[tor-commits] [chutney/master] Merge remote-tracking branch 'asn-d6/bug33842'
commit bb4e5f6182b83d372d48b65e917e66935319133c Merge: b3d6889 2a96dfa Author: teor Date: Fri May 15 11:34:49 2020 +1000 Merge remote-tracking branch 'asn-d6/bug33842' networks/hs-ob-v3 | 15 +++ 1 file changed, 15 insertions(+) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [chutney/master] Add network template for OBv3 testing.
commit 2a96dfaf33e460cb141091f684f185e5b4cf33c5 Author: George Kadianakis Date: Wed Apr 8 16:42:49 2020 +0300 Add network template for OBv3 testing. --- networks/hs-ob-v3 | 15 +++ 1 file changed, 15 insertions(+) diff --git a/networks/hs-ob-v3 b/networks/hs-ob-v3 new file mode 100644 index 000..6309762 --- /dev/null +++ b/networks/hs-ob-v3 @@ -0,0 +1,15 @@ +# A minimal Onionbalance V3 config: +# - it has two clients (one for OBv3 and another for client) +# - it has 4 onion services (to serve as OBv3 backends) + +# By default, Authorities are not configured as exits +Authority = Node(tag="a", authority=1, relay=1, torrc="authority.tmpl") +ExitRelay = Node(tag="r", relay=1, exit=1, torrc="relay.tmpl") +Client = Node(tag="c", client=1, torrc="client.tmpl") +HS = Node(tag="h", hs=1, torrc="hs-v3.tmpl") + +NODES = Authority.getN(3) + ExitRelay.getN(5) + \ +Client.getN(2) + HS.getN(4) + +ConfigureNodes(NODES) + ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Prop 311: Make self-tests slightly stricter
commit 00d67ace14282f14812a86e6d1123a4f2ce690c3 Author: teor Date: Fri May 8 09:40:36 2020 +1000 Prop 311: Make self-tests slightly stricter Ignore create cells from clients when checking for relay reachability. Part of 33222. --- proposals/311-relay-ipv6-reachability.txt | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/proposals/311-relay-ipv6-reachability.txt b/proposals/311-relay-ipv6-reachability.txt index 7584e77..ea97d8b 100644 --- a/proposals/311-relay-ipv6-reachability.txt +++ b/proposals/311-relay-ipv6-reachability.txt @@ -333,12 +333,13 @@ Ticket: #24404 Here is a reliable way to do reachability self-tests for each ORPort: - 1. Check for create cells on inbound ORPort connections + 1. Check for create cells on inbound ORPort connections from other relays Check for a cell on any IPv4 and any IPv6 ORPort. (We can't know which listener(s) correspond to the advertised ORPorts, particularly when using port forwarding.) Make sure the cell was received on an inbound OR - connection. + connection, and make sure the connection is authenticated to another relay. + (Rather than to a client: clients don't authenticate.) 2. Check for created cells from testing circuits on outbound OR connections @@ -347,8 +348,8 @@ Ticket: #24404 By combining these tests, we confirm that we can: * reach our own ORPorts with testing circuits, - * send and receive cells via inbound OR connections to our own ORPorts, - and + * send and receive cells via inbound OR connections to our own ORPorts + from other relays, and * send and receive cells via outbound OR connections to other relays' ORPorts. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Prop 311: Say "port forwarding" for clarity
commit d6e18ebe538df66b372b4ebd56fdadff5119186c Author: teor Date: Fri May 1 17:23:44 2020 +1000 Prop 311: Say "port forwarding" for clarity --- proposals/311-relay-ipv6-reachability.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/proposals/311-relay-ipv6-reachability.txt b/proposals/311-relay-ipv6-reachability.txt index e3fe81a..7584e77 100644 --- a/proposals/311-relay-ipv6-reachability.txt +++ b/proposals/311-relay-ipv6-reachability.txt @@ -337,7 +337,8 @@ Ticket: #24404 Check for a cell on any IPv4 and any IPv6 ORPort. (We can't know which listener(s) correspond to the advertised ORPorts, particularly when using - NAT.) Make sure the cell was received on an inbound OR connection. + port forwarding.) Make sure the cell was received on an inbound OR + connection. 2. Check for created cells from testing circuits on outbound OR connections ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Prop 311: Another reachability edge case
commit 40486e0b5eed4006b9895f85424c0ad9c0d33eb8 Author: teor Date: Fri May 1 17:14:37 2020 +1000 Prop 311: Another reachability edge case Part of 33222. --- proposals/311-relay-ipv6-reachability.txt | 20 +--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/proposals/311-relay-ipv6-reachability.txt b/proposals/311-relay-ipv6-reachability.txt index c23703e..e3fe81a 100644 --- a/proposals/311-relay-ipv6-reachability.txt +++ b/proposals/311-relay-ipv6-reachability.txt @@ -353,10 +353,11 @@ Ticket: #24404 Once we validate the created cell, we have confirmed that the final remote relay has our private keys. Therefore, this test reliably detects ORPort - reachability. + reachability, in most cases. + + There are a few exceptions: - There is one exception: when another relay on the network is using the same - keys. + A. Duplicate Relay Keys Duplicate keys are only possible if a relay's private keys have been copied to another relay. That's either a misconfiguration, or a security issue. @@ -375,6 +376,19 @@ Ticket: #24404 accidentally duplicated their keys. (But it doesn't provide any extra security, because operators can disable self-tests using AssumeReachable.) + B. Multiple ORPorts in an Address Family + + Some relays have multiple IPv4 ORPorts, or multiple IPv6 ORPorts. In some + cases, only some ports are reachable. (This configuration is uncommon, but + multiple ORPorts are supported.) + + Here is how these tests can pass, even if the advertised ORPort is + unreachable: + * the final extend cell contains the advertised IPv6 address of the + self-testing relay, + * if the extending relay already has a connection to a working NoAdvertise + ORPort, it may use that connection instead. + 4.2.4. No Changes to DirPort Reachability We do not propose any changes to relay IPv4 DirPort reachability checks at ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'pr1870_squashed'
commit 6dc9930d3a14c30af0f285a884476f33a782938c Merge: efcae919a 7bf257b12 Author: teor Date: Thu Apr 30 22:22:09 2020 +1000 Merge branch 'pr1870_squashed' changes/ticket33956 | 5 + src/core/or/channeltls.c | 10 +++--- src/lib/net/address.c| 3 +-- src/lib/net/address.h| 9 + 4 files changed, 18 insertions(+), 9 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Define and use TOR_ADDRPORT_BUF_LEN
commit 7bf257b1297d146047d10e0d527b45a88abf892a
Author: Neel Chauhan
Date: Sun Apr 26 13:06:11 2020 -0700
Define and use TOR_ADDRPORT_BUF_LEN
---
changes/ticket33956 | 5 +
src/core/or/channeltls.c | 10 +++---
src/lib/net/address.c| 3 +--
src/lib/net/address.h| 9 +
4 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/changes/ticket33956 b/changes/ticket33956
new file mode 100644
index 0..7ad802797
--- /dev/null
+++ b/changes/ticket33956
@@ -0,0 +1,5 @@
+ o Code simplification and refactoring:
+- Define and use a new constant TOR_ADDRPORT_BUF_LEN which is like
+ TOR_ADDR_BUF_LEN but includes enough space for an IP address,
+ brackets, seperating colon, and port number. Closes ticket 33956.
+ Patch by Neel Chauhan.
diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c
index 5cedd9fbc..a39d32606 100644
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@@ -564,10 +564,7 @@ channel_tls_get_transport_name_method(channel_t *chan,
char **transport_out)
static const char *
channel_tls_get_remote_descr_method(channel_t *chan, int flags)
{
- /* IPv6 address, colon, port */
-#define MAX_DESCR_LEN (TOR_ADDR_BUF_LEN + 1 + 5)
-
- static char buf[MAX_DESCR_LEN + 1];
+ static char buf[TOR_ADDRPORT_BUF_LEN];
channel_tls_t *tlschan = BASE_CHAN_TO_TLS(chan);
connection_t *conn;
const char *answer = NULL;
@@ -580,15 +577,14 @@ channel_tls_get_remote_descr_method(channel_t *chan, int
flags)
switch (flags) {
case 0:
/* Canonical address with port*/
-tor_snprintf(buf, MAX_DESCR_LEN + 1,
+tor_snprintf(buf, TOR_ADDRPORT_BUF_LEN,
"%s:%u", conn->address, conn->port);
answer = buf;
break;
case GRD_FLAG_ORIGINAL:
/* Actual address with port */
addr_str = tor_addr_to_str_dup(&(tlschan->conn->real_addr));
-tor_snprintf(buf, MAX_DESCR_LEN + 1,
- "%s:%u", addr_str, conn->port);
+tor_snprintf(buf, TOR_ADDRPORT_BUF_LEN, "%s:%u", addr_str, conn->port);
tor_free(addr_str);
answer = buf;
break;
diff --git a/src/lib/net/address.c b/src/lib/net/address.c
index 5dbef6a79..901dc187a 100644
--- a/src/lib/net/address.c
+++ b/src/lib/net/address.c
@@ -1173,8 +1173,7 @@ fmt_addr_impl(const tor_addr_t *addr, int decorate)
const char *
fmt_addrport(const tor_addr_t *addr, uint16_t port)
{
- /* Add space for a colon and up to 5 digits. */
- static char buf[TOR_ADDR_BUF_LEN + 6];
+ static char buf[TOR_ADDRPORT_BUF_LEN];
tor_snprintf(buf, sizeof(buf), "%s:%u", fmt_and_decorate_addr(addr), port);
return buf;
}
diff --git a/src/lib/net/address.h b/src/lib/net/address.h
index 498449493..7b087ce12 100644
--- a/src/lib/net/address.h
+++ b/src/lib/net/address.h
@@ -209,6 +209,15 @@ tor_addr_eq_ipv4h(const tor_addr_t *a, uint32_t u)
*/
#define TOR_ADDR_BUF_LEN 48
+/** Length of a buffer containing an IP address along with a port number and
+ * a seperating colon.
+ *
+ * This allows enough space for
+ * "[::::::255.255.255.255]:12345",
+ * plus a terminating NUL.
+ */
+#define TOR_ADDRPORT_BUF_LEN (TOR_ADDR_BUF_LEN + 6)
+
char *tor_addr_to_str_dup(const tor_addr_t *addr) ATTR_MALLOC;
/** Wrapper function of fmt_addr_impl(). It does not decorate IPv6
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] practracker: Accept the connection buf refactor
commit efcae919aea4611d9f4ec5815170c48fc67134cf Author: teor Date: Thu Apr 30 13:55:26 2020 +1000 practracker: Accept the connection buf refactor Accept a few extra lines from the connection_buf_read_from_socket() refactor. Cleanup after 33131. --- scripts/maint/practracker/exceptions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/maint/practracker/exceptions.txt b/scripts/maint/practracker/exceptions.txt index bf37d476f..8f718deff 100644 --- a/scripts/maint/practracker/exceptions.txt +++ b/scripts/maint/practracker/exceptions.txt @@ -68,7 +68,7 @@ problem function-size /src/core/mainloop/connection.c:connection_handle_listener problem function-size /src/core/mainloop/connection.c:connection_read_proxy_handshake() 153 problem function-size /src/core/mainloop/connection.c:retry_listener_ports() 112 problem function-size /src/core/mainloop/connection.c:connection_handle_read_impl() 111 -problem function-size /src/core/mainloop/connection.c:connection_buf_read_from_socket() 180 +problem function-size /src/core/mainloop/connection.c:connection_buf_read_from_socket() 186 problem function-size /src/core/mainloop/connection.c:connection_handle_write_impl() 241 problem function-size /src/core/mainloop/connection.c:assert_connection_ok() 143 problem dependency-violation /src/core/mainloop/connection.c 47 ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] relay: Fix a comment typo in the selftest.c header
commit 3eca667ae4ab7dfd4d6f87858808b2775ffb1340 Author: teor Date: Thu Apr 30 13:54:40 2020 +1000 relay: Fix a comment typo in the selftest.c header --- src/feature/relay/selftest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/feature/relay/selftest.c b/src/feature/relay/selftest.c index 8aaf068f9..402ce0e3d 100644 --- a/src/feature/relay/selftest.c +++ b/src/feature/relay/selftest.c @@ -8,7 +8,7 @@ * \file selftest.c * \brief Relay self-testing * - * Relays need to make sure that their own ports are reasonable, and estimate + * Relays need to make sure that their own ports are reachable, and estimate * their own bandwidth, before publishing. */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Run "make autostyle"
commit 3253c357eeae3434da62bf720a451aa19f0ddd32
Author: teor
Date: Wed Apr 29 22:07:35 2020 +1000
Run "make autostyle"
---
src/feature/dircache/conscache.c | 2 +-
src/feature/hs/hs_opts_st.h| 2 +-
src/lib/crypt_ops/crypto_rsa_openssl.c | 8
src/lib/subsys/subsys.h| 2 +-
src/test/test_circuitbuild.c | 2 +-
src/test/test_dir.c| 4 ++--
src/test/test_hs_intropoint.c | 2 +-
7 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/feature/dircache/conscache.c b/src/feature/dircache/conscache.c
index d9aaccddc..2a831aa44 100644
--- a/src/feature/dircache/conscache.c
+++ b/src/feature/dircache/conscache.c
@@ -139,7 +139,7 @@ consensus_cache_may_overallocate(consensus_cache_t *cache)
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wsuggest-attribute=noreturn"
#endif
-#endif
+#endif /* defined(_WIN32) */
/**
* Tell the sandbox (if any) configured by cfg to allow the
diff --git a/src/feature/hs/hs_opts_st.h b/src/feature/hs/hs_opts_st.h
index f6ee0f3cf..279f0d6da 100644
--- a/src/feature/hs/hs_opts_st.h
+++ b/src/feature/hs/hs_opts_st.h
@@ -27,4 +27,4 @@
**/
typedef struct hs_opts_t hs_opts_t;
-#endif
+#endif /* !defined(TOR_FEATURE_HS_HS_OPTS_ST_H) */
diff --git a/src/lib/crypt_ops/crypto_rsa_openssl.c
b/src/lib/crypt_ops/crypto_rsa_openssl.c
index d54db43b9..c96ee81fd 100644
--- a/src/lib/crypt_ops/crypto_rsa_openssl.c
+++ b/src/lib/crypt_ops/crypto_rsa_openssl.c
@@ -583,15 +583,15 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
dmp1 = RSA_get0_dmp1(rsa);
dmq1 = RSA_get0_dmq1(rsa);
iqmp = RSA_get0_iqmp(rsa);
-#else
+#else /* !(OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1)) */
/* The accessors above did not exist in openssl 1.1.0. */
p = q = dmp1 = dmq1 = iqmp = NULL;
RSA_get0_key(rsa, , , );
-#endif
+#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,1) */
if (RSA_bits(rsa) > max_bits)
return true;
-#else
+#else /* !defined(OPENSSL_1_1_API) */
n = rsa->n;
e = rsa->e;
p = rsa->p;
@@ -600,7 +600,7 @@ rsa_private_key_too_long(RSA *rsa, int max_bits)
dmp1 = rsa->dmp1;
dmq1 = rsa->dmq1;
iqmp = rsa->iqmp;
-#endif
+#endif /* defined(OPENSSL_1_1_API) */
if (n && BN_num_bits(n) > max_bits)
return true;
diff --git a/src/lib/subsys/subsys.h b/src/lib/subsys/subsys.h
index b29015746..62c0de026 100644
--- a/src/lib/subsys/subsys.h
+++ b/src/lib/subsys/subsys.h
@@ -198,7 +198,7 @@ typedef struct subsys_fns_t {
**/
#define SUBSYS_DECLARE_LOCATION() \
.location = __FILE__
-#endif
+#endif /* !defined(COCCI) */
/**
* Lowest allowed subsystem level.
diff --git a/src/test/test_circuitbuild.c b/src/test/test_circuitbuild.c
index 6934cf3d7..061f39937 100644
--- a/src/test/test_circuitbuild.c
+++ b/src/test/test_circuitbuild.c
@@ -133,7 +133,7 @@ test_new_route_len_unhandled_exit(void *arg)
#if !defined(__COVERITY__) && !defined(__clang_analyzer__)
tt_skip();
#endif
-#endif
+#endif /* defined(ALL_BUGS_ARE_FATAL) */
MOCK(count_acceptable_nodes, mock_count_acceptable_nodes);
diff --git a/src/test/test_dir.c b/src/test/test_dir.c
index bf9a04b07..3a0b8237c 100644
--- a/src/test/test_dir.c
+++ b/src/test/test_dir.c
@@ -3041,7 +3041,7 @@ test_dir_param_voting_lookup(void *arg)
tt_str_op(smartlist_get(tor_get_captured_bug_log_(), 0), OP_EQ,
"!(!ok)");
tor_end_capture_bugs_();
-#endif
+#endif /* !defined(ALL_BUGS_ARE_FATAL) */
done:
SMARTLIST_FOREACH(lst, char *, cp, tor_free(cp));
@@ -4997,7 +4997,7 @@
test_dir_purpose_needs_anonymity_returns_true_by_default(void *arg)
#if !defined(__COVERITY__) && !defined(__clang_analyzer__)
tt_skip();
#endif
-#endif
+#endif /* defined(ALL_BUGS_ARE_FATAL) */
tor_capture_bugs_(1);
setup_full_capture_of_logs(LOG_WARN);
diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c
index 3b6e3fd21..e6b27d7a5 100644
--- a/src/test/test_hs_intropoint.c
+++ b/src/test/test_hs_intropoint.c
@@ -764,7 +764,7 @@ test_introduce1_validation(void *arg)
ret = validate_introduce1_parsed_cell(cell);
tor_end_capture_bugs_();
tt_int_op(ret, OP_EQ, -1);
-#endif
+#endif /* !defined(ALL_BUGS_ARE_FATAL) */
/* Reset legacy ID and make sure it's correct. */
memset(cell->legacy_key_id, 0, sizeof(cell->legacy_key_id));
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] nodelist: Remove an outdated comment
commit 398e0e02474b988fd8600117eaece182a295b546
Author: teor
Date: Wed Apr 29 15:53:27 2020 +1000
nodelist: Remove an outdated comment
Part of 33817.
