[tor-commits] [sbws/master] fix: CI: Make wget quiet

[juga]

commit d0a0202f47b5e019f08c0b4b285b4f2cb6a87352
Author: juga0 
Date:   Wed Feb 10 09:30:39 2021 +

fix: CI: Make wget quiet

to avoid many lines of non useful text the CI.
---
 tox.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index f0aadaf..51daeba 100644
--- a/tox.ini
+++ b/tox.ini
@@ -56,7 +56,7 @@ commands =
 bash -c "time python3 {envtmpdir}/net/wait.py 
{envtmpdir}/net/{auth,relay,exit}*"
 bash -c "python3 {toxinidir}/scripts/tools/sbws-http-server.py --port 
2 &>/dev/null &"
 sleep 1
-wget -O/dev/null http://127.0.0.1:2/sbws.bin
+wget -qO/dev/null http://127.0.0.1:2/sbws.bin
 ; Run actually the scanner
 mkdir -p /tmp/.sbws
 ; This add around 3min more to the tests



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] Merge branch 'maint-1.1'

[juga]

commit 0e37b0e98ba19d243985ff48dc670faee21fe94b
Merge: 7495401 3e4ccb9
Author: juga0 
Date:   Tue Feb 23 07:23:55 2021 +

Merge branch 'maint-1.1'

 docs/source/activity_measure.puml   |  30 +++
 docs/source/how_works.rst   |  12 ++-
 docs/source/images/activity_measure.svg |  42 +
 sbws/core/scanner.py| 145 ++--
 sbws/lib/relaylist.py   |  35 +---
 5 files changed, 204 insertions(+), 60 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] Merge remote-tracking branch 'gitlab/merge-requests/61' into maint-1.1

[juga]

commit 3e4ccb90ea64b391d0003bb72f17d513845680ae
Merge: e375cd2 d0a0202
Author: Georg Koppen 
Date:   Mon Feb 22 17:12:18 2021 +

Merge remote-tracking branch 'gitlab/merge-requests/61' into maint-1.1

 docs/source/activity_measure.puml   |  30 +++
 docs/source/how_works.rst   |  12 ++-
 docs/source/images/activity_measure.svg |  42 +
 sbws/core/scanner.py| 145 ++--
 sbws/lib/relaylist.py   |  35 +---
 5 files changed, 204 insertions(+), 60 deletions(-)




___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix:scanner: Rm condition assigning helper

[juga]

commit 72b43570589d10a668039341895948ded0f1bfd7
Author: juga0 
Date:   Tue Feb 9 13:08:44 2021 +

fix:scanner: Rm condition assigning helper
---
 sbws/core/scanner.py | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 97829f4..5fd917a 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -267,12 +267,12 @@ def error_no_helper(relay, dest, our_nick=""):
 
 
 def create_path_relay(relay, dest, rl, cb, relay_as_entry=True):
-if relay_as_entry:
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=True)
-else:
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=False)
+# the helper `is_exit` arg (should be better called `helper_as_exit`),
+# is True when the relay is the entry (helper has to be exit)
+# and False when the relay is not the entry, ie. is the exit (helper does
+# not have to be an exit)
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=relay_as_entry)
 if not helper:
 return error_no_helper(relay, dest)
 if relay_as_entry:



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix:scanner: Move as_entry/as_exit into one function

[juga]

commit 8846c32a500515fc3d5d094a6ff5b0777f2c30fb
Author: juga0 
Date:   Tue Feb 9 12:57:36 2021 +

fix:scanner: Move as_entry/as_exit into one function

since they're similar code
---
 sbws/core/scanner.py | 39 +++
 1 file changed, 19 insertions(+), 20 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 40e3093..97829f4 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -266,25 +266,24 @@ def error_no_helper(relay, dest, our_nick=""):
 ]
 
 
-def create_path_relay_as_entry(relay, dest, rl, cb):
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=True)
-if not helper:
-return error_no_helper(relay, dest)
-circ_fps = [relay.fingerprint, helper.fingerprint]
-nicknames = [relay.nickname, helper.nickname]
-return circ_fps, nicknames, helper.exit_policy
-
-
-def create_path_relay_as_exit(relay, dest, rl, cb):
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=False)
+def create_path_relay(relay, dest, rl, cb, relay_as_entry=True):
+if relay_as_entry:
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=True)
+else:
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=False)
 if not helper:
 return error_no_helper(relay, dest)
-circ_fps = [helper.fingerprint, relay.fingerprint]
-# stored for debugging
-nicknames = [helper.nickname, relay.nickname]
-return circ_fps, nicknames, relay.exit_policy
+if relay_as_entry:
+circ_fps = [relay.fingerprint, helper.fingerprint]
+nicknames = [relay.nickname, helper.nickname]
+exit_policy = helper.exit_policy
+else:
+circ_fps = [helper.fingerprint, relay.fingerprint]
+nicknames = [helper.nickname, relay.nickname]
+exit_policy = relay.exit_policy
+return circ_fps, nicknames, exit_policy
 
 
 def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick):
@@ -348,10 +347,10 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 # the relay as an exit, if it can exit to some IPs.
 if relay.is_exit_not_bad_allowing_port(dest.port):
 circ_fps, nicknames, exit_policy = \
-create_path_relay_as_exit(relay, dest, rl, cb)
+create_path_relay(relay, dest, rl, cb, relay_as_entry=False)
 else:
 circ_fps, nicknames, exit_policy = \
-create_path_relay_as_entry(relay, dest, rl, cb)
+create_path_relay(relay, dest, rl, cb)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)
@@ -380,7 +379,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 "with it as entry.", relay.fingerprint, relay.nickname,
 exit_policy, dest.url, circ_fps, nicknames, usable_data)
 circ_fps, nicknames, exit_policy = \
-create_path_relay_as_entry(relay, dest, rl, cb)
+create_path_relay(relay, dest, rl, cb)
 circ_id, reason = cb.build_circuit(circ_fps)
 if not circ_id:
 log.warning(



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix: scanner: log exit policy when stream fails

[juga]

commit a570a707ec898cf59bdd12d3a8b20d25ce9459fd
Author: juga0 
Date:   Mon Feb 8 16:21:53 2021 +

fix: scanner: log exit policy when stream fails
---
 sbws/core/scanner.py | 33 -
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 903f09f..c7ee1ee 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -267,7 +267,7 @@ def create_path_relay_as_entry(relay, dest, rl, cb):
 return error_no_helper(relay, dest)
 circ_fps = [relay.fingerprint, helper.fingerprint]
 nicknames = [relay.nickname, helper.nickname]
-return helper, circ_fps, nicknames
+return circ_fps, nicknames, helper.exit_policy
 
 
 def create_path_relay_as_exit(relay, dest, rl, cb):
@@ -278,7 +278,7 @@ def create_path_relay_as_exit(relay, dest, rl, cb):
 circ_fps = [helper.fingerprint, relay.fingerprint]
 # stored for debugging
 nicknames = [helper.nickname, relay.nickname]
-return circ_fps, nicknames
+return circ_fps, nicknames, relay.exit_policy
 
 
 def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick):
@@ -341,9 +341,11 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # Instead of ensuring that the relay can exit to all IPs, try first with
 # the relay as an exit, if it can exit to some IPs.
 if relay.is_exit_not_bad_allowing_port(dest.port):
-circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb)
+circ_fps, nicknames, exit_policy = \
+create_path_relay_as_exit(relay, dest, rl, cb)
 else:
-circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
+circ_fps, nicknames, exit_policy = \
+create_path_relay_as_entry(relay, dest, rl, cb)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)
@@ -367,10 +369,12 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 if not is_usable and \
 relay.is_exit_not_bad_allowing_port(dest.port):
 log.info(
-"Exit %s (%s) that can't exit all ips failed to connect to "
-" %s via circuit %s (%s). Trying again with it as entry.",
-relay.fingerprint, relay.nickname, dest, circ_fps, nicknames)
-circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
+"Exit %s (%s) that can't exit all ips, with exit policy %s, failed"
+" to connect to %s via circuit %s (%s). Reason: %s. Trying again "
+"with it as entry.", relay.fingerprint, relay.nickname,
+exit_policy, dest.url, circ_fps, nicknames, usable_data)
+circ_fps, nicknames, exit_policy = \
+create_path_relay_as_entry(relay, dest, rl, cb)
 circ_id, reason = cb.build_circuit(circ_fps)
 if not circ_id:
 log.warning(
@@ -385,8 +389,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 is_usable, usable_data = connect_to_destination_over_circuit(
 dest, circ_id, s, cb.controller, dest._max_dl)
 if not is_usable:
-log.debug('Destination %s unusable via circuit %s (%s), %s',
-  dest.url, circ_fps, nicknames, usable_data)
+log.debug('Failed to connect to %s to measure %s (%s) via circuit '
+  '%s (%s). Exit policy: %s. Reason: %s.', dest.url,
+  relay.fingerprint, relay.nickname, circ_fps, nicknames,
+  exit_policy, usable_data)
 cb.close_circuit(circ_id)
 return [
 ResultErrorStream(relay, circ_fps, dest.url, our_nick,
@@ -410,9 +416,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 bw_results, reason = measure_bandwidth_to_server(
 s, conf, dest, usable_data['content_length'])
 if bw_results is None:
-log.debug('Unable to measure bandwidth for %s (%s) to %s via circuit '
-  '%s (%s): %s', relay.fingerprint, relay.nickname,
-  dest.url, circ_fps, nicknames, reason)
+log.debug('Failed to measure %s (%s) via circuit %s (%s) to %s. Exit'
+  ' policy: %s. Reason: %s.', relay.fingerprint,
+  relay.nickname, circ_fps, nicknames, dest.url, exit_policy,
+  reason)
 cb.close_circuit(circ_id)
 return [
 ResultErrorStream(relay, circ_fps, dest.url, our_nick,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix: scanner: remove relay to measure as helper

[juga]

commit 50377680448d66bc95a09fc5333da9465bd1b791
Author: juga0 
Date:   Mon Feb 8 16:24:11 2021 +

fix: scanner: remove relay to measure as helper
---
 sbws/core/scanner.py | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index c7ee1ee..40e3093 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -219,6 +219,12 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 if is_exit else rl.non_exits
 if not len(candidates):
 return None
+# In the case the helper is an exit, the entry could be an exit too
+# (#40041), so ensure the helper is not the same as the entry, likely to
+# happen in a test network.
+if is_exit:
+candidates = [c for c in candidates
+  if c.fingerprint != relay.fingerprint]
 min_relay_bw = rl.exit_min_bw() if is_exit else rl.non_exit_min_bw()
 log.debug('Picking a 2nd hop to measure %s from %d choices. is_exit=%s',
   relay.nickname, len(candidates), is_exit)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix: doc: Add relay measure activity diagram

[juga]

commit 78c4091538493604e2d9749bc0e93bbb968d0b1a
Author: juga0 
Date:   Wed Feb 3 12:05:49 2021 +

fix: doc: Add relay measure activity diagram
---
 docs/source/activity_measure.puml   | 30 +++
 docs/source/how_works.rst   | 12 +-
 docs/source/images/activity_measure.svg | 42 +
 3 files changed, 83 insertions(+), 1 deletion(-)

diff --git a/docs/source/activity_measure.puml 
b/docs/source/activity_measure.puml
new file mode 100644
index 000..f553cb1
--- /dev/null
+++ b/docs/source/activity_measure.puml
@@ -0,0 +1,30 @@
+@startuml
+
+start
+
+if (exit?) then (yes)
+  :[h, r];
+else (no)
+  :[r, h];
+endif
+if (circuit?) then (yes)
+:stream;
+if (no stream and [h, r]) then (yes)
+:[r, h] (r is exit);
+if (circuit?) then (yes)
+:stream;
+else (no)
+:WARN;
+:ErrorCircuit;
+endif
+endif
+if (no stream) then (yes)
+:ErrorStream;
+endif
+else (no)
+:ErrorCircuit;
+endif
+
+stop
+
+@enduml
diff --git a/docs/source/how_works.rst b/docs/source/how_works.rst
index 24f8689..f4b1ae0 100644
--- a/docs/source/how_works.rst
+++ b/docs/source/how_works.rst
@@ -73,6 +73,16 @@ Measuring relays
 
 Source code: :func:`sbws.core.scanner.measure_relay`
 
+Measuring a relay
+~
+
+.. image:: ./images/activity_measure.svg
+   :alt: activity measuring a relay
+   :height: 300px
+   :align: center
+
+Source code: :func:`sbws.core.scanner.measure_relay`
+
 Selecting a second relay
 
 
@@ -165,4 +175,4 @@ The bandwidth file format is defined in the 
bandwidth_file_spec_.
 .. _requests: http://docs.python-requests.org/
 .. _peerflow: 
https://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/16-1231-4353.pdf
 .. _torflow_scaling: 
https://gitweb.torproject.org/torflow.git/tree/NetworkScanners/BwAuthority/README.spec.txt#n298
-.. _bandwidth_file_spec: 
https://gitweb.torproject.org/torspec.git/tree/bandwidth-file-spec.txt
\ No newline at end of file
+.. _bandwidth_file_spec: 
https://gitweb.torproject.org/torspec.git/tree/bandwidth-file-spec.txt
diff --git a/docs/source/images/activity_measure.svg 
b/docs/source/images/activity_measure.svg
new file mode 100644
index 000..a278ce7
--- /dev/null
+++ b/docs/source/images/activity_measure.svg
@@ -0,0 +1,42 @@
+http://www.w3.org/2000/svg; xmlns:xlink="http://www.w3.org/1999/xlink; 
contentScriptType="application/ecmascript" contentStyleType="text/css" 
height="783px" preserveAspectRatio="none" style="width:337px;height:783px;" 
version="1.1" viewBox="0 0 337 783" width="337px" 
zoomAndPan="magnify">exit?yesno[h, 
r][r, 
h]circuit?yesnostream[r, h] (r is exit)circuit?yesnostreamWARNErrorCircuityesno stream and [h, r]ErrorStreamyesno streamErrorCircuit
\ No newline at end of file



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] minor: scanner: move checking helper to methods

[juga]

commit 3d8cf6f801ab42a12d9efd58ba41e697c34b1ef9
Author: juga0 
Date:   Tue Feb 2 12:07:03 2021 +

minor: scanner: move checking helper to methods

`helper` variable is only used to return error, therefore move it to
the methods that create the path and return the error there.
`our_nick` is not useful for the log, since it is always the same, but
not removing it here.
---
 sbws/core/scanner.py | 27 ++-
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 4ca7430..e18bddb 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -244,7 +244,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 return chosen
 
 
-def error_no_helper(relay, dest, our_nick):
+def error_no_helper(relay, dest, our_nick=""):
 reason = 'Unable to select a second relay'
 log.debug(reason + ' to help measure %s (%s)',
   relay.fingerprint, relay.nickname)
@@ -255,25 +255,24 @@ def error_no_helper(relay, dest, our_nick):
 
 
 def create_path_relay_as_entry(relay, dest, rl, cb):
-circ_fps = nicknames = []
 helper = _pick_ideal_second_hop(
 relay, dest, rl, cb.controller, is_exit=True)
 if not helper:
-return error_no_helper(relay, dest, our_nick)
+return error_no_helper(relay, dest)
 circ_fps = [relay.fingerprint, helper.fingerprint]
 nicknames = [relay.nickname, helper.nickname]
 return helper, circ_fps, nicknames
 
 
 def create_path_relay_as_exit(relay, dest, rl, cb):
-circ_fps = nicknames = []
 helper = _pick_ideal_second_hop(
 relay, dest, rl, cb.controller, is_exit=False)
-if helper:
-circ_fps = [helper.fingerprint, relay.fingerprint]
-# stored for debugging
-nicknames = [helper.nickname, relay.nickname]
-return helper, circ_fps, nicknames
+if not helper:
+return error_no_helper(relay, dest)
+circ_fps = [helper.fingerprint, relay.fingerprint]
+# stored for debugging
+nicknames = [helper.nickname, relay.nickname]
+return circ_fps, nicknames
 
 
 def measure_relay(args, conf, destinations, cb, rl, relay):
@@ -324,16 +323,10 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 
 # Pick a relay to help us measure the given relay. If the given relay is an
 # exit, then pick a non-exit. Otherwise pick an exit.
-helper = None
-circ_fps = None
 if relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
-helper, circ_fps, nicknames = create_path_relay_as_exit(
-relay, dest, rl, cb)
+circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb)
 else:
-helper, circ_fps, nicknames = create_path_relay_as_entry(
-relay, dest, rl, cb)
-if not helper:
-return error_no_helper(relay, dest, our_nick)
+circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix: scanner: extract method for not helper case

[juga]

commit 119d91108a45aa71b80e71f41dc86df0729991a8
Author: juga0 
Date:   Tue Feb 2 11:59:41 2021 +

fix: scanner: extract method for not helper case
---
 sbws/core/scanner.py | 25 +++--
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 228ad74..4ca7430 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -244,13 +244,24 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, 
is_exit):
 return chosen
 
 
+def error_no_helper(relay, dest, our_nick):
+reason = 'Unable to select a second relay'
+log.debug(reason + ' to help measure %s (%s)',
+  relay.fingerprint, relay.nickname)
+return [
+ResultErrorSecondRelay(relay, [], dest.url, our_nick,
+   msg=reason),
+]
+
+
 def create_path_relay_as_entry(relay, dest, rl, cb):
 circ_fps = nicknames = []
 helper = _pick_ideal_second_hop(
 relay, dest, rl, cb.controller, is_exit=True)
-if helper:
-circ_fps = [relay.fingerprint, helper.fingerprint]
-nicknames = [relay.nickname, helper.nickname]
+if not helper:
+return error_no_helper(relay, dest, our_nick)
+circ_fps = [relay.fingerprint, helper.fingerprint]
+nicknames = [relay.nickname, helper.nickname]
 return helper, circ_fps, nicknames
 
 
@@ -322,13 +333,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 helper, circ_fps, nicknames = create_path_relay_as_entry(
 relay, dest, rl, cb)
 if not helper:
-reason = 'Unable to select a second relay'
-log.debug(reason + ' to help measure %s (%s)',
-  relay.fingerprint, relay.nickname)
-return [
-ResultErrorSecondRelay(relay, [], dest.url, our_nick,
-   msg=reason),
-]
+return error_no_helper(relay, dest, our_nick)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix: relaylist: Remove duplicated can exit methods

[juga]

commit cd9f82fbbe6ec4205fa3c8695cd277a03da39833
Author: juga0 
Date:   Mon Feb 8 15:04:58 2021 +

fix: relaylist: Remove duplicated can exit methods

After refactoring and making clear when we were using exit(s) that can
exit to all public IPs (and a port) or only some, refactor them
removing the duplicated code and adding the `strict` argument.
---
 sbws/core/scanner.py  |  8 ++--
 sbws/lib/relaylist.py | 64 +++
 tests/integration/lib/test_destination.py |  6 +--
 3 files changed, 29 insertions(+), 49 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 1499264..903f09f 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -215,7 +215,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 # In the case that a concrete exit can't exit to the Web server, it is not
 # a problem since the relay will be measured in the next loop with other
 # random exit.
-candidates = rl.exits_not_bad_allowing_port_some_ips(dest.port) \
+candidates = rl.exits_not_bad_allowing_port(dest.port) \
 if is_exit else rl.non_exits
 if not len(candidates):
 return None
@@ -340,7 +340,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # exit, then pick a non-exit. Otherwise pick an exit.
 # Instead of ensuring that the relay can exit to all IPs, try first with
 # the relay as an exit, if it can exit to some IPs.
-if relay.is_exit_not_bad_allowing_port_some_ips(dest.port):
+if relay.is_exit_not_bad_allowing_port(dest.port):
 circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb)
 else:
 circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
@@ -365,7 +365,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # to the Web server, try again using it as entry, to avoid that it would
 # always fail when there's only one Web server.
 if not is_usable and \
-relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
+relay.is_exit_not_bad_allowing_port(dest.port):
 log.info(
 "Exit %s (%s) that can't exit all ips failed to connect to "
 " %s via circuit %s (%s). Trying again with it as entry.",
@@ -377,7 +377,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 "Exit %s (%s) that can't exit all ips, failed to create "
 " circuit as entry: %s (%s).", relay.fingerprint,
 relay.nickname, circ_fps, nicknames)
-return error_no_circuit(relay, circ_fps, nicknames, reason, dest,
+return error_no_circuit(circ_fps, nicknames, reason, relay, dest,
 our_nick)
 
 log.debug('Built circuit with path %s (%s) to measure %s (%s)',
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 3ff1f73..9c6d12a 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -178,21 +178,32 @@ class Relay:
 """Number of times the relay was in a conensus."""
 return len(self.relay_in_recent_consensus)
 
-def can_exit_to_port_all_ips(self, port):
+def can_exit_to_port(self, port, strict=False):
 """
 Returns True if the relay has an exit policy and the policy accepts
-exiting to the given portself or False otherwise.
+exiting to the given port or False otherwise.
+
+If ``strict`` is true, it only returns the exits that can exit to all
+IPs and that port.
 
 The exits that are IPv6 only or IPv4 but rejecting some public networks
 will return false.
 On July 2020, there were 67 out of 1095 exits like this.
+
+If ``strict`` is false, it returns any exit that can exit to some
+public IPs and that port.
+
+Note that the EXIT flag exists when the relay can exit to 443 **and**
+80. Currently all Web servers are using 443, so it would not be needed
+to check the EXIT flag too, using this function.
+
 """
 assert isinstance(port, int)
 # if dind't get the descriptor, there isn't exit policy
 # When the attribute is gotten in getattr(self._desc, "exit_policy"),
 # is possible that stem's _input_rules is None and raises an exception
 # (#29899):
-#   File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 
117, in can_exit_to_port_all_ips  # noqa
+#   File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 
117, in can_exit_to_port  # noqa
 # if not self.exit_policy:
 #   File "/usr/lib/python3/dist-packages/stem/exit_policy.py", line 
512, in __len__  # noqa
 # return len(self._get_rules())
@@ -202,50 +213,23 @@ class Relay:
 # Therefore, catch the exception here.
 try:
 if self.exit_policy:
-# Using `strict` to ensure it 

[tor-commits] [sbws/master] fix: scanner: extract method on circuit error

[juga]

commit 53141148f4b82df8e34e2757172e7403791a0c86
Author: juga0 
Date:   Tue Feb 2 12:13:42 2021 +

fix: scanner: extract method on circuit error

At some point all possible errors should be exceptions.
---
 sbws/core/scanner.py | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index e18bddb..aa17452 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -275,6 +275,15 @@ def create_path_relay_as_exit(relay, dest, rl, cb):
 return circ_fps, nicknames
 
 
+def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick):
+log.debug('Could not build circuit with path %s (%s): %s ',
+  circ_fps, nicknames, reason)
+return [
+ResultErrorCircuit(relay, circ_fps, dest.url, our_nick,
+   msg=reason),
+]
+
+
 def measure_relay(args, conf, destinations, cb, rl, relay):
 """
 Select a Web server, a relay to build the circuit,
@@ -338,12 +347,8 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 create_path_relay_as_exit(relay, dest, rl, cb)
 circ_id, reason = cb.build_circuit(circ_fps)
 if not circ_id:
-log.debug('Could not build circuit with path %s (%s): %s ',
-  circ_fps, nicknames, reason)
-return [
-ResultErrorCircuit(relay, circ_fps, dest.url, our_nick,
-   msg=reason),
-]
+return error_no_circuit(circ_fps, nicknames, reason, relay, dest,
+our_nick)
 log.debug('Built circuit with path %s (%s) to measure %s (%s)',
   circ_fps, nicknames, relay.fingerprint, relay.nickname)
 # Make a connection to the destination



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] minor: scanner: Change logic creating the path

[juga]

commit 294fc29786c47fbffac62cbbebdfad3186906fe3
Author: juga0 
Date:   Tue Feb 2 13:07:57 2021 +

minor: scanner: Change logic creating the path

When the relay is not an exit, instead of choosing exits that can
exit to all IPs, try with exits that can exit to some IPs, since the
relay will be measured again with a different exit in other loop.

When the relay is an exit, instead of ensuring it can exit all IPs, try
using it as exit if it can exit to some IPs.
If it fails connecting to the Web server, then try a 2nd time using it
as entry to avoid that it will fail in all loops if there is only one
Web server, cause it will be used again as an exit.

