July 2014 - tor-commits - lists.torproject.org

[tor/release-0.2.5] circuit_build_failed: distinguish "first hop chan failed", "CREATE failed"
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit d5558f00729992a9abeeb1cb1512004de35ec007 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Oct 31 16:53:31 2013 -0400 circuit_build_failed: distinguish "first hop chan failed", "CREATE failed" Roger spotted this on tor-dev in his comments on proposal 221. (Actually, detect DESTROY vs everything else, since arma likes network timeout indicating failure but not overload indicating failure.) --- src/or/circuituse.c | 9 +++++---- src/or/command.c | 1 + src/or/or.h | 3 +++ 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/src/or/circuituse.c b/src/or/circuituse.c index c2d2b2e..06a51a0 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1382,10 +1382,11 @@ circuit_build_failed(origin_circuit_t *circ) failed_at_last_hop = 1; } if (circ->cpath && - circ->cpath->state != CPATH_STATE_OPEN) { - /* We failed at the first hop. If there's an OR connection - * to blame, blame it. Also, avoid this relay for a while, and - * fail any one-hop directory fetches destined for it. */ + circ->cpath->state != CPATH_STATE_OPEN && + ! circ->base_.received_destroy) { + /* We failed at the first hop for some reason other than a DESTROY cell. + * If there's an OR connection to blame, blame it. Also, avoid this relay + * for a while, and fail any one-hop directory fetches destined for it. */ const char *n_chan_id = circ->cpath->extend_info->identity_digest; int already_marked = 0; if (circ->base_.n_chan) { diff --git a/src/or/command.c b/src/or/command.c index 699b02f..51d07b0 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -499,6 +499,7 @@ command_process_destroy_cell(cell_t *cell, channel_t *chan) log_debug(LD_OR,"Received for circID %u.",(unsigned)cell->circ_id); reason = (uint8_t)cell->payload[0]; + circ->received_destroy = 1; if (!CIRCUIT_IS_ORIGIN(circ) && cell->circ_id == TO_OR_CIRCUIT(circ)->p_circ_id) { diff --git a/src/or/or.h b/src/or/or.h index 3eaf344..34f055c 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2785,6 +2785,9 @@ typedef struct circuit_t { * allowing n_streams to add any more cells. (OR circuit only.) */ unsigned int streams_blocked_on_p_chan : 1; + /** True iff this circuit has received a DESTROY cell in either direction */ + unsigned int received_destroy : 1; + uint8_t state; /**< Current status of this circuit. */ uint8_t purpose; /**< Why are we creating this circuit? */

1 0

[tor/release-0.2.5] Confusing log message when circuit can't be extended
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit 8f70d756fb5af54cc184d4683e445161f91cf1d1 Author: Arlo Breault <arlolra(a)gmail.com> Date: Sun Jul 27 18:05:01 2014 +0200 Confusing log message when circuit can't be extended --- src/or/control.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/control.c b/src/or/control.c index a88de12..ae9dd69 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2506,7 +2506,7 @@ handle_control_extendcircuit(control_connection_t *conn, uint32_t len, goto done; } if (!node_has_descriptor(node)) { - connection_printf_to_buf(conn, "552 descriptor for \"%s\"\r\n", n); + connection_printf_to_buf(conn, "552 No descriptor for \"%s\"\r\n", n); goto done; } smartlist_add(nodes, (void*)node);

1 0

[tor/release-0.2.5] Warn and drop the circuit if we receive an inbound 'relay early' cell
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit 68a2e4ca4baa595cc4595a511db11fa7ccbbc8f7 Author: Roger Dingledine <arma(a)torproject.org> Date: Mon Jul 28 02:44:05 2014 -0400 Warn and drop the circuit if we receive an inbound 'relay early' cell Those used to be normal to receive on hidden service circuits due to bug 1038, but the buggy Tor versions are long gone from the network so we can afford to resume watching for them. Resolves the rest of bug 1038; bugfix on 0.2.1.19. --- changes/bug1038-3 | 6 ++++++ src/or/command.c | 20 ++++++++++++++++---- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/changes/bug1038-3 b/changes/bug1038-3 new file mode 100644 index 0000000..5af4afa --- /dev/null +++ b/changes/bug1038-3 @@ -0,0 +1,6 @@ + o Minor bugfixes: + - Warn and drop the circuit if we receive an inbound 'relay early' + cell. Those used to be normal to receive on hidden service circuits + due to bug 1038, but the buggy Tor versions are long gone from + the network so we can afford to resume watching for them. Resolves + the rest of bug 1038; bugfix on 0.2.1.19. diff --git a/src/or/command.c b/src/or/command.c index 51d07b0..78fd4fa 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -443,10 +443,22 @@ command_process_relay_cell(cell_t *cell, channel_t *chan) * gotten no more than MAX_RELAY_EARLY_CELLS_PER_CIRCUIT of them. */ if (cell->command == CELL_RELAY_EARLY) { if (direction == CELL_DIRECTION_IN) { - /* Allow an unlimited number of inbound relay_early cells, - * for hidden service compatibility. There isn't any way to make - * a long circuit through inbound relay_early cells anyway. See - * bug 1038. -RD */ + /* Inbound early cells could once be encountered as a result of + * bug 1038; but relays running versions before 0.2.1.19 are long + * gone from the network, so any such cells now are surprising. */ + log_warn(LD_OR, + "Received an inbound RELAY_EARLY cell on circuit %u." + " Closing circuit. Please report this event," + " along with the following message.", + (unsigned)cell->circ_id); + if (CIRCUIT_IS_ORIGIN(circ)) { + circuit_log_path(LOG_WARN, LD_OR, TO_ORIGIN_CIRCUIT(circ)); + } else if (circ->n_chan) { + log_warn(LD_OR, " upstream=%s", + channel_get_actual_remote_descr(circ->n_chan)); + } + circuit_mark_for_close(circ, END_CIRC_REASON_TORPROTOCOL); + return; } else { or_circuit_t *or_circ = TO_OR_CIRCUIT(circ); if (or_circ->remaining_relay_early_cells == 0) {