---
src/feature/nodelist/routerinfo_st.h | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/feature/nodelist/routerinfo_st.h
b/src/feature/nodelist/routerinfo_st.h
index e54a444ec..36ead50e3 100644
--- a/src/feature/nodelist/routerinfo_st.h
+++ b/src/feature/nodelist/routerinfo_st.h
@@ -26,9 +26,6 @@ struct routerinfo_t {
uint16_t dir_port; /**< Port for HTTP directory connections. */
/** A router's IPv6 address, if it has one. */
- /* X187 Actually these should probably be part of a list of addresses,
- * not just a special case. Use abstractions to access these; don't do it
- * directly. */
tor_addr_t ipv6_addr;
uint16_t ipv6_orport;
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] rand: Clarify the crypto_rand_uint() range
commit 6eec43161ad9e072d82da88163e748566b39d127
Author: teor
Date: Wed Apr 29 15:57:44 2020 +1000
rand: Clarify the crypto_rand_uint() range
---
src/lib/crypt_ops/crypto_rand_numeric.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lib/crypt_ops/crypto_rand_numeric.c
b/src/lib/crypt_ops/crypto_rand_numeric.c
index ffbfa2d56..b2516c4bd 100644
--- a/src/lib/crypt_ops/crypto_rand_numeric.c
+++ b/src/lib/crypt_ops/crypto_rand_numeric.c
@@ -33,8 +33,8 @@
/**
* Return a pseudorandom integer chosen uniformly from the values between 0
- * and limit-1 inclusive. limit must be strictly between 0 and
- * UINT_MAX. */
+ * and limit-1 inclusive. limit must be strictly greater than 0, and
+ * less than UINT_MAX. */
unsigned
crypto_rand_uint(unsigned limit)
{
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] channeltls: Clarify a relay impersonation defence
commit 7517e1b5d31aada1f594c2594737a231d9d8e116 Author: teor Date: Tue Apr 28 21:11:10 2020 +1000 channeltls: Clarify a relay impersonation defence Clarify the comments in channel_tls_matches_target_method(), and make it clear that the attack is a covert attack. --- src/core/or/channeltls.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c index 5cedd9fbc..b424d02a5 100644 --- a/src/core/or/channeltls.c +++ b/src/core/or/channeltls.c @@ -739,10 +739,13 @@ channel_tls_matches_target_method(channel_t *chan, * base_.addr is updated by connection_or_init_conn_from_address() * to be the address in the descriptor. It may be tempting to * allow either address to be allowed, but if we did so, it would - * enable someone who steals a relay's keys to impersonate/MITM it + * enable someone who steals a relay's keys to covertly impersonate/MITM it * from anywhere on the Internet! (Because they could make long-lived * TLS connections from anywhere to all relays, and wait for them to * be used for extends). + * + * An adversary who has stolen a relay's keys could also post a fake relay + * descriptor, but that attack is easier to detect. */ return tor_addr_eq(&(tlschan->conn->real_addr), target); } ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] tor-spec: Do the same extend checks as tor
commit b43b9156614596e73df63be69ee439be93444802 Author: teor Date: Tue Apr 28 21:07:24 2020 +1000 tor-spec: Do the same extend checks as tor Update the extend checks to match tor's implementation, particularly the comments in channel_tls_matches_target_method(). --- tor-spec.txt | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tor-spec.txt b/tor-spec.txt index 7f0256e..df0ca38 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -1378,8 +1378,10 @@ see tor-design.pdf. - The IP matches the requested IP. - The OR knows that the IP of the connection it's using is canonical because it was listed in the NETINFO cell. - - The OR knows that the IP of the connection it's using is canonical - because it was listed in the server descriptor. + +ORs SHOULD NOT check the IPs that are listed in the server descriptor. +Trusting server IPs makes it easier to covertly impersonate a relay, after +stealing its keys. 5.4. Tearing down circuits ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] tor-spec: Explain the truncated reason better
commit 79fba6de64025991da4aac402d0b7f69493105d8 Author: teor Date: Tue Apr 28 17:34:15 2020 +1000 tor-spec: Explain the truncated reason better It's the payload of a DESTROY cell, but the data of a RELAY_TRUNCATED cell. --- tor-spec.txt | 11 ++- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/tor-spec.txt b/tor-spec.txt index fa6026d..7f0256e 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -1438,11 +1438,12 @@ see tor-design.pdf. RELAY_TRUNCATED cell towards the OP; the node farther from the OP should send a DESTROY cell down the circuit. - The payload of a RELAY_TRUNCATED or DESTROY cell contains a single octet, - describing why the circuit is being closed or truncated. When sending a - TRUNCATED or DESTROY cell because of another TRUNCATED or DESTROY cell, - the error code should be propagated. The origin of a circuit always sets - this error code to 0, to avoid leaking its version. + The payload of a DESTROY cell contains a single octet, describing the + reason that the circuit was closed. Similarly, the data of a + RELAY_TRUNCATED cell also contains this single octet "reason" field. When + sending a TRUNCATED or DESTROY cell because of another TRUNCATED or + DESTROY cell, the error code should be propagated. The origin of a circuit + always sets this error code to 0, to avoid leaking its version. The error codes are: ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] tor-spec: Extends accept all-zero ed25519 keys
commit ce0d233f6d834be8a2fd2a10b2791978b90c1df1 Author: teor Date: Tue Apr 28 17:30:30 2020 +1000 tor-spec: Extends accept all-zero ed25519 keys The spec gives conficting advice about all-zero ed25519 keys in extends. Resolve this conflict by documenting tor's current behaviour. Also move a sentence about circuit IDs, so it's closer to the associated paragraph. --- tor-spec.txt | 23 ++- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/tor-spec.txt b/tor-spec.txt index 6881436..fa6026d 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -1333,15 +1333,20 @@ see tor-design.pdf. When an onion router receives an EXTEND2 relay cell, it sends a CREATE2 cell to the next onion router, with the enclosed HLEN, HTYPE, and HDATA - as its payload. - - As special cases, if the EXTEND/EXTEND2 cell includes a legacy - identity, identity fingerprint, or Ed25519 identity of all zeroes, or - asks to extend back to the relay that sent the extend cell, the - circuit will fail and be torn down. The initiating onion router - chooses some circID not yet used on the connection between the two - onion routers. (But see section 5.1.1 above, concerning choosing - circIDs.) + as its payload. The initiating onion router chooses some circID not yet + used on the connection between the two onion routers. (But see section + 5.1.1 above, concerning choosing circIDs.) + + As special cases, if the EXTEND/EXTEND2 cell includes a legacy identity, or + identity fingerprint of all zeroes, or asks to extend back to the relay + that sent the extend cell, the circuit will fail and be torn down. + + Ed25519 identity keys are not required in EXTEND2 cells, so all zero + keys SHOULD be accepted. If the extending relay knows the ed25519 key from + the consensus, it SHOULD also check that key. (See section 5.1.2.) + + If an EXTEND2 cell contains the ed25519 key of the relay that sent the + extend cell, the circuit will fail and be torn down. When an onion router receives a CREATE/CREATE2 cell, if it already has a circuit on the given connection with the given circID, it drops the ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Prop 311: Add design for reachability circuits
commit f12126bd8ab9a8068aacc015edc085286dd587a9 Author: teor Date: Tue Apr 28 13:40:30 2020 +1000 Prop 311: Add design for reachability circuits Update 4.2.3. Separate IPv4 and IPv6 Reachability Flags. Add a detailed design for checking cells on reachability self-test circuits. --- proposals/311-relay-ipv6-reachability.txt | 44 +++ 1 file changed, 44 insertions(+) diff --git a/proposals/311-relay-ipv6-reachability.txt b/proposals/311-relay-ipv6-reachability.txt index fd131e1..c23703e 100644 --- a/proposals/311-relay-ipv6-reachability.txt +++ b/proposals/311-relay-ipv6-reachability.txt @@ -331,6 +331,50 @@ Ticket: #24404 Testing relays (and bridges) will record reachability separately for IPv4 and IPv6 ORPorts, based on the ORPort that the test circuit was received on. + Here is a reliable way to do reachability self-tests for each ORPort: + + 1. Check for create cells on inbound ORPort connections + + Check for a cell on any IPv4 and any IPv6 ORPort. (We can't know which + listener(s) correspond to the advertised ORPorts, particularly when using + NAT.) Make sure the cell was received on an inbound OR connection. + + 2. Check for created cells from testing circuits on outbound OR connections + + Check for a returned created cell on our IPv4 and IPv6 self-test circuits. + Make sure those circuits were on outbound OR connections. + + By combining these tests, we confirm that we can: + * reach our own ORPorts with testing circuits, + * send and receive cells via inbound OR connections to our own ORPorts, + and + * send and receive cells via outbound OR connections to other relays' + ORPorts. + + Once we validate the created cell, we have confirmed that the final remote + relay has our private keys. Therefore, this test reliably detects ORPort + reachability. + + There is one exception: when another relay on the network is using the same + keys. + + Duplicate keys are only possible if a relay's private keys have been copied + to another relay. That's either a misconfiguration, or a security issue. + Directory authorities ensure that only one relay with each key is included + in the consensus. + + If a relay was set up using a copy of another relay's keys, then its + reachability self-tests might connect to that other relay. (If the second + hop in a testing circuit has an existing OR connection to the other relay.) + + Relays could test if the inbound create cells they receive, match the + create cells that they have sent on self-test circuits. + + But this seems like unnecessary complexity, because duplicate keys are + rare. At best, it would provide a warning for some operators who have + accidentally duplicated their keys. (But it doesn't provide any extra + security, because operators can disable self-tests using AssumeReachable.) + 4.2.4. No Changes to DirPort Reachability We do not propose any changes to relay IPv4 DirPort reachability checks at ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [torspec/master] Prop 312: Clarify torrc Address option
commit 2e67ae1c70436b949f5d23a67ba24a03b845defc Author: teor Date: Tue Apr 28 13:20:11 2020 +1000 Prop 312: Clarify torrc Address option Clarify section 3.2.1. Make the Address torrc Option Support IPv6. The list of possible configurations was incorrect. --- proposals/312-relay-auto-ipv6-addr.txt | 33 ++--- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/proposals/312-relay-auto-ipv6-addr.txt b/proposals/312-relay-auto-ipv6-addr.txt index ba2ffcc..d78f95d 100644 --- a/proposals/312-relay-auto-ipv6-addr.txt +++ b/proposals/312-relay-auto-ipv6-addr.txt @@ -267,17 +267,28 @@ Ticket: #33073 multiple IPv4 or IPv6 addresses are returned, the first public address from each family should be used. - We should also support the following combinations: - A. IPv4 Address / hostname (for IPv6 only), - B. IPv6 Address / hostname (for IPv4 only), - C. IPv4 Address only / try to guess IPv6, then check its reachability -(see section 4.3.1 in [Proposal 311: Relay IPv6 Reachability]), and - D. IPv6 Address only / guess IPv4, then its reachability must succeed. - There are also similar configurations where a hostname is configured, but it - only provides IPv4 or IPv6 addresses. - - Combination C is the most common legacy configuration. We want to - support the following outcomes for legacy configurations: + We should support the following combinations of address literals and + hostnames: + + Legacy configurations: + A. No configured Address option + B. Address IPv4 literal + C. Address hostname (use IPv4 and IPv6 DNS addresses) + + New configurations: + D. Address IPv6 literal + E. Address IPv4 literal / Address IPv6 literal + F. Address hostname / Address hostname (use IPv4 and IPv6 DNS addresses) + G. Address IPv4 literal / Address hostname (only use IPv6 DNS addresses) + H. Address hostname (only use IPv4 DNS addresses) / Address IPv6 literal + + If we can't find an IPv4 or IPv6 address using the configured Address + options: + No IPv4: guess IPv4, and its reachability must succeed. + No IPv6: guess IPv6, publish if reachability succeeds. + + Combinations A and B are the most common legacy configurations. We want to + support the following outcomes for all legacy configurations: * automatic upgrades to guessed and reachable IPv6 addresses, * continuing to operate on IPv4 when the IPv6 address can't be guessed, and ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] test/channel: Fix a comment typo
commit e3b1e617ae4850280012c95f40e54acdfc897855 Author: teor Date: Wed Apr 15 19:45:56 2020 +1000 test/channel: Fix a comment typo --- src/test/test_channel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/test_channel.c b/src/test/test_channel.c index 5b13f1f97..f7efbd7ab 100644 --- a/src/test/test_channel.c +++ b/src/test/test_channel.c @@ -1381,7 +1381,7 @@ test_channel_for_extend(void *arg) tt_str_op(msg, OP_EQ, "Connection is fine; using it."); /* Same creation time, num circuits will be used and they both have 0 so the - * channel 2 should be picked due to how channel_is_better() work. */ + * channel 2 should be picked due to how channel_is_better() works. */ chan2->timestamp_created = chan1->timestamp_created; ret_chan = channel_get_for_extend(digest, _id, , , ); tt_assert(ret_chan); ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [chutney/master] TorNet: Rename pid files after tor exits
commit 6282f471e432efa2aadf1046ea6e0fbaca17b434
Author: teor
Date: Thu Apr 2 19:46:26 2020 +1000
TorNet: Rename pid files after tor exits
Avoids race conditions where chutney tells tor to exit twice.
And where chutney tells unrelated processes to exit.
Part of 33793.
---
lib/chutney/TorNet.py | 21 +
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/lib/chutney/TorNet.py b/lib/chutney/TorNet.py
index ff6acf6..b68b240 100644
--- a/lib/chutney/TorNet.py
+++ b/lib/chutney/TorNet.py
@@ -966,11 +966,10 @@ class LocalNodeController(NodeController):
return LocalNodeController.NODE_WAIT_FOR_UNCHECKED_DIR_INFO
def getPid(self):
-"""Assuming that this node has its pidfile in ${dir}/pid, return
- the pid of the running process, or None if there is no pid in the
- file.
+"""Read the pidfile, and return the pid of the running process.
+ Returns None if there is no pid in the file.
"""
-pidfile = os.path.join(self._env['dir'], 'pid')
+pidfile = self._env['pidfile']
if not os.path.exists(pidfile):
return None
@@ -,6 +1110,14 @@ class LocalNodeController(NodeController):
.format(self._env['nick']))
os.remove(lf)
+def cleanup_pidfile(self):
+pidfile = self._env['pidfile']
+if not self.isRunning() and os.path.exists(pidfile):
+debug("Renaming stale pid file for {} ..."
+ .format(self._env['nick']))
+# Move the pidfile, so that we don't try to stop the process again
+os.rename(pidfile, pidfile + ".old")
+
def waitOnLaunch(self):
"""Check whether we can wait() for the tor process to launch"""
# TODO: is this the best place for this code?
@@ -1925,6 +1932,9 @@ class TorEnviron(chutney.Templating.Environ):
def _get_lockfile(self, my):
return os.path.join(self['dir'], 'lock')
+def _get_pidfile(self, my):
+return os.path.join(self['dir'], 'pid')
+
# A hs generates its key on first run,
# so check for it at the last possible moment,
# but cache it in memory to avoid repeatedly reading the file
@@ -2360,6 +2370,7 @@ class Network(object):
- wrote_dot: end a series of logged dots with a newline
- any_tor_was_running: wait for STOP_WAIT_TIME for tor to stop
- cleanup_runfiles: delete old lockfiles from crashed tors
+ rename old pid files from stopped tors
'''
# make the output clearer by adding a newline
if wrote_dot:
@@ -2372,10 +2383,12 @@ class Network(object):
time.sleep(Network.STOP_WAIT_TIME)
# check for stale lock files when Tor crashes
+# move aside old pid files after Tor stops running
if cleanup_runfiles:
controllers = [n.getController() for n in self._nodes]
for c in controllers:
c.cleanup_lockfile()
+c.cleanup_pidfile()
def stop(self):
any_tor_was_running = False
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [chutney/master] TorNet: Wait slightly longer for tor to exit
commit 983da388243dad70855892b093590adc9ae9ed08
Author: teor
Date: Thu Apr 2 19:32:23 2020 +1000
TorNet: Wait slightly longer for tor to exit
After stopping, it can take a little while for tor to cleanup.
Wait a few extra seconds, to avoid race conditions.
Part of 33793.
