June 2016 - tor-commits - lists.torproject.org

[tor/master] Add router descriptor download status queries to GETINFO
by nickm＠torproject.org 30 Jun '16

30 Jun '16

commit 8798ca4be299855a9a87a48df772081e06e9040c Author: Andrea Shepard <andrea(a)torproject.org> Date: Tue Jun 28 02:21:39 2016 +0000 Add router descriptor download status queries to GETINFO --- src/or/control.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/or/networkstatus.c | 37 +++++++++++++++++++++++++++++++++ src/or/networkstatus.h | 1 + 3 files changed, 94 insertions(+) diff --git a/src/or/control.c b/src/or/control.c index a45b5f9..7b8699d 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2307,6 +2307,52 @@ getinfo_helper_downloads_cert(const char *fp_sk_req, } } +/** Handle the routerdesc download cases for getinfo_helper_downloads() */ +static void +getinfo_helper_downloads_desc(const char *desc_req, + download_status_t **dl_to_emit, + smartlist_t **digest_list, + const char **errmsg) +{ + char desc_digest[DIGEST_LEN]; + /* + * Two cases to handle here: + * + * Case 1: desc_req = "descs" + * - Emit a list of all router descriptor digests, which we get by + * calling router_get_descriptor_digests(); this can return NULL + * if we have no current ns-flavor consensus. + * + * Case 2: desc_req = <fp> + * - Check on the specified fingerprint and emit its download_status_t + * using router_get_dl_status_by_descriptor_digest(). + */ + + if (strcmp(desc_req, "descs") == 0) { + *digest_list = router_get_descriptor_digests(); + if (!(*digest_list)) { + *errmsg = "We don't seem to have a networkstatus-flavored consensus"; + } + /* + * Microdescs don't use the download_status_t mechanism, so we don't + * answer queries about their downloads here; see microdesc.c. + */ + } else if (strlen(desc_req) == HEX_DIGEST_LEN) { + if (base16_decode(desc_digest, DIGEST_LEN, + desc_req, strlen(desc_req)) == DIGEST_LEN) { + /* Okay we got a digest-shaped thing; try asking for it */ + *dl_to_emit = router_get_dl_status_by_descriptor_digest(desc_digest); + if (!(*dl_to_emit)) { + *errmsg = "No such descriptor digest found"; + } + } else { + *errmsg = "That didn't look like a digest"; + } + } else { + *errmsg = "Unknown router descriptor download status query"; + } +} + /** Implementation helper for GETINFO: knows the answers for questions about * download status information. */ static int @@ -2335,6 +2381,10 @@ getinfo_helper_downloads(control_connection_t *control_conn, getinfo_helper_downloads_cert( question + strlen("downloads/cert/"), &dl_to_emit, &digest_list, errmsg); + } else if (!strcmpstart(question, "downloads/desc/")) { + getinfo_helper_downloads_desc( + question + strlen("downloads/desc/"), + &dl_to_emit, &digest_list, errmsg); } else { *errmsg = "Unknown download status query"; } @@ -2826,6 +2876,12 @@ static const getinfo_item_t getinfo_items[] = { DOC("downloads/cert/fp/<fp>/<sk>", "Download status for <fp> with signing key <sk>; corresponds " "to /fp-sk/ URLs on directory server."), + PREFIX("downloads/desc/", downloads, + "Download statuses for router descriptors, by descriptor digest"), + DOC("downloads/desc/descs", + "Return a list of known router descriptor digests"), + DOC("downloads/desc/<desc>", + "Return a download status for a given descriptor digest"), ITEM("info/names", misc, "List of GETINFO options, types, and documentation."), ITEM("events/names", misc, diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 45688b1..a582b85 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -659,6 +659,43 @@ router_get_consensus_status_by_descriptor_digest(networkstatus_t *consensus, consensus, digest); } +/** Return a smartlist of all router descriptor digests in a consensus */ +static smartlist_t * +router_get_descriptor_digests_in_consensus(networkstatus_t *consensus) +{ + smartlist_t *result = smartlist_new(); + digestmap_iter_t *i; + const char *digest; + void *rs; + char *digest_tmp; + + for (i = digestmap_iter_init(consensus->desc_digest_map); + !(digestmap_iter_done(i)); + i = digestmap_iter_next(consensus->desc_digest_map, i)) { + digestmap_iter_get(i, &digest, &rs); + digest_tmp = tor_malloc(DIGEST_LEN); + memcpy(digest_tmp, digest, DIGEST_LEN); + smartlist_add(result, digest_tmp); + } + + return result; +} + +/** Return a smartlist of all router descriptor digests in the current + * consensus */ +smartlist_t * +router_get_descriptor_digests(void) +{ + smartlist_t *result = NULL; + + if (current_ns_consensus) { + result = + router_get_descriptor_digests_in_consensus(current_ns_consensus); + } + + return result; +} + /** Given the digest of a router descriptor, return its current download * status, or NULL if the digest is unrecognized. */ MOCK_IMPL(download_status_t *, diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h index 752ddf8..6d5d05a 100644 --- a/src/or/networkstatus.h +++ b/src/or/networkstatus.h @@ -45,6 +45,7 @@ download_status_t * networkstatus_get_dl_status_by_flavor_bootstrap( download_status_t * networkstatus_get_dl_status_by_flavor_running( consensus_flavor_t flavor); +smartlist_t * router_get_descriptor_digests(void); MOCK_DECL(download_status_t *,router_get_dl_status_by_descriptor_digest, (const char *d));

1 0

[tor/master] Unit test for GETINFO download/networkstatus case
by nickm＠torproject.org 30 Jun '16

30 Jun '16

commit becf510ef26faf85e4b54484eb8691f3ecdb9216 Author: Andrea Shepard <andrea(a)torproject.org> Date: Wed Jun 29 02:51:54 2016 +0000 Unit test for GETINFO download/networkstatus case --- src/test/test_controller.c | 248 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 248 insertions(+) diff --git a/src/test/test_controller.c b/src/test/test_controller.c index b276e06..2f355aa 100644 --- a/src/test/test_controller.c +++ b/src/test/test_controller.c @@ -4,6 +4,7 @@ #define CONTROL_PRIVATE #include "or.h" #include "control.h" +#include "networkstatus.h" #include "rendservice.h" #include "test.h" @@ -203,12 +204,259 @@ test_add_onion_helper_clientauth(void *arg) tor_free(err_msg); } +/* Mocks and data/variables used for GETINFO download status tests */ + +static const download_status_t dl_status_default = + { 0, 0, 0, DL_SCHED_CONSENSUS, DL_WANT_ANY_DIRSERVER, + DL_SCHED_INCREMENT_FAILURE, DL_SCHED_RANDOM_EXPONENTIAL, 0, 0 }; +static download_status_t ns_dl_status[N_CONSENSUS_FLAVORS]; +static download_status_t ns_dl_status_bootstrap[N_CONSENSUS_FLAVORS]; +static download_status_t ns_dl_status_running[N_CONSENSUS_FLAVORS]; + +/* + * These should explore all the possible cases of download_status_to_string() + * in control.c + */ +static const download_status_t dls_sample_1 = + { 1467163900, 0, 0, DL_SCHED_GENERIC, DL_WANT_ANY_DIRSERVER, + DL_SCHED_INCREMENT_FAILURE, DL_SCHED_DETERMINISTIC, 0, 0 }; +static const char * dls_sample_1_str = + "next-attempt-at 2016-06-29 01:31:40\n" + "n-download-failures 0\n" + "n-download-attempts 0\n" + "schedule DL_SCHED_GENERIC\n" + "want-authority DL_WANT_ANY_DIRSERVER\n" + "increment-on DL_SCHED_INCREMENT_FAILURE\n" + "backoff DL_SCHED_DETERMINISTIC\n"; +static const download_status_t dls_sample_2 = + { 1467164400, 1, 2, DL_SCHED_CONSENSUS, DL_WANT_AUTHORITY, + DL_SCHED_INCREMENT_FAILURE, DL_SCHED_DETERMINISTIC, 0, 0 }; +static const char * dls_sample_2_str = + "next-attempt-at 2016-06-29 01:40:00\n" + "n-download-failures 1\n" + "n-download-attempts 2\n" + "schedule DL_SCHED_CONSENSUS\n" + "want-authority DL_WANT_AUTHORITY\n" + "increment-on DL_SCHED_INCREMENT_FAILURE\n" + "backoff DL_SCHED_DETERMINISTIC\n"; +static const download_status_t dls_sample_3 = + { 1467154400, 12, 25, DL_SCHED_BRIDGE, DL_WANT_ANY_DIRSERVER, + DL_SCHED_INCREMENT_ATTEMPT, DL_SCHED_DETERMINISTIC, 0, 0 }; +static const char * dls_sample_3_str = + "next-attempt-at 2016-06-28 22:53:20\n" + "n-download-failures 12\n" + "n-download-attempts 25\n" + "schedule DL_SCHED_BRIDGE\n" + "want-authority DL_WANT_ANY_DIRSERVER\n" + "increment-on DL_SCHED_INCREMENT_ATTEMPT\n" + "backoff DL_SCHED_DETERMINISTIC\n"; +static const download_status_t dls_sample_4 = + { 1467166600, 3, 0, DL_SCHED_GENERIC, DL_WANT_ANY_DIRSERVER, + DL_SCHED_INCREMENT_FAILURE, DL_SCHED_RANDOM_EXPONENTIAL, 0, 0 }; +static const char * dls_sample_4_str = + "next-attempt-at 2016-06-29 02:16:40\n" + "n-download-failures 3\n" + "n-download-attempts 0\n" + "schedule DL_SCHED_GENERIC\n" + "want-authority DL_WANT_ANY_DIRSERVER\n" + "increment-on DL_SCHED_INCREMENT_FAILURE\n" + "backoff DL_SCHED_RANDOM_EXPONENTIAL\n" + "last-backoff-position 0\n" + "last-delay-used 0\n"; +static const download_status_t dls_sample_5 = + { 1467164600, 3, 7, DL_SCHED_CONSENSUS, DL_WANT_ANY_DIRSERVER, + DL_SCHED_INCREMENT_FAILURE, DL_SCHED_RANDOM_EXPONENTIAL, 1, 2112, }; +static const char * dls_sample_5_str = + "next-attempt-at 2016-06-29 01:43:20\n" + "n-download-failures 3\n" + "n-download-attempts 7\n" + "schedule DL_SCHED_CONSENSUS\n" + "want-authority DL_WANT_ANY_DIRSERVER\n" + "increment-on DL_SCHED_INCREMENT_FAILURE\n" + "backoff DL_SCHED_RANDOM_EXPONENTIAL\n" + "last-backoff-position 1\n" + "last-delay-used 2112\n"; +static const download_status_t dls_sample_6 = + { 1467164200, 4, 9, DL_SCHED_CONSENSUS, DL_WANT_AUTHORITY, + DL_SCHED_INCREMENT_ATTEMPT, DL_SCHED_RANDOM_EXPONENTIAL, 3, 432 }; +static const char * dls_sample_6_str = + "next-attempt-at 2016-06-29 01:36:40\n" + "n-download-failures 4\n" + "n-download-attempts 9\n" + "schedule DL_SCHED_CONSENSUS\n" + "want-authority DL_WANT_AUTHORITY\n" + "increment-on DL_SCHED_INCREMENT_ATTEMPT\n" + "backoff DL_SCHED_RANDOM_EXPONENTIAL\n" + "last-backoff-position 3\n" + "last-delay-used 432\n"; + +static void +reset_mocked_dl_statuses(void) +{ + int i; + + for (i = 0; i < N_CONSENSUS_FLAVORS; ++i) { + memcpy(&(ns_dl_status[i]), &dl_status_default, + sizeof(download_status_t)); + memcpy(&(ns_dl_status_bootstrap[i]), &dl_status_default, + sizeof(download_status_t)); + memcpy(&(ns_dl_status_running[i]), &dl_status_default, + sizeof(download_status_t)); + } +} + +static download_status_t * +ns_dl_status_mock(consensus_flavor_t flavor) +{ + return &(ns_dl_status[flavor]); +} + +static download_status_t * +ns_dl_status_bootstrap_mock(consensus_flavor_t flavor) +{ + return &(ns_dl_status_bootstrap[flavor]); +} + +static download_status_t * +ns_dl_status_running_mock(consensus_flavor_t flavor) +{ + return &(ns_dl_status_running[flavor]); +} + +static void +setup_ns_mocks(void) +{ + MOCK(networkstatus_get_dl_status_by_flavor, ns_dl_status_mock); + MOCK(networkstatus_get_dl_status_by_flavor_bootstrap, + ns_dl_status_bootstrap_mock); + MOCK(networkstatus_get_dl_status_by_flavor_running, + ns_dl_status_running_mock); + reset_mocked_dl_statuses(); +} + +static void +clear_ns_mocks(void) +{ + UNMOCK(networkstatus_get_dl_status_by_flavor); + UNMOCK(networkstatus_get_dl_status_by_flavor_bootstrap); + UNMOCK(networkstatus_get_dl_status_by_flavor_running); +} + +static void +test_download_status_consensus(void *arg) +{ + /* We just need one of these to pass, it doesn't matter what's in it */ + control_connection_t dummy; + /* Get results out */ + char *answer = NULL; + const char *errmsg = NULL; + + (void)arg; + + /* Check that the unknown prefix case works; no mocks needed yet */ + getinfo_helper_downloads(&dummy, "downloads/foo", &answer, &errmsg); + tt_assert(answer == NULL); + tt_str_op(errmsg, OP_EQ, "Unknown download status query"); + + setup_ns_mocks(); + + /* + * Check returning serialized dlstatuses, and implicitly also test + * download_status_to_string(). + */ + + /* Case 1 default/FLAV_NS*/ + memcpy(&(ns_dl_status[FLAV_NS]), &dls_sample_1, + sizeof(download_status_t)); + getinfo_helper_downloads(&dummy, "downloads/networkstatus/ns", + &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_1_str); + tor_free(answer); + errmsg = NULL; + + /* Case 2 default/FLAV_MICRODESC */ + memcpy(&(ns_dl_status[FLAV_MICRODESC]), &dls_sample_2, + sizeof(download_status_t)); + getinfo_helper_downloads(&dummy, "downloads/networkstatus/microdesc", + &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_2_str); + tor_free(answer); + errmsg = NULL; + + /* Case 3 bootstrap/FLAV_NS */ + memcpy(&(ns_dl_status_bootstrap[FLAV_NS]), &dls_sample_3, + sizeof(download_status_t)); + getinfo_helper_downloads(&dummy, "downloads/networkstatus/ns/bootstrap", + &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_3_str); + tor_free(answer); + errmsg = NULL; + + /* Case 4 bootstrap/FLAV_MICRODESC */ + memcpy(&(ns_dl_status_bootstrap[FLAV_MICRODESC]), &dls_sample_4, + sizeof(download_status_t)); + getinfo_helper_downloads(&dummy, + "downloads/networkstatus/microdesc/bootstrap", + &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_4_str); + tor_free(answer); + errmsg = NULL; + + /* Case 5 running/FLAV_NS */ + memcpy(&(ns_dl_status_running[FLAV_NS]), &dls_sample_5, + sizeof(download_status_t)); + getinfo_helper_downloads(&dummy, + "downloads/networkstatus/ns/running", + &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_5_str); + tor_free(answer); + errmsg = NULL; + + /* Case 6 running/FLAV_MICRODESC */ + memcpy(&(ns_dl_status_running[FLAV_MICRODESC]), &dls_sample_6, + sizeof(download_status_t)); + getinfo_helper_downloads(&dummy, + "downloads/networkstatus/microdesc/running", + &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_6_str); + tor_free(answer); + errmsg = NULL; + + /* Now check the error case */ + getinfo_helper_downloads(&dummy, "downloads/networkstatus/foo", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "Unknown flavor"); + errmsg = NULL; + + done: + clear_ns_mocks(); + tor_free(answer); + + return; +} + struct testcase_t controller_tests[] = { { "add_onion_helper_keyarg", test_add_onion_helper_keyarg, 0, NULL, NULL }, { "rend_service_parse_port_config", test_rend_service_parse_port_config, 0, NULL, NULL }, { "add_onion_helper_clientauth", test_add_onion_helper_clientauth, 0, NULL, NULL }, + { "download_status_consensus", test_download_status_consensus, 0, NULL, + NULL }, END_OF_TESTCASES };

