[tor-commits] [sbws/master] fix: CI: Make wget quiet
commit d0a0202f47b5e019f08c0b4b285b4f2cb6a87352 Author: juga0 Date: Wed Feb 10 09:30:39 2021 + fix: CI: Make wget quiet to avoid many lines of non useful text the CI. --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index f0aadaf..51daeba 100644 --- a/tox.ini +++ b/tox.ini @@ -56,7 +56,7 @@ commands = bash -c "time python3 {envtmpdir}/net/wait.py {envtmpdir}/net/{auth,relay,exit}*" bash -c "python3 {toxinidir}/scripts/tools/sbws-http-server.py --port 2 &>/dev/null &" sleep 1 -wget -O/dev/null http://127.0.0.1:2/sbws.bin +wget -qO/dev/null http://127.0.0.1:2/sbws.bin ; Run actually the scanner mkdir -p /tmp/.sbws ; This add around 3min more to the tests ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] Merge branch 'maint-1.1'
commit 0e37b0e98ba19d243985ff48dc670faee21fe94b Merge: 7495401 3e4ccb9 Author: juga0 Date: Tue Feb 23 07:23:55 2021 + Merge branch 'maint-1.1' docs/source/activity_measure.puml | 30 +++ docs/source/how_works.rst | 12 ++- docs/source/images/activity_measure.svg | 42 + sbws/core/scanner.py| 145 ++-- sbws/lib/relaylist.py | 35 +--- 5 files changed, 204 insertions(+), 60 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] Merge remote-tracking branch 'gitlab/merge-requests/61' into maint-1.1
commit 3e4ccb90ea64b391d0003bb72f17d513845680ae Merge: e375cd2 d0a0202 Author: Georg Koppen Date: Mon Feb 22 17:12:18 2021 + Merge remote-tracking branch 'gitlab/merge-requests/61' into maint-1.1 docs/source/activity_measure.puml | 30 +++ docs/source/how_works.rst | 12 ++- docs/source/images/activity_measure.svg | 42 + sbws/core/scanner.py| 145 ++-- sbws/lib/relaylist.py | 35 +--- 5 files changed, 204 insertions(+), 60 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix:scanner: Rm condition assigning helper
commit 72b43570589d10a668039341895948ded0f1bfd7 Author: juga0 Date: Tue Feb 9 13:08:44 2021 + fix:scanner: Rm condition assigning helper --- sbws/core/scanner.py | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 97829f4..5fd917a 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -267,12 +267,12 @@ def error_no_helper(relay, dest, our_nick=""): def create_path_relay(relay, dest, rl, cb, relay_as_entry=True): -if relay_as_entry: -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=True) -else: -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=False) +# the helper `is_exit` arg (should be better called `helper_as_exit`), +# is True when the relay is the entry (helper has to be exit) +# and False when the relay is not the entry, ie. is the exit (helper does +# not have to be an exit) +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=relay_as_entry) if not helper: return error_no_helper(relay, dest) if relay_as_entry: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix:scanner: Move as_entry/as_exit into one function
commit 8846c32a500515fc3d5d094a6ff5b0777f2c30fb Author: juga0 Date: Tue Feb 9 12:57:36 2021 + fix:scanner: Move as_entry/as_exit into one function since they're similar code --- sbws/core/scanner.py | 39 +++ 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 40e3093..97829f4 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -266,25 +266,24 @@ def error_no_helper(relay, dest, our_nick=""): ] -def create_path_relay_as_entry(relay, dest, rl, cb): -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=True) -if not helper: -return error_no_helper(relay, dest) -circ_fps = [relay.fingerprint, helper.fingerprint] -nicknames = [relay.nickname, helper.nickname] -return circ_fps, nicknames, helper.exit_policy - - -def create_path_relay_as_exit(relay, dest, rl, cb): -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=False) +def create_path_relay(relay, dest, rl, cb, relay_as_entry=True): +if relay_as_entry: +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=True) +else: +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=False) if not helper: return error_no_helper(relay, dest) -circ_fps = [helper.fingerprint, relay.fingerprint] -# stored for debugging -nicknames = [helper.nickname, relay.nickname] -return circ_fps, nicknames, relay.exit_policy +if relay_as_entry: +circ_fps = [relay.fingerprint, helper.fingerprint] +nicknames = [relay.nickname, helper.nickname] +exit_policy = helper.exit_policy +else: +circ_fps = [helper.fingerprint, relay.fingerprint] +nicknames = [helper.nickname, relay.nickname] +exit_policy = relay.exit_policy +return circ_fps, nicknames, exit_policy def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick): @@ -348,10 +347,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # the relay as an exit, if it can exit to some IPs. if relay.is_exit_not_bad_allowing_port(dest.port): circ_fps, nicknames, exit_policy = \ -create_path_relay_as_exit(relay, dest, rl, cb) +create_path_relay(relay, dest, rl, cb, relay_as_entry=False) else: circ_fps, nicknames, exit_policy = \ -create_path_relay_as_entry(relay, dest, rl, cb) +create_path_relay(relay, dest, rl, cb) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) @@ -380,7 +379,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): "with it as entry.", relay.fingerprint, relay.nickname, exit_policy, dest.url, circ_fps, nicknames, usable_data) circ_fps, nicknames, exit_policy = \ -create_path_relay_as_entry(relay, dest, rl, cb) +create_path_relay(relay, dest, rl, cb) circ_id, reason = cb.build_circuit(circ_fps) if not circ_id: log.warning( ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix: scanner: log exit policy when stream fails
commit a570a707ec898cf59bdd12d3a8b20d25ce9459fd Author: juga0 Date: Mon Feb 8 16:21:53 2021 + fix: scanner: log exit policy when stream fails --- sbws/core/scanner.py | 33 - 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 903f09f..c7ee1ee 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -267,7 +267,7 @@ def create_path_relay_as_entry(relay, dest, rl, cb): return error_no_helper(relay, dest) circ_fps = [relay.fingerprint, helper.fingerprint] nicknames = [relay.nickname, helper.nickname] -return helper, circ_fps, nicknames +return circ_fps, nicknames, helper.exit_policy def create_path_relay_as_exit(relay, dest, rl, cb): @@ -278,7 +278,7 @@ def create_path_relay_as_exit(relay, dest, rl, cb): circ_fps = [helper.fingerprint, relay.fingerprint] # stored for debugging nicknames = [helper.nickname, relay.nickname] -return circ_fps, nicknames +return circ_fps, nicknames, relay.exit_policy def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick): @@ -341,9 +341,11 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # Instead of ensuring that the relay can exit to all IPs, try first with # the relay as an exit, if it can exit to some IPs. if relay.is_exit_not_bad_allowing_port(dest.port): -circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb) +circ_fps, nicknames, exit_policy = \ +create_path_relay_as_exit(relay, dest, rl, cb) else: -circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) +circ_fps, nicknames, exit_policy = \ +create_path_relay_as_entry(relay, dest, rl, cb) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) @@ -367,10 +369,12 @@ def measure_relay(args, conf, destinations, cb, rl, relay): if not is_usable and \ relay.is_exit_not_bad_allowing_port(dest.port): log.info( -"Exit %s (%s) that can't exit all ips failed to connect to " -" %s via circuit %s (%s). Trying again with it as entry.", -relay.fingerprint, relay.nickname, dest, circ_fps, nicknames) -circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) +"Exit %s (%s) that can't exit all ips, with exit policy %s, failed" +" to connect to %s via circuit %s (%s). Reason: %s. Trying again " +"with it as entry.", relay.fingerprint, relay.nickname, +exit_policy, dest.url, circ_fps, nicknames, usable_data) +circ_fps, nicknames, exit_policy = \ +create_path_relay_as_entry(relay, dest, rl, cb) circ_id, reason = cb.build_circuit(circ_fps) if not circ_id: log.warning( @@ -385,8 +389,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay): is_usable, usable_data = connect_to_destination_over_circuit( dest, circ_id, s, cb.controller, dest._max_dl) if not is_usable: -log.debug('Destination %s unusable via circuit %s (%s), %s', - dest.url, circ_fps, nicknames, usable_data) +log.debug('Failed to connect to %s to measure %s (%s) via circuit ' + '%s (%s). Exit policy: %s. Reason: %s.', dest.url, + relay.fingerprint, relay.nickname, circ_fps, nicknames, + exit_policy, usable_data) cb.close_circuit(circ_id) return [ ResultErrorStream(relay, circ_fps, dest.url, our_nick, @@ -410,9 +416,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay): bw_results, reason = measure_bandwidth_to_server( s, conf, dest, usable_data['content_length']) if bw_results is None: -log.debug('Unable to measure bandwidth for %s (%s) to %s via circuit ' - '%s (%s): %s', relay.fingerprint, relay.nickname, - dest.url, circ_fps, nicknames, reason) +log.debug('Failed to measure %s (%s) via circuit %s (%s) to %s. Exit' + ' policy: %s. Reason: %s.', relay.fingerprint, + relay.nickname, circ_fps, nicknames, dest.url, exit_policy, + reason) cb.close_circuit(circ_id) return [ ResultErrorStream(relay, circ_fps, dest.url, our_nick, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix: scanner: remove relay to measure as helper
commit 50377680448d66bc95a09fc5333da9465bd1b791 Author: juga0 Date: Mon Feb 8 16:24:11 2021 + fix: scanner: remove relay to measure as helper --- sbws/core/scanner.py | 6 ++ 1 file changed, 6 insertions(+) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index c7ee1ee..40e3093 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -219,6 +219,12 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): if is_exit else rl.non_exits if not len(candidates): return None +# In the case the helper is an exit, the entry could be an exit too +# (#40041), so ensure the helper is not the same as the entry, likely to +# happen in a test network. +if is_exit: +candidates = [c for c in candidates + if c.fingerprint != relay.fingerprint] min_relay_bw = rl.exit_min_bw() if is_exit else rl.non_exit_min_bw() log.debug('Picking a 2nd hop to measure %s from %d choices. is_exit=%s', relay.nickname, len(candidates), is_exit) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix: doc: Add relay measure activity diagram
commit 78c4091538493604e2d9749bc0e93bbb968d0b1a Author: juga0 Date: Wed Feb 3 12:05:49 2021 + fix: doc: Add relay measure activity diagram --- docs/source/activity_measure.puml | 30 +++ docs/source/how_works.rst | 12 +- docs/source/images/activity_measure.svg | 42 + 3 files changed, 83 insertions(+), 1 deletion(-) diff --git a/docs/source/activity_measure.puml b/docs/source/activity_measure.puml new file mode 100644 index 000..f553cb1 --- /dev/null +++ b/docs/source/activity_measure.puml @@ -0,0 +1,30 @@ +@startuml + +start + +if (exit?) then (yes) + :[h, r]; +else (no) + :[r, h]; +endif +if (circuit?) then (yes) +:stream; +if (no stream and [h, r]) then (yes) +:[r, h] (r is exit); +if (circuit?) then (yes) +:stream; +else (no) +:WARN; +:ErrorCircuit; +endif +endif +if (no stream) then (yes) +:ErrorStream; +endif +else (no) +:ErrorCircuit; +endif + +stop + +@enduml diff --git a/docs/source/how_works.rst b/docs/source/how_works.rst index 24f8689..f4b1ae0 100644 --- a/docs/source/how_works.rst +++ b/docs/source/how_works.rst @@ -73,6 +73,16 @@ Measuring relays Source code: :func:`sbws.core.scanner.measure_relay` +Measuring a relay +~ + +.. image:: ./images/activity_measure.svg + :alt: activity measuring a relay + :height: 300px + :align: center + +Source code: :func:`sbws.core.scanner.measure_relay` + Selecting a second relay @@ -165,4 +175,4 @@ The bandwidth file format is defined in the bandwidth_file_spec_. .. _requests: http://docs.python-requests.org/ .. _peerflow: https://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/16-1231-4353.pdf .. _torflow_scaling: https://gitweb.torproject.org/torflow.git/tree/NetworkScanners/BwAuthority/README.spec.txt#n298 -.. _bandwidth_file_spec: https://gitweb.torproject.org/torspec.git/tree/bandwidth-file-spec.txt \ No newline at end of file +.. _bandwidth_file_spec: https://gitweb.torproject.org/torspec.git/tree/bandwidth-file-spec.txt diff --git a/docs/source/images/activity_measure.svg b/docs/source/images/activity_measure.svg new file mode 100644 index 000..a278ce7 --- /dev/null +++ b/docs/source/images/activity_measure.svg @@ -0,0 +1,42 @@ +http://www.w3.org/2000/svg; xmlns:xlink="http://www.w3.org/1999/xlink; contentScriptType="application/ecmascript" contentStyleType="text/css" height="783px" preserveAspectRatio="none" style="width:337px;height:783px;" version="1.1" viewBox="0 0 337 783" width="337px" zoomAndPan="magnify">exit?yesno[h, r][r, h]circuit?yesnostream[r, h] (r is exit)circuit?yesnostreamWARNErrorCircuityesno stream and [h, r]ErrorStreamyesno streamErrorCircuit \ No newline at end of file ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] minor: scanner: move checking helper to methods
commit 3d8cf6f801ab42a12d9efd58ba41e697c34b1ef9 Author: juga0 Date: Tue Feb 2 12:07:03 2021 + minor: scanner: move checking helper to methods `helper` variable is only used to return error, therefore move it to the methods that create the path and return the error there. `our_nick` is not useful for the log, since it is always the same, but not removing it here. --- sbws/core/scanner.py | 27 ++- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 4ca7430..e18bddb 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -244,7 +244,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): return chosen -def error_no_helper(relay, dest, our_nick): +def error_no_helper(relay, dest, our_nick=""): reason = 'Unable to select a second relay' log.debug(reason + ' to help measure %s (%s)', relay.fingerprint, relay.nickname) @@ -255,25 +255,24 @@ def error_no_helper(relay, dest, our_nick): def create_path_relay_as_entry(relay, dest, rl, cb): -circ_fps = nicknames = [] helper = _pick_ideal_second_hop( relay, dest, rl, cb.controller, is_exit=True) if not helper: -return error_no_helper(relay, dest, our_nick) +return error_no_helper(relay, dest) circ_fps = [relay.fingerprint, helper.fingerprint] nicknames = [relay.nickname, helper.nickname] return helper, circ_fps, nicknames def create_path_relay_as_exit(relay, dest, rl, cb): -circ_fps = nicknames = [] helper = _pick_ideal_second_hop( relay, dest, rl, cb.controller, is_exit=False) -if helper: -circ_fps = [helper.fingerprint, relay.fingerprint] -# stored for debugging -nicknames = [helper.nickname, relay.nickname] -return helper, circ_fps, nicknames +if not helper: +return error_no_helper(relay, dest) +circ_fps = [helper.fingerprint, relay.fingerprint] +# stored for debugging +nicknames = [helper.nickname, relay.nickname] +return circ_fps, nicknames def measure_relay(args, conf, destinations, cb, rl, relay): @@ -324,16 +323,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # Pick a relay to help us measure the given relay. If the given relay is an # exit, then pick a non-exit. Otherwise pick an exit. -helper = None -circ_fps = None if relay.is_exit_not_bad_allowing_port_all_ips(dest.port): -helper, circ_fps, nicknames = create_path_relay_as_exit( -relay, dest, rl, cb) +circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb) else: -helper, circ_fps, nicknames = create_path_relay_as_entry( -relay, dest, rl, cb) -if not helper: -return error_no_helper(relay, dest, our_nick) +circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix: scanner: extract method for not helper case
commit 119d91108a45aa71b80e71f41dc86df0729991a8 Author: juga0 Date: Tue Feb 2 11:59:41 2021 + fix: scanner: extract method for not helper case --- sbws/core/scanner.py | 25 +++-- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 228ad74..4ca7430 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -244,13 +244,24 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): return chosen +def error_no_helper(relay, dest, our_nick): +reason = 'Unable to select a second relay' +log.debug(reason + ' to help measure %s (%s)', + relay.fingerprint, relay.nickname) +return [ +ResultErrorSecondRelay(relay, [], dest.url, our_nick, + msg=reason), +] + + def create_path_relay_as_entry(relay, dest, rl, cb): circ_fps = nicknames = [] helper = _pick_ideal_second_hop( relay, dest, rl, cb.controller, is_exit=True) -if helper: -circ_fps = [relay.fingerprint, helper.fingerprint] -nicknames = [relay.nickname, helper.nickname] +if not helper: +return error_no_helper(relay, dest, our_nick) +circ_fps = [relay.fingerprint, helper.fingerprint] +nicknames = [relay.nickname, helper.nickname] return helper, circ_fps, nicknames @@ -322,13 +333,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): helper, circ_fps, nicknames = create_path_relay_as_entry( relay, dest, rl, cb) if not helper: -reason = 'Unable to select a second relay' -log.debug(reason + ' to help measure %s (%s)', - relay.fingerprint, relay.nickname) -return [ -ResultErrorSecondRelay(relay, [], dest.url, our_nick, - msg=reason), -] +return error_no_helper(relay, dest, our_nick) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix: relaylist: Remove duplicated can exit methods
commit cd9f82fbbe6ec4205fa3c8695cd277a03da39833 Author: juga0 Date: Mon Feb 8 15:04:58 2021 + fix: relaylist: Remove duplicated can exit methods After refactoring and making clear when we were using exit(s) that can exit to all public IPs (and a port) or only some, refactor them removing the duplicated code and adding the `strict` argument. --- sbws/core/scanner.py | 8 ++-- sbws/lib/relaylist.py | 64 +++ tests/integration/lib/test_destination.py | 6 +-- 3 files changed, 29 insertions(+), 49 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 1499264..903f09f 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -215,7 +215,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): # In the case that a concrete exit can't exit to the Web server, it is not # a problem since the relay will be measured in the next loop with other # random exit. -candidates = rl.exits_not_bad_allowing_port_some_ips(dest.port) \ +candidates = rl.exits_not_bad_allowing_port(dest.port) \ if is_exit else rl.non_exits if not len(candidates): return None @@ -340,7 +340,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # exit, then pick a non-exit. Otherwise pick an exit. # Instead of ensuring that the relay can exit to all IPs, try first with # the relay as an exit, if it can exit to some IPs. -if relay.is_exit_not_bad_allowing_port_some_ips(dest.port): +if relay.is_exit_not_bad_allowing_port(dest.port): circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb) else: circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) @@ -365,7 +365,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # to the Web server, try again using it as entry, to avoid that it would # always fail when there's only one Web server. if not is_usable and \ -relay.is_exit_not_bad_allowing_port_all_ips(dest.port): +relay.is_exit_not_bad_allowing_port(dest.port): log.info( "Exit %s (%s) that can't exit all ips failed to connect to " " %s via circuit %s (%s). Trying again with it as entry.", @@ -377,7 +377,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): "Exit %s (%s) that can't exit all ips, failed to create " " circuit as entry: %s (%s).", relay.fingerprint, relay.nickname, circ_fps, nicknames) -return error_no_circuit(relay, circ_fps, nicknames, reason, dest, +return error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick) log.debug('Built circuit with path %s (%s) to measure %s (%s)', diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 3ff1f73..9c6d12a 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -178,21 +178,32 @@ class Relay: """Number of times the relay was in a conensus.""" return len(self.relay_in_recent_consensus) -def can_exit_to_port_all_ips(self, port): +def can_exit_to_port(self, port, strict=False): """ Returns True if the relay has an exit policy and the policy accepts -exiting to the given portself or False otherwise. +exiting to the given port or False otherwise. + +If ``strict`` is true, it only returns the exits that can exit to all +IPs and that port. The exits that are IPv6 only or IPv4 but rejecting some public networks will return false. On July 2020, there were 67 out of 1095 exits like this. + +If ``strict`` is false, it returns any exit that can exit to some +public IPs and that port. + +Note that the EXIT flag exists when the relay can exit to 443 **and** +80. Currently all Web servers are using 443, so it would not be needed +to check the EXIT flag too, using this function. + """ assert isinstance(port, int) # if dind't get the descriptor, there isn't exit policy # When the attribute is gotten in getattr(self._desc, "exit_policy"), # is possible that stem's _input_rules is None and raises an exception # (#29899): -# File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 117, in can_exit_to_port_all_ips # noqa +# File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 117, in can_exit_to_port # noqa # if not self.exit_policy: # File "/usr/lib/python3/dist-packages/stem/exit_policy.py", line 512, in __len__ # noqa # return len(self._get_rules()) @@ -202,50 +213,23 @@ class Relay: # Therefore, catch the exception here. try: if self.exit_policy: -# Using `strict` to ensure it
[tor-commits] [sbws/master] fix: scanner: extract method on circuit error
commit 53141148f4b82df8e34e2757172e7403791a0c86 Author: juga0 Date: Tue Feb 2 12:13:42 2021 + fix: scanner: extract method on circuit error At some point all possible errors should be exceptions. --- sbws/core/scanner.py | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index e18bddb..aa17452 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -275,6 +275,15 @@ def create_path_relay_as_exit(relay, dest, rl, cb): return circ_fps, nicknames +def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick): +log.debug('Could not build circuit with path %s (%s): %s ', + circ_fps, nicknames, reason) +return [ +ResultErrorCircuit(relay, circ_fps, dest.url, our_nick, + msg=reason), +] + + def measure_relay(args, conf, destinations, cb, rl, relay): """ Select a Web server, a relay to build the circuit, @@ -338,12 +347,8 @@ def measure_relay(args, conf, destinations, cb, rl, relay): create_path_relay_as_exit(relay, dest, rl, cb) circ_id, reason = cb.build_circuit(circ_fps) if not circ_id: -log.debug('Could not build circuit with path %s (%s): %s ', - circ_fps, nicknames, reason) -return [ -ResultErrorCircuit(relay, circ_fps, dest.url, our_nick, - msg=reason), -] +return error_no_circuit(circ_fps, nicknames, reason, relay, dest, +our_nick) log.debug('Built circuit with path %s (%s) to measure %s (%s)', circ_fps, nicknames, relay.fingerprint, relay.nickname) # Make a connection to the destination ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] minor: scanner: Change logic creating the path