Also, the helper exits don't need to be able to exit all IPs. When a
helper exit fails to exit (maybe cause it can not exit to the Web
sever IP), it's not a problem cause in a next loop other exit will be
choosen.

This change of logic also solves the bug where non exits were being
used as exits, because we were trying to measure again a relay that
was used as entry, because it could not exit all IPs, which includes
also the non exits.

Closes: #40041.
---
 sbws/core/scanner.py  | 50 ---
 tests/integration/lib/test_destination.py |  6 ++--
 2 files changed, 43 insertions(+), 13 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index aa17452..1499264 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -209,8 +209,14 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 destination **dest**, pick a second relay that is or is not an exit
 according to **is_exit**.
 '''
-candidates = rl.exits_not_bad_allowing_port_all_ips(dest.port) if is_exit \
-else rl.non_exits
+# 40041: Instead of using exits that can exit to all IPs, to ensure that
+# they can make requests to the Web servers, try with the exits that
+# allow some IPs, since there're more.
+# In the case that a concrete exit can't exit to the Web server, it is not
+# a problem since the relay will be measured in the next loop with other
+# random exit.
+candidates = rl.exits_not_bad_allowing_port_some_ips(dest.port) \
+if is_exit else rl.non_exits
 if not len(candidates):
 return None
 min_relay_bw = rl.exit_min_bw() if is_exit else rl.non_exit_min_bw()
@@ -332,20 +338,20 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 
 # Pick a relay to help us measure the given relay. If the given relay is an
 # exit, then pick a non-exit. Otherwise pick an exit.
-if relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
+# Instead of ensuring that the relay can exit to all IPs, try first with
+# the relay as an exit, if it can exit to some IPs.
+if relay.is_exit_not_bad_allowing_port_some_ips(dest.port):
 circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb)
 else:
 circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)
-if not circ_id and relay.fingerprint == circ_fps[0]:
-# We detected that some exits fail to build circuits as 1st hop.
-# If that's the case, try again using them as 2nd hop.
-# We could reuse the helper, but it does not need to be an exit now,
-# so choose other again.
-create_path_relay_as_exit(relay, dest, rl, cb)
-circ_id, reason = cb.build_circuit(circ_fps)
+
+# If the circuit failed to get created, bad luck, it will be created again
+# with other helper.
+# Here we won't have the case that an exit tried to build the circuit as
+# entry and failed (#40029), cause not checking that it can exit all IPs.
 if not circ_id:
 return error_no_circuit(circ_fps, nicknames, reason, relay, dest,
 our_nick)
@@ -354,6 +360,30 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # Make a connection to the destination
 is_usable, usable_data = connect_to_destination_over_circuit(
 dest, circ_id, s, cb.controller, dest._max_dl)
+
+# In the case that the relay was used as an exit, but could not exit
+# to the Web server, try again using it as entry, to avoid that it would
+# always fail when there's only one Web server.
+if not is_usable and \
+relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
+log.info(
+"Exit %s (%s) that can't exit all ips failed to connect to "
+" %s via circuit %s (%s). Trying again with it as entry.",
+relay.fingerprint, relay.nickname, dest, circ_fps, nicknames)
+circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
+circ_id, reason = cb.build_circuit(circ_fps)
+if not circ_id:
+log.warning(
+  

[tor-commits] [sbws/master] fix: relaylist: rename exits_not_bad_allowing_port

[juga]

commit 3e2e6c7e77a041fb0dd31b993945ef7da766ea9c
Author: juga0 
Date:   Tue Feb 2 11:40:04 2021 +

fix: relaylist: rename exits_not_bad_allowing_port

see previous commit
---
 sbws/core/scanner.py  | 2 +-
 sbws/lib/relaylist.py | 2 +-
 tests/integration/lib/test_destination.py | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 20f1b83..2736059 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -209,7 +209,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 destination **dest**, pick a second relay that is or is not an exit
 according to **is_exit**.
 '''
-candidates = rl.exits_not_bad_allowing_port(dest.port) if is_exit \
+candidates = rl.exits_not_bad_allowing_port_all_ips(dest.port) if is_exit \
 else rl.non_exits
 if not len(candidates):
 return None
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 86e0d7b..863689e 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -453,7 +453,7 @@ class RelayList:
 """Number of times a new consensus was obtained."""
 return len(self._recent_consensus)
 
-def exits_not_bad_allowing_port(self, port):
+def exits_not_bad_allowing_port_all_ips(self, port):
 return [r for r in self.exits
 if r.is_exit_not_bad_allowing_port_all_ips(port)]
 
diff --git a/tests/integration/lib/test_destination.py 
b/tests/integration/lib/test_destination.py
index 98ed89f..19f6617 100644
--- a/tests/integration/lib/test_destination.py
+++ b/tests/integration/lib/test_destination.py
@@ -26,7 +26,7 @@ def 
test_connect_to_destination_over_circuit_success(persistent_launch_tor,
 relay = [r for r in rl.relays
  if r.nickname == 'relay1mbyteMAB'][0]
 # Choose an exit, for this test it does not matter the bandwidth
-helper = rl.exits_not_bad_allowing_port(destination.port)[0]
+helper = rl.exits_not_bad_allowing_port_all_ips(destination.port)[0]
 circuit_path = [relay.fingerprint, helper.fingerprint]
 # build a circuit
 circuit_id, _ = cb.build_circuit(circuit_path)
@@ -46,7 +46,7 @@ def 
test_connect_to_destination_over_circuit_fail(persistent_launch_tor,
 relay = [r for r in rl.relays
  if r.nickname == 'relay1mbyteMAB'][0]
 # Choose an exit, for this test it does not matter the bandwidth
-helper = rl.exits_not_bad_allowing_port(bad_destination.port)[0]
+helper = rl.exits_not_bad_allowing_port_all_ips(bad_destination.port)[0]
 circuit_path = [relay.fingerprint, helper.fingerprint]
 # Build a circuit.
 circuit_id, _ = cb.build_circuit(circuit_path)
@@ -75,7 +75,7 @@ def test_functional_destinations(conf, cb, rl, 
persistent_launch_tor):
 relay = [r for r in rl.relays
  if r.nickname == 'relay1mbyteMAB'][0]
 # Choose an exit, for this test it does not matter the bandwidth
-helper = rl.exits_not_bad_allowing_port(bad_destination.port)[0]
+helper = rl.exits_not_bad_allowing_port_all_ips(bad_destination.port)[0]
 circuit_path = [relay.fingerprint, helper.fingerprint]
 # Build a circuit.
 circuit_id, _ = cb.build_circuit(circuit_path)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix: relaylist: rename is_exit_not_bad_allowing_port

[juga]

commit 33a5909f57271a67ef0d9d88c1d7799d341d5ece
Author: juga0 
Date:   Tue Feb 2 11:38:12 2021 +

fix: relaylist: rename is_exit_not_bad_allowing_port

see previous commit
---
 sbws/core/scanner.py  | 2 +-
 sbws/lib/relaylist.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 312993a..20f1b83 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -294,7 +294,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # exit, then pick a non-exit. Otherwise pick an exit.
 helper = None
 circ_fps = None
-if relay.is_exit_not_bad_allowing_port(dest.port):
+if relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
 helper = _pick_ideal_second_hop(
 relay, dest, rl, cb.controller, is_exit=False)
 if helper:
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 5eef4aa..86e0d7b 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -219,7 +219,7 @@ class Relay:
 return False
 return False
 
-def is_exit_not_bad_allowing_port(self, port):
+def is_exit_not_bad_allowing_port_all_ips(self, port):
 return (Flag.BADEXIT not in self.flags and
 Flag.EXIT in self.flags and
 self.can_exit_to_port_all_ips(port))
@@ -455,7 +455,7 @@ class RelayList:
 
 def exits_not_bad_allowing_port(self, port):
 return [r for r in self.exits
-if r.is_exit_not_bad_allowing_port(port)]
+if r.is_exit_not_bad_allowing_port_all_ips(port)]
 
 def increment_recent_measurement_attempt(self):
 """



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix: relaylist: Add methods to obtain exits that

[juga]

commit 55b76a84b9da3d13f2d2616cb83a29e4726b8a67
Author: juga0 
Date:   Tue Feb 2 11:46:21 2021 +

fix: relaylist: Add methods to obtain exits that

can exit to some IPs.
To use them in the cases it will be more convenient.
---
 sbws/lib/relaylist.py | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 863689e..3ff1f73 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -219,11 +219,34 @@ class Relay:
 return False
 return False
 
+def can_exit_to_port_some_ips(self, port):
+"""
+Returns True if the relay has an exit policy and the policy accepts
+exiting to the given port and some public IPs or False otherwise.
+"""
+assert isinstance(port, int)
+try:
+if self.exit_policy:
+# Not using argument `strict`, to know whether it can exit
+# some public IPs, though not all.
+return (
+self.exit_policy.strip_private()
+.can_exit_to(port=port)
+)
+except TypeError:
+return False
+return False
+
 def is_exit_not_bad_allowing_port_all_ips(self, port):
 return (Flag.BADEXIT not in self.flags and
 Flag.EXIT in self.flags and
 self.can_exit_to_port_all_ips(port))
 
+def is_exit_not_bad_allowing_port_some_ips(self, port):
+return (Flag.BADEXIT not in self.flags and
+Flag.EXIT in self.flags and
+self.can_exit_to_port_some_ips(port))
+
 def increment_relay_recent_measurement_attempt(self):
 """
 Increment The number of times that a relay has been queued
@@ -457,6 +480,10 @@ class RelayList:
 return [r for r in self.exits
 if r.is_exit_not_bad_allowing_port_all_ips(port)]
 
+def exits_not_bad_allowing_port_some_ips(self, port):
+return [r for r in self.exits
+if r.is_exit_not_bad_allowing_port_some_ips(port)]
+
 def increment_recent_measurement_attempt(self):
 """
 Increment the number of times that any relay has been queued to be



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix: scanner: extract method to create paths

[juga]

commit fa9314123b702feee230f7974bfbad2d783d8365
Author: juga0 
Date:   Tue Feb 2 11:56:05 2021 +

fix: scanner: extract method to create paths

because `measure_relay` method is too long, confusing and we have had
several bugs in this part of the code.
---
 sbws/core/scanner.py | 42 ++
 1 file changed, 26 insertions(+), 16 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 2736059..228ad74 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -244,6 +244,27 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 return chosen
 
 
+def create_path_relay_as_entry(relay, dest, rl, cb):
+circ_fps = nicknames = []
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=True)
+if helper:
+circ_fps = [relay.fingerprint, helper.fingerprint]
+nicknames = [relay.nickname, helper.nickname]
+return helper, circ_fps, nicknames
+
+
+def create_path_relay_as_exit(relay, dest, rl, cb):
+circ_fps = nicknames = []
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=False)
+if helper:
+circ_fps = [helper.fingerprint, relay.fingerprint]
+# stored for debugging
+nicknames = [helper.nickname, relay.nickname]
+return helper, circ_fps, nicknames
+
+
 def measure_relay(args, conf, destinations, cb, rl, relay):
 """
 Select a Web server, a relay to build the circuit,
@@ -295,18 +316,11 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 helper = None
 circ_fps = None
 if relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=False)
-if helper:
-circ_fps = [helper.fingerprint, relay.fingerprint]
-# stored for debugging
-nicknames = [helper.nickname, relay.nickname]
+helper, circ_fps, nicknames = create_path_relay_as_exit(
+relay, dest, rl, cb)
 else:
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=True)
-if helper:
-circ_fps = [relay.fingerprint, helper.fingerprint]
-nicknames = [relay.nickname, helper.nickname]
+helper, circ_fps, nicknames = create_path_relay_as_entry(
+relay, dest, rl, cb)
 if not helper:
 reason = 'Unable to select a second relay'
 log.debug(reason + ' to help measure %s (%s)',
@@ -323,11 +337,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # If that's the case, try again using them as 2nd hop.
 # We could reuse the helper, but it does not need to be an exit now,
 # so choose other again.
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=False)
-if helper:
-circ_fps = [helper.fingerprint, relay.fingerprint]
-nicknames = [helper.nickname, relay.nickname]
+create_path_relay_as_exit(relay, dest, rl, cb)
 circ_id, reason = cb.build_circuit(circ_fps)
 if not circ_id:
 log.debug('Could not build circuit with path %s (%s): %s ',



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/master] fix: relaylist: rename can_exit_to_port

[juga]

commit 1014bac294d03790c15bec1bff21e9ca9802acdb
Author: juga0 
Date:   Tue Feb 2 11:15:02 2021 +

fix: relaylist: rename can_exit_to_port

to can_exit_to_port_all_ips, because it's using `strict`, which means
that it allows to exit to all IPs.
It seems more convenient to try first with exits that allow to
exit to some IPs and only try a second time if that fails, because
there are more.
---
 sbws/lib/relaylist.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index ba0b176..5eef4aa 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -178,7 +178,7 @@ class Relay:
 """Number of times the relay was in a conensus."""
 return len(self.relay_in_recent_consensus)
 
-def can_exit_to_port(self, port):
+def can_exit_to_port_all_ips(self, port):
 """
 Returns True if the relay has an exit policy and the policy accepts
 exiting to the given portself or False otherwise.
@@ -192,7 +192,7 @@ class Relay:
 # When the attribute is gotten in getattr(self._desc, "exit_policy"),
 # is possible that stem's _input_rules is None and raises an exception
 # (#29899):
-#   File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 
117, in can_exit_to_port  # noqa
+#   File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 
117, in can_exit_to_port_all_ips  # noqa
 # if not self.exit_policy:
 #   File "/usr/lib/python3/dist-packages/stem/exit_policy.py", line 
512, in __len__  # noqa
 # return len(self._get_rules())
@@ -222,7 +222,7 @@ class Relay:
 def is_exit_not_bad_allowing_port(self, port):
 return (Flag.BADEXIT not in self.flags and
 Flag.EXIT in self.flags and
-self.can_exit_to_port(port))
+self.can_exit_to_port_all_ips(port))
 
 def increment_relay_recent_measurement_attempt(self):
 """



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] Merge remote-tracking branch 'gitlab/merge-requests/61' into maint-1.1

[juga]

commit 3e4ccb90ea64b391d0003bb72f17d513845680ae
Merge: e375cd2 d0a0202
Author: Georg Koppen 
Date:   Mon Feb 22 17:12:18 2021 +

Merge remote-tracking branch 'gitlab/merge-requests/61' into maint-1.1

 docs/source/activity_measure.puml   |  30 +++
 docs/source/how_works.rst   |  12 ++-
 docs/source/images/activity_measure.svg |  42 +
 sbws/core/scanner.py| 145 ++--
 sbws/lib/relaylist.py   |  35 +---
 5 files changed, 204 insertions(+), 60 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: test: Add chutney configuration

[juga]

commit 212047f4c4601d263078cde4338060704d026d78
Author: juga0 
Date:   Thu Dec 17 15:30:11 2020 +

fix: test: Add chutney configuration

and scripts to run the integration tests with chutney.
It does not replace yet the way integration tests are run.
---
 .gitignore |  1 +
 tests/integration/chutney_data/bwscanner   | 15 +
 .../integration/chutney_data/client_bwscanner.tmpl | 23 +++
 tests/integration/chutney_data/non-exit.tmpl   |  4 
 tests/integration/chutney_data/relay-MAB.tmpl  |  4 
 tests/integration/chutney_data/relay-MBR.tmpl  |  4 
 tests/integration/run.sh   | 14 
 tests/integration/start_chutney.sh | 26 ++
 tests/integration/stop_chutney.sh  | 10 +
 9 files changed, 101 insertions(+)

diff --git a/.gitignore b/.gitignore
index 9903d5d..744436b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@ htmlcov
 dist
 build
 *.lockfile
+chutney
diff --git a/tests/integration/chutney_data/bwscanner 
b/tests/integration/chutney_data/bwscanner
new file mode 100644
index 000..6506bc3
--- /dev/null
+++ b/tests/integration/chutney_data/bwscanner
@@ -0,0 +1,15 @@
+# By default, Authorities are not configured as exits
+Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl")
+NonExitRelay = Node(tag="m", relay=1, exit=0, torrc="non-exit.tmpl")
+ExitRelay = Node(tag="r", relay=1, exit=1, torrc="relay.tmpl")
+Client = Node(tag="c", client=1, torrc="client_bwscanner.tmpl")
+RelayMAB = Node(tag="relay1mbyteMAB", relay=1, torrc="relay-MAB.tmpl")
+RelayMBR = Node(tag="relay1mbyteMBR", relay=1, torrc="relay-MBR.tmpl")
+
+NODES = Authority.getN(3) + \
+  NonExitRelay.getN(9) + \
+  ExitRelay.getN(3) + Client.getN(1)
+
+# RelayMBR.getN(1) + RelayMAB.getN(1) + \
+
+ConfigureNodes(NODES)
diff --git a/tests/integration/chutney_data/client_bwscanner.tmpl 
b/tests/integration/chutney_data/client_bwscanner.tmpl
new file mode 100644
index 000..dc6d0d8
--- /dev/null
+++ b/tests/integration/chutney_data/client_bwscanner.tmpl
@@ -0,0 +1,23 @@
+${include:common.i}
+SocksPort $socksport
+
+#NOTE: Setting TestingClientConsensusDownloadSchedule doesn't
+#  help -- dl_stats.schedule is not DL_SCHED_CONSENSUS
+#  at boostrap time.
+# Try to download after:
+# the minimum initial consensus time to start with,
+# a few eager fetches,
+# then half the minimum testing consensus interval
+#TestingClientDownloadSchedule 0, 5
+#TestingClientConsensusDownloadSchedule 0, 5
+#ControlPort 8015
+UseEntryGuards 0
+UseMicroDescriptors 0
+FetchDirInfoEarly 1
+FetchDirInfoExtraEarly 1
+FetchUselessDescriptors 1
+LearnCircuitBuildTimeout 0
+CircuitBuildTimeout 60
+ConnectionPadding 0
+__DisablePredictedCircuits 1
+__LeaveStreamsUnattached 1
diff --git a/tests/integration/chutney_data/non-exit.tmpl 
b/tests/integration/chutney_data/non-exit.tmpl
new file mode 100644
index 000..25d8806
--- /dev/null
+++ b/tests/integration/chutney_data/non-exit.tmpl
@@ -0,0 +1,4 @@
+${include:relay-non-exit.tmpl}
+
+ExitRelay 0
+ExitPolicy reject *:*
diff --git a/tests/integration/chutney_data/relay-MAB.tmpl 
b/tests/integration/chutney_data/relay-MAB.tmpl
new file mode 100644
index 000..28bc6a7
--- /dev/null
+++ b/tests/integration/chutney_data/relay-MAB.tmpl
@@ -0,0 +1,4 @@
+${include:non-exit.tmpl}
+
+Nickname relay1mbyteMAB
+MaxAdvertisedBandwidth 1 MBytes
diff --git a/tests/integration/chutney_data/relay-MBR.tmpl 
b/tests/integration/chutney_data/relay-MBR.tmpl
new file mode 100644
index 000..946600b
--- /dev/null
+++ b/tests/integration/chutney_data/relay-MBR.tmpl
@@ -0,0 +1,4 @@
+${include:non-exit.tmpl}
+
+Nickname relay1mbyteMBR
+RelayBandwidthRate 1 MBytes
diff --git a/tests/integration/run.sh b/tests/integration/run.sh
new file mode 100755
index 000..e870b50
--- /dev/null
+++ b/tests/integration/run.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+set -x
+
+tests/integration/start_chutney.sh
+python3 scripts/tools/sbws-http-server.py --port 2 &>/dev/null &
+sleep 1
+wget -O/dev/null http://127.0.0.1:2/sbws.bin
+# Run actually the scanner
+sbws -c tests/integration/sbws_testnet.ini scanner
+sbws -c tests/integration/sbws_testnet.ini generate
+# Run integration tests
+coverage run -a --rcfile=.coveragerc --source=sbws -m pytest -s 
tests/integration -vv
+sbws -c tests/integration/sbws_testnet.ini cleanup
+tests/integration/stop_chutney.sh
diff --git a/tests/integration/start_chutney.sh 
b/tests/integration/start_chutney.sh
new file mode 100755
index 000..04f9641
--- /dev/null
+++ b/tests/integration/start_chutney.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+set -x
+
+CURRENT_DIR=`pwd`
+CHUTNEY_DIR=${1:-./chutney}
+
+# If chutney dir already exists, this will fail but it doesn't matter.
+git clone https://git.torproject.org/chutney.git $CHUTNEY_DIR
+
+cp tests/integration/chutney_data/bwscanner 

[tor-commits] [sbws/maint-1.1] fix: tests: Run integration tests with chutney

[juga]

commit 5b8c47a1e3af95357381191106d1c9fd7d060852
Author: juga0 
Date:   Thu Dec 17 15:36:50 2020 +

fix: tests: Run integration tests with chutney

and adapt the tests to pass.
\o/

Closes: #40008.
---
 sbws/lib/relaylist.py  |   5 +-
 tests/integration/conftest.py  |  10 +-
 tests/integration/core/test_scanner.py |   2 +
 tests/integration/lib/test_circuitbuilder.py   |  20 +--
 tests/integration/lib/test_destination.py  |   6 +-
 tests/integration/lib/test_relaylist.py|  16 +--
 tests/integration/lib/test_relayprioritizer.py |  30 ++---
 tests/integration/net/auth1/fingerprint|   1 -
 .../net/auth1/keys/authority_certificate   |  45 ---
 .../net/auth1/keys/authority_identity_key  |  41 ---
 .../net/auth1/keys/authority_signing_key   |  27 
 .../net/auth1/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes
 .../net/auth1/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes
 .../net/auth1/keys/ed25519_signing_cert| Bin 172 -> 0 bytes
 .../net/auth1/keys/ed25519_signing_secret_key  | Bin 96 -> 0 bytes
 tests/integration/net/auth1/keys/secret_id_key |  15 ---
 tests/integration/net/auth1/keys/secret_onion_key  |  15 ---
 .../net/auth1/keys/secret_onion_key_ntor   | Bin 96 -> 0 bytes
 tests/integration/net/auth1/torrc  |  33 -
 tests/integration/net/auth2/fingerprint|   1 -
 .../net/auth2/keys/authority_certificate   |  45 ---
 .../net/auth2/keys/authority_identity_key  |  41 ---
 .../net/auth2/keys/authority_signing_key   |  27 
 .../net/auth2/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes
 .../net/auth2/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes
 .../net/auth2/keys/ed25519_signing_cert| Bin 172 -> 0 bytes
 .../net/auth2/keys/ed25519_signing_secret_key  | Bin 96 -> 0 bytes
 tests/integration/net/auth2/keys/secret_id_key |  15 ---
 tests/integration/net/auth2/keys/secret_onion_key  |  15 ---
 .../net/auth2/keys/secret_onion_key_ntor   | Bin 96 -> 0 bytes
 tests/integration/net/auth2/torrc  |  33 -
 tests/integration/net/auth3/fingerprint|   1 -
 .../net/auth3/keys/authority_certificate   |  45 ---
 .../net/auth3/keys/authority_identity_key  |  41 ---
 .../net/auth3/keys/authority_signing_key   |  27 
 .../net/auth3/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes
 .../net/auth3/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes
 .../net/auth3/keys/ed25519_signing_cert| Bin 172 -> 0 bytes
 .../net/auth3/keys/ed25519_signing_secret_key  | Bin 96 -> 0 bytes
 tests/integration/net/auth3/keys/secret_id_key |  15 ---
 tests/integration/net/auth3/keys/secret_onion_key  |  15 ---
 .../net/auth3/keys/secret_onion_key_ntor   | Bin 96 -> 0 bytes
 tests/integration/net/auth3/torrc  |  33 -
 tests/integration/net/exit1/fingerprint|   1 -
 .../net/exit1/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes
 .../net/exit1/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes
 .../net/exit1/keys/ed25519_signing_cert| Bin 172 -> 0 bytes
 .../net/exit1/keys/ed25519_signing_secret_key  | Bin 96 -> 0 bytes
 tests/integration/net/exit1/keys/secret_id_key |  15 ---
 tests/integration/net/exit1/keys/secret_onion_key  |  15 ---
 .../net/exit1/keys/secret_onion_key_ntor   | Bin 96 -> 0 bytes
 tests/integration/net/exit1/torrc  |  26 
 tests/integration/net/exit2/fingerprint|   1 -
 .../net/exit2/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes
 .../net/exit2/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes
 .../net/exit2/keys/ed25519_signing_cert| Bin 172 -> 0 bytes
 .../net/exit2/keys/ed25519_signing_secret_key  | Bin 96 -> 0 bytes
 tests/integration/net/exit2/keys/secret_id_key |  15 ---
 tests/integration/net/exit2/keys/secret_onion_key  |  15 ---
 .../net/exit2/keys/secret_onion_key_ntor   | Bin 96 -> 0 bytes
 tests/integration/net/exit2/torrc  |  26 
 tests/integration/net/exit3/fingerprint|   1 -
 .../net/exit3/keys/ed25519_master_id_public_key| Bin 64 -> 0 bytes
 .../net/exit3/keys/ed25519_master_id_secret_key| Bin 96 -> 0 bytes
 .../net/exit3/keys/ed25519_signing_cert| Bin 172 -> 0 bytes
 .../net/exit3/keys/ed25519_signing_secret_key  | Bin 96 -> 0 bytes
 tests/integration/net/exit3/keys/secret_id_key |  15 ---
 tests/integration/net/exit3/keys/secret_onion_key  |  15 ---
 .../net/exit3/keys/secret_onion_key_ntor   | Bin 96 -> 0 bytes
 tests/integration/net/exit3/torrc  |  26 
 tests/integration/net/relay1/fingerprint   |   1 -
 