1 0

[tor/master] Unit test for GETINFO download/cert case
by nickm＠torproject.org 30 Jun '16

30 Jun '16

commit 45724beac41b9a1ec47198d08a8c70395d21b70b Author: Andrea Shepard <andrea(a)torproject.org> Date: Wed Jun 29 05:48:40 2016 +0000 Unit test for GETINFO download/cert case --- src/test/test_controller.c | 513 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 513 insertions(+) diff --git a/src/test/test_controller.c b/src/test/test_controller.c index 2f355aa..c5bf509 100644 --- a/src/test/test_controller.c +++ b/src/test/test_controller.c @@ -6,6 +6,7 @@ #include "control.h" #include "networkstatus.h" #include "rendservice.h" +#include "routerlist.h" #include "test.h" static void @@ -290,6 +291,49 @@ static const char * dls_sample_6_str = "last-backoff-position 3\n" "last-delay-used 432\n"; +/* Simulated auth certs */ +static const char *auth_id_digest_1_str = + "63CDD326DFEF0CA020BDD3FEB45A3286FE13A061"; +static download_status_t auth_def_cert_download_status_1; +static const char *auth_id_digest_2_str = + "2C209FCDD8D48DC049777B8DC2C0F94A0408BE99"; +static download_status_t auth_def_cert_download_status_2; +/* Expected form of digest list returned for GETINFO downloads/cert/fps */ +static const char *auth_id_digest_expected_list = + "63CDD326DFEF0CA020BDD3FEB45A3286FE13A061\n" + "2C209FCDD8D48DC049777B8DC2C0F94A0408BE99\n"; + +/* Signing keys for simulated auth 1 */ +static const char *auth_1_sk_1_str = + "AA69566029B1F023BA09451B8F1B10952384EB58"; +static download_status_t auth_1_sk_1_dls; +static const char *auth_1_sk_2_str = + "710865C7F06B73C5292695A8C34F1C94F769FF72"; +static download_status_t auth_1_sk_2_dls; +/* + * Expected form of sk digest list for + * GETINFO downloads/cert/<auth_id_digest_1_str>/sks + */ +static const char *auth_1_sk_digest_expected_list = + "AA69566029B1F023BA09451B8F1B10952384EB58\n" + "710865C7F06B73C5292695A8C34F1C94F769FF72\n"; + +/* Signing keys for simulated auth 2 */ +static const char *auth_2_sk_1_str = + "4299047E00D070AD6703FE00BE7AA756DB061E62"; +static download_status_t auth_2_sk_1_dls; +static const char *auth_2_sk_2_str = + "9451B8F1B10952384EB58B5F230C0BB701626C9B"; +static download_status_t auth_2_sk_2_dls; +/* + * Expected form of sk digest list for + * GETINFO downloads/cert/<auth_id_digest_2_str>/sks + */ +static const char *auth_2_sk_digest_expected_list = + "4299047E00D070AD6703FE00BE7AA756DB061E62\n" + "9451B8F1B10952384EB58B5F230C0BB701626C9B\n"; + + static void reset_mocked_dl_statuses(void) { @@ -303,6 +347,19 @@ reset_mocked_dl_statuses(void) memcpy(&(ns_dl_status_running[i]), &dl_status_default, sizeof(download_status_t)); } + + memcpy(&auth_def_cert_download_status_1, &dl_status_default, + sizeof(download_status_t)); + memcpy(&auth_def_cert_download_status_2, &dl_status_default, + sizeof(download_status_t)); + memcpy(&auth_1_sk_1_dls, &dl_status_default, + sizeof(download_status_t)); + memcpy(&auth_1_sk_2_dls, &dl_status_default, + sizeof(download_status_t)); + memcpy(&auth_2_sk_1_dls, &dl_status_default, + sizeof(download_status_t)); + memcpy(&auth_2_sk_2_dls, &dl_status_default, + sizeof(download_status_t)); } static download_status_t * @@ -342,6 +399,165 @@ clear_ns_mocks(void) UNMOCK(networkstatus_get_dl_status_by_flavor_running); } +static smartlist_t * +cert_dl_status_auth_ids_mock(void) +{ + char digest[DIGEST_LEN], *tmp; + int len; + smartlist_t *list = NULL; + + /* Just pretend we have only the two hard-coded digests listed above */ + list = smartlist_new(); + len = base16_decode(digest, DIGEST_LEN, + auth_id_digest_1_str, strlen(auth_id_digest_1_str)); + tt_int_op(len, OP_EQ, DIGEST_LEN); + tmp = tor_malloc(DIGEST_LEN); + memcpy(tmp, digest, DIGEST_LEN); + smartlist_add(list, tmp); + len = base16_decode(digest, DIGEST_LEN, + auth_id_digest_2_str, strlen(auth_id_digest_2_str)); + tt_int_op(len, OP_EQ, DIGEST_LEN); + tmp = tor_malloc(DIGEST_LEN); + memcpy(tmp, digest, DIGEST_LEN); + smartlist_add(list, tmp); + + done: + return list; +} + +static download_status_t * +cert_dl_status_def_for_auth_mock(const char *digest) +{ + download_status_t *dl = NULL; + char digest_str[HEX_DIGEST_LEN+1]; + + tt_assert(digest != NULL); + base16_encode(digest_str, HEX_DIGEST_LEN + 1, + digest, DIGEST_LEN); + digest_str[HEX_DIGEST_LEN] = '\0'; + + if (strcmp(digest_str, auth_id_digest_1_str) == 0) { + dl = &auth_def_cert_download_status_1; + } else if (strcmp(digest_str, auth_id_digest_2_str) == 0) { + dl = &auth_def_cert_download_status_2; + } + + done: + return dl; +} + +static smartlist_t * +cert_dl_status_sks_for_auth_id_mock(const char *digest) +{ + smartlist_t *list = NULL; + char sk[DIGEST_LEN]; + char digest_str[HEX_DIGEST_LEN+1]; + char *tmp; + int len; + + tt_assert(digest != NULL); + base16_encode(digest_str, HEX_DIGEST_LEN + 1, + digest, DIGEST_LEN); + digest_str[HEX_DIGEST_LEN] = '\0'; + + /* + * Build a list of two hard-coded digests, depending on what we + * were just passed. + */ + if (strcmp(digest_str, auth_id_digest_1_str) == 0) { + list = smartlist_new(); + len = base16_decode(sk, DIGEST_LEN, + auth_1_sk_1_str, strlen(auth_1_sk_1_str)); + tt_int_op(len, OP_EQ, DIGEST_LEN); + tmp = tor_malloc(DIGEST_LEN); + memcpy(tmp, sk, DIGEST_LEN); + smartlist_add(list, tmp); + len = base16_decode(sk, DIGEST_LEN, + auth_1_sk_2_str, strlen(auth_1_sk_2_str)); + tt_int_op(len, OP_EQ, DIGEST_LEN); + tmp = tor_malloc(DIGEST_LEN); + memcpy(tmp, sk, DIGEST_LEN); + smartlist_add(list, tmp); + } else if (strcmp(digest_str, auth_id_digest_2_str) == 0) { + list = smartlist_new(); + len = base16_decode(sk, DIGEST_LEN, + auth_2_sk_1_str, strlen(auth_2_sk_1_str)); + tt_int_op(len, OP_EQ, DIGEST_LEN); + tmp = tor_malloc(DIGEST_LEN); + memcpy(tmp, sk, DIGEST_LEN); + smartlist_add(list, tmp); + len = base16_decode(sk, DIGEST_LEN, + auth_2_sk_2_str, strlen(auth_2_sk_2_str)); + tt_int_op(len, OP_EQ, DIGEST_LEN); + tmp = tor_malloc(DIGEST_LEN); + memcpy(tmp, sk, DIGEST_LEN); + smartlist_add(list, tmp); + } + + done: + return list; +} + +static download_status_t * +cert_dl_status_fp_sk_mock(const char *fp_digest, const char *sk_digest) +{ + download_status_t *dl = NULL; + char fp_digest_str[HEX_DIGEST_LEN+1], sk_digest_str[HEX_DIGEST_LEN+1]; + + /* + * Unpack the digests so we can compare them and figure out which + * dl status we want. + */ + + tt_assert(fp_digest != NULL); + base16_encode(fp_digest_str, HEX_DIGEST_LEN + 1, + fp_digest, DIGEST_LEN); + fp_digest_str[HEX_DIGEST_LEN] = '\0'; + tt_assert(sk_digest != NULL); + base16_encode(sk_digest_str, HEX_DIGEST_LEN + 1, + sk_digest, DIGEST_LEN); + sk_digest_str[HEX_DIGEST_LEN] = '\0'; + + if (strcmp(fp_digest_str, auth_id_digest_1_str) == 0) { + if (strcmp(sk_digest_str, auth_1_sk_1_str) == 0) { + dl = &auth_1_sk_1_dls; + } else if (strcmp(sk_digest_str, auth_1_sk_2_str) == 0) { + dl = &auth_1_sk_2_dls; + } + } else if (strcmp(fp_digest_str, auth_id_digest_2_str) == 0) { + if (strcmp(sk_digest_str, auth_2_sk_1_str) == 0) { + dl = &auth_2_sk_1_dls; + } else if (strcmp(sk_digest_str, auth_2_sk_2_str) == 0) { + dl = &auth_2_sk_2_dls; + } + } + + done: + return dl; +} + +static void +setup_cert_mocks(void) +{ + MOCK(list_authority_ids_with_downloads, cert_dl_status_auth_ids_mock); + MOCK(id_only_download_status_for_authority_id, + cert_dl_status_def_for_auth_mock); + MOCK(list_sk_digests_for_authority_id, + cert_dl_status_sks_for_auth_id_mock); + MOCK(download_status_for_authority_id_and_sk, + cert_dl_status_fp_sk_mock); + reset_mocked_dl_statuses(); +} + +static void +clear_cert_mocks(void) +{ + UNMOCK(list_authority_ids_with_downloads); + UNMOCK(id_only_download_status_for_authority_id); + UNMOCK(list_sk_digests_for_authority_id); + UNMOCK(download_status_for_authority_id_and_sk); +} + static void test_download_status_consensus(void *arg) { @@ -449,6 +665,301 @@ test_download_status_consensus(void *arg) return; } +static void +test_download_status_cert(void *arg) +{ + /* We just need one of these to pass, it doesn't matter what's in it */ + control_connection_t dummy; + /* Get results out */ + char *question = NULL; + char *answer = NULL; + const char *errmsg = NULL; + + (void)arg; + + setup_cert_mocks(); + + /* + * Check returning serialized dlstatuses and digest lists, and implicitly + * also test download_status_to_string() and digest_list_to_string(). + */ + + /* Case 1 - list of authority identity fingerprints */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fps", + &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, auth_id_digest_expected_list); + tor_free(answer); + errmsg = NULL; + + /* Case 2 - download status for default cert for 1st auth id */ + memcpy(&auth_def_cert_download_status_1, &dls_sample_1, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/cert/fp/%s", auth_id_digest_1_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_1_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Case 3 - download status for default cert for 2nd auth id */ + memcpy(&auth_def_cert_download_status_2, &dls_sample_2, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/cert/fp/%s", auth_id_digest_2_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_2_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Case 4 - list of signing key digests for 1st auth id */ + tor_asprintf(&question, "downloads/cert/fp/%s/sks", auth_id_digest_1_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, auth_1_sk_digest_expected_list); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Case 5 - list of signing key digests for 2nd auth id */ + tor_asprintf(&question, "downloads/cert/fp/%s/sks", auth_id_digest_2_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, auth_2_sk_digest_expected_list); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Case 6 - download status for 1st auth id, 1st sk */ + memcpy(&auth_1_sk_1_dls, &dls_sample_3, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/cert/fp/%s/%s", + auth_id_digest_1_str, auth_1_sk_1_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_3_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Case 7 - download status for 1st auth id, 2nd sk */ + memcpy(&auth_1_sk_2_dls, &dls_sample_4, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/cert/fp/%s/%s", + auth_id_digest_1_str, auth_1_sk_2_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_4_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Case 8 - download status for 2nd auth id, 1st sk */ + memcpy(&auth_2_sk_1_dls, &dls_sample_5, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/cert/fp/%s/%s", + auth_id_digest_2_str, auth_2_sk_1_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_5_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Case 9 - download status for 2nd auth id, 2nd sk */ + memcpy(&auth_2_sk_2_dls, &dls_sample_6, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/cert/fp/%s/%s", + auth_id_digest_2_str, auth_2_sk_2_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_6_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Now check the error cases */ + + /* Case 1 - query is garbage after downloads/cert/ part */ + getinfo_helper_downloads(&dummy, "downloads/cert/blahdeblah", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "Unknown certificate download status query"); + errmsg = NULL; + + /* + * Case 2 - looks like downloads/cert/fp/<fp>, but <fp> isn't even + * the right length for a digest. + */ + getinfo_helper_downloads(&dummy, "downloads/cert/fp/2B1D36D32B2942406", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "That didn't look like a digest"); + errmsg = NULL; + + /* + * Case 3 - looks like downloads/cert/fp/<fp>, and <fp> is digest-sized, + * but not parseable as one. + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/82F52AF55D250115FE44D3GC81D49643241D56A1", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "That didn't look like a digest"); + errmsg = NULL; + + /* + * Case 4 - downloads/cert/fp/<fp>, and <fp> is not a known authority + * identity digest + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/AC4F23B5745BDD2A77997B85B1FD85D05C2E0F61", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, + "Failed to get download status for this authority identity digest"); + errmsg = NULL; + + /* + * Case 5 - looks like downloads/cert/fp/<fp>/<anything>, but <fp> doesn't + * parse as a sensible digest. + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/82F52AF55D250115FE44D3GC81D49643241D56A1/blah", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "That didn't look like an identity digest"); + errmsg = NULL; + + /* + * Case 6 - looks like downloads/cert/fp/<fp>/<anything>, but <fp> doesn't + * parse as a sensible digest. + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/82F52AF55D25/blah", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "That didn't look like an identity digest"); + errmsg = NULL; + + /* + * Case 7 - downloads/cert/fp/<fp>/sks, and <fp> is not a known authority + * digest. + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/AC4F23B5745BDD2A77997B85B1FD85D05C2E0F61/sks", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, + "Failed to get list of signing key digests for this authority " + "identity digest"); + errmsg = NULL; + + /* + * Case 8 - looks like downloads/cert/fp/<fp>/<sk>, but <sk> doesn't + * parse as a signing key digest. + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/AC4F23B5745BDD2A77997B85B1FD85D05C2E0F61/" + "82F52AF55D250115FE44D3GC81D49643241D56A1", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "That didn't look like a signing key digest"); + errmsg = NULL; + + /* + * Case 9 - looks like downloads/cert/fp/<fp>/<sk>, but <sk> doesn't + * parse as a signing key digest. + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/AC4F23B5745BDD2A77997B85B1FD85D05C2E0F61/" + "82F52AF55D250115FE44D", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "That didn't look like a signing key digest"); + errmsg = NULL; + + /* + * Case 10 - downloads/cert/fp/<fp>/<sk>, but <fp> isn't a known + * authority identity digest. + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/C6B05DF332F74DB9A13498EE3BBC7AA2F69FCB45/" + "3A214FC21AE25B012C2ECCB5F4EC8A3602D0545D", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, + "Failed to get download status for this identity/" + "signing key digest pair"); + errmsg = NULL; + + /* + * Case 11 - downloads/cert/fp/<fp>/<sk>, but <sk> isn't a known + * signing key digest. + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/63CDD326DFEF0CA020BDD3FEB45A3286FE13A061/" + "3A214FC21AE25B012C2ECCB5F4EC8A3602D0545D", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, + "Failed to get download status for this identity/" + "signing key digest pair"); + errmsg = NULL; + + /* + * Case 12 - downloads/cert/fp/<fp>/<sk>, but <sk> is on the list for + * a different authority identity digest. + */ + getinfo_helper_downloads(&dummy, + "downloads/cert/fp/63CDD326DFEF0CA020BDD3FEB45A3286FE13A061/" + "9451B8F1B10952384EB58B5F230C0BB701626C9B", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, + "Failed to get download status for this identity/" + "signing key digest pair"); + errmsg = NULL; + + done: + clear_cert_mocks(); + tor_free(answer); + + return; +} + struct testcase_t controller_tests[] = { { "add_onion_helper_keyarg", test_add_onion_helper_keyarg, 0, NULL, NULL }, { "rend_service_parse_port_config", test_rend_service_parse_port_config, 0, @@ -457,6 +968,8 @@ struct testcase_t controller_tests[] = { NULL }, { "download_status_consensus", test_download_status_consensus, 0, NULL, NULL }, + { "download_status_cert", test_download_status_cert, 0, NULL, + NULL }, END_OF_TESTCASES };