commit 294fc29786c47fbffac62cbbebdfad3186906fe3 Author: juga0 Date: Tue Feb 2 13:07:57 2021 + minor: scanner: Change logic creating the path When the relay is not an exit, instead of choosing exits that can exit to all IPs, try with exits that can exit to some IPs, since the relay will be measured again with a different exit in other loop. When the relay is an exit, instead of ensuring it can exit all IPs, try using it as exit if it can exit to some IPs. If it fails connecting to the Web server, then try a 2nd time using it as entry to avoid that it will fail in all loops if there is only one Web server, cause it will be used again as an exit. Also, the helper exits don't need to be able to exit all IPs. When a helper exit fails to exit (maybe cause it can not exit to the Web sever IP), it's not a problem cause in a next loop other exit will be choosen. This change of logic also solves the bug where non exits were being used as exits, because we were trying to measure again a relay that was used as entry, because it could not exit all IPs, which includes also the non exits. Closes: #40041. --- sbws/core/scanner.py | 50 --- tests/integration/lib/test_destination.py | 6 ++-- 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index aa17452..1499264 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -209,8 +209,14 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): destination **dest**, pick a second relay that is or is not an exit according to **is_exit**. ''' -candidates = rl.exits_not_bad_allowing_port_all_ips(dest.port) if is_exit \ -else rl.non_exits +# 40041: Instead of using exits that can exit to all IPs, to ensure that +# they can make requests to the Web servers, try with the exits that +# allow some IPs, since there're more. +# In the case that a concrete exit can't exit to the Web server, it is not +# a problem since the relay will be measured in the next loop with other +# random exit. +candidates = rl.exits_not_bad_allowing_port_some_ips(dest.port) \ +if is_exit else rl.non_exits if not len(candidates): return None min_relay_bw = rl.exit_min_bw() if is_exit else rl.non_exit_min_bw() @@ -332,20 +338,20 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # Pick a relay to help us measure the given relay. If the given relay is an # exit, then pick a non-exit. Otherwise pick an exit. -if relay.is_exit_not_bad_allowing_port_all_ips(dest.port): +# Instead of ensuring that the relay can exit to all IPs, try first with +# the relay as an exit, if it can exit to some IPs. +if relay.is_exit_not_bad_allowing_port_some_ips(dest.port): circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb) else: circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) -if not circ_id and relay.fingerprint == circ_fps[0]: -# We detected that some exits fail to build circuits as 1st hop. -# If that's the case, try again using them as 2nd hop. -# We could reuse the helper, but it does not need to be an exit now, -# so choose other again. -create_path_relay_as_exit(relay, dest, rl, cb) -circ_id, reason = cb.build_circuit(circ_fps) + +# If the circuit failed to get created, bad luck, it will be created again +# with other helper. +# Here we won't have the case that an exit tried to build the circuit as +# entry and failed (#40029), cause not checking that it can exit all IPs. if not circ_id: return error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick) @@ -354,6 +360,30 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # Make a connection to the destination is_usable, usable_data = connect_to_destination_over_circuit( dest, circ_id, s, cb.controller, dest._max_dl) + +# In the case that the relay was used as an exit, but could not exit +# to the Web server, try again using it as entry, to avoid that it would +# always fail when there's only one Web server. +if not is_usable and \ +relay.is_exit_not_bad_allowing_port_all_ips(dest.port): +log.info( +"Exit %s (%s) that can't exit all ips failed to connect to " +" %s via circuit %s (%s). Trying again with it as entry.", +relay.fingerprint, relay.nickname, dest, circ_fps, nicknames) +circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) +circ_id, reason = cb.build_circuit(circ_fps) +if not circ_id: +log.warning( +
[tor-commits] [sbws/master] fix: relaylist: rename exits_not_bad_allowing_port
commit 3e2e6c7e77a041fb0dd31b993945ef7da766ea9c Author: juga0 Date: Tue Feb 2 11:40:04 2021 + fix: relaylist: rename exits_not_bad_allowing_port see previous commit --- sbws/core/scanner.py | 2 +- sbws/lib/relaylist.py | 2 +- tests/integration/lib/test_destination.py | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 20f1b83..2736059 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -209,7 +209,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): destination **dest**, pick a second relay that is or is not an exit according to **is_exit**. ''' -candidates = rl.exits_not_bad_allowing_port(dest.port) if is_exit \ +candidates = rl.exits_not_bad_allowing_port_all_ips(dest.port) if is_exit \ else rl.non_exits if not len(candidates): return None diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 86e0d7b..863689e 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -453,7 +453,7 @@ class RelayList: """Number of times a new consensus was obtained.""" return len(self._recent_consensus) -def exits_not_bad_allowing_port(self, port): +def exits_not_bad_allowing_port_all_ips(self, port): return [r for r in self.exits if r.is_exit_not_bad_allowing_port_all_ips(port)] diff --git a/tests/integration/lib/test_destination.py b/tests/integration/lib/test_destination.py index 98ed89f..19f6617 100644 --- a/tests/integration/lib/test_destination.py +++ b/tests/integration/lib/test_destination.py @@ -26,7 +26,7 @@ def test_connect_to_destination_over_circuit_success(persistent_launch_tor, relay = [r for r in rl.relays if r.nickname == 'relay1mbyteMAB'][0] # Choose an exit, for this test it does not matter the bandwidth -helper = rl.exits_not_bad_allowing_port(destination.port)[0] +helper = rl.exits_not_bad_allowing_port_all_ips(destination.port)[0] circuit_path = [relay.fingerprint, helper.fingerprint] # build a circuit circuit_id, _ = cb.build_circuit(circuit_path) @@ -46,7 +46,7 @@ def test_connect_to_destination_over_circuit_fail(persistent_launch_tor, relay = [r for r in rl.relays if r.nickname == 'relay1mbyteMAB'][0] # Choose an exit, for this test it does not matter the bandwidth -helper = rl.exits_not_bad_allowing_port(bad_destination.port)[0] +helper = rl.exits_not_bad_allowing_port_all_ips(bad_destination.port)[0] circuit_path = [relay.fingerprint, helper.fingerprint] # Build a circuit. circuit_id, _ = cb.build_circuit(circuit_path) @@ -75,7 +75,7 @@ def test_functional_destinations(conf, cb, rl, persistent_launch_tor): relay = [r for r in rl.relays if r.nickname == 'relay1mbyteMAB'][0] # Choose an exit, for this test it does not matter the bandwidth -helper = rl.exits_not_bad_allowing_port(bad_destination.port)[0] +helper = rl.exits_not_bad_allowing_port_all_ips(bad_destination.port)[0] circuit_path = [relay.fingerprint, helper.fingerprint] # Build a circuit. circuit_id, _ = cb.build_circuit(circuit_path) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix: relaylist: rename is_exit_not_bad_allowing_port
commit 33a5909f57271a67ef0d9d88c1d7799d341d5ece Author: juga0 Date: Tue Feb 2 11:38:12 2021 + fix: relaylist: rename is_exit_not_bad_allowing_port see previous commit --- sbws/core/scanner.py | 2 +- sbws/lib/relaylist.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 312993a..20f1b83 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -294,7 +294,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # exit, then pick a non-exit. Otherwise pick an exit. helper = None circ_fps = None -if relay.is_exit_not_bad_allowing_port(dest.port): +if relay.is_exit_not_bad_allowing_port_all_ips(dest.port): helper = _pick_ideal_second_hop( relay, dest, rl, cb.controller, is_exit=False) if helper: diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 5eef4aa..86e0d7b 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -219,7 +219,7 @@ class Relay: return False return False -def is_exit_not_bad_allowing_port(self, port): +def is_exit_not_bad_allowing_port_all_ips(self, port): return (Flag.BADEXIT not in self.flags and Flag.EXIT in self.flags and self.can_exit_to_port_all_ips(port)) @@ -455,7 +455,7 @@ class RelayList: def exits_not_bad_allowing_port(self, port): return [r for r in self.exits -if r.is_exit_not_bad_allowing_port(port)] +if r.is_exit_not_bad_allowing_port_all_ips(port)] def increment_recent_measurement_attempt(self): """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix: relaylist: Add methods to obtain exits that
commit 55b76a84b9da3d13f2d2616cb83a29e4726b8a67 Author: juga0 Date: Tue Feb 2 11:46:21 2021 + fix: relaylist: Add methods to obtain exits that can exit to some IPs. To use them in the cases it will be more convenient. --- sbws/lib/relaylist.py | 27 +++ 1 file changed, 27 insertions(+) diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 863689e..3ff1f73 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -219,11 +219,34 @@ class Relay: return False return False +def can_exit_to_port_some_ips(self, port): +""" +Returns True if the relay has an exit policy and the policy accepts +exiting to the given port and some public IPs or False otherwise. +""" +assert isinstance(port, int) +try: +if self.exit_policy: +# Not using argument `strict`, to know whether it can exit +# some public IPs, though not all. +return ( +self.exit_policy.strip_private() +.can_exit_to(port=port) +) +except TypeError: +return False +return False + def is_exit_not_bad_allowing_port_all_ips(self, port): return (Flag.BADEXIT not in self.flags and Flag.EXIT in self.flags and self.can_exit_to_port_all_ips(port)) +def is_exit_not_bad_allowing_port_some_ips(self, port): +return (Flag.BADEXIT not in self.flags and +Flag.EXIT in self.flags and +self.can_exit_to_port_some_ips(port)) + def increment_relay_recent_measurement_attempt(self): """ Increment The number of times that a relay has been queued @@ -457,6 +480,10 @@ class RelayList: return [r for r in self.exits if r.is_exit_not_bad_allowing_port_all_ips(port)] +def exits_not_bad_allowing_port_some_ips(self, port): +return [r for r in self.exits +if r.is_exit_not_bad_allowing_port_some_ips(port)] + def increment_recent_measurement_attempt(self): """ Increment the number of times that any relay has been queued to be ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix: scanner: extract method to create paths
commit fa9314123b702feee230f7974bfbad2d783d8365 Author: juga0 Date: Tue Feb 2 11:56:05 2021 + fix: scanner: extract method to create paths because `measure_relay` method is too long, confusing and we have had several bugs in this part of the code. --- sbws/core/scanner.py | 42 ++ 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 2736059..228ad74 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -244,6 +244,27 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): return chosen +def create_path_relay_as_entry(relay, dest, rl, cb): +circ_fps = nicknames = [] +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=True) +if helper: +circ_fps = [relay.fingerprint, helper.fingerprint] +nicknames = [relay.nickname, helper.nickname] +return helper, circ_fps, nicknames + + +def create_path_relay_as_exit(relay, dest, rl, cb): +circ_fps = nicknames = [] +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=False) +if helper: +circ_fps = [helper.fingerprint, relay.fingerprint] +# stored for debugging +nicknames = [helper.nickname, relay.nickname] +return helper, circ_fps, nicknames + + def measure_relay(args, conf, destinations, cb, rl, relay): """ Select a Web server, a relay to build the circuit, @@ -295,18 +316,11 @@ def measure_relay(args, conf, destinations, cb, rl, relay): helper = None circ_fps = None if relay.is_exit_not_bad_allowing_port_all_ips(dest.port): -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=False) -if helper: -circ_fps = [helper.fingerprint, relay.fingerprint] -# stored for debugging -nicknames = [helper.nickname, relay.nickname] +helper, circ_fps, nicknames = create_path_relay_as_exit( +relay, dest, rl, cb) else: -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=True) -if helper: -circ_fps = [relay.fingerprint, helper.fingerprint] -nicknames = [relay.nickname, helper.nickname] +helper, circ_fps, nicknames = create_path_relay_as_entry( +relay, dest, rl, cb) if not helper: reason = 'Unable to select a second relay' log.debug(reason + ' to help measure %s (%s)', @@ -323,11 +337,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # If that's the case, try again using them as 2nd hop. # We could reuse the helper, but it does not need to be an exit now, # so choose other again. -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=False) -if helper: -circ_fps = [helper.fingerprint, relay.fingerprint] -nicknames = [helper.nickname, relay.nickname] +create_path_relay_as_exit(relay, dest, rl, cb) circ_id, reason = cb.build_circuit(circ_fps) if not circ_id: log.debug('Could not build circuit with path %s (%s): %s ', ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/master] fix: relaylist: rename can_exit_to_port
commit 1014bac294d03790c15bec1bff21e9ca9802acdb Author: juga0 Date: Tue Feb 2 11:15:02 2021 + fix: relaylist: rename can_exit_to_port to can_exit_to_port_all_ips, because it's using `strict`, which means that it allows to exit to all IPs. It seems more convenient to try first with exits that allow to exit to some IPs and only try a second time if that fails, because there are more. --- sbws/lib/relaylist.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index ba0b176..5eef4aa 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -178,7 +178,7 @@ class Relay: """Number of times the relay was in a conensus.""" return len(self.relay_in_recent_consensus) -def can_exit_to_port(self, port): +def can_exit_to_port_all_ips(self, port): """ Returns True if the relay has an exit policy and the policy accepts exiting to the given portself or False otherwise. @@ -192,7 +192,7 @@ class Relay: # When the attribute is gotten in getattr(self._desc, "exit_policy"), # is possible that stem's _input_rules is None and raises an exception # (#29899): -# File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 117, in can_exit_to_port # noqa +# File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 117, in can_exit_to_port_all_ips # noqa # if not self.exit_policy: # File "/usr/lib/python3/dist-packages/stem/exit_policy.py", line 512, in __len__ # noqa # return len(self._get_rules()) @@ -222,7 +222,7 @@ class Relay: def is_exit_not_bad_allowing_port(self, port): return (Flag.BADEXIT not in self.flags and Flag.EXIT in self.flags and -self.can_exit_to_port(port)) +self.can_exit_to_port_all_ips(port)) def increment_relay_recent_measurement_attempt(self): """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] Merge remote-tracking branch 'gitlab/merge-requests/61' into maint-1.1
commit 3e4ccb90ea64b391d0003bb72f17d513845680ae Merge: e375cd2 d0a0202 Author: Georg Koppen Date: Mon Feb 22 17:12:18 2021 + Merge remote-tracking branch 'gitlab/merge-requests/61' into maint-1.1 docs/source/activity_measure.puml | 30 +++ docs/source/how_works.rst | 12 ++- docs/source/images/activity_measure.svg | 42 + sbws/core/scanner.py| 145 ++-- sbws/lib/relaylist.py | 35 +--- 5 files changed, 204 insertions(+), 60 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: test: Add chutney configuration
commit 212047f4c4601d263078cde4338060704d026d78 Author: juga0 Date: Thu Dec 17 15:30:11 2020 + fix: test: Add chutney configuration and scripts to run the integration tests with chutney. It does not replace yet the way integration tests are run. --- .gitignore | 1 + tests/integration/chutney_data/bwscanner | 15 + .../integration/chutney_data/client_bwscanner.tmpl | 23 +++ tests/integration/chutney_data/non-exit.tmpl | 4 tests/integration/chutney_data/relay-MAB.tmpl | 4 tests/integration/chutney_data/relay-MBR.tmpl | 4 tests/integration/run.sh | 14 tests/integration/start_chutney.sh | 26 ++ tests/integration/stop_chutney.sh | 10 + 9 files changed, 101 insertions(+) diff --git a/.gitignore b/.gitignore index 9903d5d..744436b 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ htmlcov dist build *.lockfile +chutney diff --git a/tests/integration/chutney_data/bwscanner b/tests/integration/chutney_data/bwscanner new file mode 100644 index 000..6506bc3 --- /dev/null +++ b/tests/integration/chutney_data/bwscanner @@ -0,0 +1,15 @@ +# By default, Authorities are not configured as exits +Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl") +NonExitRelay = Node(tag="m", relay=1, exit=0, torrc="non-exit.tmpl") +ExitRelay = Node(tag="r", relay=1, exit=1, torrc="relay.tmpl") +Client = Node(tag="c", client=1, torrc="client_bwscanner.tmpl") +RelayMAB = Node(tag="relay1mbyteMAB", relay=1, torrc="relay-MAB.tmpl") +RelayMBR = Node(tag="relay1mbyteMBR", relay=1, torrc="relay-MBR.tmpl") + +NODES = Authority.getN(3) + \ + NonExitRelay.getN(9) + \ + ExitRelay.getN(3) + Client.getN(1) + +# RelayMBR.getN(1) + RelayMAB.getN(1) + \ + +ConfigureNodes(NODES) diff --git a/tests/integration/chutney_data/client_bwscanner.tmpl b/tests/integration/chutney_data/client_bwscanner.tmpl new file mode 100644 index 000..dc6d0d8 --- /dev/null +++ b/tests/integration/chutney_data/client_bwscanner.tmpl @@ -0,0 +1,23 @@ +${include:common.i} +SocksPort $socksport + +#NOTE: Setting TestingClientConsensusDownloadSchedule doesn't +# help -- dl_stats.schedule is not DL_SCHED_CONSENSUS +# at boostrap time. +# Try to download after: +# the minimum initial consensus time to start with, +# a few eager fetches, +# then half the minimum testing consensus interval +#TestingClientDownloadSchedule 0, 5 +#TestingClientConsensusDownloadSchedule 0, 5 +#ControlPort 8015 +UseEntryGuards 0 +UseMicroDescriptors 0 +FetchDirInfoEarly 1 +FetchDirInfoExtraEarly 1 +FetchUselessDescriptors 1 +LearnCircuitBuildTimeout 0 +CircuitBuildTimeout 60 +ConnectionPadding 0 +__DisablePredictedCircuits 1 +__LeaveStreamsUnattached 1 diff --git a/tests/integration/chutney_data/non-exit.tmpl b/tests/integration/chutney_data/non-exit.tmpl new file mode 100644 index 000..25d8806 --- /dev/null +++ b/tests/integration/chutney_data/non-exit.tmpl @@ -0,0 +1,4 @@ +${include:relay-non-exit.tmpl} + +ExitRelay 0 +ExitPolicy reject *:* diff --git a/tests/integration/chutney_data/relay-MAB.tmpl b/tests/integration/chutney_data/relay-MAB.tmpl new file mode 100644 index 000..28bc6a7 --- /dev/null +++ b/tests/integration/chutney_data/relay-MAB.tmpl @@ -0,0 +1,4 @@ +${include:non-exit.tmpl} + +Nickname relay1mbyteMAB +MaxAdvertisedBandwidth 1 MBytes diff --git a/tests/integration/chutney_data/relay-MBR.tmpl b/tests/integration/chutney_data/relay-MBR.tmpl new file mode 100644 index 000..946600b --- /dev/null +++ b/tests/integration/chutney_data/relay-MBR.tmpl @@ -0,0 +1,4 @@ +${include:non-exit.tmpl} + +Nickname relay1mbyteMBR +RelayBandwidthRate 1 MBytes diff --git a/tests/integration/run.sh b/tests/integration/run.sh new file mode 100755 index 000..e870b50 --- /dev/null +++ b/tests/integration/run.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -x + +tests/integration/start_chutney.sh +python3 scripts/tools/sbws-http-server.py --port 2 &>/dev/null & +sleep 1 +wget -O/dev/null http://127.0.0.1:2/sbws.bin +# Run actually the scanner +sbws -c tests/integration/sbws_testnet.ini scanner +sbws -c tests/integration/sbws_testnet.ini generate +# Run integration tests +coverage run -a --rcfile=.coveragerc --source=sbws -m pytest -s tests/integration -vv +sbws -c tests/integration/sbws_testnet.ini cleanup +tests/integration/stop_chutney.sh diff --git a/tests/integration/start_chutney.sh b/tests/integration/start_chutney.sh new file mode 100755 index 000..04f9641 --- /dev/null +++ b/tests/integration/start_chutney.sh @@ -0,0 +1,26 @@ +#!/bin/bash +set -x + +CURRENT_DIR=`pwd` +CHUTNEY_DIR=${1:-./chutney} + +# If chutney dir already exists, this will fail but it doesn't matter. +git clone https://git.torproject.org/chutney.git $CHUTNEY_DIR + +cp tests/integration/chutney_data/bwscanner
[tor-commits] [sbws/maint-1.1] fix: tests: Run integration tests with chutney
