August 2019 - tor-commits - lists.torproject.org

[newsletter/master] Updates to capitalization
by hiro＠torproject.org 06 Aug '19

06 Aug '19

commit 67df5e5dcb123fa6a5e967f8be39d5c4c369d2f2 Author: hiro <hiro(a)torproject.org> Date: Tue Aug 6 08:21:01 2019 +0200 Updates to capitalization --- content/archive/defending-the-open-internet/contents.lr | 2 +- content/archive/defending-the-open-internet/text/contents.lr | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/content/archive/defending-the-open-internet/contents.lr b/content/archive/defending-the-open-internet/contents.lr index 555854d..… [View More]

1 0

[webwml/master] Change header and text in donate bitcoin
by hiro＠torproject.org 06 Aug '19

06 Aug '19

commit 6f5cfe589d7733ab418f3e3764c80d0119ccfca4 Author: hiro <hiro(a)torproject.org> Date: Tue Aug 6 08:16:24 2019 +0200 Change header and text in donate bitcoin --- donate/en/donate-options.wml | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/donate/en/donate-options.wml b/donate/en/donate-options.wml index 0d03951e..1319136a 100644 --- a/donate/en/donate-options.wml +++ b/donate/en/donate-options.wml @@ -36,14 +36,25 @@ form#makeDonation { … [View More]<a id="bitcoin"></a> <div class="hundred toptwenty"> <div class="dbox donate"> - <h3>Donate Bitcoin</h3> -<p>To donate Bitcoin to The Tor Project, please complete the form below. If you would like an acknowledgment from the Tor Project, please provide your email address. (Due to the current state of the Bitcoin market, our payment processor, Bitpay, will not allow us to accept donations of less than 5 USD. However, we can also accept donations, including smaller donations, through Bitcoin Cash. Send us a tip with <a href="https://twitter.com/tipprbot">@tipprbot</a> on Twitter!)</p> + <h3>Donate Bitcoin via BTCPayServer</h3> <form method="POST" action="https://fund.btcpayserver.org/api/v1/invoices" style="width:418px"> <input type="hidden" name="storeId" value="9Ac1k57DGMpL2QeYeqSiNcpq6tor6NAGgiuYYij3tPaE" /> <div style="text-align:center;display:inline;float:left;"><div><button style="cursor:pointer; font-size:25px; line-height: 25px; background: rgba(0,0,0,.1); height: 30px; width: 45px; border:none; border-radius: 60px; margin: auto;" onclick="event.preventDefault(); var price = parseInt(document.querySelector('#btcpay-input-price').value); if ('-' == '-' && (price - 1) < 1) { return; } document.querySelector('#btcpay-input-price').value = parseInt(document.querySelector('#btcpay-input-price').value) - 1;">-</button><input type="text" id="btcpay-input-price" name="price" min="1" max="20" step="1" value="10" style="border: none; background-image: none; background-color: transparent; -webkit-box-shadow: none ; -moz-box-shadow: none ; -webkit-appearance: none ; width: 3em; text-align: center; font-size: 25px; margin: auto; border-radius: 5px; line-height: 35px; background: #fff;" oninput="event.preventDefault();isNaN(event.target.value) || event.target.value <= 0 ? document.querySele ctor('#btcpay-input-price').value = 10 : event.target.value" /><button style="cursor:pointer; font-size:25px; line-height: 25px; background: rgba(0,0,0,.1); height: 30px; width: 45px; border:none; border-radius: 60px; margin: auto;" onclick="event.preventDefault(); var price = parseInt(document.querySelector('#btcpay-input-price').value); if ('+' == '-' && (price - 1) < 1) { return; } document.querySelector('#btcpay-input-price').value = parseInt(document.querySelector('#btcpay-input-price').value) + 1;">+</button></div><select onmouseover="this.style.border='solid #ccc 1px'; this.style.padding='0px'" onmouseout="this.style.border='0'; this.style.padding='1px'" onchange="document.querySelector('input[type = hidden][name = currency]').value = event.target.value" style="border: 0; display: block; padding: 1px; margin: auto auto 5px auto; font-size: 11px; background: 0 0; cursor: pointer;"><option value="USD">USD</option><option value="GBP">GBP</option><option value="EUR">EUR</optio n><option value="BTC">BTC</option></select></div> <input type="hidden" name="currency" value="USD" /> <input type="image" src="https://fund.btcpayserver.org/img/paybutton/pay.png" name="submit" style="width:209px" alt="Pay with BtcPay, Self-Hosted Bitcoin Payment Processor"> </form> + +<br /> + +<form method="POST" action=" sqgf7aihkpxwdtcb3zjf62jo63o5yqjckukioas3aropdmcay4ymepid.onion/apps/2xcGbmQoXHddtFPs5oYJJ79DCrFC/pos"> + <input type="hidden" name="amount" value="100" /> + <input type="hidden" name="email" value="customer(a)example.com" /> + <input type="hidden" name="orderId" value="CustomOrderId" /> + <input type="hidden" name="notificationUrl" value="https://example.com/callbacks" /> + <input type="hidden" name="redirectUrl" value="https://example.com/thanksyou" /> + <button type="submit">Donate via onion</button> +</form> + </div> </div>  [View Less]