1 0

[tor/master] Unit tests for GETINFO download/desc and download/bridge cases
by nickm＠torproject.org 30 Jun '16

30 Jun '16

commit ad0ce8716dc2af32671c7c5b6f8ffd1c1b3d8aa4 Author: Andrea Shepard <andrea(a)torproject.org> Date: Wed Jun 29 06:55:57 2016 +0000 Unit tests for GETINFO download/desc and download/bridge cases --- src/test/test_controller.c | 320 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 320 insertions(+) diff --git a/src/test/test_controller.c b/src/test/test_controller.c index c5bf509..0dea847 100644 --- a/src/test/test_controller.c +++ b/src/test/test_controller.c @@ -4,6 +4,7 @@ #define CONTROL_PRIVATE #include "or.h" #include "control.h" +#include "entrynodes.h" #include "networkstatus.h" #include "rendservice.h" #include "routerlist.h" @@ -333,6 +334,22 @@ static const char *auth_2_sk_digest_expected_list = "4299047E00D070AD6703FE00BE7AA756DB061E62\n" "9451B8F1B10952384EB58B5F230C0BB701626C9B\n"; +/* Simulated router descriptor digests or bridge identity digests */ +static const char *descbr_digest_1_str = + "616408544C7345822696074A1A3DFA16AB381CBD"; +static download_status_t descbr_digest_1_dl; +static const char *descbr_digest_2_str = + "06E8067246967265DBCB6641631B530EFEC12DC3"; +static download_status_t descbr_digest_2_dl; +/* Expected form of digest list returned for GETINFO downloads/desc/descs */ +static const char *descbr_expected_list = + "616408544C7345822696074A1A3DFA16AB381CBD\n" + "06E8067246967265DBCB6641631B530EFEC12DC3\n"; +/* + * Flag to make all descbr queries fail, to simulate not being + * configured such that such queries make sense. + */ +static int disable_descbr = 0; static void reset_mocked_dl_statuses(void) @@ -360,6 +377,11 @@ reset_mocked_dl_statuses(void) sizeof(download_status_t)); memcpy(&auth_2_sk_2_dls, &dl_status_default, sizeof(download_status_t)); + + memcpy(&descbr_digest_1_dl, &dl_status_default, + sizeof(download_status_t)); + memcpy(&descbr_digest_2_dl, &dl_status_default, + sizeof(download_status_t)); } static download_status_t * @@ -558,6 +580,95 @@ clear_cert_mocks(void) UNMOCK(download_status_for_authority_id_and_sk); } +static smartlist_t * +descbr_get_digests_mock(void) +{ + char digest[DIGEST_LEN], *tmp; + int len; + smartlist_t *list = NULL; + + if (!disable_descbr) { + /* Just pretend we have only the two hard-coded digests listed above */ + list = smartlist_new(); + len = base16_decode(digest, DIGEST_LEN, + descbr_digest_1_str, strlen(descbr_digest_1_str)); + tt_int_op(len, OP_EQ, DIGEST_LEN); + tmp = tor_malloc(DIGEST_LEN); + memcpy(tmp, digest, DIGEST_LEN); + smartlist_add(list, tmp); + len = base16_decode(digest, DIGEST_LEN, + descbr_digest_2_str, strlen(descbr_digest_2_str)); + tt_int_op(len, OP_EQ, DIGEST_LEN); + tmp = tor_malloc(DIGEST_LEN); + memcpy(tmp, digest, DIGEST_LEN); + smartlist_add(list, tmp); + } + + done: + return list; +} + +static download_status_t * +descbr_get_dl_by_digest_mock(const char *digest) +{ + download_status_t *dl = NULL; + char digest_str[HEX_DIGEST_LEN+1]; + + if (!disable_descbr) { + tt_assert(digest != NULL); + base16_encode(digest_str, HEX_DIGEST_LEN + 1, + digest, DIGEST_LEN); + digest_str[HEX_DIGEST_LEN] = '\0'; + + if (strcmp(digest_str, descbr_digest_1_str) == 0) { + dl = &descbr_digest_1_dl; + } else if (strcmp(digest_str, descbr_digest_2_str) == 0) { + dl = &descbr_digest_2_dl; + } + } + + done: + return dl; +} + +static void +setup_desc_mocks(void) +{ + MOCK(router_get_descriptor_digests, + descbr_get_digests_mock); + MOCK(router_get_dl_status_by_descriptor_digest, + descbr_get_dl_by_digest_mock); + reset_mocked_dl_statuses(); +} + +static void +clear_desc_mocks(void) +{ + UNMOCK(router_get_descriptor_digests); + UNMOCK(router_get_dl_status_by_descriptor_digest); +} + +static void +setup_bridge_mocks(void) +{ + disable_descbr = 0; + + MOCK(list_bridge_identities, + descbr_get_digests_mock); + MOCK(get_bridge_dl_status_by_id, + descbr_get_dl_by_digest_mock); + reset_mocked_dl_statuses(); +} + +static void +clear_bridge_mocks(void) +{ + UNMOCK(list_bridge_identities); + UNMOCK(get_bridge_dl_status_by_id); + + disable_descbr = 0; +} + static void test_download_status_consensus(void *arg) { @@ -960,6 +1071,213 @@ test_download_status_cert(void *arg) return; } +static void +test_download_status_desc(void *arg) +{ + /* We just need one of these to pass, it doesn't matter what's in it */ + control_connection_t dummy; + /* Get results out */ + char *question = NULL; + char *answer = NULL; + const char *errmsg = NULL; + + (void)arg; + + setup_desc_mocks(); + + /* + * Check returning serialized dlstatuses and digest lists, and implicitly + * also test download_status_to_string() and digest_list_to_string(). + */ + + /* Case 1 - list of router descriptor digests */ + getinfo_helper_downloads(&dummy, + "downloads/desc/descs", + &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, descbr_expected_list); + tor_free(answer); + errmsg = NULL; + + /* Case 2 - get download status for router descriptor 1 */ + memcpy(&descbr_digest_1_dl, &dls_sample_1, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/desc/%s", descbr_digest_1_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_1_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Case 3 - get download status for router descriptor 1 */ + memcpy(&descbr_digest_2_dl, &dls_sample_2, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/desc/%s", descbr_digest_2_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_2_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Now check the error cases */ + + /* Case 1 - non-digest-length garbage after downloads/desc */ + getinfo_helper_downloads(&dummy, "downloads/desc/blahdeblah", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "Unknown router descriptor download status query"); + errmsg = NULL; + + /* Case 2 - nonparseable digest-shaped thing */ + getinfo_helper_downloads( + &dummy, + "downloads/desc/774EC52FD9A5B80A6FACZE536616E8022E3470AG", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "That didn't look like a digest"); + errmsg = NULL; + + /* Case 3 - digest we have no descriptor for */ + getinfo_helper_downloads( + &dummy, + "downloads/desc/B05B46135B0B2C04EBE1DD6A6AE4B12D7CD2226A", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "No such descriptor digest found"); + errmsg = NULL; + + /* Case 4 - microdescs only */ + disable_descbr = 1; + getinfo_helper_downloads(&dummy, + "downloads/desc/descs", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, + "We don't seem to have a networkstatus-flavored consensus"); + errmsg = NULL; + disable_descbr = 0; + + done: + clear_desc_mocks(); + tor_free(answer); + + return; +} + +static void +test_download_status_bridge(void *arg) +{ + /* We just need one of these to pass, it doesn't matter what's in it */ + control_connection_t dummy; + /* Get results out */ + char *question = NULL; + char *answer = NULL; + const char *errmsg = NULL; + + (void)arg; + + setup_bridge_mocks(); + + /* + * Check returning serialized dlstatuses and digest lists, and implicitly + * also test download_status_to_string() and digest_list_to_string(). + */ + + /* Case 1 - list of bridge identity digests */ + getinfo_helper_downloads(&dummy, + "downloads/bridge/bridges", + &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, descbr_expected_list); + tor_free(answer); + errmsg = NULL; + + /* Case 2 - get download status for bridge descriptor 1 */ + memcpy(&descbr_digest_1_dl, &dls_sample_3, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/bridge/%s", descbr_digest_1_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_3_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Case 3 - get download status for router descriptor 1 */ + memcpy(&descbr_digest_2_dl, &dls_sample_4, + sizeof(download_status_t)); + tor_asprintf(&question, "downloads/bridge/%s", descbr_digest_2_str); + tt_assert(question != NULL); + getinfo_helper_downloads(&dummy, question, &answer, &errmsg); + tt_assert(answer != NULL); + tt_assert(errmsg == NULL); + tt_str_op(answer, OP_EQ, dls_sample_4_str); + tor_free(question); + tor_free(answer); + errmsg = NULL; + + /* Now check the error cases */ + + /* Case 1 - non-digest-length garbage after downloads/bridge */ + getinfo_helper_downloads(&dummy, "downloads/bridge/blahdeblah", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "Unknown bridge descriptor download status query"); + errmsg = NULL; + + /* Case 2 - nonparseable digest-shaped thing */ + getinfo_helper_downloads( + &dummy, + "downloads/bridge/774EC52FD9A5B80A6FACZE536616E8022E3470AG", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "That didn't look like a digest"); + errmsg = NULL; + + /* Case 3 - digest we have no descriptor for */ + getinfo_helper_downloads( + &dummy, + "downloads/bridge/B05B46135B0B2C04EBE1DD6A6AE4B12D7CD2226A", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "No such bridge identity digest found"); + errmsg = NULL; + + /* Case 4 - bridges disabled */ + disable_descbr = 1; + getinfo_helper_downloads(&dummy, + "downloads/bridge/bridges", + &answer, &errmsg); + tt_assert(answer == NULL); + tt_assert(errmsg != NULL); + tt_str_op(errmsg, OP_EQ, "We don't seem to be using bridges"); + errmsg = NULL; + disable_descbr = 0; + + done: + clear_bridge_mocks(); + tor_free(answer); + + return; +} + struct testcase_t controller_tests[] = { { "add_onion_helper_keyarg", test_add_onion_helper_keyarg, 0, NULL, NULL }, { "rend_service_parse_port_config", test_rend_service_parse_port_config, 0, @@ -970,6 +1288,8 @@ struct testcase_t controller_tests[] = { NULL }, { "download_status_cert", test_download_status_cert, 0, NULL, NULL }, + { "download_status_desc", test_download_status_desc, 0, NULL, NULL }, + { "download_status_bridge", test_download_status_bridge, 0, NULL, NULL }, END_OF_TESTCASES };