---
lib/chutney/TorNet.py | 57 --
tools/test-network-impl.sh | 2 --
2 files changed, 45 insertions(+), 14 deletions(-)
diff --git a/lib/chutney/TorNet.py b/lib/chutney/TorNet.py
index 7a5c3df..ff6acf6 100644
--- a/lib/chutney/TorNet.py
+++ b/lib/chutney/TorNet.py
@@ -2345,7 +2345,40 @@ class Network(object):
msg="Bootstrap failed")
return False
+# Keep in sync with ShutdownWaitLength in common.i
+SHUTDOWN_WAIT_LENGTH = 2
+# Wait for at least two event loops to elapse
+EVENT_LOOP_SLOP = 3
+# Wait for this long after signalling tor
+STOP_WAIT_TIME = SHUTDOWN_WAIT_LENGTH + EVENT_LOOP_SLOP
+
+def final_cleanup(self,
+ wrote_dot,
+ any_tor_was_running,
+ cleanup_runfiles):
+'''Perform final cleanup actions, based on the arguments:
+ - wrote_dot: end a series of logged dots with a newline
+ - any_tor_was_running: wait for STOP_WAIT_TIME for tor to stop
+ - cleanup_runfiles: delete old lockfiles from crashed tors
+'''
+# make the output clearer by adding a newline
+if wrote_dot:
+sys.stdout.write("\n")
+sys.stdout.flush()
+
+# wait for tor to actually exit
+if any_tor_was_running:
+print("Waiting for nodes to cleanup and exit.")
+time.sleep(Network.STOP_WAIT_TIME)
+
+# check for stale lock files when Tor crashes
+if cleanup_runfiles:
+controllers = [n.getController() for n in self._nodes]
+for c in controllers:
+c.cleanup_lockfile()
+
def stop(self):
+any_tor_was_running = False
controllers = [n.getController() for n in self._nodes]
for sig, desc in [(signal.SIGINT, "SIGINT"),
(signal.SIGINT, "another SIGINT"),
@@ -2353,30 +2386,30 @@ class Network(object):
print("Sending %s to nodes" % desc)
for c in controllers:
if c.isRunning():
+any_tor_was_running = True
c.stop(sig=sig)
print("Waiting for nodes to finish.")
wrote_dot = False
for n in range(15):
time.sleep(1)
if all(not c.isRunning() for c in controllers):
-# make the output clearer by adding a newline
-if wrote_dot:
-sys.stdout.write("\n")
-sys.stdout.flush()
-# check for stale lock file when Tor crashes
-for c in controllers:
-c.cleanup_lockfile()
+self.final_cleanup(wrote_dot,
+ any_tor_was_running,
+ True)
return
sys.stdout.write(".")
wrote_dot = True
sys.stdout.flush()
for c in controllers:
c.check(listNonRunning=False)
-# make the output clearer by adding a newline
-if wrote_dot:
-sys.stdout.write("\n")
-sys.stdout.flush()
-
+# cleanup chutney's logging, but don't wait or cleanup files
+self.final_cleanup(wrote_dot,
+ False,
+ False)
+# wait for tor to exit, but don't cleanup logging
+self.final_cleanup(False,
+ any_tor_was_running,
+ True)
def Require(feature):
network = _THE_NETWORK
diff --git a/tools/test-network-impl.sh b/tools/test-network-impl.sh
index c06071e..e73a154 100755
--- a/tools/test-network-impl.sh
+++ b/tools/test-network-impl.sh
@@ -88,8 +88,6 @@ if [ "$CHUTNEY_STOP_TIME" -ge 0 ]; then
$ECHO "chutney stop failed"
exit 1
fi
-# Give tor time to exit gracefully
-sleep 3
else
$ECHO "Chutney network verified and running. To stop the network, use:"
$ECHO "$CHUTNEY stop $CHUTNEY_NETWORK"
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [chutney/master] TorNet: Improve some nodes path comments
commit a9dc45fd151513aa7374cea929c51cf774a0b9e2
Author: teor
Date: Thu Apr 2 19:31:38 2020 +1000
TorNet: Improve some nodes path comments
---
lib/chutney/TorNet.py | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/lib/chutney/TorNet.py b/lib/chutney/TorNet.py
index b2fde0c..7a5c3df 100644
--- a/lib/chutney/TorNet.py
+++ b/lib/chutney/TorNet.py
@@ -177,9 +177,11 @@ def get_absolute_nodes_path():
"nodes*" directory that chutney should use to store the current
network's torrcs and tor runtime data.
+ This path is also used as a prefix for the unique nodes directory
+ names.
+
See get_new_absolute_nodes_path() for more details.
"""
-# there's no way to customise this: we really don't need more options
return os.path.join(get_absolute_net_path(), 'nodes')
def get_new_absolute_nodes_path(now=time.time()):
@@ -2051,7 +2053,8 @@ class Network(object):
# if this path exists, it must be a link
if os.path.exists(nodeslink) and not os.path.islink(nodeslink):
raise RuntimeError(
-'get_absolute_nodes_path returned a path that exists and is
not a link')
+'get_absolute_nodes_path returned a path that exists and '
+'is not a link')
# create the new, uniquely named directory, and link it to nodes
print("NOTE: creating %r, linking to %r" % (newnodesdir, nodeslink))
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Run practracker regen
commit f5c34d340dba47244eac3e5bcb4dda43ffc0fc4b Author: teor Date: Tue Apr 14 15:42:52 2020 +1000 Run practracker regen Lock-in improvements. Accept some small function size increases. Allow a small amount of extra file size increase. --- scripts/maint/practracker/exceptions.txt | 18 -- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/scripts/maint/practracker/exceptions.txt b/scripts/maint/practracker/exceptions.txt index 1777d99f5..cf2ec701e 100644 --- a/scripts/maint/practracker/exceptions.txt +++ b/scripts/maint/practracker/exceptions.txt @@ -33,19 +33,19 @@ # # Remember: It is better to fix the problem than to add a new exception! -problem file-size /src/app/config/config.c 7527 +problem file-size /src/app/config/config.c 7525 problem include-count /src/app/config/config.c 80 problem function-size /src/app/config/config.c:options_act() 381 problem function-size /src/app/config/config.c:resolve_my_address() 191 problem function-size /src/app/config/config.c:options_validate_cb() 794 -problem function-size /src/app/config/config.c:options_init_from_torrc() 188 +problem function-size /src/app/config/config.c:options_init_from_torrc() 192 problem function-size /src/app/config/config.c:options_init_from_string() 103 problem function-size /src/app/config/config.c:options_init_logs() 125 problem function-size /src/app/config/config.c:parse_bridge_line() 104 problem function-size /src/app/config/config.c:pt_parse_transport_line() 190 problem function-size /src/app/config/config.c:parse_dir_authority_line() 150 problem function-size /src/app/config/config.c:parse_dir_fallback_line() 101 -problem function-size /src/app/config/config.c:port_parse_config() 450 +problem function-size /src/app/config/config.c:port_parse_config() 435 problem function-size /src/app/config/config.c:parse_ports() 132 problem file-size /src/app/config/or_options_st.h 1050 problem include-count /src/app/main/main.c 68 @@ -60,10 +60,10 @@ problem dependency-violation /src/core/crypto/onion_crypto.c 5 problem dependency-violation /src/core/crypto/onion_fast.c 1 problem dependency-violation /src/core/crypto/onion_tap.c 3 problem dependency-violation /src/core/crypto/relay_crypto.c 9 -problem file-size /src/core/mainloop/connection.c 5680 +problem file-size /src/core/mainloop/connection.c 5700 problem include-count /src/core/mainloop/connection.c 65 problem function-size /src/core/mainloop/connection.c:connection_free_minimal() 181 -problem function-size /src/core/mainloop/connection.c:connection_listener_new() 324 +problem function-size /src/core/mainloop/connection.c:connection_listener_new() 325 problem function-size /src/core/mainloop/connection.c:connection_handle_listener_read() 161 problem function-size /src/core/mainloop/connection.c:connection_read_proxy_handshake() 153 problem function-size /src/core/mainloop/connection.c:retry_listener_ports() 112 @@ -242,13 +242,11 @@ problem function-size /src/feature/hs/hs_cell.c:hs_cell_build_establish_intro() problem function-size /src/feature/hs/hs_cell.c:hs_cell_parse_introduce2() 134 problem function-size /src/feature/hs/hs_client.c:send_introduce1() 108 problem function-size /src/feature/hs/hs_common.c:hs_get_responsible_hsdirs() 102 -problem function-size /src/feature/hs/hs_config.c:config_service_v3() 128 -problem function-size /src/feature/hs/hs_config.c:config_generic_service() 138 problem function-size /src/feature/hs/hs_descriptor.c:decrypt_desc_layer() 111 problem function-size /src/feature/hs/hs_descriptor.c:decode_introduction_point() 122 problem function-size /src/feature/hs/hs_descriptor.c:desc_decode_superencrypted_v3() 107 problem function-size /src/feature/hs/hs_descriptor.c:desc_decode_encrypted_v3() 109 -problem file-size /src/feature/hs/hs_service.c 4247 +problem file-size /src/feature/hs/hs_service.c 4300 problem function-size /src/feature/keymgt/loadkey.c:ed_key_init_from_file() 326 problem function-size /src/feature/nodelist/authcert.c:trusted_dirs_load_certs_from_string() 123 problem function-size /src/feature/nodelist/authcert.c:authority_certs_fetch_missing() 295 @@ -284,9 +282,9 @@ problem function-size /src/feature/rend/rendcommon.c:rend_encode_v2_descriptors( problem function-size /src/feature/rend/rendmid.c:rend_mid_establish_intro_legacy() 105 problem function-size /src/feature/rend/rendparse.c:rend_parse_v2_service_descriptor() 181 problem function-size /src/feature/rend/rendparse.c:rend_parse_introduction_points() 129 -problem file-size /src/feature/rend/rendservice.c 4522 +problem file-size /src/feature/rend/rendservice.c 4504 problem function-size /src/feature/rend/rendservice.c:rend_service_prune_list_impl_() 107 -problem function-size /src/feature/rend/rendservice.c:rend_config_service() 162 +problem function-size /src/feature/rend/rendservice.c:rend_config_service() 143 problem function-size /src/feature/rend
[tor-commits] [tor/master] core/or: Update file comment in connection_or.c
commit a2daca594baa8439f7f9ee1d93073373454e20ed Author: teor Date: Tue Apr 14 14:55:37 2020 +1000 core/or: Update file comment in connection_or.c Fix a typo, and say "v3 (and later) handshake". Comment-only change. --- src/core/or/connection_or.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/or/connection_or.c b/src/core/or/connection_or.c index 6b11f3323..af73e295a 100644 --- a/src/core/or/connection_or.c +++ b/src/core/or/connection_or.c @@ -18,7 +18,8 @@ * tortls.c) which it uses as its TLS stream. It is responsible for * sending and receiving cells over that TLS. * - * This module also implements the client side of the v3 Tor link handshake, + * This module also implements the client side of the v3 (and greater) Tor + * link handshake. **/ #include "core/or/or.h" #include "feature/client/bridges.h" ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.2] Merge branch 'maint-0.4.2' into release-0.4.2
commit 71e72ce9caa5e7ed07f475a8ed1b40fce46c86d5 Merge: 958f6eb5c 2d34d4d1a Author: teor Date: Thu Apr 9 19:43:24 2020 +1000 Merge branch 'maint-0.4.2' into release-0.4.2 Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.2] remove practracker from check-local (0.4.2 and 0.4.3 only)
commit 2d34d4d1af5395885780ee96fbedb0bf17fb0f44 Author: Nick Mathewson Date: Wed Jun 19 14:29:08 2019 -0400 remove practracker from check-local (0.4.2 and 0.4.3 only) practracker shouldn't be running in release or maint branches. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 03593df16..eaffbe41a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -245,7 +245,7 @@ test: all shellcheck: $(top_srcdir)/scripts/maint/checkShellScripts.sh -check-local: check-spaces check-changes check-includes check-best-practices shellcheck +check-local: check-spaces check-changes check-includes shellcheck need-chutney-path: @if test ! -d "$$CHUTNEY_PATH"; then \ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] Merge branch 'maint-0.4.3' into release-0.4.3
commit c502ce0762e1680503f6e6dc64c82852ccd19738 Merge: 456337a8d 1ae0839ef Author: teor Date: Thu Apr 9 19:43:28 2020 +1000 Merge branch 'maint-0.4.3' into release-0.4.3 Makefile.am | 1 - 1 file changed, 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] Merge branch 'maint-0.4.2' into maint-0.4.3
commit 1ae0839ef24d303f77cec165df5223a66131567c Merge: f6efb3a18 2d34d4d1a Author: teor Date: Thu Apr 9 19:41:19 2020 +1000 Merge branch 'maint-0.4.2' into maint-0.4.3 Remove check-best-practices from check-local in maint-0.4.3. (The check-local jobs are all on separate lines in 0.4.3.) Makefile.am | 1 - 1 file changed, 1 deletion(-) diff --cc Makefile.am index ac61a990f,eaffbe41a..8b55bf0e3 --- a/Makefile.am +++ b/Makefile.am @@@ -267,13 -245,7 +267,12 @@@ test: al shellcheck: $(top_srcdir)/scripts/maint/checkShellScripts.sh -check-local: check-spaces check-changes check-includes shellcheck +check-local: \ + check-spaces\ + check-changes \ + check-includes \ - check-best-practices\ + shellcheck \ + check-cocci need-chutney-path: @if test ! -d "$$CHUTNEY_PATH"; then \ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] remove practracker from check-local (0.4.2 and 0.4.3 only)
commit 2d34d4d1af5395885780ee96fbedb0bf17fb0f44 Author: Nick Mathewson Date: Wed Jun 19 14:29:08 2019 -0400 remove practracker from check-local (0.4.2 and 0.4.3 only) practracker shouldn't be running in release or maint branches. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 03593df16..eaffbe41a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -245,7 +245,7 @@ test: all shellcheck: $(top_srcdir)/scripts/maint/checkShellScripts.sh -check-local: check-spaces check-changes check-includes check-best-practices shellcheck +check-local: check-spaces check-changes check-includes shellcheck need-chutney-path: @if test ! -d "$$CHUTNEY_PATH"; then \ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.3] Merge branch 'maint-0.4.2' into maint-0.4.3
commit 1ae0839ef24d303f77cec165df5223a66131567c Merge: f6efb3a18 2d34d4d1a Author: teor Date: Thu Apr 9 19:41:19 2020 +1000 Merge branch 'maint-0.4.2' into maint-0.4.3 Remove check-best-practices from check-local in maint-0.4.3. (The check-local jobs are all on separate lines in 0.4.3.) Makefile.am | 1 - 1 file changed, 1 deletion(-) diff --cc Makefile.am index ac61a990f,eaffbe41a..8b55bf0e3 --- a/Makefile.am +++ b/Makefile.am @@@ -267,13 -245,7 +267,12 @@@ test: al shellcheck: $(top_srcdir)/scripts/maint/checkShellScripts.sh -check-local: check-spaces check-changes check-includes shellcheck +check-local: \ + check-spaces\ + check-changes \ + check-includes \ - check-best-practices\ + shellcheck \ + check-cocci need-chutney-path: @if test ! -d "$$CHUTNEY_PATH"; then \ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.3] remove practracker from check-local (0.4.2 and 0.4.3 only)
commit 2d34d4d1af5395885780ee96fbedb0bf17fb0f44 Author: Nick Mathewson Date: Wed Jun 19 14:29:08 2019 -0400 remove practracker from check-local (0.4.2 and 0.4.3 only) practracker shouldn't be running in release or maint branches. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 03593df16..eaffbe41a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -245,7 +245,7 @@ test: all shellcheck: $(top_srcdir)/scripts/maint/checkShellScripts.sh -check-local: check-spaces check-changes check-includes check-best-practices shellcheck +check-local: check-spaces check-changes check-includes shellcheck need-chutney-path: @if test ! -d "$$CHUTNEY_PATH"; then \ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.2] remove practracker from check-local (0.4.2 and 0.4.3 only)
commit 2d34d4d1af5395885780ee96fbedb0bf17fb0f44 Author: Nick Mathewson Date: Wed Jun 19 14:29:08 2019 -0400 remove practracker from check-local (0.4.2 and 0.4.3 only) practracker shouldn't be running in release or maint branches. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 03593df16..eaffbe41a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -245,7 +245,7 @@ test: all shellcheck: $(top_srcdir)/scripts/maint/checkShellScripts.sh -check-local: check-spaces check-changes check-includes check-best-practices shellcheck +check-local: check-spaces check-changes check-includes shellcheck need-chutney-path: @if test ! -d "$$CHUTNEY_PATH"; then \ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.4.3'
commit f431b78465ca8f1339598aa81b85300528c29de3 Merge: 4e3a17fac 1ae0839ef Author: teor Date: Thu Apr 9 19:42:36 2020 +1000 Merge branch 'maint-0.4.3' "ours" merge, because we only want to remove check-best-practices from check-local in 0.4.2 and 0.4.3. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.4.2' into maint-0.4.3
commit 1ae0839ef24d303f77cec165df5223a66131567c Merge: f6efb3a18 2d34d4d1a Author: teor Date: Thu Apr 9 19:41:19 2020 +1000 Merge branch 'maint-0.4.2' into maint-0.4.3 Remove check-best-practices from check-local in maint-0.4.3. (The check-local jobs are all on separate lines in 0.4.3.) Makefile.am | 1 - 1 file changed, 1 deletion(-) diff --cc Makefile.am index ac61a990f,eaffbe41a..8b55bf0e3 --- a/Makefile.am +++ b/Makefile.am @@@ -267,13 -245,7 +267,12 @@@ test: al shellcheck: $(top_srcdir)/scripts/maint/checkShellScripts.sh -check-local: check-spaces check-changes check-includes shellcheck +check-local: \ + check-spaces\ + check-changes \ + check-includes \ - check-best-practices\ + shellcheck \ + check-cocci need-chutney-path: @if test ! -d "$$CHUTNEY_PATH"; then \ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] remove practracker from check-local (0.4.2 and 0.4.3 only)
commit 2d34d4d1af5395885780ee96fbedb0bf17fb0f44 Author: Nick Mathewson Date: Wed Jun 19 14:29:08 2019 -0400 remove practracker from check-local (0.4.2 and 0.4.3 only) practracker shouldn't be running in release or maint branches. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 03593df16..eaffbe41a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -245,7 +245,7 @@ test: all shellcheck: $(top_srcdir)/scripts/maint/checkShellScripts.sh -check-local: check-spaces check-changes check-includes check-best-practices shellcheck +check-local: check-spaces check-changes check-includes shellcheck need-chutney-path: @if test ! -d "$$CHUTNEY_PATH"; then \ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] dos: Pass transport name on new client connection
commit 894ff2dc8422cb86312c512698acd76476224f87
Author: David Goulet
Date: Tue Mar 10 14:45:13 2020 -0400
dos: Pass transport name on new client connection
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes #33491
Signed-off-by: David Goulet
---
changes/ticket33491 | 6 ++
src/core/or/channel.c | 2 +-
src/core/or/dos.c | 4 ++--
src/core/or/dos.h | 3 ++-
src/test/test_dos.c | 24
5 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/changes/ticket33491 b/changes/ticket33491
new file mode 100644
index 0..595ea863e
--- /dev/null
+++ b/changes/ticket33491
@@ -0,0 +1,6 @@
+ o Major bugfixes (DoS defenses, bridges, pluggable transport):
+- DoS subsystem was not given the transport name of the client connection
+ when tor is a bridge and thus failing to find the GeoIP cache entry for
+ that client address. This resulted in failing to apply DoS defenses on
+ bridges with a pluggable transport. Fixes bug 33491; bugfix on
+ 0.3.3.2-alpha.