1 0

[webwml/master] Add new bitpay widget
by hiro＠torproject.org 06 Aug '19

06 Aug '19

commit d35d4fe258c728c5b8324fc109b2dd5eae7768cb Author: hiro <hiro(a)torproject.org> Date: Tue Aug 6 08:12:47 2019 +0200 Add new bitpay widget --- donate/en/donate-options.wml | 63 +++++--------------------------------------- 1 file changed, 6 insertions(+), 57 deletions(-) diff --git a/donate/en/donate-options.wml b/donate/en/donate-options.wml index 06371bc9..0d03951e 100644 --- a/donate/en/donate-options.wml +++ b/donate/en/donate-options.wml @@ -38,63 +38,12 @@ form#… [View More]makeDonation { <div class="dbox donate"> <h3>Donate Bitcoin</h3> <p>To donate Bitcoin to The Tor Project, please complete the form below. If you would like an acknowledgment from the Tor Project, please provide your email address. (Due to the current state of the Bitcoin market, our payment processor, Bitpay, will not allow us to accept donations of less than 5 USD. However, we can also accept donations, including smaller donations, through Bitcoin Cash. Send us a tip with <a href="https://twitter.com/tipprbot">@tipprbot</a> on Twitter!)</p> - <form id="makeDonation" action="https://bitpay.com/checkout" method="post" onsubmit="return bp.validateMobileCheckoutForm($('#makeDonation'));"> - <input name="action" type="hidden" value="checkout"> - <fieldset class="phone-form well form-horizontal" style="margin-top: 5px;"> - <ul style="list-style: none;"> - <li id="orderID" class="control-group"> - <label class="control-label" style="width: 80px">Email:</label> - <input name="orderID" type="email" class="input input-xlarge" placeholder="Email address (optional)" maxlength=50 autocapitalize=off autocorrect=off><br> - </li> - <li id="price" class="control-group"> - <label class="control-label" style="width: 80px">Amount:</label> - <input name="price" type="number" class="noscroll" value="20" placeholder="Amount" maxlength="10" min="1" step="0.01" /> - <select name="currency" value="" > - <option value="USD" selected="selected">USD</option> - <option value="BTC">BTC</option> - <option value="EUR">EUR</option> - <option value="GBP">GBP</option> - <option value="AUD">AUD</option> - <option value="BGN">BGN</option> - <option value="BRL">BRL</option> - <option value="CAD">CAD</option> - <option value="CHF">CHF</option> - <option value="CNY">CNY</option> - <option value="CZK">CZK</option> - <option value="DKK">DKK</option> - <option value="HKD">HKD</option> - <option value="HRK">HRK</option> - <option value="HUF">HUF</option> - <option value="IDR">IDR</option> - <option value="ILS">ILS</option> - <option value="INR">INR</option> - <option value="JPY">JPY</option> - <option value="KRW">KRW</option> - <option value="LTL">LTL</option> - <option value="LVL">LVL</option> - <option value="MXN">MXN</option> - <option value="MYR">MYR</option> - <option value="NOK">NOK</option> - <option value="NZD">NZD</option> - <option value="PHP">PHP</option> - <option value="PLN">PLN</option> - <option value="RON">RON</option> - <option value="RUB">RUB</option> - <option value="SEK">SEK</option> - <option value="SGD">SGD</option> - <option value="THB">THB</option> - <option value="TRY">TRY</option> - <option value="ZAR">ZAR</option> - </select/> - </li> - </ul> - <br> - <input type="hidden" name="data" value="iH+sCoKQo5J52hkEzWcMi8+PRt78/89lcSU9GnapWfWL6thyubtDCahTUqa2JTlj6RQrQySkZAoFvK05yifMwfx5V87JJuoaDlHUsZR9ppzkklmzHpKJ4TG5M0zNVcKfNBfyopdfTFbzpOXM2FDppqmU7njsRUF1EZPa0K7SIxpv4lNKSPn1PyjVKVxjnpFE0AZ1Qa75VwZnS+rBNNfwxPsgSz+Oa2Twe226FmJJrLtPuBteFfHAIWh6QS5JnpOn4ScMFph0zjixutmunMAjKw=="> - <div style="margin: auto; width: 100%; text-align: center"> - <input name="submit" src="$(IMGROOT)/bitpay-donate-md.png" type="image" style="width: auto" alt="BitPay" border="0"> - </div> - </fieldset> - </form> +<form method="POST" action="https://fund.btcpayserver.org/api/v1/invoices" style="width:418px"> + <input type="hidden" name="storeId" value="9Ac1k57DGMpL2QeYeqSiNcpq6tor6NAGgiuYYij3tPaE" /> + <div style="text-align:center;display:inline;float:left;"><div><button style="cursor:pointer; font-size:25px; line-height: 25px; background: rgba(0,0,0,.1); height: 30px; width: 45px; border:none; border-radius: 60px; margin: auto;" onclick="event.preventDefault(); var price = parseInt(document.querySelector('#btcpay-input-price').value); if ('-' == '-' && (price - 1) < 1) { return; } document.querySelector('#btcpay-input-price').value = parseInt(document.querySelector('#btcpay-input-price').value) - 1;">-</button><input type="text" id="btcpay-input-price" name="price" min="1" max="20" step="1" value="10" style="border: none; background-image: none; background-color: transparent; -webkit-box-shadow: none ; -moz-box-shadow: none ; -webkit-appearance: none ; width: 3em; text-align: center; font-size: 25px; margin: auto; border-radius: 5px; line-height: 35px; background: #fff;" oninput="event.preventDefault();isNaN(event.target.value) || event.target.value <= 0 ? document.querySele ctor('#btcpay-input-price').value = 10 : event.target.value" /><button style="cursor:pointer; font-size:25px; line-height: 25px; background: rgba(0,0,0,.1); height: 30px; width: 45px; border:none; border-radius: 60px; margin: auto;" onclick="event.preventDefault(); var price = parseInt(document.querySelector('#btcpay-input-price').value); if ('+' == '-' && (price - 1) < 1) { return; } document.querySelector('#btcpay-input-price').value = parseInt(document.querySelector('#btcpay-input-price').value) + 1;">+</button></div><select onmouseover="this.style.border='solid #ccc 1px'; this.style.padding='0px'" onmouseout="this.style.border='0'; this.style.padding='1px'" onchange="document.querySelector('input[type = hidden][name = currency]').value = event.target.value" style="border: 0; display: block; padding: 1px; margin: auto auto 5px auto; font-size: 11px; background: 0 0; cursor: pointer;"><option value="USD">USD</option><option value="GBP">GBP</option><option value="EUR">EUR</optio n><option value="BTC">BTC</option></select></div> + <input type="hidden" name="currency" value="USD" /> + <input type="image" src="https://fund.btcpayserver.org/img/paybutton/pay.png" name="submit" style="width:209px" alt="Pay with BtcPay, Self-Hosted Bitcoin Payment Processor"> +</form> </div> </div>  [View Less]