1 0

[tor/master] Expose GETINFO download status statics for test suite and make things mockable
by nickm＠torproject.org 30 Jun '16

30 Jun '16

commit 657eaee6ae640d5abffc760bed14b5d31ad1ea73 Author: Andrea Shepard <andrea(a)torproject.org> Date: Tue Jun 28 21:30:57 2016 +0000 Expose GETINFO download status statics for test suite and make things mockable --- src/or/control.c | 10 +++++----- src/or/control.h | 25 +++++++++++++++++++++++++ src/or/entrynodes.c | 8 ++++---- src/or/entrynodes.h | 5 +++-- src/or/networkstatus.c | 16 ++++++++-------- src/or/networkstatus.h | 17 ++++++++++------- src/or/routerlist.c | 18 +++++++++--------- src/or/routerlist.h | 14 +++++++------- 8 files changed, 71 insertions(+), 42 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index 77a09f0..f127090 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2179,7 +2179,7 @@ download_status_to_string(const download_status_t *dl) } /** Handle the consensus download cases for getinfo_helper_downloads() */ -static void +STATIC void getinfo_helper_downloads_networkstatus(const char *flavor, download_status_t **dl_to_emit, const char **errmsg) @@ -2208,7 +2208,7 @@ getinfo_helper_downloads_networkstatus(const char *flavor, } /** Handle the cert download cases for getinfo_helper_downloads() */ -static void +STATIC void getinfo_helper_downloads_cert(const char *fp_sk_req, download_status_t **dl_to_emit, smartlist_t **digest_list, @@ -2308,7 +2308,7 @@ getinfo_helper_downloads_cert(const char *fp_sk_req, } /** Handle the routerdesc download cases for getinfo_helper_downloads() */ -static void +STATIC void getinfo_helper_downloads_desc(const char *desc_req, download_status_t **dl_to_emit, smartlist_t **digest_list, @@ -2354,7 +2354,7 @@ getinfo_helper_downloads_desc(const char *desc_req, } /** Handle the bridge download cases for getinfo_helper_downloads() */ -static void +STATIC void getinfo_helper_downloads_bridge(const char *bridge_req, download_status_t **dl_to_emit, smartlist_t **digest_list, @@ -2397,7 +2397,7 @@ getinfo_helper_downloads_bridge(const char *bridge_req, /** Implementation helper for GETINFO: knows the answers for questions about * download status information. */ -static int +STATIC int getinfo_helper_downloads(control_connection_t *control_conn, const char *question, char **answer, const char **errmsg) diff --git a/src/or/control.h b/src/or/control.h index b3902e6..6330c85 100644 --- a/src/or/control.h +++ b/src/or/control.h @@ -261,6 +261,31 @@ STATIC crypto_pk_t *add_onion_helper_keyarg(const char *arg, int discard_pk, char **err_msg_out); STATIC rend_authorized_client_t * add_onion_helper_clientauth(const char *arg, int *created, char **err_msg_out); + +STATIC void getinfo_helper_downloads_networkstatus( + const char *flavor, + download_status_t **dl_to_emit, + const char **errmsg); +STATIC void getinfo_helper_downloads_cert( + const char *fp_sk_req, + download_status_t **dl_to_emit, + smartlist_t **digest_list, + const char **errmsg); +STATIC void getinfo_helper_downloads_desc( + const char *desc_req, + download_status_t **dl_to_emit, + smartlist_t **digest_list, + const char **errmsg); +STATIC void getinfo_helper_downloads_bridge( + const char *bridge_req, + download_status_t **dl_to_emit, + smartlist_t **digest_list, + const char **errmsg); +STATIC int getinfo_helper_downloads( + control_connection_t *control_conn, + const char *question, char **answer, + const char **errmsg); + #endif #endif diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index 72ac6e7..17507fe 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -2425,8 +2425,8 @@ num_bridges_usable(void) } /** Return a smartlist containing all bridge identity digests */ -smartlist_t * -list_bridge_identities(void) +MOCK_IMPL(smartlist_t *, +list_bridge_identities, (void)) { smartlist_t *result = NULL; char *digest_tmp; @@ -2445,8 +2445,8 @@ list_bridge_identities(void) } /** Get the download status for a bridge descriptor given its identity */ -download_status_t * -get_bridge_dl_status_by_id(const char *digest) +MOCK_IMPL(download_status_t *, +get_bridge_dl_status_by_id, (const char *digest)) { download_status_t *dl = NULL; diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index 285367d..1021e67 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -179,8 +179,9 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw, int orig_bandwidth, uint32_t guardfraction_percentage); -smartlist_t * list_bridge_identities(void); -download_status_t * get_bridge_dl_status_by_id(const char *digest); +MOCK_DECL(smartlist_t *, list_bridge_identities, (void)); +MOCK_DECL(download_status_t *, get_bridge_dl_status_by_id, + (const char *digest)); #endif diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index a582b85..9968047 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -683,8 +683,8 @@ router_get_descriptor_digests_in_consensus(networkstatus_t *consensus) /** Return a smartlist of all router descriptor digests in the current * consensus */ -smartlist_t * -router_get_descriptor_digests(void) +MOCK_IMPL(smartlist_t *, +router_get_descriptor_digests,(void)) { smartlist_t *result = NULL; @@ -1219,8 +1219,8 @@ consensus_is_waiting_for_certs(void) /** Look up the currently active (depending on bootstrap status) download * status for this consensus flavor and return a pointer to it. */ -download_status_t * -networkstatus_get_dl_status_by_flavor(consensus_flavor_t flavor) +MOCK_IMPL(download_status_t *, +networkstatus_get_dl_status_by_flavor,(consensus_flavor_t flavor)) { download_status_t *dl = NULL; const int we_are_bootstrapping = @@ -1236,8 +1236,8 @@ networkstatus_get_dl_status_by_flavor(consensus_flavor_t flavor) /** Look up the bootstrap download status for this consensus flavor * and return a pointer to it. */ -download_status_t * -networkstatus_get_dl_status_by_flavor_bootstrap(consensus_flavor_t flavor) +MOCK_IMPL(download_status_t *, +networkstatus_get_dl_status_by_flavor_bootstrap,(consensus_flavor_t flavor)) { download_status_t *dl = NULL; @@ -1250,8 +1250,8 @@ networkstatus_get_dl_status_by_flavor_bootstrap(consensus_flavor_t flavor) /** Look up the running (non-bootstrap) download status for this consensus * flavor and return a pointer to it. */ -download_status_t * -networkstatus_get_dl_status_by_flavor_running(consensus_flavor_t flavor) +MOCK_IMPL(download_status_t *, +networkstatus_get_dl_status_by_flavor_running,(consensus_flavor_t flavor)) { download_status_t *dl = NULL; diff --git a/src/or/networkstatus.h b/src/or/networkstatus.h index 6d5d05a..65923b6 100644 --- a/src/or/networkstatus.h +++ b/src/or/networkstatus.h @@ -38,14 +38,17 @@ routerstatus_t *networkstatus_vote_find_mutable_entry(networkstatus_t *ns, int networkstatus_vote_find_entry_idx(networkstatus_t *ns, const char *digest, int *found_out); -download_status_t * networkstatus_get_dl_status_by_flavor( - consensus_flavor_t flavor); -download_status_t * networkstatus_get_dl_status_by_flavor_bootstrap( - consensus_flavor_t flavor); -download_status_t * networkstatus_get_dl_status_by_flavor_running( - consensus_flavor_t flavor); +MOCK_DECL(download_status_t *, + networkstatus_get_dl_status_by_flavor, + (consensus_flavor_t flavor)); +MOCK_DECL(download_status_t *, + networkstatus_get_dl_status_by_flavor_bootstrap, + (consensus_flavor_t flavor)); +MOCK_DECL(download_status_t *, + networkstatus_get_dl_status_by_flavor_running, + (consensus_flavor_t flavor)); -smartlist_t * router_get_descriptor_digests(void); +MOCK_DECL(smartlist_t *, router_get_descriptor_digests, (void)); MOCK_DECL(download_status_t *,router_get_dl_status_by_descriptor_digest, (const char *d)); diff --git a/src/or/routerlist.c b/src/or/routerlist.c index 6bd494b..0a28ede 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -257,8 +257,8 @@ get_cert_list(const char *id_digest) * of download_status_t objects; used by controller GETINFO queries. */ -smartlist_t * -list_authority_ids_with_downloads(void) +MOCK_IMPL(smartlist_t *, +list_authority_ids_with_downloads, (void)) { smartlist_t *ids = smartlist_new(); digestmap_iter_t *i; @@ -288,8 +288,8 @@ list_authority_ids_with_downloads(void) /** Given an authority ID digest, return a pointer to the default download * status, or NULL if there is no such entry in trusted_dir_certs */ -download_status_t * -id_only_download_status_for_authority_id(const char *digest) +MOCK_IMPL(download_status_t *, +id_only_download_status_for_authority_id, (const char *digest)) { download_status_t *dl = NULL; cert_list_t *cl; @@ -308,8 +308,8 @@ id_only_download_status_for_authority_id(const char *digest) * for which download_status_t is potentially queryable, or NULL if no such * authority ID digest is known. */ -smartlist_t * -list_sk_digests_for_authority_id(const char *digest) +MOCK_IMPL(smartlist_t *, +list_sk_digests_for_authority_id, (const char *digest)) { smartlist_t *sks = NULL; cert_list_t *cl; @@ -342,9 +342,9 @@ list_sk_digests_for_authority_id(const char *digest) /** Given an authority ID digest and a signing key digest, return the * download_status_t or NULL if none exists. */ -download_status_t * -download_status_for_authority_id_and_sk(const char *id_digest, - const char *sk_digest) +MOCK_IMPL(download_status_t *, + download_status_for_authority_id_and_sk, + (const char *id_digest, const char *sk_digest)) { download_status_t *dl = NULL; cert_list_t *cl = NULL; diff --git a/src/or/routerlist.h b/src/or/routerlist.h index 65ba88d..e75c922 100644 --- a/src/or/routerlist.h +++ b/src/or/routerlist.h @@ -104,13 +104,13 @@ void routerlist_remove(routerlist_t *rl, routerinfo_t *ri, int make_old, void routerlist_free_all(void); void routerlist_reset_warnings(void); -smartlist_t * list_authority_ids_with_downloads(void); -download_status_t * id_only_download_status_for_authority_id( - const char *digest); -smartlist_t * list_sk_digests_for_authority_id(const char *digest); -download_status_t * download_status_for_authority_id_and_sk( - const char *id_digest, - const char *sk_digest); +MOCK_DECL(smartlist_t *, list_authority_ids_with_downloads, (void);) +MOCK_DECL(download_status_t *, id_only_download_status_for_authority_id, + (const char *digest)); +MOCK_DECL(smartlist_t *, list_sk_digests_for_authority_id, + (const char *digest)); +MOCK_DECL(download_status_t *, download_status_for_authority_id_and_sk, + (const char *id_digest, const char *sk_digest)); static int WRA_WAS_ADDED(was_router_added_t s); static int WRA_WAS_OUTDATED(was_router_added_t s);