[tor-commits] [sbws/maint-1.1] fix: resultdump: Check that the error has a circuit

[juga]

commit e375cd28c8e19e3e9660547b134ef7759ad21e3f
Author: juga0 
Date:   Tue Feb 9 10:42:34 2021 +

fix: resultdump: Check that the error has a circuit

Because if the error is not a circuit error, it does not have that
attribute.
---
 sbws/lib/resultdump.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sbws/lib/resultdump.py b/sbws/lib/resultdump.py
index 6673e9a..b287242 100644
--- a/sbws/lib/resultdump.py
+++ b/sbws/lib/resultdump.py
@@ -794,8 +794,9 @@ class ResultDump:
 result.dest_url, result.msg)
 # The result doesn't store the exit policies, so it can't be logged
 # whether it was an exit.
-as_exit = result.circ[1] == result.fingerprint
-msg += ". As exit." if as_exit else ". As entry."
+if result.circ:
+as_exit = result.circ[1] == result.fingerprint
+msg += ". As exit." if as_exit else ". As entry."
 # When the error is that there are not more functional destinations.
 if result.type == "error-destination":
 log.info("Shutting down because there are not functional "



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] chg: stem: Set default torrc options

[juga]

commit 5f5f968a5fc65ea334b96e6deeda934980b371e6
Author: juga0 
Date:   Thu Dec 17 15:09:39 2020 +

chg: stem: Set default torrc options

when connecting to an external tor and they are not already set.
---
 sbws/util/stem.py | 38 +++---
 1 file changed, 35 insertions(+), 3 deletions(-)

diff --git a/sbws/util/stem.py b/sbws/util/stem.py
index 4e8f321..9fea31f 100644
--- a/sbws/util/stem.py
+++ b/sbws/util/stem.py
@@ -161,6 +161,16 @@ def parse_user_torrc_config(torrc, torrc_text):
 return torrc_dict
 
 
+def set_torrc_starting_point(controller):
+"""Set the torrc starting point options."""
+for k, v in TORRC_STARTING_POINT.items():
+try:
+controller.set_conf(k, v)
+except (ControllerError, InvalidRequest, InvalidArguments) as e:
+log.exception("Error setting option %s, %s: %s", k, v, e)
+exit(1)
+
+
 def set_torrc_runtime_options(controller):
 """Set torrc options at runtime."""
 try:
@@ -228,16 +238,16 @@ def launch_tor(conf):
 
 
 def launch_or_connect_to_tor(conf):
-# If connecting to an existing controller, there is no need to configure
-# own tor.
 cont = init_controller(conf)
 if not cont:
 cont = launch_tor(conf)
+else:
+if not is_torrc_starting_point_set(cont):
+set_torrc_starting_point(cont)
 # Set options that can fail at runtime
 set_torrc_options_can_fail(cont)
 # Set runtime options
 set_torrc_runtime_options(cont)
-
 log.info('Started or connected to Tor %s.', cont.get_version())
 return cont
 
@@ -293,3 +303,25 @@ def circuit_str(controller, circ_id):
 return '[' +\
 ' -> '.join(['{} ({})'.format(n, fp[0:8]) for fp, n in circ.path]) +\
 ']'
+
+
+def is_torrc_starting_point_set(tor_controller):
+"""Verify that the tor controller has the correct configuration.
+
+When connecting to a tor controller that has not been launched by sbws,
+it should have been configured to work with sbws.
+
+"""
+bad_options = False
+torrc = TORRC_STARTING_POINT
+for k, v in torrc.items():
+value_set = tor_controller.get_conf(k)
+if v != value_set:
+log.exception(
+"Uncorrectly configured %s, should be %s, is %s",
+k, v, value_set
+)
+bad_options = True
+if not bad_options:
+log.info("Tor is correctly configured to work with sbws.")
+return bad_options



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: stem: Move torrc option that does not depend on config

[juga]

commit 2d5a6b65704857b8abde4a867f0f6590c181325c
Author: juga0 
Date:   Thu Dec 17 14:40:36 2020 +

fix: stem: Move torrc option that does not depend on config

It seems we forgot this option when refactoring in #28738.
---
 sbws/globals.py   | 6 +-
 sbws/util/stem.py | 4 
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/sbws/globals.py b/sbws/globals.py
index 2434685..f5b3ec6 100644
--- a/sbws/globals.py
+++ b/sbws/globals.py
@@ -40,7 +40,11 @@ TORRC_STARTING_POINT = {
 'FetchDirInfoEarly': '1',
 'FetchDirInfoExtraEarly': '1',
 # To make Tor keep fetching descriptors, even when idle.
-'FetchUselessDescriptors': '1'
+'FetchUselessDescriptors': '1',
+# Things needed to make circuits fail a little faster. We get the
+# circuit_timeout as a string instead of an int on purpose: stem only
+# accepts strings.
+'LearnCircuitBuildTimeout': '0',
 }
 # Options that need to be set at runtime.
 TORRC_RUNTIME_OPTIONS = {
diff --git a/sbws/util/stem.py b/sbws/util/stem.py
index 5835237..4e8f321 100644
--- a/sbws/util/stem.py
+++ b/sbws/util/stem.py
@@ -206,10 +206,6 @@ def launch_tor(conf):
 'NOTICE file {}'.format(os.path.join(conf.getpath('tor', 'log'),
  'notice.log')),
 ],
-# Things needed to make circuits fail a little faster. We get the
-# circuit_timeout as a string instead of an int on purpose: stem only
-# accepts strings.
-'LearnCircuitBuildTimeout': '0',
 'CircuitBuildTimeout': conf['general']['circuit_timeout'],
 })
 



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: stem: Remove torrc option that is the default

[juga]

commit 15da07d6a447d8310354124f6020b4cf74b75488
Author: juga0 
Date:   Thu Dec 17 14:37:58 2020 +

fix: stem: Remove torrc option that is the default

to avoid conflict when comparing the options that should be set and the
ones are set, since the SocksPort will be differently in chutney.
---
 docs/source/config_tor.rst | 1 -
 sbws/globals.py| 3 ---
 2 files changed, 4 deletions(-)

diff --git a/docs/source/config_tor.rst b/docs/source/config_tor.rst
index e609468..b204ca2 100644
--- a/docs/source/config_tor.rst
+++ b/docs/source/config_tor.rst
@@ -9,7 +9,6 @@ connection to an existing Tor daemon.
 
 Default configuration:
 
-- ``SocksPort auto``: To proxy requests over Tor.
 - ``CookieAuthentication 1``: The easiest way to authenticate to Tor.
 - ``UseEntryGuards 0``: To avoid path bias warnings.
 - ``UseMicrodescriptors 0``: Because full server descriptors are needed.
diff --git a/sbws/globals.py b/sbws/globals.py
index 2e4481c..2434685 100644
--- a/sbws/globals.py
+++ b/sbws/globals.py
@@ -22,9 +22,6 @@ SPEC_VERSION = '1.5.0'
 # Options that are known at runtime (from configuration file) are added
 # in utils/stem.py launch_tor
 TORRC_STARTING_POINT = {
-# We will find out via the ControlPort and not setting something static
-# means a lower chance of conflict
-'SocksPort': 'auto',
 # Easier than password authentication
 'CookieAuthentication': '1',
 # To avoid path bias warnings



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix:scanner: Rm condition assigning helper

[juga]

commit 72b43570589d10a668039341895948ded0f1bfd7
Author: juga0 
Date:   Tue Feb 9 13:08:44 2021 +

fix:scanner: Rm condition assigning helper
---
 sbws/core/scanner.py | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 97829f4..5fd917a 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -267,12 +267,12 @@ def error_no_helper(relay, dest, our_nick=""):
 
 
 def create_path_relay(relay, dest, rl, cb, relay_as_entry=True):
-if relay_as_entry:
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=True)
-else:
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=False)
+# the helper `is_exit` arg (should be better called `helper_as_exit`),
+# is True when the relay is the entry (helper has to be exit)
+# and False when the relay is not the entry, ie. is the exit (helper does
+# not have to be an exit)
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=relay_as_entry)
 if not helper:
 return error_no_helper(relay, dest)
 if relay_as_entry:



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: CI: Make wget quiet

[juga]

commit d0a0202f47b5e019f08c0b4b285b4f2cb6a87352
Author: juga0 
Date:   Wed Feb 10 09:30:39 2021 +

fix: CI: Make wget quiet

to avoid many lines of non useful text the CI.
---
 tox.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tox.ini b/tox.ini
index f0aadaf..51daeba 100644
--- a/tox.ini
+++ b/tox.ini
@@ -56,7 +56,7 @@ commands =
 bash -c "time python3 {envtmpdir}/net/wait.py 
{envtmpdir}/net/{auth,relay,exit}*"
 bash -c "python3 {toxinidir}/scripts/tools/sbws-http-server.py --port 
2 &>/dev/null &"
 sleep 1
-wget -O/dev/null http://127.0.0.1:2/sbws.bin
+wget -qO/dev/null http://127.0.0.1:2/sbws.bin
 ; Run actually the scanner
 mkdir -p /tmp/.sbws
 ; This add around 3min more to the tests



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] minor: scanner: Change logic creating the path

[juga]

commit 294fc29786c47fbffac62cbbebdfad3186906fe3
Author: juga0 
Date:   Tue Feb 2 13:07:57 2021 +

minor: scanner: Change logic creating the path

When the relay is not an exit, instead of choosing exits that can
exit to all IPs, try with exits that can exit to some IPs, since the
relay will be measured again with a different exit in other loop.

When the relay is an exit, instead of ensuring it can exit all IPs, try
using it as exit if it can exit to some IPs.
If it fails connecting to the Web server, then try a 2nd time using it
as entry to avoid that it will fail in all loops if there is only one
Web server, cause it will be used again as an exit.

Also, the helper exits don't need to be able to exit all IPs. When a
helper exit fails to exit (maybe cause it can not exit to the Web
sever IP), it's not a problem cause in a next loop other exit will be
choosen.

This change of logic also solves the bug where non exits were being
used as exits, because we were trying to measure again a relay that
was used as entry, because it could not exit all IPs, which includes
also the non exits.

Closes: #40041.
---
 sbws/core/scanner.py  | 50 ---
 tests/integration/lib/test_destination.py |  6 ++--
 2 files changed, 43 insertions(+), 13 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index aa17452..1499264 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -209,8 +209,14 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 destination **dest**, pick a second relay that is or is not an exit
 according to **is_exit**.
 '''
-candidates = rl.exits_not_bad_allowing_port_all_ips(dest.port) if is_exit \
-else rl.non_exits
+# 40041: Instead of using exits that can exit to all IPs, to ensure that
+# they can make requests to the Web servers, try with the exits that
+# allow some IPs, since there're more.
+# In the case that a concrete exit can't exit to the Web server, it is not
+# a problem since the relay will be measured in the next loop with other
+# random exit.
+candidates = rl.exits_not_bad_allowing_port_some_ips(dest.port) \
+if is_exit else rl.non_exits
 if not len(candidates):
 return None
 min_relay_bw = rl.exit_min_bw() if is_exit else rl.non_exit_min_bw()
@@ -332,20 +338,20 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 
 # Pick a relay to help us measure the given relay. If the given relay is an
 # exit, then pick a non-exit. Otherwise pick an exit.
-if relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
+# Instead of ensuring that the relay can exit to all IPs, try first with
+# the relay as an exit, if it can exit to some IPs.
+if relay.is_exit_not_bad_allowing_port_some_ips(dest.port):
 circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb)
 else:
 circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)
-if not circ_id and relay.fingerprint == circ_fps[0]:
-# We detected that some exits fail to build circuits as 1st hop.
-# If that's the case, try again using them as 2nd hop.
-# We could reuse the helper, but it does not need to be an exit now,
-# so choose other again.
-create_path_relay_as_exit(relay, dest, rl, cb)
-circ_id, reason = cb.build_circuit(circ_fps)
+
+# If the circuit failed to get created, bad luck, it will be created again
+# with other helper.
+# Here we won't have the case that an exit tried to build the circuit as
+# entry and failed (#40029), cause not checking that it can exit all IPs.
 if not circ_id:
 return error_no_circuit(circ_fps, nicknames, reason, relay, dest,
 our_nick)
@@ -354,6 +360,30 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # Make a connection to the destination
 is_usable, usable_data = connect_to_destination_over_circuit(
 dest, circ_id, s, cb.controller, dest._max_dl)
+
+# In the case that the relay was used as an exit, but could not exit
+# to the Web server, try again using it as entry, to avoid that it would
+# always fail when there's only one Web server.
+if not is_usable and \
+relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
+log.info(
+"Exit %s (%s) that can't exit all ips failed to connect to "
+" %s via circuit %s (%s). Trying again with it as entry.",
+relay.fingerprint, relay.nickname, dest, circ_fps, nicknames)
+circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
+circ_id, reason = cb.build_circuit(circ_fps)
+if not circ_id:
+log.warning(
+  

[tor-commits] [sbws/maint-1.1] fix: doc: Add relay measure activity diagram

[juga]

commit 78c4091538493604e2d9749bc0e93bbb968d0b1a
Author: juga0 
Date:   Wed Feb 3 12:05:49 2021 +

fix: doc: Add relay measure activity diagram
---
 docs/source/activity_measure.puml   | 30 +++
 docs/source/how_works.rst   | 12 +-
 docs/source/images/activity_measure.svg | 42 +
 3 files changed, 83 insertions(+), 1 deletion(-)

diff --git a/docs/source/activity_measure.puml 
b/docs/source/activity_measure.puml
new file mode 100644
index 000..f553cb1
--- /dev/null
+++ b/docs/source/activity_measure.puml
@@ -0,0 +1,30 @@
+@startuml
+
+start
+
+if (exit?) then (yes)
+  :[h, r];
+else (no)
+  :[r, h];
+endif
+if (circuit?) then (yes)
+:stream;
+if (no stream and [h, r]) then (yes)
+:[r, h] (r is exit);
+if (circuit?) then (yes)
+:stream;
+else (no)
+:WARN;
+:ErrorCircuit;
+endif
+endif
+if (no stream) then (yes)
+:ErrorStream;
+endif
+else (no)
+:ErrorCircuit;
+endif
+
+stop
+
+@enduml
diff --git a/docs/source/how_works.rst b/docs/source/how_works.rst
index 24f8689..f4b1ae0 100644
--- a/docs/source/how_works.rst
+++ b/docs/source/how_works.rst
@@ -73,6 +73,16 @@ Measuring relays
 
 Source code: :func:`sbws.core.scanner.measure_relay`
 
+Measuring a relay
+~
+
+.. image:: ./images/activity_measure.svg
+   :alt: activity measuring a relay
+   :height: 300px
+   :align: center
+
+Source code: :func:`sbws.core.scanner.measure_relay`
+
 Selecting a second relay
 
 
@@ -165,4 +175,4 @@ The bandwidth file format is defined in the 
bandwidth_file_spec_.
 .. _requests: http://docs.python-requests.org/
 .. _peerflow: 
https://www.nrl.navy.mil/itd/chacs/sites/www.nrl.navy.mil.itd.chacs/files/pdfs/16-1231-4353.pdf
 .. _torflow_scaling: 
https://gitweb.torproject.org/torflow.git/tree/NetworkScanners/BwAuthority/README.spec.txt#n298
-.. _bandwidth_file_spec: 
https://gitweb.torproject.org/torspec.git/tree/bandwidth-file-spec.txt
\ No newline at end of file
+.. _bandwidth_file_spec: 
https://gitweb.torproject.org/torspec.git/tree/bandwidth-file-spec.txt
diff --git a/docs/source/images/activity_measure.svg 
b/docs/source/images/activity_measure.svg
new file mode 100644
index 000..a278ce7
--- /dev/null
+++ b/docs/source/images/activity_measure.svg
@@ -0,0 +1,42 @@
+http://www.w3.org/2000/svg; xmlns:xlink="http://www.w3.org/1999/xlink; 
contentScriptType="application/ecmascript" contentStyleType="text/css" 
height="783px" preserveAspectRatio="none" style="width:337px;height:783px;" 
version="1.1" viewBox="0 0 337 783" width="337px" 
zoomAndPan="magnify">exit?yesno[h, 
r][r, 
h]circuit?yesnostream[r, h] (r is exit)circuit?yesnostreamWARNErrorCircuityesno stream and [h, r]ErrorStreamyesno streamErrorCircuit
\ No newline at end of file



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: scanner: remove relay to measure as helper

[juga]

commit 50377680448d66bc95a09fc5333da9465bd1b791
Author: juga0 
Date:   Mon Feb 8 16:24:11 2021 +

fix: scanner: remove relay to measure as helper
---
 sbws/core/scanner.py | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index c7ee1ee..40e3093 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -219,6 +219,12 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 if is_exit else rl.non_exits
 if not len(candidates):
 return None
+# In the case the helper is an exit, the entry could be an exit too
+# (#40041), so ensure the helper is not the same as the entry, likely to
+# happen in a test network.
+if is_exit:
+candidates = [c for c in candidates
+  if c.fingerprint != relay.fingerprint]
 min_relay_bw = rl.exit_min_bw() if is_exit else rl.non_exit_min_bw()
 log.debug('Picking a 2nd hop to measure %s from %d choices. is_exit=%s',
   relay.nickname, len(candidates), is_exit)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix:scanner: Move as_entry/as_exit into one function

[juga]

commit 8846c32a500515fc3d5d094a6ff5b0777f2c30fb
Author: juga0 
Date:   Tue Feb 9 12:57:36 2021 +

fix:scanner: Move as_entry/as_exit into one function

since they're similar code
---
 sbws/core/scanner.py | 39 +++
 1 file changed, 19 insertions(+), 20 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 40e3093..97829f4 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -266,25 +266,24 @@ def error_no_helper(relay, dest, our_nick=""):
 ]
 
 
-def create_path_relay_as_entry(relay, dest, rl, cb):
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=True)
-if not helper:
-return error_no_helper(relay, dest)
-circ_fps = [relay.fingerprint, helper.fingerprint]
-nicknames = [relay.nickname, helper.nickname]
-return circ_fps, nicknames, helper.exit_policy
-
-
-def create_path_relay_as_exit(relay, dest, rl, cb):
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=False)
+def create_path_relay(relay, dest, rl, cb, relay_as_entry=True):
+if relay_as_entry:
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=True)
+else:
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=False)
 if not helper:
 return error_no_helper(relay, dest)
-circ_fps = [helper.fingerprint, relay.fingerprint]
-# stored for debugging
-nicknames = [helper.nickname, relay.nickname]
-return circ_fps, nicknames, relay.exit_policy
+if relay_as_entry:
+circ_fps = [relay.fingerprint, helper.fingerprint]
+nicknames = [relay.nickname, helper.nickname]
+exit_policy = helper.exit_policy
+else:
+circ_fps = [helper.fingerprint, relay.fingerprint]
+nicknames = [helper.nickname, relay.nickname]
+exit_policy = relay.exit_policy
+return circ_fps, nicknames, exit_policy
 
 
 def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick):
@@ -348,10 +347,10 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 # the relay as an exit, if it can exit to some IPs.
 if relay.is_exit_not_bad_allowing_port(dest.port):
 circ_fps, nicknames, exit_policy = \
-create_path_relay_as_exit(relay, dest, rl, cb)
+create_path_relay(relay, dest, rl, cb, relay_as_entry=False)
 else:
 circ_fps, nicknames, exit_policy = \
-create_path_relay_as_entry(relay, dest, rl, cb)
+create_path_relay(relay, dest, rl, cb)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)
@@ -380,7 +379,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 "with it as entry.", relay.fingerprint, relay.nickname,
 exit_policy, dest.url, circ_fps, nicknames, usable_data)
 circ_fps, nicknames, exit_policy = \
-create_path_relay_as_entry(relay, dest, rl, cb)
+create_path_relay(relay, dest, rl, cb)
 circ_id, reason = cb.build_circuit(circ_fps)
 if not circ_id:
 log.warning(



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: relaylist: Remove duplicated can exit methods

[juga]

commit cd9f82fbbe6ec4205fa3c8695cd277a03da39833
Author: juga0 
Date:   Mon Feb 8 15:04:58 2021 +

fix: relaylist: Remove duplicated can exit methods

After refactoring and making clear when we were using exit(s) that can
exit to all public IPs (and a port) or only some, refactor them
removing the duplicated code and adding the `strict` argument.
---
 sbws/core/scanner.py  |  8 ++--
 sbws/lib/relaylist.py | 64 +++
 tests/integration/lib/test_destination.py |  6 +--
 3 files changed, 29 insertions(+), 49 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 1499264..903f09f 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -215,7 +215,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 # In the case that a concrete exit can't exit to the Web server, it is not
 # a problem since the relay will be measured in the next loop with other
 # random exit.
-candidates = rl.exits_not_bad_allowing_port_some_ips(dest.port) \
+candidates = rl.exits_not_bad_allowing_port(dest.port) \
 if is_exit else rl.non_exits
 if not len(candidates):
 return None
@@ -340,7 +340,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # exit, then pick a non-exit. Otherwise pick an exit.
 # Instead of ensuring that the relay can exit to all IPs, try first with
 # the relay as an exit, if it can exit to some IPs.
-if relay.is_exit_not_bad_allowing_port_some_ips(dest.port):
+if relay.is_exit_not_bad_allowing_port(dest.port):
 circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb)
 else:
 circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
@@ -365,7 +365,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # to the Web server, try again using it as entry, to avoid that it would
 # always fail when there's only one Web server.
 if not is_usable and \
-relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
+relay.is_exit_not_bad_allowing_port(dest.port):
 log.info(
 "Exit %s (%s) that can't exit all ips failed to connect to "
 " %s via circuit %s (%s). Trying again with it as entry.",
@@ -377,7 +377,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 "Exit %s (%s) that can't exit all ips, failed to create "
 " circuit as entry: %s (%s).", relay.fingerprint,
 relay.nickname, circ_fps, nicknames)
-return error_no_circuit(relay, circ_fps, nicknames, reason, dest,
+return error_no_circuit(circ_fps, nicknames, reason, relay, dest,
 our_nick)
 
 log.debug('Built circuit with path %s (%s) to measure %s (%s)',
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 3ff1f73..9c6d12a 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -178,21 +178,32 @@ class Relay:
 """Number of times the relay was in a conensus."""
 return len(self.relay_in_recent_consensus)
 
-def can_exit_to_port_all_ips(self, port):
+def can_exit_to_port(self, port, strict=False):
 """
 Returns True if the relay has an exit policy and the policy accepts
-exiting to the given portself or False otherwise.
+exiting to the given port or False otherwise.
+
+If ``strict`` is true, it only returns the exits that can exit to all
+IPs and that port.
 