commit 5b8c47a1e3af95357381191106d1c9fd7d060852 Author: juga0 Date: Thu Dec 17 15:36:50 2020 + fix: tests: Run integration tests with chutney and adapt the tests to pass. \o/ Closes: #40008. --- sbws/lib/relaylist.py | 5 +- tests/integration/conftest.py | 10 +- tests/integration/core/test_scanner.py | 2 + tests/integration/lib/test_circuitbuilder.py | 20 +-- tests/integration/lib/test_destination.py | 6 +- tests/integration/lib/test_relaylist.py| 16 +-- tests/integration/lib/test_relayprioritizer.py | 30 ++--- tests/integration/net/auth1/fingerprint| 1 - .../net/auth1/keys/authority_certificate | 45 --- .../net/auth1/keys/authority_identity_key | 41 --- .../net/auth1/keys/authority_signing_key | 27 .../net/auth1/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes .../net/auth1/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes .../net/auth1/keys/ed25519_signing_cert| Bin 172 -> 0 bytes .../net/auth1/keys/ed25519_signing_secret_key | Bin 96 -> 0 bytes tests/integration/net/auth1/keys/secret_id_key | 15 --- tests/integration/net/auth1/keys/secret_onion_key | 15 --- .../net/auth1/keys/secret_onion_key_ntor | Bin 96 -> 0 bytes tests/integration/net/auth1/torrc | 33 - tests/integration/net/auth2/fingerprint| 1 - .../net/auth2/keys/authority_certificate | 45 --- .../net/auth2/keys/authority_identity_key | 41 --- .../net/auth2/keys/authority_signing_key | 27 .../net/auth2/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes .../net/auth2/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes .../net/auth2/keys/ed25519_signing_cert| Bin 172 -> 0 bytes .../net/auth2/keys/ed25519_signing_secret_key | Bin 96 -> 0 bytes tests/integration/net/auth2/keys/secret_id_key | 15 --- tests/integration/net/auth2/keys/secret_onion_key | 15 --- .../net/auth2/keys/secret_onion_key_ntor | Bin 96 -> 0 bytes tests/integration/net/auth2/torrc | 33 - tests/integration/net/auth3/fingerprint| 1 - .../net/auth3/keys/authority_certificate | 45 --- .../net/auth3/keys/authority_identity_key | 41 --- .../net/auth3/keys/authority_signing_key | 27 .../net/auth3/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes .../net/auth3/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes .../net/auth3/keys/ed25519_signing_cert| Bin 172 -> 0 bytes .../net/auth3/keys/ed25519_signing_secret_key | Bin 96 -> 0 bytes tests/integration/net/auth3/keys/secret_id_key | 15 --- tests/integration/net/auth3/keys/secret_onion_key | 15 --- .../net/auth3/keys/secret_onion_key_ntor | Bin 96 -> 0 bytes tests/integration/net/auth3/torrc | 33 - tests/integration/net/exit1/fingerprint| 1 - .../net/exit1/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes .../net/exit1/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes .../net/exit1/keys/ed25519_signing_cert| Bin 172 -> 0 bytes .../net/exit1/keys/ed25519_signing_secret_key | Bin 96 -> 0 bytes tests/integration/net/exit1/keys/secret_id_key | 15 --- tests/integration/net/exit1/keys/secret_onion_key | 15 --- .../net/exit1/keys/secret_onion_key_ntor | Bin 96 -> 0 bytes tests/integration/net/exit1/torrc | 26 tests/integration/net/exit2/fingerprint| 1 - .../net/exit2/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes .../net/exit2/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes .../net/exit2/keys/ed25519_signing_cert| Bin 172 -> 0 bytes .../net/exit2/keys/ed25519_signing_secret_key | Bin 96 -> 0 bytes tests/integration/net/exit2/keys/secret_id_key | 15 --- tests/integration/net/exit2/keys/secret_onion_key | 15 --- .../net/exit2/keys/secret_onion_key_ntor | Bin 96 -> 0 bytes tests/integration/net/exit2/torrc | 26 tests/integration/net/exit3/fingerprint| 1 - .../net/exit3/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes .../net/exit3/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes .../net/exit3/keys/ed25519_signing_cert| Bin 172 -> 0 bytes .../net/exit3/keys/ed25519_signing_secret_key | Bin 96 -> 0 bytes tests/integration/net/exit3/keys/secret_id_key | 15 --- tests/integration/net/exit3/keys/secret_onion_key | 15 --- .../net/exit3/keys/secret_onion_key_ntor | Bin 96 -> 0 bytes tests/integration/net/exit3/torrc | 26 tests/integration/net/relay1/fingerprint | 1 -
[tor-commits] [sbws/maint-1.1] fix: resultdump: Check that the error has a circuit
commit e375cd28c8e19e3e9660547b134ef7759ad21e3f Author: juga0 Date: Tue Feb 9 10:42:34 2021 + fix: resultdump: Check that the error has a circuit Because if the error is not a circuit error, it does not have that attribute. --- sbws/lib/resultdump.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sbws/lib/resultdump.py b/sbws/lib/resultdump.py index 6673e9a..b287242 100644 --- a/sbws/lib/resultdump.py +++ b/sbws/lib/resultdump.py @@ -794,8 +794,9 @@ class ResultDump: result.dest_url, result.msg) # The result doesn't store the exit policies, so it can't be logged # whether it was an exit. -as_exit = result.circ[1] == result.fingerprint -msg += ". As exit." if as_exit else ". As entry." +if result.circ: +as_exit = result.circ[1] == result.fingerprint +msg += ". As exit." if as_exit else ". As entry." # When the error is that there are not more functional destinations. if result.type == "error-destination": log.info("Shutting down because there are not functional " ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] chg: stem: Set default torrc options
commit 5f5f968a5fc65ea334b96e6deeda934980b371e6 Author: juga0 Date: Thu Dec 17 15:09:39 2020 + chg: stem: Set default torrc options when connecting to an external tor and they are not already set. --- sbws/util/stem.py | 38 +++--- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/sbws/util/stem.py b/sbws/util/stem.py index 4e8f321..9fea31f 100644 --- a/sbws/util/stem.py +++ b/sbws/util/stem.py @@ -161,6 +161,16 @@ def parse_user_torrc_config(torrc, torrc_text): return torrc_dict +def set_torrc_starting_point(controller): +"""Set the torrc starting point options.""" +for k, v in TORRC_STARTING_POINT.items(): +try: +controller.set_conf(k, v) +except (ControllerError, InvalidRequest, InvalidArguments) as e: +log.exception("Error setting option %s, %s: %s", k, v, e) +exit(1) + + def set_torrc_runtime_options(controller): """Set torrc options at runtime.""" try: @@ -228,16 +238,16 @@ def launch_tor(conf): def launch_or_connect_to_tor(conf): -# If connecting to an existing controller, there is no need to configure -# own tor. cont = init_controller(conf) if not cont: cont = launch_tor(conf) +else: +if not is_torrc_starting_point_set(cont): +set_torrc_starting_point(cont) # Set options that can fail at runtime set_torrc_options_can_fail(cont) # Set runtime options set_torrc_runtime_options(cont) - log.info('Started or connected to Tor %s.', cont.get_version()) return cont @@ -293,3 +303,25 @@ def circuit_str(controller, circ_id): return '[' +\ ' -> '.join(['{} ({})'.format(n, fp[0:8]) for fp, n in circ.path]) +\ ']' + + +def is_torrc_starting_point_set(tor_controller): +"""Verify that the tor controller has the correct configuration. + +When connecting to a tor controller that has not been launched by sbws, +it should have been configured to work with sbws. + +""" +bad_options = False +torrc = TORRC_STARTING_POINT +for k, v in torrc.items(): +value_set = tor_controller.get_conf(k) +if v != value_set: +log.exception( +"Uncorrectly configured %s, should be %s, is %s", +k, v, value_set +) +bad_options = True +if not bad_options: +log.info("Tor is correctly configured to work with sbws.") +return bad_options ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: stem: Move torrc option that does not depend on config
commit 2d5a6b65704857b8abde4a867f0f6590c181325c Author: juga0 Date: Thu Dec 17 14:40:36 2020 + fix: stem: Move torrc option that does not depend on config It seems we forgot this option when refactoring in #28738. --- sbws/globals.py | 6 +- sbws/util/stem.py | 4 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sbws/globals.py b/sbws/globals.py index 2434685..f5b3ec6 100644 --- a/sbws/globals.py +++ b/sbws/globals.py @@ -40,7 +40,11 @@ TORRC_STARTING_POINT = { 'FetchDirInfoEarly': '1', 'FetchDirInfoExtraEarly': '1', # To make Tor keep fetching descriptors, even when idle. -'FetchUselessDescriptors': '1' +'FetchUselessDescriptors': '1', +# Things needed to make circuits fail a little faster. We get the +# circuit_timeout as a string instead of an int on purpose: stem only +# accepts strings. +'LearnCircuitBuildTimeout': '0', } # Options that need to be set at runtime. TORRC_RUNTIME_OPTIONS = { diff --git a/sbws/util/stem.py b/sbws/util/stem.py index 5835237..4e8f321 100644 --- a/sbws/util/stem.py +++ b/sbws/util/stem.py @@ -206,10 +206,6 @@ def launch_tor(conf): 'NOTICE file {}'.format(os.path.join(conf.getpath('tor', 'log'), 'notice.log')), ], -# Things needed to make circuits fail a little faster. We get the -# circuit_timeout as a string instead of an int on purpose: stem only -# accepts strings. -'LearnCircuitBuildTimeout': '0', 'CircuitBuildTimeout': conf['general']['circuit_timeout'], }) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: stem: Remove torrc option that is the default
commit 15da07d6a447d8310354124f6020b4cf74b75488 Author: juga0 Date: Thu Dec 17 14:37:58 2020 + fix: stem: Remove torrc option that is the default to avoid conflict when comparing the options that should be set and the ones are set, since the SocksPort will be differently in chutney. --- docs/source/config_tor.rst | 1 - sbws/globals.py| 3 --- 2 files changed, 4 deletions(-) diff --git a/docs/source/config_tor.rst b/docs/source/config_tor.rst index e609468..b204ca2 100644 --- a/docs/source/config_tor.rst +++ b/docs/source/config_tor.rst @@ -9,7 +9,6 @@ connection to an existing Tor daemon. Default configuration: -- ``SocksPort auto``: To proxy requests over Tor. - ``CookieAuthentication 1``: The easiest way to authenticate to Tor. - ``UseEntryGuards 0``: To avoid path bias warnings. - ``UseMicrodescriptors 0``: Because full server descriptors are needed. diff --git a/sbws/globals.py b/sbws/globals.py index 2e4481c..2434685 100644 --- a/sbws/globals.py +++ b/sbws/globals.py @@ -22,9 +22,6 @@ SPEC_VERSION = '1.5.0' # Options that are known at runtime (from configuration file) are added # in utils/stem.py launch_tor TORRC_STARTING_POINT = { -# We will find out via the ControlPort and not setting something static -# means a lower chance of conflict -'SocksPort': 'auto', # Easier than password authentication 'CookieAuthentication': '1', # To avoid path bias warnings ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix:scanner: Rm condition assigning helper
commit 72b43570589d10a668039341895948ded0f1bfd7 Author: juga0 Date: Tue Feb 9 13:08:44 2021 + fix:scanner: Rm condition assigning helper --- sbws/core/scanner.py | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 97829f4..5fd917a 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -267,12 +267,12 @@ def error_no_helper(relay, dest, our_nick=""): def create_path_relay(relay, dest, rl, cb, relay_as_entry=True): -if relay_as_entry: -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=True) -else: -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=False) +# the helper `is_exit` arg (should be better called `helper_as_exit`), +# is True when the relay is the entry (helper has to be exit) +# and False when the relay is not the entry, ie. is the exit (helper does +# not have to be an exit) +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=relay_as_entry) if not helper: return error_no_helper(relay, dest) if relay_as_entry: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: CI: Make wget quiet
commit d0a0202f47b5e019f08c0b4b285b4f2cb6a87352 Author: juga0 Date: Wed Feb 10 09:30:39 2021 + fix: CI: Make wget quiet to avoid many lines of non useful text the CI. --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index f0aadaf..51daeba 100644 --- a/tox.ini +++ b/tox.ini @@ -56,7 +56,7 @@ commands = bash -c "time python3 {envtmpdir}/net/wait.py {envtmpdir}/net/{auth,relay,exit}*" bash -c "python3 {toxinidir}/scripts/tools/sbws-http-server.py --port 2 &>/dev/null &" sleep 1 -wget -O/dev/null http://127.0.0.1:2/sbws.bin +wget -qO/dev/null http://127.0.0.1:2/sbws.bin ; Run actually the scanner mkdir -p /tmp/.sbws ; This add around 3min more to the tests ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] minor: scanner: Change logic creating the path
commit 294fc29786c47fbffac62cbbebdfad3186906fe3 Author: juga0 Date: Tue Feb 2 13:07:57 2021 + minor: scanner: Change logic creating the path When the relay is not an exit, instead of choosing exits that can exit to all IPs, try with exits that can exit to some IPs, since the relay will be measured again with a different exit in other loop. When the relay is an exit, instead of ensuring it can exit all IPs, try using it as exit if it can exit to some IPs. If it fails connecting to the Web server, then try a 2nd time using it as entry to avoid that it will fail in all loops if there is only one Web server, cause it will be used again as an exit. Also, the helper exits don't need to be able to exit all IPs. When a helper exit fails to exit (maybe cause it can not exit to the Web sever IP), it's not a problem cause in a next loop other exit will be choosen. This change of logic also solves the bug where non exits were being used as exits, because we were trying to measure again a relay that was used as entry, because it could not exit all IPs, which includes also the non exits. Closes: #40041. --- sbws/core/scanner.py | 50 --- tests/integration/lib/test_destination.py | 6 ++-- 2 files changed, 43 insertions(+), 13 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index aa17452..1499264 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -209,8 +209,14 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): destination **dest**, pick a second relay that is or is not an exit according to **is_exit**. ''' -candidates = rl.exits_not_bad_allowing_port_all_ips(dest.port) if is_exit \ -else rl.non_exits +# 40041: Instead of using exits that can exit to all IPs, to ensure that +# they can make requests to the Web servers, try with the exits that +# allow some IPs, since there're more. +# In the case that a concrete exit can't exit to the Web server, it is not +# a problem since the relay will be measured in the next loop with other +# random exit. +candidates = rl.exits_not_bad_allowing_port_some_ips(dest.port) \ +if is_exit else rl.non_exits if not len(candidates): return None min_relay_bw = rl.exit_min_bw() if is_exit else rl.non_exit_min_bw() @@ -332,20 +338,20 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # Pick a relay to help us measure the given relay. If the given relay is an # exit, then pick a non-exit. Otherwise pick an exit. -if relay.is_exit_not_bad_allowing_port_all_ips(dest.port): +# Instead of ensuring that the relay can exit to all IPs, try first with +# the relay as an exit, if it can exit to some IPs. +if relay.is_exit_not_bad_allowing_port_some_ips(dest.port): circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb) else: circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) -if not circ_id and relay.fingerprint == circ_fps[0]: -# We detected that some exits fail to build circuits as 1st hop. -# If that's the case, try again using them as 2nd hop. -# We could reuse the helper, but it does not need to be an exit now, -# so choose other again. -create_path_relay_as_exit(relay, dest, rl, cb) -circ_id, reason = cb.build_circuit(circ_fps) + +# If the circuit failed to get created, bad luck, it will be created again +# with other helper. +# Here we won't have the case that an exit tried to build the circuit as +# entry and failed (#40029), cause not checking that it can exit all IPs. if not circ_id: return error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick) @@ -354,6 +360,30 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # Make a connection to the destination is_usable, usable_data = connect_to_destination_over_circuit( dest, circ_id, s, cb.controller, dest._max_dl) + +# In the case that the relay was used as an exit, but could not exit +# to the Web server, try again using it as entry, to avoid that it would +# always fail when there's only one Web server. +if not is_usable and \ +relay.is_exit_not_bad_allowing_port_all_ips(dest.port): +log.info( +"Exit %s (%s) that can't exit all ips failed to connect to " +" %s via circuit %s (%s). Trying again with it as entry.", +relay.fingerprint, relay.nickname, dest, circ_fps, nicknames) +circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) +circ_id, reason = cb.build_circuit(circ_fps) +if not circ_id: +log.warning( +
[tor-commits] [sbws/maint-1.1] fix: doc: Add relay measure activity diagram
commit 78c4091538493604e2d9749bc0e93bbb968d0b1a Author: juga0 Date: Wed Feb 3 12:05:49 2021 + fix: doc: Add relay measure activity diagram --- docs/source/activity_measure.puml | 30 +++ docs/source/how_works.rst | 12 +- docs/source/images/activity_measure.svg | 42 + 3 files changed, 83 insertions(+), 1 deletion(-) diff --git a/docs/source/activity_measure.puml b/docs/source/activity_measure.puml new file mode 100644 index 000..f553cb1 --- /dev/null +++ b/docs/source/activity_measure.puml @@ -0,0 +1,30 @@ +@startuml + +start + +if (exit?) then (yes) + :[h, r]; +else (no) + :[r, h]; +endif +if (circuit?) then (yes) +:stream; +if (no stream and [h, r]) then (yes) +:[r, h] (r is exit); +if (circuit?) then (yes) +:stream; +else (no) +:WARN; +:ErrorCircuit; +endif +endif +if (no stream) then (yes) +:ErrorStream; +endif +else (no) +:ErrorCircuit; +endif + +stop + +@enduml diff --git a/docs/source/how_works.rst b/docs/source/how_works.rst index 24f8689..f4b1ae0 100644 --- a/docs/source/how_works.rst +++ b/docs/source/how_works.rst @@ -73,6 +73,16 @@ Measuring relays Source code: :func:`sbws.core.scanner.measure_relay` +Measuring a relay +~ + +.. image:: ./images/activity_measure.svg + :alt: activity measuring a relay + :height: 300px + :align: center + +Source code: :func:`sbws.core.scanner.measure_relay` + Selecting a second relay @@ -165,4 +175,4 @@ The bandwidth file format is defined in the bandwidth_file_spec_. .. _requests: http://docs.python-requests.org/ .. _peerflow: https://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/16-1231-4353.pdf .. _torflow_scaling: https://gitweb.torproject.org/torflow.git/tree/NetworkScanners/BwAuthority/README.spec.txt#n298 -.. _bandwidth_file_spec: https://gitweb.torproject.org/torspec.git/tree/bandwidth-file-spec.txt \ No newline at end of file +.. _bandwidth_file_spec: https://gitweb.torproject.org/torspec.git/tree/bandwidth-file-spec.txt diff --git a/docs/source/images/activity_measure.svg b/docs/source/images/activity_measure.svg new file mode 100644 index 000..a278ce7 --- /dev/null +++ b/docs/source/images/activity_measure.svg @@ -0,0 +1,42 @@ +http://www.w3.org/2000/svg; xmlns:xlink="http://www.w3.org/1999/xlink; contentScriptType="application/ecmascript" contentStyleType="text/css" height="783px" preserveAspectRatio="none" style="width:337px;height:783px;" version="1.1" viewBox="0 0 337 783" width="337px" zoomAndPan="magnify">exit?yesno[h, r][r, h]circuit?yesnostream[r, h] (r is exit)circuit?yesnostreamWARNErrorCircuityesno stream and [h, r]ErrorStreamyesno streamErrorCircuit \ No newline at end of file ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: scanner: remove relay to measure as helper
commit 50377680448d66bc95a09fc5333da9465bd1b791 Author: juga0 Date: Mon Feb 8 16:24:11 2021 + fix: scanner: remove relay to measure as helper --- sbws/core/scanner.py | 6 ++ 1 file changed, 6 insertions(+) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index c7ee1ee..40e3093 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -219,6 +219,12 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): if is_exit else rl.non_exits if not len(candidates): return None +# In the case the helper is an exit, the entry could be an exit too +# (#40041), so ensure the helper is not the same as the entry, likely to +# happen in a test network. +if is_exit: +candidates = [c for c in candidates + if c.fingerprint != relay.fingerprint] min_relay_bw = rl.exit_min_bw() if is_exit else rl.non_exit_min_bw() log.debug('Picking a 2nd hop to measure %s from %d choices. is_exit=%s', relay.nickname, len(candidates), is_exit) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix:scanner: Move as_entry/as_exit into one function
commit 8846c32a500515fc3d5d094a6ff5b0777f2c30fb Author: juga0 Date: Tue Feb 9 12:57:36 2021 + fix:scanner: Move as_entry/as_exit into one function since they're similar code --- sbws/core/scanner.py | 39 +++ 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 40e3093..97829f4 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -266,25 +266,24 @@ def error_no_helper(relay, dest, our_nick=""): ] -def create_path_relay_as_entry(relay, dest, rl, cb): -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=True) -if not helper: -return error_no_helper(relay, dest) -circ_fps = [relay.fingerprint, helper.fingerprint] -nicknames = [relay.nickname, helper.nickname] -return circ_fps, nicknames, helper.exit_policy - - -def create_path_relay_as_exit(relay, dest, rl, cb): -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=False) +def create_path_relay(relay, dest, rl, cb, relay_as_entry=True): +if relay_as_entry: +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=True) +else: +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=False) if not helper: return error_no_helper(relay, dest) -circ_fps = [helper.fingerprint, relay.fingerprint] -# stored for debugging -nicknames = [helper.nickname, relay.nickname] -return circ_fps, nicknames, relay.exit_policy +if relay_as_entry: +circ_fps = [relay.fingerprint, helper.fingerprint] +nicknames = [relay.nickname, helper.nickname] +exit_policy = helper.exit_policy +else: +circ_fps = [helper.fingerprint, relay.fingerprint] +nicknames = [helper.nickname, relay.nickname] +exit_policy = relay.exit_policy +return circ_fps, nicknames, exit_policy def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick): @@ -348,10 +347,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # the relay as an exit, if it can exit to some IPs. if relay.is_exit_not_bad_allowing_port(dest.port): circ_fps, nicknames, exit_policy = \ -create_path_relay_as_exit(relay, dest, rl, cb) +create_path_relay(relay, dest, rl, cb, relay_as_entry=False) else: circ_fps, nicknames, exit_policy = \ -create_path_relay_as_entry(relay, dest, rl, cb) +create_path_relay(relay, dest, rl, cb) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) @@ -380,7 +379,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): "with it as entry.", relay.fingerprint, relay.nickname, exit_policy, dest.url, circ_fps, nicknames, usable_data) circ_fps, nicknames, exit_policy = \ -create_path_relay_as_entry(relay, dest, rl, cb) +create_path_relay(relay, dest, rl, cb) circ_id, reason = cb.build_circuit(circ_fps) if not circ_id: log.warning( ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: relaylist: Remove duplicated can exit methods