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index fd7bf6278..388690687 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1871,7 +1871,7 @@ channel_do_open_actions(channel_t *chan)
tor_free(transport_name);
/* Notify the DoS subsystem of a new client. */
if (tlschan && tlschan->conn) {
- dos_new_client_conn(tlschan->conn);
+ dos_new_client_conn(tlschan->conn, transport_name);
}
}
/* Otherwise the underlying transport can't tell us this, so skip it */
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5f9bbf90a..d06eaa6d0 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -671,7 +671,7 @@ dos_log_heartbeat(void)
/* Called when a new client connection has been established on the given
* address. */
void
-dos_new_client_conn(or_connection_t *or_conn)
+dos_new_client_conn(or_connection_t *or_conn, const char *transport_name)
{
clientmap_entry_t *entry;
@@ -692,7 +692,7 @@ dos_new_client_conn(or_connection_t *or_conn)
}
/* We are only interested in client connection from the geoip cache. */
- entry = geoip_lookup_client(_conn->real_addr, NULL,
+ entry = geoip_lookup_client(_conn->real_addr, transport_name,
GEOIP_CLIENT_CONNECT);
if (BUG(entry == NULL)) {
/* Should never happen because we note down the address in the geoip
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 95448d053..058b7afce 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -53,7 +53,8 @@ int dos_enabled(void);
void dos_log_heartbeat(void);
void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent);
-void dos_new_client_conn(or_connection_t *or_conn);
+void dos_new_client_conn(or_connection_t *or_conn,
+ const char *transport_name);
void dos_close_client_conn(const or_connection_t *or_conn);
int dos_should_refuse_single_hop_client(void);
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 4756c5014..01d7cd006 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -79,7 +79,7 @@ test_dos_conn_creation(void *arg)
{ /* Register many conns from this client but not enough to get it blocked */
unsigned int i;
for (i = 0; i < max_concurrent_conns; i++) {
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
}
}
@@ -88,7 +88,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and check that new conns are not allowed anymore */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -98,7 +98,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and see that defense measures get reactivated */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -153,7 +153,7 @@ test_dos_circuit_creation(void *arg)
* circuit counting subsystem */
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
for (i = 0; i < min_conc_conns_for_cc ; i++) {
-dos_new_client_conn(_conn);
+dos_new_client_conn(_conn, NULL);
}
/* Register new circuits for this client and conn, but not enough to get
@@ -217,7 +217,7 @@ test_dos_bucket_refill(void *arg)
/* Register this client */
[tor-commits] [tor/release-0.4.3] Merge branch 'maint-0.4.3' into release-0.4.3
commit 456337a8dd52085c4a8647ceb2b74f40fde20934 Merge: 72e4ed863 f6efb3a18 Author: teor Date: Thu Apr 9 11:07:47 2020 +1000 Merge branch 'maint-0.4.3' into release-0.4.3 changes/ticket33804 | 7 +++ doc/tor.1.txt | 7 +++ src/app/config/config.c | 4 ++-- src/test/test_config.c | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] Merge branch 'maint-0.3.5' into maint-0.4.1
commit 987f2fa50ac26af61917c7a6e13dc62f3ddb23ee Merge: 26fd31fef d380acaec Author: teor Date: Thu Apr 9 11:03:20 2020 +1000 Merge branch 'maint-0.3.5' into maint-0.4.1 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
commit d380acaecad5f554f7294cfcd7fbf100f9bbaca3 Merge: 38e07b88f 894ff2dc8 Author: teor Date: Thu Apr 9 11:02:49 2020 +1000 Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] Merge branch 'maint-0.4.2' into maint-0.4.3
commit 2d6f00e45b3003337242704e0fde2d2adbaa6cf5 Merge: 34faee060 2d7e08d57 Author: teor Date: Thu Apr 9 11:03:34 2020 +1000 Merge branch 'maint-0.4.2' into maint-0.4.3 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.2] Merge branch 'maint-0.4.1' into maint-0.4.2
commit 2d7e08d57ef5d3b785cfaa6961d6d3c73fe59535 Merge: 048714d2c 987f2fa50 Author: teor Date: Thu Apr 9 11:03:27 2020 +1000 Merge branch 'maint-0.4.1' into maint-0.4.2 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.2] Merge branch 'maint-0.4.2' into release-0.4.2
commit 958f6eb5c7b0f85197959970bd6bab5a54ecc30d Merge: c22601765 2d7e08d57 Author: teor Date: Thu Apr 9 11:03:30 2020 +1000 Merge branch 'maint-0.4.2' into release-0.4.2 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] Merge branch 'pr1854_squashed' into maint-0.4.3
commit f6efb3a184341b5b46c8a565e2ec297d2846e45c Merge: 2d6f00e45 cd2121a12 Author: teor Date: Thu Apr 9 11:05:59 2020 +1000 Merge branch 'pr1854_squashed' into maint-0.4.3 Squashed PR 1854, and fixed a minor typo (IPv4 -> IPv6). changes/ticket33804 | 7 +++ doc/tor.1.txt | 7 +++ src/app/config/config.c | 4 ++-- src/test/test_config.c | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] Merge branch 'maint-0.4.3' into release-0.4.3
commit 72e4ed86347a9426788265379befe8dd7be6b0d6 Merge: a985f554c 2d6f00e45 Author: teor Date: Thu Apr 9 11:03:37 2020 +1000 Merge branch 'maint-0.4.3' into release-0.4.3 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] client: Revert setting PreferIPv6 on by default
commit cd2121a1262c2d51b8b9174933db5c985f0ccc55 Author: David Goulet Date: Tue Apr 7 09:04:01 2020 -0400 client: Revert setting PreferIPv6 on by default This change broke torsocks that by default is expecting an IPv4 for hostname resolution because it can't ask tor for a specific IP version with the SOCKS5 extension. PreferIPv6 made it that sometimes the IPv6 could be returned to torsocks that was expecting an IPv4. Torsocks is probably a very unique case because the runtime flow is that it hijacks DNS resolution (ex: getaddrinfo()), gets an IP and then sends it back for the connect() to happen. The libc has DNS resolution functions that allows the caller to request a specific INET family but torsocks can't tell tor to resolve the hostname only to an IPv4 or IPv6 and thus by default fallsback to IPv4. Reverting this change into 0.4.3.x series but we'll keep it in the 0.4.4.x series in the hope that we add this SOCKS5 extension to tor for DNS resolution and then change torsocks to use that. Fixes #33804 Signed-off-by: David Goulet --- changes/ticket33804 | 7 +++ doc/tor.1.txt | 7 +++ src/app/config/config.c | 4 ++-- src/test/test_config.c | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/changes/ticket33804 b/changes/ticket33804 new file mode 100644 index 0..254246dac --- /dev/null +++ b/changes/ticket33804 @@ -0,0 +1,7 @@ + o Minor bugfixes (client, SocksPort, IPv6): +- Revert PreferIPv6 set by default on the SocksPort because it brokes the + torsocks use case. Tor doesn't have a way for an application to request + the hostname to be resolved for a specific IP version but torsocks + requires that. Up until now, IPv4 was used by default so it is expecting + that, and can't handle a possible IPv6 being returned. Fixes bug 33804; + bugfix on 0.4.3.1-alpha. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 79809832c..b2014842c 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1492,10 +1492,9 @@ The following options are useful only for clients (that is, if requests on this connection. This option is only relevant when SOCKS5 is in use, because SOCKS4 can't handle IPv6. (Allowing IPv6 is the default.) -**NoPreferIPv6**;; +**PreferIPv6**;; Tells exits that, if a host has both an IPv4 and an IPv6 address, -we would prefer to connect to it via IPv4. (IPv6 is the default in -recent versions of Tor.) +we would prefer to connect to it via IPv6. (IPv4 is the default.) **NoDNSRequest**;; Do not ask exits to resolve DNS addresses in SOCKS5 requests. Tor will connect to IPv4 addresses, IPv6 addresses (if IPv6Traffic is set) and @@ -1537,7 +1536,7 @@ The following options are useful only for clients (that is, if When serving a hostname lookup request on this port that should get automapped (according to AutomapHostsOnResolve), if we could return either an IPv4 or an IPv6 answer, prefer -an IPv4 answer. (Tor prefers IPv6 by default.) +an IPv4 answer. (Tor prefers IPv4 by default.) **PreferSOCKSNoAuth**;; Ordinarily, when an application offers both "username/password authentication" and "no authentication" to Tor via SOCKS5, Tor diff --git a/src/app/config/config.c b/src/app/config/config.c index bbf984ad0..c7ac9d631 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -5886,7 +5886,7 @@ port_cfg_new(size_t namelen) port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t) + namelen + 1); cfg->entry_cfg.ipv4_traffic = 1; cfg->entry_cfg.ipv6_traffic = 1; - cfg->entry_cfg.prefer_ipv6 = 1; + cfg->entry_cfg.prefer_ipv6 = 0; cfg->entry_cfg.dns_request = 1; cfg->entry_cfg.onion_traffic = 1; cfg->entry_cfg.prefer_ipv6_virtaddr = 1; @@ -6134,7 +6134,7 @@ port_parse_config(smartlist_t *out, /* This must be kept in sync with port_cfg_new's defaults */ int no_listen = 0, no_advertise = 0, all_addrs = 0, bind_ipv4_only = 0, bind_ipv6_only = 0, - ipv4_traffic = 1, ipv6_traffic = 1, prefer_ipv6 = 1, dns_request = 1, + ipv4_traffic = 1, ipv6_traffic = 1, prefer_ipv6 = 0, dns_request = 1, onion_traffic = 1, cache_ipv4 = 0, use_cached_ipv4 = 0, cache_ipv6 = 0, use_cached_ipv6 = 0, diff --git a/src/test/test_config.c b/src/test/test_config.c index ee277104f..7b9812f55 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -4159,7 +4159,7 @@ test_config_parse_port_config__ports__ports_given(void *data) tt_int_op(port_cfg->entry_cfg.dns_request, OP_EQ, 1); tt_int_op(port_cfg->entry_cfg.ipv4_traffic, OP_EQ, 1); tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 1); - tt_int_op(port_cfg->entry_cfg.prefer_ipv6, OP_EQ, 1); + tt_int_op(port_cfg->entry_cfg.prefer_ipv6, OP_EQ, 0);
[tor-commits] [tor/release-0.4.3] Merge branch 'maint-0.4.1' into maint-0.4.2
commit 2d7e08d57ef5d3b785cfaa6961d6d3c73fe59535 Merge: 048714d2c 987f2fa50 Author: teor Date: Thu Apr 9 11:03:27 2020 +1000 Merge branch 'maint-0.4.1' into maint-0.4.2 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.1] Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
commit d380acaecad5f554f7294cfcd7fbf100f9bbaca3 Merge: 38e07b88f 894ff2dc8 Author: teor Date: Thu Apr 9 11:02:49 2020 +1000 Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.2] Merge branch 'maint-0.3.5' into maint-0.4.1
commit 987f2fa50ac26af61917c7a6e13dc62f3ddb23ee Merge: 26fd31fef d380acaec Author: teor Date: Thu Apr 9 11:03:20 2020 +1000 Merge branch 'maint-0.3.5' into maint-0.4.1 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.3.5] Merge branch 'maint-0.3.5' into release-0.3.5
commit 42ad044391224dec08b22237fa114a97b8c4c271 Merge: 8123ee15d d380acaec Author: teor Date: Thu Apr 9 11:03:15 2020 +1000 Merge branch 'maint-0.3.5' into release-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.1] Merge branch 'maint-0.3.5' into maint-0.4.1
commit 987f2fa50ac26af61917c7a6e13dc62f3ddb23ee Merge: 26fd31fef d380acaec Author: teor Date: Thu Apr 9 11:03:20 2020 +1000 Merge branch 'maint-0.3.5' into maint-0.4.1 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.2] Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
commit d380acaecad5f554f7294cfcd7fbf100f9bbaca3 Merge: 38e07b88f 894ff2dc8 Author: teor Date: Thu Apr 9 11:02:49 2020 +1000 Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.3] Merge branch 'pr1854_squashed' into maint-0.4.3
commit f6efb3a184341b5b46c8a565e2ec297d2846e45c Merge: 2d6f00e45 cd2121a12 Author: teor Date: Thu Apr 9 11:05:59 2020 +1000 Merge branch 'pr1854_squashed' into maint-0.4.3 Squashed PR 1854, and fixed a minor typo (IPv4 -> IPv6). changes/ticket33804 | 7 +++ doc/tor.1.txt | 7 +++ src/app/config/config.c | 4 ++-- src/test/test_config.c | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.3] client: Revert setting PreferIPv6 on by default
commit cd2121a1262c2d51b8b9174933db5c985f0ccc55 Author: David Goulet Date: Tue Apr 7 09:04:01 2020 -0400 client: Revert setting PreferIPv6 on by default This change broke torsocks that by default is expecting an IPv4 for hostname resolution because it can't ask tor for a specific IP version with the SOCKS5 extension. PreferIPv6 made it that sometimes the IPv6 could be returned to torsocks that was expecting an IPv4. Torsocks is probably a very unique case because the runtime flow is that it hijacks DNS resolution (ex: getaddrinfo()), gets an IP and then sends it back for the connect() to happen. The libc has DNS resolution functions that allows the caller to request a specific INET family but torsocks can't tell tor to resolve the hostname only to an IPv4 or IPv6 and thus by default fallsback to IPv4. Reverting this change into 0.4.3.x series but we'll keep it in the 0.4.4.x series in the hope that we add this SOCKS5 extension to tor for DNS resolution and then change torsocks to use that. Fixes #33804 Signed-off-by: David Goulet --- changes/ticket33804 | 7 +++ doc/tor.1.txt | 7 +++ src/app/config/config.c | 4 ++-- src/test/test_config.c | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/changes/ticket33804 b/changes/ticket33804 new file mode 100644 index 0..254246dac --- /dev/null +++ b/changes/ticket33804 @@ -0,0 +1,7 @@ + o Minor bugfixes (client, SocksPort, IPv6): +- Revert PreferIPv6 set by default on the SocksPort because it brokes the + torsocks use case. Tor doesn't have a way for an application to request + the hostname to be resolved for a specific IP version but torsocks + requires that. Up until now, IPv4 was used by default so it is expecting + that, and can't handle a possible IPv6 being returned. Fixes bug 33804; + bugfix on 0.4.3.1-alpha. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 79809832c..b2014842c 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1492,10 +1492,9 @@ The following options are useful only for clients (that is, if requests on this connection. This option is only relevant when SOCKS5 is in use, because SOCKS4 can't handle IPv6. (Allowing IPv6 is the default.) -**NoPreferIPv6**;; +**PreferIPv6**;; Tells exits that, if a host has both an IPv4 and an IPv6 address, -we would prefer to connect to it via IPv4. (IPv6 is the default in -recent versions of Tor.) +we would prefer to connect to it via IPv6. (IPv4 is the default.) **NoDNSRequest**;; Do not ask exits to resolve DNS addresses in SOCKS5 requests. Tor will connect to IPv4 addresses, IPv6 addresses (if IPv6Traffic is set) and @@ -1537,7 +1536,7 @@ The following options are useful only for clients (that is, if When serving a hostname lookup request on this port that should get automapped (according to AutomapHostsOnResolve), if we could return either an IPv4 or an IPv6 answer, prefer -an IPv4 answer. (Tor prefers IPv6 by default.) +an IPv4 answer. (Tor prefers IPv4 by default.) **PreferSOCKSNoAuth**;; Ordinarily, when an application offers both "username/password authentication" and "no authentication" to Tor via SOCKS5, Tor diff --git a/src/app/config/config.c b/src/app/config/config.c index bbf984ad0..c7ac9d631 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -5886,7 +5886,7 @@ port_cfg_new(size_t namelen) port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t) + namelen + 1); cfg->entry_cfg.ipv4_traffic = 1; cfg->entry_cfg.ipv6_traffic = 1; - cfg->entry_cfg.prefer_ipv6 = 1; + cfg->entry_cfg.prefer_ipv6 = 0; cfg->entry_cfg.dns_request = 1; cfg->entry_cfg.onion_traffic = 1; cfg->entry_cfg.prefer_ipv6_virtaddr = 1; @@ -6134,7 +6134,7 @@ port_parse_config(smartlist_t *out, /* This must be kept in sync with port_cfg_new's defaults */ int no_listen = 0, no_advertise = 0, all_addrs = 0, bind_ipv4_only = 0, bind_ipv6_only = 0, - ipv4_traffic = 1, ipv6_traffic = 1, prefer_ipv6 = 1, dns_request = 1, + ipv4_traffic = 1, ipv6_traffic = 1, prefer_ipv6 = 0, dns_request = 1, onion_traffic = 1, cache_ipv4 = 0, use_cached_ipv4 = 0, cache_ipv6 = 0, use_cached_ipv6 = 0, diff --git a/src/test/test_config.c b/src/test/test_config.c index ee277104f..7b9812f55 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -4159,7 +4159,7 @@ test_config_parse_port_config__ports__ports_given(void *data) tt_int_op(port_cfg->entry_cfg.dns_request, OP_EQ, 1); tt_int_op(port_cfg->entry_cfg.ipv4_traffic, OP_EQ, 1); tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 1); - tt_int_op(port_cfg->entry_cfg.prefer_ipv6, OP_EQ, 1); + tt_int_op(port_cfg->entry_cfg.prefer_ipv6, OP_EQ, 0);
[tor-commits] [tor/release-0.3.5] dos: Pass transport name on new client connection
commit 894ff2dc8422cb86312c512698acd76476224f87
Author: David Goulet
Date: Tue Mar 10 14:45:13 2020 -0400
dos: Pass transport name on new client connection
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes #33491
Signed-off-by: David Goulet
---
changes/ticket33491 | 6 ++
src/core/or/channel.c | 2 +-
src/core/or/dos.c | 4 ++--
src/core/or/dos.h | 3 ++-
src/test/test_dos.c | 24
5 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/changes/ticket33491 b/changes/ticket33491
new file mode 100644
index 0..595ea863e
--- /dev/null
+++ b/changes/ticket33491
@@ -0,0 +1,6 @@
+ o Major bugfixes (DoS defenses, bridges, pluggable transport):
+- DoS subsystem was not given the transport name of the client connection
+ when tor is a bridge and thus failing to find the GeoIP cache entry for
+ that client address. This resulted in failing to apply DoS defenses on
+ bridges with a pluggable transport. Fixes bug 33491; bugfix on
+ 0.3.3.2-alpha.