 The exits that are IPv6 only or IPv4 but rejecting some public networks
 will return false.
 On July 2020, there were 67 out of 1095 exits like this.
+
+If ``strict`` is false, it returns any exit that can exit to some
+public IPs and that port.
+
+Note that the EXIT flag exists when the relay can exit to 443 **and**
+80. Currently all Web servers are using 443, so it would not be needed
+to check the EXIT flag too, using this function.
+
 """
 assert isinstance(port, int)
 # if dind't get the descriptor, there isn't exit policy
 # When the attribute is gotten in getattr(self._desc, "exit_policy"),
 # is possible that stem's _input_rules is None and raises an exception
 # (#29899):
-#   File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 
117, in can_exit_to_port_all_ips  # noqa
+#   File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 
117, in can_exit_to_port  # noqa
 # if not self.exit_policy:
 #   File "/usr/lib/python3/dist-packages/stem/exit_policy.py", line 
512, in __len__  # noqa
 # return len(self._get_rules())
@@ -202,50 +213,23 @@ class Relay:
 # Therefore, catch the exception here.
 try:
 if self.exit_policy:
-# Using `strict` to ensure it 

[tor-commits] [sbws/maint-1.1] minor: scanner: move checking helper to methods

[juga]

commit 3d8cf6f801ab42a12d9efd58ba41e697c34b1ef9
Author: juga0 
Date:   Tue Feb 2 12:07:03 2021 +

minor: scanner: move checking helper to methods

`helper` variable is only used to return error, therefore move it to
the methods that create the path and return the error there.
`our_nick` is not useful for the log, since it is always the same, but
not removing it here.
---
 sbws/core/scanner.py | 27 ++-
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 4ca7430..e18bddb 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -244,7 +244,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 return chosen
 
 
-def error_no_helper(relay, dest, our_nick):
+def error_no_helper(relay, dest, our_nick=""):
 reason = 'Unable to select a second relay'
 log.debug(reason + ' to help measure %s (%s)',
   relay.fingerprint, relay.nickname)
@@ -255,25 +255,24 @@ def error_no_helper(relay, dest, our_nick):
 
 
 def create_path_relay_as_entry(relay, dest, rl, cb):
-circ_fps = nicknames = []
 helper = _pick_ideal_second_hop(
 relay, dest, rl, cb.controller, is_exit=True)
 if not helper:
-return error_no_helper(relay, dest, our_nick)
+return error_no_helper(relay, dest)
 circ_fps = [relay.fingerprint, helper.fingerprint]
 nicknames = [relay.nickname, helper.nickname]
 return helper, circ_fps, nicknames
 
 
 def create_path_relay_as_exit(relay, dest, rl, cb):
-circ_fps = nicknames = []
 helper = _pick_ideal_second_hop(
 relay, dest, rl, cb.controller, is_exit=False)
-if helper:
-circ_fps = [helper.fingerprint, relay.fingerprint]
-# stored for debugging
-nicknames = [helper.nickname, relay.nickname]
-return helper, circ_fps, nicknames
+if not helper:
+return error_no_helper(relay, dest)
+circ_fps = [helper.fingerprint, relay.fingerprint]
+# stored for debugging
+nicknames = [helper.nickname, relay.nickname]
+return circ_fps, nicknames
 
 
 def measure_relay(args, conf, destinations, cb, rl, relay):
@@ -324,16 +323,10 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 
 # Pick a relay to help us measure the given relay. If the given relay is an
 # exit, then pick a non-exit. Otherwise pick an exit.
-helper = None
-circ_fps = None
 if relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
-helper, circ_fps, nicknames = create_path_relay_as_exit(
-relay, dest, rl, cb)
+circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb)
 else:
-helper, circ_fps, nicknames = create_path_relay_as_entry(
-relay, dest, rl, cb)
-if not helper:
-return error_no_helper(relay, dest, our_nick)
+circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: scanner: extract method to create paths

[juga]

commit fa9314123b702feee230f7974bfbad2d783d8365
Author: juga0 
Date:   Tue Feb 2 11:56:05 2021 +

fix: scanner: extract method to create paths

because `measure_relay` method is too long, confusing and we have had
several bugs in this part of the code.
---
 sbws/core/scanner.py | 42 ++
 1 file changed, 26 insertions(+), 16 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 2736059..228ad74 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -244,6 +244,27 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 return chosen
 
 
+def create_path_relay_as_entry(relay, dest, rl, cb):
+circ_fps = nicknames = []
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=True)
+if helper:
+circ_fps = [relay.fingerprint, helper.fingerprint]
+nicknames = [relay.nickname, helper.nickname]
+return helper, circ_fps, nicknames
+
+
+def create_path_relay_as_exit(relay, dest, rl, cb):
+circ_fps = nicknames = []
+helper = _pick_ideal_second_hop(
+relay, dest, rl, cb.controller, is_exit=False)
+if helper:
+circ_fps = [helper.fingerprint, relay.fingerprint]
+# stored for debugging
+nicknames = [helper.nickname, relay.nickname]
+return helper, circ_fps, nicknames
+
+
 def measure_relay(args, conf, destinations, cb, rl, relay):
 """
 Select a Web server, a relay to build the circuit,
@@ -295,18 +316,11 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 helper = None
 circ_fps = None
 if relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=False)
-if helper:
-circ_fps = [helper.fingerprint, relay.fingerprint]
-# stored for debugging
-nicknames = [helper.nickname, relay.nickname]
+helper, circ_fps, nicknames = create_path_relay_as_exit(
+relay, dest, rl, cb)
 else:
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=True)
-if helper:
-circ_fps = [relay.fingerprint, helper.fingerprint]
-nicknames = [relay.nickname, helper.nickname]
+helper, circ_fps, nicknames = create_path_relay_as_entry(
+relay, dest, rl, cb)
 if not helper:
 reason = 'Unable to select a second relay'
 log.debug(reason + ' to help measure %s (%s)',
@@ -323,11 +337,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # If that's the case, try again using them as 2nd hop.
 # We could reuse the helper, but it does not need to be an exit now,
 # so choose other again.
-helper = _pick_ideal_second_hop(
-relay, dest, rl, cb.controller, is_exit=False)
-if helper:
-circ_fps = [helper.fingerprint, relay.fingerprint]
-nicknames = [helper.nickname, relay.nickname]
+create_path_relay_as_exit(relay, dest, rl, cb)
 circ_id, reason = cb.build_circuit(circ_fps)
 if not circ_id:
 log.debug('Could not build circuit with path %s (%s): %s ',



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: scanner: extract method on circuit error

[juga]

commit 53141148f4b82df8e34e2757172e7403791a0c86
Author: juga0 
Date:   Tue Feb 2 12:13:42 2021 +

fix: scanner: extract method on circuit error

At some point all possible errors should be exceptions.
---
 sbws/core/scanner.py | 17 +++--
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index e18bddb..aa17452 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -275,6 +275,15 @@ def create_path_relay_as_exit(relay, dest, rl, cb):
 return circ_fps, nicknames
 
 
+def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick):
+log.debug('Could not build circuit with path %s (%s): %s ',
+  circ_fps, nicknames, reason)
+return [
+ResultErrorCircuit(relay, circ_fps, dest.url, our_nick,
+   msg=reason),
+]
+
+
 def measure_relay(args, conf, destinations, cb, rl, relay):
 """
 Select a Web server, a relay to build the circuit,
@@ -338,12 +347,8 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 create_path_relay_as_exit(relay, dest, rl, cb)
 circ_id, reason = cb.build_circuit(circ_fps)
 if not circ_id:
-log.debug('Could not build circuit with path %s (%s): %s ',
-  circ_fps, nicknames, reason)
-return [
-ResultErrorCircuit(relay, circ_fps, dest.url, our_nick,
-   msg=reason),
-]
+return error_no_circuit(circ_fps, nicknames, reason, relay, dest,
+our_nick)
 log.debug('Built circuit with path %s (%s) to measure %s (%s)',
   circ_fps, nicknames, relay.fingerprint, relay.nickname)
 # Make a connection to the destination



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: scanner: extract method for not helper case

[juga]

commit 119d91108a45aa71b80e71f41dc86df0729991a8
Author: juga0 
Date:   Tue Feb 2 11:59:41 2021 +

fix: scanner: extract method for not helper case
---
 sbws/core/scanner.py | 25 +++--
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 228ad74..4ca7430 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -244,13 +244,24 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, 
is_exit):
 return chosen
 
 
+def error_no_helper(relay, dest, our_nick):
+reason = 'Unable to select a second relay'
+log.debug(reason + ' to help measure %s (%s)',
+  relay.fingerprint, relay.nickname)
+return [
+ResultErrorSecondRelay(relay, [], dest.url, our_nick,
+   msg=reason),
+]
+
+
 def create_path_relay_as_entry(relay, dest, rl, cb):
 circ_fps = nicknames = []
 helper = _pick_ideal_second_hop(
 relay, dest, rl, cb.controller, is_exit=True)
-if helper:
-circ_fps = [relay.fingerprint, helper.fingerprint]
-nicknames = [relay.nickname, helper.nickname]
+if not helper:
+return error_no_helper(relay, dest, our_nick)
+circ_fps = [relay.fingerprint, helper.fingerprint]
+nicknames = [relay.nickname, helper.nickname]
 return helper, circ_fps, nicknames
 
 
@@ -322,13 +333,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 helper, circ_fps, nicknames = create_path_relay_as_entry(
 relay, dest, rl, cb)
 if not helper:
-reason = 'Unable to select a second relay'
-log.debug(reason + ' to help measure %s (%s)',
-  relay.fingerprint, relay.nickname)
-return [
-ResultErrorSecondRelay(relay, [], dest.url, our_nick,
-   msg=reason),
-]
+return error_no_helper(relay, dest, our_nick)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: scanner: log exit policy when stream fails

[juga]

commit a570a707ec898cf59bdd12d3a8b20d25ce9459fd
Author: juga0 
Date:   Mon Feb 8 16:21:53 2021 +

fix: scanner: log exit policy when stream fails
---
 sbws/core/scanner.py | 33 -
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 903f09f..c7ee1ee 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -267,7 +267,7 @@ def create_path_relay_as_entry(relay, dest, rl, cb):
 return error_no_helper(relay, dest)
 circ_fps = [relay.fingerprint, helper.fingerprint]
 nicknames = [relay.nickname, helper.nickname]
-return helper, circ_fps, nicknames
+return circ_fps, nicknames, helper.exit_policy
 
 
 def create_path_relay_as_exit(relay, dest, rl, cb):
@@ -278,7 +278,7 @@ def create_path_relay_as_exit(relay, dest, rl, cb):
 circ_fps = [helper.fingerprint, relay.fingerprint]
 # stored for debugging
 nicknames = [helper.nickname, relay.nickname]
-return circ_fps, nicknames
+return circ_fps, nicknames, relay.exit_policy
 
 
 def error_no_circuit(circ_fps, nicknames, reason, relay, dest, our_nick):
@@ -341,9 +341,11 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # Instead of ensuring that the relay can exit to all IPs, try first with
 # the relay as an exit, if it can exit to some IPs.
 if relay.is_exit_not_bad_allowing_port(dest.port):
-circ_fps, nicknames = create_path_relay_as_exit(relay, dest, rl, cb)
+circ_fps, nicknames, exit_policy = \
+create_path_relay_as_exit(relay, dest, rl, cb)
 else:
-circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
+circ_fps, nicknames, exit_policy = \
+create_path_relay_as_entry(relay, dest, rl, cb)
 
 # Build the circuit
 circ_id, reason = cb.build_circuit(circ_fps)
@@ -367,10 +369,12 @@ def measure_relay(args, conf, destinations, cb, rl, 
relay):
 if not is_usable and \
 relay.is_exit_not_bad_allowing_port(dest.port):
 log.info(
-"Exit %s (%s) that can't exit all ips failed to connect to "
-" %s via circuit %s (%s). Trying again with it as entry.",
-relay.fingerprint, relay.nickname, dest, circ_fps, nicknames)
-circ_fps, nicknames = create_path_relay_as_entry(relay, dest, rl, cb)
+"Exit %s (%s) that can't exit all ips, with exit policy %s, failed"
+" to connect to %s via circuit %s (%s). Reason: %s. Trying again "
+"with it as entry.", relay.fingerprint, relay.nickname,
+exit_policy, dest.url, circ_fps, nicknames, usable_data)
+circ_fps, nicknames, exit_policy = \
+create_path_relay_as_entry(relay, dest, rl, cb)
 circ_id, reason = cb.build_circuit(circ_fps)
 if not circ_id:
 log.warning(
@@ -385,8 +389,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 is_usable, usable_data = connect_to_destination_over_circuit(
 dest, circ_id, s, cb.controller, dest._max_dl)
 if not is_usable:
-log.debug('Destination %s unusable via circuit %s (%s), %s',
-  dest.url, circ_fps, nicknames, usable_data)
+log.debug('Failed to connect to %s to measure %s (%s) via circuit '
+  '%s (%s). Exit policy: %s. Reason: %s.', dest.url,
+  relay.fingerprint, relay.nickname, circ_fps, nicknames,
+  exit_policy, usable_data)
 cb.close_circuit(circ_id)
 return [
 ResultErrorStream(relay, circ_fps, dest.url, our_nick,
@@ -410,9 +416,10 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 bw_results, reason = measure_bandwidth_to_server(
 s, conf, dest, usable_data['content_length'])
 if bw_results is None:
-log.debug('Unable to measure bandwidth for %s (%s) to %s via circuit '
-  '%s (%s): %s', relay.fingerprint, relay.nickname,
-  dest.url, circ_fps, nicknames, reason)
+log.debug('Failed to measure %s (%s) via circuit %s (%s) to %s. Exit'
+  ' policy: %s. Reason: %s.', relay.fingerprint,
+  relay.nickname, circ_fps, nicknames, dest.url, exit_policy,
+  reason)
 cb.close_circuit(circ_id)
 return [
 ResultErrorStream(relay, circ_fps, dest.url, our_nick,



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: relaylist: rename exits_not_bad_allowing_port

[juga]

commit 3e2e6c7e77a041fb0dd31b993945ef7da766ea9c
Author: juga0 
Date:   Tue Feb 2 11:40:04 2021 +

fix: relaylist: rename exits_not_bad_allowing_port

see previous commit
---
 sbws/core/scanner.py  | 2 +-
 sbws/lib/relaylist.py | 2 +-
 tests/integration/lib/test_destination.py | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 20f1b83..2736059 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -209,7 +209,7 @@ def _pick_ideal_second_hop(relay, dest, rl, cont, is_exit):
 destination **dest**, pick a second relay that is or is not an exit
 according to **is_exit**.
 '''
-candidates = rl.exits_not_bad_allowing_port(dest.port) if is_exit \
+candidates = rl.exits_not_bad_allowing_port_all_ips(dest.port) if is_exit \
 else rl.non_exits
 if not len(candidates):
 return None
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 86e0d7b..863689e 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -453,7 +453,7 @@ class RelayList:
 """Number of times a new consensus was obtained."""
 return len(self._recent_consensus)
 
-def exits_not_bad_allowing_port(self, port):
+def exits_not_bad_allowing_port_all_ips(self, port):
 return [r for r in self.exits
 if r.is_exit_not_bad_allowing_port_all_ips(port)]
 
diff --git a/tests/integration/lib/test_destination.py 
b/tests/integration/lib/test_destination.py
index 98ed89f..19f6617 100644
--- a/tests/integration/lib/test_destination.py
+++ b/tests/integration/lib/test_destination.py
@@ -26,7 +26,7 @@ def 
test_connect_to_destination_over_circuit_success(persistent_launch_tor,
 relay = [r for r in rl.relays
  if r.nickname == 'relay1mbyteMAB'][0]
 # Choose an exit, for this test it does not matter the bandwidth
-helper = rl.exits_not_bad_allowing_port(destination.port)[0]
+helper = rl.exits_not_bad_allowing_port_all_ips(destination.port)[0]
 circuit_path = [relay.fingerprint, helper.fingerprint]
 # build a circuit
 circuit_id, _ = cb.build_circuit(circuit_path)
@@ -46,7 +46,7 @@ def 
test_connect_to_destination_over_circuit_fail(persistent_launch_tor,
 relay = [r for r in rl.relays
  if r.nickname == 'relay1mbyteMAB'][0]
 # Choose an exit, for this test it does not matter the bandwidth
-helper = rl.exits_not_bad_allowing_port(bad_destination.port)[0]
+helper = rl.exits_not_bad_allowing_port_all_ips(bad_destination.port)[0]
 circuit_path = [relay.fingerprint, helper.fingerprint]
 # Build a circuit.
 circuit_id, _ = cb.build_circuit(circuit_path)
@@ -75,7 +75,7 @@ def test_functional_destinations(conf, cb, rl, 
persistent_launch_tor):
 relay = [r for r in rl.relays
  if r.nickname == 'relay1mbyteMAB'][0]
 # Choose an exit, for this test it does not matter the bandwidth
-helper = rl.exits_not_bad_allowing_port(bad_destination.port)[0]
+helper = rl.exits_not_bad_allowing_port_all_ips(bad_destination.port)[0]
 circuit_path = [relay.fingerprint, helper.fingerprint]
 # Build a circuit.
 circuit_id, _ = cb.build_circuit(circuit_path)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: relaylist: rename can_exit_to_port

[juga]

commit 1014bac294d03790c15bec1bff21e9ca9802acdb
Author: juga0 
Date:   Tue Feb 2 11:15:02 2021 +

fix: relaylist: rename can_exit_to_port

to can_exit_to_port_all_ips, because it's using `strict`, which means
that it allows to exit to all IPs.
It seems more convenient to try first with exits that allow to
exit to some IPs and only try a second time if that fails, because
there are more.
---
 sbws/lib/relaylist.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index ba0b176..5eef4aa 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -178,7 +178,7 @@ class Relay:
 """Number of times the relay was in a conensus."""
 return len(self.relay_in_recent_consensus)
 
-def can_exit_to_port(self, port):
+def can_exit_to_port_all_ips(self, port):
 """
 Returns True if the relay has an exit policy and the policy accepts
 exiting to the given portself or False otherwise.
@@ -192,7 +192,7 @@ class Relay:
 # When the attribute is gotten in getattr(self._desc, "exit_policy"),
 # is possible that stem's _input_rules is None and raises an exception
 # (#29899):
-#   File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 
117, in can_exit_to_port  # noqa
+#   File "/usr/lib/python3/dist-packages/sbws/lib/relaylist.py", line 
117, in can_exit_to_port_all_ips  # noqa
 # if not self.exit_policy:
 #   File "/usr/lib/python3/dist-packages/stem/exit_policy.py", line 
512, in __len__  # noqa
 # return len(self._get_rules())
@@ -222,7 +222,7 @@ class Relay:
 def is_exit_not_bad_allowing_port(self, port):
 return (Flag.BADEXIT not in self.flags and
 Flag.EXIT in self.flags and
-self.can_exit_to_port(port))
+self.can_exit_to_port_all_ips(port))
 
 def increment_relay_recent_measurement_attempt(self):
 """



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: relaylist: Add methods to obtain exits that

[juga]

commit 55b76a84b9da3d13f2d2616cb83a29e4726b8a67
Author: juga0 
Date:   Tue Feb 2 11:46:21 2021 +

fix: relaylist: Add methods to obtain exits that

can exit to some IPs.
To use them in the cases it will be more convenient.
---
 sbws/lib/relaylist.py | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 863689e..3ff1f73 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -219,11 +219,34 @@ class Relay:
 return False
 return False
 
+def can_exit_to_port_some_ips(self, port):
+"""
+Returns True if the relay has an exit policy and the policy accepts
+exiting to the given port and some public IPs or False otherwise.
+"""
+assert isinstance(port, int)
+try:
+if self.exit_policy:
+# Not using argument `strict`, to know whether it can exit
+# some public IPs, though not all.
+return (
+self.exit_policy.strip_private()
+.can_exit_to(port=port)
+)
+except TypeError:
+return False
+return False
+
 def is_exit_not_bad_allowing_port_all_ips(self, port):
 return (Flag.BADEXIT not in self.flags and
 Flag.EXIT in self.flags and
 self.can_exit_to_port_all_ips(port))
 
+def is_exit_not_bad_allowing_port_some_ips(self, port):
+return (Flag.BADEXIT not in self.flags and
+Flag.EXIT in self.flags and
+self.can_exit_to_port_some_ips(port))
+
 def increment_relay_recent_measurement_attempt(self):
 """
 Increment The number of times that a relay has been queued
@@ -457,6 +480,10 @@ class RelayList:
 return [r for r in self.exits
 if r.is_exit_not_bad_allowing_port_all_ips(port)]
 
+def exits_not_bad_allowing_port_some_ips(self, port):
+return [r for r in self.exits
+if r.is_exit_not_bad_allowing_port_some_ips(port)]
+
 def increment_recent_measurement_attempt(self):
 """
 Increment the number of times that any relay has been queued to be



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: resultdump: Log if relay was measured as exit

[juga]

commit beaf6de889bc75d53a6b0b90d12ab85aa0db56a0
Author: juga0 
Date:   Wed Feb 3 13:15:45 2021 +

fix: resultdump: Log if relay was measured as exit

or entry.

Closes #40048
---
 sbws/lib/resultdump.py | 4 
 1 file changed, 4 insertions(+)

diff --git a/sbws/lib/resultdump.py b/sbws/lib/resultdump.py
index 542837e..6673e9a 100644
--- a/sbws/lib/resultdump.py
+++ b/sbws/lib/resultdump.py
@@ -792,6 +792,10 @@ class ResultDump:
   "destination {}: {}".format(
 result.fingerprint, result.nickname, result.circ,
 result.dest_url, result.msg)
+# The result doesn't store the exit policies, so it can't be logged
+# whether it was an exit.
+as_exit = result.circ[1] == result.fingerprint
+msg += ". As exit." if as_exit else ". As entry."
 # When the error is that there are not more functional destinations.
 if result.type == "error-destination":
 log.info("Shutting down because there are not functional "



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [sbws/maint-1.1] fix: relaylist: rename is_exit_not_bad_allowing_port

[juga]

commit 33a5909f57271a67ef0d9d88c1d7799d341d5ece
Author: juga0 
Date:   Tue Feb 2 11:38:12 2021 +

fix: relaylist: rename is_exit_not_bad_allowing_port

see previous commit
---
 sbws/core/scanner.py  | 2 +-
 sbws/lib/relaylist.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/sbws/core/scanner.py b/sbws/core/scanner.py
index 312993a..20f1b83 100644
--- a/sbws/core/scanner.py
+++ b/sbws/core/scanner.py
@@ -294,7 +294,7 @@ def measure_relay(args, conf, destinations, cb, rl, relay):
 # exit, then pick a non-exit. Otherwise pick an exit.
 helper = None
 circ_fps = None
-if relay.is_exit_not_bad_allowing_port(dest.port):
+if relay.is_exit_not_bad_allowing_port_all_ips(dest.port):
 helper = _pick_ideal_second_hop(
 relay, dest, rl, cb.controller, is_exit=False)
 if helper:
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 5eef4aa..86e0d7b 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -219,7 +219,7 @@ class Relay:
 return False
 return False
 
-def is_exit_not_bad_allowing_port(self, port):
+def is_exit_not_bad_allowing_port_all_ips(self, port):
 return (Flag.BADEXIT not in self.flags and
 Flag.EXIT in self.flags and
 self.can_exit_to_port_all_ips(port))
@@ -455,7 +455,7 @@ class RelayList:
 
 def exits_not_bad_allowing_port(self, port):
 return [r for r in self.exits
-if r.is_exit_not_bad_allowing_port(port)]
+if r.is_exit_not_bad_allowing_port_all_ips(port)]
 
 def increment_recent_measurement_attempt(self):
 """



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/communitytpo-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot

[translation]

commit cbe7cf3b8ff29613a4af7ed59ed5b8b1a022e467
Author: Translation commit bot 
Date:   Tue Feb 23 04:15:15 2021 +


https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot
---
 contents+ka.po | 21 +
 1 file changed, 21 insertions(+)

diff --git a/contents+ka.po b/contents+ka.po
index 2cc41ebbf6..0129bb8776 100644
--- a/contents+ka.po
+++ b/contents+ka.po
@@ -11690,6 +11690,13 @@ msgid ""
 "works and has occasionally attributed illegal traffic on the network as "
 "originating from a Tor exit relay."
 msgstr ""
+"ჩვენ მიგვაჩნია, რომ 
Tor-გადამცემის გაშვება, მათ შორ
ის გამსვლელი კვანძისაც, "
+"რომლებიც ხალხს ვინაობის 
გაუმხელად მონაცემების 
გაგზავნისა და მიღების "
+"საშუალებას აძლევს, 
დაშვებულია ა.შ.შ-ს კანონით. 
თუმცა სამართალდამცველები, "
+"[ხშირად არასწორად 
იგებენ](https://www.eff.org/wp/unreliable-informants-ip-;
+"addresses-digital-tips-and-police-raids), როგორ 
მუშაობს Tor და ხანდახან, "
+"ქსელში უკანონოდ გატარებულ 
მონაცემებს მიაკუთვნებენ 
ხოლმე Tor-ის იმ გამსვლელ "
+"კვანძს, რომლიდანაც კავშირი 
მომდინარეობს."
 