1 0

[tor/release-0.2.5] get rid of already-merged prop221 changes file
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit 2126feaabc3e07dc8f7ad712256de496fbcfb976 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Jul 25 12:22:05 2014 -0400 get rid of already-merged prop221 changes file --- changes/prop221 | 6 ------ 1 file changed, 6 deletions(-) diff --git a/changes/prop221 b/changes/prop221 deleted file mode 100644 index b2bf44b..0000000 --- a/changes/prop221 +++ /dev/null @@ -1,6 +0,0 @@ - o Minor features: - - Stop sending the CREATE_FAST cells by default; instead, use a - parameter in the consensus to decide whether to use - CREATE_FAST. This can improve security on connections where - Tor's circuit handshake is stronger than the available TLS - connection security levels. Implements proposal 221.

1 0

[tor/release-0.2.5] Merge branch 'maint-0.2.4' into maint-0.2.5
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit b350ac0860f461028a373a7ff6ce5c1468ef75a6 Merge: 472696e d5558f0 Author: Roger Dingledine <arma(a)torproject.org> Date: Fri Jul 25 12:15:47 2014 -0400 Merge branch 'maint-0.2.4' into maint-0.2.5 Conflicts: src/or/or.h changes/prop221 | 6 ++++++ 1 file changed, 6 insertions(+)

1 0

[tor/release-0.2.5] Merge branch 'maint-0.2.5' into release-0.2.5
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit f4992beb566401241cf1dd1d464f4aaade4751f7 Merge: 2be259f 29a82b5 Author: Roger Dingledine <arma(a)torproject.org> Date: Mon Jul 28 02:48:11 2014 -0400 Merge branch 'maint-0.2.5' into release-0.2.5 changes/bug1038-3 | 6 ++++++ changes/bug12718 | 5 +++++ src/or/channel.c | 2 +- src/or/command.c | 20 ++++++++++++++++---- src/or/control.c | 2 +- 5 files changed, 29 insertions(+), 6 deletions(-)

1 0

[tor/release-0.2.5] add a changes file for bug 12718
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit 8882dcfc598edde4d78c14ea0b90c8ed7f189274 Author: Roger Dingledine <arma(a)torproject.org> Date: Sun Jul 27 15:41:30 2014 -0400 add a changes file for bug 12718 --- changes/bug12718 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/changes/bug12718 b/changes/bug12718 new file mode 100644 index 0000000..0c5f708 --- /dev/null +++ b/changes/bug12718 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Correct a confusing error message when trying to extend a circuit + via the control protocol but we don't know a descriptor or + microdescriptor for one of the specified relays. Fixes bug 12718; + bugfix on 0.2.3.1-alpha.

1 0

[tor/release-0.2.5] Merge branch 'maint-0.2.4' into maint-0.2.5
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit 29a82b5a8b6d5e75a1f8b880933c2a232458d386 Merge: 2126fea 68a2e4c Author: Roger Dingledine <arma(a)torproject.org> Date: Mon Jul 28 02:47:15 2014 -0400 Merge branch 'maint-0.2.4' into maint-0.2.5 changes/bug1038-3 | 6 ++++++ changes/bug12718 | 5 +++++ src/or/command.c | 20 ++++++++++++++++---- src/or/control.c | 2 +- 4 files changed, 28 insertions(+), 5 deletions(-)

1 0

[tor/master] Confusing log message when circuit can't be extended
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit 8f70d756fb5af54cc184d4683e445161f91cf1d1 Author: Arlo Breault <arlolra(a)gmail.com> Date: Sun Jul 27 18:05:01 2014 +0200 Confusing log message when circuit can't be extended --- src/or/control.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/or/control.c b/src/or/control.c index a88de12..ae9dd69 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2506,7 +2506,7 @@ handle_control_extendcircuit(control_connection_t *conn, uint32_t len, goto done; } if (!node_has_descriptor(node)) { - connection_printf_to_buf(conn, "552 descriptor for \"%s\"\r\n", n); + connection_printf_to_buf(conn, "552 No descriptor for \"%s\"\r\n", n); goto done; } smartlist_add(nodes, (void*)node);

1 0

[tor/master] add a changes file for bug 12718
by arma＠torproject.org 28 Jul '14

28 Jul '14

commit 8882dcfc598edde4d78c14ea0b90c8ed7f189274 Author: Roger Dingledine <arma(a)torproject.org> Date: Sun Jul 27 15:41:30 2014 -0400 add a changes file for bug 12718 --- changes/bug12718 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/changes/bug12718 b/changes/bug12718 new file mode 100644 index 0000000..0c5f708 --- /dev/null +++ b/changes/bug12718 @@ -0,0 +1,5 @@ + o Minor bugfixes: + - Correct a confusing error message when trying to extend a circuit + via the control protocol but we don't know a descriptor or + microdescriptor for one of the specified relays. Fixes bug 12718; + bugfix on 0.2.3.1-alpha.

1 0