1 0

[torspec/master] control-spec: Document logs that are not included in the Log event
by nickm＠torproject.org 05 Aug '19

05 Aug '19

commit e5ec0281872c38ba450801d4524f70cb3ab8291c Author: teor <teor(a)torproject.org> Date: Fri Aug 2 12:59:36 2019 +1000 control-spec: Document logs that are not included in the Log event Spec for 30901. --- control-spec.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/control-spec.txt b/control-spec.txt index ac6578a..97bee17 100644 --- a/control-spec.txt +++ b/control-spec.txt @@ -2267,6 +2267,14 @@ Severity = "DEBUG" / "INFO" / "NOTICE" / "WARN"/ … [View More]

1 0

[translation/support-portal_completed] Update translations for support-portal_completed
by translation＠torproject.org 05 Aug '19

05 Aug '19

commit aefb707150efde0a39d1abe927f4bd6e54502e7f Author: Translation commit bot <translation(a)torproject.org> Date: Mon Aug 5 15:21:15 2019 +0000 Update translations for support-portal_completed --- contents+de.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contents+de.po b/contents+de.po index 5f8fa1d1a..79e17df8e 100644 --- a/contents+de.po +++ b/contents+de.po @@ -3,9 +3,9 @@ # try once, 2019 # Oliver Baumann <inactive+baumanno(a)… [View More]

1 0

[translation/support-portal] Update translations for support-portal
by translation＠torproject.org 05 Aug '19

05 Aug '19

commit 3050aa6e518e5e69df445da2dd731e564c45a4ab Author: Translation commit bot <translation(a)torproject.org> Date: Mon Aug 5 15:21:07 2019 +0000 Update translations for support-portal --- contents+de.po | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/contents+de.po b/contents+de.po index 5f8fa1d1a..79e17df8e 100644 --- a/contents+de.po +++ b/contents+de.po @@ -3,9 +3,9 @@ # try once, 2019 # Oliver Baumann <inactive+baumanno(a)transifex.com>, … [View More]

1 0

[tor/master] Test that regular cells get ignored in padding circuits.
by nickm＠torproject.org 05 Aug '19