 #: https//community.torproject.org/relay/community-resources/eff-tor-legal-faq/
 #: 
(content/relay-operations/community-resources/eff-tor-legal-faq/contents+en.lrpage.body)
@@ -11698,6 +11705,10 @@ msgid ""
 "sometimes [seizing computer](https://www.eff.org/deeplinks/2011/08/why-ip-;
 "addresses-alone-dont-identify-criminals) equipment, including Tor relays."
 msgstr ""
+"შედეგად, პოლიციას ეჭვი 
მიაქვს Tor-გადამცემების 
გამშვებთა დანაშაულზე და "
+"ზოგჯერ ადგილი აქვს 
[კომპიუტერული ტექნიკის "
+"ჩამორ
თმევასაც](https://www.eff.org/deeplinks/2011/08/why-ip-addresses-alone-;
+"dont-identify-criminals), მათ შორის 
Tor-გადამცემებისა."
 
 #: https//community.torproject.org/relay/community-resources/eff-tor-legal-faq/
 #: 
(content/relay-operations/community-resources/eff-tor-legal-faq/contents+en.lrpage.body)
@@ -11848,6 +11859,8 @@ msgid ""
 "If you are detained and questioned by police, you have a right to request to"
 " speak with an attorney before and during any questioning."
 msgstr ""
+"თუ დაგაკავებთ ან 
გამოგკითხავთ პოლიცია, თქვენ 
გაქვთ უფლება მოითხოვოთ "
+"წარმომადგენლის ან ადვოკატის 
თანდასწრებით დაკითხვა."
 
 #: https//community.torproject.org/relay/community-resources/eff-tor-legal-faq/
 #: 
(content/relay-operations/community-resources/eff-tor-legal-faq/contents+en.lrpage.body)
@@ -11855,6 +11868,9 @@ msgid ""
 "It is best to say \"I want my attorney and I choose to remain silent\" and "
 "then refuse questioning until you have a chance to talk to a lawyer."
 msgstr ""
+"უმჯობესია განაცხადოთ 
„მოვითხოვ ჩემს ადვოკატს და 
ვიყენებ დუმილის უფლებას“ და "
+"შემდეგ უარი თქვათ 
გამოკითხვაზე, სანამ არ 
მოგეცემათ სამარ
თალმცოდნესთან "
+"გასაუბრების საშუალება."
 
 #: https//community.torproject.org/relay/community-resources/eff-tor-legal-faq/
 #: 
(content/relay-operations/community-resources/eff-tor-legal-faq/contents+en.lrpage.body)
@@ -11862,6 +11878,8 @@ msgid ""
 "However, if you do decide to waive your right to the assistance of counsel "
 "and answer questions without an attorney present, be sure to tell the truth."
 msgstr ""
+"თუმცაღა, თუ გადაწყვეტთ უარი 
თქვათ თქვენს უფლებაზე 
დაიხმაროთ მრჩეველი და "
+"პასუხი გასცეთ კითხვებს 
ადვოკატის დაუსწრებლად, 
შეეცადეთ სიმართლე უთხრათ."
 
 #: 

[tor-commits] [translation/communitytpo-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot

[translation]

commit e081246f9291f50fcf2f3dcd2d2519503b6a5236
Author: Translation commit bot 
Date:   Tue Feb 23 03:45:12 2021 +


https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot
---
 contents+ka.po | 27 +++
 1 file changed, 27 insertions(+)

diff --git a/contents+ka.po b/contents+ka.po
index 1b4b17dd90..2cc41ebbf6 100644
--- a/contents+ka.po
+++ b/contents+ka.po
@@ -8488,6 +8488,8 @@ msgid ""
 "2. If they come back positively, ask them if they are OK with an IP range "
 "reassignment."
 msgstr ""
+"2. დადებითი რეაქციის 
შემთხვევაში, ჰკითხეთ, თანახმა 
თუ არიან IP-შუალედის "
+"გადანაცვლების."
 
 #: 
https//community.torproject.org/relay/community-resources/tor-exit-guidelines/
 #: 
(content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body)
@@ -8496,6 +8498,10 @@ msgid ""
 "organization filled with security professionals, and that all will be good, "
 "and why IP reassignment helps reduce their workload."
 msgstr ""
+"თუ არა, შეგიძლიათ მაინც 
აუხსნათ, რომ საქმე ეხება არ
ამომგებიან სერიოზულ "
+"დაწესებულებას, უსაფრთხოების 
ბევრი სპეციალისტით, რომ ეს 
ყველაფერი დიდ "
+"სარგებელს მოიტანს და განუმარ
ტეთ, თუ რატომ დაეხმარება IP-ის 
გადანაცვლების "
+"შესაძლებლობა, დატვირთვის არ
იდებაში."
 
 #: 
https//community.torproject.org/relay/community-resources/tor-exit-guidelines/
 #: 
(content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body)
@@ -8631,6 +8637,9 @@ msgid ""
 "liability, and in general it helps to appear bigger than you are (and less "
 "likely to get raided)."
 msgstr ""
+"არჩეული ფორმის მიხედვით, 
სამართლებრივ პირად დარეგისტრ
ირება შესაძლოა "
+"დაგეხმაროთ 
პასუხისმგებლობის საკითხებში 
და ზოგადად, წარმოგაჩენთ უფრო "
+"გავლენიანად (და ნაკლებად 
გაუჩენს სხვებს თავდასხმის 
სურვილს)."
 
 #: 
https//community.torproject.org/relay/community-resources/tor-exit-guidelines/
 #: 
(content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body)
@@ -8638,6 +8647,8 @@ msgid ""
 "The people from Torservers.net in Germany found a lawyer who would agree to "
 "\"host\" them inside his office."
 msgstr ""
+"გერმანიაში Torservers.net-ის წარ
მომადგენლებმა მონახეს სამარ
თალმცოდნე, "
+"რომელიც დათანხმდა თავის 
ოფისში „განთავსებაზე“."
 
 #: 
https//community.torproject.org/relay/community-resources/tor-exit-guidelines/
 #: 
(content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body)
@@ -8654,6 +8665,7 @@ msgid ""
 "The setup process was easy and cheap. Similar setups probably exist for your"
 " country."
 msgstr ""
+"რეგისტრაციის პროცესი იყო მარ
ტივი და იაფი. სხვა ქვეყნებშიც 
მსგავსად იქნება."
 
 #: 
https//community.torproject.org/relay/community-resources/tor-exit-guidelines/
 #: 
(content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body)
@@ -8661,6 +8673,9 @@ msgid ""
 "Another benefit of an association-like structure is that it might still work"
 " even when you leave, if you manage to find successors."
 msgstr ""
+"კიდევ ერთი უპირატესობა გაერ
თიანების მსგავსი 
საზოგადოებისა ისაა, რომ მისი "
+"მუშაობა შესაძლებელია გაგრ
ძელდეს თქვენი წამოსვლის 
შემდეგაც, თუ სათანადო "
+"მემკვიდრეს იპოვით."
 
 #: 
https//community.torproject.org/relay/community-resources/tor-exit-guidelines/
 #: 
(content/relay-operations/community-resources/tor-exit-guidelines/contents+en.lrpage.body)
@@ -8676,6 +8691,10 @@ msgid ""
 "police-stuttgart) -- they're typically overwhelmed by their jobs 

[tor-commits] [translation/communitytpo-contentspot_completed] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot_completed

[translation]

commit e2419206c7752e2055027d6a43d25e59265e82a8
Author: Translation commit bot 
Date:   Mon Feb 22 21:15:21 2021 +


https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot_completed
---
 contents+es-AR.po | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/contents+es-AR.po b/contents+es-AR.po
index 2b2b8bad31..58dd5cd9c1 100644
--- a/contents+es-AR.po
+++ b/contents+es-AR.po
@@ -4490,7 +4490,7 @@ msgid ""
 "The Tor network is composed by over 6000 relays, but exit relays are a "
 "scarce resource and only represents 1/6 of all the network."
 msgstr ""
-"La red Tor está compuesta por más de 6000 repatidores, pero los de salida "
+"La red Tor está compuesta por más de 6000 repetidores, pero los de salida "
 "son un recurso escaso, y representan solamente 1/6 de toda la red."
 
 #: https//community.torproject.org/onion-services/talk/
@@ -5172,7 +5172,7 @@ msgid ""
 "ask for their consent to participate - this should be recorded or registered"
 " in the form."
 msgstr ""
-"No recopilamos nombres o detalles de contacto de participantes de "
+"No recopilamos nombres o detalles de contacto de participantes en "
 "entrevistas, y cada vez que vayas a recibir impresiones, encuestas o "
 "registros, deberías solicitar su consentimiento para participar - esto "
 "debería ser registrado en el formulario."

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/communitytpo-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot

[translation]

commit 087973dbc023c2f2cb725c4902ab7671815d5e67
Author: Translation commit bot 
Date:   Mon Feb 22 21:15:12 2021 +


https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot
---
 contents+es-AR.po |   4 +--
 contents+es.po| 101 +++---
 2 files changed, 53 insertions(+), 52 deletions(-)

diff --git a/contents+es-AR.po b/contents+es-AR.po
index 2b2b8bad31..58dd5cd9c1 100644
--- a/contents+es-AR.po
+++ b/contents+es-AR.po
@@ -4490,7 +4490,7 @@ msgid ""
 "The Tor network is composed by over 6000 relays, but exit relays are a "
 "scarce resource and only represents 1/6 of all the network."
 msgstr ""
-"La red Tor está compuesta por más de 6000 repatidores, pero los de salida "
+"La red Tor está compuesta por más de 6000 repetidores, pero los de salida "
 "son un recurso escaso, y representan solamente 1/6 de toda la red."
 
 #: https//community.torproject.org/onion-services/talk/
@@ -5172,7 +5172,7 @@ msgid ""
 "ask for their consent to participate - this should be recorded or registered"
 " in the form."
 msgstr ""
-"No recopilamos nombres o detalles de contacto de participantes de "
+"No recopilamos nombres o detalles de contacto de participantes en "
 "entrevistas, y cada vez que vayas a recibir impresiones, encuestas o "
 "registros, deberías solicitar su consentimiento para participar - esto "
 "debería ser registrado en el formulario."
diff --git a/contents+es.po b/contents+es.po
index 6fd0d57d21..3ea05470cb 100644
--- a/contents+es.po
+++ b/contents+es.po
@@ -4534,7 +4534,7 @@ msgstr ""
 #: (content/onion-services/talk/contents+en.lrpage.body)
 msgid "### Privacy by design or an onion a day, keeps the surveillance away"
 msgstr ""
-"### La privacidad por diseño o un onion por día, mantienen lejos a la "
+"### La privacidad por diseño o un onion cada día, mantienen lejos a la "
 "censura"
 
 #: https//community.torproject.org/onion-services/talk/
@@ -4601,7 +4601,7 @@ msgstr ""
 #: https//community.torproject.org/onion-services/talk/
 #: (content/onion-services/talk/contents+en.lrpage.body)
 msgid "* SecureDrop case"
-msgstr "* SecureDrop case"
+msgstr "* Caso de SecureDrop"
 
 #: https//community.torproject.org/onion-services/talk/
 #: (content/onion-services/talk/contents+en.lrpage.body)
@@ -4610,9 +4610,9 @@ msgid ""
 "SecureDrop to allow sources and whistleblowers to safely transmit sensitive "
 "files."
 msgstr ""
-"ProPublica and several other journalism and human rights organizations use "
-"SecureDrop to allow sources and whistleblowers to safely transmit sensitive "
-"files."
+"ProPublica y varias otras organizaciones de periodismo y derechos humanos "
+"usan SecureDrop para permitirles a las fuentes e informantes transmitir con "
+"seguridad archivos delicados."
 
 #: https//community.torproject.org/onion-services/talk/
 #: (content/onion-services/talk/contents+en.lrpage.body)
@@ -4647,7 +4647,7 @@ msgstr "Más Onions: 
https://blog.torproject.org/more-onions-porfavor;
 msgid ""
 "Now that you know all the benefits of onion services, you may want to set up"
 msgstr ""
-"Ahora que conocés todos los beneficios de los servicios onion, podrías "
+"Ahora que conoces todos los beneficios de los servicios onion, podrías "
 "querer configurarlos"
 
 #: https//community.torproject.org/onion-services/advanced/
@@ -4661,7 +4661,7 @@ msgid ""
 "Learn more about how to configure client authentication, Onion-Location and "
 "more tips to secure your onion service."
 msgstr ""
-"Aprendé más acerca de cómo configurar autenticación de cliente, Onion-"
+"Aprende más acerca de cómo configurar autenticación de cliente, Onion-"
 "Location y más consejos para asegurar tu servicio onion."
 
 #: https//community.torproject.org/onion-services/advanced/
@@ -4913,8 +4913,8 @@ msgid ""
 "don't know how to enable or find your log file.)"
 msgstr ""
 "Típicamente, hay errores de sintaxis en torrc, o permisos de directorio "
-"incorrectos (Mirá la entrada [PMF de "
-"registros](https://www.torproject.org/docs/faq#Logs) si no sabés cómo "
+"incorrectos (Mira la entrada [PMF de "
+"registros](https://www.torproject.org/docs/faq#Logs) si no sabes cómo "
 "habilitar o encontrar tu archivo de registro)."
 
 #: https//community.torproject.org/onion-services/setup/
@@ -4996,7 +4996,7 @@ msgid ""
 "If you plan to keep your service available for a long time, you might want "
 "to make a backup copy of the `private_key` file somewhere."
 msgstr ""
-"Si planeás mantener tu servicio disponible por un largo tiempo, podrías "
+"Si planeas mantener tu servicio disponible por un largo tiempo, podrías "
 "querer hacer una copia de respaldo del archivo `private_key` en algún lado."
 
 #: https//community.torproject.org/onion-services/setup/
@@ -5008,11 +5008,11 @@ msgid ""
 " All the following `HiddenServicePort` lines refer to this "
 "`HiddenServiceDir` line, until you add another `HiddenServiceDir` line:"
 msgstr ""
-"Si 

[tor-commits] [tor/master] test: Add DoS connection rate unit test

[ahf]

commit 45113b648b413989ca82d2c3be6afae1699cae43
Author: David Goulet 
Date:   Tue Jan 26 12:11:10 2021 -0500

test: Add DoS connection rate unit test

Related to #40253

Signed-off-by: David Goulet 
---
 src/core/or/dos.c   |  2 +-
 src/core/or/dos.h   |  1 +
 src/test/test_dos.c | 61 +
 3 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 0169a631c2..ba4e5442d6 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -210,7 +210,7 @@ get_param_conn_connect_rate(const networkstatus_t *ns)
 
 /* Return the connection connect burst parameters either from the
  * configuration file or, if not found, consensus parameter. */
-static uint32_t
+STATIC uint32_t
 get_param_conn_connect_burst(const networkstatus_t *ns)
 {
   if (dos_get_options()->DoSConnectionConnectBurst) {
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index cadabdb2c9..3153a1fc5f 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -155,6 +155,7 @@ STATIC uint32_t get_param_conn_max_concurrent_count(
 STATIC uint32_t get_param_cc_circuit_burst(const networkstatus_t *ns);
 STATIC uint32_t get_param_cc_min_concurrent_connection(
 const networkstatus_t *ns);
+STATIC uint32_t get_param_conn_connect_burst(const networkstatus_t *ns);
 
 STATIC uint64_t get_circuit_rate_per_second(void);
 STATIC void cc_stats_refill_bucket(cc_client_stats_t *stats,
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index cbebecb030..d9ddaec108 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -79,6 +79,9 @@ test_dos_conn_creation(void *arg)
   { /* Register many conns from this client but not enough to get it blocked */
 unsigned int i;
 for (i = 0; i < max_concurrent_conns; i++) {
+  /* Don't trigger the connect() rate limitation so advance the clock 1
+   * second for each connection. */
+  update_approx_time(++now);
   dos_new_client_conn(_conn, NULL);
 }
   }
@@ -496,11 +499,69 @@ test_known_relay(void *arg)
   UNMOCK(get_param_cc_enabled);
 }
 
+/** Test that the connection tracker of the DoS subsystem will block clients
+ *  who try to establish too many connections */
+static void
+test_dos_conn_rate(void *arg)
+{
+  (void) arg;
+
+  MOCK(get_param_cc_enabled, mock_enable_dos_protection);
+  MOCK(get_param_conn_enabled, mock_enable_dos_protection);
+
+  /* Initialize test data */
+  or_connection_t or_conn;
+  time_t now = 1281533250; /* 2010-08-11 13:27:30 UTC */
+  tt_int_op(AF_INET,OP_EQ, tor_addr_parse(_CONN(_conn)->addr,
+  "18.0.0.1"));
+  tor_addr_t *addr = _CONN(_conn)->addr;
+  update_approx_time(now);
+
+  /* Get DoS subsystem limits */
+  dos_init();
+  uint32_t burst_conn = get_param_conn_connect_burst(NULL);
+
+  /* Introduce new client */
+  geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
+  { /* Register many conns from this client but not enough to get it blocked */
+unsigned int i;
+for (i = 0; i < burst_conn - 1; i++) {
+  dos_new_client_conn(_conn, NULL);
+}
+  }
+
+  /* Check that new conns are still permitted */
+  tt_int_op(DOS_CONN_DEFENSE_NONE, OP_EQ,
+dos_conn_addr_get_defense_type(addr));
+
+  /* Register another conn and check that new conns are not allowed anymore.
+   * We should have reached our burst. */
+  dos_new_client_conn(_conn, NULL);
+  tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
+dos_conn_addr_get_defense_type(addr));
+
+  /* Advance the time 12 hours. It should still be blocked. */
+  update_approx_time(now + (12 * 60 * 60));
+  tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
+dos_conn_addr_get_defense_type(addr));
+
+  /* Advance the time 24 hours plus 13 hours. It should be unblocked.
+   * Remember, we had a random value between 24 hours and rand(24/2) thus
+   * adding 13 hours is safe. */
+  update_approx_time(now + (37 * 60 * 60));
+  tt_int_op(DOS_CONN_DEFENSE_NONE, OP_EQ,
+dos_conn_addr_get_defense_type(addr));
+
+ done:
+  dos_free_all();
+}
+
 struct testcase_t dos_tests[] = {
   { "conn_creation", test_dos_conn_creation, TT_FORK, NULL, NULL },
   { "circuit_creation", test_dos_circuit_creation, TT_FORK, NULL, NULL },
   { "bucket_refill", test_dos_bucket_refill, TT_FORK, NULL, NULL },
   { "known_relay" , test_known_relay, TT_FORK,
 NULL, NULL },
+  { "conn_rate", test_dos_conn_rate, TT_FORK, NULL, NULL },
   END_OF_TESTCASES
 };



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] dos: Move concurrent count into conn_stats object

[ahf]

commit 99703eaca0f575e4739523ca815cf55329d16024
Author: David Goulet 
Date:   Tue Jan 26 11:57:58 2021 -0500

dos: Move concurrent count into conn_stats object

No behavior change except for logging. This is so the connection related
statistics are in the right object.

Related to #40253

Signed-off-by: David Goulet 
---
 src/core/or/dos.c   | 61 +++--
 src/core/or/dos.h   |  8 +++
 src/test/test_dos.c |  4 ++--
 3 files changed, 46 insertions(+), 27 deletions(-)

diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 8b3dccc871..0169a631c2 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -399,7 +399,7 @@ cc_has_exhausted_circuits(const dos_client_stats_t *stats)
 {
   tor_assert(stats);
   return stats->cc_stats.circuit_bucket == 0 &&
- stats->concurrent_count >= dos_cc_min_concurrent_conn;
+ stats->conn_stats.concurrent_count >= dos_cc_min_concurrent_conn;
 }
 
 /* Mark client address by setting a timestamp in the stats object which tells
@@ -491,11 +491,17 @@ conn_consensus_has_changed(const networkstatus_t *ns)
 /** Called when a new client connection has arrived. The following will update
  * the client connection statistics.
  *
+ * The addr is used for logging purposes only.
+ *
  * If the connect counter reaches its limit, it is marked. */
 static void
-conn_update_on_connect(conn_client_stats_t *stats)
+conn_update_on_connect(conn_client_stats_t *stats, const tor_addr_t *addr)
 {
   tor_assert(stats);
+  tor_assert(addr);
+
+  /* Update concurrent count for this new connect. */
+  stats->concurrent_count++;
 
   /* Refill connect connection count. */
   token_bucket_ctr_refill(>connect_count, (uint32_t) approx_time());
@@ -512,6 +518,31 @@ conn_update_on_connect(conn_client_stats_t *stats)
   stats->marked_until_ts == 0) {
 conn_mark_client(stats);
   }
+
+  log_debug(LD_DOS, "Client address %s has now %u concurrent connections. "
+"Remaining %lu/sec connections are allowed.",
+fmt_addr(addr), stats->concurrent_count,
+token_bucket_ctr_get(>connect_count));
+}
+
+/** Called when a client connection is closed. The following will update
+ * the client connection statistics.
+ *
+ * The addr is used for logging purposes only. */
+static void
+conn_update_on_close(conn_client_stats_t *stats, const tor_addr_t *addr)
+{
+  /* Extra super duper safety. Going below 0 means an underflow which could
+   * lead to most likely a false positive. In theory, this should never happen
+   * but lets be extra safe. */
+  if (BUG(stats->concurrent_count == 0)) {
+return;
+  }
+
+  stats->concurrent_count--;
+  log_debug(LD_DOS, "Client address %s has lost a connection. Concurrent "
+"connections are now at %u",
+fmt_addr(addr), stats->concurrent_count);
 }
 
 /* General private API */
@@ -651,7 +682,8 @@ dos_conn_addr_get_defense_type(const tor_addr_t *addr)
 
   /* Need to be above the maximum concurrent connection count to trigger a
* defense. */
-  if (entry->dos_stats.concurrent_count > dos_conn_max_concurrent_count) {
+  if (entry->dos_stats.conn_stats.concurrent_count >
+  dos_conn_max_concurrent_count) {
 conn_num_addr_rejected++;
 return dos_conn_defense_type;
   }
@@ -676,7 +708,7 @@ dos_geoip_entry_about_to_free(const clientmap_entry_t 
*geoip_ent)
 
   /* The count is down to 0 meaning no connections right now, we can safely
* clear the geoip entry from the cache. */
-  if (geoip_ent->dos_stats.concurrent_count == 0) {
+  if (geoip_ent->dos_stats.conn_stats.concurrent_count == 0) {
 goto end;
   }
 
@@ -831,13 +863,10 @@ dos_new_client_conn(or_connection_t *or_conn, const char 
*transport_name)
   }
 
   /* Update stats from this new connect. */
-  conn_update_on_connect(>dos_stats.conn_stats);
+  conn_update_on_connect(>dos_stats.conn_stats,
+ _CONN(or_conn)->addr);
 
-  entry->dos_stats.concurrent_count++;
   or_conn->tracked_for_dos_mitigation = 1;
-  log_debug(LD_DOS, "Client address %s has now %u concurrent connections.",
-fmt_addr(_CONN(or_conn)->addr),
-entry->dos_stats.concurrent_count);
 
  end:
   return;
@@ -867,18 +896,8 @@ dos_close_client_conn(const or_connection_t *or_conn)
 goto end;
   }
 
-  /* Extra super duper safety. Going below 0 means an underflow which could
-   * lead to most likely a false positive. In theory, this should never happen
-   * but lets be extra safe. */
-  if (BUG(entry->dos_stats.concurrent_count == 0)) {
-goto end;
-  }
-
-  entry->dos_stats.concurrent_count--;
-  log_debug(LD_DOS, "Client address %s has lost a connection. Concurrent "
-"connections are now at %u",
-fmt_addr(_CONN(or_conn)->addr),
-entry->dos_stats.concurrent_count);
+  /* Update stats from this new close. */
+  conn_update_on_close(>dos_stats.conn_stats, _CONN(or_conn)->addr);
 

[tor-commits] [tor/master] dos: New client connect rate detection

[ahf]

commit 94b56eaa7597e4a091a5b51d2c9032ea046631e3
Author: David Goulet 
Date:   Tue Jan 26 11:42:52 2021 -0500

dos: New client connect rate detection

This is a new detection type which is that a relay can now control the rate 
of
client connections from a single address.

