From b9f9110ac77876b0c8c4fda19b6bb138e60da655 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Mon, 5 Aug 2013 12:14:48 -0400 Subject: [PATCH 1/6] Don't allow all ORPort values to be NoAdvertise Fix for bug #9366 --- changes/bug9366 | 4 ++++ src/or/config.c | 7 +++++++ 2 files changed, 11 insertions(+) create mode 100644 changes/bug9366 diff --git a/changes/bug9366 b/changes/bug9366 new file mode 100644 index 0000000000..acc919e77f --- /dev/null +++ b/changes/bug9366 @@ -0,0 +1,4 @@ + o Minor features (usability): + - Warn and fail if a server is configured not to advertise any + ORPorts at all. (We need *something* to put in our descriptor, or + we just won't work.) diff --git a/src/or/config.c b/src/or/config.c index 72ceea395e..ef90f23e62 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -5509,6 +5509,13 @@ check_server_ports(const smartlist_t *ports, "listening on one."); r = -1; } + if (n_orport_listeners && !n_orport_advertised) { + log_warn(LD_CONFIG, "We are listening on an ORPort, but not advertising " + "any ORPorts. This will keep us from building a %s " + "descriptor, and make us impossible to use.", + options->BridgeRelay ? "bridge" : "router"); + r = -1; + } if (n_dirport_advertised && !n_dirport_listeners) { log_warn(LD_CONFIG, "We are advertising a DirPort, but not actually " "listening on one."); From 1bb4a4f9bdf24706a459e4aefb2b0fb75622f7ac Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 20 Aug 2013 14:52:56 -0400 Subject: [PATCH 2/6] Send NETINFO on receiving a NETINFO if we have not yet sent one. Relays previously, when initiating a connection, would only send a NETINFO after sending an AUTHENTICATE. But bridges, when receiving a connection, would never send AUTH_CHALLENGE. So relays wouldn't AUTHENTICATE, and wouldn't NETINFO, and then bridges would be surprised to be receiving CREATE cells on a non-open circuit. Fixes bug 9546. --- changes/bug9546 | 5 +++++ src/or/channeltls.c | 10 ++++++++++ src/or/connection_or.c | 7 +++++++ src/or/or.h | 3 +++ 4 files changed, 25 insertions(+) create mode 100644 changes/bug9546 diff --git a/changes/bug9546 b/changes/bug9546 new file mode 100644 index 0000000000..8596eac94a --- /dev/null +++ b/changes/bug9546 @@ -0,0 +1,5 @@ + o Major bugfixes: + + - When a relay is extending a circuit to a bridge, it needs to send a + NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE + cell. Fixes bug 9546; bugfix on ????. diff --git a/src/or/channeltls.c b/src/or/channeltls.c index d758d22d82..a7953e7a8a 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1474,6 +1474,16 @@ channel_tls_process_netinfo_cell(cell_t *cell, channel_tls_t *chan) /* XXX maybe act on my_apparent_addr, if the source is sufficiently * trustworthy. */ + if (! chan->conn->handshake_state->sent_netinfo) { + /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE + * cell, then we would not previously have sent a NETINFO cell. Do so + * now. */ + if (connection_or_send_netinfo(chan->conn) < 0) { + connection_or_close_for_error(chan->conn, 0); + return; + } + } + if (connection_or_set_state_open(chan->conn) < 0) { log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got good NETINFO cell from %s:%d; but " diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 3616363505..31cc9c78d8 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2042,6 +2042,12 @@ connection_or_send_netinfo(or_connection_t *conn) tor_assert(conn->handshake_state); + if (conn->handshake_state->sent_netinfo) { + log_warn(LD_BUG, "Attempted to send an extra netinfo cell on a connection " + "where we already sent one."); + return 0; + } + memset(&cell, 0, sizeof(cell_t)); cell.command = CELL_NETINFO; @@ -2083,6 +2089,7 @@ connection_or_send_netinfo(or_connection_t *conn) } conn->handshake_state->digest_sent_data = 0; + conn->handshake_state->sent_netinfo = 1; connection_or_write_cell_to_buf(&cell, conn); return 0; diff --git a/src/or/or.h b/src/or/or.h index 3dc96b9a9d..8c6c1e3635 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1357,6 +1357,9 @@ typedef struct or_handshake_state_t { /* True iff we've received valid authentication to some identity. */ unsigned int authenticated : 1; + /* True iff we have sent a netinfo cell */ + unsigned int sent_netinfo : 1; + /** True iff we should feed outgoing cells into digest_sent and * digest_received respectively. * From 0daa26a4732234333e67d04c9b215ff6704fa9cd Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 20 Aug 2013 14:52:56 -0400 Subject: [PATCH 3/6] Send NETINFO on receiving a NETINFO if we have not yet sent one. (Backport to Tor 0.2.3) Relays previously, when initiating a connection, would only send a NETINFO after sending an AUTHENTICATE. But bridges, when receiving a connection, would never send AUTH_CHALLENGE. So relays wouldn't AUTHENTICATE, and wouldn't NETINFO, and then bridges would be surprised to be receiving CREATE cells on a non-open circuit. Fixes bug 9546. --- bug9546 | 5 +++++ src/or/command.c | 10 ++++++++++ src/or/connection_or.c | 7 +++++++ src/or/or.h | 3 +++ 4 files changed, 25 insertions(+) create mode 100644 bug9546 diff --git a/bug9546 b/bug9546 new file mode 100644 index 0000000000..8596eac94a --- /dev/null +++ b/bug9546 @@ -0,0 +1,5 @@ + o Major bugfixes: + + - When a relay is extending a circuit to a bridge, it needs to send a + NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE + cell. Fixes bug 9546; bugfix on ????. diff --git a/src/or/command.c b/src/or/command.c index 8321e261e0..26e4e6897f 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -941,6 +941,16 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn) * trustworthy. */ (void)my_apparent_addr; + if (! conn->handshake_state->sent_netinfo) { + /* If we were prepared to authenticate, but we never got an AUTH_CHALLENGE + * cell, then we would not previously have sent a NETINFO cell. Do so + * now. */ + if (connection_or_send_netinfo(conn) < 0) { + connection_mark_for_close(TO_CONN(conn)); + return; + } + } + if (connection_or_set_state_open(conn)<0) { log_fn(LOG_PROTOCOL_WARN, LD_OR, "Got good NETINFO cell from %s:%d; but " "was unable to make the OR connection become open.", diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 5eecee0740..56c6ed520a 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -1975,6 +1975,12 @@ connection_or_send_netinfo(or_connection_t *conn) tor_assert(conn->handshake_state); + if (conn->handshake_state->sent_netinfo) { + log_warn(LD_BUG, "Attempted to send an extra netinfo cell on a connection " + "where we already sent one."); + return 0; + } + memset(&cell, 0, sizeof(cell_t)); cell.command = CELL_NETINFO; @@ -2009,6 +2015,7 @@ connection_or_send_netinfo(or_connection_t *conn) } conn->handshake_state->digest_sent_data = 0; + conn->handshake_state->sent_netinfo = 1; connection_or_write_cell_to_buf(&cell, conn); return 0; diff --git a/src/or/or.h b/src/or/or.h index dd95c349c0..b8f334ece2 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1161,6 +1161,9 @@ typedef struct or_handshake_state_t { /* True iff we've received valid authentication to some identity. */ unsigned int authenticated : 1; + /* True iff we have sent a netinfo cell */ + unsigned int sent_netinfo : 1; + /** True iff we should feed outgoing cells into digest_sent and * digest_received respectively. * From 940cef3367591fd1ee86971c202ef92aba931cb7 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 21 Aug 2013 10:10:35 -0400 Subject: [PATCH 4/6] Make bridges send AUTH_CHALLENGE cells The spec requires them to do so, and not doing so creates a situation where they can't send-test because relays won't extend to them because of the other part of bug 9546. Fixes bug 9546; bugfix on 0.2.3.6-alpha. --- bug9546 | 5 ----- changes/bug9546 | 11 +++++++++++ src/or/command.c | 4 ++-- src/or/connection_or.c | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) delete mode 100644 bug9546 create mode 100644 changes/bug9546 diff --git a/bug9546 b/bug9546 deleted file mode 100644 index 8596eac94a..0000000000 --- a/bug9546 +++ /dev/null @@ -1,5 +0,0 @@ - o Major bugfixes: - - - When a relay is extending a circuit to a bridge, it needs to send a - NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE - cell. Fixes bug 9546; bugfix on ????. diff --git a/changes/bug9546 b/changes/bug9546 new file mode 100644 index 0000000000..2145e35d8f --- /dev/null +++ b/changes/bug9546 @@ -0,0 +1,11 @@ + o Major bugfixes: + + - When a relay is extending a circuit to a bridge, it needs to send a + NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE + cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha. + + - Bridges send AUTH_CHALLENGE cells during their handshakes; previously + they did not, which prevented relays from successfully connecting + to a bridge for self-test or bandwidth testing. Fixes bug 9546; + bugfix on 0.2.3.6-alpha. + diff --git a/src/or/command.c b/src/or/command.c index 26e4e6897f..61e1e13a71 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -755,8 +755,8 @@ command_process_versions_cell(var_cell_t *cell, or_connection_t *conn) const int send_versions = !started_here; /* If we want to authenticate, send a CERTS cell */ const int send_certs = !started_here || public_server_mode(get_options()); - /* If we're a relay that got a connection, ask for authentication. */ - const int send_chall = !started_here && public_server_mode(get_options()); + /* If we're a host that got a connection, ask for authentication. */ + const int send_chall = !started_here; /* If our certs cell will authenticate us, we can send a netinfo cell * right now. */ const int send_netinfo = !started_here; diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 56c6ed520a..fbb7c31e04 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2144,7 +2144,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, const tor_cert_t *id_cert=NULL, *link_cert=NULL; const digests_t *my_digests, *their_digests; const uint8_t *my_id, *their_id, *client_id, *server_id; - if (tor_tls_get_my_certs(0, &link_cert, &id_cert)) + if (tor_tls_get_my_certs(server, &link_cert, &id_cert)) return -1; my_digests = tor_cert_get_id_digests(id_cert); their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert); From cbc53a2d52a67e49e56ad9d8f5334ad623a59374 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 21 Aug 2013 10:10:35 -0400 Subject: [PATCH 5/6] Make bridges send AUTH_CHALLENGE cells The spec requires them to do so, and not doing so creates a situation where they can't send-test because relays won't extend to them because of the other part of bug 9546. Fixes bug 9546; bugfix on 0.2.3.6-alpha. --- changes/bug9546 | 8 +++++++- src/or/channeltls.c | 4 ++-- src/or/connection_or.c | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/changes/bug9546 b/changes/bug9546 index 8596eac94a..2145e35d8f 100644 --- a/changes/bug9546 +++ b/changes/bug9546 @@ -2,4 +2,10 @@ - When a relay is extending a circuit to a bridge, it needs to send a NETINFO cell, even when the bridge hasn't sent an AUTH_CHALLENGE - cell. Fixes bug 9546; bugfix on ????. + cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha. + + - Bridges send AUTH_CHALLENGE cells during their handshakes; previously + they did not, which prevented relays from successfully connecting + to a bridge for self-test or bandwidth testing. Fixes bug 9546; + bugfix on 0.2.3.6-alpha. + diff --git a/src/or/channeltls.c b/src/or/channeltls.c index a7953e7a8a..f751c0da99 100644 --- a/src/or/channeltls.c +++ b/src/or/channeltls.c @@ -1262,8 +1262,8 @@ channel_tls_process_versions_cell(var_cell_t *cell, channel_tls_t *chan) const int send_versions = !started_here; /* If we want to authenticate, send a CERTS cell */ const int send_certs = !started_here || public_server_mode(get_options()); - /* If we're a relay that got a connection, ask for authentication. */ - const int send_chall = !started_here && public_server_mode(get_options()); + /* If we're a host that got a connection, ask for authentication. */ + const int send_chall = !started_here; /* If our certs cell will authenticate us, we can send a netinfo cell * right now. */ const int send_netinfo = !started_here; diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 31cc9c78d8..d5dd4470e3 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -2218,7 +2218,7 @@ connection_or_compute_authenticate_cell_body(or_connection_t *conn, const tor_cert_t *id_cert=NULL, *link_cert=NULL; const digests_t *my_digests, *their_digests; const uint8_t *my_id, *their_id, *client_id, *server_id; - if (tor_tls_get_my_certs(0, &link_cert, &id_cert)) + if (tor_tls_get_my_certs(server, &link_cert, &id_cert)) return -1; my_digests = tor_cert_get_id_digests(id_cert); their_digests = tor_cert_get_id_digests(conn->handshake_state->id_cert); From af7970b6bcc8e546cf15e943f1bec749cce18eed Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 21 Aug 2013 11:35:00 -0400 Subject: [PATCH 6/6] Add a 30-day maximum on user-supplied MaxCircuitDirtiness Fix for bug 9543. --- changes/bug9543 | 4 ++++ src/or/config.c | 10 ++++++++++ 2 files changed, 14 insertions(+) create mode 100644 changes/bug9543 diff --git a/changes/bug9543 b/changes/bug9543 new file mode 100644 index 0000000000..753947f6fd --- /dev/null +++ b/changes/bug9543 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Avoid overflows when the user sets MaxCircuitDirtiness to a + ridiculously high value, by imposing a (ridiculously high) 30-day + maximum on MaxCircuitDirtiness. diff --git a/src/or/config.c b/src/or/config.c index 72ceea395e..793fd557a3 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2266,6 +2266,10 @@ compute_publishserverdescriptor(or_options_t *options) * will generate too many circuits and potentially overload the network. */ #define MIN_MAX_CIRCUIT_DIRTINESS 10 +/** Highest allowable value for MaxCircuitDirtiness: prevents time_t + * overflows. */ +#define MAX_MAX_CIRCUIT_DIRTINESS (30*24*60*60) + /** Lowest allowable value for CircuitStreamTimeout; if this is too low, Tor * will generate too many circuits and potentially overload the network. */ #define MIN_CIRCUIT_STREAM_TIMEOUT 10 @@ -2786,6 +2790,12 @@ options_validate(or_options_t *old_options, or_options_t *options, options->MaxCircuitDirtiness = MIN_MAX_CIRCUIT_DIRTINESS; } + if (options->MaxCircuitDirtiness > MAX_MAX_CIRCUIT_DIRTINESS) { + log_warn(LD_CONFIG, "MaxCircuitDirtiness option is too high; " + "setting to %d days.", MAX_MAX_CIRCUIT_DIRTINESS/86400); + options->MaxCircuitDirtiness = MAX_MAX_CIRCUIT_DIRTINESS; + } + if (options->CircuitStreamTimeout && options->CircuitStreamTimeout < MIN_CIRCUIT_STREAM_TIMEOUT) { log_warn(LD_CONFIG, "CircuitStreamTimeout option is too short; "