05 Aug '19

commit 1e970d17b8e028ec6bd2fa9e0d88dc54209e0523 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Jul 23 13:52:36 2019 +0300 Test that regular cells get ignored in padding circuits. --- src/core/or/relay.c | 8 +++----- src/core/or/relay.h | 5 +++++ src/test/test_circuitpadding.c | 26 ++++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 5 deletions(-) diff --git a/src/core/or/relay.c b/src/core/or/relay.c index 3b5aa2b66..ac3f2a8bb … [View More]100644 --- a/src/core/or/relay.c +++ b/src/core/or/relay.c @@ -1584,12 +1584,10 @@ process_sendme_cell(const relay_header_t *rh, const cell_t *cell, * unpacked by the parent function, and <b>optimistic_data</b> as set by the * parent function. */ -static int +STATIC int handle_relay_command(cell_t *cell, circuit_t *circ, - edge_connection_t *conn, - crypt_path_t *layer_hint, - relay_header_t *rh, - int optimistic_data) + edge_connection_t *conn, crypt_path_t *layer_hint, + relay_header_t *rh, int optimistic_data) { unsigned domain = layer_hint?LD_APP:LD_EXIT; int reason; diff --git a/src/core/or/relay.h b/src/core/or/relay.h index 79036f97b..d9e0d533f 100644 --- a/src/core/or/relay.h +++ b/src/core/or/relay.h @@ -99,6 +99,11 @@ circid_t packed_cell_get_circid(const packed_cell_t *cell, int wide_circ_ids); uint8_t packed_cell_get_command(const packed_cell_t *cell, int wide_circ_ids); #ifdef RELAY_PRIVATE +STATIC int +handle_relay_command(cell_t *cell, circuit_t *circ, + edge_connection_t *conn, crypt_path_t *layer_hint, + relay_header_t *rh, int optimistic_data); + STATIC int connected_cell_parse(const relay_header_t *rh, const cell_t *cell, tor_addr_t *addr_out, int *ttl_out); /** An address-and-ttl tuple as yielded by resolved_cell_parse */ diff --git a/src/test/test_circuitpadding.c b/src/test/test_circuitpadding.c index 236f4a192..8575e6ced 100644 --- a/src/test/test_circuitpadding.c +++ b/src/test/test_circuitpadding.c @@ -4,9 +4,11 @@ #define CIRCUITPADDING_MACHINES_PRIVATE #define NETWORKSTATUS_PRIVATE #define CRYPT_PATH_PRIVATE +#define RELAY_PRIVATE #include "core/or/or.h" #include "test/test.h" +#include "test/log_test_helpers.h" #include "lib/testsupport/testsupport.h" #include "core/or/connection_or.h" #include "core/or/channel.h" @@ -3152,6 +3154,29 @@ test_circuitpadding_hs_machines(void *arg) UNMOCK(circpad_machine_schedule_padding); } +/** Test that we effectively ignore non-padding cells in padding circuits. */ +static void +test_circuitpadding_ignore_non_padding_cells(void *arg) +{ + int retval; + relay_header_t rh; + + (void) arg; + + client_side = (circuit_t *)origin_circuit_new(); + client_side->purpose = CIRCUIT_PURPOSE_C_CIRCUIT_PADDING; + + rh.command = RELAY_COMMAND_BEGIN; + + setup_full_capture_of_logs(LOG_INFO); + retval = handle_relay_command(NULL, client_side, NULL, NULL, &rh, 0); + tt_int_op(retval, OP_EQ, 0); + expect_log_msg_containing("Ignored cell"); + + done: + ; +} + #define TEST_CIRCUITPADDING(name, flags) \ { #name, test_##name, (flags), NULL, NULL } @@ -3175,5 +3200,6 @@ struct testcase_t circuitpadding_tests[] = { TEST_CIRCUITPADDING(circuitpadding_token_removal_exact, TT_FORK), TEST_CIRCUITPADDING(circuitpadding_manage_circuit_lifetime, TT_FORK), TEST_CIRCUITPADDING(circuitpadding_hs_machines, TT_FORK), + TEST_CIRCUITPADDING(circuitpadding_ignore_non_padding_cells, TT_FORK), END_OF_TESTCASES }; [View Less]

1 0

[tor/master] Split connection_edge_process_relay_cell() in two functions.
by nickm＠torproject.org 05 Aug '19