The mechanism is pretty simple, if the rate/burst is reached, the address is
marked for a period of time and any connection from that address is denied.

Closes #40253

Signed-off-by: David Goulet 
---
 changes/ticket40253 |   3 +
 doc/man/tor.1.txt   |  24 
 src/core/or/dos.c   | 122 
 src/core/or/dos.h   |  30 +-
 src/core/or/dos_options.inc |  12 
 src/feature/stats/geoip_stats.c |   2 +
 6 files changed, 192 insertions(+), 1 deletion(-)

diff --git a/changes/ticket40253 b/changes/ticket40253
new file mode 100644
index 00..ca7c207bb3
--- /dev/null
+++ b/changes/ticket40253
@@ -0,0 +1,3 @@
+  o Major feature (relay, denial of service):
+- Add a new DoS subsystem feature to control the rate of client connections
+  for relays. Closes ticket 40253.
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index 3538d94b8e..3756d26522 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -2936,6 +2936,30 @@ Denial of Service mitigation subsystem described above.
 consensus, the value is 100.
 (Default: 0)
 
+[[DoSConnectionConnectRate]] **DoSConnectionConnectRate** __NUM__::
+
+The allowed rate of client connection from a single address per second.
+Coupled with the burst (see below), if the limit is reached, the address
+is marked and a defense is applied (DoSConnectionDefenseType) for a period
+of time defined by DoSConnectionConnectDefenseTimePeriod. If not defined
+or set to 0, it is controlled by a consensus parameter.
+(Default: 0)
+
+[[DoSConnectionConnectBurst]] **DoSConnectionConnectBurst** __NUM__::
+
+The allowed burst of client connection from a single address per second.
+See the DoSConnectionConnectRate for more details on this detection. If
+not defined or set to 0, it is controlled by a consensus parameter.
+(Default: 0)
+
+[[DoSConnectionConnectDefenseTimePeriod]] 
**DoSConnectionConnectDefenseTimePeriod** __N__ 
**seconds**|**minutes**|**hours**::
+
+The base time period in seconds that the client connection defense is
+activated for. The actual value is selected randomly for each activation
+from N+1 to 3/2 * N. If not defined or set to 0, it is controlled by a
+consensus parameter.
+(Default: 24 hours)
+
 [[DoSRefuseSingleHopClientRendezvous]] **DoSRefuseSingleHopClientRendezvous** 
**0**|**1**|**auto**::
 
 Refuse establishment of rendezvous points for single hop clients. In other
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index a761082be0..8b3dccc871 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -63,9 +63,14 @@ static unsigned int dos_conn_enabled = 0;
  * They are initialized with the hardcoded default values. */
 static uint32_t dos_conn_max_concurrent_count;
 static dos_conn_defense_type_t dos_conn_defense_type;
+static uint32_t dos_conn_connect_rate = DOS_CONN_CONNECT_RATE_DEFAULT;
+static uint32_t dos_conn_connect_burst = DOS_CONN_CONNECT_BURST_DEFAULT;
+static int32_t dos_conn_connect_defense_time_period =
+  DOS_CONN_CONNECT_DEFENSE_TIME_PERIOD_DEFAULT;
 
 /* Keep some stats for the heartbeat so we can report out. */
 static uint64_t conn_num_addr_rejected;
+static uint64_t conn_num_addr_connect_rejected;
 
 /*
  * General interface of the denial of service mitigation subsystem.
@@ -190,6 +195,47 @@ get_param_conn_defense_type(const networkstatus_t *ns)
  DOS_CONN_DEFENSE_NONE, DOS_CONN_DEFENSE_MAX);
 }
 
+/* Return the connection connect rate parameters either from the configuration
+ * file or, if not found, consensus parameter. */
+static uint32_t
+get_param_conn_connect_rate(const networkstatus_t *ns)
+{
+  if (dos_get_options()->DoSConnectionConnectRate) {
+return dos_get_options()->DoSConnectionConnectRate;
+  }
+  return networkstatus_get_param(ns, "DoSConnectionConnectRate",
+ DOS_CONN_CONNECT_RATE_DEFAULT,
+ 1, INT32_MAX);
+}
+
+/* Return the connection connect burst parameters either from the
+ * configuration file or, if not found, consensus parameter. */
+static uint32_t
+get_param_conn_connect_burst(const networkstatus_t *ns)
+{
+  if (dos_get_options()->DoSConnectionConnectBurst) {
+return dos_get_options()->DoSConnectionConnectBurst;
+  }
+  return networkstatus_get_param(ns, "DoSConnectionConnectBurst",
+ DOS_CONN_CONNECT_BURST_DEFAULT,
+ 1, INT32_MAX);
+}
+
+/* Return the connection connect defense time period from the configuration
+ * file or, if not found, the consensus 

[tor-commits] [tor/master] Merge remote-tracking branch 'tor-gitlab/mr/276'

[ahf]

commit 83ab6adb10d4e6e10eccbbb65120d3e9f1a675f6
Merge: 8907800549 45113b648b
Author: Alexander Færøy 
Date:   Mon Feb 22 20:52:44 2021 +

Merge remote-tracking branch 'tor-gitlab/mr/276'

 changes/ticket40253 |   3 +
 doc/man/tor.1.txt   |  24 ++
 src/core/or/dos.c   | 179 +++-
 src/core/or/dos.h   |  37 -
 src/core/or/dos_options.inc |  12 +++
 src/feature/stats/geoip_stats.c |   2 +
 src/test/test_dos.c |  65 ++-
 7 files changed, 297 insertions(+), 25 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [torspec/master] prop325: Specify the format of a packed relay cell

[nickm]

commit 8a6ef7bed406aaf6cbe5684ad01801be24cb450c
Author: David Goulet 
Date:   Mon Feb 22 12:48:40 2021 -0500

prop325: Specify the format of a packed relay cell

Signed-off-by: David Goulet 
---
 proposals/325-packed-relay-cells.md | 72 +
 1 file changed, 50 insertions(+), 22 deletions(-)

diff --git a/proposals/325-packed-relay-cells.md 
b/proposals/325-packed-relay-cells.md
index 4c2e881..fb962dd 100644
--- a/proposals/325-packed-relay-cells.md
+++ b/proposals/325-packed-relay-cells.md
@@ -39,26 +39,59 @@ I'll use "client" to mean the initiator of a circuit, and 
"relay" to
 refer to the parties through who a circuit is created.  Note that
 each "relay" (as used here) may be the "client" on circuits of its own.
 
-When a relay supports relay message packing, it advertises the fact
-using a new Relay protocol version.  Clients must opt-in to using
-this protocol version (see XXX below) before they can send any
-packed relay cells, and before the relay will send them any packed
-relay cells.
+When a relay supports relay message packing, it advertises the fact using a
+new Relay protocol version.  Clients must opt-in to using this protocol
+version (see "Negotiation and Migration" section below ) before they can send
+any packed relay cells, and before the relay will send them any packed relay
+cells.
 
 When packed cells are in use, multiple cell messages can be
 concatenated in a single relay cell.
 
-Only some relay commands are supported for relay cell packing,
-listed here:
-  - `SENDME`
-  - `DROP`
-  - `DATA`
-  - `BEGIN`
+## Packed Cell Format
+
+In order to have multiple commands within one single relay cell, they are
+concatenated one after another following this format of a relay cell. The
+first command is the same header format as a normal relay cell detailed in
+section 6.1 of tor-spec.txt
+
+  Relay Command   [1 byte]
+  'Recognized'[2 bytes]
+  StreamID[2 bytes]
+  Digest  [4 bytes]
+  Length  [2 bytes]
+  Data[Length bytes]
+  RELAY\_MESSAGE
+  Padding [up to end of cell]
+
+The `RELAY_MESSAGE` can be empty as in no bytes indicating no other messages
+or set to the following:
+
+   Relay Command   [1 byte]
+   StreamID[2 bytes]
+   Length  [2 bytes]
+   Data[Length bytes]
+   RELAY\_MESSAGE
+
+Note that the Recognized and Digest field are not added to a second relay
+message, they are solely used for the whole relay cell thus how we
+encrypt/decrypt and recognize a cell is not changed, only the payload changes
+to contain multiple messages.
+
+The "Relay Command" byte "0" is now used to explicitly indicate "end of
+commands". If the byte "0" appears after a `RELAY_MESSAGE`, the rest of the
+cell MUST be ignored.
+
+Only some "Relay Command" are supported for relay cell packing:
   - `BEGIN_DIR`
-  - `END`
+  - `BEGIN`
   - `CONNECTED`
-  - `PADDING_NEGOTIATE`
+  - `DATA`
+  - `DROP`
+  - `END`
   - `PADDING_NEGOTIATED`
+  - `PADDING_NEGOTIATE`
+  - `SENDME`
 
 If any relay message with a relay command _not_ listed above appears
 in a packed relay cell with another relay message, then the
@@ -67,15 +100,10 @@ receiving party MUST tear down the circuit.
 (Note that relay cell fragments (proposal 319) are not supported for
 packing.)
 
-The command byte "0" is now used to explicitly indicate "end of
-cell".  If the byte "0" appears after a relay message, the rest of
-the cell MUST be ignored.
-
-When generating RELAY cells, implementations SHOULD (as they do
-today) fill in the unused bytes with four 0-valued bytes, followed by
-a sequence of random bytes up to the end of the cell.  If there are
-fewer than 4 unused bytes at the end of the cell, those unused bytes
-should all be filled with 0-valued bytes.
+When generating RELAY cells, implementations SHOULD (as they do today) fill in
+the Padding field with four 0-valued bytes, followed by a sequence of random
+bytes up to the end of the cell. If there are fewer than 4 unused bytes at the
+end of the cell, those unused bytes should all be filled with 0-valued bytes.
 
 # Negotiation and migration
 

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [translation/communitytpo-contentspot] https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot

[translation]

commit 7dc0da7b39c6327132d669eaddb19786bcd89032
Author: Translation commit bot 
Date:   Mon Feb 22 20:45:10 2021 +


https://gitweb.torproject.org/translation.git/commit/?h=communitytpo-contentspot
---
 contents+es.po | 20 ++--
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/contents+es.po b/contents+es.po
index f65d88ccbf..6fd0d57d21 100644
--- a/contents+es.po
+++ b/contents+es.po
@@ -4372,9 +4372,9 @@ msgid ""
 "relay and that could jeopardize their infrastructure as it could be flagged "
 "as part of the Tor network."
 msgstr ""
-"Alguna gente cree que correr un servicio onion sería tan riesgoso como un "
-"repetidor Tor, y que podría perjudicar su infraestructura, la cual podría "
-"ser marcada como parte de la red Tor."
+"Algunas personas creen que correr un servicio onion sería tan riesgoso como "
+"un repetidor Tor, y que podría perjudicar su infraestructura, la cual 
podría"
+" ser marcada como parte de la red Tor."
 
 #: https//community.torproject.org/onion-services/talk/
 #: (content/onion-services/talk/contents+en.lrpage.body)
@@ -4445,10 +4445,10 @@ msgid ""
 " the world that are cutting off access to privacy tools.\" "
 "[ProtonMail](https://protonmail.com/blog/protonmail-tor-censorship/)"
 msgstr ""
-"\"La movida está apuntada a contrarrestar las acciones de gobiernos "
-"totalitarios alrededor del mundo que están bloqueando el acceso a "
-"herramientas de privacidad.\" [ProtonMail](https://protonmail.com/blog;
-"/protonmail-tor-censorship/)"
+"\"Esto está apuntado a contrarrestar las acciones de gobiernos totalitarios "
+"alrededor del mundo que están bloqueando el acceso a herramientas de "
+"privacidad.\" [ProtonMail](https://protonmail.com/blog/protonmail-tor-;
+"censorship/)"
 
 #: https//community.torproject.org/onion-services/talk/
 #: (content/onion-services/talk/contents+en.lrpage.body)
@@ -4459,8 +4459,8 @@ msgid ""
 msgstr ""
 "\"DW es una defensora global de las libertades de opinión y de palabra. 
[…] "
 "Por lo tanto es un paso lógico para nosotros usar también Tor para llegar a 
"
-"la gente en mercados censurados, quienes previamente no han tenido acceso, o"
-" les ha sido limitado, a medios libres.\""
+"las personas en mercados censurados, quienes previamente no han tenido "
+"acceso, o les ha sido limitado, a medios libres.\""
 
 #: https//community.torproject.org/onion-services/talk/
 #: (content/onion-services/talk/contents+en.lrpage.body)
@@ -4487,7 +4487,7 @@ msgid ""
 "The Tor network is composed by over 6000 relays, but exit relays are a "
 "scarce resource and only represents 1/6 of all the network."
 msgstr ""
-"La red Tor está compuesta por más de 6000 repatidores, pero los de salida "
+"La red Tor está compuesta por más de 6000 repetidores, pero los de salida "
 "son un recurso escaso, y representan solamente 1/6 de toda la red."
 
 #: https//community.torproject.org/onion-services/talk/

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [chutney/master] Add execute flag to truncate-logs.sh

[nickm]

commit d368cb5fff82ef0855c550f9399301130f262987
Author: gaborgsomogyi 
Date:   Fri Feb 19 15:13:20 2021 +0100

Add execute flag to truncate-logs.sh
---
 tools/truncate-logs.sh | 0
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/tools/truncate-logs.sh b/tools/truncate-logs.sh
old mode 100644
new mode 100755

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [chutney/master] Add truncate-logs.sh to tools

[nickm]

commit f8c9489dfe0fce9e0331024ef64439f6c010b97f
Author: gabor.g.somogyi 
Date:   Fri Feb 19 14:56:42 2021 +0100

Add truncate-logs.sh to tools
---
 tools/truncate-logs.sh | 85 ++
 1 file changed, 85 insertions(+)

diff --git a/tools/truncate-logs.sh b/tools/truncate-logs.sh
new file mode 100644
index 000..59e586d
--- /dev/null
+++ b/tools/truncate-logs.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+#
+# Usage:
+#tools/truncate-logs.sh [node]
+#
+# Output:
+#for each node, truncate the logs
+#
+#If the argument "node" is specified, only truncates the logs of that
+#node.
+#
+# Examples:
+#tools/truncate-logs.sh
+#tools/truncate-logs.sh 000a
+
+set -o errexit
+set -o nounset
+
+# Set some default values if the variables are not already set
+: "${CHUTNEY_DATA_DIR:=}"
+
+if [ ! -d "$CHUTNEY_PATH" ] || [ ! -x "$CHUTNEY_PATH/chutney" ]; then
+# looks like a broken path: use the path to this tool instead
+TOOLS_PATH=$(dirname "$0")
+CHUTNEY_PATH=$(dirname "$TOOLS_PATH")
+export CHUTNEY_PATH
+fi
+if [ -d "$PWD/$CHUTNEY_PATH" ] && [ -x "$PWD/$CHUTNEY_PATH/chutney" ]; then
+# looks like a relative path: make chutney path absolute
+export CHUTNEY_PATH="$PWD/$CHUTNEY_PATH"
+fi
+
+# Get a working net path
+case "$CHUTNEY_DATA_DIR" in
+  /*)
+# if an absolute path, then leave as-is
+# chutney will make this directory automatically if needed
+;;
+  *)
+# if a relative path
+if [ ! -d "$CHUTNEY_DATA_DIR" ]; then
+# looks like a broken path: use the chutney path as a base
+export CHUTNEY_DATA_DIR="$CHUTNEY_PATH/net"
+fi
+if [ -d "$PWD/$CHUTNEY_DATA_DIR" ]; then
+# looks like a relative path: make chutney path absolute
+export CHUTNEY_DATA_DIR="$PWD/$CHUTNEY_DATA_DIR"
+fi
+;;
+esac
+
+# Truncate the logs for node $1
+truncate_logs() {
+echo "Truncating log: $1"
+truncate -s 0 "$1"
+}
+
+# Show the usage message for this script
+usage() {
+echo "Usage: $NAME [node]"
+exit 1
+}
+
+NAME=$(basename "$0")
+DEST="$CHUTNEY_DATA_DIR/nodes"
+LOG_FILE=*.log
+
+[ -d "$DEST" ] || { echo "$NAME: no logs available in '$DEST'"; exit 1; }
+if [ $# -eq 0 ];
+then
+for log in "$DEST"/*/$LOG_FILE;
+do
+[ -e "${log}" ] || continue
+truncate_logs "$log"
+done
+elif [ $# -eq 1 ];
+then
+for log in "$DEST"/$1/$LOG_FILE;
+do
+[ -e "${log}" ] || continue
+truncate_logs "$log"
+done
+else
+usage
+fi



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'tor-gitlab/mr/319'

[nickm]

commit 890780054975e0c5eb95b097deb6fac53640f66d
Merge: 6e3a7c410f d98c77b78e
Author: Nick Mathewson 
Date:   Mon Feb 22 15:39:30 2021 -0500

Merge remote-tracking branch 'tor-gitlab/mr/319'

 changes/ticket40301  |  4 
 src/feature/dircache/dircache.c  | 37 -
 src/feature/dircache/dircache.h  |  2 +-
 src/lib/compress/compress_zstd.c |  4 ++--
 src/test/test_dir.c  | 26 --
 5 files changed, 27 insertions(+), 46 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] relay: Reduce streaming compression ratio from HIGH to LOW

[nickm]

commit d98c77b78e9ce945a7a0de151d5f5cf44061edd5
Author: David Goulet 
Date:   Thu Feb 18 12:49:33 2021 -0500

relay: Reduce streaming compression ratio from HIGH to LOW

Fixes #40301

Signed-off-by: David Goulet 
---
 changes/ticket40301  |  4 
 src/feature/dircache/dircache.c  | 37 -
 src/feature/dircache/dircache.h  |  2 +-
 src/lib/compress/compress_zstd.c |  4 ++--
 src/test/test_dir.c  | 26 --
 5 files changed, 27 insertions(+), 46 deletions(-)

diff --git a/changes/ticket40301 b/changes/ticket40301
new file mode 100644
index 00..c1fd821e3f
--- /dev/null
+++ b/changes/ticket40301
@@ -0,0 +1,4 @@
+  o Minor bugfixes (relay):
+- Reduce the compression level for data streaming from HIGH to LOW. Fixes
+  bug 40301; bugfix on 0.3.5.1-alpha.
+
diff --git a/src/feature/dircache/dircache.c b/src/feature/dircache/dircache.c
index 00bb0abf23..84bb7c220c 100644
--- a/src/feature/dircache/dircache.c
+++ b/src/feature/dircache/dircache.c
@@ -296,19 +296,22 @@ client_likes_consensus(const struct 
consensus_cache_entry_t *ent,
 /** Return the compression level we should use for sending a compressed
  * response of size n_bytes. */
 STATIC compression_level_t
-choose_compression_level(ssize_t n_bytes)
+choose_compression_level(void)
 {
-  if (! have_been_under_memory_pressure()) {
-return HIGH_COMPRESSION; /* we have plenty of RAM. */
-  } else if (n_bytes < 0) {
-return HIGH_COMPRESSION; /* unknown; might be big. */
-  } else if (n_bytes < 1024) {
-return LOW_COMPRESSION;
-  } else if (n_bytes < 2048) {
-return MEDIUM_COMPRESSION;
-  } else {
-return HIGH_COMPRESSION;
-  }
+  /* This is the compression level choice for a stream.
+   *
+   * We always return LOW because this compression is done in the main thread
+   * thus we save CPU time as much as possible, and it is also done more than
+   * background compression for document we serve pre-compressed.
+   *
+   * GZip highest compression level (9) gives us a ratio of 49.72%
+   * Zstd lowest compression level (1) gives us a ratio of 47.38%
+   *
+   * Thus, as the network moves more and more to use Zstd when requesting
+   * directory documents that are not pre-cached, even at the
+   * lowest level, we still gain over GZip and thus help with load and CPU
+   * time on the network. */
+  return LOW_COMPRESSION;
 }
 
 /** Information passed to handle a GET request. */
@@ -1078,7 +1081,7 @@ handle_get_status_vote(dir_connection_t *conn, const 
get_handler_args_t *args)
 if (smartlist_len(items)) {
   if (compress_method != NO_METHOD) {
 conn->compress_state = tor_compress_new(1, compress_method,
-   choose_compression_level(estimated_len));
+   choose_compression_level());
   }
 
   SMARTLIST_FOREACH(items, const char *, c,
@@ -1141,7 +1144,7 @@ handle_get_microdesc(dir_connection_t *conn, const 
get_handler_args_t *args)
 
 if (compress_method != NO_METHOD)
   conn->compress_state = tor_compress_new(1, compress_method,
-  choose_compression_level(size_guess));
+  choose_compression_level());
 
 const int initial_flush_result = connection_dirserv_flushed_some(conn);
 tor_assert_nonfatal(initial_flush_result == 0);
@@ -1236,7 +1239,7 @@ handle_get_descriptor(dir_connection_t *conn, const 
get_handler_args_t *args)
   write_http_response_header(conn, -1, compress_method, cache_lifetime);
   if (compress_method != NO_METHOD)
 conn->compress_state = tor_compress_new(1, compress_method,
-choose_compression_level(size_guess));
+choose_compression_level());
   clear_spool = 0;
   /* Prime the connection with some data. */
   int initial_flush_result = connection_dirserv_flushed_some(conn);
@@ -1332,7 +1335,7 @@ handle_get_keys(dir_connection_t *conn, const 
get_handler_args_t *args)
60*60);
 if (compress_method != NO_METHOD) {
   conn->compress_state = tor_compress_new(1, compress_method,
-  choose_compression_level(len));
+  choose_compression_level());
 }
 
 SMARTLIST_FOREACH(certs, authority_cert_t *, c,
@@ -1484,7 +1487,7 @@ handle_get_next_bandwidth(dir_connection_t *conn,
  compress_method, BANDWIDTH_CACHE_LIFETIME);
   if (compress_method != NO_METHOD) {
 conn->compress_state = tor_compress_new(1, compress_method,
-choose_compression_level(len/2));
+choose_compression_level());
 log_debug(LD_DIR, "Compressing bandwidth file.");
   } else {
 log_debug(LD_DIR, "Not compressing bandwidth 

[tor-commits] [tor-browser-build/master] Pick up build2

[sysrqb]

commit 2c9dce8d109dfa12a9ed7f5faa5cc48d14abc8bf
Author: Matthew Finkel 
Date:   Mon Feb 22 20:37:05 2021 +

Pick up build2
---
 rbm.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rbm.conf b/rbm.conf
index 288e0f0..14a55a6 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -25,9 +25,9 @@ buildconf:
 
 var:
   torbrowser_version: '10.5a11'
-  torbrowser_build: 'build1'
+  torbrowser_build: 'build2'
   torbrowser_incremental_from:
-- 10.5a9
+- 10.5a8
 - 10.5a10
   project_name: tor-browser
   multi_lingual: 0

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.4.5] Merge branch 'maint-0.4.5' into release-0.4.5

[nickm]

commit 4400ca83e0da193cef1d6ef6189a1b7dc5a0b56c
Merge: 37af94daf9 bc21ed3290
Author: Nick Mathewson 
Date:   Mon Feb 22 15:37:39 2021 -0500

Merge branch 'maint-0.4.5' into release-0.4.5

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5

[nickm]

commit bc21ed32903459c53599ee03605e8d23bf42ffe9
Merge: 26c2e843f9 4d7f31b964
Author: Nick Mathewson 
Date:   Mon Feb 22 15:37:31 2021 -0500

Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5

 changes/ticket40300 |  5 +
 src/feature/relay/relay_find_addr.c | 25 +
 2 files changed, 18 insertions(+), 12 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.4.5'

[nickm]

commit 6e3a7c410f2c0cfd2f705862cc4d32acd0a88096
Merge: a4df1e8ea4 bc21ed3290
Author: Nick Mathewson 
Date:   Mon Feb 22 15:37:39 2021 -0500

Merge branch 'maint-0.4.5'

 changes/ticket40300 |  5 +
 src/feature/relay/relay_find_addr.c | 25 +
 2 files changed, 18 insertions(+), 12 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.4.5] relay: Move log notice after suggested address lookup

[nickm]

commit 4d7f31b9645d360e7074844711f10565e5d25b7b
Author: David Goulet 
Date:   Mon Feb 22 09:13:54 2021 -0500

relay: Move log notice after suggested address lookup

When trying to find our address to publish, we would log notice if we 
couldn't
find it from the cache but then we would look at the suggested cache (which
contains the address from the authorities) in which we might actually have 
the
address.

Thus that log notice was misplaced. Move it down after the suggested address
cache lookup.