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index fd7bf6278..388690687 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1871,7 +1871,7 @@ channel_do_open_actions(channel_t *chan)
tor_free(transport_name);
/* Notify the DoS subsystem of a new client. */
if (tlschan && tlschan->conn) {
- dos_new_client_conn(tlschan->conn);
+ dos_new_client_conn(tlschan->conn, transport_name);
}
}
/* Otherwise the underlying transport can't tell us this, so skip it */
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5f9bbf90a..d06eaa6d0 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -671,7 +671,7 @@ dos_log_heartbeat(void)
/* Called when a new client connection has been established on the given
* address. */
void
-dos_new_client_conn(or_connection_t *or_conn)
+dos_new_client_conn(or_connection_t *or_conn, const char *transport_name)
{
clientmap_entry_t *entry;
@@ -692,7 +692,7 @@ dos_new_client_conn(or_connection_t *or_conn)
}
/* We are only interested in client connection from the geoip cache. */
- entry = geoip_lookup_client(_conn->real_addr, NULL,
+ entry = geoip_lookup_client(_conn->real_addr, transport_name,
GEOIP_CLIENT_CONNECT);
if (BUG(entry == NULL)) {
/* Should never happen because we note down the address in the geoip
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 95448d053..058b7afce 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -53,7 +53,8 @@ int dos_enabled(void);
void dos_log_heartbeat(void);
void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent);
-void dos_new_client_conn(or_connection_t *or_conn);
+void dos_new_client_conn(or_connection_t *or_conn,
+ const char *transport_name);
void dos_close_client_conn(const or_connection_t *or_conn);
int dos_should_refuse_single_hop_client(void);
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 4756c5014..01d7cd006 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -79,7 +79,7 @@ test_dos_conn_creation(void *arg)
{ /* Register many conns from this client but not enough to get it blocked */
unsigned int i;
for (i = 0; i < max_concurrent_conns; i++) {
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
}
}
@@ -88,7 +88,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and check that new conns are not allowed anymore */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -98,7 +98,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and see that defense measures get reactivated */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -153,7 +153,7 @@ test_dos_circuit_creation(void *arg)
* circuit counting subsystem */
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
for (i = 0; i < min_conc_conns_for_cc ; i++) {
-dos_new_client_conn(_conn);
+dos_new_client_conn(_conn, NULL);
}
/* Register new circuits for this client and conn, but not enough to get
@@ -217,7 +217,7 @@ test_dos_bucket_refill(void *arg)
/* Register this client */
[tor-commits] [tor/maint-0.4.3] Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
commit d380acaecad5f554f7294cfcd7fbf100f9bbaca3 Merge: 38e07b88f 894ff2dc8 Author: teor Date: Thu Apr 9 11:02:49 2020 +1000 Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.3] Merge branch 'maint-0.4.2' into maint-0.4.3
commit 2d6f00e45b3003337242704e0fde2d2adbaa6cf5 Merge: 34faee060 2d7e08d57 Author: teor Date: Thu Apr 9 11:03:34 2020 +1000 Merge branch 'maint-0.4.2' into maint-0.4.3 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.1] Merge branch 'maint-0.4.1' into release-0.4.1
commit 1163d9a62fb40ecea50ff1279dcb55bcd7cced32 Merge: 23e401749 987f2fa50 Author: teor Date: Thu Apr 9 11:03:24 2020 +1000 Merge branch 'maint-0.4.1' into release-0.4.1 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.1] dos: Pass transport name on new client connection
commit 894ff2dc8422cb86312c512698acd76476224f87
Author: David Goulet
Date: Tue Mar 10 14:45:13 2020 -0400
dos: Pass transport name on new client connection
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes #33491
Signed-off-by: David Goulet
---
changes/ticket33491 | 6 ++
src/core/or/channel.c | 2 +-
src/core/or/dos.c | 4 ++--
src/core/or/dos.h | 3 ++-
src/test/test_dos.c | 24
5 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/changes/ticket33491 b/changes/ticket33491
new file mode 100644
index 0..595ea863e
--- /dev/null
+++ b/changes/ticket33491
@@ -0,0 +1,6 @@
+ o Major bugfixes (DoS defenses, bridges, pluggable transport):
+- DoS subsystem was not given the transport name of the client connection
+ when tor is a bridge and thus failing to find the GeoIP cache entry for
+ that client address. This resulted in failing to apply DoS defenses on
+ bridges with a pluggable transport. Fixes bug 33491; bugfix on
+ 0.3.3.2-alpha.
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index fd7bf6278..388690687 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1871,7 +1871,7 @@ channel_do_open_actions(channel_t *chan)
tor_free(transport_name);
/* Notify the DoS subsystem of a new client. */
if (tlschan && tlschan->conn) {
- dos_new_client_conn(tlschan->conn);
+ dos_new_client_conn(tlschan->conn, transport_name);
}
}
/* Otherwise the underlying transport can't tell us this, so skip it */
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5f9bbf90a..d06eaa6d0 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -671,7 +671,7 @@ dos_log_heartbeat(void)
/* Called when a new client connection has been established on the given
* address. */
void
-dos_new_client_conn(or_connection_t *or_conn)
+dos_new_client_conn(or_connection_t *or_conn, const char *transport_name)
{
clientmap_entry_t *entry;
@@ -692,7 +692,7 @@ dos_new_client_conn(or_connection_t *or_conn)
}
/* We are only interested in client connection from the geoip cache. */
- entry = geoip_lookup_client(_conn->real_addr, NULL,
+ entry = geoip_lookup_client(_conn->real_addr, transport_name,
GEOIP_CLIENT_CONNECT);
if (BUG(entry == NULL)) {
/* Should never happen because we note down the address in the geoip
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 95448d053..058b7afce 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -53,7 +53,8 @@ int dos_enabled(void);
void dos_log_heartbeat(void);
void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent);
-void dos_new_client_conn(or_connection_t *or_conn);
+void dos_new_client_conn(or_connection_t *or_conn,
+ const char *transport_name);
void dos_close_client_conn(const or_connection_t *or_conn);
int dos_should_refuse_single_hop_client(void);
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 4756c5014..01d7cd006 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -79,7 +79,7 @@ test_dos_conn_creation(void *arg)
{ /* Register many conns from this client but not enough to get it blocked */
unsigned int i;
for (i = 0; i < max_concurrent_conns; i++) {
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
}
}
@@ -88,7 +88,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and check that new conns are not allowed anymore */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -98,7 +98,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and see that defense measures get reactivated */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -153,7 +153,7 @@ test_dos_circuit_creation(void *arg)
* circuit counting subsystem */
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
for (i = 0; i < min_conc_conns_for_cc ; i++) {
-dos_new_client_conn(_conn);
+dos_new_client_conn(_conn, NULL);
}
/* Register new circuits for this client and conn, but not enough to get
@@ -217,7 +217,7 @@ test_dos_bucket_refill(void *arg)
/* Register this client */
[tor-commits] [tor/maint-0.4.3] Merge branch 'maint-0.4.1' into maint-0.4.2
commit 2d7e08d57ef5d3b785cfaa6961d6d3c73fe59535 Merge: 048714d2c 987f2fa50 Author: teor Date: Thu Apr 9 11:03:27 2020 +1000 Merge branch 'maint-0.4.1' into maint-0.4.2 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.2] dos: Pass transport name on new client connection
commit 894ff2dc8422cb86312c512698acd76476224f87
Author: David Goulet
Date: Tue Mar 10 14:45:13 2020 -0400
dos: Pass transport name on new client connection
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes #33491
Signed-off-by: David Goulet
---
changes/ticket33491 | 6 ++
src/core/or/channel.c | 2 +-
src/core/or/dos.c | 4 ++--
src/core/or/dos.h | 3 ++-
src/test/test_dos.c | 24
5 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/changes/ticket33491 b/changes/ticket33491
new file mode 100644
index 0..595ea863e
--- /dev/null
+++ b/changes/ticket33491
@@ -0,0 +1,6 @@
+ o Major bugfixes (DoS defenses, bridges, pluggable transport):
+- DoS subsystem was not given the transport name of the client connection
+ when tor is a bridge and thus failing to find the GeoIP cache entry for
+ that client address. This resulted in failing to apply DoS defenses on
+ bridges with a pluggable transport. Fixes bug 33491; bugfix on
+ 0.3.3.2-alpha.
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index fd7bf6278..388690687 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1871,7 +1871,7 @@ channel_do_open_actions(channel_t *chan)
tor_free(transport_name);
/* Notify the DoS subsystem of a new client. */
if (tlschan && tlschan->conn) {
- dos_new_client_conn(tlschan->conn);
+ dos_new_client_conn(tlschan->conn, transport_name);
}
}
/* Otherwise the underlying transport can't tell us this, so skip it */
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5f9bbf90a..d06eaa6d0 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -671,7 +671,7 @@ dos_log_heartbeat(void)
/* Called when a new client connection has been established on the given
* address. */
void
-dos_new_client_conn(or_connection_t *or_conn)
+dos_new_client_conn(or_connection_t *or_conn, const char *transport_name)
{
clientmap_entry_t *entry;
@@ -692,7 +692,7 @@ dos_new_client_conn(or_connection_t *or_conn)
}
/* We are only interested in client connection from the geoip cache. */
- entry = geoip_lookup_client(_conn->real_addr, NULL,
+ entry = geoip_lookup_client(_conn->real_addr, transport_name,
GEOIP_CLIENT_CONNECT);
if (BUG(entry == NULL)) {
/* Should never happen because we note down the address in the geoip
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 95448d053..058b7afce 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -53,7 +53,8 @@ int dos_enabled(void);
void dos_log_heartbeat(void);
void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent);
-void dos_new_client_conn(or_connection_t *or_conn);
+void dos_new_client_conn(or_connection_t *or_conn,
+ const char *transport_name);
void dos_close_client_conn(const or_connection_t *or_conn);
int dos_should_refuse_single_hop_client(void);
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 4756c5014..01d7cd006 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -79,7 +79,7 @@ test_dos_conn_creation(void *arg)
{ /* Register many conns from this client but not enough to get it blocked */
unsigned int i;
for (i = 0; i < max_concurrent_conns; i++) {
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
}
}
@@ -88,7 +88,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and check that new conns are not allowed anymore */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -98,7 +98,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and see that defense measures get reactivated */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -153,7 +153,7 @@ test_dos_circuit_creation(void *arg)
* circuit counting subsystem */
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
for (i = 0; i < min_conc_conns_for_cc ; i++) {
-dos_new_client_conn(_conn);
+dos_new_client_conn(_conn, NULL);
}
/* Register new circuits for this client and conn, but not enough to get
@@ -217,7 +217,7 @@ test_dos_bucket_refill(void *arg)
/* Register this client */
[tor-commits] [tor/release-0.3.5] Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
commit d380acaecad5f554f7294cfcd7fbf100f9bbaca3 Merge: 38e07b88f 894ff2dc8 Author: teor Date: Thu Apr 9 11:02:49 2020 +1000 Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.2] Merge branch 'maint-0.4.1' into maint-0.4.2
commit 2d7e08d57ef5d3b785cfaa6961d6d3c73fe59535 Merge: 048714d2c 987f2fa50 Author: teor Date: Thu Apr 9 11:03:27 2020 +1000 Merge branch 'maint-0.4.1' into maint-0.4.2 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.1] dos: Pass transport name on new client connection
commit 894ff2dc8422cb86312c512698acd76476224f87
Author: David Goulet
Date: Tue Mar 10 14:45:13 2020 -0400
dos: Pass transport name on new client connection
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes #33491
Signed-off-by: David Goulet
---
changes/ticket33491 | 6 ++
src/core/or/channel.c | 2 +-
src/core/or/dos.c | 4 ++--
src/core/or/dos.h | 3 ++-
src/test/test_dos.c | 24
5 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/changes/ticket33491 b/changes/ticket33491
new file mode 100644
index 0..595ea863e
--- /dev/null
+++ b/changes/ticket33491
@@ -0,0 +1,6 @@
+ o Major bugfixes (DoS defenses, bridges, pluggable transport):
+- DoS subsystem was not given the transport name of the client connection
+ when tor is a bridge and thus failing to find the GeoIP cache entry for
+ that client address. This resulted in failing to apply DoS defenses on
+ bridges with a pluggable transport. Fixes bug 33491; bugfix on
+ 0.3.3.2-alpha.
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index fd7bf6278..388690687 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1871,7 +1871,7 @@ channel_do_open_actions(channel_t *chan)
tor_free(transport_name);
/* Notify the DoS subsystem of a new client. */
if (tlschan && tlschan->conn) {
- dos_new_client_conn(tlschan->conn);
+ dos_new_client_conn(tlschan->conn, transport_name);
}
}
/* Otherwise the underlying transport can't tell us this, so skip it */
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5f9bbf90a..d06eaa6d0 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -671,7 +671,7 @@ dos_log_heartbeat(void)
/* Called when a new client connection has been established on the given
* address. */
void
-dos_new_client_conn(or_connection_t *or_conn)
+dos_new_client_conn(or_connection_t *or_conn, const char *transport_name)
{
clientmap_entry_t *entry;
@@ -692,7 +692,7 @@ dos_new_client_conn(or_connection_t *or_conn)
}
/* We are only interested in client connection from the geoip cache. */
- entry = geoip_lookup_client(_conn->real_addr, NULL,
+ entry = geoip_lookup_client(_conn->real_addr, transport_name,
GEOIP_CLIENT_CONNECT);
if (BUG(entry == NULL)) {
/* Should never happen because we note down the address in the geoip
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 95448d053..058b7afce 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -53,7 +53,8 @@ int dos_enabled(void);
void dos_log_heartbeat(void);
void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent);
-void dos_new_client_conn(or_connection_t *or_conn);
+void dos_new_client_conn(or_connection_t *or_conn,
+ const char *transport_name);
void dos_close_client_conn(const or_connection_t *or_conn);
int dos_should_refuse_single_hop_client(void);
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 4756c5014..01d7cd006 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -79,7 +79,7 @@ test_dos_conn_creation(void *arg)
{ /* Register many conns from this client but not enough to get it blocked */
unsigned int i;
for (i = 0; i < max_concurrent_conns; i++) {
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
}
}
@@ -88,7 +88,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and check that new conns are not allowed anymore */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -98,7 +98,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and see that defense measures get reactivated */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -153,7 +153,7 @@ test_dos_circuit_creation(void *arg)
* circuit counting subsystem */
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
for (i = 0; i < min_conc_conns_for_cc ; i++) {
-dos_new_client_conn(_conn);
+dos_new_client_conn(_conn, NULL);
}
/* Register new circuits for this client and conn, but not enough to get
@@ -217,7 +217,7 @@ test_dos_bucket_refill(void *arg)
/* Register this client */
[tor-commits] [tor/maint-0.4.2] Merge branch 'maint-0.3.5' into maint-0.4.1
commit 987f2fa50ac26af61917c7a6e13dc62f3ddb23ee Merge: 26fd31fef d380acaec Author: teor Date: Thu Apr 9 11:03:20 2020 +1000 Merge branch 'maint-0.3.5' into maint-0.4.1 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.3] dos: Pass transport name on new client connection
commit 894ff2dc8422cb86312c512698acd76476224f87
Author: David Goulet
Date: Tue Mar 10 14:45:13 2020 -0400
dos: Pass transport name on new client connection
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes #33491
Signed-off-by: David Goulet
---
changes/ticket33491 | 6 ++
src/core/or/channel.c | 2 +-
src/core/or/dos.c | 4 ++--
src/core/or/dos.h | 3 ++-
src/test/test_dos.c | 24
5 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/changes/ticket33491 b/changes/ticket33491
new file mode 100644
index 0..595ea863e
--- /dev/null
+++ b/changes/ticket33491
@@ -0,0 +1,6 @@
+ o Major bugfixes (DoS defenses, bridges, pluggable transport):
+- DoS subsystem was not given the transport name of the client connection
+ when tor is a bridge and thus failing to find the GeoIP cache entry for
+ that client address. This resulted in failing to apply DoS defenses on
+ bridges with a pluggable transport. Fixes bug 33491; bugfix on
+ 0.3.3.2-alpha.
