Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
In https://gitlab.torproject.org/tpo/core/tor/-/issues/40623, we changed the
DESTROY propogation to ensure memory was freed quickly at relays. This was a
good move, but it exacerbates the condition where a stream is closed on a
circuit, and then it is immediately closed because it is dirty. This creates a
race between the DESTROY and the last data sent on the stream. This race is
visible in shadow, and does happen.
This could be backported. A better solution to these kinds of problems is to
create an ENDED cell, and not close any circuits until the ENDED comes back.
But this will also require thinking, since this ENDED cell can also get lost,
so some kind of timeout may be needed either way. The ENDED cell could just
allow us to have much longer timeouts for this case.
|
|
This adds utility functions to help stream block decisions, as well as cpath
layer_hint checks for stream cell acceptance, and syncing stream lists
for conflux circuits.
These functions are then called throughout the codebase to properly manage
conflux streams.
|
|
Because UNLINKED circuits must never be used for streams, but LINKED circuits
can be, we want these separate.
|
|
|
|
This change mitigates DNS-based website oracles by making the time that
a domain name is cached uncertain (+- 4 minutes of what's measurable).
Resolves TROVE-2021-009.
Fixes #40674
|
|
Adds either ipv4 or ipv6 to the "tor_relay_connections_total" stats.
Closes #40710
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This change ensures that other parts of the code base always operate on
the same clipped TTL values, notably without being aware of clipping.
|
|
After nickm's review, minor changes to names and comments.
Related to #40194
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Related to #40194
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Related to #40194
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This means that at this commit, tor will stop logging that v2 is
deprecated and treat a v2 address as a bad hostname that we can't use.
Part of #40476
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
This effectively turns off the ability of tor to use HSv2 as a client by
invalidating the v2 onion hostname passed through a SOCKS request.
Part of #40476
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
See: tpo/core/tor#17659
|
|
|
|
|
|
Closes #40474
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Closes #40474
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
The connection_ap_attach_pending() function processes all pending
streams in the pending_entry_connections list. It first copy the pointer
and then allocates a brand new empty list.
It then iterates over that copy pointer to try to attach entry
connections onto any fitting circuits using
connection_ap_handshake_attach_circuit().
That very function, for onion service, can lead to flagging _all_
streams of the same onion service to be put in state RENDDESC_WAIT from
CIRCUIT_WAIT. By doing so, it also tries to remove them from the
pending_entry_connections but at that point it is already empty.
Problem is that the we are iterating over the previous
pending_entry_connections which contains the streams that have just
changed state and are no longer in CIRCUIT_WAIT.
This lead to this bug warning occuring a lot on busy services:
May 01 08:55:43.000 [warn] connection_ap_attach_pending(): Bug:
0x55d8764ae550 is no longer in circuit_wait. Its current state is
waiting for rendezvous desc. Why is it on pending_entry_connections?
(on Tor 0.4.4.0-alpha-dev )
This fix is minimal and basically allow a state to be not CIRCUIT_WAIT
and move on to the next one without logging a warning. Because the
pending_entry_connections is emptied before processing, there is no
chance for a streams to be stuck there forever thus it is OK to ignore
streams not in the right state.
Fixes #34083
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Since we no longer use stream SENDMEs for congestion control, we must now use
time to decide when data should stop arriving on a half-closed stream.
|
|
Fixes #40421
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
Welcome back ONION_V2_HOSTNAME! :)
|
|
Clients now check whether their streams are attempting to re-enter
the Tor network (i.e. to send Tor traffic over Tor), and they close
them preemptively if they think exit relays will refuse them.
See bug 2667 for details. Resolves ticket 40271.
|
|
|
|
Now that v2 is off the table, 'rend_cache_lookup_result' is useless in
connection_ap_handle_onion() because it can only take the ENOENT value. Let's
remove that helper variable and handle the ENOENT case specifically when we
check the cache.
Also remove the 'onion_address' helper variable.
|
|
It's all v3 now.
Preparation for fixing CID 1473232.
|
|
This is unfortunately massive but both functionalities were extremely
intertwined and it would have required us to actually change the HSv2 code in
order to be able to split this into multiple commits.
After this commit, there are still artefacts of v2 in the code but there is no
more support for service, intro point and HSDir.
The v2 support for rendezvous circuit is still available since that code is
the same for the v3 and we will leave it in so if a client is able to
rendezvous on v2 then it can still transfer traffic. Once the entire network
has moved away from v2, we can remove v2 rendezvous point support.
Related to #40266
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Related to #40266
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
|
|
The TORPROTOCOL reason causes the client to close the circuit which is not
what we want because other valid streams might be on it.
Instead, CONNECTION_REFUSED will leave it open but will not allow more streams
to be attached to it. The client then open a new circuit to the destination.
Closes #40270
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Any lookup now will be certain and not probabilistic as the bloomfilter.
Closes #40269
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Obey the "allow-network-reentry" consensus parameters in order to decide to
allow it or not at the Exit.
Closes #40268
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Exit relays now reject exit attempts to known relay addresses + ORPort and
also to authorities on the ORPort and DirPort.
Closes #2667
Signed-off-by: David Goulet <dgoulet@torproject.org>
|