05 Aug '19

commit 7a032c5e4838651b62b99938d56e94b4a6fc6197 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Jul 23 13:01:12 2019 +0300 Split connection_edge_process_relay_cell() in two functions. One function does the validation, the other does the handling. --- src/core/or/relay.c | 225 +++++++++++++++++++++++++++++----------------------- 1 file changed, 124 insertions(+), 101 deletions(-) diff --git a/src/core/or/relay.c b/src/core/or/relay.c index 9e691a02b..… [View More]84fc58787 100644 --- a/src/core/or/relay.c +++ b/src/core/or/relay.c @@ -1576,83 +1576,27 @@ process_sendme_cell(const relay_header_t *rh, const cell_t *cell, return 0; } -/** An incoming relay cell has arrived on circuit <b>circ</b>. If - * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is - * destined for <b>conn</b>. - * - * If <b>layer_hint</b> is defined, then we're the origin of the - * circuit, and it specifies the hop that packaged <b>cell</b>. +/** A helper for connection_edge_process_relay_cell(): Actually handles the + * cell that we received on the connection. * - * Return -reason if you want to warn and tear down the circuit, else 0. + * The arguments are the same as in the parent function + * connection_edge_process_relay_cell(), plus the relay header <b>rh</b> as + * unpacked by the parent function, and <b>optimistic_data</b> as set by the + * parent function. */ -STATIC int -connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, - edge_connection_t *conn, - crypt_path_t *layer_hint) +static int +handle_relay_command(cell_t *cell, circuit_t *circ, + edge_connection_t *conn, + crypt_path_t *layer_hint, + relay_header_t *rh, + int optimistic_data) { - static int num_seen=0; - relay_header_t rh; unsigned domain = layer_hint?LD_APP:LD_EXIT; int reason; - int optimistic_data = 0; /* Set to 1 if we receive data on a stream - * that's in the EXIT_CONN_STATE_RESOLVING - * or EXIT_CONN_STATE_CONNECTING states. */ - - tor_assert(cell); - tor_assert(circ); - - relay_header_unpack(&rh, cell->payload); -// log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id); - num_seen++; - log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).", - num_seen, rh.command, rh.stream_id); - if (rh.length > RELAY_PAYLOAD_SIZE) { - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Relay cell length field too long. Closing circuit."); - return - END_CIRC_REASON_TORPROTOCOL; - } - - if (rh.stream_id == 0) { - switch (rh.command) { - case RELAY_COMMAND_BEGIN: - case RELAY_COMMAND_CONNECTED: - case RELAY_COMMAND_END: - case RELAY_COMMAND_RESOLVE: - case RELAY_COMMAND_RESOLVED: - case RELAY_COMMAND_BEGIN_DIR: - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %d with zero " - "stream_id. Dropping.", (int)rh.command); - return 0; - default: - ; - } - } - - /* Tell circpad that we've received a recognized cell */ - circpad_deliver_recognized_relay_cell_events(circ, rh.command, layer_hint); - - /* either conn is NULL, in which case we've got a control cell, or else - * conn points to the recognized stream. */ - if (conn && !connection_state_is_open(TO_CONN(conn))) { - if (conn->base_.type == CONN_TYPE_EXIT && - (conn->base_.state == EXIT_CONN_STATE_CONNECTING || - conn->base_.state == EXIT_CONN_STATE_RESOLVING) && - rh.command == RELAY_COMMAND_DATA) { - /* Allow DATA cells to be delivered to an exit node in state - * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING. - * This speeds up HTTP, for example. */ - optimistic_data = 1; - } else if (rh.stream_id == 0 && rh.command == RELAY_COMMAND_DATA) { - log_warn(LD_BUG, "Somehow I had a connection that matched a " - "data cell with stream ID 0."); - } else { - return connection_edge_process_relay_cell_not_open( - &rh, cell, circ, conn, layer_hint); - } - } + tor_assert(rh); - switch (rh.command) { + switch (rh->command) { case RELAY_COMMAND_DROP: /* Already examined in circpad_deliver_recognized_relay_cell_events */ return 0; @@ -1661,7 +1605,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, return 0; case RELAY_COMMAND_PADDING_NEGOTIATED: if (circpad_handle_padding_negotiated(circ, cell, layer_hint) == 0) - circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh.length); + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length); return 0; } @@ -1694,7 +1638,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, "Begin cell for known stream. Dropping."); return 0; } - if (rh.command == RELAY_COMMAND_BEGIN_DIR && + if (rh->command == RELAY_COMMAND_BEGIN_DIR && circ->purpose != CIRCUIT_PURPOSE_S_REND_JOINED) { /* Assign this circuit and its app-ward OR connection a unique ID, * so that we can measure download times. The local