1 0

[tor/master] A little more specificity in documentation for getinfo download/ stuff
by nickm＠torproject.org 30 Jun '16

30 Jun '16

commit 8917c4f19fccbe26ccea78b7fdb6d4730ef017c4 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 30 13:42:28 2016 -0400 A little more specificity in documentation for getinfo download/ stuff Also, a const. --- src/or/control.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/or/control.c b/src/or/control.c index f127090..d3613d8 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2053,10 +2053,11 @@ getinfo_helper_dir(control_connection_t *control_conn, return 0; } -/** Turn a smartlist of digests into a human-readable list of hex strings */ - +/** Given a smartlist of 20-byte digests, return a newly allocated string + * containing each of those digests in order, formatted in HEX, and terminated + * with a newline. */ static char * -digest_list_to_string(smartlist_t *sl) +digest_list_to_string(const smartlist_t *sl) { int len; char *result, *s; @@ -2066,7 +2067,7 @@ digest_list_to_string(smartlist_t *sl) result = tor_malloc_zero(len); s = result; - SMARTLIST_FOREACH_BEGIN(sl, char *, digest) { + SMARTLIST_FOREACH_BEGIN(sl, const char *, digest) { base16_encode(s, HEX_DIGEST_LEN + 1, digest, DIGEST_LEN); s[HEX_DIGEST_LEN] = '\n'; s += HEX_DIGEST_LEN + 1; @@ -2077,8 +2078,8 @@ digest_list_to_string(smartlist_t *sl) } /** Turn a download_status_t into a human-readable description in a newly - * allocated string. */ - + * allocated string. The format is specified in control-spec.txt, under + * the documentation for "GETINFO download/..." . */ static char * download_status_to_string(const download_status_t *dl) {

1 0

[tor/master] Merge remote-tracking branch 'andrea/ticket19323_squashed'
by nickm＠torproject.org 30 Jun '16

30 Jun '16

commit cb54390e0f1b1619b9e89d054ed07ccf081625cb Merge: 9a76415 d511c67 Author: Nick Mathewson <nickm(a)torproject.org> Date: Thu Jun 30 11:44:58 2016 -0400 Merge remote-tracking branch 'andrea/ticket19323_squashed' changes/ticket19323 | 3 + src/or/control.c | 449 ++++++++++++++++++ src/or/control.h | 25 + src/or/entrynodes.c | 38 ++ src/or/entrynodes.h | 4 + src/or/networkstatus.c | 83 ++++ src/or/networkstatus.h | 11 + src/or/routerlist.c | 106 +++++ src/or/routerlist.h | 8 + src/test/test_controller.c | 1081 ++++++++++++++++++++++++++++++++++++++++++++ 10 files changed, 1808 insertions(+)

1 0

[tor/master] Changes file for ticket 19323
by nickm＠torproject.org 30 Jun '16

30 Jun '16

commit d511c673c36b415f77c260ca86cd8d58b97cfc26 Author: Andrea Shepard <andrea(a)torproject.org> Date: Wed Jun 29 06:57:57 2016 +0000 Changes file for ticket 19323 --- changes/ticket19323 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/changes/ticket19323 b/changes/ticket19323 new file mode 100644 index 0000000..38e5af4 --- /dev/null +++ b/changes/ticket19323 @@ -0,0 +1,3 @@ + o Control port: + - Implement new GETINFO queries for all downloads using download_status_t + to schedule retries. Closes ticket #19323.

1 0

[stem/master] Support server descriptor 'tunnelled-dir-server' lines
by atagar＠torproject.org 30 Jun '16

30 Jun '16

commit 1c9727dc1117f6c94cc7b195760a31e48b57111a Author: Damian Johnson <atagar(a)torproject.org> Date: Thu Jun 30 09:34:40 2016 -0700 Support server descriptor 'tunnelled-dir-server' lines Adding support for a small new spec addition... https://gitweb.torproject.org/torspec.git/commit/?id=8bc30d6 --- docs/change_log.rst | 3 ++- stem/descriptor/server_descriptor.py | 9 +++++++++ test/unit/descriptor/server_descriptor.py | 5 +++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/change_log.rst b/docs/change_log.rst index 291bca2..230533a 100644 --- a/docs/change_log.rst +++ b/docs/change_log.rst @@ -66,14 +66,15 @@ The following are only available within Stem's `git repository * `Shorthand functions for stem.descriptor.remote <api/descriptor/remote.html#stem.descriptor.remote.get_instance>`_ * Added `fallback directory information <api/descriptor/remote.html#stem.descriptor.remote.FallbackDirectory>`_. * Support for ed25519 descriptor fields (:spec:`5a79d67`) + * Added server descriptor's new allow_tunneled_dir_requests attribute (:spec:`8bc30d6`) * Server descriptor validation fails with 'extra-info-digest line had an invalid value' from additions in proposal 228 (:trac:`16227`) * :class:`~stem.descriptor.server_descriptor.BridgeDescriptor` now has 'ntor_onion_key' like its unsanitized counterparts * Replaced the :class:`~stem.descriptor.microdescriptor.Microdescriptor` identifier and identifier_type attributes with an identifiers hash since it can now appear multiple times (:spec:`09ff9e2`) * Unable to read descriptors from data directories on Windows due to their CRLF newlines (:trac:`17051`) * TypeError under python3 when using 'use_mirrors = True' (:trac:`17083`) * Deprecated hidden service descriptor's *introduction_points_auth* field, which was never implemented in tor (:trac:`15190`, :spec:`9c218f9`) - * :func:`~stem.control.Controller.get_hidden_service_descriptor` errored when provided a *servers* argument (:trac:`18401`) * Deprecated :func:`~stem.descriptor.remote.DescriptorDownloader.get_microdescriptors` as it was never implemented in tor (:trac:`9271`) + * :func:`~stem.control.Controller.get_hidden_service_descriptor` errored when provided a *servers* argument (:trac:`18401`) * Fixed parsing of server descriptor's *allow-single-hop-exits* and *caches-extra-info* lines * Bracketed IPv6 addresses were mistreated as being invalid content * Better validation for non-ascii descriptor content diff --git a/stem/descriptor/server_descriptor.py b/stem/descriptor/server_descriptor.py index 5749832..931601a 100644 --- a/stem/descriptor/server_descriptor.py +++ b/stem/descriptor/server_descriptor.py @@ -95,6 +95,7 @@ SINGLE_FIELDS = ( 'hidden-service-dir', 'protocols', 'allow-single-hop-exits', + 'tunnelled-dir-server', 'onion-key-crosscert', 'ntor-onion-key', 'ntor-onion-key-crosscert', @@ -392,6 +393,7 @@ _parse_read_history_line = functools.partial(_parse_history_line, 'read-history' _parse_write_history_line = functools.partial(_parse_history_line, 'write-history', 'write_history_end', 'write_history_interval', 'write_history_values') _parse_ipv6_policy_line = _parse_simple_line('ipv6-policy', 'exit_policy_v6', func = lambda v: stem.exit_policy.MicroExitPolicy(v)) _parse_allow_single_hop_exits_line = _parse_if_present('allow-single-hop-exits', 'allow_single_hop_exits') +_parse_tunneled_dir_server_line = _parse_if_present('tunnelled-dir-server', 'allow_tunneled_dir_requests') _parse_caches_extra_info_line = _parse_if_present('caches-extra-info', 'extra_info_cache') _parse_family_line = _parse_simple_line('family', 'family', func = lambda v: set(v.split(' '))) _parse_eventdns_line = _parse_simple_line('eventdns', 'eventdns', func = lambda v: v == '1') @@ -436,6 +438,8 @@ class ServerDescriptor(Descriptor): :var list circuit_protocols: circuit protocols supported by the relay :var bool hibernating: **\*** hibernating when published :var bool allow_single_hop_exits: **\*** flag if single hop exiting is allowed + :var bool allow_tunneled_dir_requests: **\*** flag if tunneled directory + requests are accepted :var bool extra_info_cache: **\*** flag if a mirror for extra-info documents :var str extra_info_digest: upper-case hex encoded digest of our extra-info document :var bool eventdns: flag for evdns backend (**deprecated**, always unset) @@ -456,6 +460,9 @@ class ServerDescriptor(Descriptor): **\*** attribute is either required when we're parsed with validation or has a default value, others are left as **None** if undefined + + .. versionchanged:: 1.5.0 + Added the allow_tunneled_dir_requests attribute. """ ATTRIBUTES = { @@ -485,6 +492,7 @@ class ServerDescriptor(Descriptor): 'circuit_protocols': (None, _parse_protocols_line), 'hibernating': (False, _parse_hibernating_line), 'allow_single_hop_exits': (False, _parse_allow_single_hop_exits_line), + 'allow_tunneled_dir_requests': (False, _parse_tunneled_dir_server_line), 'extra_info_cache': (False, _parse_caches_extra_info_line), 'extra_info_digest': (None, _parse_extrainfo_digest_line), 'hidden_service_dir': (None, _parse_hidden_service_dir_line), @@ -519,6 +527,7 @@ class ServerDescriptor(Descriptor): 'write-history': _parse_write_history_line, 'ipv6-policy': _parse_ipv6_policy_line, 'allow-single-hop-exits': _parse_allow_single_hop_exits_line, + 'tunnelled-dir-server': _parse_tunneled_dir_server_line, 'caches-extra-info': _parse_caches_extra_info_line, 'family': _parse_family_line, 'eventdns': _parse_eventdns_line, diff --git a/test/unit/descriptor/server_descriptor.py b/test/unit/descriptor/server_descriptor.py index cb587d0..c9d606f 100644 --- a/test/unit/descriptor/server_descriptor.py +++ b/test/unit/descriptor/server_descriptor.py @@ -122,6 +122,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4= self.assertEqual(['1'], desc.circuit_protocols) self.assertEqual(False, desc.hibernating) self.assertEqual(False, desc.allow_single_hop_exits) + self.assertEqual(False, desc.allow_tunneled_dir_requests) self.assertEqual(False, desc.extra_info_cache) self.assertEqual('D225B728768D7EA4B5587C13A7A9D22EBBEE6E66', desc.extra_info_digest) self.assertEqual(['2'], desc.hidden_service_dir) @@ -179,6 +180,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4= self.assertEqual(None, desc.circuit_protocols) self.assertEqual(True, desc.hibernating) self.assertEqual(False, desc.allow_single_hop_exits) + self.assertEqual(False, desc.allow_tunneled_dir_requests) self.assertEqual(False, desc.extra_info_cache) self.assertEqual(None, desc.extra_info_digest) self.assertEqual(None, desc.hidden_service_dir) @@ -225,6 +227,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4= self.assertEqual(['1'], desc.circuit_protocols) self.assertEqual(False, desc.hibernating) self.assertEqual(False, desc.allow_single_hop_exits) + self.assertEqual(False, desc.allow_tunneled_dir_requests) self.assertEqual(False, desc.extra_info_cache) self.assertEqual('56403D838DE152421CD401B8E57DAD4483A3D56B', desc.extra_info_digest) self.assertEqual(['2'], desc.hidden_service_dir) @@ -277,6 +280,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4= self.assertEqual(['1'], desc.circuit_protocols) self.assertEqual(False, desc.hibernating) self.assertEqual(False, desc.allow_single_hop_exits) + self.assertEqual(False, desc.allow_tunneled_dir_requests) self.assertEqual(False, desc.extra_info_cache) self.assertEqual('44E9B679AF0B4EB09296985BAF4066AE9CA5BB93', desc.extra_info_digest) self.assertEqual(['2'], desc.hidden_service_dir) @@ -376,6 +380,7 @@ Qlx9HNCqCY877ztFRC624ja2ql6A2hBcuoYMbkHjcQ4= self.assertEqual(['1'], desc.circuit_protocols) self.assertEqual(False, desc.hibernating) self.assertEqual(False, desc.allow_single_hop_exits) + self.assertEqual(False, desc.allow_tunneled_dir_requests) self.assertEqual(True, desc.extra_info_cache) self.assertEqual('BB1F13AA431421BEA29B840A2E33BB1C31C2990B', desc.extra_info_digest) self.assertEqual(None, desc.hidden_service_dir)

1 0

[stem/master] Sync with manual and fallback dir information
by atagar＠torproject.org 30 Jun '16