commit cd9f82fbbe6ec4205fa3c8695cd277a03da39833 Author: juga0 Date: Mon Feb 8 15:04:58 2021 + fix: relaylist: Remove duplicated can exit methods After refactoring and making clear when we were using exit(s) that can exit to all public IPs (and a port) or only some, refactor them removing the duplicated code and adding the `strict` argument. --- sbws/core/scanner.py | 8 ++-- sbws/lib/relaylist.py | 64 +++ tests/integration/lib/test_destination.py | 6 +-- 3 files changed, 29 insertions(+), 49 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 1499264..903f09f 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -215,7 +215,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): # In the case that a concrete exit can't exit to the Web server, it is not # a problem since the relay will be measured in the next loop with other # random exit. -candidates = rl.exits_not_bad_allowing_port_some_ips(dest.port) \ +candidates = rl.exits_not_bad_allowing_port(dest.port) \ if is_exit else rl.non_exits if not len(candidates): return None @@ -340,7 +340,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # exit, then pick a non-exit. Otherwise pick an exit. # Instead of ensuring that the relay can exit to all IPs, try first with # the relay as an exit, if it can exit to some IPs. -if relay.is_exit_not_bad_allowing_port_some_ips(dest.port): +if relay.is_exit_not_bad_allowing_port(dest.port): circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb) else: circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) @@ -365,7 +365,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # to the Web server, try again using it as entry, to avoid that it would # always fail when there's only one Web server. if not is_usable and \ -relay.is_exit_not_bad_allowing_port_all_ips(dest.port): +relay.is_exit_not_bad_allowing_port(dest.port): log.info( "Exit %s (%s) that can't exit all ips failed to connect to " " %s via circuit %s (%s). Trying again with it as entry.", @@ -377,7 +377,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): "Exit %s (%s) that can't exit all ips, failed to create " " circuit as entry: %s (%s).", relay.fingerprint, relay.nickname, circ_fps, nicknames) -return error_no_circuit(relay, circ_fps, nicknames, reason, dest, +return error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick) log.debug('Built circuit with path %s (%s) to measure %s (%s)', diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 3ff1f73..9c6d12a 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -178,21 +178,32 @@ class Relay: """Number of times the relay was in a conensus.""" return len(self.relay_in_recent_consensus) -def can_exit_to_port_all_ips(self, port): +def can_exit_to_port(self, port, strict=False): """ Returns True if the relay has an exit policy and the policy accepts -exiting to the given portself or False otherwise. +exiting to the given port or False otherwise. + +If ``strict`` is true, it only returns the exits that can exit to all +IPs and that port. The exits that are IPv6 only or IPv4 but rejecting some public networks will return false. On July 2020, there were 67 out of 1095 exits like this. + +If ``strict`` is false, it returns any exit that can exit to some +public IPs and that port. + +Note that the EXIT flag exists when the relay can exit to 443 **and** +80. Currently all Web servers are using 443, so it would not be needed +to check the EXIT flag too, using this function. + """ assert isinstance(port, int) # if dind't get the descriptor, there isn't exit policy # When the attribute is gotten in getattr(self._desc, "exit_policy"), # is possible that stem's _input_rules is None and raises an exception # (#29899): -# File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 117, in can_exit_to_port_all_ips # noqa +# File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 117, in can_exit_to_port # noqa # if not self.exit_policy: # File "/usr/lib/python3/dist-packages/stem/exit_policy.py", line 512, in __len__ # noqa # return len(self._get_rules()) @@ -202,50 +213,23 @@ class Relay: # Therefore, catch the exception here. try: if self.exit_policy: -# Using `strict` to ensure it
[tor-commits] [sbws/maint-1.1] minor: scanner: move checking helper to methods
commit 3d8cf6f801ab42a12d9efd58ba41e697c34b1ef9 Author: juga0 Date: Tue Feb 2 12:07:03 2021 + minor: scanner: move checking helper to methods `helper` variable is only used to return error, therefore move it to the methods that create the path and return the error there. `our_nick` is not useful for the log, since it is always the same, but not removing it here. --- sbws/core/scanner.py | 27 ++- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 4ca7430..e18bddb 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -244,7 +244,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): return chosen -def error_no_helper(relay, dest, our_nick): +def error_no_helper(relay, dest, our_nick=""): reason = 'Unable to select a second relay' log.debug(reason + ' to help measure %s (%s)', relay.fingerprint, relay.nickname) @@ -255,25 +255,24 @@ def error_no_helper(relay, dest, our_nick): def create_path_relay_as_entry(relay, dest, rl, cb): -circ_fps = nicknames = [] helper = _pick_ideal_second_hop( relay, dest, rl, cb.controller, is_exit=True) if not helper: -return error_no_helper(relay, dest, our_nick) +return error_no_helper(relay, dest) circ_fps = [relay.fingerprint, helper.fingerprint] nicknames = [relay.nickname, helper.nickname] return helper, circ_fps, nicknames def create_path_relay_as_exit(relay, dest, rl, cb): -circ_fps = nicknames = [] helper = _pick_ideal_second_hop( relay, dest, rl, cb.controller, is_exit=False) -if helper: -circ_fps = [helper.fingerprint, relay.fingerprint] -# stored for debugging -nicknames = [helper.nickname, relay.nickname] -return helper, circ_fps, nicknames +if not helper: +return error_no_helper(relay, dest) +circ_fps = [helper.fingerprint, relay.fingerprint] +# stored for debugging +nicknames = [helper.nickname, relay.nickname] +return circ_fps, nicknames def measure_relay(args, conf, destinations, cb, rl, relay): @@ -324,16 +323,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # Pick a relay to help us measure the given relay. If the given relay is an # exit, then pick a non-exit. Otherwise pick an exit. -helper = None -circ_fps = None if relay.is_exit_not_bad_allowing_port_all_ips(dest.port): -helper, circ_fps, nicknames = create_path_relay_as_exit( -relay, dest, rl, cb) +circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb) else: -helper, circ_fps, nicknames = create_path_relay_as_entry( -relay, dest, rl, cb) -if not helper: -return error_no_helper(relay, dest, our_nick) +circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: scanner: extract method to create paths
commit fa9314123b702feee230f7974bfbad2d783d8365 Author: juga0 Date: Tue Feb 2 11:56:05 2021 + fix: scanner: extract method to create paths because `measure_relay` method is too long, confusing and we have had several bugs in this part of the code. --- sbws/core/scanner.py | 42 ++ 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 2736059..228ad74 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -244,6 +244,27 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): return chosen +def create_path_relay_as_entry(relay, dest, rl, cb): +circ_fps = nicknames = [] +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=True) +if helper: +circ_fps = [relay.fingerprint, helper.fingerprint] +nicknames = [relay.nickname, helper.nickname] +return helper, circ_fps, nicknames + + +def create_path_relay_as_exit(relay, dest, rl, cb): +circ_fps = nicknames = [] +helper = _pick_ideal_second_hop( +relay, dest, rl, cb.controller, is_exit=False) +if helper: +circ_fps = [helper.fingerprint, relay.fingerprint] +# stored for debugging +nicknames = [helper.nickname, relay.nickname] +return helper, circ_fps, nicknames + + def measure_relay(args, conf, destinations, cb, rl, relay): """ Select a Web server, a relay to build the circuit, @@ -295,18 +316,11 @@ def measure_relay(args, conf, destinations, cb, rl, relay): helper = None circ_fps = None if relay.is_exit_not_bad_allowing_port_all_ips(dest.port): -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=False) -if helper: -circ_fps = [helper.fingerprint, relay.fingerprint] -# stored for debugging -nicknames = [helper.nickname, relay.nickname] +helper, circ_fps, nicknames = create_path_relay_as_exit( +relay, dest, rl, cb) else: -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=True) -if helper: -circ_fps = [relay.fingerprint, helper.fingerprint] -nicknames = [relay.nickname, helper.nickname] +helper, circ_fps, nicknames = create_path_relay_as_entry( +relay, dest, rl, cb) if not helper: reason = 'Unable to select a second relay' log.debug(reason + ' to help measure %s (%s)', @@ -323,11 +337,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # If that's the case, try again using them as 2nd hop. # We could reuse the helper, but it does not need to be an exit now, # so choose other again. -helper = _pick_ideal_second_hop( -relay, dest, rl, cb.controller, is_exit=False) -if helper: -circ_fps = [helper.fingerprint, relay.fingerprint] -nicknames = [helper.nickname, relay.nickname] +create_path_relay_as_exit(relay, dest, rl, cb) circ_id, reason = cb.build_circuit(circ_fps) if not circ_id: log.debug('Could not build circuit with path %s (%s): %s ', ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: scanner: extract method on circuit error
commit 53141148f4b82df8e34e2757172e7403791a0c86 Author: juga0 Date: Tue Feb 2 12:13:42 2021 + fix: scanner: extract method on circuit error At some point all possible errors should be exceptions. --- sbws/core/scanner.py | 17 +++-- 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index e18bddb..aa17452 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -275,6 +275,15 @@ def create_path_relay_as_exit(relay, dest, rl, cb): return circ_fps, nicknames +def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick): +log.debug('Could not build circuit with path %s (%s): %s ', + circ_fps, nicknames, reason) +return [ +ResultErrorCircuit(relay, circ_fps, dest.url, our_nick, + msg=reason), +] + + def measure_relay(args, conf, destinations, cb, rl, relay): """ Select a Web server, a relay to build the circuit, @@ -338,12 +347,8 @@ def measure_relay(args, conf, destinations, cb, rl, relay): create_path_relay_as_exit(relay, dest, rl, cb) circ_id, reason = cb.build_circuit(circ_fps) if not circ_id: -log.debug('Could not build circuit with path %s (%s): %s ', - circ_fps, nicknames, reason) -return [ -ResultErrorCircuit(relay, circ_fps, dest.url, our_nick, - msg=reason), -] +return error_no_circuit(circ_fps, nicknames, reason, relay, dest, +our_nick) log.debug('Built circuit with path %s (%s) to measure %s (%s)', circ_fps, nicknames, relay.fingerprint, relay.nickname) # Make a connection to the destination ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: scanner: extract method for not helper case
commit 119d91108a45aa71b80e71f41dc86df0729991a8 Author: juga0 Date: Tue Feb 2 11:59:41 2021 + fix: scanner: extract method for not helper case --- sbws/core/scanner.py | 25 +++-- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 228ad74..4ca7430 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -244,13 +244,24 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): return chosen +def error_no_helper(relay, dest, our_nick): +reason = 'Unable to select a second relay' +log.debug(reason + ' to help measure %s (%s)', + relay.fingerprint, relay.nickname) +return [ +ResultErrorSecondRelay(relay, [], dest.url, our_nick, + msg=reason), +] + + def create_path_relay_as_entry(relay, dest, rl, cb): circ_fps = nicknames = [] helper = _pick_ideal_second_hop( relay, dest, rl, cb.controller, is_exit=True) -if helper: -circ_fps = [relay.fingerprint, helper.fingerprint] -nicknames = [relay.nickname, helper.nickname] +if not helper: +return error_no_helper(relay, dest, our_nick) +circ_fps = [relay.fingerprint, helper.fingerprint] +nicknames = [relay.nickname, helper.nickname] return helper, circ_fps, nicknames @@ -322,13 +333,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): helper, circ_fps, nicknames = create_path_relay_as_entry( relay, dest, rl, cb) if not helper: -reason = 'Unable to select a second relay' -log.debug(reason + ' to help measure %s (%s)', - relay.fingerprint, relay.nickname) -return [ -ResultErrorSecondRelay(relay, [], dest.url, our_nick, - msg=reason), -] +return error_no_helper(relay, dest, our_nick) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: scanner: log exit policy when stream fails
commit a570a707ec898cf59bdd12d3a8b20d25ce9459fd Author: juga0 Date: Mon Feb 8 16:21:53 2021 + fix: scanner: log exit policy when stream fails --- sbws/core/scanner.py | 33 - 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 903f09f..c7ee1ee 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -267,7 +267,7 @@ def create_path_relay_as_entry(relay, dest, rl, cb): return error_no_helper(relay, dest) circ_fps = [relay.fingerprint, helper.fingerprint] nicknames = [relay.nickname, helper.nickname] -return helper, circ_fps, nicknames +return circ_fps, nicknames, helper.exit_policy def create_path_relay_as_exit(relay, dest, rl, cb): @@ -278,7 +278,7 @@ def create_path_relay_as_exit(relay, dest, rl, cb): circ_fps = [helper.fingerprint, relay.fingerprint] # stored for debugging nicknames = [helper.nickname, relay.nickname] -return circ_fps, nicknames +return circ_fps, nicknames, relay.exit_policy def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick): @@ -341,9 +341,11 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # Instead of ensuring that the relay can exit to all IPs, try first with # the relay as an exit, if it can exit to some IPs. if relay.is_exit_not_bad_allowing_port(dest.port): -circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb) +circ_fps, nicknames, exit_policy = \ +create_path_relay_as_exit(relay, dest, rl, cb) else: -circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) +circ_fps, nicknames, exit_policy = \ +create_path_relay_as_entry(relay, dest, rl, cb) # Build the circuit circ_id, reason = cb.build_circuit(circ_fps) @@ -367,10 +369,12 @@ def measure_relay(args, conf, destinations, cb, rl, relay): if not is_usable and \ relay.is_exit_not_bad_allowing_port(dest.port): log.info( -"Exit %s (%s) that can't exit all ips failed to connect to " -" %s via circuit %s (%s). Trying again with it as entry.", -relay.fingerprint, relay.nickname, dest, circ_fps, nicknames) -circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb) +"Exit %s (%s) that can't exit all ips, with exit policy %s, failed" +" to connect to %s via circuit %s (%s). Reason: %s. Trying again " +"with it as entry.", relay.fingerprint, relay.nickname, +exit_policy, dest.url, circ_fps, nicknames, usable_data) +circ_fps, nicknames, exit_policy = \ +create_path_relay_as_entry(relay, dest, rl, cb) circ_id, reason = cb.build_circuit(circ_fps) if not circ_id: log.warning( @@ -385,8 +389,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay): is_usable, usable_data = connect_to_destination_over_circuit( dest, circ_id, s, cb.controller, dest._max_dl) if not is_usable: -log.debug('Destination %s unusable via circuit %s (%s), %s', - dest.url, circ_fps, nicknames, usable_data) +log.debug('Failed to connect to %s to measure %s (%s) via circuit ' + '%s (%s). Exit policy: %s. Reason: %s.', dest.url, + relay.fingerprint, relay.nickname, circ_fps, nicknames, + exit_policy, usable_data) cb.close_circuit(circ_id) return [ ResultErrorStream(relay, circ_fps, dest.url, our_nick, @@ -410,9 +416,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay): bw_results, reason = measure_bandwidth_to_server( s, conf, dest, usable_data['content_length']) if bw_results is None: -log.debug('Unable to measure bandwidth for %s (%s) to %s via circuit ' - '%s (%s): %s', relay.fingerprint, relay.nickname, - dest.url, circ_fps, nicknames, reason) +log.debug('Failed to measure %s (%s) via circuit %s (%s) to %s. Exit' + ' policy: %s. Reason: %s.', relay.fingerprint, + relay.nickname, circ_fps, nicknames, dest.url, exit_policy, + reason) cb.close_circuit(circ_id) return [ ResultErrorStream(relay, circ_fps, dest.url, our_nick, ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: relaylist: rename exits_not_bad_allowing_port
commit 3e2e6c7e77a041fb0dd31b993945ef7da766ea9c Author: juga0 Date: Tue Feb 2 11:40:04 2021 + fix: relaylist: rename exits_not_bad_allowing_port see previous commit --- sbws/core/scanner.py | 2 +- sbws/lib/relaylist.py | 2 +- tests/integration/lib/test_destination.py | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 20f1b83..2736059 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -209,7 +209,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit): destination **dest**, pick a second relay that is or is not an exit according to **is_exit**. ''' -candidates = rl.exits_not_bad_allowing_port(dest.port) if is_exit \ +candidates = rl.exits_not_bad_allowing_port_all_ips(dest.port) if is_exit \ else rl.non_exits if not len(candidates): return None diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 86e0d7b..863689e 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -453,7 +453,7 @@ class RelayList: """Number of times a new consensus was obtained.""" return len(self._recent_consensus) -def exits_not_bad_allowing_port(self, port): +def exits_not_bad_allowing_port_all_ips(self, port): return [r for r in self.exits if r.is_exit_not_bad_allowing_port_all_ips(port)] diff --git a/tests/integration/lib/test_destination.py b/tests/integration/lib/test_destination.py index 98ed89f..19f6617 100644 --- a/tests/integration/lib/test_destination.py +++ b/tests/integration/lib/test_destination.py @@ -26,7 +26,7 @@ def test_connect_to_destination_over_circuit_success(persistent_launch_tor, relay = [r for r in rl.relays if r.nickname == 'relay1mbyteMAB'][0] # Choose an exit, for this test it does not matter the bandwidth -helper = rl.exits_not_bad_allowing_port(destination.port)[0] +helper = rl.exits_not_bad_allowing_port_all_ips(destination.port)[0] circuit_path = [relay.fingerprint, helper.fingerprint] # build a circuit circuit_id, _ = cb.build_circuit(circuit_path) @@ -46,7 +46,7 @@ def test_connect_to_destination_over_circuit_fail(persistent_launch_tor, relay = [r for r in rl.relays if r.nickname == 'relay1mbyteMAB'][0] # Choose an exit, for this test it does not matter the bandwidth -helper = rl.exits_not_bad_allowing_port(bad_destination.port)[0] +helper = rl.exits_not_bad_allowing_port_all_ips(bad_destination.port)[0] circuit_path = [relay.fingerprint, helper.fingerprint] # Build a circuit. circuit_id, _ = cb.build_circuit(circuit_path) @@ -75,7 +75,7 @@ def test_functional_destinations(conf, cb, rl, persistent_launch_tor): relay = [r for r in rl.relays if r.nickname == 'relay1mbyteMAB'][0] # Choose an exit, for this test it does not matter the bandwidth -helper = rl.exits_not_bad_allowing_port(bad_destination.port)[0] +helper = rl.exits_not_bad_allowing_port_all_ips(bad_destination.port)[0] circuit_path = [relay.fingerprint, helper.fingerprint] # Build a circuit. circuit_id, _ = cb.build_circuit(circuit_path) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: relaylist: rename can_exit_to_port
commit 1014bac294d03790c15bec1bff21e9ca9802acdb Author: juga0 Date: Tue Feb 2 11:15:02 2021 + fix: relaylist: rename can_exit_to_port to can_exit_to_port_all_ips, because it's using `strict`, which means that it allows to exit to all IPs. It seems more convenient to try first with exits that allow to exit to some IPs and only try a second time if that fails, because there are more. --- sbws/lib/relaylist.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index ba0b176..5eef4aa 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -178,7 +178,7 @@ class Relay: """Number of times the relay was in a conensus.""" return len(self.relay_in_recent_consensus) -def can_exit_to_port(self, port): +def can_exit_to_port_all_ips(self, port): """ Returns True if the relay has an exit policy and the policy accepts exiting to the given portself or False otherwise. @@ -192,7 +192,7 @@ class Relay: # When the attribute is gotten in getattr(self._desc, "exit_policy"), # is possible that stem's _input_rules is None and raises an exception # (#29899): -# File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 117, in can_exit_to_port # noqa +# File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 117, in can_exit_to_port_all_ips # noqa # if not self.exit_policy: # File "/usr/lib/python3/dist-packages/stem/exit_policy.py", line 512, in __len__ # noqa # return len(self._get_rules()) @@ -222,7 +222,7 @@ class Relay: def is_exit_not_bad_allowing_port(self, port): return (Flag.BADEXIT not in self.flags and Flag.EXIT in self.flags and -self.can_exit_to_port(port)) +self.can_exit_to_port_all_ips(port)) def increment_relay_recent_measurement_attempt(self): """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: relaylist: Add methods to obtain exits that
commit 55b76a84b9da3d13f2d2616cb83a29e4726b8a67 Author: juga0 Date: Tue Feb 2 11:46:21 2021 + fix: relaylist: Add methods to obtain exits that can exit to some IPs. To use them in the cases it will be more convenient. --- sbws/lib/relaylist.py | 27 +++ 1 file changed, 27 insertions(+) diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 863689e..3ff1f73 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -219,11 +219,34 @@ class Relay: return False return False +def can_exit_to_port_some_ips(self, port): +""" +Returns True if the relay has an exit policy and the policy accepts +exiting to the given port and some public IPs or False otherwise. +""" +assert isinstance(port, int) +try: +if self.exit_policy: +# Not using argument `strict`, to know whether it can exit +# some public IPs, though not all. +return ( +self.exit_policy.strip_private() +.can_exit_to(port=port) +) +except TypeError: +return False +return False + def is_exit_not_bad_allowing_port_all_ips(self, port): return (Flag.BADEXIT not in self.flags and Flag.EXIT in self.flags and self.can_exit_to_port_all_ips(port)) +def is_exit_not_bad_allowing_port_some_ips(self, port): +return (Flag.BADEXIT not in self.flags and +Flag.EXIT in self.flags and +self.can_exit_to_port_some_ips(port)) + def increment_relay_recent_measurement_attempt(self): """ Increment The number of times that a relay has been queued @@ -457,6 +480,10 @@ class RelayList: return [r for r in self.exits if r.is_exit_not_bad_allowing_port_all_ips(port)] +def exits_not_bad_allowing_port_some_ips(self, port): +return [r for r in self.exits +if r.is_exit_not_bad_allowing_port_some_ips(port)] + def increment_recent_measurement_attempt(self): """ Increment the number of times that any relay has been queued to be ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: resultdump: Log if relay was measured as exit