edge and dir @@ -1721,7 +1665,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, /* Consider sending a circuit-level SENDME cell. */ sendme_circuit_consider_sending(circ, layer_hint); - if (rh.stream_id == 0) { + if (rh->stream_id == 0) { log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay data cell with zero " "stream_id. Dropping."); return 0; @@ -1729,16 +1673,16 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, if (CIRCUIT_IS_ORIGIN(circ)) { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); if (connection_half_edge_is_valid_data(ocirc->half_streams, - rh.stream_id)) { - circuit_read_valid_data(ocirc, rh.length); + rh->stream_id)) { + circuit_read_valid_data(ocirc, rh->length); log_info(domain, "data cell on circ %u valid on half-closed " - "stream id %d", ocirc->global_identifier, rh.stream_id); + "stream id %d", ocirc->global_identifier, rh->stream_id); } } log_info(domain,"data cell dropped, unknown stream (streamid %d).", - rh.stream_id); + rh->stream_id); return 0; } @@ -1753,13 +1697,13 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, return -END_CIRC_REASON_TORPROTOCOL; } /* Total all valid application bytes delivered */ - if (CIRCUIT_IS_ORIGIN(circ) && rh.length > 0) { - circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh.length); + if (CIRCUIT_IS_ORIGIN(circ) && rh->length > 0) { + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length); } - stats_n_data_bytes_received += rh.length; + stats_n_data_bytes_received += rh->length; connection_buf_add((char*)(cell->payload + RELAY_HEADER_SIZE), - rh.length, TO_CONN(conn)); + rh->length, TO_CONN(conn)); #ifdef MEASUREMENTS_21206 /* Count number of RELAY_DATA cells received on a linked directory @@ -1780,20 +1724,20 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, return 0; case RELAY_COMMAND_END: - reason = rh.length > 0 ? + reason = rh->length > 0 ? get_uint8(cell->payload+RELAY_HEADER_SIZE) : END_STREAM_REASON_MISC; if (!conn) { if (CIRCUIT_IS_ORIGIN(circ)) { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); if (connection_half_edge_is_valid_end(ocirc->half_streams, - rh.stream_id)) { + rh->stream_id)) { - circuit_read_valid_data(ocirc, rh.length); + circuit_read_valid_data(ocirc, rh->length); log_info(domain, "end cell (%s) on circ %u valid on half-closed " "stream id %d", stream_end_reason_to_string(reason), - ocirc->global_identifier, rh.stream_id); + ocirc->global_identifier, rh->stream_id); return 0; } } @@ -1825,7 +1769,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, /* Total all valid application bytes delivered */ if (CIRCUIT_IS_ORIGIN(circ)) { - circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh.length); + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length); } } return 0; @@ -1833,7 +1777,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, case RELAY_COMMAND_EXTEND2: { static uint64_t total_n_extend=0, total_nonearly=0; total_n_extend++; - if (rh.stream_id) { + if (rh->stream_id) { log_fn(LOG_PROTOCOL_WARN, domain, "'extend' cell received for non-zero stream. Dropping."); return 0; @@ -1874,9 +1818,9 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, log_debug(domain,"Got an extended cell! Yay."); { extended_cell_t extended_cell; - if (extended_cell_parse(&extended_cell, rh.command, + if (extended_cell_parse(&extended_cell, rh->command, (const uint8_t*)cell->payload+RELAY_HEADER_SIZE, - rh.length)<0) { + rh->length)<0) { log_warn(LD_PROTOCOL, "Can't parse EXTENDED cell; killing circuit."); return -END_CIRC_REASON_TORPROTOCOL; @@ -1894,7 +1838,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, } /* Total all valid bytes delivered. */ if (CIRCUIT_IS_ORIGIN(circ)) { - circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh.length); + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length); } return 0; case RELAY_COMMAND_TRUNCATE: @@ -1938,7 +1882,7 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, * circuit is being torn down anyway, though. */ if (CIRCUIT_IS_ORIGIN(circ)) { circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), - rh.length); + rh->length); } circuit_truncated(TO_ORIGIN_CIRCUIT(circ), get_uint8(cell->payload + RELAY_HEADER_SIZE)); @@ -1953,11 +1897,11 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, if (CIRCUIT_IS_ORIGIN(circ)) { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); if (connection_half_edge_is_valid_connected(ocirc->half_streams, - rh.stream_id)) { - circuit_read_valid_data(ocirc, rh.length); + rh->stream_id)) { + circuit_read_valid_data(ocirc, rh->length); log_info(domain, "connected cell on circ %u valid on half-closed " - "stream id %d", ocirc->global_identifier, rh.stream_id); + "stream id %d", ocirc->global_identifier, rh->stream_id); return 0; } } @@ -1965,10 +1909,10 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, log_info(domain, "'connected' received on circid %u for streamid %d, " "no conn attached anymore. Ignoring.", - (unsigned)circ->n_circ_id, rh.stream_id); + (unsigned)circ->n_circ_id, rh->stream_id); return 0; case RELAY_COMMAND_SENDME: - return process_sendme_cell(&rh, cell, circ, conn, layer_hint, domain); + return process_sendme_cell(rh, cell, circ, conn, layer_hint, domain); case RELAY_COMMAND_RESOLVE: if (layer_hint) { log_fn(LOG_PROTOCOL_WARN, LD_APP, @@ -1996,11 +1940,11 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, if (CIRCUIT_IS_ORIGIN(circ)) { origin_circuit_t *ocirc = TO_ORIGIN_CIRCUIT(circ); if (connection_half_edge_is_valid_resolved(ocirc->half_streams, - rh.stream_id)) { - circuit_read_valid_data(ocirc, rh.length); + rh->stream_id)) { + circuit_read_valid_data(ocirc, rh->length); log_info(domain, "resolved cell on circ %u valid on half-closed " - "stream id %d", ocirc->global_identifier, rh.stream_id); + "stream id %d", ocirc->global_identifier, rh->stream_id); return 0; } } @@ -2018,17 +1962,96 @@ connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, case RELAY_COMMAND_INTRO_ESTABLISHED: case RELAY_COMMAND_RENDEZVOUS_ESTABLISHED: rend_process_relay_cell(circ, layer_hint, - rh.command, rh.length, + rh->command, rh->length, cell->payload+RELAY_HEADER_SIZE); return 0; } log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Received unknown relay command %d. Perhaps the other side is using " "a newer version of Tor? Dropping.", - rh.command); + rh->command); return 0; /* for forward compatibility, don't kill the circuit */ } +/** An incoming relay cell has arrived on circuit <b>circ</b>. If + * <b>conn</b> is NULL this is a control cell, else <b>cell</b> is + * destined for <b>conn</b>. + * + * If <b>layer_hint</b> is defined, then we're the origin of the + * circuit, and it specifies the hop that packaged <b>cell</b>. + * + * Return -reason if you want to warn and tear down the circuit, else 0. + */ +STATIC int +connection_edge_process_relay_cell(cell_t *cell, circuit_t *circ, + edge_connection_t *conn, + crypt_path_t *layer_hint) +{ + static int num_seen=0; + relay_header_t rh; + unsigned domain = layer_hint?LD_APP:LD_EXIT; + int optimistic_data = 0; /* Set to 1 if we receive data on a stream + * that's in the EXIT_CONN_STATE_RESOLVING + * or EXIT_CONN_STATE_CONNECTING states. */ + + tor_assert(cell); + tor_assert(circ); + + relay_header_unpack(&rh, cell->payload); +// log_fn(LOG_DEBUG,"command %d stream %d", rh.command, rh.stream_id); + num_seen++; + log_debug(domain, "Now seen %d relay cells here (command %d, stream %d).", + num_seen, rh.command, rh.stream_id); + + if (rh.length > RELAY_PAYLOAD_SIZE) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Relay cell length field too long. Closing circuit."); + return - END_CIRC_REASON_TORPROTOCOL; + } + + if (rh.stream_id == 0) { + switch (rh.command) { + case RELAY_COMMAND_BEGIN: + case RELAY_COMMAND_CONNECTED: + case RELAY_COMMAND_END: + case RELAY_COMMAND_RESOLVE: + case RELAY_COMMAND_RESOLVED: + case RELAY_COMMAND_BEGIN_DIR: + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Relay command %d with zero " + "stream_id. Dropping.", (int)rh.command); + return 0; + default: + ; + } + } + + /* Tell circpad that we've received a recognized cell */ + circpad_deliver_recognized_relay_cell_events(circ, rh.command, layer_hint); + + /* either conn is NULL, in which case we've got a control cell, or else + * conn points to the recognized stream. */ + if (conn && !connection_state_is_open(TO_CONN(conn))) { + if (conn->base_.type == CONN_TYPE_EXIT && + (conn->base_.state == EXIT_CONN_STATE_CONNECTING || + conn->base_.state == EXIT_CONN_STATE_RESOLVING) && + rh.command == RELAY_COMMAND_DATA) { + /* Allow DATA cells to be delivered to an exit node in state + * EXIT_CONN_STATE_CONNECTING or EXIT_CONN_STATE_RESOLVING. + * This speeds up HTTP, for example. */ + optimistic_data = 1; + } else if (rh.stream_id == 0 && rh.command == RELAY_COMMAND_DATA) { + log_warn(LD_BUG, "Somehow I had a connection that matched a " + "data cell with stream ID 0."); + } else { + return connection_edge_process_relay_cell_not_open( + &rh, cell, circ, conn, layer_hint); + } + } + + return handle_relay_command(cell, circ, conn, layer_hint, + &rh, optimistic_data); +} + /** How many relay_data cells have we built, ever? */ uint64_t stats_n_data_cells_packaged = 0; /** How many bytes of data have we put in relay_data cells have we built, [View Less]