30 Jun '16

commit b53561e29cf212f3bde34a4c4d186918f311878f Author: Damian Johnson <atagar(a)torproject.org> Date: Thu Jun 30 09:47:31 2016 -0700 Sync with manual and fallback dir information Tor's had a few commits updating its manual and fallback directories. Getting back in sync with that information. --- stem/cached_tor_manual.cfg | 110 ++++++++++++++++++------------- stem/descriptor/fallback_directories.cfg | 52 +++------------ stem/settings.cfg | 13 ++-- 3 files changed, 79 insertions(+), 96 deletions(-) diff --git a/stem/cached_tor_manual.cfg b/stem/cached_tor_manual.cfg index 8753a92..dfdd31c 100644 --- a/stem/cached_tor_manual.cfg +++ b/stem/cached_tor_manual.cfg @@ -6,10 +6,11 @@ description |Basically, Tor provides a distributed network of servers or relays ("onion routers"). Users bounce their TCP streams -- web traffic, ftp, ssh, etc. -- around the network, and recipients, observers, and even the relays themselves have difficulty tracking the source of the stream. | |By default, tor will act as a client only. To help the network by providing bandwidth as a relay, change the ORPort configuration option -- see below. Please also consult the documentation on the Tor Project's website. -man_commit 7d6e7fdd0343c32a09c926e7094d43f6653baa4f -stem_commit 7bfc752b69972f7043b260651602b8cb7bc270c4 +man_commit c6846d7bf0d8a382bea17304ea29a51c3a895f90 +stem_commit 1c9727dc1117f6c94cc7b195760a31e48b57111a commandline_options -f FILE => Specify a new configuration file to contain further Tor configuration options OR pass - to make Tor read its configuration from standard input. (Default: @CONFDIR@/torrc, or $HOME/.torrc if that file is not found) commandline_options --ignore-missing-torrc => Specifies that Tor should treat a missing torrc file as though it were empty. Ordinarily, Tor does this for missing default torrc files, but not for those specified on the command line. +commandline_options --passphrase-fd FILEDES => Filedescriptor to read the passphrase from. Note that unlike with the tor-gencert program, the entire file contents are read and used as the passphrase, including any trailing newlines. Default: read from the terminal. commandline_options --list-fingerprint => Generate your keys and output your nickname and fingerprint. commandline_options --defaults-torrc FILE => Specify a file in which to find default values for Tor options. The contents of this file are overridden by those in the regular configuration file, and by those on the command line. (Default: @CONFDIR@/torrc-defaults.) commandline_options --allow-missing-torrc => Do not require that configuration file specified by -f exist if default torrc can be accessed. @@ -35,7 +36,12 @@ files DataDirectory/lock => This file is used to prevent two Tor instances from files DataDirectory/stats/dirreq-stats => Only used by directory caches and authorities. This file is used to collect directory request statistics. files DataDirectory/hashed-fingerprint => Only used by bridges. Holds the hashed fingerprint of the bridge's identity key. (That is, the hash of the hash of the identity key.) files @CONFDIR@/torrc => The configuration file, which contains "option value" pairs. +files DataDirectory/keys/secret_onion_key => A relay's RSA1024 short-term onion key. Used to decrypt old-style ("TAP") circuit extension requests. +files DataDirectory/keys/ed25519_master_id_secret_key => The private part of a relay's Ed25519 permanent identity key. This key is used to sign the medium-term ed25519 signing key. This file can be kept offline, or kept encrypted. If so, Tor will not be able to generate new signing keys itself; you'll need to use tor --keygen yourself to do so. files DataDirectory/cached-descriptors and cached-descriptors.new => These files hold downloaded router statuses. Some routers may appear more than once; if so, the most recently published descriptor is used. Lines beginning with @-signs are annotations that contain more information about a given router. The ".new" file is an append-only journal; when it gets too large, all entries are merged into a new cached-descriptors file. +files DataDirectory/keys/ed25519_master_id_public_key => The public part of a relay's Ed25519 permanent identity key. +files HiddenServiceDirectory/hostname => The <base32-encoded-fingerprint>.onion domain name for this hidden service. If the hidden service is restricted to authorized clients only, this file also contains authorization data for all clients. +files DataDirectory/keys/ed25519_signing_secret_key => The private and public components of a relay's medium-term Ed25519 signing key. This key is authenticated by the Ed25519 master key, in turn authenticates other keys (and router descriptors). files DataDirectory/cached-microdescs and cached-microdescs.new => These files hold downloaded microdescriptors. Lines beginning with @-signs are annotations that contain more information about a given router. The ".new" file is an append-only journal; when it gets too large, all entries are merged into a new cached-microdescs file. files DataDirectory/cached-certs => This file holds downloaded directory key certificates that are used to verify authenticity of documents generated by Tor directory authorities. files DataDirectory/unverified-microdesc-consensus => This file contains a microdescriptor-flavored network consensus document that has been downloaded, but which we didn't have the right certificates to check yet. @@ -45,7 +51,9 @@ files DataDirectory/fingerprint => Only used by servers. Holds the fingerprint o files DataDirectory/unverified-consensus => This file contains a network consensus document that has been downloaded, but which we didn't have the right certificates to check yet. files HiddenServiceDirectory/client_keys => Authorization data for a hidden service that is only accessible by authorized clients. files DataDirectory/unparseable-desc => Onion server descriptors that Tor was unable to parse are dumped to this file. Only used for debugging. -files DataDirectory/stats/conn-stats => Only used by servers. This file is used to collect approximate connection history (number of active connections over time). +files DataDirectory/keys/secret_id_key => A relay's RSA1024 permanent identity key, including private and public components. Used to sign router descriptors, and to sign other keys. +files DataDirectory/keys/authority_identity_key => A v3 directory authority's master identity key, used to authenticate its signing key. Tor doesn't use this while it's running. The tor-gencert program uses this. If you're running an authority, you should keep this key offline, and not actually put it here. +files DataDirectory/keys/legacy_signing_key => As authority_signing_key: used only when V3AuthUseLegacyKey is set. See documentation for V3AuthUseLegacyKey. files @LOCALSTATEDIR@/lib/tor/ => The tor process stores keys and other data here. files DataDirectory/cached-routers and cached-routers.new => Obsolete versions of cached-descriptors and cached-descriptors.new. When Tor can't find the newer files, it looks here instead. files DataDirectory/stats/entry-stats => Only used by servers. This file is used to collect incoming connection statistics by Tor entry nodes. @@ -57,10 +65,15 @@ files $HOME/.torrc => Fallback location for torrc, if @CONFDIR@/torrc is not fou files DataDirectory/networkstatus-bridges => Only used by authoritative bridge directories. Contains information about bridges that have self-reported themselves to the bridge authority. files HiddenServiceDirectory/private_key => The private key for this hidden service. files DataDirectory/cached-status/ => The most recently downloaded network status document for each authority. Each file holds one such document; the filenames are the hexadecimal identity key fingerprints of the directory authorities. Mostly obsolete. +files DataDirectory/keys/ed25519_signing_cert => The certificate which authenticates "ed25519_signing_secret_key" as having been signed by the Ed25519 master key. files DataDirectory/state => A set of persistent key-value mappings. These are documented in the file. These include: o The current entry guards and their status. o The current bandwidth accounting values (unused so far; see below). o When the file was last written o What version of Tor generated the state file o A short history of bandwidth usage, as produced in the server descriptors. +files DataDirectory/keys/secret_onion_key_ntor => A relay's Curve25519 short-term onion key. Used to handle modern ("ntor") circuit extension requests. files DataDirectory/bw_accounting => Used to track bandwidth accounting values (when the current period starts and ends; how much has been read and written so far this period). This file is obsolete, and the data is now stored in the 'state' file as well. Only used when bandwidth accounting is enabled. -files DataDirectory/v3-status-votes => Only for authoritative directory servers. This file contains status votes from all the authoritative directory servers and is used to generate the network consensus document. -files HiddenServiceDirectory/hostname => The <base32-encoded-fingerprint>.onion domain name for this hidden service. If the hidden service is restricted to authorized clients only, this file also contains authorization data for all clients. +files DataDirectory/v3-status-votes => Only for v3 authoritative directory servers. This file contains status votes from all the authoritative directory servers. +files DataDirectory/keys/legacy_certificate => As authority_certificate: used only when V3AuthUseLegacyKey is set. See documentation for V3AuthUseLegacyKey. +files DataDirectory/stats/conn-stats => Only used by servers. This file is used to collect approximate connection history (number of active connections over time). +files DataDirectory/keys/authority_certificate => A v3 directory authority's certificate, which authenticates the authority's current vote- and consensus-signing key using its master identity key. Only directory authorities use this file. +files DataDirectory/keys/authority_signing_key => A v3 directory authority's signing key, used to sign votes and consensuses. Only directory authorities use this file. Corresponds to the authority_certificate cert. files DataDirectory/control_auth_cookie => Used for cookie authentication with the controller. Location can be overridden by the CookieAuthFile config option. Regenerated on startup. See control-spec.txt in torspec for details. Only used when cookie authentication is enabled. config_options.AllowInvalidNodes.category Client config_options.AllowInvalidNodes.name AllowInvalidNodes @@ -207,7 +220,7 @@ config_options.MapAddress.name MapAddress config_options.MapAddress.usage address newaddress config_options.MapAddress.summary Alias mappings for address requests config_options.MapAddress.description -|When a request for address arrives to Tor, it will transform to newaddress before processing it. For example, if you always want connections to www.example.com to exit via torserver (where torserver is the nickname of the server), use "MapAddress www.example.com www.example.com.torserver.exit". If the value is prefixed with a "*.", matches an entire domain. For example, if you always want connections to example.com and any if its subdomains to exit via torserver (where torserver is the nickname of the server), use "MapAddress *.example.com *.example.com.torserver.exit". (Note the leading "*." in each part of the directive.) You can also redirect all subdomains of a domain to a single address. For example, "MapAddress *.example.com www.example.com". +|When a request for address arrives to Tor, it will transform to newaddress before processing it. For example, if you always want connections to www.example.com to exit via torserver (where torserver is the fingerprint of the server), use "MapAddress www.example.com www.example.com.torserver.exit". If the value is prefixed with a "*.", matches an entire domain. For example, if you always want connections to example.com and any if its subdomains to exit via torserver (where torserver is the fingerprint of the server), use "MapAddress *.example.com *.example.com.torserver.exit". (Note the leading "*." in each part of the directive.) You can also redirect all subdomains of a domain to a single address. For example, "MapAddress *.example.com www.example.com". | |NOTES: | @@ -545,7 +558,7 @@ config_options.Tor2webMode.category Client config_options.Tor2webMode.name Tor2webMode config_options.Tor2webMode.usage 0|1 config_options.Tor2webMode.summary Establish non-anonymous hidden service connections -config_options.Tor2webMode.description When this option is set, Tor connects to hidden services non-anonymously. This option also disables client connections to non-hidden-service hostnames through Tor. It must only be used when running a tor2web Hidden Service web proxy. To enable this option the compile time flag --enable-tor2webmode must be specified. (Default: 0) +config_options.Tor2webMode.description When this option is set, Tor connects to hidden services non-anonymously. This option also disables client connections to non-hidden-service hostnames through Tor. It must only be used when running a tor2web Hidden Service web proxy. To enable this option the compile time flag --enable-tor2web-mode must be specified. (Default: 0) config_options.Tor2webRendezvousPoints.category Client config_options.Tor2webRendezvousPoints.name Tor2webRendezvousPoints config_options.Tor2webRendezvousPoints.usage node,node,... @@ -655,6 +668,36 @@ config_options.PathsNeededToBuildCircuits.name PathsNeededToBuildCircuits config_options.PathsNeededToBuildCircuits.usage NUM config_options.PathsNeededToBuildCircuits.summary Portion of relays to require information for before making circuits config_options.PathsNeededToBuildCircuits.description Tor clients don't build circuits for user traffic until they know about enough of