commit beaf6de889bc75d53a6b0b90d12ab85aa0db56a0 Author: juga0 Date: Wed Feb 3 13:15:45 2021 + fix: resultdump: Log if relay was measured as exit or entry. Closes #40048 --- sbws/lib/resultdump.py | 4 1 file changed, 4 insertions(+) diff --git a/sbws/lib/resultdump.py b/sbws/lib/resultdump.py index 542837e..6673e9a 100644 --- a/sbws/lib/resultdump.py +++ b/sbws/lib/resultdump.py @@ -792,6 +792,10 @@ class ResultDump: "destination {}: {}".format( result.fingerprint, result.nickname, result.circ, result.dest_url, result.msg) +# The result doesn't store the exit policies, so it can't be logged +# whether it was an exit. +as_exit = result.circ[1] == result.fingerprint +msg += ". As exit." if as_exit else ". As entry." # When the error is that there are not more functional destinations. if result.type == "error-destination": log.info("Shutting down because there are not functional " ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [sbws/maint-1.1] fix: relaylist: rename is_exit_not_bad_allowing_port
commit 33a5909f57271a67ef0d9d88c1d7799d341d5ece Author: juga0 Date: Tue Feb 2 11:38:12 2021 + fix: relaylist: rename is_exit_not_bad_allowing_port see previous commit --- sbws/core/scanner.py | 2 +- sbws/lib/relaylist.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py index 312993a..20f1b83 100644 --- a/sbws/core/scanner.py +++ b/sbws/core/scanner.py @@ -294,7 +294,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay): # exit, then pick a non-exit. Otherwise pick an exit. helper = None circ_fps = None -if relay.is_exit_not_bad_allowing_port(dest.port): +if relay.is_exit_not_bad_allowing_port_all_ips(dest.port): helper = _pick_ideal_second_hop( relay, dest, rl, cb.controller, is_exit=False) if helper: diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 5eef4aa..86e0d7b 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -219,7 +219,7 @@ class Relay: return False return False -def is_exit_not_bad_allowing_port(self, port): +def is_exit_not_bad_allowing_port_all_ips(self, port): return (Flag.BADEXIT not in self.flags and Flag.EXIT in self.flags and self.can_exit_to_port_all_ips(port)) @@ -455,7 +455,7 @@ class RelayList: def exits_not_bad_allowing_port(self, port): return [r for r in self.exits -if r.is_exit_not_bad_allowing_port(port)] +if r.is_exit_not_bad_allowing_port_all_ips(port)] def increment_recent_measurement_attempt(self): """ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/communitytpo-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot
commit cbe7cf3b8ff29613a4af7ed59ed5b8b1a022e467 Author: Translation commit bot Date: Tue Feb 23 04:15:15 2021 + https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot --- contents+ka.po | 21 + 1 file changed, 21 insertions(+) diff --git a/contents+ka.po b/contents+ka.po index 2cc41ebbf6..0129bb8776 100644 --- a/contents+ka.po +++ b/contents+ka.po @@ -11690,6 +11690,13 @@ msgid "" "works and has occasionally attributed illegal traffic on the network as " "originating from a Tor exit relay." msgstr "" +"á©ááá áááááá©ááá, á áá Tor-ááááááªáááá¡ ááá¨áááá, ááá á¨áá áá¡ áááá¡ááááá ááááá«áá¡ááª, " +"á áááááá᪠á®ááá®á¡ áááááááá¡ ááá£áá®áááá áááááªáááááá¡ ááááááááá¡á áá ááá¦áááá¡ " +"á¡áá¨á£áááááá¡ áá«áááá¡, ááá¨áááá£ááá á.á¨.á¨-á¡ ááááááá. áá£ááªá á¡áááá áááááááªáááááá, " +"[á®á¨áá áá áá áá¡á¬áá áá áááááá](https://www.eff.org/wp/unreliable-informants-ip-; +"addresses-digital-tips-and-police-raids), á áááá áá£á¨áááá¡ Tor áá á®ááááá®áá, " +"á¥á¡ááá¨á á£ááááááá ááá¢áá ááá£á áááááªááááá¡ ááááá£ááááááá á®áááá Tor-áá¡ áá áááá¡áááá " +"ááááá«á¡, á áááááááá᪠áááá¨áá á áááááááá áááá¡." #: https//community.torproject.org/relay/community-resources/eff-tor-legal-faq/ #: (content/relay-operations/community-resources/eff-tor-legal-faq/contents+en.lrpage.body) @@ -11698,6 +11705,10 @@ msgid "" "sometimes [seizing computer](https://www.eff.org/deeplinks/2011/08/why-ip-; "addresses-alone-dont-identify-criminals) equipment, including Tor relays." msgstr "" +"á¨áááááá, áááááªááá¡ áááá áááá¥áá¡ Tor-ááááááªáááááá¡ áááá¨ááááá ááááá¨áá£ááá áá " +"áááá¯áá áááááá áá¥áá¡ [áááááá£á¢áá á£áá á¢áá¥ááááá¡ " +"á©áááá áááááá¡ááª](https://www.eff.org/deeplinks/2011/08/why-ip-addresses-alone-; +"dont-identify-criminals), ááá á¨áá áá¡ Tor-ááááááªáááááá¡á." #: https//community.torproject.org/relay/community-resources/eff-tor-legal-faq/ #: (content/relay-operations/community-resources/eff-tor-legal-faq/contents+en.lrpage.body) @@ -11848,6 +11859,8 @@ msgid "" "If you are detained and questioned by police, you have a right to request to" " speak with an attorney before and during any questioning." msgstr "" +"áᣠáááááááááá áá ááááááááá®ááá áááááªáá, áá¥ááá ááá¥áá á£á¤áááá ááááá®áááá " +"á¬áá ááááááááááá¡ áá ááááááá¢áá¡ áááááá¡á¬á áááá áááááá®áá." #: https//community.torproject.org/relay/community-resources/eff-tor-legal-faq/ #: (content/relay-operations/community-resources/eff-tor-legal-faq/contents+en.lrpage.body) @@ -11855,6 +11868,9 @@ msgid "" "It is best to say \"I want my attorney and I choose to remain silent\" and " "then refuse questioning until you have a chance to talk to a lawyer." msgstr "" +"á£áá¯áááá¡áá áááááªá®áááá âáááááá®áá á©ááá¡ ááááááá¢á¡ áá ááá§áááá áá£ááááá¡ á£á¤ááááá¡â áá " +"á¨ááááá á£áá á áá¥ááá áááááááá®áááá, á¡áááá áá áááááªáááá á¡áááá áááááªááááá¡ááá " +"ááá¡áá£áá áááá¡ á¡áá¨á£ááááá." #: https//community.torproject.org/relay/community-resources/eff-tor-legal-faq/ #: (content/relay-operations/community-resources/eff-tor-legal-faq/contents+en.lrpage.body) @@ -11862,6 +11878,8 @@ msgid "" "However, if you do decide to waive your right to the assistance of counsel " "and answer questions without an attorney present, be sure to tell the truth." msgstr "" +"áá£ááªáá¦á, áᣠááááá¬á§ááá¢á á£áá á áá¥ááá áá¥áááá¡ á£á¤áááááá áááá®ááá áá áá á©ááááá áá " +"ááá¡á£á®á ááá¡áªáá áááá®áááá¡ ááááááá¢áá¡ ááá£á¡á¬á ááááá, á¨áááªáááá á¡áááá ááá á£áá®á áá." #:
[tor-commits] [translation/communitytpo-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot
commit e081246f9291f50fcf2f3dcd2d2519503b6a5236 Author: Translation commit bot Date: Tue Feb 23 03:45:12 2021 + https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot --- contents+ka.po | 27 +++ 1 file changed, 27 insertions(+) diff --git a/contents+ka.po b/contents+ka.po index 1b4b17dd90..2cc41ebbf6 100644 --- a/contents+ka.po +++ b/contents+ka.po @@ -8488,6 +8488,8 @@ msgid "" "2. If they come back positively, ask them if they are OK with an IP range " "reassignment." msgstr "" +"2. áááááááá á ááá¥áªááá¡ á¨áááá®ááááá¨á, á°áááá®áá, ááááá®áá áᣠáá ááá IP-á¨á£áááááá¡ " +"áááááááªáááááá¡." #: https//community.torproject.org/relay/community-resources/tor-exit-guidelines/ #: (content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body) @@ -8496,6 +8498,10 @@ msgid "" "organization filled with security professionals, and that all will be good, " "and why IP reassignment helps reduce their workload." msgstr "" +"áᣠáá á, á¨áááá«áááá áááá᪠áá£á®á¡ááá, á áá á¡áá¥áá áá®ááá áá áááááááááá á¡áá áááá£á " +"ááá¬áá¡ááá£ááááá¡, á£á¡áá¤á áá®ááááá¡ áááá á á¡áááªááááá¡á¢áá, á áá áá¡ á§ááááá¤áá á ááá " +"á¡áá áááááá¡ áááá¢ááá¡ áá áááá£ááá á¢áá, áᣠá áá¢áá áááá®ááá ááá IP-áá¡ áááááááªáááááá¡ " +"á¨áá¡áá«ááááááá, ááá¢ááá áááá¡ áá áááááá¨á." #: https//community.torproject.org/relay/community-resources/tor-exit-guidelines/ #: (content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body) @@ -8631,6 +8637,9 @@ msgid "" "liability, and in general it helps to appear bigger than you are (and less " "likely to get raided)." msgstr "" +"áá á©áá£áá á¤áá ááá¡ ááá®ááááá, á¡áááá ááááá áá ááá áá ááá áááá¡á¢á áá ááá á¨áá¡áá«ááá " +"ááááá®ááá áá ááá¡á£á®áá¡ááááááááá¡ á¡ááááá®ááá¨á áá ááááááá, á¬áá ááááá©ááá á£á¤á á " +"ááááááááááá (áá áááááááá ááá£á©ááá¡ á¡á®áááá¡ áááááá¡á®ááá¡ á¡á£á áááá¡)." #: https//community.torproject.org/relay/community-resources/tor-exit-guidelines/ #: (content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body) @@ -8638,6 +8647,8 @@ msgid "" "The people from Torservers.net in Germany found a lawyer who would agree to " "\"host\" them inside his office." msgstr "" +"ááá áááááá¨á Torservers.net-áá¡ á¬áá ááááááááááááá ááááá®áá¡ á¡áááá áááááªáááá, " +"á ááááá᪠áááááá®ááá ááááá¡ áá¤áá¡á¨á âááááááá¡áááááâ." #: https//community.torproject.org/relay/community-resources/tor-exit-guidelines/ #: (content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body) @@ -8654,6 +8665,7 @@ msgid "" "The setup process was easy and cheap. Similar setups probably exist for your" " country." msgstr "" +"á áááá¡á¢á ááªááá¡ áá ááªáá¡á áá§á ááá á¢ááá áá ááá¤á. á¡á®áá á¥ááá§áááá¨á᪠áá¡áááá¡áá áá¥áááá." #: https//community.torproject.org/relay/community-resources/tor-exit-guidelines/ #: (content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body) @@ -8661,6 +8673,9 @@ msgid "" "Another benefit of an association-like structure is that it might still work" " even when you leave, if you manage to find successors." msgstr "" +"ááááá áá áá á£ááá áá¢áá¡ááá áááá áááááááá¡ áá¡áááá¡á á¡ááááááááááá¡á áá¡áá, á áá ááá¡á " +"áá£á¨áááá á¨áá¡áá«ááááááá áááá á«ááááá¡ áá¥áááá á¬áááá¡áááá¡ á¨áááááááª, áᣠá¡ááááááá " +"áááááááá áá¡ áááááá." #: https//community.torproject.org/relay/community-resources/tor-exit-guidelines/ #: (content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body) @@ -8676,6 +8691,10 @@ msgid "" "police-stuttgart) -- they're typically overwhelmed by their jobs
[tor-commits] [translation/communitytpo-contentspot_completed] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot_completed
commit e2419206c7752e2055027d6a43d25e59265e82a8 Author: Translation commit bot Date: Mon Feb 22 21:15:21 2021 + https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot_completed --- contents+es-AR.po | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contents+es-AR.po b/contents+es-AR.po index 2b2b8bad31..58dd5cd9c1 100644 --- a/contents+es-AR.po +++ b/contents+es-AR.po @@ -4490,7 +4490,7 @@ msgid "" "The Tor network is composed by over 6000 relays, but exit relays are a " "scarce resource and only represents 1/6 of all the network." msgstr "" -"La red Tor está compuesta por más de 6000 repatidores, pero los de salida " +"La red Tor está compuesta por más de 6000 repetidores, pero los de salida " "son un recurso escaso, y representan solamente 1/6 de toda la red." #: https//community.torproject.org/onion-services/talk/ @@ -5172,7 +5172,7 @@ msgid "" "ask for their consent to participate - this should be recorded or registered" " in the form." msgstr "" -"No recopilamos nombres o detalles de contacto de participantes de " +"No recopilamos nombres o detalles de contacto de participantes en " "entrevistas, y cada vez que vayas a recibir impresiones, encuestas o " "registros, deberÃas solicitar su consentimiento para participar - esto " "deberÃa ser registrado en el formulario." ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/communitytpo-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot
commit 087973dbc023c2f2cb725c4902ab7671815d5e67 Author: Translation commit bot Date: Mon Feb 22 21:15:12 2021 + https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot --- contents+es-AR.po | 4 +-- contents+es.po| 101 +++--- 2 files changed, 53 insertions(+), 52 deletions(-) diff --git a/contents+es-AR.po b/contents+es-AR.po index 2b2b8bad31..58dd5cd9c1 100644 --- a/contents+es-AR.po +++ b/contents+es-AR.po @@ -4490,7 +4490,7 @@ msgid "" "The Tor network is composed by over 6000 relays, but exit relays are a " "scarce resource and only represents 1/6 of all the network." msgstr "" -"La red Tor está compuesta por más de 6000 repatidores, pero los de salida " +"La red Tor está compuesta por más de 6000 repetidores, pero los de salida " "son un recurso escaso, y representan solamente 1/6 de toda la red." #: https//community.torproject.org/onion-services/talk/ @@ -5172,7 +5172,7 @@ msgid "" "ask for their consent to participate - this should be recorded or registered" " in the form." msgstr "" -"No recopilamos nombres o detalles de contacto de participantes de " +"No recopilamos nombres o detalles de contacto de participantes en " "entrevistas, y cada vez que vayas a recibir impresiones, encuestas o " "registros, deberÃas solicitar su consentimiento para participar - esto " "deberÃa ser registrado en el formulario." diff --git a/contents+es.po b/contents+es.po index 6fd0d57d21..3ea05470cb 100644 --- a/contents+es.po +++ b/contents+es.po @@ -4534,7 +4534,7 @@ msgstr "" #: (content/onion-services/talk/contents+en.lrpage.body) msgid "### Privacy by design or an onion a day, keeps the surveillance away" msgstr "" -"### La privacidad por diseño o un onion por dÃa, mantienen lejos a la " +"### La privacidad por diseño o un onion cada dÃa, mantienen lejos a la " "censura" #: https//community.torproject.org/onion-services/talk/ @@ -4601,7 +4601,7 @@ msgstr "" #: https//community.torproject.org/onion-services/talk/ #: (content/onion-services/talk/contents+en.lrpage.body) msgid "* SecureDrop case" -msgstr "* SecureDrop case" +msgstr "* Caso de SecureDrop" #: https//community.torproject.org/onion-services/talk/ #: (content/onion-services/talk/contents+en.lrpage.body) @@ -4610,9 +4610,9 @@ msgid "" "SecureDrop to allow sources and whistleblowers to safely transmit sensitive " "files." msgstr "" -"ProPublica and several other journalism and human rights organizations use " -"SecureDrop to allow sources and whistleblowers to safely transmit sensitive " -"files." +"ProPublica y varias otras organizaciones de periodismo y derechos humanos " +"usan SecureDrop para permitirles a las fuentes e informantes transmitir con " +"seguridad archivos delicados." #: https//community.torproject.org/onion-services/talk/ #: (content/onion-services/talk/contents+en.lrpage.body) @@ -4647,7 +4647,7 @@ msgstr "Más Onions: https://blog.torproject.org/more-onions-porfavor; msgid "" "Now that you know all the benefits of onion services, you may want to set up" msgstr "" -"Ahora que conocés todos los beneficios de los servicios onion, podrÃas " +"Ahora que conoces todos los beneficios de los servicios onion, podrÃas " "querer configurarlos" #: https//community.torproject.org/onion-services/advanced/ @@ -4661,7 +4661,7 @@ msgid "" "Learn more about how to configure client authentication, Onion-Location and " "more tips to secure your onion service." msgstr "" -"Aprendé más acerca de cómo configurar autenticación de cliente, Onion-" +"Aprende más acerca de cómo configurar autenticación de cliente, Onion-" "Location y más consejos para asegurar tu servicio onion." #: https//community.torproject.org/onion-services/advanced/ @@ -4913,8 +4913,8 @@ msgid "" "don't know how to enable or find your log file.)" msgstr "" "TÃpicamente, hay errores de sintaxis en torrc, o permisos de directorio " -"incorrectos (Mirá la entrada [PMF de " -"registros](https://www.torproject.org/docs/faq#Logs) si no sabés cómo " +"incorrectos (Mira la entrada [PMF de " +"registros](https://www.torproject.org/docs/faq#Logs) si no sabes cómo " "habilitar o encontrar tu archivo de registro)." #: https//community.torproject.org/onion-services/setup/ @@ -4996,7 +4996,7 @@ msgid "" "If you plan to keep your service available for a long time, you might want " "to make a backup copy of the `private_key` file somewhere." msgstr "" -"Si planeás mantener tu servicio disponible por un largo tiempo, podrÃas " +"Si planeas mantener tu servicio disponible por un largo tiempo, podrÃas " "querer hacer una copia de respaldo del archivo `private_key` en algún lado." #: https//community.torproject.org/onion-services/setup/ @@ -5008,11 +5008,11 @@ msgid "" " All the following `HiddenServicePort` lines refer to this " "`HiddenServiceDir` line, until you add another `HiddenServiceDir` line:" msgstr "" -"Si
[tor-commits] [tor/master] test: Add DoS connection rate unit test
commit 45113b648b413989ca82d2c3be6afae1699cae43 Author: David Goulet Date: Tue Jan 26 12:11:10 2021 -0500 test: Add DoS connection rate unit test Related to #40253 Signed-off-by: David Goulet --- src/core/or/dos.c | 2 +- src/core/or/dos.h | 1 + src/test/test_dos.c | 61 + 3 files changed, 63 insertions(+), 1 deletion(-) diff --git a/src/core/or/dos.c b/src/core/or/dos.c index 0169a631c2..ba4e5442d6 100644 --- a/src/core/or/dos.c +++ b/src/core/or/dos.c @@ -210,7 +210,7 @@ get_param_conn_connect_rate(const networkstatus_t *ns) /* Return the connection connect burst parameters either from the * configuration file or, if not found, consensus parameter. */ -static uint32_t +STATIC uint32_t get_param_conn_connect_burst(const networkstatus_t *ns) { if (dos_get_options()->DoSConnectionConnectBurst) { diff --git a/src/core/or/dos.h b/src/core/or/dos.h index cadabdb2c9..3153a1fc5f 100644 --- a/src/core/or/dos.h +++ b/src/core/or/dos.h @@ -155,6 +155,7 @@ STATIC uint32_t get_param_conn_max_concurrent_count( STATIC uint32_t get_param_cc_circuit_burst(const networkstatus_t *ns); STATIC uint32_t get_param_cc_min_concurrent_connection( const networkstatus_t *ns); +STATIC uint32_t get_param_conn_connect_burst(const networkstatus_t *ns); STATIC uint64_t get_circuit_rate_per_second(void); STATIC void cc_stats_refill_bucket(cc_client_stats_t *stats, diff --git a/src/test/test_dos.c b/src/test/test_dos.c index cbebecb030..d9ddaec108 100644 --- a/src/test/test_dos.c +++ b/src/test/test_dos.c @@ -79,6 +79,9 @@ test_dos_conn_creation(void *arg) { /* Register many conns from this client but not enough to get it blocked */ unsigned int i; for (i = 0; i < max_concurrent_conns; i++) { + /* Don't trigger the connect() rate limitation so advance the clock 1 + * second for each connection. */ + update_approx_time(++now); dos_new_client_conn(_conn, NULL); } } @@ -496,11 +499,69 @@ test_known_relay(void *arg) UNMOCK(get_param_cc_enabled); } +/** Test that the connection tracker of the DoS subsystem will block clients + * who try to establish too many connections */ +static void +test_dos_conn_rate(void *arg) +{ + (void) arg; + + MOCK(get_param_cc_enabled, mock_enable_dos_protection); + MOCK(get_param_conn_enabled, mock_enable_dos_protection); + + /* Initialize test data */ + or_connection_t or_conn; + time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */ + tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_CONN(_conn)->addr, + "18.0.0.1")); + tor_addr_t *addr = _CONN(_conn)->addr; + update_approx_time(now); + + /* Get DoS subsystem limits */ + dos_init(); + uint32_t burst_conn = get_param_conn_connect_burst(NULL); + + /* Introduce new client */ + geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now); + { /* Register many conns from this client but not enough to get it blocked */ +unsigned int i; +for (i = 0; i < burst_conn - 1; i++) { + dos_new_client_conn(_conn, NULL); +} + } + + /* Check that new conns are still permitted */ + tt_int_op(DOS_CONN_DEFENSE_NONE, OP_EQ, +dos_conn_addr_get_defense_type(addr)); + + /* Register another conn and check that new conns are not allowed anymore. + * We should have reached our burst. */ + dos_new_client_conn(_conn, NULL); + tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ, +dos_conn_addr_get_defense_type(addr)); + + /* Advance the time 12 hours. It should still be blocked. */ + update_approx_time(now + (12 * 60 * 60)); + tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ, +dos_conn_addr_get_defense_type(addr)); + + /* Advance the time 24 hours plus 13 hours. It should be unblocked. + * Remember, we had a random value between 24 hours and rand(24/2) thus + * adding 13 hours is safe. */ + update_approx_time(now + (37 * 60 * 60)); + tt_int_op(DOS_CONN_DEFENSE_NONE, OP_EQ, +dos_conn_addr_get_defense_type(addr)); + + done: + dos_free_all(); +} + struct testcase_t dos_tests[] = { { "conn_creation", test_dos_conn_creation, TT_FORK, NULL, NULL }, { "circuit_creation", test_dos_circuit_creation, TT_FORK, NULL, NULL }, { "bucket_refill", test_dos_bucket_refill, TT_FORK, NULL, NULL }, { "known_relay" , test_known_relay, TT_FORK, NULL, NULL }, + { "conn_rate", test_dos_conn_rate, TT_FORK, NULL, NULL }, END_OF_TESTCASES }; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] dos: Move concurrent count into conn_stats object