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index fd7bf6278..388690687 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1871,7 +1871,7 @@ channel_do_open_actions(channel_t *chan)
tor_free(transport_name);
/* Notify the DoS subsystem of a new client. */
if (tlschan && tlschan->conn) {
- dos_new_client_conn(tlschan->conn);
+ dos_new_client_conn(tlschan->conn, transport_name);
}
}
/* Otherwise the underlying transport can't tell us this, so skip it */
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5f9bbf90a..d06eaa6d0 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -671,7 +671,7 @@ dos_log_heartbeat(void)
/* Called when a new client connection has been established on the given
* address. */
void
-dos_new_client_conn(or_connection_t *or_conn)
+dos_new_client_conn(or_connection_t *or_conn, const char *transport_name)
{
clientmap_entry_t *entry;
@@ -692,7 +692,7 @@ dos_new_client_conn(or_connection_t *or_conn)
}
/* We are only interested in client connection from the geoip cache. */
- entry = geoip_lookup_client(_conn->real_addr, NULL,
+ entry = geoip_lookup_client(_conn->real_addr, transport_name,
GEOIP_CLIENT_CONNECT);
if (BUG(entry == NULL)) {
/* Should never happen because we note down the address in the geoip
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 95448d053..058b7afce 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -53,7 +53,8 @@ int dos_enabled(void);
void dos_log_heartbeat(void);
void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent);
-void dos_new_client_conn(or_connection_t *or_conn);
+void dos_new_client_conn(or_connection_t *or_conn,
+ const char *transport_name);
void dos_close_client_conn(const or_connection_t *or_conn);
int dos_should_refuse_single_hop_client(void);
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 4756c5014..01d7cd006 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -79,7 +79,7 @@ test_dos_conn_creation(void *arg)
{ /* Register many conns from this client but not enough to get it blocked */
unsigned int i;
for (i = 0; i < max_concurrent_conns; i++) {
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
}
}
@@ -88,7 +88,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and check that new conns are not allowed anymore */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -98,7 +98,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and see that defense measures get reactivated */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -153,7 +153,7 @@ test_dos_circuit_creation(void *arg)
* circuit counting subsystem */
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
for (i = 0; i < min_conc_conns_for_cc ; i++) {
-dos_new_client_conn(_conn);
+dos_new_client_conn(_conn, NULL);
}
/* Register new circuits for this client and conn, but not enough to get
@@ -217,7 +217,7 @@ test_dos_bucket_refill(void *arg)
/* Register this client */
[tor-commits] [tor/maint-0.4.1] Merge branch 'maint-0.3.5' into maint-0.4.1
commit 987f2fa50ac26af61917c7a6e13dc62f3ddb23ee Merge: 26fd31fef d380acaec Author: teor Date: Thu Apr 9 11:03:20 2020 +1000 Merge branch 'maint-0.3.5' into maint-0.4.1 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.2] Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
commit d380acaecad5f554f7294cfcd7fbf100f9bbaca3 Merge: 38e07b88f 894ff2dc8 Author: teor Date: Thu Apr 9 11:02:49 2020 +1000 Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.3] Merge branch 'maint-0.3.5' into maint-0.4.1
commit 987f2fa50ac26af61917c7a6e13dc62f3ddb23ee Merge: 26fd31fef d380acaec Author: teor Date: Thu Apr 9 11:03:20 2020 +1000 Merge branch 'maint-0.3.5' into maint-0.4.1 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.2] dos: Pass transport name on new client connection
commit 894ff2dc8422cb86312c512698acd76476224f87
Author: David Goulet
Date: Tue Mar 10 14:45:13 2020 -0400
dos: Pass transport name on new client connection
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes #33491
Signed-off-by: David Goulet
---
changes/ticket33491 | 6 ++
src/core/or/channel.c | 2 +-
src/core/or/dos.c | 4 ++--
src/core/or/dos.h | 3 ++-
src/test/test_dos.c | 24
5 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/changes/ticket33491 b/changes/ticket33491
new file mode 100644
index 0..595ea863e
--- /dev/null
+++ b/changes/ticket33491
@@ -0,0 +1,6 @@
+ o Major bugfixes (DoS defenses, bridges, pluggable transport):
+- DoS subsystem was not given the transport name of the client connection
+ when tor is a bridge and thus failing to find the GeoIP cache entry for
+ that client address. This resulted in failing to apply DoS defenses on
+ bridges with a pluggable transport. Fixes bug 33491; bugfix on
+ 0.3.3.2-alpha.
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index fd7bf6278..388690687 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1871,7 +1871,7 @@ channel_do_open_actions(channel_t *chan)
tor_free(transport_name);
/* Notify the DoS subsystem of a new client. */
if (tlschan && tlschan->conn) {
- dos_new_client_conn(tlschan->conn);
+ dos_new_client_conn(tlschan->conn, transport_name);
}
}
/* Otherwise the underlying transport can't tell us this, so skip it */
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5f9bbf90a..d06eaa6d0 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -671,7 +671,7 @@ dos_log_heartbeat(void)
/* Called when a new client connection has been established on the given
* address. */
void
-dos_new_client_conn(or_connection_t *or_conn)
+dos_new_client_conn(or_connection_t *or_conn, const char *transport_name)
{
clientmap_entry_t *entry;
@@ -692,7 +692,7 @@ dos_new_client_conn(or_connection_t *or_conn)
}
/* We are only interested in client connection from the geoip cache. */
- entry = geoip_lookup_client(_conn->real_addr, NULL,
+ entry = geoip_lookup_client(_conn->real_addr, transport_name,
GEOIP_CLIENT_CONNECT);
if (BUG(entry == NULL)) {
/* Should never happen because we note down the address in the geoip
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 95448d053..058b7afce 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -53,7 +53,8 @@ int dos_enabled(void);
void dos_log_heartbeat(void);
void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent);
-void dos_new_client_conn(or_connection_t *or_conn);
+void dos_new_client_conn(or_connection_t *or_conn,
+ const char *transport_name);
void dos_close_client_conn(const or_connection_t *or_conn);
int dos_should_refuse_single_hop_client(void);
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 4756c5014..01d7cd006 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -79,7 +79,7 @@ test_dos_conn_creation(void *arg)
{ /* Register many conns from this client but not enough to get it blocked */
unsigned int i;
for (i = 0; i < max_concurrent_conns; i++) {
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
}
}
@@ -88,7 +88,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and check that new conns are not allowed anymore */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -98,7 +98,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and see that defense measures get reactivated */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -153,7 +153,7 @@ test_dos_circuit_creation(void *arg)
* circuit counting subsystem */
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
for (i = 0; i < min_conc_conns_for_cc ; i++) {
-dos_new_client_conn(_conn);
+dos_new_client_conn(_conn, NULL);
}
/* Register new circuits for this client and conn, but not enough to get
@@ -217,7 +217,7 @@ test_dos_bucket_refill(void *arg)
/* Register this client */
[tor-commits] [tor/master] Merge branch 'maint-0.4.3'
commit 59819b2916ec6d405f9f905dfa5a79791c7cfa48 Merge: 9bd73da7c 2d6f00e45 Author: teor Date: Thu Apr 9 11:03:40 2020 +1000 Merge branch 'maint-0.4.3' ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.3.5] dos: Pass transport name on new client connection
commit 894ff2dc8422cb86312c512698acd76476224f87
Author: David Goulet
Date: Tue Mar 10 14:45:13 2020 -0400
dos: Pass transport name on new client connection
For a bridge configured with a pluggable transport, the transport name is
used, with the IP address, for the GeoIP client cache entry.
However, the DoS subsystem was not aware of it and always passing NULL when
doing a lookup into the GeoIP cache.
This resulted in bridges with a PT are never able to apply DoS defenses for
newly created connections.
Fixes #33491
Signed-off-by: David Goulet
---
changes/ticket33491 | 6 ++
src/core/or/channel.c | 2 +-
src/core/or/dos.c | 4 ++--
src/core/or/dos.h | 3 ++-
src/test/test_dos.c | 24
5 files changed, 23 insertions(+), 16 deletions(-)
diff --git a/changes/ticket33491 b/changes/ticket33491
new file mode 100644
index 0..595ea863e
--- /dev/null
+++ b/changes/ticket33491
@@ -0,0 +1,6 @@
+ o Major bugfixes (DoS defenses, bridges, pluggable transport):
+- DoS subsystem was not given the transport name of the client connection
+ when tor is a bridge and thus failing to find the GeoIP cache entry for
+ that client address. This resulted in failing to apply DoS defenses on
+ bridges with a pluggable transport. Fixes bug 33491; bugfix on
+ 0.3.3.2-alpha.
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index fd7bf6278..388690687 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -1871,7 +1871,7 @@ channel_do_open_actions(channel_t *chan)
tor_free(transport_name);
/* Notify the DoS subsystem of a new client. */
if (tlschan && tlschan->conn) {
- dos_new_client_conn(tlschan->conn);
+ dos_new_client_conn(tlschan->conn, transport_name);
}
}
/* Otherwise the underlying transport can't tell us this, so skip it */
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index 5f9bbf90a..d06eaa6d0 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -671,7 +671,7 @@ dos_log_heartbeat(void)
/* Called when a new client connection has been established on the given
* address. */
void
-dos_new_client_conn(or_connection_t *or_conn)
+dos_new_client_conn(or_connection_t *or_conn, const char *transport_name)
{
clientmap_entry_t *entry;
@@ -692,7 +692,7 @@ dos_new_client_conn(or_connection_t *or_conn)
}
/* We are only interested in client connection from the geoip cache. */
- entry = geoip_lookup_client(_conn->real_addr, NULL,
+ entry = geoip_lookup_client(_conn->real_addr, transport_name,
GEOIP_CLIENT_CONNECT);
if (BUG(entry == NULL)) {
/* Should never happen because we note down the address in the geoip
diff --git a/src/core/or/dos.h b/src/core/or/dos.h
index 95448d053..058b7afce 100644
--- a/src/core/or/dos.h
+++ b/src/core/or/dos.h
@@ -53,7 +53,8 @@ int dos_enabled(void);
void dos_log_heartbeat(void);
void dos_geoip_entry_about_to_free(const struct clientmap_entry_t *geoip_ent);
-void dos_new_client_conn(or_connection_t *or_conn);
+void dos_new_client_conn(or_connection_t *or_conn,
+ const char *transport_name);
void dos_close_client_conn(const or_connection_t *or_conn);
int dos_should_refuse_single_hop_client(void);
diff --git a/src/test/test_dos.c b/src/test/test_dos.c
index 4756c5014..01d7cd006 100644
--- a/src/test/test_dos.c
+++ b/src/test/test_dos.c
@@ -79,7 +79,7 @@ test_dos_conn_creation(void *arg)
{ /* Register many conns from this client but not enough to get it blocked */
unsigned int i;
for (i = 0; i < max_concurrent_conns; i++) {
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
}
}
@@ -88,7 +88,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and check that new conns are not allowed anymore */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -98,7 +98,7 @@ test_dos_conn_creation(void *arg)
dos_conn_addr_get_defense_type(addr));
/* Register another conn and see that defense measures get reactivated */
- dos_new_client_conn(_conn);
+ dos_new_client_conn(_conn, NULL);
tt_int_op(DOS_CONN_DEFENSE_CLOSE, OP_EQ,
dos_conn_addr_get_defense_type(addr));
@@ -153,7 +153,7 @@ test_dos_circuit_creation(void *arg)
* circuit counting subsystem */
geoip_note_client_seen(GEOIP_CLIENT_CONNECT, addr, NULL, now);
for (i = 0; i < min_conc_conns_for_cc ; i++) {
-dos_new_client_conn(_conn);
+dos_new_client_conn(_conn, NULL);
}
/* Register new circuits for this client and conn, but not enough to get
@@ -217,7 +217,7 @@ test_dos_bucket_refill(void *arg)
/* Register this client */
[tor-commits] [tor/maint-0.3.5] Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
commit d380acaecad5f554f7294cfcd7fbf100f9bbaca3 Merge: 38e07b88f 894ff2dc8 Author: teor Date: Thu Apr 9 11:02:49 2020 +1000 Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.1] Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
commit d380acaecad5f554f7294cfcd7fbf100f9bbaca3 Merge: 38e07b88f 894ff2dc8 Author: teor Date: Thu Apr 9 11:02:49 2020 +1000 Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'pr1854_squashed' into maint-0.4.3
commit f6efb3a184341b5b46c8a565e2ec297d2846e45c Merge: 2d6f00e45 cd2121a12 Author: teor Date: Thu Apr 9 11:05:59 2020 +1000 Merge branch 'pr1854_squashed' into maint-0.4.3 Squashed PR 1854, and fixed a minor typo (IPv4 -> IPv6). changes/ticket33804 | 7 +++ doc/tor.1.txt | 7 +++ src/app/config/config.c | 4 ++-- src/test/test_config.c | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.4.2' into maint-0.4.3
commit 2d6f00e45b3003337242704e0fde2d2adbaa6cf5 Merge: 34faee060 2d7e08d57 Author: teor Date: Thu Apr 9 11:03:34 2020 +1000 Merge branch 'maint-0.4.2' into maint-0.4.3 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5
commit d380acaecad5f554f7294cfcd7fbf100f9bbaca3 Merge: 38e07b88f 894ff2dc8 Author: teor Date: Thu Apr 9 11:02:49 2020 +1000 Merge remote-tracking branch 'tor-github/pr/1784' into maint-0.3.5 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.4.3'
commit 4e3a17facdf67dc5634f2899a7839b99b515fe63 Merge: 59819b291 f6efb3a18 Author: teor Date: Thu Apr 9 11:06:51 2020 +1000 Merge branch 'maint-0.4.3' "ours" merge, to avoid taking PR 1854, which reverts "Prefer IPv6 by default" for 0.4.3 only. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] client: Revert setting PreferIPv6 on by default
commit cd2121a1262c2d51b8b9174933db5c985f0ccc55 Author: David Goulet Date: Tue Apr 7 09:04:01 2020 -0400 client: Revert setting PreferIPv6 on by default This change broke torsocks that by default is expecting an IPv4 for hostname resolution because it can't ask tor for a specific IP version with the SOCKS5 extension. PreferIPv6 made it that sometimes the IPv6 could be returned to torsocks that was expecting an IPv4. Torsocks is probably a very unique case because the runtime flow is that it hijacks DNS resolution (ex: getaddrinfo()), gets an IP and then sends it back for the connect() to happen. The libc has DNS resolution functions that allows the caller to request a specific INET family but torsocks can't tell tor to resolve the hostname only to an IPv4 or IPv6 and thus by default fallsback to IPv4. Reverting this change into 0.4.3.x series but we'll keep it in the 0.4.4.x series in the hope that we add this SOCKS5 extension to tor for DNS resolution and then change torsocks to use that. Fixes #33804 Signed-off-by: David Goulet --- changes/ticket33804 | 7 +++ doc/tor.1.txt | 7 +++ src/app/config/config.c | 4 ++-- src/test/test_config.c | 2 +- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/changes/ticket33804 b/changes/ticket33804 new file mode 100644 index 0..254246dac --- /dev/null +++ b/changes/ticket33804 @@ -0,0 +1,7 @@ + o Minor bugfixes (client, SocksPort, IPv6): +- Revert PreferIPv6 set by default on the SocksPort because it brokes the + torsocks use case. Tor doesn't have a way for an application to request + the hostname to be resolved for a specific IP version but torsocks + requires that. Up until now, IPv4 was used by default so it is expecting + that, and can't handle a possible IPv6 being returned. Fixes bug 33804; + bugfix on 0.4.3.1-alpha. diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 79809832c..b2014842c 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1492,10 +1492,9 @@ The following options are useful only for clients (that is, if requests on this connection. This option is only relevant when SOCKS5 is in use, because SOCKS4 can't handle IPv6. (Allowing IPv6 is the default.) -**NoPreferIPv6**;; +**PreferIPv6**;; Tells exits that, if a host has both an IPv4 and an IPv6 address, -we would prefer to connect to it via IPv4. (IPv6 is the default in -recent versions of Tor.) +we would prefer to connect to it via IPv6. (IPv4 is the default.) **NoDNSRequest**;; Do not ask exits to resolve DNS addresses in SOCKS5 requests. Tor will connect to IPv4 addresses, IPv6 addresses (if IPv6Traffic is set) and @@ -1537,7 +1536,7 @@ The following options are useful only for clients (that is, if When serving a hostname lookup request on this port that should get automapped (according to AutomapHostsOnResolve), if we could return either an IPv4 or an IPv6 answer, prefer -an IPv4 answer. (Tor prefers IPv6 by default.) +an IPv4 answer. (Tor prefers IPv4 by default.) **PreferSOCKSNoAuth**;; Ordinarily, when an application offers both "username/password authentication" and "no authentication" to Tor via SOCKS5, Tor diff --git a/src/app/config/config.c b/src/app/config/config.c index bbf984ad0..c7ac9d631 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -5886,7 +5886,7 @@ port_cfg_new(size_t namelen) port_cfg_t *cfg = tor_malloc_zero(sizeof(port_cfg_t) + namelen + 1); cfg->entry_cfg.ipv4_traffic = 1; cfg->entry_cfg.ipv6_traffic = 1; - cfg->entry_cfg.prefer_ipv6 = 1; + cfg->entry_cfg.prefer_ipv6 = 0; cfg->entry_cfg.dns_request = 1; cfg->entry_cfg.onion_traffic = 1; cfg->entry_cfg.prefer_ipv6_virtaddr = 1; @@ -6134,7 +6134,7 @@ port_parse_config(smartlist_t *out, /* This must be kept in sync with port_cfg_new's defaults */ int no_listen = 0, no_advertise = 0, all_addrs = 0, bind_ipv4_only = 0, bind_ipv6_only = 0, - ipv4_traffic = 1, ipv6_traffic = 1, prefer_ipv6 = 1, dns_request = 1, + ipv4_traffic = 1, ipv6_traffic = 1, prefer_ipv6 = 0, dns_request = 1, onion_traffic = 1, cache_ipv4 = 0, use_cached_ipv4 = 0, cache_ipv6 = 0, use_cached_ipv6 = 0, diff --git a/src/test/test_config.c b/src/test/test_config.c index ee277104f..7b9812f55 100644 --- a/src/test/test_config.c +++ b/src/test/test_config.c @@ -4159,7 +4159,7 @@ test_config_parse_port_config__ports__ports_given(void *data) tt_int_op(port_cfg->entry_cfg.dns_request, OP_EQ, 1); tt_int_op(port_cfg->entry_cfg.ipv4_traffic, OP_EQ, 1); tt_int_op(port_cfg->entry_cfg.ipv6_traffic, OP_EQ, 1); - tt_int_op(port_cfg->entry_cfg.prefer_ipv6, OP_EQ, 1); + tt_int_op(port_cfg->entry_cfg.prefer_ipv6, OP_EQ, 0);
[tor-commits] [tor/master] Merge branch 'maint-0.3.5' into maint-0.4.1
commit 987f2fa50ac26af61917c7a6e13dc62f3ddb23ee Merge: 26fd31fef d380acaec Author: teor Date: Thu Apr 9 11:03:20 2020 +1000 Merge branch 'maint-0.3.5' into maint-0.4.1 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.4.1' into maint-0.4.2
commit 2d7e08d57ef5d3b785cfaa6961d6d3c73fe59535 Merge: 048714d2c 987f2fa50 Author: teor Date: Thu Apr 9 11:03:27 2020 +1000 Merge branch 'maint-0.4.1' into maint-0.4.2 changes/ticket33491 | 6 ++ src/core/or/channel.c | 2 +- src/core/or/dos.c | 4 ++-- src/core/or/dos.h | 3 ++- src/test/test_dos.c | 24 5 files changed, 23 insertions(+), 16 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'pr1838_squashed'
commit 065ccda4f67023c752162227c77b0e1319e30b85 Merge: 00ce25a72 ea9ff5892 Author: teor Date: Tue Apr 7 17:36:17 2020 +1000 Merge branch 'pr1838_squashed' changes/ticket31634| 4 ++ doc/tor.1.txt | 7 +++ scripts/maint/practracker/includes.py | 90 +- scripts/maint/run_check_subsystem_order.sh | 17 ++ src/app/config/config.c| 7 +++ src/app/main/subsysmgr.c | 14 + src/app/main/subsysmgr.h | 2 + src/core/mainloop/mainloop_sys.c | 1 + src/core/or/or_sys.c | 1 + src/feature/control/btrack.c | 1 + src/feature/dirauth/dirauth_stub.c | 1 + src/feature/dirauth/dirauth_sys.c | 1 + src/feature/relay/relay_stub.c | 1 + src/feature/relay/relay_sys.c | 1 + src/lib/compress/compress.c| 1 + src/lib/crypt_ops/crypto_init.c| 1 + src/lib/err/torerr_sys.c | 1 + src/lib/evloop/evloop_sys.c| 1 + src/lib/llharden/winprocess_sys.c | 1 + src/lib/log/log_sys.c | 1 + src/lib/net/network_sys.c | 1 + src/lib/process/process_sys.c | 1 + src/lib/subsys/subsys.h| 13 + src/lib/thread/compat_threads.c| 1 + src/lib/time/time_sys.c| 1 + src/lib/tls/tortls.c | 1 + src/lib/wallclock/approx_time.c| 1 + src/test/include.am| 4 +- 28 files changed, 174 insertions(+), 3 deletions(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make check_subsystem_order work in out-of-tree builds.