Closes #40300

Signed-off-by: David Goulet 
---
 changes/ticket40300 |  5 +
 src/feature/relay/relay_find_addr.c | 25 +
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/changes/ticket40300 b/changes/ticket40300
new file mode 100644
index 00..aef01b4c64
--- /dev/null
+++ b/changes/ticket40300
@@ -0,0 +1,5 @@
+  o Minor bugfixes (relay):
+- Remove a spammy log notice that should not have been indicating the
+  operator that its IPv4/v6 was missing but it was not. Fixes bug 40300;
+  bugfix on 0.4.5.1-alpha.
+
diff --git a/src/feature/relay/relay_find_addr.c 
b/src/feature/relay/relay_find_addr.c
index 39e1cc6a19..2a3f602438 100644
--- a/src/feature/relay/relay_find_addr.c
+++ b/src/feature/relay/relay_find_addr.c
@@ -144,17 +144,6 @@ relay_find_addr_to_publish, (const or_options_t *options, 
int family,
 if (find_my_address(options, family, LOG_INFO, addr_out, NULL, NULL)) {
   goto found;
 }
-/* No publishable address was found even though we have an ORPort thus
- * print a notice log so operator can notice. We'll do that every hour so
- * it is not too spammy but enough so operators address the issue. */
-static ratelim_t rlim = RATELIM_INIT(3600);
-log_fn_ratelim(, LOG_NOTICE, LD_CONFIG,
-   "Unable to find %s address for ORPort %u. "
-   "You might want to specify %sOnly to it or set an "
-   "explicit address or set Address.",
-   fmt_af_family(family),
-   routerconf_find_or_port(options, family),
-   fmt_af_family(family));
   }
 
   /* Third, consider address from our suggestion cache. */
@@ -163,7 +152,19 @@ relay_find_addr_to_publish, (const or_options_t *options, 
int family,
 goto found;
   }
 
-  /* No publishable address was found. */
+  /* No publishable address was found even though we have an ORPort thus
+   * print a notice log so operator can notice. We'll do that every hour so
+   * it is not too spammy but enough so operators address the issue. */
+  static ratelim_t rlim = RATELIM_INIT(3600);
+  log_fn_ratelim(, LOG_NOTICE, LD_CONFIG,
+ "Unable to find %s address for ORPort %u. "
+ "You might want to specify %sOnly to it or set an "
+ "explicit address or set Address.",
+ fmt_af_family(family),
+ routerconf_find_or_port(options, family),
+ fmt_af_family(family));
+
+  /* Not found. */
   return false;
 
  found:



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] relay: Move log notice after suggested address lookup

[nickm]

commit 4d7f31b9645d360e7074844711f10565e5d25b7b
Author: David Goulet 
Date:   Mon Feb 22 09:13:54 2021 -0500

relay: Move log notice after suggested address lookup

When trying to find our address to publish, we would log notice if we 
couldn't
find it from the cache but then we would look at the suggested cache (which
contains the address from the authorities) in which we might actually have 
the
address.

Thus that log notice was misplaced. Move it down after the suggested address
cache lookup.

Closes #40300

Signed-off-by: David Goulet 
---
 changes/ticket40300 |  5 +
 src/feature/relay/relay_find_addr.c | 25 +
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/changes/ticket40300 b/changes/ticket40300
new file mode 100644
index 00..aef01b4c64
--- /dev/null
+++ b/changes/ticket40300
@@ -0,0 +1,5 @@
+  o Minor bugfixes (relay):
+- Remove a spammy log notice that should not have been indicating the
+  operator that its IPv4/v6 was missing but it was not. Fixes bug 40300;
+  bugfix on 0.4.5.1-alpha.
+
diff --git a/src/feature/relay/relay_find_addr.c 
b/src/feature/relay/relay_find_addr.c
index 39e1cc6a19..2a3f602438 100644
--- a/src/feature/relay/relay_find_addr.c
+++ b/src/feature/relay/relay_find_addr.c
@@ -144,17 +144,6 @@ relay_find_addr_to_publish, (const or_options_t *options, 
int family,
 if (find_my_address(options, family, LOG_INFO, addr_out, NULL, NULL)) {
   goto found;
 }
-/* No publishable address was found even though we have an ORPort thus
- * print a notice log so operator can notice. We'll do that every hour so
- * it is not too spammy but enough so operators address the issue. */
-static ratelim_t rlim = RATELIM_INIT(3600);
-log_fn_ratelim(, LOG_NOTICE, LD_CONFIG,
-   "Unable to find %s address for ORPort %u. "
-   "You might want to specify %sOnly to it or set an "
-   "explicit address or set Address.",
-   fmt_af_family(family),
-   routerconf_find_or_port(options, family),
-   fmt_af_family(family));
   }
 
   /* Third, consider address from our suggestion cache. */
@@ -163,7 +152,19 @@ relay_find_addr_to_publish, (const or_options_t *options, 
int family,
 goto found;
   }
 
-  /* No publishable address was found. */
+  /* No publishable address was found even though we have an ORPort thus
+   * print a notice log so operator can notice. We'll do that every hour so
+   * it is not too spammy but enough so operators address the issue. */
+  static ratelim_t rlim = RATELIM_INIT(3600);
+  log_fn_ratelim(, LOG_NOTICE, LD_CONFIG,
+ "Unable to find %s address for ORPort %u. "
+ "You might want to specify %sOnly to it or set an "
+ "explicit address or set Address.",
+ fmt_af_family(family),
+ routerconf_find_or_port(options, family),
+ fmt_af_family(family));
+
+  /* Not found. */
   return false;
 
  found:



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5

[nickm]

commit bc21ed32903459c53599ee03605e8d23bf42ffe9
Merge: 26c2e843f9 4d7f31b964
Author: Nick Mathewson 
Date:   Mon Feb 22 15:37:31 2021 -0500

Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5

 changes/ticket40300 |  5 +
 src/feature/relay/relay_find_addr.c | 25 +
 2 files changed, 18 insertions(+), 12 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5

[nickm]

commit bc21ed32903459c53599ee03605e8d23bf42ffe9
Merge: 26c2e843f9 4d7f31b964
Author: Nick Mathewson 
Date:   Mon Feb 22 15:37:31 2021 -0500

Merge remote-tracking branch 'tor-gitlab/mr/316' into maint-0.4.5

 changes/ticket40300 |  5 +
 src/feature/relay/relay_find_addr.c | 25 +
 2 files changed, 18 insertions(+), 12 deletions(-)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.4.5] relay: Move log notice after suggested address lookup

[nickm]

commit 4d7f31b9645d360e7074844711f10565e5d25b7b
Author: David Goulet 
Date:   Mon Feb 22 09:13:54 2021 -0500

relay: Move log notice after suggested address lookup

When trying to find our address to publish, we would log notice if we 
couldn't
find it from the cache but then we would look at the suggested cache (which
contains the address from the authorities) in which we might actually have 
the
address.

Thus that log notice was misplaced. Move it down after the suggested address
cache lookup.

Closes #40300

Signed-off-by: David Goulet 
---
 changes/ticket40300 |  5 +
 src/feature/relay/relay_find_addr.c | 25 +
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/changes/ticket40300 b/changes/ticket40300
new file mode 100644
index 00..aef01b4c64
--- /dev/null
+++ b/changes/ticket40300
@@ -0,0 +1,5 @@
+  o Minor bugfixes (relay):
+- Remove a spammy log notice that should not have been indicating the
+  operator that its IPv4/v6 was missing but it was not. Fixes bug 40300;
+  bugfix on 0.4.5.1-alpha.
+
diff --git a/src/feature/relay/relay_find_addr.c 
b/src/feature/relay/relay_find_addr.c
index 39e1cc6a19..2a3f602438 100644
--- a/src/feature/relay/relay_find_addr.c
+++ b/src/feature/relay/relay_find_addr.c
@@ -144,17 +144,6 @@ relay_find_addr_to_publish, (const or_options_t *options, 
int family,
 if (find_my_address(options, family, LOG_INFO, addr_out, NULL, NULL)) {
   goto found;
 }
-/* No publishable address was found even though we have an ORPort thus
- * print a notice log so operator can notice. We'll do that every hour so
- * it is not too spammy but enough so operators address the issue. */
-static ratelim_t rlim = RATELIM_INIT(3600);
-log_fn_ratelim(, LOG_NOTICE, LD_CONFIG,
-   "Unable to find %s address for ORPort %u. "
-   "You might want to specify %sOnly to it or set an "
-   "explicit address or set Address.",
-   fmt_af_family(family),
-   routerconf_find_or_port(options, family),
-   fmt_af_family(family));
   }
 
   /* Third, consider address from our suggestion cache. */
@@ -163,7 +152,19 @@ relay_find_addr_to_publish, (const or_options_t *options, 
int family,
 goto found;
   }
 
-  /* No publishable address was found. */
+  /* No publishable address was found even though we have an ORPort thus
+   * print a notice log so operator can notice. We'll do that every hour so
+   * it is not too spammy but enough so operators address the issue. */
+  static ratelim_t rlim = RATELIM_INIT(3600);
+  log_fn_ratelim(, LOG_NOTICE, LD_CONFIG,
+ "Unable to find %s address for ORPort %u. "
+ "You might want to specify %sOnly to it or set an "
+ "explicit address or set Address.",
+ fmt_af_family(family),
+ routerconf_find_or_port(options, family),
+ fmt_af_family(family));
+
+  /* Not found. */
   return false;
 
  found:



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/316' into release-0.4.5

[nickm]

commit 37af94daf938fc21883d3ab0d49231af4373ba33
Merge: 21ca3c2501 4d7f31b964
Author: Nick Mathewson 
Date:   Mon Feb 22 15:34:17 2021 -0500

Merge remote-tracking branch 'tor-gitlab/mr/316' into release-0.4.5

 changes/ticket40300 |  5 +
 src/feature/relay/relay_find_addr.c | 25 +
 2 files changed, 18 insertions(+), 12 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5

[ahf]

commit 26c2e843f958c5451c836bbf9a4979aecac177c4
Merge: 03c686563b 8a8045c788
Author: Alexander Færøy 
Date:   Mon Feb 22 19:12:53 2021 +

Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5

 changes/bug40287 | 4 
 src/feature/relay/selftest.c | 4 
 2 files changed, 8 insertions(+)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.4.5] Merge branch 'maint-0.4.5' into release-0.4.5

[ahf]

commit 21ca3c2501a7378f6d8f2f764cdb523ebb83d6e5
Merge: 077e895934 26c2e843f9
Author: Alexander Færøy 
Date:   Mon Feb 22 19:13:12 2021 +

Merge branch 'maint-0.4.5' into release-0.4.5

 changes/bug40287 | 4 
 src/feature/relay/selftest.c | 4 
 2 files changed, 8 insertions(+)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/release-0.4.5] relay: No longer test dirport reachability for authorities

[ahf]

commit 8a8045c788b6883751b5ecbfbd3de4da0dfd313a
Author: Roger Dingledine 
Date:   Wed Feb 10 03:10:12 2021 -0500

relay: No longer test dirport reachability for authorities

Now that exit relays don't allow exit connections to directory authority
DirPorts, the follow-up step is to make directory authorities stop doing
DirPort reachability checks.

Fixes #40287

Signed-off-by: David Goulet 
---
 changes/bug40287 | 4 
 src/feature/relay/selftest.c | 4 
 2 files changed, 8 insertions(+)

diff --git a/changes/bug40287 b/changes/bug40287
new file mode 100644
index 00..5a9c899d52
--- /dev/null
+++ b/changes/bug40287
@@ -0,0 +1,4 @@
+  o Minor bugfixes (directory authority):
+- Now that exit relays don't allow exit connections to directory authority
+  DirPorts (network reentry), disable authorities' reachability self test
+  on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc.
diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c
index 86b1533be1..46b4b20ffc 100644
--- a/src/feature/relay/selftest.c
+++ b/src/feature/relay/selftest.c
@@ -31,6 +31,8 @@
 
 #include "feature/control/control_events.h"
 
+#include "feature/dirauth/authmode.h"
+
 #include "feature/dirclient/dirclient.h"
 #include "feature/dircommon/directory.h"
 
@@ -142,12 +144,14 @@ router_orport_seems_reachable(const or_options_t *options,
  *   - we've seen a successful reachability check, or
  *   - there is no DirPort set, or
  *   - AssumeReachable is set, or
+ *   - We're a dir auth (see ticket #40287), or
  *   - the network is disabled.
  */
 int
 router_dirport_seems_reachable(const or_options_t *options)
 {
   int reach_checks_disabled = router_reachability_checks_disabled(options) ||
+  authdir_mode(options) ||
   !options->DirPort_set;
   return reach_checks_disabled ||
  can_reach_dir_port;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.4.5] relay: No longer test dirport reachability for authorities

[ahf]

commit 8a8045c788b6883751b5ecbfbd3de4da0dfd313a
Author: Roger Dingledine 
Date:   Wed Feb 10 03:10:12 2021 -0500

relay: No longer test dirport reachability for authorities

Now that exit relays don't allow exit connections to directory authority
DirPorts, the follow-up step is to make directory authorities stop doing
DirPort reachability checks.

Fixes #40287

Signed-off-by: David Goulet 
---
 changes/bug40287 | 4 
 src/feature/relay/selftest.c | 4 
 2 files changed, 8 insertions(+)

diff --git a/changes/bug40287 b/changes/bug40287
new file mode 100644
index 00..5a9c899d52
--- /dev/null
+++ b/changes/bug40287
@@ -0,0 +1,4 @@
+  o Minor bugfixes (directory authority):
+- Now that exit relays don't allow exit connections to directory authority
+  DirPorts (network reentry), disable authorities' reachability self test
+  on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc.
diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c
index 86b1533be1..46b4b20ffc 100644
--- a/src/feature/relay/selftest.c
+++ b/src/feature/relay/selftest.c
@@ -31,6 +31,8 @@
 
 #include "feature/control/control_events.h"
 
+#include "feature/dirauth/authmode.h"
+
 #include "feature/dirclient/dirclient.h"
 #include "feature/dircommon/directory.h"
 
@@ -142,12 +144,14 @@ router_orport_seems_reachable(const or_options_t *options,
  *   - we've seen a successful reachability check, or
  *   - there is no DirPort set, or
  *   - AssumeReachable is set, or
+ *   - We're a dir auth (see ticket #40287), or
  *   - the network is disabled.
  */
 int
 router_dirport_seems_reachable(const or_options_t *options)
 {
   int reach_checks_disabled = router_reachability_checks_disabled(options) ||
+  authdir_mode(options) ||
   !options->DirPort_set;
   return reach_checks_disabled ||
  can_reach_dir_port;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5

[ahf]

commit 26c2e843f958c5451c836bbf9a4979aecac177c4
Merge: 03c686563b 8a8045c788
Author: Alexander Færøy 
Date:   Mon Feb 22 19:12:53 2021 +

Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5

 changes/bug40287 | 4 
 src/feature/relay/selftest.c | 4 
 2 files changed, 8 insertions(+)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] relay: No longer test dirport reachability for authorities

[ahf]

commit 8a8045c788b6883751b5ecbfbd3de4da0dfd313a
Author: Roger Dingledine 
Date:   Wed Feb 10 03:10:12 2021 -0500

relay: No longer test dirport reachability for authorities

Now that exit relays don't allow exit connections to directory authority
DirPorts, the follow-up step is to make directory authorities stop doing
DirPort reachability checks.

Fixes #40287

Signed-off-by: David Goulet 
---
 changes/bug40287 | 4 
 src/feature/relay/selftest.c | 4 
 2 files changed, 8 insertions(+)

diff --git a/changes/bug40287 b/changes/bug40287
new file mode 100644
index 00..5a9c899d52
--- /dev/null
+++ b/changes/bug40287
@@ -0,0 +1,4 @@
+  o Minor bugfixes (directory authority):
+- Now that exit relays don't allow exit connections to directory authority
+  DirPorts (network reentry), disable authorities' reachability self test
+  on the DirPort. Fixes bug 40287; bugfix on 0.4.5.5-rc.
diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c
index 86b1533be1..46b4b20ffc 100644
--- a/src/feature/relay/selftest.c
+++ b/src/feature/relay/selftest.c
@@ -31,6 +31,8 @@
 
 #include "feature/control/control_events.h"
 
+#include "feature/dirauth/authmode.h"
+
 #include "feature/dirclient/dirclient.h"
 #include "feature/dircommon/directory.h"
 
@@ -142,12 +144,14 @@ router_orport_seems_reachable(const or_options_t *options,
  *   - we've seen a successful reachability check, or
  *   - there is no DirPort set, or
  *   - AssumeReachable is set, or
+ *   - We're a dir auth (see ticket #40287), or
  *   - the network is disabled.
  */
 int
 router_dirport_seems_reachable(const or_options_t *options)
 {
   int reach_checks_disabled = router_reachability_checks_disabled(options) ||
+  authdir_mode(options) ||
   !options->DirPort_set;
   return reach_checks_disabled ||
  can_reach_dir_port;



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Merge branch 'maint-0.4.5'

[ahf]

commit a4df1e8ea47842a76e4fc3ebc750e68b728f222e
Merge: c0589d06be 26c2e843f9
Author: Alexander Færøy 
Date:   Mon Feb 22 19:13:12 2021 +

Merge branch 'maint-0.4.5'

 changes/bug40287 | 4 
 src/feature/relay/selftest.c | 4 
 2 files changed, 8 insertions(+)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/maint-0.4.5] Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5

[ahf]

commit 26c2e843f958c5451c836bbf9a4979aecac177c4
Merge: 03c686563b 8a8045c788
Author: Alexander Færøy 
Date:   Mon Feb 22 19:12:53 2021 +

Merge remote-tracking branch 'tor-gitlab/mr/309' into maint-0.4.5

 changes/bug40287 | 4 
 src/feature/relay/selftest.c | 4 
 2 files changed, 8 insertions(+)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-build/master] Release preparations for 10.5a11

[sysrqb]

commit fac6af63494f06789ead311bddcac62e98b83a89
Author: Matthew Finkel 
Date:   Fri Feb 19 05:36:29 2021 +

Release preparations for 10.5a11

Versions bump and Changelog update
---
 projects/android-components/config |   4 +-
 .../gradle-dependencies-list.txt   |  15 +-
 projects/fenix/config  |   4 +-
 projects/fenix/gradle-dependencies-list.txt| 356 +++--
 projects/firefox-langpacks/config  |   2 +-
 projects/firefox/config|   6 +-
 projects/geckoview/config  |   6 +-
 projects/openssl/config|   4 +-
 .../tor-browser/Bundle-Data/Docs/ChangeLog.txt |  22 ++
 projects/tor-browser/allowed_addons.json   | 296 +
 projects/tor-browser/config|   4 +-
 projects/tor/config|   2 +-
 rbm.conf   |   5 +-
 13 files changed, 370 insertions(+), 356 deletions(-)

diff --git a/projects/android-components/config 
b/projects/android-components/config
index df3d636..fbba9bc 100644
--- a/projects/android-components/config
+++ b/projects/android-components/config
@@ -8,12 +8,12 @@ gpg_keyring: torbutton.gpg
 variant: '[% IF c("var/release") %]Release[% ELSE %]Beta[% END %]'
 
 var:
-  android_components_version: 72.0.5
+  android_components_version: 72.0.15
   torbrowser_branch: 10.5
   container:
 use_container: 1
   # This should be updated when the list of gradle dependencies is changed.
-  gradle_dependencies_version: 18
+  gradle_dependencies_version: 19
   # Switch to make it easier to grab all dependencies during a dry-run.
   # Note: Use the commit before support for new GeckoView interfaces gets 
added.
   fetch_gradle_dependencies: 0
diff --git a/projects/android-components/gradle-dependencies-list.txt 
b/projects/android-components/gradle-dependencies-list.txt
index 4e7b6a9..b62555a 100644
--- a/projects/android-components/gradle-dependencies-list.txt
+++ b/projects/android-components/gradle-dependencies-list.txt
@@ -9,15 +9,10 @@ 
b219d2b568e7e4ba534e09f8c2fd242343df6ccbdfbbe938846f5d740e6b0b11 | https://dl.go
 6b73ff6608f4b1d6cbab620b65708a382d0b39901cf4e6b0d16f84a1b04d7732 | 
https://dl.google.com/dl/android/maven2/androidx/annotation/annotation-experimental/1.0.0/annotation-experimental-1.0.0.pom
 0baae9755f7caf52aa80cd04324b91ba93af55d4d1d17dcc9a7b53d99ef7c016 | 
https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.0.0/annotation-1.0.0.jar
 a179c12db43d9c0300c9db63f4811db496504be5401b951d422b78490ad1e5b4 | 
https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.0.0/annotation-1.0.0.pom
-c89d23f9804282a47992ff5ca647b784921c16caa669a7e9af34c15f81aa7442 | 
https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.0.1/annotation-1.0.1.pom
 d38d63edb30f1467818d50aaf05f8a692dea8b31392a049bfa991b159ad5b692 | 
https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.1.0/annotation-1.1.0.jar
 2e9372ba7780ef44952adbf86b66e1f08682c1e5277c926185f6564a13799efe | 
https://dl.google.com/dl/android/maven2/androidx/annotation/annotation/1.1.0/annotation-1.1.0.pom
-19944d32b46551a17c347e21894b95837fbd7baaafc9e2082794344f222f7361 | 
https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat-resources/1.1.0/appcompat-resources-1.1.0.aar
-046011e16cb01b6f14842565661551110ef1b6427483f5d9068493f4c49690f2 | 
https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat-resources/1.1.0/appcompat-resources-1.1.0.pom
 c470297c03ff3de1c3d15dacf0be0cae63abc10b52f021dd07ae28daa3100fe5 | 
https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat-resources/1.2.0/appcompat-resources-1.2.0.aar
 149dd8cec3664bef8ffde86c396ba1e2ab156ea68793d29800d008bacbc9c0f8 | 
https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat-resources/1.2.0/appcompat-resources-1.2.0.pom
-8d7299bca44cb3bdf17f5595766acbf459fc81fee223e8686cc6acd3a42ab5c0 | 
https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat/1.1.0/appcompat-1.1.0.aar
-340d617121f8ef8e02a6680c8f357aa3e542276d0c8a1cdcb6fd98984b2cb7b9 | 
https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat/1.1.0/appcompat-1.1.0.pom
 3d2131a55a61a777322e2126e0018011efa6339e53b44153eb651b16020cca70 | 
https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat/1.2.0/appcompat-1.2.0.aar
 8eb3cbe823b609853b481646e3d2c1aa39dbde53dd269712fd844ffdef2ebb42 | 
https://dl.google.com/dl/android/maven2/androidx/appcompat/appcompat/1.2.0/appcompat-1.2.0.pom
 4b6f1d459ddd146b4e85ed6d46e86eb8c2639c5de47904e6db4d698721334220 | 
https://dl.google.com/dl/android/maven2/androidx/arch/core/core-common/2.0.0/core-common-2.0.0.pom
@@ -54,8 +49,6 @@ 
ba6a806bc1a6faf0cbae08397b3f781feca293ff2b5f3aa600b3d2db142e5ab4 | https://dl.go
 

[tor-commits] [tor-browser-build/master] Add 10.0.11 changelog

[sysrqb]

commit f366e44169f342c9e6df3abbb2268e32d43f92e4
Author: Matthew Finkel 
Date:   Fri Feb 19 04:17:38 2021 +

Add 10.0.11 changelog
---
 projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt | 4 
 1 file changed, 4 insertions(+)

diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt 
b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
index 12dd037..49b180b 100644
--- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
+++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt
@@ -2,6 +2,10 @@ Tor Browser 10.5a10 -- February 7 2021
  * Windows
* Update Firefox to 78.7.1esr
 
+Tor Browser 10.0.11 -- February 6 2021
+ * Windows
+* Update Firefox to 78.7.1esr
+
 Tor Browser 10.5a9 -- February 5 2021
  * Android
* Update Fenix to 86.0.0-beta.2



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-build/master] Bug 40229: add support for local builds directory in sign-nightly

[gk]

commit 1b173d226cf6a6083abf540f5b3046ff8f11fb0e
Author: Nicolas Vigier 
Date:   Thu Feb 18 19:59:05 2021 +0100