commit 99703eaca0f575e4739523ca815cf55329d16024 Author: David Goulet Date: Tue Jan 26 11:57:58 2021 -0500 dos: Move concurrent count into conn_stats object No behavior change except for logging. This is so the connection related statistics are in the right object. Related to #40253 Signed-off-by: David Goulet --- src/core/or/dos.c | 61 +++-- src/core/or/dos.h | 8 +++ src/test/test_dos.c | 4 ++-- 3 files changed, 46 insertions(+), 27 deletions(-) diff --git a/src/core/or/dos.c b/src/core/or/dos.c index 8b3dccc871..0169a631c2 100644 --- a/src/core/or/dos.c +++ b/src/core/or/dos.c @@ -399,7 +399,7 @@ cc_has_exhausted_circuits(const dos_client_stats_t *stats) { tor_assert(stats); return stats->cc_stats.circuit_bucket == 0 && - stats->concurrent_count >= dos_cc_min_concurrent_conn; + stats->conn_stats.concurrent_count >= dos_cc_min_concurrent_conn; } /* Mark client address by setting a timestamp in the stats object which tells @@ -491,11 +491,17 @@ conn_consensus_has_changed(const networkstatus_t *ns) /** Called when a new client connection has arrived. The following will update * the client connection statistics. * + * The addr is used for logging purposes only. + * * If the connect counter reaches its limit, it is marked. */ static void -conn_update_on_connect(conn_client_stats_t *stats) +conn_update_on_connect(conn_client_stats_t *stats, const tor_addr_t *addr) { tor_assert(stats); + tor_assert(addr); + + /* Update concurrent count for this new connect. */ + stats->concurrent_count++; /* Refill connect connection count. */ token_bucket_ctr_refill(>connect_count, (uint32_t) approx_time()); @@ -512,6 +518,31 @@ conn_update_on_connect(conn_client_stats_t *stats) stats->marked_until_ts == 0) { conn_mark_client(stats); } + + log_debug(LD_DOS, "Client address %s has now %u concurrent connections. " +"Remaining %lu/sec connections are allowed.", +fmt_addr(addr), stats->concurrent_count, +token_bucket_ctr_get(>connect_count)); +} + +/** Called when a client connection is closed. The following will update + * the client connection statistics. + * + * The addr is used for logging purposes only. */ +static void +conn_update_on_close(conn_client_stats_t *stats, const tor_addr_t *addr) +{ + /* Extra super duper safety. Going below 0 means an underflow which could + * lead to most likely a false positive. In theory, this should never happen + * but lets be extra safe. */ + if (BUG(stats->concurrent_count == 0)) { +return; + } + + stats->concurrent_count--; + log_debug(LD_DOS, "Client address %s has lost a connection. Concurrent " +"connections are now at %u", +fmt_addr(addr), stats->concurrent_count); } /* General private API */ @@ -651,7 +682,8 @@ dos_conn_addr_get_defense_type(const tor_addr_t *addr) /* Need to be above the maximum concurrent connection count to trigger a * defense. */ - if (entry->dos_stats.concurrent_count > dos_conn_max_concurrent_count) { + if (entry->dos_stats.conn_stats.concurrent_count > + dos_conn_max_concurrent_count) { conn_num_addr_rejected++; return dos_conn_defense_type; } @@ -676,7 +708,7 @@ dos_geoip_entry_about_to_free(const clientmap_entry_t *geoip_ent) /* The count is down to 0 meaning no connections right now, we can safely * clear the geoip entry from the cache. */ - if (geoip_ent->dos_stats.concurrent_count == 0) { + if (geoip_ent->dos_stats.conn_stats.concurrent_count == 0) { goto end; } @@ -831,13 +863,10 @@ dos_new_client_conn(or_connection_t *or_conn, const char *transport_name) } /* Update stats from this new connect. */ - conn_update_on_connect(>dos_stats.conn_stats); + conn_update_on_connect(>dos_stats.conn_stats, + _CONN(or_conn)->addr); - entry->dos_stats.concurrent_count++; or_conn->tracked_for_dos_mitigation = 1; - log_debug(LD_DOS, "Client address %s has now %u concurrent connections.", -fmt_addr(_CONN(or_conn)->addr), -entry->dos_stats.concurrent_count); end: return; @@ -867,18 +896,8 @@ dos_close_client_conn(const or_connection_t *or_conn) goto end; } - /* Extra super duper safety. Going below 0 means an underflow which could - * lead to most likely a false positive. In theory, this should never happen - * but lets be extra safe. */ - if (BUG(entry->dos_stats.concurrent_count == 0)) { -goto end; - } - - entry->dos_stats.concurrent_count--; - log_debug(LD_DOS, "Client address %s has lost a connection. Concurrent " -"connections are now at %u", -fmt_addr(_CONN(or_conn)->addr), -entry->dos_stats.concurrent_count); + /* Update stats from this new close. */ + conn_update_on_close(>dos_stats.conn_stats, _CONN(or_conn)->addr);
[tor-commits] [tor/master] dos: New client connect rate detection
commit 94b56eaa7597e4a091a5b51d2c9032ea046631e3 Author: David Goulet Date: Tue Jan 26 11:42:52 2021 -0500 dos: New client connect rate detection This is a new detection type which is that a relay can now control the rate of client connections from a single address. The mechanism is pretty simple, if the rate/burst is reached, the address is marked for a period of time and any connection from that address is denied. Closes #40253 Signed-off-by: David Goulet --- changes/ticket40253 | 3 + doc/man/tor.1.txt | 24 src/core/or/dos.c | 122 src/core/or/dos.h | 30 +- src/core/or/dos_options.inc | 12 src/feature/stats/geoip_stats.c | 2 + 6 files changed, 192 insertions(+), 1 deletion(-) diff --git a/changes/ticket40253 b/changes/ticket40253 new file mode 100644 index 00..ca7c207bb3 --- /dev/null +++ b/changes/ticket40253 @@ -0,0 +1,3 @@ + o Major feature (relay, denial of service): +- Add a new DoS subsystem feature to control the rate of client connections + for relays. Closes ticket 40253. diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt index 3538d94b8e..3756d26522 100644 --- a/doc/man/tor.1.txt +++ b/doc/man/tor.1.txt @@ -2936,6 +2936,30 @@ Denial of Service mitigation subsystem described above. consensus, the value is 100. (Default: 0) +[[DoSConnectionConnectRate]] **DoSConnectionConnectRate** __NUM__:: + +The allowed rate of client connection from a single address per second. +Coupled with the burst (see below), if the limit is reached, the address +is marked and a defense is applied (DoSConnectionDefenseType) for a period +of time defined by DoSConnectionConnectDefenseTimePeriod. If not defined +or set to 0, it is controlled by a consensus parameter. +(Default: 0) + +[[DoSConnectionConnectBurst]] **DoSConnectionConnectBurst** __NUM__:: + +The allowed burst of client connection from a single address per second. +See the DoSConnectionConnectRate for more details on this detection. If +not defined or set to 0, it is controlled by a consensus parameter. +(Default: 0) + +[[DoSConnectionConnectDefenseTimePeriod]] **DoSConnectionConnectDefenseTimePeriod** __N__ **seconds**|**minutes**|**hours**:: + +The base time period in seconds that the client connection defense is +activated for. The actual value is selected randomly for each activation +from N+1 to 3/2 * N. If not defined or set to 0, it is controlled by a +consensus parameter. +(Default: 24 hours) + [[DoSRefuseSingleHopClientRendezvous]] **DoSRefuseSingleHopClientRendezvous** **0**|**1**|**auto**:: Refuse establishment of rendezvous points for single hop clients. In other diff --git a/src/core/or/dos.c b/src/core/or/dos.c index a761082be0..8b3dccc871 100644 --- a/src/core/or/dos.c +++ b/src/core/or/dos.c @@ -63,9 +63,14 @@ static unsigned int dos_conn_enabled = 0; * They are initialized with the hardcoded default values. */ static uint32_t dos_conn_max_concurrent_count; static dos_conn_defense_type_t dos_conn_defense_type; +static uint32_t dos_conn_connect_rate = DOS_CONN_CONNECT_RATE_DEFAULT; +static uint32_t dos_conn_connect_burst = DOS_CONN_CONNECT_BURST_DEFAULT; +static int32_t dos_conn_connect_defense_time_period = + DOS_CONN_CONNECT_DEFENSE_TIME_PERIOD_DEFAULT; /* Keep some stats for the heartbeat so we can report out. */ static uint64_t conn_num_addr_rejected; +static uint64_t conn_num_addr_connect_rejected; /* * General interface of the denial of service mitigation subsystem. @@ -190,6 +195,47 @@ get_param_conn_defense_type(const networkstatus_t *ns) DOS_CONN_DEFENSE_NONE, DOS_CONN_DEFENSE_MAX); } +/* Return the connection connect rate parameters either from the configuration + * file or, if not found, consensus parameter. */ +static uint32_t +get_param_conn_connect_rate(const networkstatus_t *ns) +{ + if (dos_get_options()->DoSConnectionConnectRate) { +return dos_get_options()->DoSConnectionConnectRate; + } + return networkstatus_get_param(ns, "DoSConnectionConnectRate", + DOS_CONN_CONNECT_RATE_DEFAULT, + 1, INT32_MAX); +} + +/* Return the connection connect burst parameters either from the + * configuration file or, if not found, consensus parameter. */ +static uint32_t +get_param_conn_connect_burst(const networkstatus_t *ns) +{ + if (dos_get_options()->DoSConnectionConnectBurst) { +return dos_get_options()->DoSConnectionConnectBurst; + } + return networkstatus_get_param(ns, "DoSConnectionConnectBurst", + DOS_CONN_CONNECT_BURST_DEFAULT, + 1, INT32_MAX); +} + +/* Return the connection connect defense time period from the configuration + * file or, if not found, the consensus
[tor-commits] [tor/master] Merge remote-tracking branch 'tor-gitlab/mr/276'
commit 83ab6adb10d4e6e10eccbbb65120d3e9f1a675f6 Merge: 8907800549 45113b648b Author: Alexander Færøy Date: Mon Feb 22 20:52:44 2021 + Merge remote-tracking branch 'tor-gitlab/mr/276' changes/ticket40253 | 3 + doc/man/tor.1.txt | 24 ++ src/core/or/dos.c | 179 +++- src/core/or/dos.h | 37 - src/core/or/dos_options.inc | 12 +++ src/feature/stats/geoip_stats.c | 2 + src/test/test_dos.c | 65 ++- 7 files changed, 297 insertions(+), 25 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] prop325: Specify the format of a packed relay cell
commit 8a6ef7bed406aaf6cbe5684ad01801be24cb450c Author: David Goulet Date: Mon Feb 22 12:48:40 2021 -0500 prop325: Specify the format of a packed relay cell Signed-off-by: David Goulet --- proposals/325-packed-relay-cells.md | 72 + 1 file changed, 50 insertions(+), 22 deletions(-) diff --git a/proposals/325-packed-relay-cells.md b/proposals/325-packed-relay-cells.md index 4c2e881..fb962dd 100644 --- a/proposals/325-packed-relay-cells.md +++ b/proposals/325-packed-relay-cells.md @@ -39,26 +39,59 @@ I'll use "client" to mean the initiator of a circuit, and "relay" to refer to the parties through who a circuit is created. Note that each "relay" (as used here) may be the "client" on circuits of its own. -When a relay supports relay message packing, it advertises the fact -using a new Relay protocol version. Clients must opt-in to using -this protocol version (see XXX below) before they can send any -packed relay cells, and before the relay will send them any packed -relay cells. +When a relay supports relay message packing, it advertises the fact using a +new Relay protocol version. Clients must opt-in to using this protocol +version (see "Negotiation and Migration" section below ) before they can send +any packed relay cells, and before the relay will send them any packed relay +cells. When packed cells are in use, multiple cell messages can be concatenated in a single relay cell. -Only some relay commands are supported for relay cell packing, -listed here: - - `SENDME` - - `DROP` - - `DATA` - - `BEGIN` +## Packed Cell Format + +In order to have multiple commands within one single relay cell, they are +concatenated one after another following this format of a relay cell. The +first command is the same header format as a normal relay cell detailed in +section 6.1 of tor-spec.txt + + Relay Command [1 byte] + 'Recognized'[2 bytes] + StreamID[2 bytes] + Digest [4 bytes] + Length [2 bytes] + Data[Length bytes] + RELAY\_MESSAGE + Padding [up to end of cell] + +The `RELAY_MESSAGE` can be empty as in no bytes indicating no other messages +or set to the following: + + Relay Command [1 byte] + StreamID[2 bytes] + Length [2 bytes] + Data[Length bytes] + RELAY\_MESSAGE + +Note that the Recognized and Digest field are not added to a second relay +message, they are solely used for the whole relay cell thus how we +encrypt/decrypt and recognize a cell is not changed, only the payload changes +to contain multiple messages. + +The "Relay Command" byte "0" is now used to explicitly indicate "end of +commands". If the byte "0" appears after a `RELAY_MESSAGE`, the rest of the +cell MUST be ignored. + +Only some "Relay Command" are supported for relay cell packing: - `BEGIN_DIR` - - `END` + - `BEGIN` - `CONNECTED` - - `PADDING_NEGOTIATE` + - `DATA` + - `DROP` + - `END` - `PADDING_NEGOTIATED` + - `PADDING_NEGOTIATE` + - `SENDME` If any relay message with a relay command _not_ listed above appears in a packed relay cell with another relay message, then the @@ -67,15 +100,10 @@ receiving party MUST tear down the circuit. (Note that relay cell fragments (proposal 319) are not supported for packing.) -The command byte "0" is now used to explicitly indicate "end of -cell". If the byte "0" appears after a relay message, the rest of -the cell MUST be ignored. - -When generating RELAY cells, implementations SHOULD (as they do -today) fill in the unused bytes with four 0-valued bytes, followed by -a sequence of random bytes up to the end of the cell. If there are -fewer than 4 unused bytes at the end of the cell, those unused bytes -should all be filled with 0-valued bytes. +When generating RELAY cells, implementations SHOULD (as they do today) fill in +the Padding field with four 0-valued bytes, followed by a sequence of random +bytes up to the end of the cell. If there are fewer than 4 unused bytes at the +end of the cell, those unused bytes should all be filled with 0-valued bytes. # Negotiation and migration ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [translation/communitytpo-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot
commit 7dc0da7b39c6327132d669eaddb19786bcd89032 Author: Translation commit bot Date: Mon Feb 22 20:45:10 2021 + https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot --- contents+es.po | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/contents+es.po b/contents+es.po index f65d88ccbf..6fd0d57d21 100644 --- a/contents+es.po +++ b/contents+es.po @@ -4372,9 +4372,9 @@ msgid "" "relay and that could jeopardize their infrastructure as it could be flagged " "as part of the Tor network." msgstr "" -"Alguna gente cree que correr un servicio onion serÃa tan riesgoso como un " -"repetidor Tor, y que podrÃa perjudicar su infraestructura, la cual podrÃa " -"ser marcada como parte de la red Tor." +"Algunas personas creen que correr un servicio onion serÃa tan riesgoso como " +"un repetidor Tor, y que podrÃa perjudicar su infraestructura, la cual podrÃa" +" ser marcada como parte de la red Tor." #: https//community.torproject.org/onion-services/talk/ #: (content/onion-services/talk/contents+en.lrpage.body) @@ -4445,10 +4445,10 @@ msgid "" " the world that are cutting off access to privacy tools.\" " "[ProtonMail](https://protonmail.com/blog/protonmail-tor-censorship/)" msgstr "" -"\"La movida está apuntada a contrarrestar las acciones de gobiernos " -"totalitarios alrededor del mundo que están bloqueando el acceso a " -"herramientas de privacidad.\" [ProtonMail](https://protonmail.com/blog; -"/protonmail-tor-censorship/)" +"\"Esto está apuntado a contrarrestar las acciones de gobiernos totalitarios " +"alrededor del mundo que están bloqueando el acceso a herramientas de " +"privacidad.\" [ProtonMail](https://protonmail.com/blog/protonmail-tor-; +"censorship/)" #: https//community.torproject.org/onion-services/talk/ #: (content/onion-services/talk/contents+en.lrpage.body) @@ -4459,8 +4459,8 @@ msgid "" msgstr "" "\"DW es una defensora global de las libertades de opinión y de palabra. [â¦] " "Por lo tanto es un paso lógico para nosotros usar también Tor para llegar a " -"la gente en mercados censurados, quienes previamente no han tenido acceso, o" -" les ha sido limitado, a medios libres.\"" +"las personas en mercados censurados, quienes previamente no han tenido " +"acceso, o les ha sido limitado, a medios libres.\"" #: https//community.torproject.org/onion-services/talk/ #: (content/onion-services/talk/contents+en.lrpage.body) @@ -4487,7 +4487,7 @@ msgid "" "The Tor network is composed by over 6000 relays, but exit relays are a " "scarce resource and only represents 1/6 of all the network." msgstr "" -"La red Tor está compuesta por más de 6000 repatidores, pero los de salida " +"La red Tor está compuesta por más de 6000 repetidores, pero los de salida " "son un recurso escaso, y representan solamente 1/6 de toda la red." #: https//community.torproject.org/onion-services/talk/ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [chutney/master] Add execute flag to truncate-logs.sh
commit d368cb5fff82ef0855c550f9399301130f262987 Author: gaborgsomogyi Date: Fri Feb 19 15:13:20 2021 +0100 Add execute flag to truncate-logs.sh --- tools/truncate-logs.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/tools/truncate-logs.sh b/tools/truncate-logs.sh old mode 100644 new mode 100755 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [chutney/master] Add truncate-logs.sh to tools
commit f8c9489dfe0fce9e0331024ef64439f6c010b97f Author: gabor.g.somogyi Date: Fri Feb 19 14:56:42 2021 +0100 Add truncate-logs.sh to tools --- tools/truncate-logs.sh | 85 ++ 1 file changed, 85 insertions(+) diff --git a/tools/truncate-logs.sh b/tools/truncate-logs.sh new file mode 100644 index 000..59e586d --- /dev/null +++ b/tools/truncate-logs.sh @@ -0,0 +1,85 @@ +#!/bin/sh +# +# Usage: +#tools/truncate-logs.sh [node] +# +# Output: +#for each node, truncate the logs +# +#If the argument "node" is specified, only truncates the logs of that +#node. +# +# Examples: +#tools/truncate-logs.sh +#tools/truncate-logs.sh 000a + +set -o errexit +set -o nounset + +# Set some default values if the variables are not already set +: "${CHUTNEY_DATA_DIR:=}" + +if [ ! -d "$CHUTNEY_PATH" ] || [ ! -x "$CHUTNEY_PATH/chutney" ]; then +# looks like a broken path: use the path to this tool instead +TOOLS_PATH=$(dirname "$0") +CHUTNEY_PATH=$(dirname "$TOOLS_PATH") +export CHUTNEY_PATH +fi +if [ -d "$PWD/$CHUTNEY_PATH" ] && [ -x "$PWD/$CHUTNEY_PATH/chutney" ]; then +# looks like a relative path: make chutney path absolute +export CHUTNEY_PATH="$PWD/$CHUTNEY_PATH" +fi + +# Get a working net path +case "$CHUTNEY_DATA_DIR" in + /*) +# if an absolute path, then leave as-is +# chutney will make this directory automatically if needed +;; + *) +# if a relative path +if [ ! -d "$CHUTNEY_DATA_DIR" ]; then +# looks like a broken path: use the chutney path as a base +export CHUTNEY_DATA_DIR="$CHUTNEY_PATH/net" +fi +if [ -d "$PWD/$CHUTNEY_DATA_DIR" ]; then +# looks like a relative path: make chutney path absolute +export CHUTNEY_DATA_DIR="$PWD/$CHUTNEY_DATA_DIR" +fi +;; +esac + +# Truncate the logs for node $1 +truncate_logs() { +echo "Truncating log: $1" +truncate -s 0 "$1" +} + +# Show the usage message for this script +usage() { +echo "Usage: $NAME [node]" +exit 1 +} + +NAME=$(basename "$0") +DEST="$CHUTNEY_DATA_DIR/nodes" +LOG_FILE=*.log + +[ -d "$DEST" ] || { echo "$NAME: no logs available in '$DEST'"; exit 1; } +if [ $# -eq 0 ]; +then +for log in "$DEST"/*/$LOG_FILE; +do +[ -e "${log}" ] || continue +truncate_logs "$log" +done +elif [ $# -eq 1 ]; +then +for log in "$DEST"/$1/$LOG_FILE; +do +[ -e "${log}" ] || continue +truncate_logs "$log" +done +else +usage +fi ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'tor-gitlab/mr/319'
commit 890780054975e0c5eb95b097deb6fac53640f66d Merge: 6e3a7c410f d98c77b78e Author: Nick Mathewson Date: Mon Feb 22 15:39:30 2021 -0500 Merge remote-tracking branch 'tor-gitlab/mr/319' changes/ticket40301 | 4 src/feature/dircache/dircache.c | 37 - src/feature/dircache/dircache.h | 2 +- src/lib/compress/compress_zstd.c | 4 ++-- src/test/test_dir.c | 26 -- 5 files changed, 27 insertions(+), 46 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] relay: Reduce streaming compression ratio from HIGH to LOW
commit d98c77b78e9ce945a7a0de151d5f5cf44061edd5 Author: David Goulet Date: Thu Feb 18 12:49:33 2021 -0500 relay: Reduce streaming compression ratio from HIGH to LOW Fixes #40301 Signed-off-by: David Goulet --- changes/ticket40301 | 4 src/feature/dircache/dircache.c | 37 - src/feature/dircache/dircache.h | 2 +- src/lib/compress/compress_zstd.c | 4 ++-- src/test/test_dir.c | 26 -- 5 files changed, 27 insertions(+), 46 deletions(-) diff --git a/changes/ticket40301 b/changes/ticket40301 new file mode 100644 index 00..c1fd821e3f --- /dev/null +++ b/changes/ticket40301 @@ -0,0 +1,4 @@ + o Minor bugfixes (relay): +- Reduce the compression level for data streaming from HIGH to LOW. Fixes + bug 40301; bugfix on 0.3.5.1-alpha. + diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c index 00bb0abf23..84bb7c220c 100644 --- a/src/feature/dircache/dircache.c +++ b/src/feature/dircache/dircache.c @@ -296,19 +296,22 @@ client_likes_consensus(const struct consensus_cache_entry_t *ent, /** Return the compression level we should use for sending a compressed * response of size n_bytes. */ STATIC compression_level_t -choose_compression_level(ssize_t n_bytes) +choose_compression_level(void) { - if (! have_been_under_memory_pressure()) { -return HIGH_COMPRESSION; /* we have plenty of RAM. */ - } else if (n_bytes < 0) { -return HIGH_COMPRESSION; /* unknown; might be big. */ - } else if (n_bytes < 1024) { -return LOW_COMPRESSION; - } else if (n_bytes < 2048) { -return MEDIUM_COMPRESSION; - } else { -return HIGH_COMPRESSION; - } + /* This is the compression level choice for a stream. + * + * We always return LOW because this compression is done in the main thread + * thus we save CPU time as much as possible, and it is also done more than + * background compression for document we serve pre-compressed. + * + * GZip highest compression level (9) gives us a ratio of 49.72% + * Zstd lowest compression level (1) gives us a ratio of 47.38% + * + * Thus, as the network moves more and more to use Zstd when requesting + * directory documents that are not pre-cached, even at the + * lowest level, we still gain over GZip and thus help with load and CPU + * time on the network. */ + return LOW_COMPRESSION; } /** Information passed to handle a GET request. */ @@ -1078,7 +1081,7 @@ handle_get_status_vote(dir_connection_t *conn, const get_handler_args_t *args) if (smartlist_len(items)) { if (compress_method != NO_METHOD) { conn->compress_state = tor_compress_new(1, compress_method, - choose_compression_level(estimated_len)); + choose_compression_level()); } SMARTLIST_FOREACH(items, const char *, c, @@ -1141,7 +1144,7 @@ handle_get_microdesc(dir_connection_t *conn, const get_handler_args_t *args) if (compress_method != NO_METHOD) conn->compress_state = tor_compress_new(1, compress_method, - choose_compression_level(size_guess)); + choose_compression_level()); const int initial_flush_result = connection_dirserv_flushed_some(conn); tor_assert_nonfatal(initial_flush_result == 0); @@ -1236,7 +1239,7 @@ handle_get_descriptor(dir_connection_t *conn, const get_handler_args_t *args) write_http_response_header(conn, -1, compress_method, cache_lifetime); if (compress_method != NO_METHOD) conn->compress_state = tor_compress_new(1, compress_method, -choose_compression_level(size_guess)); +choose_compression_level()); clear_spool = 0; /* Prime the connection with some data. */ int initial_flush_result = connection_dirserv_flushed_some(conn); @@ -1332,7 +1335,7 @@ handle_get_keys(dir_connection_t *conn, const get_handler_args_t *args) 60*60); if (compress_method != NO_METHOD) { conn->compress_state = tor_compress_new(1, compress_method, - choose_compression_level(len)); + choose_compression_level()); } SMARTLIST_FOREACH(certs, authority_cert_t *, c, @@ -1484,7 +1487,7 @@ handle_get_next_bandwidth(dir_connection_t *conn, compress_method, BANDWIDTH_CACHE_LIFETIME); if (compress_method != NO_METHOD) { conn->compress_state = tor_compress_new(1, compress_method, -choose_compression_level(len/2)); +choose_compression_level()); log_debug(LD_DIR, "Compressing bandwidth file."); } else { log_debug(LD_DIR, "Not compressing bandwidth
[tor-commits] [tor-browser-build/master] Pick up build2