the network so that they could potentially construct enough of the possible paths through the network. If this option is set to a fraction between 0.25 and 0.95, Tor won't build circuits until it has enough descriptors or microdescriptors to construct that fraction of possible paths. Note that setting this option too low can make your Tor client less anonymous, and setting it too high can prevent your Tor client from bootstrapping. If this option is negative, Tor will use a default value chosen by the directory authorities. (Default: -1.) +config_options.ClientBootstrapConsensusAuthorityDownloadSchedule.category Client +config_options.ClientBootstrapConsensusAuthorityDownloadSchedule.name ClientBootstrapConsensusAuthorityDownloadSchedule +config_options.ClientBootstrapConsensusAuthorityDownloadSchedule.usage N,N,... +config_options.ClientBootstrapConsensusAuthorityDownloadSchedule.summary +config_options.ClientBootstrapConsensusAuthorityDownloadSchedule.description Schedule for when clients should download consensuses from authorities if they are bootstrapping (that is, they don't have a usable, reasonably live consensus). Only used by clients fetching from a list of fallback directory mirrors. This schedule is advanced by (potentially concurrent) connection attempts, unlike other schedules, which are advanced by connection failures. (Default: 10, 11, 3600, 10800, 25200, 54000, 111600, 262800) +config_options.ClientBootstrapConsensusFallbackDownloadSchedule.category Client +config_options.ClientBootstrapConsensusFallbackDownloadSchedule.name ClientBootstrapConsensusFallbackDownloadSchedule +config_options.ClientBootstrapConsensusFallbackDownloadSchedule.usage N,N,... +config_options.ClientBootstrapConsensusFallbackDownloadSchedule.summary +config_options.ClientBootstrapConsensusFallbackDownloadSchedule.description Schedule for when clients should download consensuses from fallback directory mirrors if they are bootstrapping (that is, they don't have a usable, reasonably live consensus). Only used by clients fetching from a list of fallback directory mirrors. This schedule is advanced by (potentially concurrent) connection attempts, unlike other schedules, which are advanced by connection failures. (Default: 0, 1, 4, 11, 3600, 10800, 25200, 54000, 111600, 262800) +config_options.ClientBootstrapConsensusAuthorityOnlyDownloadSchedule.category Client +config_options.ClientBootstrapConsensusAuthorityOnlyDownloadSchedule.name ClientBootstrapConsensusAuthorityOnlyDownloadSchedule +config_options.ClientBootstrapConsensusAuthorityOnlyDownloadSchedule.usage N,N,... +config_options.ClientBootstrapConsensusAuthorityOnlyDownloadSchedule.summary +config_options.ClientBootstrapConsensusAuthorityOnlyDownloadSchedule.description Schedule for when clients should download consensuses from authorities if they are bootstrapping (that is, they don't have a usable, reasonably live consensus). Only used by clients which don't have or won't fetch from a list of fallback directory mirrors. This schedule is advanced by (potentially concurrent) connection attempts, unlike other schedules, which are advanced by connection failures. (Default: 0, 3, 7, 3600, 10800, 25200, 54000, 111600, 262800) +config_options.ClientBootstrapConsensusMaxDownloadTries.category Client +config_options.ClientBootstrapConsensusMaxDownloadTries.name ClientBootstrapConsensusMaxDownloadTries +config_options.ClientBootstrapConsensusMaxDownloadTries.usage NUM +config_options.ClientBootstrapConsensusMaxDownloadTries.summary +config_options.ClientBootstrapConsensusMaxDownloadTries.description Try this many times to download a consensus while bootstrapping using fallback directory mirrors before giving up. (Default: 7) +config_options.ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.category Client +config_options.ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.name ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries +config_options.ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.usage NUM +config_options.ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.summary +config_options.ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.description Try this many times to download a consensus while bootstrapping using authorities before giving up. (Default: 4) +config_options.ClientBootstrapConsensusMaxInProgressTries.category Client +config_options.ClientBootstrapConsensusMaxInProgressTries.name ClientBootstrapConsensusMaxInProgressTries +config_options.ClientBootstrapConsensusMaxInProgressTries.usage NUM +config_options.ClientBootstrapConsensusMaxInProgressTries.summary +config_options.ClientBootstrapConsensusMaxInProgressTries.description Try this many simultaneous connections to download a consensus before waiting for one to complete, timeout, or error out. (Default: 4) config_options.DirPortFrontPage.category Directory config_options.DirPortFrontPage.name DirPortFrontPage config_options.DirPortFrontPage.usage FILENAME @@ -1010,6 +1053,11 @@ config_options.LogMessageDomains.name LogMessageDomains config_options.LogMessageDomains.usage 0|1 config_options.LogMessageDomains.summary Includes a domain when logging messages config_options.LogMessageDomains.description If 1, Tor includes message domains with each log message. Every log message currently has at least one domain; most currently have exactly one. This doesn't affect controller log messages. (Default: 0) +config_options.MaxUnparseableDescSizeToLog.category General +config_options.MaxUnparseableDescSizeToLog.name MaxUnparseableDescSizeToLog +config_options.MaxUnparseableDescSizeToLog.usage N bytes|KBytes|MBytes|GBytes +config_options.MaxUnparseableDescSizeToLog.summary +config_options.MaxUnparseableDescSizeToLog.description Unparseable descriptors (e.g. for votes, consensuses, routers) are logged in separate files by hash, up to the specified size in total. Note that only files logged during the lifetime of this Tor process count toward the total; this is intended to be used to debug problems without opening live servers to resource exhaustion attacks. (Default: 10 MB) config_options.OutboundBindAddress.category General config_options.OutboundBindAddress.name OutboundBindAddress config_options.OutboundBindAddress.usage IP @@ -1483,6 +1531,14 @@ config_options.TestingTorNetwork.description | AssumeReachable 1 | AuthDirMaxServersPerAddr 0 | AuthDirMaxServersPerAuthAddr 0 +| ClientBootstrapConsensusAuthorityDownloadSchedule 0, 2, +| 4 (for 40 seconds), 8, 16, 32, 60 +| ClientBootstrapConsensusFallbackDownloadSchedule 0, 1, +| 4 (for 40 seconds), 8, 16, 32, 60 +| ClientBootstrapConsensusAuthorityOnlyDownloadSchedule 0, 1, +| 4 (for 40 seconds), 8, 16, 32, 60 +| ClientBootstrapConsensusMaxDownloadTries 80 +| ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80 | ClientDNSRejectInternalAddresses 0 | ClientRejectInternalAddresses 0 | CountPrivateBandwidth 1 @@ -1501,18 +1557,10 @@ config_options.TestingTorNetwork.description | TestingClientDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60 | TestingServerConsensusDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60 | TestingClientConsensusDownloadSchedule 0, 0, 5, 10, 15, 20, 30, 60 -| TestingClientBootstrapConsensusAuthorityDownloadSchedule 0, 2, -| 4 (for 40 seconds), 8, 16, 32, 60 -| TestingClientBootstrapConsensusFallbackDownloadSchedule 0, 1, -| 4 (for 40 seconds), 8, 16, 32, 60 -| TestingClientBootstrapConsensusAuthorityOnlyDownloadSchedule 0, 1, -| 4 (for 40 seconds), 8, 16, 32, 60 | TestingBridgeDownloadSchedule 60, 30, 30, 60 | TestingClientMaxIntervalWithoutRequest 5 seconds | TestingDirConnectionMaxStall 30 seconds | TestingConsensusMaxDownloadTries 80 -| TestingClientBootstrapConsensusMaxDownloadTries 80 -| TestingClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80 | TestingDescriptorMaxDownloadTries 80 | TestingMicrodescMaxDownloadTries 80 | TestingCertMaxDownloadTries 80 @@ -1574,21 +1622,6 @@ config_options.TestingClientConsensusDownloadSchedule.name TestingClientConsensu config_options.TestingClientConsensusDownloadSchedule.usage N,N,... config_options.TestingClientConsensusDownloadSchedule.summary Schedule for when we should download the consensus as a client config_options.TestingClientConsensusDownloadSchedule.description Schedule for when clients should download consensuses. Changing this requires that TestingTorNetwork is set. (Default: 0, 0, 60, 300, 600, 1800, 3600, 3600, 3600, 10800, 21600, 43200) -config_options.TestingClientBootstrapConsensusAuthorityDownloadSchedule.category Testing -config_options.TestingClientBootstrapConsensusAuthorityDownloadSchedule.name TestingClientBootstrapConsensusAuthorityDownloadSchedule -config_options.TestingClientBootstrapConsensusAuthorityDownloadSchedule.usage N,N,... -config_options.TestingClientBootstrapConsensusAuthorityDownloadSchedule.summary Schedule when bootstrapping for when to download resources from authorities -config_options.TestingClientBootstrapConsensusAuthorityDownloadSchedule.description Schedule for when clients should download consensuses from authorities if they are bootstrapping (that is, they don't have a usable, reasonably live consensus). Only used by clients fetching from a list of fallback directory mirrors. This schedule is advanced by (potentially concurrent) connection attempts, unlike other schedules, which are advanced by connection failures. Changing this schedule requires that TestingTorNetwork is set. (Default: 10, 11, 3600, 10800, 25200, 54000, 111600, 262800) -config_options.TestingClientBootstrapConsensusFallbackDownloadSchedule.category Testing -config_options.TestingClientBootstrapConsensusFallbackDownloadSchedule.name TestingClientBootstrapConsensusFallbackDownloadSchedule -config_options.TestingClientBootstrapConsensusFallbackDownloadSchedule.usage N,N,... -config_options.TestingClientBootstrapConsensusFallbackDownloadSchedule.summary Schedule when bootstrapping for when to download resources from fallback authorities -config_options.TestingClientBootstrapConsensusFallbackDownloadSchedule.description Schedule for when clients should download consensuses from fallback directory mirrors if they are bootstrapping (that is, they don't have a usable, reasonably live consensus). Only used by clients fetching from a list of fallback directory mirrors. This schedule is advanced by (potentially concurrent) connection attempts, unlike other schedules, which are advanced by connection failures. Changing this schedule requires that TestingTorNetwork is set. (Default: 0, 1, 4, 11, 3600, 10800, 25200, 54000, 111600, 262800) -config_options.TestingClientBootstrapConsensusAuthorityOnlyDownloadSchedule.category Testing -config_options.TestingClientBootstrapConsensusAuthorityOnlyDownloadSchedule.name TestingClientBootstrapConsensusAuthorityOnlyDownloadSchedule -config_options.TestingClientBootstrapConsensusAuthorityOnlyDownloadSchedule.usage N,N,... -config_options.TestingClientBootstrapConsensusAuthorityOnlyDownloadSchedule.summary Schedule when bootstrapping for when to download resources from authorities when fallbacks unavailable -config_options.TestingClientBootstrapConsensusAuthorityOnlyDownloadSchedule.description Schedule for when clients should download consensuses from authorities if they are bootstrapping (that is, they don't have a usable, reasonably live consensus). Only used by clients which don't have or won't fetch from a list of fallback directory mirrors. This schedule is advanced by (potentially concurrent) connection attempts, unlike other schedules, which are advanced by connection failures. Changing this schedule requires that TestingTorNetwork is set. (Default: 0, 3, 7, 3600, 10800, 25200, 54000, 111600, 262800) config_options.TestingBridgeDownloadSchedule.category Testing config_options.TestingBridgeDownloadSchedule.name TestingBridgeDownloadSchedule config_options.TestingBridgeDownloadSchedule.usage N,N,... @@ -1609,21 +1642,6 @@ config_options.TestingConsensusMaxDownloadTries.name TestingConsensusMaxDownload config_options.TestingConsensusMaxDownloadTries.usage NUM config_options.TestingConsensusMaxDownloadTries.summary Retries for downloading the consensus config_options.TestingConsensusMaxDownloadTries.description Try this many times to download a consensus before giving up. Changing this requires that TestingTorNetwork is set. (Default: 8) -config_options.TestingClientBootstrapConsensusMaxDownloadTries.category Testing -config_options.TestingClientBootstrapConsensusMaxDownloadTries.name TestingClientBootstrapConsensusMaxDownloadTries -config_options.TestingClientBootstrapConsensusMaxDownloadTries.usage NUM -config_options.TestingClientBootstrapConsensusMaxDownloadTries.summary Number of times to attempt downloading consensus -config_options.TestingClientBootstrapConsensusMaxDownloadTries.description Try this many times to download a consensus while bootstrapping using fallback directory mirrors before giving up. Changing this requires that TestingTorNetwork is set. (Default: 7) -config_options.TestingClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.category Testing -config_options.TestingClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.name TestingClientBootstrapConsensusAuthorityOnlyMaxDownloadTries -config_options.TestingClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.usage NUM -config_options.TestingClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.summary Number of times to attempt downloading consensus from authorities -config_options.TestingClientBootstrapConsensusAuthorityOnlyMaxDownloadTries.description Try this many times to download a consensus while bootstrapping using authorities before giving up. Changing this requires that TestingTorNetwork is set. (Default: 4) -config_options.TestingClientBootstrapConsensusMaxInProgressTries.category Testing -config_options.TestingClientBootstrapConsensusMaxInProgressTries.name TestingClientBootstrapConsensusMaxInProgressTries -config_options.TestingClientBootstrapConsensusMaxInProgressTries.usage NUM -config_options.TestingClientBootstrapConsensusMaxInProgressTries.summary Number of consensus download requests to allow in-flight at once -config_options.TestingClientBootstrapConsensusMaxInProgressTries.description Try this many simultaneous connections to download a consensus before waiting for one to complete, timeout, or error out. Changing this requires that TestingTorNetwork is set. (Default: 4) config_options.TestingDescriptorMaxDownloadTries.category Testing config_options.TestingDescriptorMaxDownloadTries.name TestingDescriptorMaxDownloadTries config_options.TestingDescriptorMaxDownloadTries.usage NUM @@ -1736,7 +1754,7 @@ config_options.AuthoritativeDirectory.category Authority config_options.AuthoritativeDirectory.name AuthoritativeDirectory config_options.AuthoritativeDirectory.usage 0|1 config_options.AuthoritativeDirectory.summary Act as a directory authority -config_options.AuthoritativeDirectory.description When this option is set to 1, Tor operates as an authoritative directory server. Instead of caching the directory, it generates its own list of good servers, signs it, and sends that to the clients. Unless the clients already have you listed as a trusted directory, you probably do not want to set this option. Please coordinate with the other admins at tor-ops(a)torproject.org if you think you should be a directory. +config_options.AuthoritativeDirectory.description When this option is set to 1, Tor operates as an authoritative directory server. Instead of caching the directory, it generates its own list of good servers, signs it, and sends that to the clients. Unless the clients already have you listed as a trusted directory, you probably do not want to set this option. config_options.V3AuthoritativeDirectory.category Authority config_options.V3AuthoritativeDirectory.name V3AuthoritativeDirectory config_options.V3AuthoritativeDirectory.usage 0|1 diff --git a/stem/descriptor/fallback_directories.cfg b/stem/descriptor/fallback_directories.cfg index c896c5b..3e18d93 100644 --- a/stem/descriptor/fallback_directories.cfg +++ b/stem/descriptor/fallback_directories.cfg @@ -1,10 +1,5 @@ -tor_commit 1fd4340f827065485f8ce3fd03c5573f89880893 -stem_commit 7773234cbdd43e768babe6bb930303e4c13b74e3 -9504CB22EEB25D344DE63CB7A6F2C46F895C3686.address 46.101.102.71 -9504CB22EEB25D344DE63CB7A6F2C46F895C3686.or_port 443 -9504CB22EEB25D344DE63CB7A6F2C46F895C3686.dir_port 80 -9504CB22EEB25D344DE63CB7A6F2C46F895C3686.orport6_address 2a03:b0c0:3:d0::2ed:7001 -9504CB22EEB25D344DE63CB7A6F2C46F895C3686.orport6_port 9050 +tor_commit 26146dbe9eb2404274b7c51121710f3f3529c930 +stem_commit 1c9727dc1117f6c94cc7b195760a31e48b57111a 823AA81E277F366505545522CEDC2F529CE4DC3F.address 192.160.102.164 823AA81E277F366505545522CEDC2F529CE4DC3F.or_port 9001 823AA81E277F366505545522CEDC2F529CE4DC3F.dir_port 80 @@ -13,9 +8,6 @@ AEA43CB1E47BE5F8051711B2BF01683DB1568E05.or_port 443 AEA43CB1E47BE5F8051711B2BF01683DB1568E05.dir_port 80 AEA43CB1E47BE5F8051711B2BF01683DB1568E05.orport6_address 2001:41d0:a:74a::1 AEA43CB1E47BE5F8051711B2BF01683DB1568E05.orport6_port 443 -86C281AD135058238D7A337D546C902BE8505DDE.address 185.96.88.29 -86C281AD135058238D7A337D546C902BE8505DDE.or_port 443 -86C281AD135058238D7A337D546C902BE8505DDE.dir_port 80 8664DC892540F3C789DB37008236C096C871734D.address 163.172.138.22 8664DC892540F3C789DB37008236C096C871734D.or_port 443 8664DC892540F3C789DB37008236C096C871734D.dir_port 80 @@ -87,9 +79,6 @@ D5039E1EBFD96D9A3F9846BF99EC9F75EDDE902A.dir_port 9030 AE6A8C18E7499B586CD36246AC4BCAFFBBF93AB2.address 178.254.44.135 AE6A8C18E7499B586CD36246AC4BCAFFBBF93AB2.or_port 443 AE6A8C18E7499B586CD36246AC4BCAFFBBF93AB2.dir_port 80 -262B66AD25C79588AD1FC8ED0E966395B47E5C1D.address 51.254.215.121 -262B66AD25C79588AD1FC8ED0E966395B47E5C1D.or_port 443 -262B66AD25C79588AD1FC8ED0E966395B47E5C1D.dir_port 80 01A9258A46E97FF8B2CAC7910577862C14F2C524.address 193.171.202.146 01A9258A46E97FF8B2CAC7910577862C14F2C524.or_port 9001 01A9258A46E97FF8B2CAC7910577862C14F2C524.dir_port 9030 @@ -118,11 +107,6 @@ D64366987CB39F61AD21DBCF8142FA0577B92811.dir_port 9030 BC630CBBB518BE7E9F4E09712AB0269E9DC7D626.address 197.231.221.211 BC630CBBB518BE7E9F4E09712AB0269E9DC7D626.or_port 9001 BC630CBBB518BE7E9F4E09712AB0269E9DC7D626.dir_port 9030 -AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C.address 195.154.164.243 -AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C.or_port 443 -AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C.dir_port 80 -AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C.orport6_address 2001:bc8:399f:f000::1 -AC66FFA4AB35A59EBBF5BF4C70008BF24D8A7A5C.orport6_port 993 A10C4F666D27364036B562823E5830BC448E046A.address 171.25.193.77 A10C4F666D27364036B562823E5830BC448E046A.or_port 443 A10C4F666D27364036B562823E5830BC448E046A.dir_port 80 @@ -136,9 +120,6 @@ CBEFF7BA4A4062045133C053F2D70524D8BBE5BE.or_port 443 CBEFF7BA4A4062045133C053F2D70524D8BBE5BE.dir_port 80 CBEFF7BA4A4062045133C053F2D70524D8BBE5BE.orport6_address 2a03:b0c0:2:d0::b7:5001 CBEFF7BA4A4062045133C053F2D70524D8BBE5BE.orport6_port 443 -B87C84E38DAECFFFFDE98E5AEE5786AFDC748F2C.address 178.62.36.64 -B87C84E38DAECFFFFDE98E5AEE5786AFDC748F2C.or_port 9001 -B87C84E38DAECFFFFDE98E5AEE5786AFDC748F2C.dir_port 9030 EC413181CEB1C8EDC17608BBB177CD5FD8535E99.address 91.219.236.222 EC413181CEB1C8EDC17608BBB177CD5FD8535E99.or_port 443 EC413181CEB1C8EDC17608BBB177CD5FD8535E99.dir_port 80 @@ -148,9 +129,9 @@ EC413181CEB1C8EDC17608BBB177CD5FD8535E99.dir_port 80 C697612CA5AED06B8D829FCC6065B9287212CB2F.address 195.154.79.128 C697612CA5AED06B8D829FCC6065B9287212CB2F.or_port 443 C697612CA5AED06B8D829FCC6065B9287212CB2F.dir_port 80 -8B7F47AE1A5D954A3E58ACDE0865D09DBA5B738D.address 178.217.184.32 -8B7F47AE1A5D954A3E58ACDE0865D09DBA5B738D.or_port 443 -8B7F47AE1A5D954A3E58ACDE0865D09DBA5B738D.dir_port 9030 +DDD7871C1B7FA32CB55061E08869A236E61BDDF8.address 5.34.183.205 +DDD7871C1B7FA32CB55061E08869A236E61BDDF8.or_port 443 +DDD7871C1B7FA32CB55061E08869A236E61BDDF8.dir_port 80 CBD0D1BD110EC52963082D839AC6A89D0AE243E7.address 37.59.46.159 CBD0D1BD110EC52963082D839AC6A89D0AE243E7.or_port 9001 CBD0D1BD110EC52963082D839AC6A89D0AE243E7.dir_port 9030 @@ -173,28 +154,17 @@ FFA72BD683BC2FCF988356E6BEC1E490F313FB07.orport6_port 9001 5665A3904C89E22E971305EE8C1997BCA4123C69.address 94.23.204.175 5665A3904C89E22E971305EE8C1997BCA4123C69.or_port 9001 5665A3904C89E22E971305EE8C1997BCA4123C69.dir_port 9030 -8844D87E9B038BE3270938F05AF797E1D3C74C0F.address 93.180.156.84 -8844D87E9B038BE3270938F05AF797E1D3C74C0F.or_port 9001 -8844D87E9B038BE3270938F05AF797E1D3C74C0F.dir_port 9030 E781F4EC69671B3F1864AE2753E0890351506329.address 176.31.180.157 E781F4EC69671B3F1864AE2753E0890351506329.or_port 22 E781F4EC69671B3F1864AE2753E0890351506329.dir_port 143 E781F4EC69671B3F1864AE2753E0890351506329.orport6_address 2001:41d0:8:eb9d::1 E781F4EC69671B3F1864AE2753E0890351506329.orport6_port 22 -D62FB817B0288085FAC38A6DC8B36DCD85B70260.address 185.14.185.240 -D62FB817B0288085FAC38A6DC8B36DCD85B70260.or_port 443 -D62FB817B0288085FAC38A6DC8B36DCD85B70260.dir_port 9030 4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2.address 108.53.208.157 4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2.or_port 443 4F0DB7E687FC7C0AE55C8F243DA8B0EB27FBF1F2.dir_port 80 0BEA4A88D069753218EAAAD6D22EA87B9A1319D6.address 5.39.92.199 0BEA4A88D069753218EAAAD6D22EA87B9A1319D6.or_port 443 0BEA4A88D069753218EAAAD6D22EA87B9A1319D6.dir_port 80 -CFECDDCA990E3EF7B7EC958B22441386B6B8D820.address 81.7.17.171 -CFECDDCA990E3EF7B7EC958B22441386B6B8D820.or_port 443 -CFECDDCA990E3EF7B7EC958B22441386B6B8D820.dir_port 80 -CFECDDCA990E3EF7B7EC958B22441386B6B8D820.orport6_address 2a02:180:1:1::517:11ab -CFECDDCA990E3EF7B7EC958B22441386B6B8D820.orport6_port 443 92ECC9E0E2AF81BB954719B189AC362E254AD4A5.address 91.219.237.244 92ECC9E0E2AF81BB954719B189AC362E254AD4A5.or_port 443 92ECC9E0E2AF81BB954719B189AC362E254AD4A5.dir_port 80 @@ -217,9 +187,6 @@ D2A1703758A0FBBA026988B92C2F88BAB59F9361.dir_port 9030 DAA39FC00B196B353C2A271459C305C429AF09E4.address 193.35.52.53 DAA39FC00B196B353C2A271459C305C429AF09E4.or_port 9001 DAA39FC00B196B353C2A271459C305C429AF09E4.dir_port 9030 -DDD7871C1B7FA32CB55061E08869A236E61BDDF8.address 5.34.183.205 -DDD7871C1B7FA32CB55061E08869A236E61BDDF8.or_port 443 -DDD7871C1B7FA32CB55061E08869A236E61BDDF8.dir_port 80 E589316576A399C511A9781A73DA4545640B479D.address 46.252.26.2 E589316576A399C511A9781A73DA4545640B479D.or_port 49991 E589316576A399C511A9781A73DA4545640B479D.dir_port 45212 @@ -274,9 +241,9 @@ BF0FB582E37F738CD33C3651125F2772705BB8E8.orport6_port 9010 75F1992FD3F403E9C082A5815EB5D12934CDF46C.dir_port 9030 75F1992FD3F403E9C082A5815EB5D12934CDF46C.orport6_address 2a03:b0c0:3:d0::208:5001 75F1992FD3F403E9C082A5815EB5D12934CDF46C.orport6_port 9050 -855BC2DABE24C861CD887DB9B2E950424B49FC34.address 84.219.173.60 -855BC2DABE24C861CD887DB9B2E950424B49FC34.or_port 443 -855BC2DABE24C861CD887DB9B2E950424B49FC34.dir_port 9030 +8844D87E9B038BE3270938F05AF797E1D3C74C0F.address 93.180.156.84 +8844D87E9B038BE3270938F05AF797E1D3C74C0F.or_port 9001 +8844D87E9B038BE3270938F05AF797E1D3C74C0F.dir_port 9030 29F1020B94BE25E6BE1AD13E93CE19D2131B487C.address 194.150.168.79 29F1020B94BE25E6BE1AD13E93CE19D2131B487C.or_port 11111 29F1020B94BE25E6BE1AD13E93CE19D2131B487C.dir_port 11112 @@ -325,9 +292,6 @@ FCB6695F8F2DC240E974510A4B3A0F2B12AB5B64.dir_port 80 5525D0429BFE5DC4F1B0E9DE47A4CFA169661E33.address 5.175.233.86 5525D0429BFE5DC4F1B0E9DE47A4CFA169661E33.or_port 443 5525D0429BFE5DC4F1B0E9DE47A4CFA169661E33.dir_port 80 -5C4DF16A0029CC4F67D3E127356E68F219269859.address 185.100.85.138 -5C4DF16A0029CC4F67D3E127356E68F219269859.or_port 46356 -5C4DF16A0029CC4F67D3E127356E68F219269859.dir_port 80 B1726B94885CE3AC3910CA8B60622B97B98E2529.address 185.66.250.141 B1726B94885CE3AC3910CA8B60622B97B98E2529.or_port 9001 B1726B94885CE3AC3910CA8B60622B97B98E2529.dir_port 9030 diff --git a/stem/settings.cfg b/stem/settings.cfg index d08cc6e..b561f73 100644 --- a/stem/settings.cfg +++ b/stem/settings.cfg @@ -100,6 +100,7 @@ manual.summary.SocksSocketsGroupWritable Group write permissions for the socks s manual.summary.KeepalivePeriod Rate at which to send keepalive packets manual.summary.Log Runlevels and location for tor logging manual.summary.LogMessageDomains Includes a domain when logging messages +manual.summary.MaxUnparseableDescSizeToLog Size of the dedicated log for unparseable descriptors manual.summary.OutboundBindAddress Sets the IP used for connecting to tor manual.summary.PidFile Path for a file tor writes containing its process id manual.summary.ProtocolWarnings Toggles if protocol errors give warnings or not @@ -211,6 +212,12 @@ manual.summary.ClientUseIPv6 Allow IPv6 connections to guards and fetching conse manual.summary.ClientPreferIPv6DirPort Perfer relays with IPv6 when fetching consensus manual.summary.ClientPreferIPv6ORPort Prefer a guard's IPv6 rather than IPv4 endpoint manual.summary.PathsNeededToBuildCircuits Portion of relays to require information for before making circuits +manual.summary.ClientBootstrapConsensusAuthorityDownloadSchedule Schedule when bootstrapping for when to download resources from authorities +manual.summary.ClientBootstrapConsensusFallbackDownloadSchedule Schedule when bootstrapping for when to download resources from fallback authorities +manual.summary.ClientBootstrapConsensusAuthorityOnlyDownloadSchedule Schedule when bootstrapping for when to download resources from authorities when fallbacks unavailable +manual.summary.ClientBootstrapConsensusMaxDownloadTries Number of times to attempt downloading consensus +manual.summary.ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries Number of times to attempt downloading consensus from authorities +manual.summary.ClientBootstrapConsensusMaxInProgressTries Number of consensus download requests to allow in-flight at once # Server Config Options @@ -334,16 +341,10 @@ manual.summary.TestingServerDownloadSchedule Schedule for when we should downloa manual.summary.TestingClientDownloadSchedule Schedule for when we should download resources as a client manual.summary.TestingServerConsensusDownloadSchedule Schedule for when we should download the consensus as a relay manual.summary.TestingClientConsensusDownloadSchedule Schedule for when we should download the consensus as a client -manual.summary.TestingClientBootstrapConsensusAuthorityDownloadSchedule Schedule when bootstrapping for when to download resources from authorities -manual.summary.TestingClientBootstrapConsensusFallbackDownloadSchedule Schedule when bootstrapping for when to download resources from fallback authorities -manual.summary.TestingClientBootstrapConsensusAuthorityOnlyDownloadSchedule Schedule when bootstrapping for when to download resources from authorities when fallbacks unavailable manual.summary.TestingBridgeDownloadSchedule Schedule for when we should download bridge descriptors manual.summary.TestingClientMaxIntervalWithoutRequest Maximum time to wait to batch requests for missing descriptors manual.summary.TestingDirConnectionMaxStall Duration to let directory connections stall before timing out manual.summary.TestingConsensusMaxDownloadTries Retries for downloading the consensus -manual.summary.TestingClientBootstrapConsensusMaxDownloadTries Number of times to attempt downloading consensus -manual.summary.TestingClientBootstrapConsensusAuthorityOnlyMaxDownloadTries Number of times to attempt downloading consensus from authorities -manual.summary.TestingClientBootstrapConsensusMaxInProgressTries Number of consensus download requests to allow in-flight at once manual.summary.TestingDescriptorMaxDownloadTries Retries for downloading server descriptors manual.summary.TestingMicrodescMaxDownloadTries Retries for downloading microdescriptors manual.summary.TestingCertMaxDownloadTries Retries for downloading authority certificates

1 0