1 0

[tor/master] Ignore regular cells in padding circuits.
by nickm＠torproject.org 05 Aug '19

05 Aug '19

commit ce477da8a7969964810fb16502073d5f34e58692 Author: George Kadianakis <desnacked(a)riseup.net> Date: Tue Jul 23 13:17:37 2019 +0300 Ignore regular cells in padding circuits. Padding circuits were regular cells that got closed before their padding machine could finish. This means that they can still receive regular cells from their past life, but they have no way or reason to answer them anymore. Hence let's ignore them before they even get to the proper … [View More]subsystems. --- scripts/maint/practracker/exceptions.txt | 6 +++--- src/core/or/circuitpadding.c | 37 ++++++++++++++++++++++++++++++++ src/core/or/circuitpadding.h | 4 ++++ src/core/or/relay.c | 25 ++++++--------------- 4 files changed, 50 insertions(+), 22 deletions(-) diff --git a/scripts/maint/practracker/exceptions.txt b/scripts/maint/practracker/exceptions.txt index 642ae467f..d437726fe 100644 --- a/scripts/maint/practracker/exceptions.txt +++ b/scripts/maint/practracker/exceptions.txt @@ -84,7 +84,7 @@ problem function-size /src/core/or/circuitlist.c:circuit_about_to_free() 120 problem function-size /src/core/or/circuitlist.c:circuits_handle_oom() 117 problem function-size /src/core/or/circuitmux.c:circuitmux_set_policy() 109 problem function-size /src/core/or/circuitmux.c:circuitmux_attach_circuit() 113 -problem file-size /src/core/or/circuitpadding.c 3006 +problem file-size /src/core/or/circuitpadding.c 3043 problem function-size /src/core/or/circuitpadding.c:circpad_machine_schedule_padding() 107 problem function-size /src/core/or/circuitpadding_machines.c:circpad_machine_relay_hide_intro_circuits() 103 problem function-size /src/core/or/circuitpadding_machines.c:circpad_machine_client_hide_rend_circuits() 112 @@ -117,12 +117,12 @@ problem function-size /src/core/or/connection_or.c:connection_or_compute_authent problem file-size /src/core/or/policies.c 3249 problem function-size /src/core/or/policies.c:policy_summarize() 107 problem function-size /src/core/or/protover.c:protover_all_supported() 117 -problem file-size /src/core/or/relay.c 3244 +problem file-size /src/core/or/relay.c 3263 problem function-size /src/core/or/relay.c:circuit_receive_relay_cell() 126 problem function-size /src/core/or/relay.c:relay_send_command_from_edge_() 109 problem function-size /src/core/or/relay.c:connection_ap_process_end_not_open() 192 problem function-size /src/core/or/relay.c:connection_edge_process_relay_cell_not_open() 137 -problem function-size /src/core/or/relay.c:connection_edge_process_relay_cell() 428 +problem function-size /src/core/or/relay.c:handle_relay_cell_command() 369 problem function-size /src/core/or/relay.c:connection_edge_package_raw_inbuf() 128 problem function-size /src/core/or/relay.c:circuit_resume_edge_reading_helper() 146 problem function-size /src/core/or/scheduler_kist.c:kist_scheduler_run() 171 diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c index 460f72c17..9ccad8744 100644 --- a/src/core/or/circuitpadding.c +++ b/src/core/or/circuitpadding.c @@ -1791,6 +1791,43 @@ circpad_cell_event_nonpadding_sent(circuit_t *on_circ) } FOR_EACH_ACTIVE_CIRCUIT_MACHINE_END; } +/** Check if this cell or circuit are related to circuit padding and handle + * them if so. Return 0 if the cell was handled in this subsystem and does + * not need any other consideration, otherwise return 1. + */ +int +circpad_check_received_cell(cell_t *cell, circuit_t *circ, + crypt_path_t *layer_hint, + const relay_header_t *rh) +{ + unsigned domain = layer_hint?LD_APP:LD_EXIT; + + /* First handle the padding commands, since we want to ignore any other + * commands if this circuit is padding-specific. */ + switch (rh->command) { + case RELAY_COMMAND_DROP: + /* Already examined in circpad_deliver_recognized_relay_cell_events */ + return 0; + case RELAY_COMMAND_PADDING_NEGOTIATE: + circpad_handle_padding_negotiate(circ, cell); + return 0; + case RELAY_COMMAND_PADDING_NEGOTIATED: + if (circpad_handle_padding_negotiated(circ, cell, layer_hint) == 0) + circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length); + return 0; + } + + /* If this is a padding circuit we don't need to parse any other commands + * than the padding ones. Just drop them to the floor. */ + if (circ->purpose == CIRCUIT_PURPOSE_C_CIRCUIT_PADDING) { + log_info(domain, "Ignored cell (%d) that arrived in padding circuit.", + rh->command); + return 0; + } + + return 1; +} + /** * A "non-padding" cell has been received by this endpoint. React * according to any padding state machines on the circuit. diff --git a/src/core/or/circuitpadding.h b/src/core/or/circuitpadding.h index fc2e595c0..e9eb32c61 100644 --- a/src/core/or/circuitpadding.h +++ b/src/core/or/circuitpadding.h @@ -734,6 +734,10 @@ bool circpad_padding_negotiated(struct circuit_t *circ, circpad_purpose_mask_t circpad_circ_purpose_to_mask(uint8_t circ_purpose); +int circpad_check_received_cell(cell_t *cell, circuit_t *circ, + crypt_path_t *layer_hint, + const relay_header_t *rh); + MOCK_DECL(circpad_decision_t, circpad_machine_schedule_padding,(circpad_machine_runtime_t *)); diff --git a/src/core/or/relay.c b/src/core/or/relay.c index 84fc58787..3b5aa2b66 100644 --- a/src/core/or/relay.c +++ b/src/core/or/relay.c @@ -1596,28 +1596,15 @@ handle_relay_command(cell_t *cell, circuit_t *circ, tor_assert(rh); - switch (rh->command) { - case RELAY_COMMAND_DROP: - /* Already examined in circpad_deliver_recognized_relay_cell_events */ - return 0; - case RELAY_COMMAND_PADDING_NEGOTIATE: - circpad_handle_padding_negotiate(circ, cell); - return 0; - case RELAY_COMMAND_PADDING_NEGOTIATED: - if (circpad_handle_padding_negotiated(circ, cell, layer_hint) == 0) - circuit_read_valid_data(TO_ORIGIN_CIRCUIT(circ), rh->length); - return 0; - } - - /* If this is a padding circuit we don't need to parse any other commands - * than the padding ones. Just drop them to the floor. */ - if (circ->purpose == CIRCUIT_PURPOSE_C_CIRCUIT_PADDING) { - log_info(domain, "Ignored cell (%d) that arrived in padding circuit.", - rh.command); + /* First pass the cell to the circuit padding subsystem, in case it's a + * padding cell or circuit that should be handled there. */ + if (circpad_check_received_cell(cell, circ, layer_hint, rh) == 0) { + log_debug(domain, "Cell handled as circuit padding"); return 0; } - switch (rh.command) { + /* Now handle all the other commands */ + switch (rh->command) { case RELAY_COMMAND_BEGIN: case RELAY_COMMAND_BEGIN_DIR: if (layer_hint && [View Less]

1 0

[tor/master] Rename handle_relay_command to handle_relay_cell_command .
by nickm＠torproject.org 05 Aug '19

05 Aug '19

commit 82488121882040f6831be554a21629c1428f8031 Author: George Kadianakis <desnacked(a)riseup.net> Date: Fri Aug 2 12:35:38 2019 +0300 Rename handle_relay_command to handle_relay_cell_command . As per David's review. --- src/core/or/relay.c | 4 ++-- src/core/or/relay.h | 2 +- src/test/test_circuitpadding.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/core/or/relay.c b/src/core/or/relay.c index ac3f2a8bb..98d5b416f … [View More]

1 0