commit 5f49695f94abd089dfbaa2e219ac277aa5c15242
Author: Nick Mathewson
Date: Sat Apr 4 11:31:30 2020 -0400
Make check_subsystem_order work in out-of-tree builds.
---
scripts/maint/practracker/includes.py | 11 +++
scripts/maint/run_check_subsystem_order.sh | 2 +-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/scripts/maint/practracker/includes.py
b/scripts/maint/practracker/includes.py
index 7d70a6a0a..e08fd0d70 100755
--- a/scripts/maint/practracker/includes.py
+++ b/scripts/maint/practracker/includes.py
@@ -136,6 +136,15 @@ class Rules(object):
return allowed
+def normalize_srcdir(fname):
+"""given the name of a source directory or file, return its name
+relative to `src`.
+"""
+fname = re.sub(r'^.*/src/', "", fname)
+fname = re.sub(r'^src/', "", fname)
+fname = re.sub(r'/[^/]*\.[ch]', "", fname)
+return fname
+
include_rules_cache = {}
def load_include_rules(fname):
@@ -261,6 +270,8 @@ def open_or_stdin(fname):
return open(fname)
def check_subsys_file(fname, uses_dirs):
+uses_dirs = { normalize_srcdir(k) : { normalize_srcdir(d) for d in v }
+ for (k,v) in uses_dirs.items() }
uses_closure = closure(uses_dirs)
ok = True
previous_subsystems = []
diff --git a/scripts/maint/run_check_subsystem_order.sh
b/scripts/maint/run_check_subsystem_order.sh
index 1e68b9d00..4ec73bfd5 100755
--- a/scripts/maint/run_check_subsystem_order.sh
+++ b/scripts/maint/run_check_subsystem_order.sh
@@ -12,6 +12,6 @@ if ! test -x "${INCLUDES_PY}" ; then
fi
"${TOR}" --dbg-dump-subsystem-list | \
-"${INCLUDES_PY}" --check-subsystem-order -
+"${INCLUDES_PY}" --check-subsystem-order - "${abs_top_srcdir}/src"
echo ok
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Make check_subsystem_order work in distcheck builds.
commit d3db84c1e7792e75f75d3fcbf66ba1bbd7617aa9
Author: Nick Mathewson
Date: Sat Apr 4 11:31:30 2020 -0400
Make check_subsystem_order work in distcheck builds.
---
scripts/maint/practracker/includes.py | 5 +
1 file changed, 5 insertions(+)
diff --git a/scripts/maint/practracker/includes.py
b/scripts/maint/practracker/includes.py
index e08fd0d70..ff465bde6 100755
--- a/scripts/maint/practracker/includes.py
+++ b/scripts/maint/practracker/includes.py
@@ -270,6 +270,11 @@ def open_or_stdin(fname):
return open(fname)
def check_subsys_file(fname, uses_dirs):
+if not uses_dirs:
+# We're doing a distcheck build, or for some other reason there are
+# no .may_include files.
+return False
+
uses_dirs = { normalize_srcdir(k) : { normalize_srcdir(d) for d in v }
for (k,v) in uses_dirs.items() }
uses_closure = closure(uses_dirs)
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Try rewriting normalize_srcdir to normalize harder.
commit ea9ff58921da4f636a3c5faf409224cdd13c4a8a
Author: Nick Mathewson
Date: Mon Apr 6 10:48:59 2020 -0400
Try rewriting normalize_srcdir to normalize harder.
---
scripts/maint/practracker/includes.py | 33 +
1 file changed, 25 insertions(+), 8 deletions(-)
diff --git a/scripts/maint/practracker/includes.py
b/scripts/maint/practracker/includes.py
index ff465bde6..a5ee72882 100755
--- a/scripts/maint/practracker/includes.py
+++ b/scripts/maint/practracker/includes.py
@@ -59,6 +59,8 @@ ALLOWED_PATTERNS = [
re.compile(r'^micro-revision.i$'),
]
+TOPDIR = "src"
+
def pattern_is_normal(s):
for p in ALLOWED_PATTERNS:
if p.match(s):
@@ -136,14 +138,28 @@ class Rules(object):
return allowed
+
def normalize_srcdir(fname):
"""given the name of a source directory or file, return its name
-relative to `src`.
+relative to `src` in a unix-like format.
"""
-fname = re.sub(r'^.*/src/', "", fname)
-fname = re.sub(r'^src/', "", fname)
-fname = re.sub(r'/[^/]*\.[ch]', "", fname)
-return fname
+orig = fname
+dirname, dirfile = os.path.split(fname)
+if re.match(r'.*\.[ch]$', dirfile):
+fname = dirname
+
+# Now we have a directory.
+dirname, result = os.path.split(fname)
+for _ in range(100):
+# prevent excess looping in case I missed a tricky case
+dirname, dirpart = os.path.split(dirname)
+if dirpart == 'src' or dirname == "":
+#print(orig,"=>",result)
+return result
+result = "{}/{}".format(dirpart,result)
+
+print("No progress!")
+assert False
include_rules_cache = {}
@@ -273,6 +289,7 @@ def check_subsys_file(fname, uses_dirs):
if not uses_dirs:
# We're doing a distcheck build, or for some other reason there are
# no .may_include files.
+print("SKIPPING")
return False
uses_dirs = { normalize_srcdir(k) : { normalize_srcdir(d) for d in v }
@@ -284,9 +301,7 @@ def check_subsys_file(fname, uses_dirs):
with open_or_stdin(fname) as f:
for line in f:
_, name, fname = line.split()
-fname = re.sub(r'^.*/src/', "", fname)
-fname = re.sub(r'^src/', "", fname)
-fname = re.sub(r'/[^/]*\.c', "", fname)
+fname = normalize_srcdir(fname)
for prev in previous_subsystems:
if fname in uses_closure[prev]:
print("INVERSION: {} uses {}".format(prev,fname))
@@ -354,6 +369,8 @@ def main(argv):
help="Top-level directory for the tor source")
args = parser.parse_args(argv[1:])
+global TOPDIR
+TOPDIR = args.topdir
run_check_includes(topdir=args.topdir,
log_sorted_levels=args.toposort,
list_unused=args.list_unused,
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add --dbg-dump-subsystem-list command to list the subsystems.
commit ac72ecd5813e878e223df48556a43061e0d0068c
Author: Nick Mathewson
Date: Mon Sep 30 10:07:20 2019 -0400
Add --dbg-dump-subsystem-list command to list the subsystems.
I'm prefixing this with --dbg-* because it is not meant to be used
externally.
---
src/app/config/config.c | 7 +++
src/app/main/subsysmgr.c | 3 ++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/app/config/config.c b/src/app/config/config.c
index 4becae475..0ae650eb0 100644
--- a/src/app/config/config.c
+++ b/src/app/config/config.c
@@ -2498,6 +2498,9 @@ static const struct {
.command=CMD_IMMEDIATE },
{ .name="--nt-service" },
{ .name="-nt-service" },
+ { .name="--dbg-dump-subsystem-list",
+.command=CMD_IMMEDIATE,
+.quiet=QUIET_HUSH },
{ .name=NULL },
};
@@ -4604,6 +4607,10 @@ options_init_from_torrc(int argc, char **argv)
list_deprecated_options();
return 1;
}
+ if (config_line_find(cmdline_only_options, "--dbg-dump-subsystem-list")) {
+subsystems_dump_list();
+return 1;
+ }
if (config_line_find(cmdline_only_options, "--version")) {
printf("Tor version %s.\n",get_version());
diff --git a/src/app/main/subsysmgr.c b/src/app/main/subsysmgr.c
index 4913949e2..de601d28c 100644
--- a/src/app/main/subsysmgr.c
+++ b/src/app/main/subsysmgr.c
@@ -302,7 +302,8 @@ subsystems_dump_list(void)
{
for (unsigned i = 0; i < n_tor_subsystems - 1; ++i) {
const subsys_fns_t *sys = tor_subsystems[i];
-printf("% 4d\t%s\n", sys->level, sys->name);
+printf("% 4d\t%16s\t%s\n", sys->level, sys->name,
+ sys->location?sys->location:"");
}
}
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] add changes file for 31634
commit f9c57313d03abccbbbcffc808464365500baced8 Author: Nick Mathewson Date: Thu Mar 26 12:40:56 2020 -0400 add changes file for 31634 --- changes/ticket31634 | 4 1 file changed, 4 insertions(+) diff --git a/changes/ticket31634 b/changes/ticket31634 new file mode 100644 index 0..277759503 --- /dev/null +++ b/changes/ticket31634 @@ -0,0 +1,4 @@ + o Minor features (testing, architeture): +- Our test scripts now double-check that subsystem initialization order + is consistent with the inter-module dependencies established by our + .may_include files. Implements ticket 31634. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Extend includes.py to compare topology with subsystem init order.
commit a40d539f7cce851a4a66c68a14917e1681972475
Author: Nick Mathewson
Date: Fri Feb 14 12:58:39 2020 -0500
Extend includes.py to compare topology with subsystem init order.
---
scripts/maint/practracker/includes.py | 50 +--
1 file changed, 48 insertions(+), 2 deletions(-)
diff --git a/scripts/maint/practracker/includes.py
b/scripts/maint/practracker/includes.py
index e9b02c35b..7af378d5c 100755
--- a/scripts/maint/practracker/includes.py
+++ b/scripts/maint/practracker/includes.py
@@ -173,6 +173,27 @@ def remove_self_edges(graph):
for k in list(graph):
graph[k] = [ d for d in graph[k] if d != k ]
+def closure(graph):
+"""Takes a directed graph in as an adjacency mapping (a mapping from
+ node to a list of the nodes to which it connects), and completes
+ its closure.
+"""
+graph = graph.copy()
+changed = False
+for k in graph.keys():
+graph[k] = set(graph[k])
+while True:
+for k in graph.keys():
+sz = len(graph[k])
+for v in list(graph[k]):
+graph[k].update(graph.get(v, []))
+if sz != len(graph[k]):
+changed = True
+
+if not changed:
+return graph
+changed = False
+
def toposort(graph, limit=100):
"""Takes a directed graph in as an adjacency mapping (a mapping from
node to a list of the nodes to which it connects). Tries to
@@ -233,8 +254,25 @@ def walk_c_files(topdir="src"):
for err in consider_include_rules(fullpath, f):
yield err
+def check_subsys_file(fname, uses_dirs):
+uses_closure = closure(uses_dirs)
+ok = True
+previous_subsystems = []
+with open(fname) as f:
+for line in f:
+_, name, fname = line.split()
+fname = re.sub(r'^.*/src/', "", fname)
+fname = re.sub(r'^src/', "", fname)
+fname = re.sub(r'/[^/]*\.c', "", fname)
+for prev in previous_subsystems:
+if fname in uses_closure[prev]:
+print("INVERSION: {} uses {}".format(prev,fname))
+ok = False
+previous_subsystems.append(fname)
+return not ok
+
def run_check_includes(topdir, list_unused=False, log_sorted_levels=False,
- list_advisories=False):
+ list_advisories=False, check_subsystem_order=None):
trouble = False
for err in walk_c_files(topdir):
@@ -259,6 +297,11 @@ def run_check_includes(topdir, list_unused=False,
log_sorted_levels=False,
uses_dirs[rules.incpath] = rules.getAllowedDirectories()
remove_self_edges(uses_dirs)
+
+if check_subsystem_order:
+if check_subsys_file(check_subsystem_order, uses_dirs):
+sys.exit(1)
+
all_levels = toposort(uses_dirs)
if log_sorted_levels:
@@ -282,6 +325,8 @@ def main(argv):
help="List unused lines in .may_include files.")
parser.add_argument("--list-advisories", action="store_true",
help="List advisories as well as forbidden includes")
+parser.add_argument("--check-subsystem-order", action="store",
+help="Check a list of subsystems for ordering")
parser.add_argument("topdir", default="src", nargs="?",
help="Top-level directory for the tor source")
args = parser.parse_args(argv[1:])
@@ -289,7 +334,8 @@ def main(argv):
run_check_includes(topdir=args.topdir,
log_sorted_levels=args.toposort,
list_unused=args.list_unused,
- list_advisories=args.list_advisories)
+ list_advisories=args.list_advisories,
+ check_subsystem_order=args.check_subsystem_order)
if __name__ == '__main__':
main(sys.argv)
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Implement a function to list the subsystems to stdout.
commit 8f49943459564a59ca7f60476aef6b0ddd79a56c
Author: Nick Mathewson
Date: Mon Sep 30 10:05:42 2019 -0400
Implement a function to list the subsystems to stdout.