commit 2c9dce8d109dfa12a9ed7f5faa5cc48d14abc8bf Author: Matthew Finkel Date: Mon Feb 22 20:37:05 2021 + Pick up build2 --- rbm.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rbm.conf b/rbm.conf index 288e0f0..14a55a6 100644 --- a/rbm.conf +++ b/rbm.conf @@ -25,9 +25,9 @@ buildconf: var: torbrowser_version: '10.5a11' - torbrowser_build: 'build1' + torbrowser_build: 'build2' torbrowser_incremental_from: -- 10.5a9 +- 10.5a8 - 10.5a10 project_name: tor-browser multi_lingual: 0 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Merge branch 'maint-0.4.5' into release-0.4.5
commit 4400ca83e0da193cef1d6ef6189a1b7dc5a0b56c Merge: 37af94daf9 bc21ed3290 Author: Nick Mathewson Date: Mon Feb 22 15:37:39 2021 -0500 Merge branch 'maint-0.4.5' into release-0.4.5 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5
commit bc21ed32903459c53599ee03605e8d23bf42ffe9 Merge: 26c2e843f9 4d7f31b964 Author: Nick Mathewson Date: Mon Feb 22 15:37:31 2021 -0500 Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5 changes/ticket40300 | 5 + src/feature/relay/relay_find_addr.c | 25 + 2 files changed, 18 insertions(+), 12 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.4.5'
commit 6e3a7c410f2c0cfd2f705862cc4d32acd0a88096 Merge: a4df1e8ea4 bc21ed3290 Author: Nick Mathewson Date: Mon Feb 22 15:37:39 2021 -0500 Merge branch 'maint-0.4.5' changes/ticket40300 | 5 + src/feature/relay/relay_find_addr.c | 25 + 2 files changed, 18 insertions(+), 12 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] relay: Move log notice after suggested address lookup
commit 4d7f31b9645d360e7074844711f10565e5d25b7b Author: David Goulet Date: Mon Feb 22 09:13:54 2021 -0500 relay: Move log notice after suggested address lookup When trying to find our address to publish, we would log notice if we couldn't find it from the cache but then we would look at the suggested cache (which contains the address from the authorities) in which we might actually have the address. Thus that log notice was misplaced. Move it down after the suggested address cache lookup. Closes #40300 Signed-off-by: David Goulet --- changes/ticket40300 | 5 + src/feature/relay/relay_find_addr.c | 25 + 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/changes/ticket40300 b/changes/ticket40300 new file mode 100644 index 00..aef01b4c64 --- /dev/null +++ b/changes/ticket40300 @@ -0,0 +1,5 @@ + o Minor bugfixes (relay): +- Remove a spammy log notice that should not have been indicating the + operator that its IPv4/v6 was missing but it was not. Fixes bug 40300; + bugfix on 0.4.5.1-alpha. + diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c index 39e1cc6a19..2a3f602438 100644 --- a/src/feature/relay/relay_find_addr.c +++ b/src/feature/relay/relay_find_addr.c @@ -144,17 +144,6 @@ relay_find_addr_to_publish, (const or_options_t *options, int family, if (find_my_address(options, family, LOG_INFO, addr_out, NULL, NULL)) { goto found; } -/* No publishable address was found even though we have an ORPort thus - * print a notice log so operator can notice. We'll do that every hour so - * it is not too spammy but enough so operators address the issue. */ -static ratelim_t rlim = RATELIM_INIT(3600); -log_fn_ratelim(, LOG_NOTICE, LD_CONFIG, - "Unable to find %s address for ORPort %u. " - "You might want to specify %sOnly to it or set an " - "explicit address or set Address.", - fmt_af_family(family), - routerconf_find_or_port(options, family), - fmt_af_family(family)); } /* Third, consider address from our suggestion cache. */ @@ -163,7 +152,19 @@ relay_find_addr_to_publish, (const or_options_t *options, int family, goto found; } - /* No publishable address was found. */ + /* No publishable address was found even though we have an ORPort thus + * print a notice log so operator can notice. We'll do that every hour so + * it is not too spammy but enough so operators address the issue. */ + static ratelim_t rlim = RATELIM_INIT(3600); + log_fn_ratelim(, LOG_NOTICE, LD_CONFIG, + "Unable to find %s address for ORPort %u. " + "You might want to specify %sOnly to it or set an " + "explicit address or set Address.", + fmt_af_family(family), + routerconf_find_or_port(options, family), + fmt_af_family(family)); + + /* Not found. */ return false; found: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] relay: Move log notice after suggested address lookup
commit 4d7f31b9645d360e7074844711f10565e5d25b7b Author: David Goulet Date: Mon Feb 22 09:13:54 2021 -0500 relay: Move log notice after suggested address lookup When trying to find our address to publish, we would log notice if we couldn't find it from the cache but then we would look at the suggested cache (which contains the address from the authorities) in which we might actually have the address. Thus that log notice was misplaced. Move it down after the suggested address cache lookup. Closes #40300 Signed-off-by: David Goulet --- changes/ticket40300 | 5 + src/feature/relay/relay_find_addr.c | 25 + 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/changes/ticket40300 b/changes/ticket40300 new file mode 100644 index 00..aef01b4c64 --- /dev/null +++ b/changes/ticket40300 @@ -0,0 +1,5 @@ + o Minor bugfixes (relay): +- Remove a spammy log notice that should not have been indicating the + operator that its IPv4/v6 was missing but it was not. Fixes bug 40300; + bugfix on 0.4.5.1-alpha. + diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c index 39e1cc6a19..2a3f602438 100644 --- a/src/feature/relay/relay_find_addr.c +++ b/src/feature/relay/relay_find_addr.c @@ -144,17 +144,6 @@ relay_find_addr_to_publish, (const or_options_t *options, int family, if (find_my_address(options, family, LOG_INFO, addr_out, NULL, NULL)) { goto found; } -/* No publishable address was found even though we have an ORPort thus - * print a notice log so operator can notice. We'll do that every hour so - * it is not too spammy but enough so operators address the issue. */ -static ratelim_t rlim = RATELIM_INIT(3600); -log_fn_ratelim(, LOG_NOTICE, LD_CONFIG, - "Unable to find %s address for ORPort %u. " - "You might want to specify %sOnly to it or set an " - "explicit address or set Address.", - fmt_af_family(family), - routerconf_find_or_port(options, family), - fmt_af_family(family)); } /* Third, consider address from our suggestion cache. */ @@ -163,7 +152,19 @@ relay_find_addr_to_publish, (const or_options_t *options, int family, goto found; } - /* No publishable address was found. */ + /* No publishable address was found even though we have an ORPort thus + * print a notice log so operator can notice. We'll do that every hour so + * it is not too spammy but enough so operators address the issue. */ + static ratelim_t rlim = RATELIM_INIT(3600); + log_fn_ratelim(, LOG_NOTICE, LD_CONFIG, + "Unable to find %s address for ORPort %u. " + "You might want to specify %sOnly to it or set an " + "explicit address or set Address.", + fmt_af_family(family), + routerconf_find_or_port(options, family), + fmt_af_family(family)); + + /* Not found. */ return false; found: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5
commit bc21ed32903459c53599ee03605e8d23bf42ffe9 Merge: 26c2e843f9 4d7f31b964 Author: Nick Mathewson Date: Mon Feb 22 15:37:31 2021 -0500 Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5 changes/ticket40300 | 5 + src/feature/relay/relay_find_addr.c | 25 + 2 files changed, 18 insertions(+), 12 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5
commit bc21ed32903459c53599ee03605e8d23bf42ffe9 Merge: 26c2e843f9 4d7f31b964 Author: Nick Mathewson Date: Mon Feb 22 15:37:31 2021 -0500 Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5 changes/ticket40300 | 5 + src/feature/relay/relay_find_addr.c | 25 + 2 files changed, 18 insertions(+), 12 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] relay: Move log notice after suggested address lookup
commit 4d7f31b9645d360e7074844711f10565e5d25b7b Author: David Goulet Date: Mon Feb 22 09:13:54 2021 -0500 relay: Move log notice after suggested address lookup When trying to find our address to publish, we would log notice if we couldn't find it from the cache but then we would look at the suggested cache (which contains the address from the authorities) in which we might actually have the address. Thus that log notice was misplaced. Move it down after the suggested address cache lookup. Closes #40300 Signed-off-by: David Goulet --- changes/ticket40300 | 5 + src/feature/relay/relay_find_addr.c | 25 + 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/changes/ticket40300 b/changes/ticket40300 new file mode 100644 index 00..aef01b4c64 --- /dev/null +++ b/changes/ticket40300 @@ -0,0 +1,5 @@ + o Minor bugfixes (relay): +- Remove a spammy log notice that should not have been indicating the + operator that its IPv4/v6 was missing but it was not. Fixes bug 40300; + bugfix on 0.4.5.1-alpha. + diff --git a/src/feature/relay/relay_find_addr.c b/src/feature/relay/relay_find_addr.c index 39e1cc6a19..2a3f602438 100644 --- a/src/feature/relay/relay_find_addr.c +++ b/src/feature/relay/relay_find_addr.c @@ -144,17 +144,6 @@ relay_find_addr_to_publish, (const or_options_t *options, int family, if (find_my_address(options, family, LOG_INFO, addr_out, NULL, NULL)) { goto found; } -/* No publishable address was found even though we have an ORPort thus - * print a notice log so operator can notice. We'll do that every hour so - * it is not too spammy but enough so operators address the issue. */ -static ratelim_t rlim = RATELIM_INIT(3600); -log_fn_ratelim(, LOG_NOTICE, LD_CONFIG, - "Unable to find %s address for ORPort %u. " - "You might want to specify %sOnly to it or set an " - "explicit address or set Address.", - fmt_af_family(family), - routerconf_find_or_port(options, family), - fmt_af_family(family)); } /* Third, consider address from our suggestion cache. */ @@ -163,7 +152,19 @@ relay_find_addr_to_publish, (const or_options_t *options, int family, goto found; } - /* No publishable address was found. */ + /* No publishable address was found even though we have an ORPort thus + * print a notice log so operator can notice. We'll do that every hour so + * it is not too spammy but enough so operators address the issue. */ + static ratelim_t rlim = RATELIM_INIT(3600); + log_fn_ratelim(, LOG_NOTICE, LD_CONFIG, + "Unable to find %s address for ORPort %u. " + "You might want to specify %sOnly to it or set an " + "explicit address or set Address.", + fmt_af_family(family), + routerconf_find_or_port(options, family), + fmt_af_family(family)); + + /* Not found. */ return false; found: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/316' into release-0.4.5
commit 37af94daf938fc21883d3ab0d49231af4373ba33 Merge: 21ca3c2501 4d7f31b964 Author: Nick Mathewson Date: Mon Feb 22 15:34:17 2021 -0500 Merge remote-tracking branch 'tor-gitlab/mr/316' into release-0.4.5 changes/ticket40300 | 5 + src/feature/relay/relay_find_addr.c | 25 + 2 files changed, 18 insertions(+), 12 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5
commit 26c2e843f958c5451c836bbf9a4979aecac177c4 Merge: 03c686563b 8a8045c788 Author: Alexander Færøy Date: Mon Feb 22 19:12:53 2021 + Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5 changes/bug40287 | 4 src/feature/relay/selftest.c | 4 2 files changed, 8 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] Merge branch 'maint-0.4.5' into release-0.4.5
commit 21ca3c2501a7378f6d8f2f764cdb523ebb83d6e5 Merge: 077e895934 26c2e843f9 Author: Alexander Færøy Date: Mon Feb 22 19:13:12 2021 + Merge branch 'maint-0.4.5' into release-0.4.5 changes/bug40287 | 4 src/feature/relay/selftest.c | 4 2 files changed, 8 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.5] relay: No longer test dirport reachability for authorities
commit 8a8045c788b6883751b5ecbfbd3de4da0dfd313a Author: Roger Dingledine Date: Wed Feb 10 03:10:12 2021 -0500 relay: No longer test dirport reachability for authorities Now that exit relays don't allow exit connections to directory authority DirPorts, the follow-up step is to make directory authorities stop doing DirPort reachability checks. Fixes #40287 Signed-off-by: David Goulet --- changes/bug40287 | 4 src/feature/relay/selftest.c | 4 2 files changed, 8 insertions(+) diff --git a/changes/bug40287 b/changes/bug40287 new file mode 100644 index 00..5a9c899d52 --- /dev/null +++ b/changes/bug40287 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory authority): +- Now that exit relays don't allow exit connections to directory authority + DirPorts (network reentry), disable authorities' reachability self test + on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc. diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c index 86b1533be1..46b4b20ffc 100644 --- a/src/feature/relay/selftest.c +++ b/src/feature/relay/selftest.c @@ -31,6 +31,8 @@ #include "feature/control/control_events.h" +#include "feature/dirauth/authmode.h" + #include "feature/dirclient/dirclient.h" #include "feature/dircommon/directory.h" @@ -142,12 +144,14 @@ router_orport_seems_reachable(const or_options_t *options, * - we've seen a successful reachability check, or * - there is no DirPort set, or * - AssumeReachable is set, or + * - We're a dir auth (see ticket #40287), or * - the network is disabled. */ int router_dirport_seems_reachable(const or_options_t *options) { int reach_checks_disabled = router_reachability_checks_disabled(options) || + authdir_mode(options) || !options->DirPort_set; return reach_checks_disabled || can_reach_dir_port; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] relay: No longer test dirport reachability for authorities
commit 8a8045c788b6883751b5ecbfbd3de4da0dfd313a Author: Roger Dingledine Date: Wed Feb 10 03:10:12 2021 -0500 relay: No longer test dirport reachability for authorities Now that exit relays don't allow exit connections to directory authority DirPorts, the follow-up step is to make directory authorities stop doing DirPort reachability checks. Fixes #40287 Signed-off-by: David Goulet --- changes/bug40287 | 4 src/feature/relay/selftest.c | 4 2 files changed, 8 insertions(+) diff --git a/changes/bug40287 b/changes/bug40287 new file mode 100644 index 00..5a9c899d52 --- /dev/null +++ b/changes/bug40287 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory authority): +- Now that exit relays don't allow exit connections to directory authority + DirPorts (network reentry), disable authorities' reachability self test + on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc. diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c index 86b1533be1..46b4b20ffc 100644 --- a/src/feature/relay/selftest.c +++ b/src/feature/relay/selftest.c @@ -31,6 +31,8 @@ #include "feature/control/control_events.h" +#include "feature/dirauth/authmode.h" + #include "feature/dirclient/dirclient.h" #include "feature/dircommon/directory.h" @@ -142,12 +144,14 @@ router_orport_seems_reachable(const or_options_t *options, * - we've seen a successful reachability check, or * - there is no DirPort set, or * - AssumeReachable is set, or + * - We're a dir auth (see ticket #40287), or * - the network is disabled. */ int router_dirport_seems_reachable(const or_options_t *options) { int reach_checks_disabled = router_reachability_checks_disabled(options) || + authdir_mode(options) || !options->DirPort_set; return reach_checks_disabled || can_reach_dir_port; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5
commit 26c2e843f958c5451c836bbf9a4979aecac177c4 Merge: 03c686563b 8a8045c788 Author: Alexander Færøy Date: Mon Feb 22 19:12:53 2021 + Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5 changes/bug40287 | 4 src/feature/relay/selftest.c | 4 2 files changed, 8 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] relay: No longer test dirport reachability for authorities
commit 8a8045c788b6883751b5ecbfbd3de4da0dfd313a Author: Roger Dingledine Date: Wed Feb 10 03:10:12 2021 -0500 relay: No longer test dirport reachability for authorities Now that exit relays don't allow exit connections to directory authority DirPorts, the follow-up step is to make directory authorities stop doing DirPort reachability checks. Fixes #40287 Signed-off-by: David Goulet --- changes/bug40287 | 4 src/feature/relay/selftest.c | 4 2 files changed, 8 insertions(+) diff --git a/changes/bug40287 b/changes/bug40287 new file mode 100644 index 00..5a9c899d52 --- /dev/null +++ b/changes/bug40287 @@ -0,0 +1,4 @@ + o Minor bugfixes (directory authority): +- Now that exit relays don't allow exit connections to directory authority + DirPorts (network reentry), disable authorities' reachability self test + on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc. diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c index 86b1533be1..46b4b20ffc 100644 --- a/src/feature/relay/selftest.c +++ b/src/feature/relay/selftest.c @@ -31,6 +31,8 @@ #include "feature/control/control_events.h" +#include "feature/dirauth/authmode.h" + #include "feature/dirclient/dirclient.h" #include "feature/dircommon/directory.h" @@ -142,12 +144,14 @@ router_orport_seems_reachable(const or_options_t *options, * - we've seen a successful reachability check, or * - there is no DirPort set, or * - AssumeReachable is set, or + * - We're a dir auth (see ticket #40287), or * - the network is disabled. */ int router_dirport_seems_reachable(const or_options_t *options) { int reach_checks_disabled = router_reachability_checks_disabled(options) || + authdir_mode(options) || !options->DirPort_set; return reach_checks_disabled || can_reach_dir_port; ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.4.5'
commit a4df1e8ea47842a76e4fc3ebc750e68b728f222e Merge: c0589d06be 26c2e843f9 Author: Alexander Færøy Date: Mon Feb 22 19:13:12 2021 + Merge branch 'maint-0.4.5' changes/bug40287 | 4 src/feature/relay/selftest.c | 4 2 files changed, 8 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5
commit 26c2e843f958c5451c836bbf9a4979aecac177c4 Merge: 03c686563b 8a8045c788 Author: Alexander Færøy Date: Mon Feb 22 19:12:53 2021 + Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5 changes/bug40287 | 4 src/feature/relay/selftest.c | 4 2 files changed, 8 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser-build/master] Release preparations for 10.5a11
commit fac6af63494f06789ead311bddcac62e98b83a89 Author: Matthew Finkel Date: Fri Feb 19 05:36:29 2021 + Release preparations for 10.5a11 Versions bump and Changelog update --- projects/android-components/config | 4 +- .../gradle-dependencies-list.txt | 15 +- projects/fenix/config | 4 +- projects/fenix/gradle-dependencies-list.txt| 356 +++-- projects/firefox-langpacks/config | 2 +- projects/firefox/config| 6 +- projects/geckoview/config | 6 +- projects/openssl/config| 4 +- .../tor-browser/Bundle-Data/Docs/ChangeLog.txt | 22 ++ projects/tor-browser/allowed_addons.json | 296 + projects/tor-browser/config| 4 +- projects/tor/config| 2 +- rbm.conf | 5 +- 13 files changed, 370 insertions(+), 356 deletions(-) diff --git a/projects/android-components/config b/projects/android-components/config index df3d636..fbba9bc 100644 --- a/projects/android-components/config +++ b/projects/android-components/config @@ -8,12 +8,12 @@ gpg_keyring: torbutton.gpg variant: '[% IF c("var/release") %]Release[% ELSE %]Beta[% END %]' var: - android_components_version: 72.0.5 + android_components_version: 72.0.15 torbrowser_branch: 10.5 container: use_container: 1 # This should be updated when the list of gradle dependencies is changed. - gradle_dependencies_version: 18 + gradle_dependencies_version: 19 # Switch to make it easier to grab all dependencies during a dry-run. # Note: Use the commit before support for new GeckoView interfaces gets added. fetch_gradle_dependencies: 0 diff --git a/projects/android-components/gradle-dependencies-list.txt b/projects/android-components/gradle-dependencies-list.txt index 4e7b6a9..b62555a 100644 --- a/projects/android-components/gradle-dependencies-list.txt +++ b/projects/android-components/gradle-dependencies-list.txt @@ -9,15 +9,10 @@ b219d2b568e7e4ba534e09f8c2fd242343df6ccbdfbbe938846f5d740e6b0b11 | https://dl.go 6b73ff6608f4b1d6cbab620b65708a382d0b39901cf4e6b0d16f84a1b04d7732 | https://dl.google.com/dl/android/maven2/androidx/annotation/annotation-experimental/1.0.0/annotation-experimental-1.0.0.pom 0baae9755f7caf52aa80cd04324b91ba93af55d4d1d17dcc9a7b53d99ef7c016 | https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.0.0/annotation-1.0.0.jar a179c12db43d9c0300c9db63f4811db496504be5401b951d422b78490ad1e5b4 | https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.0.0/annotation-1.0.0.pom -c89d23f9804282a47992ff5ca647b784921c16caa669a7e9af34c15f81aa7442 | https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.0.1/annotation-1.0.1.pom d38d63edb30f1467818d50aaf05f8a692dea8b31392a049bfa991b159ad5b692 | https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.1.0/annotation-1.1.0.jar 2e9372ba7780ef44952adbf86b66e1f08682c1e5277c926185f6564a13799efe | https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.1.0/annotation-1.1.0.pom -19944d32b46551a17c347e21894b95837fbd7baaafc9e2082794344f222f7361 | https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat-resources/1.1.0/appcompat-resources-1.1.0.aar -046011e16cb01b6f14842565661551110ef1b6427483f5d9068493f4c49690f2 | https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat-resources/1.1.0/appcompat-resources-1.1.0.pom c470297c03ff3de1c3d15dacf0be0cae63abc10b52f021dd07ae28daa3100fe5 | https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat-resources/1.2.0/appcompat-resources-1.2.0.aar 149dd8cec3664bef8ffde86c396ba1e2ab156ea68793d29800d008bacbc9c0f8 | https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat-resources/1.2.0/appcompat-resources-1.2.0.pom -8d7299bca44cb3bdf17f5595766acbf459fc81fee223e8686cc6acd3a42ab5c0 | https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat/1.1.0/appcompat-1.1.0.aar -340d617121f8ef8e02a6680c8f357aa3e542276d0c8a1cdcb6fd98984b2cb7b9 | https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat/1.1.0/appcompat-1.1.0.pom 3d2131a55a61a777322e2126e0018011efa6339e53b44153eb651b16020cca70 | https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat/1.2.0/appcompat-1.2.0.aar 8eb3cbe823b609853b481646e3d2c1aa39dbde53dd269712fd844ffdef2ebb42 | https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat/1.2.0/appcompat-1.2.0.pom 4b6f1d459ddd146b4e85ed6d46e86eb8c2639c5de47904e6db4d698721334220 | https://dl.google.com/dl/android/maven2/androidx/arch/core/core-common/2.0.0/core-common-2.0.0.pom @@ -54,8 +49,6 @@ ba6a806bc1a6faf0cbae08397b3f781feca293ff2b5f3aa600b3d2db142e5ab4 | https://dl.go
