { - case HS_INTRO_AUTH_KEY_TYPE_LEGACY0: - case HS_INTRO_AUTH_KEY_TYPE_LEGACY1: + case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0: + case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1: return rend_mid_establish_intro_legacy(circ, request, request_len); - case HS_INTRO_AUTH_KEY_TYPE_ED25519: + case TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519: return handle_establish_intro(circ, request, request_len); default: log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, @@ -339,7 +339,7 @@ hs_intro_received_establish_intro(or_circuit_t *circ, const uint8_t *request, * Return 0 on success else a negative value on error which will close the * circuit. */ static int -send_introduce_ack_cell(or_circuit_t *circ, hs_intro_ack_status_t status) +send_introduce_ack_cell(or_circuit_t *circ, uint16_t status) { int ret = -1; uint8_t *encoded_cell = NULL; @@ -399,7 +399,7 @@ validate_introduce1_parsed_cell(const trn_cell_introduce1_t *cell) /* The auth key of an INTRODUCE1 should be of type ed25519 thus leading to a * known fixed length as well. */ if (trn_cell_introduce1_get_auth_key_type(cell) != - HS_INTRO_AUTH_KEY_TYPE_ED25519) { + TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Rejecting invalid INTRODUCE1 cell auth key type. " "Responding with NACK."); @@ -436,7 +436,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, int ret = -1; or_circuit_t *service_circ; trn_cell_introduce1_t *parsed_cell; - hs_intro_ack_status_t status = HS_INTRO_ACK_STATUS_SUCCESS; + uint16_t status = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS; tor_assert(client_circ); tor_assert(request); @@ -451,14 +451,14 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, "Rejecting %s INTRODUCE1 cell. Responding with NACK.", cell_size == -1 ? "invalid" : "truncated"); /* Inform client that the INTRODUCE1 has a bad format. */ - status = HS_INTRO_ACK_STATUS_BAD_FORMAT; + status = TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT; goto send_ack; } /* Once parsed validate the cell format. */ if (validate_introduce1_parsed_cell(parsed_cell) < 0) { /* Inform client that the INTRODUCE1 has bad format. */ - status = HS_INTRO_ACK_STATUS_BAD_FORMAT; + status = TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT; goto send_ack; } @@ -475,7 +475,7 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, "Responding with NACK.", safe_str(b64_key), client_circ->p_circ_id); /* Inform the client that we don't know the requested service ID. */ - status = HS_INTRO_ACK_STATUS_UNKNOWN_ID; + status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID; goto send_ack; } } @@ -486,13 +486,14 @@ handle_introduce1(or_circuit_t *client_circ, const uint8_t *request, RELAY_COMMAND_INTRODUCE2, (char *) request, request_len, NULL)) { log_warn(LD_PROTOCOL, "Unable to send INTRODUCE2 cell to the service."); - /* Inform the client that we can't relay the cell. */ - status = HS_INTRO_ACK_STATUS_CANT_RELAY; + /* Inform the client that we can't relay the cell. Use the unknown ID + * status code since it means that we do not know the service. */ + status = TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID; goto send_ack; } /* Success! Send an INTRODUCE_ACK success status onto the client circuit. */ - status = HS_INTRO_ACK_STATUS_SUCCESS; + status = TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS; ret = 0; send_ack: diff --git a/src/feature/hs/hs_intropoint.h b/src/feature/hs/hs_intropoint.h index 659a9ad052..e82575f052 100644 --- a/src/feature/hs/hs_intropoint.h +++ b/src/feature/hs/hs_intropoint.h @@ -12,21 +12,6 @@ #include "lib/crypt_ops/crypto_curve25519.h" #include "feature/nodelist/torcert.h" -/* Authentication key type in an ESTABLISH_INTRO cell. */ -typedef enum { - HS_INTRO_AUTH_KEY_TYPE_LEGACY0 = 0x00, - HS_INTRO_AUTH_KEY_TYPE_LEGACY1 = 0x01, - HS_INTRO_AUTH_KEY_TYPE_ED25519 = 0x02, -} hs_intro_auth_key_type_t; - -/* INTRODUCE_ACK status code. */ -typedef enum { - HS_INTRO_ACK_STATUS_SUCCESS = 0x0000, - HS_INTRO_ACK_STATUS_UNKNOWN_ID = 0x0001, - HS_INTRO_ACK_STATUS_BAD_FORMAT = 0x0002, - HS_INTRO_ACK_STATUS_CANT_RELAY = 0x0003, -} hs_intro_ack_status_t; - /* Object containing introduction point common data between the service and * the client side. */ typedef struct hs_intropoint_t { diff --git a/src/feature/nodelist/routerlist.c b/src/feature/nodelist/routerlist.c index 4a99427cd6..456f930aa3 100644 --- a/src/feature/nodelist/routerlist.c +++ b/src/feature/nodelist/routerlist.c @@ -2856,7 +2856,7 @@ int router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2) { time_t r1pub, r2pub; - long time_difference; + time_t time_difference; tor_assert(r1 && r2); /* r1 should be the one that was published first. */ @@ -2920,7 +2920,9 @@ router_differences_are_cosmetic(const routerinfo_t *r1, const routerinfo_t *r2) * give or take some slop? */ r1pub = r1->cache_info.published_on; r2pub = r2->cache_info.published_on; - time_difference = labs(r2->uptime - (r1->uptime + (r2pub - r1pub))); + time_difference = r2->uptime - (r1->uptime + (r2pub - r1pub)); + if (time_difference < 0) + time_difference = - time_difference; if (time_difference > ROUTER_ALLOW_UPTIME_DRIFT && time_difference > r1->uptime * .05 && time_difference > r2->uptime * .05) diff --git a/src/feature/relay/dns.c b/src/feature/relay/dns.c index d3660c47ef..cc9f4cf490 100644 --- a/src/feature/relay/dns.c +++ b/src/feature/relay/dns.c @@ -2130,7 +2130,8 @@ dns_cache_handle_oom(time_t now, size_t min_remove_bytes) current_size -= bytes_removed; total_bytes_removed += bytes_removed; - time_inc += 3600; /* Increase time_inc by 1 hour. */ + /* Increase time_inc by a reasonable fraction. */ + time_inc += (MAX_DNS_TTL_AT_EXIT / 4); } while (total_bytes_removed < min_remove_bytes); return total_bytes_removed; diff --git a/src/feature/relay/routerkeys.c b/src/feature/relay/routerkeys.c index 876f908d41..f639fc91e7 100644 --- a/src/feature/relay/routerkeys.c +++ b/src/feature/relay/routerkeys.c @@ -188,7 +188,7 @@ load_ed_keys(const or_options_t *options, time_t now) /* Check/Create the key directory */ if (create_keys_directory(options) < 0) - return -1; + goto err; char *fname; if (options->master_key_fname) { diff --git a/src/lib/container/buffers.c b/src/lib/container/buffers.c index bda4245049..67887f2f30 100644 --- a/src/lib/container/buffers.c +++ b/src/lib/container/buffers.c @@ -283,7 +283,7 @@ buf_t * buf_new_with_data(const char *cp, size_t sz) { /* Validate arguments */ - if (!cp || sz <= 0) { + if (!cp || sz <= 0 || sz >= INT_MAX) { return NULL; } @@ -657,7 +657,7 @@ buf_move_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen) char b[4096]; size_t cp, len; - if (BUG(buf_out->datalen >= INT_MAX)) + if (BUG(buf_out->datalen >= INT_MAX || *buf_flushlen >= INT_MAX)) return -1; if (BUG(buf_out->datalen >= INT_MAX - *buf_flushlen)) return -1; @@ -689,6 +689,10 @@ buf_move_all(buf_t *buf_out, buf_t *buf_in) tor_assert(buf_out); if (!buf_in) return; + if (BUG(buf_out->datalen >= INT_MAX || buf_in->datalen >= INT_MAX)) + return; + if (BUG(buf_out->datalen >= INT_MAX - buf_in->datalen)) + return; if (buf_out->head == NULL) { buf_out->head = buf_in->head; @@ -756,6 +760,7 @@ buf_find_pos_of_char(char ch, buf_pos_t *out) static inline int buf_pos_inc(buf_pos_t *pos) { + tor_assert(pos->pos < INT_MAX - 1); ++pos->pos; if (pos->pos == (off_t)pos->chunk->datalen) { if (!pos->chunk->next) @@ -836,6 +841,7 @@ buf_find_offset_of_char(buf_t *buf, char ch) { chunk_t *chunk; off_t offset = 0; + tor_assert(buf->datalen < INT_MAX); for (chunk = buf->head; chunk; chunk = chunk->next) { char *cp = memchr(chunk->data, ch, chunk->datalen); if (cp) @@ -905,6 +911,7 @@ buf_assert_ok(buf_t *buf) for (ch = buf->head; ch; ch = ch->next) { total += ch->datalen; tor_assert(ch->datalen <= ch->memlen); + tor_assert(ch->datalen < INT_MAX); tor_assert(ch->data >= &ch->mem[0]); tor_assert(ch->data <= &ch->mem[0]+ch->memlen); if (ch->data == &ch->mem[0]+ch->memlen) { diff --git a/src/lib/crypt_ops/crypto_openssl_mgt.c b/src/lib/crypt_ops/crypto_openssl_mgt.c index 60e4ea795e..c97815f9a4 100644 --- a/src/lib/crypt_ops/crypto_openssl_mgt.c +++ b/src/lib/crypt_ops/crypto_openssl_mgt.c @@ -213,6 +213,14 @@ crypto_openssl_early_init(void) !strcmp(version_str, OPENSSL_VERSION_TEXT)) { log_info(LD_CRYPTO, "OpenSSL version matches version from headers " "(%lx: %s).", version_num, version_str); + } else if ((version_num & 0xffff0000) == + (OPENSSL_VERSION_NUMBER & 0xffff0000)) { + log_notice(LD_CRYPTO, + "We compiled with OpenSSL %lx: %s and we " + "are running with OpenSSL %lx: %s. " + "These two versions should be binary compatible.", + (unsigned long)OPENSSL_VERSION_NUMBER, OPENSSL_VERSION_TEXT, + version_num, version_str); } else { log_warn(LD_CRYPTO, "OpenSSL version from headers does not match the " "version we're running with. If you get weird crashes, that " diff --git a/src/lib/log/util_bug.c b/src/lib/log/util_bug.c index f42d2d2ab4..c65a91ae9e 100644 --- a/src/lib/log/util_bug.c +++ b/src/lib/log/util_bug.c @@ -19,6 +19,7 @@ #include "lib/string/printf.h" #include <string.h> +#include <stdlib.h> #ifdef TOR_UNIT_TESTS static void (*failed_assertion_cb)(void) = NULL; @@ -120,6 +121,19 @@ tor_bug_occurred_(const char *fname, unsigned int line, #endif } +/** + * Call the abort() function to kill the current process with a fatal + * error. + * + * (This is a separate function so that we declare it in util_bug.h without + * including stdlib in all the users of util_bug.h) + **/ +void +tor_abort_(void) +{ + abort(); +} + #ifdef _WIN32 /** Take a filename and return a pointer to its final element. This * function is called on __FILE__ to fix a MSVC nit where __FILE__ diff --git a/src/lib/log/util_bug.h b/src/lib/log/util_bug.h index 18d40bbf39..2a4d68127e 100644 --- a/src/lib/log/util_bug.h +++ b/src/lib/log/util_bug.h @@ -99,7 +99,7 @@ if (ASSERT_PREDICT_LIKELY_(expr)) { \ } else { \ tor_assertion_failed_(SHORT_FILE__, __LINE__, __func__, #expr); \ - abort(); \ + tor_abort_(); \ } STMT_END #endif /* defined(TOR_UNIT_TESTS) && defined(DISABLE_ASSERTS_IN_UNIT_TESTS) */ @@ -107,7 +107,7 @@ STMT_BEGIN { \ tor_assertion_failed_(SHORT_FILE__, __LINE__, __func__, \ "line should be unreached"); \ - abort(); \ + tor_abort_(); \ } STMT_END /* Non-fatal bug assertions. The "unreached" variants mean "this line should @@ -141,7 +141,7 @@ #define BUG(cond) \ (ASSERT_PREDICT_UNLIKELY_(cond) ? \ (tor_assertion_failed_(SHORT_FILE__,__LINE__,__func__,"!("#cond")"), \ - abort(), 1) \ + tor_abort_(), 1) \ : 0) #elif defined(TOR_UNIT_TESTS) && defined(DISABLE_ASSERTS_IN_UNIT_TESTS) #define tor_assert_nonfatal_unreached() STMT_NIL @@ -226,6 +226,8 @@ void tor_bug_occurred_(const char *fname, unsigned int line, const char *func, const char *expr, int once); +void tor_abort_(void) ATTR_NORETURN; + #ifdef _WIN32 #define SHORT_FILE__ (tor_fix_source_file(__FILE__)) const char *tor_fix_source_file(const char *fname); diff --git a/src/lib/net/address.c b/src/lib/net/address.c index 28c8e3f50f..a2d234b742 100644 --- a/src/lib/net/address.c +++ b/src/lib/net/address.c @@ -236,9 +236,18 @@ tor_addr_make_null(tor_addr_t *a, sa_family_t family) a->family = family; } -/** Return true iff <b>ip</b> is an IP reserved to localhost or local networks - * in RFC1918 or RFC4193 or RFC4291. (fec0::/10, deprecated by RFC3879, is - * also treated as internal for now.) +/** Return true iff <b>ip</b> is an IP reserved to localhost or local networks. + * + * If <b>ip</b> is in RFC1918 or RFC4193 or RFC4291, we will return true. + * (fec0::/10, deprecated by RFC3879, is also treated as internal for now + * and will return true.) + * + * If <b>ip</b> is 0.0.0.0 or 100.64.0.0/10 (RFC6598), we will act as: + * - Internal if <b>for_listening</b> is 0, as these addresses are not + * routable on the internet and we won't be publicly accessible to clients. + * - External if <b>for_listening</b> is 1, as clients could connect to us + * from the internet (in the case of 0.0.0.0) or a service provider's + * internal network (in the case of RFC6598). */ int tor_addr_is_internal_(const tor_addr_t *addr, int for_listening, @@ -286,11 +295,13 @@ tor_addr_is_internal_(const tor_addr_t *addr, int for_listening, return 0; } else if (v_family == AF_INET) { - if (for_listening && !iph4) /* special case for binding to 0.0.0.0 */ + /* special case for binding to 0.0.0.0 or 100.64/10 (RFC6598) */ + if (for_listening && (!iph4 || ((iph4 & 0xffc00000) == 0x64400000))) return 0; if (((iph4 & 0xff000000) == 0x0a000000) || /* 10/8 */ ((iph4 & 0xff000000) == 0x00000000) || /* 0/8 */ ((iph4 & 0xff000000) == 0x7f000000) || /* 127/8 */ + ((iph4 & 0xffc00000) == 0x64400000) || /* 100.64/10 */ ((iph4 & 0xffff0000) == 0xa9fe0000) || /* 169.254/16 */ ((iph4 & 0xfff00000) == 0xac100000) || /* 172.16/12 */ ((iph4 & 0xffff0000) == 0xc0a80000)) /* 192.168/16 */ diff --git a/src/lib/string/printf.c b/src/lib/string/printf.c index 415d4ac4a7..a5cb71ce09 100644 --- a/src/lib/string/printf.c +++ b/src/lib/string/printf.c @@ -131,14 +131,24 @@ tor_vasprintf(char **strp, const char *fmt, va_list args) * characters we need. We give it a try on a short buffer first, since * it might be nice to avoid the second vsnprintf call. */ + /* XXXX This code spent a number of years broken (see bug 30651). It is + * possible that no Tor users actually run on systems without vasprintf() or + * _vscprintf(). If so, we should consider removing this code. */ char buf[128]; int len, r; va_list tmp_args; va_copy(tmp_args, args); - /* vsnprintf() was properly checked but tor_vsnprintf() available so - * why not use it? */ - len = tor_vsnprintf(buf, sizeof(buf), fmt, tmp_args); + /* Use vsnprintf to retrieve needed length. tor_vsnprintf() is not an + * option here because it will simply return -1 if buf is not large enough + * to hold the complete string. + */ + len = vsnprintf(buf, sizeof(buf), fmt, tmp_args); va_end(tmp_args); + buf[sizeof(buf) - 1] = '\0'; + if (len < 0) { + *strp = NULL; + return -1; + } if (len < (int)sizeof(buf)) { *strp = tor_strdup(buf); return len; diff --git a/src/lib/time/compat_time.c b/src/lib/time/compat_time.c index 3d1ffa7af4..98854bad2c 100644 --- a/src/lib/time/compat_time.c +++ b/src/lib/time/compat_time.c @@ -519,7 +519,7 @@ monotime_init_internal(void) HANDLE h = load_windows_system_library(TEXT("kernel32.dll")); if (h) { - GetTickCount64_fn = (GetTickCount64_fn_t) + GetTickCount64_fn = (GetTickCount64_fn_t) (void(*)(void)) GetProcAddress(h, "GetTickCount64"); } // FreeLibrary(h) ? diff --git a/src/lib/tls/tortls_nss.c b/src/lib/tls/tortls_nss.c index 00c4af0e97..3c62e98df1 100644 --- a/src/lib/tls/tortls_nss.c +++ b/src/lib/tls/tortls_nss.c @@ -152,6 +152,32 @@ we_like_auth_type(SSLAuthType at) } } +/** + * Return true iff this ciphersuite will be hit by a mozilla bug 1312976, + * which makes TLS key exporters not work with TLS 1.2 non-SHA256 + * ciphersuites. + **/ +static bool +ciphersuite_has_nss_export_bug(const SSLCipherSuiteInfo *info) +{ + /* For more information on the bug, see + https://bugzilla.mozilla.org/show_bug.cgi?id=1312976 */ + + /* This bug only exists in TLS 1.2. */ + if (info->authType == ssl_auth_tls13_any) + return false; + + /* Sadly, there's no way to get this information from the + * CipherSuiteInfo object itself other than by looking at the + * name. */ + if (strstr(info->cipherSuiteName, "_SHA384") || + strstr(info->cipherSuiteName, "_SHA512")) { + return true; + } + + return false; +} + tor_tls_context_t * tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client) @@ -256,6 +282,12 @@ tor_tls_context_new(crypto_pk_t *identity, !we_like_mac_algorithm(info.macAlgorithm) || !we_like_auth_type(info.authType)/* Requires NSS 3.24 */; + if (ciphersuite_has_nss_export_bug(&info)) { + /* SSL_ExportKeyingMaterial will fail; we can't use this cipher. + */ + disable = 1; + } + s = SSL_CipherPrefSet(ctx->ctx, ciphers[i], disable ? PR_FALSE : PR_TRUE); if (s != SECSuccess) @@ -726,10 +758,18 @@ tor_tls_export_key_material,(tor_tls_t *tls, uint8_t *secrets_out, tor_assert(context_len <= UINT_MAX); SECStatus s; + /* Make sure that the error code is set here, so that we can be sure that + * any error code set after a failure was in fact caused by + * SSL_ExportKeyingMaterial. */ + PR_SetError(PR_UNKNOWN_ERROR, 0); s = SSL_ExportKeyingMaterial(tls->ssl, label, (unsigned)strlen(label), PR_TRUE, context, (unsigned)context_len, secrets_out, DIGEST256_LEN); + if (s != SECSuccess) { + tls_log_errors(tls, LOG_WARN, LD_CRYPTO, + "exporting key material for a TLS handshake"); + } return (s == SECSuccess) ? 0 : -1; } diff --git a/src/test/test_addr.c b/src/test/test_addr.c index 985f43b3fa..8868edce25 100644 --- a/src/test/test_addr.c +++ b/src/test/test_addr.c @@ -1189,6 +1189,23 @@ test_addr_make_null(void *data) tor_free(zeros); } +#define TEST_ADDR_INTERNAL(a, for_listening, rv) STMT_BEGIN \ + tor_addr_t t; \ + tt_int_op(tor_inet_pton(AF_INET, a, &t.addr.in_addr), OP_EQ, 1); \ + t.family = AF_INET; \ + tt_int_op(tor_addr_is_internal(&t, for_listening), OP_EQ, rv); \ + STMT_END; + +static void +test_addr_rfc6598(void *arg) +{ + (void)arg; + TEST_ADDR_INTERNAL("100.64.0.1", 0, 1); + TEST_ADDR_INTERNAL("100.64.0.1", 1, 0); + done: + ; +} + #define ADDR_LEGACY(name) \ { #name, test_addr_ ## name , 0, NULL, NULL } @@ -1203,5 +1220,6 @@ struct testcase_t addr_tests[] = { { "sockaddr_to_str", test_addr_sockaddr_to_str, 0, NULL, NULL }, { "is_loopback", test_addr_is_loopback, 0, NULL, NULL }, { "make_null", test_addr_make_null, 0, NULL, NULL }, + { "rfc6598", test_addr_rfc6598, 0, NULL, NULL }, END_OF_TESTCASES }; diff --git a/src/test/test_config.c b/src/test/test_config.c index c342d8cca4..0de6b12919 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -4568,16 +4568,14 @@ test_config_parse_port_config__ports__ports_given(void *data) "127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS); tt_int_op(ret, OP_EQ, -1); - // TODO: this seems wrong. Shouldn't it be the other way around? - // Potential bug. - // Test failure for a SessionGroup argument with valid value but with stream - // options allowed + // Test failure for a SessionGroup argument with valid value but with no + // stream options allowed config_free_lines(config_port_invalid); config_port_invalid = NULL; SMARTLIST_FOREACH(slout,port_cfg_t *,pf,port_cfg_free(pf)); smartlist_clear(slout); config_port_invalid = mock_config_line("DNSPort", "42 SessionGroup=123"); ret = parse_port_config(slout, config_port_invalid, "DNS", 0, - "127.0.0.44", 0, 0); + "127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS); tt_int_op(ret, OP_EQ, -1); // Test failure for more than one SessionGroup argument @@ -4587,7 +4585,7 @@ test_config_parse_port_config__ports__ports_given(void *data) config_port_invalid = mock_config_line("DNSPort", "42 SessionGroup=123 " "SessionGroup=321"); ret = parse_port_config(slout, config_port_invalid, "DNS", 0, - "127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS); + "127.0.0.44", 0, 0); tt_int_op(ret, OP_EQ, -1); // Test success with a sessiongroup options @@ -4596,7 +4594,7 @@ test_config_parse_port_config__ports__ports_given(void *data) smartlist_clear(slout); config_port_valid = mock_config_line("DNSPort", "42 SessionGroup=1111122"); ret = parse_port_config(slout, config_port_valid, "DNS", 0, - "127.0.0.44", 0, CL_PORT_NO_STREAM_OPTIONS); + "127.0.0.44", 0, 0); tt_int_op(ret, OP_EQ, 0); tt_int_op(smartlist_len(slout), OP_EQ, 1); port_cfg = (port_cfg_t *)smartlist_get(slout, 0); diff --git a/src/test/test_hs_cell.c b/src/test/test_hs_cell.c index 0c93f593ce..f8af631c8b 100644 --- a/src/test/test_hs_cell.c +++ b/src/test/test_hs_cell.c @@ -50,7 +50,7 @@ test_gen_establish_intro_cell(void *arg) /* Check the contents of the cell */ { /* First byte is the auth key type: make sure its correct */ - tt_int_op(buf[0], OP_EQ, HS_INTRO_AUTH_KEY_TYPE_ED25519); + tt_int_op(buf[0], OP_EQ, TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519); /* Next two bytes is auth key len */ tt_int_op(ntohs(get_uint16(buf+1)), OP_EQ, ED25519_PUBKEY_LEN); /* Skip to the number of extensions: no extensions */ diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c index 660f21ffd8..558fc32c54 100644 --- a/src/test/test_hs_intropoint.c +++ b/src/test/test_hs_intropoint.c @@ -140,7 +140,7 @@ helper_create_introduce1_cell(void) { size_t auth_key_len = sizeof(auth_key_kp.pubkey); trn_cell_introduce1_set_auth_key_type(cell, - HS_INTRO_AUTH_KEY_TYPE_ED25519); + TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519); trn_cell_introduce1_set_auth_key_len(cell, auth_key_len); trn_cell_introduce1_setlen_auth_key(cell, auth_key_len); uint8_t *auth_key_ptr = trn_cell_introduce1_getarray_auth_key(cell); @@ -751,7 +751,7 @@ test_introduce1_validation(void *arg) ret = validate_introduce1_parsed_cell(cell); tt_int_op(ret, OP_EQ, -1); /* Reset is to correct value and make sure it's correct. */ - cell->auth_key_type = HS_INTRO_AUTH_KEY_TYPE_ED25519; + cell->auth_key_type = TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519; ret = validate_introduce1_parsed_cell(cell); tt_int_op(ret, OP_EQ, 0); diff --git a/src/trunnel/hs/cell_introduce1.c b/src/trunnel/hs/cell_introduce1.c index 358b355cda..53b3d299f2 100644 --- a/src/trunnel/hs/cell_introduce1.c +++ b/src/trunnel/hs/cell_introduce1.c @@ -50,6 +50,7 @@ trn_cell_introduce1_new(void) trn_cell_introduce1_t *val = trunnel_calloc(1, sizeof(trn_cell_introduce1_t)); if (NULL == val) return NULL; + val->auth_key_type = TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519; return val; } @@ -121,7 +122,7 @@ trn_cell_introduce1_get_auth_key_type(const trn_cell_introduce1_t *inp) int trn_cell_introduce1_set_auth_key_type(trn_cell_introduce1_t *inp, uint8_t val) { - if (! ((val == 0 || val == 1 || val == 2))) { + if (! ((val == TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519 || val == TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0 || val == TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1))) { TRUNNEL_SET_ERROR_CODE(inp); return -1; } @@ -295,7 +296,7 @@ trn_cell_introduce1_check(const trn_cell_introduce1_t *obj) return "Object was NULL"; if (obj->trunnel_error_code_) return "A set function failed on this object"; - if (! (obj->auth_key_type == 0 || obj->auth_key_type == 1 || obj->auth_key_type == 2)) + if (! (obj->auth_key_type == TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519 || obj->auth_key_type == TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0 || obj->auth_key_type == TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1)) return "Integer out of bounds"; if (TRUNNEL_DYNARRAY_LEN(&obj->auth_key) != obj->auth_key_len) return "Length mismatch for auth_key"; @@ -319,7 +320,7 @@ trn_cell_introduce1_encoded_len(const trn_cell_introduce1_t *obj) /* Length of u8 legacy_key_id[TRUNNEL_SHA1_LEN] */ result += TRUNNEL_SHA1_LEN; - /* Length of u8 auth_key_type IN [0, 1, 2] */ + /* Length of u8 auth_key_type IN [TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519, TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0, TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1] */ result += 1; /* Length of u16 auth_key_len */ @@ -367,7 +368,7 @@ trn_cell_introduce1_encode(uint8_t *output, const size_t avail, const trn_cell_i memcpy(ptr, obj->legacy_key_id, TRUNNEL_SHA1_LEN); written += TRUNNEL_SHA1_LEN; ptr += TRUNNEL_SHA1_LEN; - /* Encode u8 auth_key_type IN [0, 1, 2] */ + /* Encode u8 auth_key_type IN [TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519, TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0, TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1] */ trunnel_assert(written <= avail); if (avail - written < 1) goto truncated; @@ -451,11 +452,11 @@ trn_cell_introduce1_parse_into(trn_cell_introduce1_t *obj, const uint8_t *input, memcpy(obj->legacy_key_id, ptr, TRUNNEL_SHA1_LEN); remaining -= TRUNNEL_SHA1_LEN; ptr += TRUNNEL_SHA1_LEN; - /* Parse u8 auth_key_type IN [0, 1, 2] */ + /* Parse u8 auth_key_type IN [TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519, TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0, TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1] */ CHECK_REMAINING(1, truncated); obj->auth_key_type = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; - if (! (obj->auth_key_type == 0 || obj->auth_key_type == 1 || obj->auth_key_type == 2)) + if (! (obj->auth_key_type == TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519 || obj->auth_key_type == TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0 || obj->auth_key_type == TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1)) goto fail; /* Parse u16 auth_key_len */ @@ -550,10 +551,6 @@ trn_cell_introduce_ack_get_status(const trn_cell_introduce_ack_t *inp) int trn_cell_introduce_ack_set_status(trn_cell_introduce_ack_t *inp, uint16_t val) { - if (! ((val == 0 || val == 1 || val == 2))) { - TRUNNEL_SET_ERROR_CODE(inp); - return -1; - } inp->status = val; return 0; } @@ -587,8 +584,6 @@ trn_cell_introduce_ack_check(const trn_cell_introduce_ack_t *obj) return "Object was NULL"; if (obj->trunnel_error_code_) return "A set function failed on this object"; - if (! (obj->status == 0 || obj->status == 1 || obj->status == 2)) - return "Integer out of bounds"; { const char *msg; if (NULL != (msg = trn_cell_extension_check(obj->extensions))) @@ -606,7 +601,7 @@ trn_cell_introduce_ack_encoded_len(const trn_cell_introduce_ack_t *obj) return -1; - /* Length of u16 status IN [0, 1, 2] */ + /* Length of u16 status */ result += 2; /* Length of struct trn_cell_extension extensions */ @@ -638,7 +633,7 @@ trn_cell_introduce_ack_encode(uint8_t *output, const size_t avail, const trn_cel trunnel_assert(encoded_len >= 0); #endif - /* Encode u16 status IN [0, 1, 2] */ + /* Encode u16 status */ trunnel_assert(written <= avail); if (avail - written < 2) goto truncated; @@ -687,12 +682,10 @@ trn_cell_introduce_ack_parse_into(trn_cell_introduce_ack_t *obj, const uint8_t * ssize_t result = 0; (void)result; - /* Parse u16 status IN [0, 1, 2] */ + /* Parse u16 status */ CHECK_REMAINING(2, truncated); obj->status = trunnel_ntohs(trunnel_get_uint16(ptr)); remaining -= 2; ptr += 2; - if (! (obj->status == 0 || obj->status == 1 || obj->status == 2)) - goto fail; /* Parse struct trn_cell_extension extensions */ result = trn_cell_extension_parse(&obj->extensions, ptr, remaining); @@ -708,9 +701,6 @@ trn_cell_introduce_ack_parse_into(trn_cell_introduce_ack_t *obj, const uint8_t * relay_fail: trunnel_assert(result < 0); return result; - fail: - result = -1; - return result; } ssize_t @@ -733,7 +723,7 @@ trn_cell_introduce_encrypted_new(void) trn_cell_introduce_encrypted_t *val = trunnel_calloc(1, sizeof(trn_cell_introduce_encrypted_t)); if (NULL == val) return NULL; - val->onion_key_type = 1; + val->onion_key_type = TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR; return val; } @@ -837,7 +827,7 @@ trn_cell_introduce_encrypted_get_onion_key_type(const trn_cell_introduce_encrypt int trn_cell_introduce_encrypted_set_onion_key_type(trn_cell_introduce_encrypted_t *inp, uint8_t val) { - if (! ((val == 1))) { + if (! ((val == TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR))) { TRUNNEL_SET_ERROR_CODE(inp); return -1; } @@ -1079,7 +1069,7 @@ trn_cell_introduce_encrypted_check(const trn_cell_introduce_encrypted_t *obj) if (NULL != (msg = trn_cell_extension_check(obj->extensions))) return msg; } - if (! (obj->onion_key_type == 1)) + if (! (obj->onion_key_type == TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR)) return "Integer out of bounds"; if (TRUNNEL_DYNARRAY_LEN(&obj->onion_key) != obj->onion_key_len) return "Length mismatch for onion_key"; @@ -1112,7 +1102,7 @@ trn_cell_introduce_encrypted_encoded_len(const trn_cell_introduce_encrypted_t *o /* Length of struct trn_cell_extension extensions */ result += trn_cell_extension_encoded_len(obj->extensions); - /* Length of u8 onion_key_type IN [1] */ + /* Length of u8 onion_key_type IN [TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR] */ result += 1; /* Length of u16 onion_key_len */ @@ -1176,7 +1166,7 @@ trn_cell_introduce_encrypted_encode(uint8_t *output, const size_t avail, const t goto fail; /* XXXXXXX !*/ written += result; ptr += result; - /* Encode u8 onion_key_type IN [1] */ + /* Encode u8 onion_key_type IN [TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR] */ trunnel_assert(written <= avail); if (avail - written < 1) goto truncated; @@ -1280,11 +1270,11 @@ trn_cell_introduce_encrypted_parse_into(trn_cell_introduce_encrypted_t *obj, con trunnel_assert((size_t)result <= remaining); remaining -= result; ptr += result; - /* Parse u8 onion_key_type IN [1] */ + /* Parse u8 onion_key_type IN [TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR] */ CHECK_REMAINING(1, truncated); obj->onion_key_type = (trunnel_get_uint8(ptr)); remaining -= 1; ptr += 1; - if (! (obj->onion_key_type == 1)) + if (! (obj->onion_key_type == TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR)) goto fail; /* Parse u16 onion_key_len */ diff --git a/src/trunnel/hs/cell_introduce1.h b/src/trunnel/hs/cell_introduce1.h index fa218adc6d..986a531ca7 100644 --- a/src/trunnel/hs/cell_introduce1.h +++ b/src/trunnel/hs/cell_introduce1.h @@ -12,6 +12,13 @@ struct trn_cell_extension_st; struct link_specifier_st; #define TRUNNEL_SHA1_LEN 20 #define TRUNNEL_REND_COOKIE_LEN 20 +#define TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS 0 +#define TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID 1 +#define TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT 2 +#define TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0 0 +#define TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1 1 +#define TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519 2 +#define TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR 1 #if !defined(TRUNNEL_OPAQUE) && !defined(TRUNNEL_OPAQUE_TRN_CELL_INTRODUCE1) struct trn_cell_introduce1_st { uint8_t legacy_key_id[TRUNNEL_SHA1_LEN]; diff --git a/src/trunnel/hs/cell_introduce1.trunnel b/src/trunnel/hs/cell_introduce1.trunnel index 574382b163..5911c695a2 100644 --- a/src/trunnel/hs/cell_introduce1.trunnel +++ b/src/trunnel/hs/cell_introduce1.trunnel @@ -12,13 +12,28 @@ extern struct link_specifier; const TRUNNEL_SHA1_LEN = 20; const TRUNNEL_REND_COOKIE_LEN = 20; +/* Introduce ACK status code. */ +const TRUNNEL_HS_INTRO_ACK_STATUS_SUCCESS = 0x0000; +const TRUNNEL_HS_INTRO_ACK_STATUS_UNKNOWN_ID = 0x0001; +const TRUNNEL_HS_INTRO_ACK_STATUS_BAD_FORMAT = 0x0002; + +/* Authentication key type. */ +const TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0 = 0x00; +const TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1 = 0x01; +const TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519 = 0x02; + +/* Onion key type. */ +const TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR = 0x01; + /* INTRODUCE1 payload. See details in section 3.2.1. */ struct trn_cell_introduce1 { /* Always zeroed. MUST be checked explicitly by the caller. */ u8 legacy_key_id[TRUNNEL_SHA1_LEN]; /* Authentication key material. */ - u8 auth_key_type IN [0x00, 0x01, 0x02]; + u8 auth_key_type IN [TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY0, + TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_LEGACY1, + TRUNNEL_HS_INTRO_AUTH_KEY_TYPE_ED25519]; u16 auth_key_len; u8 auth_key[auth_key_len]; @@ -32,7 +47,7 @@ struct trn_cell_introduce1 { /* INTRODUCE_ACK payload. See details in section 3.2.2. */ struct trn_cell_introduce_ack { /* Status of introduction. */ - u16 status IN [0x0000, 0x0001, 0x0002]; + u16 status; /* Extension(s). Reserved fields. */ struct trn_cell_extension extensions; @@ -47,7 +62,7 @@ struct trn_cell_introduce_encrypted { struct trn_cell_extension extensions; /* Onion key material. */ - u8 onion_key_type IN [0x01]; + u8 onion_key_type IN [TRUNNEL_HS_INTRO_ONION_KEY_TYPE_NTOR]; u16 onion_key_len; u8 onion_key[onion_key_len]; |