---
src/app/main/subsysmgr.c | 13 +
src/app/main/subsysmgr.h | 2 ++
2 files changed, 15 insertions(+)
diff --git a/src/app/main/subsysmgr.c b/src/app/main/subsysmgr.c
index 5807cbbaa..4913949e2 100644
--- a/src/app/main/subsysmgr.c
+++ b/src/app/main/subsysmgr.c
@@ -294,6 +294,19 @@ subsystems_thread_cleanup(void)
}
/**
+ * Dump a human- and machine-readable list of all the subsystems to stdout,
+ * in their initialization order, prefixed with their level.
+ **/
+void
+subsystems_dump_list(void)
+{
+ for (unsigned i = 0; i < n_tor_subsystems - 1; ++i) {
+const subsys_fns_t *sys = tor_subsystems[i];
+printf("% 4d\t%s\n", sys->level, sys->name);
+ }
+}
+
+/**
* Register all subsystem-declared options formats in mgr.
*
* Return 0 on success, -1 on failure.
diff --git a/src/app/main/subsysmgr.h b/src/app/main/subsysmgr.h
index 35635a756..ae0b3df46 100644
--- a/src/app/main/subsysmgr.h
+++ b/src/app/main/subsysmgr.h
@@ -31,6 +31,8 @@ void subsystems_prefork(void);
void subsystems_postfork(void);
void subsystems_thread_cleanup(void);
+void subsystems_dump_list(void);
+
struct config_mgr_t;
int subsystems_register_options_formats(struct config_mgr_t *mgr);
int subsystems_register_state_formats(struct config_mgr_t *mgr);
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add a test script to check subsystem order as part of make check.
commit 9b434b79ce74dab0498fc0ee1df5df3b2441cfad
Author: Nick Mathewson
Date: Thu Mar 26 12:37:49 2020 -0400
Add a test script to check subsystem order as part of make check.
---
scripts/maint/run_check_subsystem_order.sh | 17 +
src/test/include.am| 4 +++-
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/scripts/maint/run_check_subsystem_order.sh
b/scripts/maint/run_check_subsystem_order.sh
new file mode 100755
index 0..1e68b9d00
--- /dev/null
+++ b/scripts/maint/run_check_subsystem_order.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+set -e
+
+TOR="${abs_top_builddir:-.}/src/app/tor"
+
+INCLUDES_PY="${abs_top_srcdir:-.}/scripts/maint/practracker/includes.py"
+
+if ! test -x "${INCLUDES_PY}" ; then
+echo "skip"
+exit 77
+fi
+
+"${TOR}" --dbg-dump-subsystem-list | \
+"${INCLUDES_PY}" --check-subsystem-order -
+
+echo ok
diff --git a/src/test/include.am b/src/test/include.am
index de927836d..e7647260c 100644
--- a/src/test/include.am
+++ b/src/test/include.am
@@ -37,7 +37,8 @@ TESTSCRIPTS += \
src/test/test_ntor.sh \
src/test/test_hs_ntor.sh \
src/test/test_bt.sh \
- scripts/maint/practracker/test_practracker.sh
+ scripts/maint/practracker/test_practracker.sh \
+ scripts/maint/run_check_subsystem_order.sh
if COVERAGE_ENABLED
# ...
@@ -430,6 +431,7 @@ EXTRA_DIST += \
src/test/test_rebind.sh \
src/test/test_rebind.py \
src/test/zero_length_keys.sh \
+ scripts/maint/run_check_subsystem_order.sh \
src/test/rust_supp.txt \
src/test/test_keygen.sh \
src/test/test_key_expiration.sh \
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Teach --check-subsystem-order to take input from stdin
commit 978b7ef45c21169a01a81cd1b206530cbcd47fe2 Author: Nick Mathewson Date: Thu Mar 26 12:30:30 2020 -0400 Teach --check-subsystem-order to take input from stdin --- scripts/maint/practracker/includes.py | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/maint/practracker/includes.py b/scripts/maint/practracker/includes.py index 7af378d5c..7d70a6a0a 100755 --- a/scripts/maint/practracker/includes.py +++ b/scripts/maint/practracker/includes.py @@ -254,11 +254,18 @@ def walk_c_files(topdir="src"): for err in consider_include_rules(fullpath, f): yield err +def open_or_stdin(fname): +if fname == '-': +return sys.stdin +else: +return open(fname) + def check_subsys_file(fname, uses_dirs): uses_closure = closure(uses_dirs) ok = True previous_subsystems = [] -with open(fname) as f: + +with open_or_stdin(fname) as f: for line in f: _, name, fname = line.split() fname = re.sub(r'^.*/src/', "", fname) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add a "location" field for subsystems to declare which file they are in.
commit 53d74c0954b989d478c868b12647e1088a079457
Author: Nick Mathewson
Date: Fri Feb 14 09:39:36 2020 -0500
Add a "location" field for subsystems to declare which file they are in.
---
src/lib/subsys/subsys.h | 13 +
1 file changed, 13 insertions(+)
diff --git a/src/lib/subsys/subsys.h b/src/lib/subsys/subsys.h
index c05b69af3..b29015746 100644
--- a/src/lib/subsys/subsys.h
+++ b/src/lib/subsys/subsys.h
@@ -42,6 +42,11 @@ typedef struct subsys_fns_t {
const char *name;
/**
+ * The file in which the subsystem object is declared. Used for debugging.
+ **/
+ const char *location;
+
+ /**
* Whether this subsystem is supported -- that is, whether it is compiled
* into Tor. For most subsystems, this should be true.
**/
@@ -187,6 +192,14 @@ typedef struct subsys_fns_t {
int (*flush_state)(void *);
} subsys_fns_t;
+#ifndef COCCI
+/**
+ * Macro to declare a subsystem's location.
+ **/
+#define SUBSYS_DECLARE_LOCATION() \
+ .location = __FILE__
+#endif
+
/**
* Lowest allowed subsystem level.
**/
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Document the --dbg- prefix in tor.1
commit c323cc0913bae31a0b70c94bf5fd685acd3d1c07 Author: Nick Mathewson Date: Mon Sep 30 10:10:50 2019 -0400 Document the --dbg- prefix in tor.1 --- doc/tor.1.txt | 7 +++ 1 file changed, 7 insertions(+) diff --git a/doc/tor.1.txt b/doc/tor.1.txt index ba9b9bb5e..06772a5c7 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -186,6 +186,13 @@ The following options in this section are only recognized on the ISO-8601 format. For example, the output sent to stdout will be of the form: "signing-cert-expiry: 2017-07-25 08:30:15 UTC" +[[opt-dbg]] **--dbg-**...:: +Tor may support other options beginning with the string "dbg". These +are intended for use by developers to debug and test Tor. They are +not supported or guaranteed to be stable, and you should probably +not use them. + + [[conf-format]] == THE CONFIGURATION FILE FORMAT ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Add a SUBSYS_DECLARE_LOCATION() to every subsystem.
commit 3f6e37b1bcb9e5ec70f228a9cb6b01db0b9ad8d5
Author: Nick Mathewson
Date: Fri Feb 14 09:57:46 2020 -0500
Add a SUBSYS_DECLARE_LOCATION() to every subsystem.
---
src/core/mainloop/mainloop_sys.c | 1 +
src/core/or/or_sys.c | 1 +
src/feature/control/btrack.c | 1 +
src/feature/dirauth/dirauth_stub.c | 1 +
src/feature/dirauth/dirauth_sys.c | 1 +
src/feature/relay/relay_stub.c | 1 +
src/feature/relay/relay_sys.c | 1 +
src/lib/compress/compress.c| 1 +
src/lib/crypt_ops/crypto_init.c| 1 +
src/lib/err/torerr_sys.c | 1 +
src/lib/evloop/evloop_sys.c| 1 +
src/lib/llharden/winprocess_sys.c | 1 +
src/lib/log/log_sys.c | 1 +
src/lib/net/network_sys.c | 1 +
src/lib/process/process_sys.c | 1 +
src/lib/thread/compat_threads.c| 1 +
src/lib/time/time_sys.c| 1 +
src/lib/tls/tortls.c | 1 +
src/lib/wallclock/approx_time.c| 1 +
19 files changed, 19 insertions(+)
diff --git a/src/core/mainloop/mainloop_sys.c b/src/core/mainloop/mainloop_sys.c
index 4b78c90b9..884bae1c5 100644
--- a/src/core/mainloop/mainloop_sys.c
+++ b/src/core/mainloop/mainloop_sys.c
@@ -78,6 +78,7 @@ mainloop_flush_state(void *arg)
const struct subsys_fns_t sys_mainloop = {
.name = "mainloop",
+ SUBSYS_DECLARE_LOCATION(),
.supported = true,
.level = 5,
.initialize = subsys_mainloop_initialize,
diff --git a/src/core/or/or_sys.c b/src/core/or/or_sys.c
index 126f5448c..73c6087dc 100644
--- a/src/core/or/or_sys.c
+++ b/src/core/or/or_sys.c
@@ -47,6 +47,7 @@ subsys_or_add_pubsub(struct pubsub_connector_t *connector)
const struct subsys_fns_t sys_or = {
.name = "or",
+ SUBSYS_DECLARE_LOCATION(),
.supported = true,
.level = 20,
.initialize = subsys_or_initialize,
diff --git a/src/feature/control/btrack.c b/src/feature/control/btrack.c
index 3595af0fc..405630ecd 100644
--- a/src/feature/control/btrack.c
+++ b/src/feature/control/btrack.c
@@ -56,6 +56,7 @@ btrack_add_pubsub(pubsub_connector_t *connector)
const subsys_fns_t sys_btrack = {
.name = "btrack",
+ SUBSYS_DECLARE_LOCATION(),
.supported = true,
.level = 55,
.initialize = btrack_init,
diff --git a/src/feature/dirauth/dirauth_stub.c
b/src/feature/dirauth/dirauth_stub.c
index 15a195b0f..9f48ce14f 100644
--- a/src/feature/dirauth/dirauth_stub.c
+++ b/src/feature/dirauth/dirauth_stub.c
@@ -26,6 +26,7 @@ static const config_format_t dirauth_options_stub_fmt = {
const struct subsys_fns_t sys_dirauth = {
.name = "dirauth",
+ SUBSYS_DECLARE_LOCATION(),
.supported = false,
.level = DIRAUTH_SUBSYS_LEVEL,
diff --git a/src/feature/dirauth/dirauth_sys.c
b/src/feature/dirauth/dirauth_sys.c
index 56ac501e1..07c574387 100644
--- a/src/feature/dirauth/dirauth_sys.c
+++ b/src/feature/dirauth/dirauth_sys.c
@@ -60,6 +60,7 @@ dirauth_set_options(void *arg)
const struct subsys_fns_t sys_dirauth = {
.name = "dirauth",
+ SUBSYS_DECLARE_LOCATION(),
.supported = true,
.level = DIRAUTH_SUBSYS_LEVEL,
.initialize = subsys_dirauth_initialize,
diff --git a/src/feature/relay/relay_stub.c b/src/feature/relay/relay_stub.c
index 42e08fcb6..283aaf6e4 100644
--- a/src/feature/relay/relay_stub.c
+++ b/src/feature/relay/relay_stub.c
@@ -15,6 +15,7 @@
const struct subsys_fns_t sys_relay = {
.name = "relay",
+ SUBSYS_DECLARE_LOCATION(),
.supported = false,
.level = RELAY_SUBSYS_LEVEL,
};
diff --git a/src/feature/relay/relay_sys.c b/src/feature/relay/relay_sys.c
index 34489cf5a..2e9074092 100644
--- a/src/feature/relay/relay_sys.c
+++ b/src/feature/relay/relay_sys.c
@@ -41,6 +41,7 @@ subsys_relay_shutdown(void)
const struct subsys_fns_t sys_relay = {
.name = "relay",
+ SUBSYS_DECLARE_LOCATION(),
.supported = true,
.level = RELAY_SUBSYS_LEVEL,
.initialize = subsys_relay_initialize,
diff --git a/src/lib/compress/compress.c b/src/lib/compress/compress.c
index 84e960192..7ce3910d8 100644
--- a/src/lib/compress/compress.c
+++ b/src/lib/compress/compress.c
@@ -694,6 +694,7 @@ subsys_compress_initialize(void)
const subsys_fns_t sys_compress = {
.name = "compress",
+ SUBSYS_DECLARE_LOCATION(),
.supported = true,
.level = -55,
.initialize = subsys_compress_initialize,
diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c
index f09bf07c4..a836bd864 100644
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@@ -317,6 +317,7 @@ crypto_set_options(void *arg)
const struct subsys_fns_t sys_crypto = {
.name = "crypto",
+ SUBSYS_DECLARE_LOCATION(),
.supported = true,
.level = -60,
.initialize = subsys_crypto_initialize,
diff --git a/src/lib/err/torerr_sys.c b/src/lib/err/torerr_sys.c
index 46fc85355..8ee1521f3 100644
--- a/src/lib/err/torerr_sys.c
+++ b/src/lib/err/torerr_sys.c
@@ -34,6 +34,7 @@ subsys_torerr_shutdown(void)
const subsys_fns_t sys_torerr = {
.name = "err",
+ SUBSYS_DECLARE_LOCATION(),
/* Low-level error
[tor-commits] [torspec/master] Bug 33759: Fix recent_measurements_excluded_few_count key
commit 47b495f5f0f4c936cb89055d646885e640be4c47 Author: Georg Koppen Date: Mon Mar 30 13:32:56 2020 + Bug 33759: Fix recent_measurements_excluded_few_count key --- bandwidth-file-spec.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bandwidth-file-spec.txt b/bandwidth-file-spec.txt index 67ff37c..b03364d 100644 --- a/bandwidth-file-spec.txt +++ b/bandwidth-file-spec.txt @@ -911,7 +911,7 @@ This KeyValue was added in version 1.4.0 of this specification. -"recent_measurements_excluded_few_count=" Int +"relay_recent_measurements_excluded_few_count=" Int [Zero or one time.] ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] channel: Fix a comment typo
commit 00ce25a7206d091444a65f1157468c8cb256b586 Author: teor Date: Mon Apr 6 19:10:30 2020 +1000 channel: Fix a comment typo --- src/core/or/channel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/or/channel.c b/src/core/or/channel.c index ccc5f571d..6fd33feda 100644 --- a/src/core/or/channel.c +++ b/src/core/or/channel.c @@ -2334,7 +2334,7 @@ channel_is_better(channel_t *a, channel_t *b) if (!a->is_canonical_to_peer && b->is_canonical_to_peer) return 0; /* - * Okay, if we're here they tied on canonicity, the prefer the older + * Okay, if we're here they tied on canonicity. Prefer the older * connection, so that the adversary can't create a new connection * and try to switch us over to it (which will leak information * about long-lived circuits). Additionally, switching connections ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] channel: Remove a newline at the start of the file
commit 6df16022a1b84c770644003d8a74288a2d999c6c Author: teor Date: Mon Apr 6 19:08:33 2020 +1000 channel: Remove a newline at the start of the file --- src/core/or/channel.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/core/or/channel.c b/src/core/or/channel.c index 160ab587f..ccc5f571d 100644 --- a/src/core/or/channel.c +++ b/src/core/or/channel.c @@ -1,4 +1,3 @@ - /* * Copyright (c) 2012-2020, The Tor Project, Inc. */ /* See LICENSE for licensing information */ ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] Merge branch 'maint-0.4.3' into release-0.4.3
commit e8bbdc69d1cb3260974d0e44aed06e9a6983daa6 Merge: 938502062 80a306c6e Author: teor Date: Sun Apr 5 17:17:47 2020 +1000 Merge branch 'maint-0.4.3' into release-0.4.3 doc/tor.1.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/release-0.4.3] doc: Fix another man page typo
commit 80a306c6e7d20efc44f2f93b559c44a52d952c39
Author: teor
Date: Sun Apr 5 17:17:03 2020 +1000
doc: Fix another man page typo
The default value of the option is "auto", not "default".
---
doc/tor.1.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 62d5de4a0..79809832c 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -527,7 +527,7 @@ forward slash (/) in the configuration file and on the
command line.
If this option is set to 1, we always try to include a relay's Ed25519 ID
when telling the preceding relay in a circuit to extend to it.
If this option is set to 0, we never include Ed25519 IDs when extending
-circuits. If the option is set to "default", we obey a
+circuits. If the option is set to "auto", we obey a
parameter in the consensus document. (Default: auto)
[[ExtORPort]] **ExtORPort** ['address'**:**]{empty}__port__|**auto**::
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/maint-0.4.3] doc: Fix another man page typo
commit 80a306c6e7d20efc44f2f93b559c44a52d952c39
Author: teor
Date: Sun Apr 5 17:17:03 2020 +1000
doc: Fix another man page typo
The default value of the option is "auto", not "default".
---
doc/tor.1.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 62d5de4a0..79809832c 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -527,7 +527,7 @@ forward slash (/) in the configuration file and on the
command line.
If this option is set to 1, we always try to include a relay's Ed25519 ID
when telling the preceding relay in a circuit to extend to it.
If this option is set to 0, we never include Ed25519 IDs when extending
-circuits. If the option is set to "default", we obey a
+circuits. If the option is set to "auto", we obey a
parameter in the consensus document. (Default: auto)
[[ExtORPort]] **ExtORPort** ['address'**:**]{empty}__port__|**auto**::
___
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [tor/master] Merge branch 'maint-0.4.3'
commit 7adf72f1b426d8fa6e9f7439e735ce1d38ae57fa Merge: 5c35bb38d 80a306c6e Author: teor Date: Sun Apr 5 17:17:51 2020 +1000 Merge branch 'maint-0.4.3' doc/tor.1.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
