| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
The goal of this patch is to add an additional mechanism for adjusting
PoW effort upwards, where clients rather than services can choose to
solve their puzzles at a higher effort than what was suggested in the
descriptor.
I wanted to use hs_cache's existing unreachability stats to drive this
effort bump, but this revealed some cases where a circuit (intro or
rend) closed early on can end up in hs_cache with an all zero intro
point key, where nobody will find it. This moves intro_auth_pk
initialization earlier in a couple places and adds nonfatal asserts to
catch the problem if it shows up elsewhere.
The actual effort adjustment method I chose is to multiply the suggested
effort by (1 + unresponsive_count), then ensure the result is at least
1. If a service has suggested effort of 0 but we fail to connect,
retries will all use an effort of 1. If the suggestion was 50, we'll try
50, 100, 150, 200, etc. This is bounded both by our client effort limit
and by the limit on unresponsive_count (currently 5).
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
|
|
|
|
|
|
|
|
|
|
This is unfortunately massive but both functionalities were extremely
intertwined and it would have required us to actually change the HSv2 code in
order to be able to split this into multiple commits.
After this commit, there are still artefacts of v2 in the code but there is no
more support for service, intro point and HSDir.
The v2 support for rendezvous circuit is still available since that code is
the same for the v3 and we will leave it in so if a client is able to
rendezvous on v2 then it can still transfer traffic. Once the entire network
has moved away from v2, we can remove v2 rendezvous point support.
Related to #40266
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
|
|
|
|
Some days before this commit, the network experienced a DDoS on the directory
authorities that prevented them to generate a consensus for more than 5 hours
straight.
That in turn entirely disabled onion service v3, client and service side, due
to the subsystem requiring a live consensus to function properly.
We know require a reasonably live consensus which means that the HSv3
subsystem will to its job for using the best consensus tor can find. If the
entire network is using an old consensus, than this should be alright.
If the service happens to use a live consensus while a client is not, it
should still work because the client will use the current SRV it sees which
might be the previous SRV for the service for which it still publish
descriptors for.
If the service is using an old one and somehow can't get a new one while
clients are on a new one, then reachability issues might arise. However, this
is a situation we already have at the moment since the service will simply not
work if it doesn't have a live consensus while a client has one.
Fixes #40237
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Typos found with codespell.
Please keep in mind that this should have impact on actual code
and must be carefully evaluated:
src/core/or/lttng_circuit.inc
- ctf_enum_value("CONTROLER", CIRCUIT_PURPOSE_CONTROLLER)
+ ctf_enum_value("CONTROLLER", CIRCUIT_PURPOSE_CONTROLLER)
|
|
In practice, there will be at most one ipv4 address and ipv6 address
for now, but this code is designed to not care which address is
which until forced to do so.
This patch does not yet actually create extend_info_t objects with
multiple addresses.
Closes #34069.
|
|
|
|
|
|
Add an inline helper function that indicates if the cached object contains a
decrypted descriptor or not.
The descriptor object is NULL if tor is unable to decrypt it (lacking client
authorization) and some actions need to be done only when we have a decrypted
object.
This improves code semantic.
Fixes #33458
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
And also disallow all-zeroes keys from the filesystem; add a test for it too.
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Add an inline helper function that indicates if the cached object contains a
decrypted descriptor or not.
The descriptor object is NULL if tor is unable to decrypt it (lacking client
authorization) and some actions need to be done only when we have a decrypted
object.
This improves code semantic.
Fixes #33458
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Fixes #33139.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
|
|
This is an automated commit, generated by this command:
./scripts/maint/rename_c_identifier.py \
EXPOSE_CLEAN_BACKTRACE BACKTRACE_PRIVATE \
TOR_CHANNEL_INTERNAL_ CHANNEL_OBJECT_PRIVATE \
CHANNEL_PRIVATE_ CHANNEL_FILE_PRIVATE \
EXPOSE_ROUTERDESC_TOKEN_TABLE ROUTERDESC_TOKEN_TABLE_PRIVATE \
SCHEDULER_PRIVATE_ SCHEDULER_PRIVATE
|
|
|
|
|
|
test_e2e_rend_circuit_setup()
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
Part of #30382
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This commit extract most of the code that dirclient.c had to handle the end of
a descriptor directory requests (fetch). It is moved into hs_client.c in order
to have one single point of entry and the rest is fully handled by the HS
subsystem.
As part of #30382, depending on how the descriptor ended up stored (decoded or
not), different SOCKS error code can be returned.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
This will allow us to callback into the HS subsytem depending on the decoding
status and return an extended SOCKS5 error code depending on the decoding
issue.
This is how we'll be able to tell the SocksPort connection if we are missing
or have bad client authorization for a service.
Part of #30382
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
hs_ident_circuit_new()
|
|
Fixes #30921
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
|
|
|
This reverts commit ab8b80944967ee5a6a0c45dbf61839cf257bfe44.
|
|
|
|
We are using an opaque pointer so the structure needs to be allocated on the
heap. This means we now need a constructor for crypt_path_t.
Also modify all places initializing a crypt_path_t to use the constructor.
|
|
|
|
|
|
Part of #23588.
|
|
The previous commits for 23576 confused hs_desc_link_specifier_t
and link_specifier_t. Removing hs_desc_link_specifier_t fixes this
confusion.
Fixes bug 22781; bugfix on 0.3.2.1-alpha.
|
|
|
|
|
|
This is client side and related to 27471 for previous commit that fixes this
issue.
Signed-off-by: David Goulet <dgoulet@torproject.org>
|