[tor-commits] [tor-browser-build/master] Add 10.0.11 changelog
commit f366e44169f342c9e6df3abbb2268e32d43f92e4 Author: Matthew Finkel Date: Fri Feb 19 04:17:38 2021 + Add 10.0.11 changelog --- projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt | 4 1 file changed, 4 insertions(+) diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt index 12dd037..49b180b 100644 --- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt +++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt @@ -2,6 +2,10 @@ Tor Browser 10.5a10 -- February 7 2021 * Windows * Update Firefox to 78.7.1esr +Tor Browser 10.0.11 -- February 6 2021 + * Windows +* Update Firefox to 78.7.1esr + Tor Browser 10.5a9 -- February 5 2021 * Android * Update Fenix to 86.0.0-beta.2 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser-build/master] Bug 40229: add support for local builds directory in sign-nightly
commit 1b173d226cf6a6083abf540f5b3046ff8f11fb0e Author: Nicolas Vigier Date: Thu Feb 18 19:59:05 2021 +0100 Bug 40229: add support for local builds directory in sign-nightly If builds_url starts with '/', we assume it is a local directory. --- tools/signing/nightly/sign-nightly | 34 ++ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/tools/signing/nightly/sign-nightly b/tools/signing/nightly/sign-nightly index c2aa61a..a633313 100755 --- a/tools/signing/nightly/sign-nightly +++ b/tools/signing/nightly/sign-nightly @@ -89,7 +89,11 @@ sub get_last_build_version { my $yesterday = 'tbb-nightly.' . $dt_yesterday->ymd('.'); for my $version ($today, $yesterday) { my $url = "$config->{builds_url}/$version/$publish_dir/sha256sums-unsigned-build.incrementals.txt"; -return $version if get($url); +if ($url =~ m|^/|) { +return $version if -f $url; +} else { +return $version if get($url); +} } return undef; } @@ -119,18 +123,24 @@ sub get_new_version { return $last_ver; } -sub download_file { +sub get_file { +my ($url, $file) = @_; +return copy($url, $file) if $url =~ m|^/|; +return getstore($url, $file) == 200; +} + +sub get_file_sha256sum { my ($url, $file, $sha256sum) = @_; -my $retries = 5; +my $retries = $url =~ m|^/| ? 1 : 5; while ($retries > 0) { $retries--; -print "Downloading $url\n"; -next unless getstore("$url", "$file.tmp") == 200; +print "Getting $url\n"; +next unless get_file($url, "$file.tmp"); next unless $sha256sum eq sha256_hex(path("$file.tmp")->slurp_raw); move("$file.tmp", $file); return 1; } -exit_error "Error downloading $url"; +exit_error "Error getting $url"; } sub fetch_version { @@ -143,10 +153,10 @@ sub fetch_version { my $gpg_keyring = basedir_path($config->{gpg_keyring}, $topdir); for my $file (qw/sha256sums-unsigned-build.txt sha256sums-unsigned-build.incrementals.txt/) { my $url = "$urldir/$file"; -exit_error "Error downloading $url" -unless getstore($url, "$tmpdir/$file") == 200; -exit_error "Error downloading $url.asc" -unless getstore("$url.asc", "$tmpdir/$file.asc") == 200; +exit_error "Error getting $url" +unless get_file($url, "$tmpdir/$file"); +exit_error "Error getting $url.asc" +unless get_file("$url.asc", "$tmpdir/$file.asc"); exit_error "Error checking gpg signature for $url" if system('gpg', '--no-default-keyring', '--keyring', $gpg_keyring, '--verify', "$tmpdir/$file.asc", @@ -159,10 +169,10 @@ sub fetch_version { ); my @build_infos_file = grep { $_ =~ m/build-infos-.*\.json/ } keys %sums; exit_error "Missing build-infos.json in $urldir" unless @build_infos_file; -download_file("$urldir/$build_infos_file[0]", +get_file_sha256sum("$urldir/$build_infos_file[0]", "$tmpdir/build-infos.json", $sums{$build_infos_file[0]}); foreach my $file (sort grep { $_ =~ m/\.mar$/ } keys %sums) { -download_file("$urldir/$file", "$tmpdir/$file", $sums{$file}); +get_file_sha256sum("$urldir/$file", "$tmpdir/$file", $sums{$file}); } make_path("$topdir/nightly/$publish_dir"); dirmove($tmpdir, $destdir) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser-build/master] Merge remote-tracking branch 'gitlab/merge-requests/224'
commit 947c9178b99b48c81a130fb715aec5990cf7e23e Merge: f849997 1b173d2 Author: Georg Koppen Date: Mon Feb 22 15:37:16 2021 + Merge remote-tracking branch 'gitlab/merge-requests/224' tools/signing/nightly/sign-nightly | 34 ++ 1 file changed, 22 insertions(+), 12 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser-build/master] Bug 40231: Print start and exit time in sign-nightly output
commit f2fa01e29f827d1bfce1010bbe3b9b6eb963d55d Author: Nicolas Vigier Date: Mon Feb 15 19:34:53 2021 +0100 Bug 40231: Print start and exit time in sign-nightly output --- tools/signing/nightly/sign-nightly | 10 ++ 1 file changed, 10 insertions(+) diff --git a/tools/signing/nightly/sign-nightly b/tools/signing/nightly/sign-nightly index 2009fbc..c2aa61a 100755 --- a/tools/signing/nightly/sign-nightly +++ b/tools/signing/nightly/sign-nightly @@ -45,6 +45,15 @@ my $topdir = "$FindBin::Bin/../../.."; } } +sub print_time { +my $dt = DateTime->now; +print $dt->ymd, " ", $dt->hms, " - ", @_; +} + +END { +print_time "Exiting sign-nightly (pid: $$)\n"; +} + sub run_alone { my $pidfile = "$FindBin::Bin/lock"; if (-f $pidfile) { @@ -250,6 +259,7 @@ sub sync_dest { } } +print_time "Starting sign-nightly (pid: $$)\n"; run_alone; my $some_updates = 0; foreach my $publish_dir (@{$config->{publish_dirs}}) { ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor-browser-build/master] Merge remote-tracking branch 'gitlab/merge-requests/220'
commit f8499970c4106332790f48352b0f09998585ec2a Merge: e979fe3 f2fa01e Author: Georg Koppen Date: Mon Feb 22 14:30:45 2021 + Merge remote-tracking branch 'gitlab/merge-requests/220' tools/signing/nightly/sign-nightly | 10 ++ 1 file changed, 10 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tpo/master] Update press clips
commit 480cd6e513dae143bd6b9bee22d8445bfabf7625 Author: hiro Date: Mon Feb 22 15:19:01 2021 +0100 Update press clips --- bin/csv_to_markdown| 46 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr" | 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ content/press/privacy-isnt-radical/contents.lr | 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../contents.lr| 20 ++ .../why-more-apps-should-integrate-tor/contents.lr | 20 ++ 31 files changed, 646 insertions(+) diff --git a/bin/csv_to_markdown b/bin/csv_to_markdown new file mode 100755 index ..fe0c697e --- /dev/null +++ b/bin/csv_to_markdown @@ -0,0 +1,46 @@ +#!/usr/bin/python3 + +import csv +import os +import re +import sys + + +csv_file = sys.argv[1] + +with open(csv_file, newline='') as csvfile: + spamreader = csv.reader(csvfile, delimiter=',', quotechar='"') + for row in spamreader: +publisher = row[0] +re_path = re.sub(r'[^\w\s]','',row[1]).lower() +create_path = re.sub(' ','-',re_path) +title = row[1] +date = row[2].split('/') +pub_date = "{}-{}-{}".format(date[2], date[0], date[1]) +link = row[3] +full_path = os.path.join(os.getcwd(),"content/press/{}".format(create_path)) +if not os.path.exists(full_path): + os.mkdir(full_path) + filename = "{}/contents.lr".format(full_path) + file_object = open(filename, 'w') + file_object.write("_model: post\n") + file_object.write("---\n") + file_object.write("_hidden: yes\n") + file_object.write("---\n") + file_object.write("active: True\n") + file_object.write("---\n") + file_object.write("type: snippet\n") + file_object.write("---\n") + file_object.write("publisher: {}\n".format(publisher)) + file_object.write("---\n") + file_object.write("title: {}\n".format(title)) + file_object.write("---\n") + file_object.write("link: {}\n".format(link)) + file_object.write("---\n") + file_object.write("pub_date: {}\n".format(pub_date)) + file_object.write("---\n") + file_object.write("summary: \n") + file_object.write("---\n") + file_object.write("body: \n") + file_object.write("---\n") + file_object.close() diff --git a/content/press/11-rules-to-ensure-cyber-security-when-you-work-from-home/contents.lr b/content/press/11-rules-to-ensure-cyber-security-when-you-work-from-home/contents.lr new file mode 100644 index ..652c30d1 --- /dev/null +++ b/content/press/11-rules-to-ensure-cyber-security-when-you-work-from-home/contents.lr @@ -0,0 +1,20 @@ +_model: post +--- +_hidden: yes +--- +active: True +--- +type: snippet +--- +publisher: Economic Times +--- +title: 11 rules to ensure cyber security when you work from home +--- +link: https://economictimes.indiatimes.com/magazines/panache/tape-the-webcam-enable-firewall-11-rules-to-ensure-cyber-security-when-you-work-from-home/articleshow/75005471.cms +--- +pub_date: 2020-4-6 +--- +summary: +--- +body: +--- diff --git a/content/press/all-the-privacy-apps-you-should-have-downloaded-in-2020/contents.lr b/content/press/all-the-privacy-apps-you-should-have-downloaded-in-2020/contents.lr new file mode
[tor-commits] [tor/master] Refactoring: Remove 'addresstype' from connection_ap_handle_onion().
commit 32fc8a116a3a88ad6e7269d5e9afb751e5d39e50 Author: George Kadianakis Date: Mon Feb 22 12:50:56 2021 +0200 Refactoring: Remove 'addresstype' from connection_ap_handle_onion(). It's all v3 now. Preparation for fixing CID 1473232. --- src/core/or/connection_edge.c | 111 -- 1 file changed, 53 insertions(+), 58 deletions(-) diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index b407fd4b1b..c39bfe1304 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -1929,13 +1929,12 @@ connection_ap_handshake_rewrite(entry_connection_t *conn, } } -/** We just received a SOCKS request in conn to an onion address of type - * addresstype. Start connecting to the onion service. */ +/** We just received a SOCKS request in conn to a v3 onion. Start + * connecting to the onion service. */ static int connection_ap_handle_onion(entry_connection_t *conn, socks_request_t *socks, - origin_circuit_t *circ, - hostname_type_t addresstype) + origin_circuit_t *circ) { time_t now = approx_time(); connection_t *base_conn = ENTRY_TO_CONN(conn); @@ -1978,38 +1977,36 @@ connection_ap_handle_onion(entry_connection_t *conn, int rend_cache_lookup_result = -ENOENT; int descriptor_is_usable = 0; - if (addresstype == ONION_V3_HOSTNAME) { -const hs_descriptor_t *cached_desc = NULL; -int retval; -/* Create HS conn identifier with HS pubkey */ -hs_ident_edge_conn_t *hs_conn_ident = - tor_malloc_zero(sizeof(hs_ident_edge_conn_t)); - -retval = hs_parse_address(socks->address, _conn_ident->identity_pk, - NULL, NULL); -if (retval < 0) { - log_warn(LD_GENERAL, "failed to parse hs address"); - tor_free(hs_conn_ident); - return -1; -} -ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident; - -onion_address = socks->address; - -/* Check the v3 desc cache */ -cached_desc = hs_cache_lookup_as_client(_conn_ident->identity_pk); -if (cached_desc) { - rend_cache_lookup_result = 0; - descriptor_is_usable = -hs_client_any_intro_points_usable(_conn_ident->identity_pk, - cached_desc); - log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.", - (descriptor_is_usable) ? "usable" : "unusable", - safe_str_client(onion_address), - (descriptor_is_usable) ? "Not fetching." : "Refetching."); -} else { - rend_cache_lookup_result = -ENOENT; -} + const hs_descriptor_t *cached_desc = NULL; + int retval; + /* Create HS conn identifier with HS pubkey */ + hs_ident_edge_conn_t *hs_conn_ident = +tor_malloc_zero(sizeof(hs_ident_edge_conn_t)); + + retval = hs_parse_address(socks->address, _conn_ident->identity_pk, +NULL, NULL); + if (retval < 0) { +log_warn(LD_GENERAL, "failed to parse hs address"); +tor_free(hs_conn_ident); +return -1; + } + ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident; + + onion_address = socks->address; + + /* Check the v3 desc cache */ + cached_desc = hs_cache_lookup_as_client(_conn_ident->identity_pk); + if (cached_desc) { +rend_cache_lookup_result = 0; +descriptor_is_usable = + hs_client_any_intro_points_usable(_conn_ident->identity_pk, +cached_desc); +log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.", + (descriptor_is_usable) ? "usable" : "unusable", + safe_str_client(onion_address), + (descriptor_is_usable) ? "Not fetching." : "Refetching."); + } else { +rend_cache_lookup_result = -ENOENT; } /* Lookup the given onion address. If invalid, stop right now. @@ -2048,27 +2045,25 @@ connection_ap_handle_onion(entry_connection_t *conn, edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn); connection_ap_mark_as_non_pending_circuit(conn); base_conn->state = AP_CONN_STATE_RENDDESC_WAIT; -if (addresstype == ONION_V3_HOSTNAME) { - tor_assert(edge_conn->hs_ident); - /* Attempt to fetch the hsv3 descriptor. Check the retval to see how it - * went and act accordingly. */ - int ret = hs_client_refetch_hsdesc(_conn->hs_ident->identity_pk); - switch (ret) { - case HS_CLIENT_FETCH_MISSING_INFO: -/* Keeping the connection in descriptor wait state is fine because - * once we get enough dirinfo or a new live consensus, the HS client - * subsystem is notified and every connection in that state will - * trigger a fetch for the service key. */ - case HS_CLIENT_FETCH_LAUNCHED: - case HS_CLIENT_FETCH_PENDING: - case HS_CLIENT_FETCH_HAVE_DESC: -return 0; - case HS_CLIENT_FETCH_ERROR: - case HS_CLIENT_FETCH_NO_HSDIRS: -
[tor-commits] [tor/master] Fix CID 1473232 in connection_ap_handle_onion().
commit 428819f5dd151ca4a7ef9e842a0a82ce3091cf5c Author: George Kadianakis Date: Mon Feb 22 12:55:53 2021 +0200 Fix CID 1473232 in connection_ap_handle_onion(). Now that v2 is off the table, 'rend_cache_lookup_result' is useless in connection_ap_handle_onion() because it can only take the ENOENT value. Let's remove that helper variable and handle the ENOENT case specifically when we check the cache. Also remove the 'onion_address' helper variable. --- src/core/or/connection_edge.c | 43 --- 1 file changed, 8 insertions(+), 35 deletions(-) diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c index c39bfe1304..9884f55fc5 100644 --- a/src/core/or/connection_edge.c +++ b/src/core/or/connection_edge.c @@ -1936,6 +1936,7 @@ connection_ap_handle_onion(entry_connection_t *conn, socks_request_t *socks, origin_circuit_t *circ) { + int retval; time_t now = approx_time(); connection_t *base_conn = ENTRY_TO_CONN(conn); @@ -1971,14 +1972,8 @@ connection_ap_handle_onion(entry_connection_t *conn, return -1; } - /* Interface: Regardless of HS version after the block below we should have - set onion_address, rend_cache_lookup_result, and descriptor_is_usable. */ - const char *onion_address = NULL; - int rend_cache_lookup_result = -ENOENT; int descriptor_is_usable = 0; - const hs_descriptor_t *cached_desc = NULL; - int retval; /* Create HS conn identifier with HS pubkey */ hs_ident_edge_conn_t *hs_conn_ident = tor_malloc_zero(sizeof(hs_ident_edge_conn_t)); @@ -1992,45 +1987,23 @@ connection_ap_handle_onion(entry_connection_t *conn, } ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident; - onion_address = socks->address; - /* Check the v3 desc cache */ + const hs_descriptor_t *cached_desc = NULL; + unsigned int refetch_desc = 0; cached_desc = hs_cache_lookup_as_client(_conn_ident->identity_pk); if (cached_desc) { -rend_cache_lookup_result = 0; descriptor_is_usable = hs_client_any_intro_points_usable(_conn_ident->identity_pk, cached_desc); log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.", (descriptor_is_usable) ? "usable" : "unusable", - safe_str_client(onion_address), + safe_str_client(socks->address), (descriptor_is_usable) ? "Not fetching." : "Refetching."); } else { -rend_cache_lookup_result = -ENOENT; - } - - /* Lookup the given onion address. If invalid, stop right now. - * Otherwise, we might have it in the cache or not. */ - unsigned int refetch_desc = 0; - if (rend_cache_lookup_result < 0) { -switch (-rend_cache_lookup_result) { -case EINVAL: - /* We should already have rejected this address! */ - log_warn(LD_BUG,"Invalid service name '%s'", - safe_str_client(onion_address)); - connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL); - return -1; -case ENOENT: - /* We didn't have this; we should look it up. */ - log_info(LD_REND, "No descriptor found in our cache for %s. Fetching.", - safe_str_client(onion_address)); - refetch_desc = 1; - break; -default: - log_warn(LD_BUG, "Unknown cache lookup error %d", - rend_cache_lookup_result); - return -1; -} +/* We couldn't find this descriptor; we should look it up. */ +log_info(LD_REND, "No descriptor found in our cache for %s. Fetching.", + safe_str_client(socks->address)); +refetch_desc = 1; } /* Help predict that we'll want to do hidden service circuits in the ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Fix a test failure in test_hs_control_add_onion_helper_add_service().
commit c0589d06be698ea864e2c58e40ffda0f228440d4 Author: George Kadianakis Date: Mon Feb 22 13:31:29 2021 +0200 Fix a test failure in test_hs_control_add_onion_helper_add_service(). This bug made the pipeline fail. It basically tries to access a service we just freed because it's still on the service list. It only occurs about once every 10 tests and it looks like this: $ ./src/test/test hs_control/hs_control_add_onion_helper_add_service hs_control/hs_control_add_onion_helper_add_service: [forking] = ==354311==ERROR: AddressSanitizer: heap-use-after-free on address 0x61300940 at pc 0x55a159251b03 bp 0x7ffc6abb5b30 sp 0x7ffc6abb5b28 READ of size 8 at 0x61300940 thread T0 ^[[A #0 0x55a159251b02 in hs_service_ht_HT_FIND_P_ src/feature/hs/hs_service.c:153 #1 0x55a159251b02 in hs_service_ht_HT_FIND src/feature/hs/hs_service.c:153 #2 0x55a159251b02 in find_service src/feature/hs/hs_service.c:175 #3 0x55a159251c2c in register_service src/feature/hs/hs_service.c:188 #4 0x55a159262379 in hs_service_add_ephemeral src/feature/hs/hs_service.c:3811 #5 0x55a158e865e6 in test_hs_control_add_onion_helper_add_service src/test/test_hs_control.c:847 #6 0x55a1590fe77b in testcase_run_bare_ src/ext/tinytest.c:107 #7 0x55a1590fee98 in testcase_run_forked_ src/ext/tinytest.c:201 #8 0x55a1590fee98 in testcase_run_one src/ext/tinytest.c:267 #9 0x55a1590ffb06 in tinytest_main src/ext/tinytest.c:454 #10 0x55a158b1b1a4 in main src/test/testing_common.c:420 #11 0x7f7f06f8dd09 in __libc_start_main ../csu/libc-start.c:308 #12 0x55a158b21f69 in _start (/home/f/Computers/tor/mytor/src/test/test+0x372f69) 0x61300940 is located 64 bytes inside of 344-byte region [0x61300900,0x61300a58) freed by thread T0 here: #0 0x7f7f0774ab6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123 #1 0x55a158e86508 in test_hs_control_add_onion_helper_add_service src/test/test_hs_control.c:838 #2 0x55a1590fe77b in testcase_run_bare_ src/ext/tinytest.c:107 #3 0x55a1590fee98 in testcase_run_forked_ src/ext/tinytest.c:201 #4 0x55a1590fee98 in testcase_run_one src/ext/tinytest.c:267 #5 0x55a1590ffb06 in tinytest_main src/ext/tinytest.c:454 #6 0x55a158b1b1a4 in main src/test/testing_common.c:420 #7 0x7f7f06f8dd09 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7f7f0774ae8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145 #1 0x55a15948b728 in tor_malloc_ src/lib/malloc/malloc.c:45 #2 0x55a15948b7c0 in tor_malloc_zero_ src/lib/malloc/malloc.c:71 #3 0x55a159261bb5 in hs_service_new src/feature/hs/hs_service.c:4290 #4 0x55a159261f49 in hs_service_add_ephemeral src/feature/hs/hs_service.c:3758 #5 0x55a158e8619f in test_hs_control_add_onion_helper_add_service src/test/test_hs_control.c:832 #6 0x55a1590fe77b in testcase_run_bare_ src/ext/tinytest.c:107 #7 0x55a1590fee98 in testcase_run_forked_ src/ext/tinytest.c:201 #8 0x55a1590fee98 in testcase_run_one src/ext/tinytest.c:267 #9 0x55a1590ffb06 in tinytest_main src/ext/tinytest.c:454 #10 0x55a158b1b1a4 in main src/test/testing_common.c:420 #11 0x7f7f06f8dd09 in __libc_start_main ../csu/libc-start.c:308 SUMMARY: AddressSanitizer: heap-use-after-free src/feature/hs/hs_service.c:153 in hs_service_ht_HT_FIND_P_ Shadow bytes around the buggy address: 0x0c267fff80d0: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa 0x0c267fff80e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c267fff80f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c267fff8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c267fff8110: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa =>0x0c267fff8120: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd 0x0c267fff8130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c267fff8140: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x0c267fff8150: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 0x0c267fff8160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c267fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by
[tor-commits] [tor/master] Fix CID 1473233 in handle_control_hsfetch().
commit c0a23303140fedce06e0b7d88ce475c39703717a Author: George Kadianakis Date: Mon Feb 22 12:38:44 2021 +0200 Fix CID 1473233 in handle_control_hsfetch(). With v2 support for HSFETCH gone, we only support v3 addresses. We don't support v2 descriptor IDs anymore and hence we can remove that code. The code removed would ensure that if a v2 descriptor ID was provided, the user also had to provide HSDirs explicitly. In the v3 case, the code should work even if no HSDirs are provided, and Tor would find the HSDirs itself. --- src/feature/control/control_cmd.c | 8 1 file changed, 8 deletions(-) diff --git a/src/feature/control/control_cmd.c b/src/feature/control/control_cmd.c index 009105bb20..d8418d9b36 100644 --- a/src/feature/control/control_cmd.c +++ b/src/feature/control/control_cmd.c @@ -1437,7 +1437,6 @@ handle_control_hsfetch(control_connection_t *conn, const control_cmd_args_t *args) { - char *desc_id = NULL; smartlist_t *hsdirs = NULL; ed25519_public_key_t v3_pk; uint32_t version; @@ -1474,13 +1473,6 @@ handle_control_hsfetch(control_connection_t *conn, } } - /* Using a descriptor ID, we force the user to provide at least one - * hsdir server using the SERVER= option. */ - if (desc_id && (!hsdirs || !smartlist_len(hsdirs))) { -control_write_endreply(conn, 512, "SERVER option is required"); -goto done; - } - /* We are about to trigger HSDir fetch so send the OK now because after * that 650 event(s) are possible so better to have the 250 OK before them * to avoid out of order replies. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits