David Goulet [Tue, 28 Jan 2025 18:27:14 +0000 (13:27 -0500)]
hashx: Move Windows function within another ifdef
Function only used within the hugepage ifdef for Windows so move it there so we
avoid a unused function warning on our Windows CI:
src/ext/equix/hashx/src/virtual_memory.c:30:13: error: 'set_privilege' defined but not used [-Werror=unused-function]
30 | static bool set_privilege(const char* pszPrivilege, BOOL bEnable) {
| ^~~~~~~~~~~~~
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Wed, 18 Dec 2024 16:04:00 +0000 (11:04 -0500)]
hs: Use downloaded counter for HSDir OOM cache cleanup
The OOM cache cleanup is now done by looking at the downloaded counter. The
cleanup process start at 0 and increment it to the next lowest value until
enough bytes have been removed.
This process could be expensive for large amount of descriptors in the cache
but since it is very expensive to increment counters, most cleanup should
happen within a tight range of downloaded counter target.
Fixes #40996
Signed-off-by: David Goulet <dgoulet@torproject.org>
David Goulet [Wed, 18 Dec 2024 15:24:28 +0000 (10:24 -0500)]
hs: Add downloaded counter to an HSDir cache entry
This adds a counter for the number of times a descriptor is downloaded from an
HSDir. Future commit will change the OOM subsystem to clean that cache based on
the lowest downloaded counts instead of time in cache.
In order to raise the bar even more for an attacker, the downloaded counter is
only marked when the directory request stream is closed. To pull this off, the
HS identifier on the directory connection is populated with the blinded key
requested (only on success). Finally, when the connection closes, we can then
lookup the cache entry with it and increment the counter.
Part of #40996
Signed-off-by: David Goulet <dgoulet@torproject.org>
Jim Newsome [Fri, 15 Nov 2024 00:38:22 +0000 (18:38 -0600)]
test-network: include IPv6 tests unconditionally
Previously we would incorrectly detect that ipv6 isn't supported if the
ping binary isn't present (as it may not be in a relatively stripped
down container image), or if ICMP packets aren't permitted (as they
often aren't in containers).
We don't really have a need to run these network tests on non-IPv6
systems, so it makes more sense to just run them unconditionally.
Roger Dingledine [Tue, 15 Oct 2024 06:54:27 +0000 (02:54 -0400)]
don't build preemptive conflux circuits if no predicted ports
Conflux circuit building was ignoring the "predicted ports" feature,
which aims to make Tor stop building circuits if there have been
no user requests lately. This bug led to every idle Tor on the
network building and discarding circuits every 30 seconds, which
added overall load to the network, used bandwidth and battery from
clients that weren't actively using their Tor, and kept sockets open
on guards which added connection padding essentially forever.
Bug went in on commit 39c2927d when we added preemptive conflux circuit
pools.
Resources allocated by cpuworker weren't being freed on clean shutdown.
This applies for worker threads, worker thread pool, reply queue, reply
event, ...
Alexander Færøy [Fri, 21 Jul 2023 00:11:16 +0000 (02:11 +0200)]
Add implementation and version metadata to bridge extra-info.
This patch adds two new keys to bridges' extra-info document:
"transport-version" and "transport-implementation".
These two new values always appear together (if one is missing, the
other one will be missing too) and is parsed from PT's STATUS
TYPE=version messages.
Alexander Færøy [Thu, 24 Mar 2022 19:13:41 +0000 (19:13 +0000)]
Add support for PT STATUS TYPE=version messages.
This patch adds support for handling the version status message. Once we
receive such message, we add the given version string to the
managed_proxy_t instance. Note this value can be NULL and the value can
change throughout the lifetime of the PT as multiple status version
messages are handled.
David Goulet [Mon, 15 Apr 2024 18:24:45 +0000 (14:24 -0400)]
conflux: Avoid noting a cell was sent on a closed circuit
It turns out that circuit_package_relay_cell() returns 0 in order to drop a
cell but there is a code path, if the circuit queue is full, that also silently
closes the circuit and returns 0.
This lead to Conflux thinking a cell was sent but actually the cell was not and
the circuit was closed leading to the hard assert.
And so this function makes sure that circuit_package_relay_cell() and
append_cell_to_circuit_queue() returns a value that indicate what happened with
the cell and circuit so the caller can make an informed decision with it.
This change makes it that we do NOT enter the Conflux subsystem if the cell is
not queued on the circuit.
Fixes #40921
Signed-off-by: David Goulet <dgoulet@torproject.org>
Sebastian Hahn [Thu, 1 Feb 2024 09:34:30 +0000 (10:34 +0100)]
dirauth: Warn when failing to post during a vote
The only way to figure out that posting a vote or signatures to another
dirauth failed is by counting how many success messages there are on
notice level, and noticing that it is fewer than the number of
configured dirauths.
juga [Sat, 18 Nov 2023 17:45:28 +0000 (17:45 +0000)]
bwauth: Allow "node_id" KeyValue without "$"
Allow "node_id" KeyValue without the dollar sign at the start of the
hexdigit in the BandwidthFiles, in order to easier database queries
combining Tor documents in which the relays fingerprint doesn't
include it.
Bugfix on all supported versions of Tor.
Mike Perry [Wed, 6 Dec 2023 17:23:19 +0000 (17:23 +0000)]
Bug 40897 Bug Bounty: Double the number of max conflux circs
We strongly suspect that bug 40897 was caused by a custom Tor client that
tried to use more than the default number of conflux circuits, for either
performance or traffic analysis defense gains, or both.
This entity hit a safety check on the exit side, which caused a UAF. Our
"belt and suspenders" snapped off, and hit us in the face... again...
Since there are good reasons to try more than 2 conflux legs, and research has
found some traffic analysis benefits with as many as 5, we're going to raise
and parameterize this limit as a form of bug bounty for finding this UAF, so
that this entity can try out a little more confluxing.
This should also make it easier for researchers to try things like gathering
traces with larger amounts of confluxing than normal, to measure real-world
traffic analysis impacts of conflux.
Shine on, you yoloing anonymous diamond. Let us know if you find out anything
interesting!
David Goulet [Tue, 7 Nov 2023 18:50:28 +0000 (13:50 -0500)]
hs: Fix assert in hs_metrics_update_by_ident()
The hs_metrics_failed_rdv() macro could pass a NULL value for the identity key
when a building circuit would end up in a failure path *before* the "hs_ident"
was able to be set which leading to this assert.
This was introduced in 0.4.8.1-alpha with the addition of rendezvous circuit
failure metrics for the MetricsPort.
This fixes TROVE-2023-006 for which its severity is considered high.
Signed-off-by: David Goulet <dgoulet@torproject.org>
projects / thirdparty / tor.git / log