Bug 40229: add support for local builds directory in sign-nightly

If builds_url starts with '/', we assume it is a local directory.
---
 tools/signing/nightly/sign-nightly | 34 ++
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/tools/signing/nightly/sign-nightly 
b/tools/signing/nightly/sign-nightly
index c2aa61a..a633313 100755
--- a/tools/signing/nightly/sign-nightly
+++ b/tools/signing/nightly/sign-nightly
@@ -89,7 +89,11 @@ sub get_last_build_version {
 my $yesterday = 'tbb-nightly.' . $dt_yesterday->ymd('.');
 for my $version ($today, $yesterday) {
 my $url = 
"$config->{builds_url}/$version/$publish_dir/sha256sums-unsigned-build.incrementals.txt";
-return $version if get($url);
+if ($url =~ m|^/|) {
+return $version if -f $url;
+} else {
+return $version if get($url);
+}
 }
 return undef;
 }
@@ -119,18 +123,24 @@ sub get_new_version {
 return $last_ver;
 }
 
-sub download_file {
+sub get_file {
+my ($url, $file) = @_;
+return copy($url, $file) if $url =~ m|^/|;
+return getstore($url, $file) == 200;
+}
+
+sub get_file_sha256sum {
 my ($url, $file, $sha256sum) = @_;
-my $retries = 5;
+my $retries = $url =~ m|^/| ? 1 : 5;
 while ($retries > 0) {
 $retries--;
-print "Downloading $url\n";
-next unless getstore("$url", "$file.tmp") == 200;
+print "Getting $url\n";
+next unless get_file($url, "$file.tmp");
 next unless $sha256sum eq sha256_hex(path("$file.tmp")->slurp_raw);
 move("$file.tmp", $file);
 return 1;
 }
-exit_error "Error downloading $url";
+exit_error "Error getting $url";
 }
 
 sub fetch_version {
@@ -143,10 +153,10 @@ sub fetch_version {
 my $gpg_keyring = basedir_path($config->{gpg_keyring}, $topdir);
 for my $file (qw/sha256sums-unsigned-build.txt 
sha256sums-unsigned-build.incrementals.txt/) {
 my $url = "$urldir/$file";
-exit_error "Error downloading $url"
-unless getstore($url, "$tmpdir/$file") == 200;
-exit_error "Error downloading $url.asc"
-unless getstore("$url.asc", "$tmpdir/$file.asc") == 200;
+exit_error "Error getting $url"
+unless get_file($url, "$tmpdir/$file");
+exit_error "Error getting $url.asc"
+unless get_file("$url.asc", "$tmpdir/$file.asc");
 exit_error "Error checking gpg signature for $url"
 if system('gpg', '--no-default-keyring', '--keyring', 
$gpg_keyring,
   '--verify', "$tmpdir/$file.asc",
@@ -159,10 +169,10 @@ sub fetch_version {
 );
 my @build_infos_file = grep { $_ =~ m/build-infos-.*\.json/ } keys %sums;
 exit_error "Missing build-infos.json in $urldir" unless @build_infos_file;
-download_file("$urldir/$build_infos_file[0]",
+get_file_sha256sum("$urldir/$build_infos_file[0]",
   "$tmpdir/build-infos.json", $sums{$build_infos_file[0]});
 foreach my $file (sort grep { $_ =~ m/\.mar$/ } keys %sums) {
-download_file("$urldir/$file", "$tmpdir/$file", $sums{$file});
+get_file_sha256sum("$urldir/$file", "$tmpdir/$file", $sums{$file});
 }
 make_path("$topdir/nightly/$publish_dir");
 dirmove($tmpdir, $destdir)



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-build/master] Merge remote-tracking branch 'gitlab/merge-requests/224'

[gk]

commit 947c9178b99b48c81a130fb715aec5990cf7e23e
Merge: f849997 1b173d2
Author: Georg Koppen 
Date:   Mon Feb 22 15:37:16 2021 +

Merge remote-tracking branch 'gitlab/merge-requests/224'

 tools/signing/nightly/sign-nightly | 34 ++
 1 file changed, 22 insertions(+), 12 deletions(-)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-build/master] Bug 40231: Print start and exit time in sign-nightly output

[gk]

commit f2fa01e29f827d1bfce1010bbe3b9b6eb963d55d
Author: Nicolas Vigier 
Date:   Mon Feb 15 19:34:53 2021 +0100

Bug 40231: Print start and exit time in sign-nightly output
---
 tools/signing/nightly/sign-nightly | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/tools/signing/nightly/sign-nightly 
b/tools/signing/nightly/sign-nightly
index 2009fbc..c2aa61a 100755
--- a/tools/signing/nightly/sign-nightly
+++ b/tools/signing/nightly/sign-nightly
@@ -45,6 +45,15 @@ my $topdir = "$FindBin::Bin/../../..";
 }
 }
 
+sub print_time {
+my $dt = DateTime->now;
+print $dt->ymd, " ", $dt->hms, " - ", @_;
+}
+
+END {
+print_time "Exiting sign-nightly (pid: $$)\n";
+}
+
 sub run_alone {
 my $pidfile = "$FindBin::Bin/lock";
 if (-f $pidfile) {
@@ -250,6 +259,7 @@ sub sync_dest {
 }
 }
 
+print_time "Starting sign-nightly (pid: $$)\n";
 run_alone;
 my $some_updates = 0;
 foreach my $publish_dir (@{$config->{publish_dirs}}) {



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor-browser-build/master] Merge remote-tracking branch 'gitlab/merge-requests/220'

[gk]

commit f8499970c4106332790f48352b0f09998585ec2a
Merge: e979fe3 f2fa01e
Author: Georg Koppen 
Date:   Mon Feb 22 14:30:45 2021 +

Merge remote-tracking branch 'gitlab/merge-requests/220'

 tools/signing/nightly/sign-nightly | 10 ++
 1 file changed, 10 insertions(+)

___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tpo/master] Update press clips

[hiro]

commit 480cd6e513dae143bd6b9bee22d8445bfabf7625
Author: hiro 
Date:   Mon Feb 22 15:19:01 2021 +0100

Update press clips
---
 bin/csv_to_markdown| 46 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr"   | 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 content/press/privacy-isnt-radical/contents.lr | 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../contents.lr| 20 ++
 .../why-more-apps-should-integrate-tor/contents.lr | 20 ++
 31 files changed, 646 insertions(+)

diff --git a/bin/csv_to_markdown b/bin/csv_to_markdown
new file mode 100755
index ..fe0c697e
--- /dev/null
+++ b/bin/csv_to_markdown
@@ -0,0 +1,46 @@
+#!/usr/bin/python3
+
+import csv
+import os
+import re
+import sys
+
+
+csv_file = sys.argv[1]
+
+with open(csv_file, newline='') as csvfile:
+  spamreader = csv.reader(csvfile, delimiter=',', quotechar='"')
+  for row in spamreader:
+publisher = row[0]
+re_path = re.sub(r'[^\w\s]','',row[1]).lower()
+create_path = re.sub(' ','-',re_path)
+title = row[1]
+date = row[2].split('/')
+pub_date = "{}-{}-{}".format(date[2], date[0], date[1])
+link = row[3]
+full_path = 
os.path.join(os.getcwd(),"content/press/{}".format(create_path))
+if not os.path.exists(full_path):
+  os.mkdir(full_path)
+  filename = "{}/contents.lr".format(full_path)
+  file_object  = open(filename, 'w')
+  file_object.write("_model: post\n")
+  file_object.write("---\n")
+  file_object.write("_hidden: yes\n")
+  file_object.write("---\n")
+  file_object.write("active: True\n")
+  file_object.write("---\n")
+  file_object.write("type: snippet\n")
+  file_object.write("---\n")
+  file_object.write("publisher:  {}\n".format(publisher))
+  file_object.write("---\n")
+  file_object.write("title:  {}\n".format(title))
+  file_object.write("---\n")
+  file_object.write("link:  {}\n".format(link))
+  file_object.write("---\n")
+  file_object.write("pub_date:  {}\n".format(pub_date))
+  file_object.write("---\n")
+  file_object.write("summary: \n")
+  file_object.write("---\n")
+  file_object.write("body: \n")
+  file_object.write("---\n")
+  file_object.close()
diff --git 
a/content/press/11-rules-to-ensure-cyber-security-when-you-work-from-home/contents.lr
 
b/content/press/11-rules-to-ensure-cyber-security-when-you-work-from-home/contents.lr
new file mode 100644
index ..652c30d1
--- /dev/null
+++ 
b/content/press/11-rules-to-ensure-cyber-security-when-you-work-from-home/contents.lr
@@ -0,0 +1,20 @@
+_model: post
+---
+_hidden: yes
+---
+active: True
+---
+type: snippet
+---
+publisher:  Economic Times
+---
+title:  11 rules to ensure cyber security when you work from home
+---
+link:  
https://economictimes.indiatimes.com/magazines/panache/tape-the-webcam-enable-firewall-11-rules-to-ensure-cyber-security-when-you-work-from-home/articleshow/75005471.cms
+---
+pub_date:  2020-4-6
+---
+summary: 
+---
+body: 
+---
diff --git 
a/content/press/all-the-privacy-apps-you-should-have-downloaded-in-2020/contents.lr
 
b/content/press/all-the-privacy-apps-you-should-have-downloaded-in-2020/contents.lr
new file mode 

[tor-commits] [tor/master] Refactoring: Remove 'addresstype' from connection_ap_handle_onion().

[dgoulet]

commit 32fc8a116a3a88ad6e7269d5e9afb751e5d39e50
Author: George Kadianakis 
Date:   Mon Feb 22 12:50:56 2021 +0200

Refactoring: Remove 'addresstype' from connection_ap_handle_onion().

It's all v3 now.

Preparation for fixing CID 1473232.
---
 src/core/or/connection_edge.c | 111 --
 1 file changed, 53 insertions(+), 58 deletions(-)

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index b407fd4b1b..c39bfe1304 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -1929,13 +1929,12 @@ connection_ap_handshake_rewrite(entry_connection_t 
*conn,
   }
 }
 
-/** We just received a SOCKS request in conn to an onion address of type
- *  addresstype. Start connecting to the onion service. */
+/** We just received a SOCKS request in conn to a v3 onion. Start
+ *  connecting to the onion service. */
 static int
 connection_ap_handle_onion(entry_connection_t *conn,
socks_request_t *socks,
-   origin_circuit_t *circ,
-   hostname_type_t addresstype)
+   origin_circuit_t *circ)
 {
   time_t now = approx_time();
   connection_t *base_conn = ENTRY_TO_CONN(conn);
@@ -1978,38 +1977,36 @@ connection_ap_handle_onion(entry_connection_t *conn,
   int rend_cache_lookup_result = -ENOENT;
   int descriptor_is_usable = 0;
 
-  if (addresstype == ONION_V3_HOSTNAME) {
-const hs_descriptor_t *cached_desc = NULL;
-int retval;
-/* Create HS conn identifier with HS pubkey */
-hs_ident_edge_conn_t *hs_conn_ident =
-  tor_malloc_zero(sizeof(hs_ident_edge_conn_t));
-
-retval = hs_parse_address(socks->address, _conn_ident->identity_pk,
-  NULL, NULL);
-if (retval < 0) {
-  log_warn(LD_GENERAL, "failed to parse hs address");
-  tor_free(hs_conn_ident);
-  return -1;
-}
-ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident;
-
-onion_address = socks->address;
-
-/* Check the v3 desc cache */
-cached_desc = hs_cache_lookup_as_client(_conn_ident->identity_pk);
-if (cached_desc) {
-  rend_cache_lookup_result = 0;
-  descriptor_is_usable =
-hs_client_any_intro_points_usable(_conn_ident->identity_pk,
-  cached_desc);
-  log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.",
-   (descriptor_is_usable) ? "usable" : "unusable",
-   safe_str_client(onion_address),
-   (descriptor_is_usable) ? "Not fetching." : "Refetching.");
-} else {
-  rend_cache_lookup_result = -ENOENT;
-}
+  const hs_descriptor_t *cached_desc = NULL;
+  int retval;
+  /* Create HS conn identifier with HS pubkey */
+  hs_ident_edge_conn_t *hs_conn_ident =
+tor_malloc_zero(sizeof(hs_ident_edge_conn_t));
+
+  retval = hs_parse_address(socks->address, _conn_ident->identity_pk,
+NULL, NULL);
+  if (retval < 0) {
+log_warn(LD_GENERAL, "failed to parse hs address");
+tor_free(hs_conn_ident);
+return -1;
+  }
+  ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident;
+
+  onion_address = socks->address;
+
+  /* Check the v3 desc cache */
+  cached_desc = hs_cache_lookup_as_client(_conn_ident->identity_pk);
+  if (cached_desc) {
+rend_cache_lookup_result = 0;
+descriptor_is_usable =
+  hs_client_any_intro_points_usable(_conn_ident->identity_pk,
+cached_desc);
+log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.",
+ (descriptor_is_usable) ? "usable" : "unusable",
+ safe_str_client(onion_address),
+ (descriptor_is_usable) ? "Not fetching." : "Refetching.");
+  } else {
+rend_cache_lookup_result = -ENOENT;
   }
 
   /* Lookup the given onion address. If invalid, stop right now.
@@ -2048,27 +2045,25 @@ connection_ap_handle_onion(entry_connection_t *conn,
 edge_connection_t *edge_conn = ENTRY_TO_EDGE_CONN(conn);
 connection_ap_mark_as_non_pending_circuit(conn);
 base_conn->state = AP_CONN_STATE_RENDDESC_WAIT;
-if (addresstype == ONION_V3_HOSTNAME) {
-  tor_assert(edge_conn->hs_ident);
-  /* Attempt to fetch the hsv3 descriptor. Check the retval to see how it
-   * went and act accordingly. */
-  int ret = hs_client_refetch_hsdesc(_conn->hs_ident->identity_pk);
-  switch (ret) {
-  case HS_CLIENT_FETCH_MISSING_INFO:
-/* Keeping the connection in descriptor wait state is fine because
- * once we get enough dirinfo or a new live consensus, the HS client
- * subsystem is notified and every connection in that state will
- * trigger a fetch for the service key. */
-  case HS_CLIENT_FETCH_LAUNCHED:
-  case HS_CLIENT_FETCH_PENDING:
-  case HS_CLIENT_FETCH_HAVE_DESC:
-return 0;
-  case HS_CLIENT_FETCH_ERROR:
-  case HS_CLIENT_FETCH_NO_HSDIRS:
- 

[tor-commits] [tor/master] Fix CID 1473232 in connection_ap_handle_onion().

[dgoulet]

commit 428819f5dd151ca4a7ef9e842a0a82ce3091cf5c
Author: George Kadianakis 
Date:   Mon Feb 22 12:55:53 2021 +0200

Fix CID 1473232 in connection_ap_handle_onion().

Now that v2 is off the table, 'rend_cache_lookup_result' is useless in
connection_ap_handle_onion() because it can only take the ENOENT value.  
Let's
remove that helper variable and handle the ENOENT case specifically when we
check the cache.

Also remove the 'onion_address' helper variable.
---
 src/core/or/connection_edge.c | 43 ---
 1 file changed, 8 insertions(+), 35 deletions(-)

diff --git a/src/core/or/connection_edge.c b/src/core/or/connection_edge.c
index c39bfe1304..9884f55fc5 100644
--- a/src/core/or/connection_edge.c
+++ b/src/core/or/connection_edge.c
@@ -1936,6 +1936,7 @@ connection_ap_handle_onion(entry_connection_t *conn,
socks_request_t *socks,
origin_circuit_t *circ)
 {
+  int retval;
   time_t now = approx_time();
   connection_t *base_conn = ENTRY_TO_CONN(conn);
 
@@ -1971,14 +1972,8 @@ connection_ap_handle_onion(entry_connection_t *conn,
 return -1;
   }
 
-  /* Interface: Regardless of HS version after the block below we should have
- set onion_address, rend_cache_lookup_result, and descriptor_is_usable. */
-  const char *onion_address = NULL;
-  int rend_cache_lookup_result = -ENOENT;
   int descriptor_is_usable = 0;
 
-  const hs_descriptor_t *cached_desc = NULL;
-  int retval;
   /* Create HS conn identifier with HS pubkey */
   hs_ident_edge_conn_t *hs_conn_ident =
 tor_malloc_zero(sizeof(hs_ident_edge_conn_t));
@@ -1992,45 +1987,23 @@ connection_ap_handle_onion(entry_connection_t *conn,
   }
   ENTRY_TO_EDGE_CONN(conn)->hs_ident = hs_conn_ident;
 
-  onion_address = socks->address;
-
   /* Check the v3 desc cache */
+  const hs_descriptor_t *cached_desc = NULL;
+  unsigned int refetch_desc = 0;
   cached_desc = hs_cache_lookup_as_client(_conn_ident->identity_pk);
   if (cached_desc) {
-rend_cache_lookup_result = 0;
 descriptor_is_usable =
   hs_client_any_intro_points_usable(_conn_ident->identity_pk,
 cached_desc);
 log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.",
  (descriptor_is_usable) ? "usable" : "unusable",
- safe_str_client(onion_address),
+ safe_str_client(socks->address),
  (descriptor_is_usable) ? "Not fetching." : "Refetching.");
   } else {
-rend_cache_lookup_result = -ENOENT;
-  }
-
-  /* Lookup the given onion address. If invalid, stop right now.
-   * Otherwise, we might have it in the cache or not. */
-  unsigned int refetch_desc = 0;
-  if (rend_cache_lookup_result < 0) {
-switch (-rend_cache_lookup_result) {
-case EINVAL:
-  /* We should already have rejected this address! */
-  log_warn(LD_BUG,"Invalid service name '%s'",
-   safe_str_client(onion_address));
-  connection_mark_unattached_ap(conn, END_STREAM_REASON_TORPROTOCOL);
-  return -1;
-case ENOENT:
-  /* We didn't have this; we should look it up. */
-  log_info(LD_REND, "No descriptor found in our cache for %s. Fetching.",
-   safe_str_client(onion_address));
-  refetch_desc = 1;
-  break;
-default:
-  log_warn(LD_BUG, "Unknown cache lookup error %d",
-   rend_cache_lookup_result);
-  return -1;
-}
+/* We couldn't find this descriptor; we should look it up. */
+log_info(LD_REND, "No descriptor found in our cache for %s. Fetching.",
+ safe_str_client(socks->address));
+refetch_desc = 1;
   }
 
   /* Help predict that we'll want to do hidden service circuits in the



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

[tor-commits] [tor/master] Fix a test failure in test_hs_control_add_onion_helper_add_service().

[dgoulet]

commit c0589d06be698ea864e2c58e40ffda0f228440d4
Author: George Kadianakis 
Date:   Mon Feb 22 13:31:29 2021 +0200

Fix a test failure in test_hs_control_add_onion_helper_add_service().

This bug made the pipeline fail. It basically tries to access a service we 
just
freed because it's still on the service list.

It only occurs about once every 10 tests and it looks like this:

$ ./src/test/test hs_control/hs_control_add_onion_helper_add_service
hs_control/hs_control_add_onion_helper_add_service: [forking] 
=
==354311==ERROR: AddressSanitizer: heap-use-after-free on address 
0x61300940 at pc 0x55a159251b03 bp 0x7ffc6abb5b30 sp 0x7ffc6abb5b28
READ of size 8 at 0x61300940 thread T0
^[[A
#0 0x55a159251b02 in hs_service_ht_HT_FIND_P_ 
src/feature/hs/hs_service.c:153
#1 0x55a159251b02 in hs_service_ht_HT_FIND 
src/feature/hs/hs_service.c:153
#2 0x55a159251b02 in find_service src/feature/hs/hs_service.c:175
#3 0x55a159251c2c in register_service src/feature/hs/hs_service.c:188
#4 0x55a159262379 in hs_service_add_ephemeral 
src/feature/hs/hs_service.c:3811
#5 0x55a158e865e6 in test_hs_control_add_onion_helper_add_service 
src/test/test_hs_control.c:847
#6 0x55a1590fe77b in testcase_run_bare_ src/ext/tinytest.c:107
#7 0x55a1590fee98 in testcase_run_forked_ src/ext/tinytest.c:201
#8 0x55a1590fee98 in testcase_run_one src/ext/tinytest.c:267
#9 0x55a1590ffb06 in tinytest_main src/ext/tinytest.c:454
#10 0x55a158b1b1a4 in main src/test/testing_common.c:420
#11 0x7f7f06f8dd09 in __libc_start_main ../csu/libc-start.c:308
#12 0x55a158b21f69 in _start 
(/home/f/Computers/tor/mytor/src/test/test+0x372f69)

0x61300940 is located 64 bytes inside of 344-byte region 
[0x61300900,0x61300a58)
freed by thread T0 here:
#0 0x7f7f0774ab6f in __interceptor_free 
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
#1 0x55a158e86508 in test_hs_control_add_onion_helper_add_service 
src/test/test_hs_control.c:838
#2 0x55a1590fe77b in testcase_run_bare_ src/ext/tinytest.c:107
#3 0x55a1590fee98 in testcase_run_forked_ src/ext/tinytest.c:201
#4 0x55a1590fee98 in testcase_run_one src/ext/tinytest.c:267
#5 0x55a1590ffb06 in tinytest_main src/ext/tinytest.c:454
#6 0x55a158b1b1a4 in main src/test/testing_common.c:420
#7 0x7f7f06f8dd09 in __libc_start_main ../csu/libc-start.c:308

previously allocated by thread T0 here:
#0 0x7f7f0774ae8f in __interceptor_malloc 
../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x55a15948b728 in tor_malloc_ src/lib/malloc/malloc.c:45
#2 0x55a15948b7c0 in tor_malloc_zero_ src/lib/malloc/malloc.c:71
#3 0x55a159261bb5 in hs_service_new src/feature/hs/hs_service.c:4290
#4 0x55a159261f49 in hs_service_add_ephemeral 
src/feature/hs/hs_service.c:3758
#5 0x55a158e8619f in test_hs_control_add_onion_helper_add_service 
src/test/test_hs_control.c:832
#6 0x55a1590fe77b in testcase_run_bare_ src/ext/tinytest.c:107
#7 0x55a1590fee98 in testcase_run_forked_ src/ext/tinytest.c:201
#8 0x55a1590fee98 in testcase_run_one src/ext/tinytest.c:267
#9 0x55a1590ffb06 in tinytest_main src/ext/tinytest.c:454
#10 0x55a158b1b1a4 in main src/test/testing_common.c:420
#11 0x7f7f06f8dd09 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free 
src/feature/hs/hs_service.c:153 in hs_service_ht_HT_FIND_P_
Shadow bytes around the buggy address:
  0x0c267fff80d0: 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa fa
  0x0c267fff80e0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c267fff80f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c267fff8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c267fff8110: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
=>0x0c267fff8120: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd
  0x0c267fff8130: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c267fff8140: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa
  0x0c267fff8150: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c267fff8160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c267fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:   fa
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by 

[tor-commits] [tor/master] Fix CID 1473233 in handle_control_hsfetch().

[dgoulet]

commit c0a23303140fedce06e0b7d88ce475c39703717a
Author: George Kadianakis 
Date:   Mon Feb 22 12:38:44 2021 +0200

Fix CID 1473233 in handle_control_hsfetch().

With v2 support for HSFETCH gone, we only support v3 addresses. We don't
support v2 descriptor IDs anymore and hence we can remove that code.

The code removed would ensure that if a v2 descriptor ID was provided, the 
user
also had to provide HSDirs explicitly.

In the v3 case, the code should work even if no HSDirs are provided, and Tor
would find the HSDirs itself.
---
 src/feature/control/control_cmd.c | 8 
 1 file changed, 8 deletions(-)

diff --git a/src/feature/control/control_cmd.c 
b/src/feature/control/control_cmd.c
index 009105bb20..d8418d9b36 100644
--- a/src/feature/control/control_cmd.c
+++ b/src/feature/control/control_cmd.c
@@ -1437,7 +1437,6 @@ handle_control_hsfetch(control_connection_t *conn,
const control_cmd_args_t *args)
 
 {
-  char *desc_id = NULL;
   smartlist_t *hsdirs = NULL;
   ed25519_public_key_t v3_pk;
   uint32_t version;
@@ -1474,13 +1473,6 @@ handle_control_hsfetch(control_connection_t *conn,
 }
   }
 
-  /* Using a descriptor ID, we force the user to provide at least one
-   * hsdir server using the SERVER= option. */
-  if (desc_id && (!hsdirs || !smartlist_len(hsdirs))) {
-control_write_endreply(conn, 512, "SERVER option is required");
-goto done;
-  }
-
   /* We are about to trigger HSDir fetch so send the OK now because after
* that 650 event(s) are possible so better to have the 250 OK before them
* to avoid out of order replies. */



___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits