tor-commits October 2020

tor-commits@lists.torproject.org

17 participants
2274 discussions

[tor-browser-build/master] Fold in 10.0a9 changelog
by sysrqb＠torproject.org 27 Oct '20

27 Oct '20

commit e82520103023dca58361811a6d96043a87550986 Author: Matthew Finkel <sysrqb(a)torproject.org> Date: Tue Oct 27 22:30:55 2020 +0000 Fold in 10.0a9 changelog --- .../tor-browser/Bundle-Data/Docs/ChangeLog.txt | 50 ++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt index a95a67d..5f9e6ef 100644 --- a/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt +++ b/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt @@ -1,3 +1,53 @@ +Tor Browser 10.0a9 -- October 26 2020 + * Android + * Update Fenix to 82.1.1 + * Update NoScript to 11.1.3 + * Update OpenSSL to 1.1.1h + * Bug 30605: Honor privacy.spoof_english + * Bug 40003: Block starting Tor when setup is not complete [tor-android-service] + * Bug 40004: "Tor Browser" string is used instead of "Alpha"/"Nightly" for non en-US locales [tor-android-service] + * Bug 40016: Allow inheriting from AddonCollectionProvider [android-components] + * Bug 40017: Rebase android-components patches to 60 [android-components] + * Bug 40019: Expose spoofEnglish pref [android-components] + * Bug 40020: Disable third-party cookies [android-components] + * Bug 40021: Force telemetry=false in Fennec settings migration [android-components] + * Bug 40022: Migrate tor security settings [android-components] + * Bug 40023: Stop Private Notification Service [android-components] + * Bug 40024: Disable tracking protection by default [android-components] + * Bug 40050: Rebase Fenix patches to Fenix 82 [fenix] + * Bug 40053: Select your security settings panel on start page is confusing [fenix] + * Bug 40058: Disabling/Enabling addon still shows option to disallow in private mode [fenix] + * Bug 40062: HTTPS Everywhere is not shown as installed [fenix] + * Bug 40068: Tor Service closes when changing theme [fenix] + * Bug 40071: Show only supported locales [fenix] + * Bug 40073: Use correct branding on About page [fenix] + * Bug 40076: "Explore privately" not visible [fenix] + * Bug 40078: Crash at Android startup from background service [fenix] + * Bug 40082: Security level is reset when the app is killed [fenix] + * Bug 40083: Locale ordering in BuildConfig is non-deterministic [fenix] + * Bug 40087: Implement a switch for english locale spoofing [fenix] + * Bug 40088: Use Tor Browser logo in migration screen [fenix] + * Bug 40094: Do not use MasterPasswordTipProvider in HomeFragment [fenix] + * Bug 40095: Hide "Sign in to sync" in bookmarks [fenix] + * Bug 40097: Bump allowed_addons.json [fenix] + * Bug 40133: Rebase tor-browser patches to 82.0b1 [tor-browser] + * Bug 40166: Disable security.certerrors.mitm.auto_enable_enterprise_roots [tor-browser] + * Bug 40198: Expose privacy.spoof_english pref [tor-browser] + * Bug 40199: Avoid using system locale for intl.accept_languages [tor-browser] + * Translations update + * Build System + * Android + * Update Go to 1.14.10 + * Bug 34360: Bump binutils version to 2.35.1 + * Bug 40097: Update toolchain for Fenix 82 [tor-browser-build] + * Bug 40108: Package tooling-glean-gradle archive, too [tor-browser-build] + * Bug 40115: Update components for switch to mozilla82-based Fenix [tor-browser-build] + * Bug 40121: Use updated glean_parser for application-services as well [tor-browser-build] + * Bug 40124: Remove unused torbrowser-android-all (and related) targets [tor-browser-build] + * Bug 40125: Remove fenix-* projects [tor-browser-build] + * Bug 40129: application-services is missing rustc in PATH [tor-browser-build] + * Bug 40130: More mobile clean-up [tor-browser-build] + Tor Browser 10.5a2 -- October 20 2020 * Windows + OS X + Linux * Update Firefox to 78.4.0esr

1 0

[tor-browser-build/master] Bug 40134: Support release train in android-components
by sysrqb＠torproject.org 27 Oct '20

27 Oct '20

commit 666785d9d539a23873f924986026a02fb32154a8 Author: Georg Koppen <gk(a)torproject.org> Date: Thu Oct 22 17:17:37 2020 +0000 Bug 40134: Support release train in android-components --- projects/android-components/build | 12 ++++++++---- projects/android-components/config | 1 + 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/projects/android-components/build b/projects/android-components/build index ace9455..622da23 100644 --- a/projects/android-components/build +++ b/projects/android-components/build @@ -54,9 +54,14 @@ patch -p1 < $rootdir/git.patch fi # We want to make sure only our code is built. Overwrite engine-gecko code we - # don't need. XXX: Take release into account. + # don't need. cd components/browser - [% IF c("var/alpha") || c("var/nightly") %] + [% IF c("var/release") %] + rm -rf engine-gecko-beta/src/* + rm -rf engine-gecko-nightly/src/* + cp -rf engine-gecko/src/* engine-gecko-beta/src/ + cp -rf engine-gecko/src/* engine-gecko-nightly/src/ + [% ELSE %] rm -rf engine-gecko/src/* rm -rf engine-gecko-nightly/src/* cp -rf engine-gecko-beta/src/* engine-gecko/src/ @@ -65,8 +70,7 @@ patch -p1 < $rootdir/git.patch cd ../../ gradle_args="--offline --no-daemon -Dmaven.repo.local=$gradle_repo" - # XXX: Take release into account - gradle $gradle_args assembleGeckoBeta -x lint + gradle $gradle_args assembleGecko[% c('variant') %] -x lint gradle $gradle_args publish # We only need the archives and .pom files for now. diff --git a/projects/android-components/config b/projects/android-components/config index adf0e11..b715d2e 100644 --- a/projects/android-components/config +++ b/projects/android-components/config @@ -5,6 +5,7 @@ git_hash: '[% project %]-[% c("var/android_components_version") %]-[% c("var/tor git_url: https://gitlab.torproject.org/tpo/applications/android-components.git tag_gpg_id: 1 gpg_keyring: torbutton.gpg +variant: '[% IF c("var/release") %]Release[% ELSE %]Beta[% END %]' var: android_components_version: 60.0.5

1 0

[Git][tpo/applications/fenix][tor-browser-82.1.1-10.0-1] 2 commits: fixup! Bug 40015: Modify Home menu
by Matthew Finkel 27 Oct '20

27 Oct '20

Matthew Finkel pushed to branch tor-browser-82.1.1-10.0-1 at The Tor Project / Applications / fenix Commits: 94888f5b by Matthew Finkel at 2020-10-27T22:12:23+00:00 fixup! Bug 40015: Modify Home menu Bug 40093: Enable Quit menu button - - - - - b30df1e9 by Matthew Finkel at 2020-10-27T22:12:49+00:00 fixup! Bug 40016: Modify Default toolbar menu Bug 40093: Enable Quit menu button - - - - - 2 changed files: - app/src/main/java/org/mozilla/fenix/components/toolbar/DefaultToolbarMenu.kt - app/src/main/java/org/mozilla/fenix/home/HomeMenu.kt Changes: ===================================== app/src/main/java/org/mozilla/fenix/components/toolbar/DefaultToolbarMenu.kt ===================================== @@ -175,16 +175,13 @@ class DefaultToolbarMenu( // Predicates that are called once, during screen init val shouldShowSaveToCollection = (context.asActivity() as? HomeActivity) ?.browsingModeManager?.mode == BrowsingMode.Normal - val shouldDeleteDataOnQuit = context.components.settings - .shouldDeleteBrowsingDataOnQuit && - !context.components.settings.shouldDisableNormalMode val menuItems = listOfNotNull( downloadsItem, // historyItem, bookmarksItem, settings, - if (shouldDeleteDataOnQuit) deleteDataOnQuit else null, + deleteDataOnQuit, BrowserMenuDivider(), findInPage, addToTopSites, ===================================== app/src/main/java/org/mozilla/fenix/home/HomeMenu.kt ===================================== @@ -160,12 +160,10 @@ class HomeMenu( null } - val settings = context.components.settings - val shouldDeleteBrowsingDataOnQuit = settings.shouldDeleteBrowsingDataOnQuit && - !settings.shouldDisableNormalMode + // val settings = context.components.settings val menuItems = listOfNotNull( - if (shouldDeleteBrowsingDataOnQuit) quitItem else null, + quitItem, settingsItem, BrowserMenuDivider(), // if (settings.syncedTabsInTabsTray) null else syncedTabsItem, View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/compare/abfb81fec559… -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/fenix/-/compare/abfb81fec559… You're receiving this email because of your account on gitlab.torproject.org.

1 0

[donate-static/master] Update mask info
by gus＠torproject.org 27 Oct '20

27 Oct '20

commit 85cab582487f8f847e45dab60d68ca0d91b36043 Author: gus <gus(a)torproject.org> Date: Tue Oct 27 13:34:03 2020 -0400 Update mask info --- content/contents.lr | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/contents.lr b/content/contents.lr index 733b4eae..2ea2d7ef 100644 --- a/content/contents.lr +++ b/content/contents.lr @@ -28,13 +28,13 @@ monthly_one: 500 --- monthly_three: 2500 --- -monthly_two: 1000 +monthly_two: 1500 --- single_five: 50000 --- single_four: 25000 --- -single_one: 2500 +single_one: 5000 --- single_three: 12500 ---

1 0

[snowflake/master] Don't log io.ErrClosedPipe in proxy.
by dcf＠torproject.org 27 Oct '20

27 Oct '20

commit 912bcae24eb71bc52c6f28b908e3c7678781e1a2 Author: David Fifield <david(a)bamsoftware.com> Date: Thu Oct 22 23:01:45 2020 -0600 Don't log io.ErrClosedPipe in proxy. We expect one of these at the end of just about every proxy session, as the Conns in both directions are closed as soon as the copy loop finishes in one direction. Closes #40016. --- proxy/snowflake.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/proxy/snowflake.go b/proxy/snowflake.go index ac85527..96851ae 100644 --- a/proxy/snowflake.go +++ b/proxy/snowflake.go @@ -300,7 +300,9 @@ func CopyLoop(c1 io.ReadWriteCloser, c2 io.ReadWriteCloser) { var wg sync.WaitGroup copyer := func(dst io.ReadWriteCloser, src io.ReadWriteCloser) { defer wg.Done() - if _, err := io.Copy(dst, src); err != nil { + // Ignore io.ErrClosedPipe because it is likely caused by the + // termination of copyer in the other direction. + if _, err := io.Copy(dst, src); err != nil && err != io.ErrClosedPipe { log.Printf("io.Copy inside CopyLoop generated an error: %v", err) } dst.Close()

1 0

[tor/master] lib/metrics: Fix wrong macro expansion
by dgoulet＠torproject.org 27 Oct '20

27 Oct '20

commit 362229f184c92712ee5a3027ce5d29024ca5b382 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 27 12:59:29 2020 -0400 lib/metrics: Fix wrong macro expansion The "METRICS_PREFIX" was not expanded but rather used as a litteral. Fix that by just removing the define and using "tor_" directly. Reviewed-by: Alexander Færøy <ahf(a)torproject.org> Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/lib/metrics/metrics_common.h | 6 +----- src/test/test_hs_metrics.c | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/src/lib/metrics/metrics_common.h b/src/lib/metrics/metrics_common.h index 50f6147007..c684a3ec42 100644 --- a/src/lib/metrics/metrics_common.h +++ b/src/lib/metrics/metrics_common.h @@ -11,14 +11,10 @@ #include "lib/cc/torint.h" -/** Prefix to every metrics exposed. This is insures that the metrics are - * always in the same namespace. */ -#define METRICS_PREFIX tor_ - /** Helper macro that must be used to construct the right namespaced metrics * name. A name is a string so stringify the result. */ #define METRICS_STR(val) #val -#define METRICS_NAME(name) METRICS_STR(METRICS_PREFIX ## name) +#define METRICS_NAME(name) METRICS_STR(tor_ ## name) /** Format output type. */ typedef enum { diff --git a/src/test/test_hs_metrics.c b/src/test/test_hs_metrics.c index dd123eb6f1..326212ae1d 100644 --- a/src/test/test_hs_metrics.c +++ b/src/test/test_hs_metrics.c @@ -44,7 +44,7 @@ test_metrics(void *arg) /* Confirm the entry value. */ const smartlist_t *entries = metrics_store_get_all(service->metrics.store, - "hs_intro_num_total"); + "tor_hs_intro_num_total"); tt_assert(entries); tt_int_op(smartlist_len(entries), OP_EQ, 1); const metrics_store_entry_t *entry = smartlist_get(entries, 0);

1 0

[tor/master] hs: New metrics module
by ahf＠torproject.org 27 Oct '20

27 Oct '20

commit 50f44afeb4e2222518b64f022ca74f3fa31f8819 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 20 12:48:54 2020 -0400 hs: New metrics module At this commit, a new service registers to the module and a store is created. It also remove itself from the metrics module if it goes away. In order to hook into the metrics subsystem, this commit attaches the HS subsystem into the subsystem global list so its get_metrics() call can be accessible. HS initialization is still _not_ done through the subsys module as it is likely require much more testing. Related to #40063 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/app/main/subsystem_list.c | 2 + src/feature/hs/hs_metrics.c | 169 ++++++++++++++++++++++++++++++++++++++ src/feature/hs/hs_metrics.h | 38 +++++++++ src/feature/hs/hs_metrics_entry.c | 33 ++++++++ src/feature/hs/hs_metrics_entry.h | 41 +++++++++ src/feature/hs/hs_service.c | 36 ++++++++ src/feature/hs/hs_service.h | 14 +++- src/feature/hs/hs_sys.c | 36 ++++++++ src/feature/hs/hs_sys.h | 22 +++++ src/feature/hs/include.am | 10 ++- 10 files changed, 398 insertions(+), 3 deletions(-) diff --git a/src/app/main/subsystem_list.c b/src/app/main/subsystem_list.c index 9562b99030..cb79909e69 100644 --- a/src/app/main/subsystem_list.c +++ b/src/app/main/subsystem_list.c @@ -31,6 +31,7 @@ #include "lib/evloop/evloop_sys.h" #include "feature/dirauth/dirauth_sys.h" +#include "feature/hs/hs_sys.h" #include "feature/metrics/metrics_sys.h" #include "feature/relay/relay_sys.h" @@ -65,6 +66,7 @@ const subsys_fns_t *tor_subsystems[] = { &sys_or, &sys_relay, + &sys_hs, &sys_btrack, diff --git a/src/feature/hs/hs_metrics.c b/src/feature/hs/hs_metrics.c new file mode 100644 index 0000000000..67cae8ec0e --- /dev/null +++ b/src/feature/hs/hs_metrics.c @@ -0,0 +1,169 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file hs_metrics.c + * @brief Onion service metrics exposed through the MetricsPort + **/ + +#define HS_METRICS_ENTRY_PRIVATE + +#include "orconfig.h" + +#include "lib/malloc/malloc.h" +#include "lib/container/smartlist.h" +#include "lib/metrics/metrics_store.h" + +#include "feature/hs/hs_metrics.h" +#include "feature/hs/hs_metrics_entry.h" +#include "feature/hs/hs_service.h" + +/** Return a static buffer pointer that contains the port as a string. + * + * Subsequent call to this function invalidates the previous buffer. */ +static const char * +port_to_str(const uint16_t port) +{ + static char buf[8]; + tor_snprintf(buf, sizeof(buf), "%u", port); + return buf; +} + +/** Return a static buffer pointer that contains a formatted label on the form + * of key=value. + * + * Subsequent call to this function invalidates the previous buffer. */ +static const char * +format_label(const char *key, const char *value) +{ + static char buf[128]; + tor_snprintf(buf, sizeof(buf), "%s=%s", key, value); + return buf; +} + +/** Initialize a metrics store for the given service. + * + * Essentially, this goes over the base_metrics array and adds them all to the + * store set with their label(s) if any. */ +static void +init_store(hs_service_t *service) +{ + metrics_store_t *store; + + tor_assert(service); + + store = service->metrics.store; + + for (size_t i = 0; i < base_metrics_size; ++i) { + metrics_store_entry_t *entry = + metrics_store_add(store, base_metrics[i].type, base_metrics[i].name, + base_metrics[i].help); + + /* Add labels to the entry. */ + metrics_store_entry_add_label(entry, + format_label("onion", service->onion_address)); + if (base_metrics[i].port_as_label && service->config.ports) { + SMARTLIST_FOREACH_BEGIN(service->config.ports, + const rend_service_port_config_t *, p) { + metrics_store_entry_add_label(entry, + format_label("port", port_to_str(p->virtual_port))); + } SMARTLIST_FOREACH_END(p); + } + } +} + +/** Update the metrics key entry in the store in the given service. The port, + * if non 0, is used to find the correct metrics entry. The value n is the + * value used to update the entry. */ +void +hs_metrics_update_by_service(const hs_metrics_key_t key, + hs_service_t *service, const uint16_t port, + int64_t n) +{ + tor_assert(service); + + /* Get the metrics entry in the store. */ + smartlist_t *entries = metrics_store_get_all(service->metrics.store, + base_metrics[key].name); + if (BUG(!entries)) { + return; + } + + /* We need to find the right metrics entry by finding the port label if any. + * + * XXX: This is not the most optimal due to the string format. Maybe at some + * point turn this into a kvline and a map in a metric entry? */ + SMARTLIST_FOREACH_BEGIN(entries, metrics_store_entry_t *, entry) { + if (port == 0 || + metrics_store_entry_has_label(entry, + format_label("port", port_to_str(port)))) { + metrics_store_entry_update(entry, n); + break; + } + } SMARTLIST_FOREACH_END(entry); +} + +/** Update the metrics key entry in the store of a service identified by the + * given identity public key. The port, if non 0, is used to find the correct + * metrics entry. The value n is the value used to update the entry. + * + * This is used by callsite that have access to the key but not the service + * object so an extra lookup is done to find the service. */ +void +hs_metrics_update_by_ident(const hs_metrics_key_t key, + const ed25519_public_key_t *ident_pk, + const uint16_t port, int64_t n) +{ + hs_service_t *service; + + tor_assert(ident_pk); + + service = hs_service_find(ident_pk); + if (!service) { + /* This is possible because an onion service client can end up here due to + * having an identity key onto a connection _to_ an onion service. We + * can't differentiate that from an actual onion service initiated by a + * service and thus the only way to know is to lookup the service. */ + return; + } + hs_metrics_update_by_service(key, service, port, n); +} + +/** Return a list of all the onion service metrics stores. This is the + * function attached to the .get_metrics() member of the subsys_t. */ +const smartlist_t * +hs_metrics_get_stores(void) +{ + /* We can't have the caller to free the returned list so keep it static, + * simply update it. */ + static smartlist_t *stores_list = NULL; + + smartlist_free(stores_list); + stores_list = hs_service_get_metrics_stores(); + return stores_list; +} + +/** Initialize the metrics store in the given service. */ +void +hs_metrics_service_init(hs_service_t *service) +{ + tor_assert(service); + + /* Calling this function twice on a service object is wrong. The caller must + * free the metrics before if so. */ + if (BUG(service->metrics.store)) { + return; + } + + service->metrics.store = metrics_store_new(); + init_store(service); +} + +/** Free the metrics store in the given service. */ +void +hs_metrics_service_free(hs_service_t *service) +{ + tor_assert(service); + + metrics_store_free(service->metrics.store); +} diff --git a/src/feature/hs/hs_metrics.h b/src/feature/hs/hs_metrics.h new file mode 100644 index 0000000000..991b66a7ee --- /dev/null +++ b/src/feature/hs/hs_metrics.h @@ -0,0 +1,38 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file hs_metrics.h + * @brief Header for feature/hs/hs_metrics.c + **/ + +#ifndef TOR_FEATURE_HS_HS_METRICS_H +#define TOR_FEATURE_HS_HS_METRICS_H + +#include "lib/container/smartlist.h" +#include "lib/crypt_ops/crypto_ed25519.h" + +#define HS_METRICS_ENTRY_PRIVATE +#include "feature/hs/hs_metrics_entry.h" +#include "feature/hs/hs_service.h" + +/* Init and Free. */ +void hs_metrics_service_init(hs_service_t *service); +void hs_metrics_service_free(hs_service_t *service); + +/* Accessors. */ +const smartlist_t *hs_metrics_get_stores(void); + +/* Metrics Update. */ +void hs_metrics_update_by_ident(const hs_metrics_key_t key, + const ed25519_public_key_t *ident_pk, + const uint16_t port, int64_t n); +void hs_metrics_update_by_service(const hs_metrics_key_t key, + hs_service_t *service, const uint16_t port, + int64_t n); + +/** New introducion request received. */ +#define hs_metrics_new_introduction(s) \ + hs_metrics_update_by_service(HS_METRICS_NUM_INTRODUCTIONS, (s), 0, 1) + +#endif /* !defined(TOR_FEATURE_HS_HS_METRICS_H) */ diff --git a/src/feature/hs/hs_metrics_entry.c b/src/feature/hs/hs_metrics_entry.c new file mode 100644 index 0000000000..d6b2e0e62b --- /dev/null +++ b/src/feature/hs/hs_metrics_entry.c @@ -0,0 +1,33 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file hs_metrics_entry.c + * @brief Defines the metrics entry that are collected by an onion service. + **/ + +#define HS_METRICS_ENTRY_PRIVATE + +#include "orconfig.h" + +#include "lib/cc/compat_compiler.h" + +#include "feature/hs/hs_metrics_entry.h" + +/** The base metrics that is a static array of metrics that are added to every + * single new stores. + * + * The key member MUST be also the index of the entry in the array. */ +const hs_metrics_entry_t base_metrics[] = +{ + { + .key = HS_METRICS_NUM_INTRODUCTIONS, + .type = METRICS_TYPE_COUNTER, + .name = "hs_intro_num_total", + .help = "Total number of introduction received", + .port_as_label = false, + }, +}; + +/** Size of base_metrics array that is number of entries. */ +const size_t base_metrics_size = ARRAY_LENGTH(base_metrics); diff --git a/src/feature/hs/hs_metrics_entry.h b/src/feature/hs/hs_metrics_entry.h new file mode 100644 index 0000000000..96dce36ffa --- /dev/null +++ b/src/feature/hs/hs_metrics_entry.h @@ -0,0 +1,41 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file hs_metrics_entry.h + * @brief Header for feature/hs/hs_metrics_entry.c + **/ + +#ifndef TOR_FEATURE_HS_METRICS_ENTRY_H +#define TOR_FEATURE_HS_METRICS_ENTRY_H + +#ifdef HS_METRICS_ENTRY_PRIVATE + +#include "lib/metrics/metrics_common.h" + +/** Metrics key which are used as an index in the main base metrics array. */ +typedef enum { + /** Number of introduction requests. */ + HS_METRICS_NUM_INTRODUCTIONS = 0, +} hs_metrics_key_t; + +/** The metadata of an HS metrics. */ +typedef struct hs_metrics_entry_t { + /* Metric key used as a static array index. */ + hs_metrics_key_t key; + /* Metric type. */ + metrics_type_t type; + /* Metrics output name. */ + const char *name; + /* Metrics output help comment. */ + const char *help; + /* True iff a port label should be added to the metrics entry. */ + bool port_as_label; +} hs_metrics_entry_t; + +extern const hs_metrics_entry_t base_metrics[]; +extern const size_t base_metrics_size; + +#endif /* HS_METRICS_ENTRY_PRIVATE */ + +#endif /* !defined(TOR_FEATURE_HS_METRICS_ENTRY_H) */ diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index f2a8898b2c..1ccd3e4435 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -40,6 +40,7 @@ #include "feature/hs/hs_descriptor.h" #include "feature/hs/hs_ident.h" #include "feature/hs/hs_intropoint.h" +#include "feature/hs/hs_metrics.h" #include "feature/hs/hs_service.h" #include "feature/hs/hs_stats.h" #include "feature/hs/hs_ob.h" @@ -195,6 +196,8 @@ register_service(hs_service_ht *map, hs_service_t *service) if (map == hs_service_map) { hs_service_map_has_changed(); } + /* Setup metrics. */ + hs_metrics_service_init(service); return 0; } @@ -3491,6 +3494,8 @@ service_handle_introduce2(origin_circuit_t *circ, const uint8_t *payload, payload, payload_len) < 0) { goto err; } + /* Update metrics that a new introduction was successful. */ + hs_metrics_new_introduction(service); return 0; err: @@ -4169,6 +4174,34 @@ hs_service_stage_services(const smartlist_t *service_list) smartlist_add_all(hs_service_staging_list, service_list); } +/** Return a newly allocated list of all the service's metrics store. */ +smartlist_t * +hs_service_get_metrics_stores(void) +{ + smartlist_t *list = smartlist_new(); + + if (hs_service_map) { + FOR_EACH_SERVICE_BEGIN(service) { + smartlist_add(list, service->metrics.store); + } FOR_EACH_SERVICE_END; + } + + return list; +} + +/** Lookup the global service map for the given identitiy public key and + * return the service object if found, NULL if not. */ +hs_service_t * +hs_service_find(const ed25519_public_key_t *identity_pk) +{ + tor_assert(identity_pk); + + if (!hs_service_map) { + return NULL; + } + return find_service(hs_service_map, identity_pk); +} + /** Allocate and initilize a service object. The service configuration will * contain the default values. Return the newly allocated object pointer. This * function can't fail. */ @@ -4215,6 +4248,9 @@ hs_service_free_(hs_service_t *service) tor_free(service->state.ob_subcreds); } + /* Free metrics object. */ + hs_metrics_service_free(service); + /* Wipe service keys. */ memwipe(&service->keys.identity_sk, 0, sizeof(service->keys.identity_sk)); diff --git a/src/feature/hs/hs_service.h b/src/feature/hs/hs_service.h index b5bff5bee5..136ff744db 100644 --- a/src/feature/hs/hs_service.h +++ b/src/feature/hs/hs_service.h @@ -11,12 +11,13 @@ #include "lib/crypt_ops/crypto_curve25519.h" #include "lib/crypt_ops/crypto_ed25519.h" -#include "feature/hs_common/replaycache.h" +#include "lib/metrics/metrics_store.h" #include "feature/hs/hs_common.h" #include "feature/hs/hs_descriptor.h" #include "feature/hs/hs_ident.h" #include "feature/hs/hs_intropoint.h" +#include "feature/hs_common/replaycache.h" /* Trunnel */ #include "trunnel/hs/cell_establish_intro.h" @@ -34,6 +35,12 @@ /** Maximum interval for uploading next descriptor (in seconds). */ #define HS_SERVICE_NEXT_UPLOAD_TIME_MAX (120 * 60) +/** Collected metrics for a specific service. */ +typedef struct hs_service_metrics_t { + /** Store containing the metrics values. */ + metrics_store_t *store; +} hs_service_metrics_t; + /** Service side introduction point. */ typedef struct hs_service_intro_point_t { /** Top level intropoint "shared" data between client/service. */ @@ -312,6 +319,9 @@ typedef struct hs_service_t { hs_service_descriptor_t *desc_current; /** Next descriptor. */ hs_service_descriptor_t *desc_next; + + /** Metrics. */ + hs_service_metrics_t metrics; } hs_service_t; /** For the service global hash map, we define a specific type for it which @@ -335,6 +345,7 @@ void hs_service_free_(hs_service_t *service); **/ #define hs_service_free(s) FREE_AND_NULL(hs_service_t, hs_service_free_, (s)) +hs_service_t *hs_service_find(const ed25519_public_key_t *ident_pk); MOCK_DECL(unsigned int, hs_service_get_num_services,(void)); void hs_service_stage_services(const smartlist_t *service_list); int hs_service_load_all_keys(void); @@ -343,6 +354,7 @@ void hs_service_lists_fnames_for_sandbox(smartlist_t *file_list, smartlist_t *dir_list); int hs_service_set_conn_addr_port(const origin_circuit_t *circ, edge_connection_t *conn); +smartlist_t *hs_service_get_metrics_stores(void); void hs_service_map_has_changed(void); void hs_service_dir_info_changed(void); diff --git a/src/feature/hs/hs_sys.c b/src/feature/hs/hs_sys.c new file mode 100644 index 0000000000..6524dc3e4e --- /dev/null +++ b/src/feature/hs/hs_sys.c @@ -0,0 +1,36 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file hs_sys.c + * @brief Setup and tear down the HS subsystem. + **/ + +#include "lib/subsys/subsys.h" + +#include "feature/hs/hs_metrics.h" +#include "feature/hs/hs_sys.h" + +static int +subsys_hs_initialize(void) +{ + return 0; +} + +static void +subsys_hs_shutdown(void) +{ +} + +const subsys_fns_t sys_hs = { + SUBSYS_DECLARE_LOCATION(), + + .name = "hs", + .supported = true, + .level = HS_SUBSYS_LEVEL, + + .initialize = subsys_hs_initialize, + .shutdown = subsys_hs_shutdown, + + .get_metrics = hs_metrics_get_stores, +}; diff --git a/src/feature/hs/hs_sys.h b/src/feature/hs/hs_sys.h new file mode 100644 index 0000000000..4427b59b9c --- /dev/null +++ b/src/feature/hs/hs_sys.h @@ -0,0 +1,22 @@ +/* Copyright (c) 2020, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * @file hs_sys.h + * @brief Header for feature/hs/hs_sys.c + **/ + +#ifndef TOR_FEATURE_HS_HS_SYS_H +#define TOR_FEATURE_HS_HS_SYS_H + +extern const struct subsys_fns_t sys_hs; + +/** + * Subsystem level for the metrics system. + * + * Defined here so that it can be shared between the real and stub + * definitions. + **/ +#define HS_SUBSYS_LEVEL (51) + +#endif /* !defined(TOR_FEATURE_HS_HS_SYS_H) */ diff --git a/src/feature/hs/include.am b/src/feature/hs/include.am index af1dc65585..c55abd3d47 100644 --- a/src/feature/hs/include.am +++ b/src/feature/hs/include.am @@ -13,9 +13,12 @@ LIBTOR_APP_A_SOURCES += \ src/feature/hs/hs_dos.c \ src/feature/hs/hs_ident.c \ src/feature/hs/hs_intropoint.c \ + src/feature/hs/hs_metrics.c \ src/feature/hs/hs_ob.c \ src/feature/hs/hs_service.c \ - src/feature/hs/hs_stats.c + src/feature/hs/hs_stats.c \ + src/feature/hs/hs_sys.c \ + src/feature/hs/hs_metrics_entry.c # ADD_C_FILE: INSERT HEADERS HERE. noinst_HEADERS += \ @@ -31,9 +34,12 @@ noinst_HEADERS += \ src/feature/hs/hs_dos.h \ src/feature/hs/hs_ident.h \ src/feature/hs/hs_intropoint.h \ + src/feature/hs/hs_metrics.h \ src/feature/hs/hs_ob.h \ src/feature/hs/hs_opts_st.h \ src/feature/hs/hs_options.inc \ src/feature/hs/hs_service.h \ src/feature/hs/hs_stats.h \ - src/feature/hs/hsdir_index_st.h + src/feature/hs/hsdir_index_st.h \ + src/feature/hs/hs_sys.h \ + src/feature/hs/hs_metrics_entry.h

1 0

[tor/master] hs: Always note the virtual port in the ident
by ahf＠torproject.org 27 Oct '20

27 Oct '20

commit 695957511b95d5b6cbe4a13d30b591aed572c9e5 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 20 11:10:48 2020 -0400 hs: Always note the virtual port in the ident Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/feature/hs/hs_common.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/feature/hs/hs_common.c b/src/feature/hs/hs_common.c index cbcb672140..24d34144e4 100644 --- a/src/feature/hs/hs_common.c +++ b/src/feature/hs/hs_common.c @@ -887,12 +887,14 @@ hs_set_conn_addr_port(const smartlist_t *ports, edge_connection_t *conn) chosen_port = smartlist_choose(matching_ports); smartlist_free(matching_ports); if (chosen_port) { - if (!(chosen_port->is_unix_addr)) { - /* save the original destination before we overwrite it */ - if (conn->hs_ident) { - conn->hs_ident->orig_virtual_port = TO_CONN(conn)->port; - } + /* Remember, v2 doesn't use an hs_ident. */ + if (conn->hs_ident) { + /* There is always a connection identifier at this point. Regardless of a + * Unix or TCP port, note the virtual port. */ + conn->hs_ident->orig_virtual_port = chosen_port->virtual_port; + } + if (!(chosen_port->is_unix_addr)) { /* Get a non-AF_UNIX connection ready for connection_exit_connect() */ tor_addr_copy(&TO_CONN(conn)->addr, &chosen_port->real_addr); TO_CONN(conn)->port = chosen_port->real_port;

1 0

[tor/master] conn: New Metrics listener port
by ahf＠torproject.org 27 Oct '20

27 Oct '20

commit 4f5cea1f592d9e9e6c69fc0e772dd46a0fa43799 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 20 10:57:24 2020 -0400 conn: New Metrics listener port If MetricsPort is defined, listen on it and handle the incoming request. Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/app/config/config.c | 7 ++ src/app/config/or_options_st.h | 6 + src/core/mainloop/connection.c | 17 ++- src/core/mainloop/connection.h | 6 +- src/core/or/policies.c | 32 ++++++ src/core/or/policies.h | 1 + src/feature/control/control_fmt.c | 2 + src/feature/control/control_getinfo.c | 2 + src/feature/metrics/metrics.c | 210 ++++++++++++++++++++++++++++++++-- src/feature/metrics/metrics.h | 16 ++- 10 files changed, 286 insertions(+), 13 deletions(-) diff --git a/src/app/config/config.c b/src/app/config/config.c index 6c17bb0d8c..e14437aa6f 100644 --- a/src/app/config/config.c +++ b/src/app/config/config.c @@ -91,6 +91,7 @@ #include "feature/dirclient/dirclient_modes.h" #include "feature/hibernate/hibernate.h" #include "feature/hs/hs_config.h" +#include "feature/metrics/metrics.h" #include "feature/nodelist/dirlist.h" #include "feature/nodelist/networkstatus.h" #include "feature/nodelist/nickname.h" @@ -560,6 +561,8 @@ static const config_var_t option_vars_[] = { OBSOLETE("MaxOnionsPending"), V(MaxOnionQueueDelay, MSEC_INTERVAL, "1750 msec"), V(MaxUnparseableDescSizeToLog, MEMUNIT, "10 MB"), + VPORT(MetricsPort), + V(MetricsPortPolicy, LINELIST, NULL), VAR("MyFamily", LINELIST, MyFamily_lines, NULL), V(NewCircuitPeriod, INTERVAL, "30 seconds"), OBSOLETE("NamingAuthoritativeDirectory"), @@ -6461,6 +6464,10 @@ parse_ports(or_options_t *options, int validate_only, *msg = tor_strdup("Invalid HTTPTunnelPort configuration"); goto err; } + if (metrics_parse_ports(options, ports, msg) < 0) { + goto err; + } + { unsigned control_port_flags = CL_PORT_NO_STREAM_OPTIONS | CL_PORT_WARN_NONLOCAL; diff --git a/src/app/config/or_options_st.h b/src/app/config/or_options_st.h index 3ccd2c9761..7a72547fd3 100644 --- a/src/app/config/or_options_st.h +++ b/src/app/config/or_options_st.h @@ -164,6 +164,8 @@ struct or_options_t { struct config_line_t *ORPort_lines; /** Ports to listen on for extended OR connections. */ struct config_line_t *ExtORPort_lines; + /** Ports to listen on for Metrics connections. */ + struct config_line_t *MetricsPort_lines; /** Ports to listen on for SOCKS connections. */ struct config_line_t *SocksPort_lines; /** Ports to listen on for transparent pf/netfilter connections. */ @@ -223,6 +225,7 @@ struct or_options_t { unsigned int DNSPort_set : 1; unsigned int ExtORPort_set : 1; unsigned int HTTPTunnelPort_set : 1; + unsigned int MetricsPort_set : 1; /**@}*/ /** Whether to publish our descriptor regardless of all our self-tests @@ -1076,6 +1079,9 @@ struct or_options_t { **/ int DormantCanceledByStartup; + /** List of policy allowed to query the Metrics port. */ + struct config_line_t *MetricsPortPolicy; + /** * Configuration objects for individual modules. * diff --git a/src/core/mainloop/connection.c b/src/core/mainloop/connection.c index 7a17d7ff9d..ebf15fcc9e 100644 --- a/src/core/mainloop/connection.c +++ b/src/core/mainloop/connection.c @@ -99,6 +99,7 @@ #include "feature/hibernate/hibernate.h" #include "feature/hs/hs_common.h" #include "feature/hs/hs_ident.h" +#include "feature/metrics/metrics.h" #include "feature/nodelist/nodelist.h" #include "feature/nodelist/routerlist.h" #include "feature/relay/dns.h" @@ -218,7 +219,8 @@ static smartlist_t *outgoing_addrs = NULL; case CONN_TYPE_AP_TRANS_LISTENER: \ case CONN_TYPE_AP_NATD_LISTENER: \ case CONN_TYPE_AP_DNS_LISTENER: \ - case CONN_TYPE_AP_HTTP_CONNECT_LISTENER + case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: \ + case CONN_TYPE_METRICS_LISTENER /**************************************************************/ @@ -283,6 +285,8 @@ conn_type_to_string(int type) case CONN_TYPE_EXT_OR: return "Extended OR"; case CONN_TYPE_EXT_OR_LISTENER: return "Extended OR listener"; case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: return "HTTP tunnel listener"; + case CONN_TYPE_METRICS_LISTENER: return "Metrics listener"; + case CONN_TYPE_METRICS: return "Metrics"; default: log_warn(LD_BUG, "unknown connection type %d", type); tor_snprintf(buf, sizeof(buf), "unknown [%d]", type); @@ -2025,6 +2029,10 @@ connection_handle_listener_read(connection_t *conn, int new_type) log_notice(LD_CONTROL, "New control connection opened from %s.", fmt_and_decorate_addr(&addr)); } + if (new_type == CONN_TYPE_METRICS) { + log_info(LD_CONTROL, "New metrics connection opened from %s.", + fmt_and_decorate_addr(&addr)); + } } else if (conn->socket_family == AF_UNIX && conn->type != CONN_TYPE_AP) { tor_assert(conn->type == CONN_TYPE_CONTROL_LISTENER); @@ -3893,6 +3901,8 @@ connection_handle_read_impl(connection_t *conn) return connection_handle_listener_read(conn, CONN_TYPE_DIR); case CONN_TYPE_CONTROL_LISTENER: return connection_handle_listener_read(conn, CONN_TYPE_CONTROL); + case CONN_TYPE_METRICS_LISTENER: + return connection_handle_listener_read(conn, CONN_TYPE_METRICS); case CONN_TYPE_AP_DNS_LISTENER: /* This should never happen; eventdns.c handles the reads here. */ tor_fragile_assert(); @@ -5108,6 +5118,8 @@ connection_process_inbuf(connection_t *conn, int package_partial) return connection_dir_process_inbuf(TO_DIR_CONN(conn)); case CONN_TYPE_CONTROL: return connection_control_process_inbuf(TO_CONTROL_CONN(conn)); + case CONN_TYPE_METRICS: + return metrics_connection_process_inbuf(conn); default: log_err(LD_BUG,"got unexpected conn type %d.", conn->type); tor_fragile_assert(); @@ -5671,6 +5683,9 @@ assert_connection_ok(connection_t *conn, time_t now) tor_assert(conn->state >= CONTROL_CONN_STATE_MIN_); tor_assert(conn->state <= CONTROL_CONN_STATE_MAX_); break; + case CONN_TYPE_METRICS: + /* No state. */ + break; default: tor_assert(0); } diff --git a/src/core/mainloop/connection.h b/src/core/mainloop/connection.h index ee3dce49f4..9dab28c3d9 100644 --- a/src/core/mainloop/connection.h +++ b/src/core/mainloop/connection.h @@ -73,8 +73,12 @@ struct buf_t; #define CONN_TYPE_EXT_OR_LISTENER 17 /** Type for sockets listening for HTTP CONNECT tunnel connections. */ #define CONN_TYPE_AP_HTTP_CONNECT_LISTENER 18 +/** Type for sockets listening for Metrics query connections. */ +#define CONN_TYPE_METRICS_LISTENER 19 +/** Type for connections from metrics listener. */ +#define CONN_TYPE_METRICS 20 -#define CONN_TYPE_MAX_ 19 +#define CONN_TYPE_MAX_ 21 /* !!!! If _CONN_TYPE_MAX is ever over 31, we must grow the type field in * struct connection_t. */ diff --git a/src/core/or/policies.c b/src/core/or/policies.c index 0dc440cc96..24e9c0ce9f 100644 --- a/src/core/or/policies.c +++ b/src/core/or/policies.c @@ -48,6 +48,8 @@ static smartlist_t *socks_policy = NULL; /** Policy that addresses for incoming directory connections must match. */ static smartlist_t *dir_policy = NULL; +/** Policy for incoming MetricsPort connections that must match. */ +static smartlist_t *metrics_policy = NULL; /** Policy that addresses for incoming router descriptors must match in order * to be published by us. */ static smartlist_t *authdir_reject_policy = NULL; @@ -1060,6 +1062,15 @@ socks_policy_permits_address(const tor_addr_t *addr) return addr_policy_permits_tor_addr(addr, 1, socks_policy); } +/** Return 1 if addr is permitted to connect to our metrics port, + * based on socks_policy. Else return 0. + */ +int +metrics_policy_permits_address(const tor_addr_t *addr) +{ + return addr_policy_permits_tor_addr(addr, 1, metrics_policy); +} + /** Return true iff the address addr is in a country listed in the * case-insensitive list of country codes cc_list. */ static int @@ -1218,6 +1229,22 @@ load_policy_from_option(config_line_t *config, const char *option_name, return 0; } +/** Helper: Parse the MetricsPortPolicy option into the metrics_policy and set + * the reject all by default. + * + * Return 0 on success else -1. */ +static int +parse_metrics_port_policy(const or_options_t *options) +{ + if (load_policy_from_option(options->MetricsPortPolicy, "MetricsPortPolicy", + &metrics_policy, -1) < 0) { + return -1; + } + /* It is a reject all by default. */ + append_exit_policy_string(&metrics_policy, "reject *:*"); + return 0; +} + /** Set all policies based on options, which should have been validated * first by validate_addr_policies. */ int @@ -1239,6 +1266,9 @@ policies_parse_from_options(const or_options_t *options) if (load_policy_from_option(options->AuthDirBadExit, "AuthDirBadExit", &authdir_badexit_policy, ADDR_POLICY_REJECT) < 0) ret = -1; + if (parse_metrics_port_policy(options) < 0) { + ret = -1; + } if (parse_reachable_addresses() < 0) ret = -1; return ret; @@ -3074,6 +3104,8 @@ policies_free_all(void) socks_policy = NULL; addr_policy_list_free(dir_policy); dir_policy = NULL; + addr_policy_list_free(metrics_policy); + metrics_policy = NULL; addr_policy_list_free(authdir_reject_policy); authdir_reject_policy = NULL; addr_policy_list_free(authdir_invalid_policy); diff --git a/src/core/or/policies.h b/src/core/or/policies.h index c8502a5516..17bd7c869f 100644 --- a/src/core/or/policies.h +++ b/src/core/or/policies.h @@ -102,6 +102,7 @@ void reachable_addr_choose_from_dir_server(const dir_server_t *ds, int dir_policy_permits_address(const tor_addr_t *addr); int socks_policy_permits_address(const tor_addr_t *addr); +int metrics_policy_permits_address(const tor_addr_t *addr); int authdir_policy_permits_address(const tor_addr_t *addr, uint16_t port); int authdir_policy_valid_address(const tor_addr_t *addr, uint16_t port); int authdir_policy_badexit_address(const tor_addr_t *addr, uint16_t port); diff --git a/src/feature/control/control_fmt.c b/src/feature/control/control_fmt.c index d76e6ad8dd..014427c5b5 100644 --- a/src/feature/control/control_fmt.c +++ b/src/feature/control/control_fmt.c @@ -206,6 +206,8 @@ entry_connection_describe_status_for_controller(const entry_connection_t *conn) case CONN_TYPE_AP_DNS_LISTENER: client_protocol = "DNS"; break; case CONN_TYPE_AP_HTTP_CONNECT_LISTENER: client_protocol = "HTTPCONNECT"; break; + case CONN_TYPE_METRICS_LISTENER: + client_protocol = "METRICS"; break; default: client_protocol = "UNKNOWN"; } smartlist_add_asprintf(descparts, "CLIENT_PROTOCOL=%s", diff --git a/src/feature/control/control_getinfo.c b/src/feature/control/control_getinfo.c index 461b8eeb94..cfac59d499 100644 --- a/src/feature/control/control_getinfo.c +++ b/src/feature/control/control_getinfo.c @@ -287,6 +287,8 @@ getinfo_helper_listeners(control_connection_t *control_conn, type = CONN_TYPE_AP_DNS_LISTENER; else if (!strcmp(question, "net/listeners/control")) type = CONN_TYPE_CONTROL_LISTENER; + else if (!strcmp(question, "net/listeners/metrics")) + type = CONN_TYPE_METRICS_LISTENER; else return 0; /* unknown key */ diff --git a/src/feature/metrics/metrics.c b/src/feature/metrics/metrics.c index 5f6fe776b7..886182bc90 100644 --- a/src/feature/metrics/metrics.c +++ b/src/feature/metrics/metrics.c @@ -8,25 +8,68 @@ #include "orconfig.h" -#include "lib/container/smartlist.h" +#include "core/or/or.h" + +#include "lib/encoding/confline.h" #include "lib/log/util_bug.h" #include "lib/malloc/malloc.h" #include "lib/metrics/metrics_store.h" +#include "lib/net/resolve.h" #include "lib/string/printf.h" +#include "lib/net/nettypes.h" +#include "lib/net/address.h" + +#include "core/mainloop/connection.h" +#include "core/or/connection_st.h" +#include "core/or/policies.h" +#include "core/or/port_cfg_st.h" +#include "core/proto/proto_http.h" +#include "feature/dircommon/directory.h" #include "feature/metrics/metrics.h" +#include "app/config/config.h" #include "app/main/subsysmgr.h" -/** Return newly allocated string containing the output of all subsystems +/** Metrics format driver set by the MetricsPort option. */ +static metrics_format_t the_format = METRICS_FORMAT_PROMETHEUS; + +/** Return true iff the given peer address is allowed by our MetricsPortPolicy + * option that is is in that list. */ +static bool +metrics_request_allowed(const tor_addr_t *peer_addr) +{ + tor_assert(peer_addr); + + return metrics_policy_permits_address(peer_addr); +} + +/** Helper: For a metrics port connection, write the HTTP response header + * using the data length passed. */ +static void +write_metrics_http_response(const size_t data_len, connection_t *conn) +{ + char date[RFC1123_TIME_LEN+1]; + buf_t *buf = buf_new_with_capacity(128 + data_len); + + format_rfc1123_time(date, approx_time()); + buf_add_printf(buf, "HTTP/1.0 200 OK\r\nDate: %s\r\n", date); + buf_add_printf(buf, "Content-Type: text/plain; charset=utf-8\r\n"); + buf_add_printf(buf, "Content-Length: %" TOR_PRIuSZ "\r\n", data_len); + buf_add_string(buf, "\r\n"); + + connection_buf_add_buf(conn, buf); + buf_free(buf); +} + +/** Return newly allocated buffer containing the output of all subsystems * having metrics. * * This is used to output the content on the MetricsPort. */ -char * +buf_t * metrics_get_output(const metrics_format_t fmt) { - char *data; - smartlist_t *chunks = smartlist_new(); + buf_t *data = buf_new(); /* Go over all subsystems that exposes a metrics store. */ for (unsigned i = 0; i < n_tor_subsystems; ++i) { @@ -40,17 +83,164 @@ metrics_get_output(const metrics_format_t fmt) if (sys->get_metrics && (stores = sys->get_metrics())) { SMARTLIST_FOREACH_BEGIN(stores, const metrics_store_t *, store) { - smartlist_add(chunks, metrics_store_get_output(fmt, store)); + metrics_store_get_output(fmt, store, data); } SMARTLIST_FOREACH_END(store); } } - data = smartlist_join_strings(chunks, "\n", 0, NULL); + return data; +} + +/** Process what is in the inbuf of this connection of type metrics. + * + * Return 0 on success else -1 on error which will close the connection. */ +int +metrics_connection_process_inbuf(connection_t *conn) +{ + int ret = -1; + char *headers = NULL, *command = NULL, *url = NULL; + const char *errmsg = NULL; + + tor_assert(conn); + tor_assert(conn->type == CONN_TYPE_METRICS); + + if (!metrics_request_allowed(&conn->addr)) { + /* Close connection. Don't bother returning anything if you are not + * allowed by being on the policy list. */ + errmsg = NULL; + goto err; + } + + const int http_status = fetch_from_buf_http(conn->inbuf, &headers, 1024, + NULL, NULL, 1024, 0); + if (http_status < 0) { + errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n"; + goto err; + } else if (http_status == 0) { + /* no HTTP request yet. */ + goto done; + } + + const int cmd_status = parse_http_command(headers, &command, &url); + if (cmd_status < 0) { + errmsg = "HTTP/1.0 400 Bad Request\r\n\r\n"; + goto err; + } else if (strcmpstart(command, "GET")) { + errmsg = "HTTP/1.0 405 Method Not Allowed\r\n\r\n"; + goto err; + } + tor_assert(url); - SMARTLIST_FOREACH(chunks, char *, c, tor_free(c)); - smartlist_free(chunks); + /* Where we expect the query to come for. */ +#define EXPECTED_URL_PATH "/metrics" +#define EXPECTED_URL_PATH_LEN (sizeof(EXPECTED_URL_PATH) - 1) /* No NUL */ - return data; + if (!strcmpstart(url, EXPECTED_URL_PATH) && + strlen(url) == EXPECTED_URL_PATH_LEN) { + buf_t *data = metrics_get_output(the_format); + + write_metrics_http_response(buf_datalen(data), conn); + connection_buf_add_buf(conn, data); + buf_free(data); + } else { + errmsg = "HTTP/1.0 404 Not Found\r\n\r\n"; + goto err; + } + + ret = 0; + goto done; + + err: + if (errmsg) { + log_info(LD_EDGE, "HTTP metrics error: saying %s", escaped(errmsg)); + connection_buf_add(errmsg, strlen(errmsg), conn); + } + + done: + tor_free(headers); + tor_free(command); + tor_free(url); + + return ret; +} + +/** Parse metrics ports from options. On success, add the port to the ports + * list and return 0. On failure, set err_msg_out to a newly allocated string + * describing the problem and return -1. */ +int +metrics_parse_ports(or_options_t *options, smartlist_t *ports, + char **err_msg_out) +{ + int num_elems, ok = 0, ret = -1; + const char *addrport_str = NULL, *fmt_str = NULL; + smartlist_t *elems = NULL; + port_cfg_t *cfg = NULL; + + tor_assert(options); + tor_assert(ports); + + /* No metrics port to configure, just move on . */ + if (!options->MetricsPort_lines) { + return 0; + } + + elems = smartlist_new(); + + /* Split between the protocol and the address/port. */ + num_elems = smartlist_split_string(elems, + options->MetricsPort_lines->value, " ", + SPLIT_SKIP_SPACE | SPLIT_IGNORE_BLANK, 2); + if (num_elems < 1) { + *err_msg_out = tor_strdup("MetricsPort is missing port."); + goto end; + } + + addrport_str = smartlist_get(elems, 0); + if (num_elems >= 2) { + /* Parse the format if any. */ + fmt_str = smartlist_get(elems, 1); + if (!strcasecmp(fmt_str, "prometheus")) { + the_format = METRICS_FORMAT_PROMETHEUS; + } else { + tor_asprintf(err_msg_out, "MetricsPort unknown format: %s", fmt_str); + goto end; + } + } + + /* Port configuration with default address. */ + cfg = port_cfg_new(0); + cfg->type = CONN_TYPE_METRICS_LISTENER; + + /* Parse the port first. Then an address if any can be found. */ + cfg->port = (int) tor_parse_long(addrport_str, 10, 0, 65535, &ok, NULL); + if (ok) { + tor_addr_parse(&cfg->addr, "127.0.0.1"); + } else { + /* We probably have a host:port situation */ + if (tor_addr_port_lookup(addrport_str, &cfg->addr, + (uint16_t *) &cfg->port) < 0) { + *err_msg_out = tor_strdup("MetricsPort address/port failed to parse or " + "resolve."); + goto end; + } + } + /* Add it to the ports list. */ + smartlist_add(ports, cfg); + + /* It is set. MetricsPort doesn't support the NoListen options or such that + * would prevent from being a real listener port. */ + options->MetricsPort_set = 1; + + /* Success. */ + ret = 0; + + end: + if (ret != 0) { + port_cfg_free(cfg); + } + SMARTLIST_FOREACH(elems, char *, e, tor_free(e)); + smartlist_free(elems); + return ret; } /** Initialize the subsystem. */ diff --git a/src/feature/metrics/metrics.h b/src/feature/metrics/metrics.h index a30c271bea..b4bbe28b27 100644 --- a/src/feature/metrics/metrics.h +++ b/src/feature/metrics/metrics.h @@ -9,13 +9,27 @@ #ifndef TOR_FEATURE_METRICS_METRICS_H #define TOR_FEATURE_METRICS_METRICS_H +#include "lib/buf/buffers.h" +#include "lib/container/smartlist.h" + +#include "app/config/or_options_st.h" + #include "lib/metrics/metrics_common.h" +struct connection_t; + /* Initializer / Cleanup. */ void metrics_init(void); void metrics_cleanup(void); /* Accessors. */ -char *metrics_get_output(const metrics_format_t fmt); +buf_t *metrics_get_output(const metrics_format_t fmt); + +/* Connection. */ +int metrics_connection_process_inbuf(struct connection_t *conn); + +/* Configuration. */ +int metrics_parse_ports(or_options_t *options, smartlist_t *ports, + char **err_msg_out); #endif /* !defined(TOR_FEATURE_METRICS_METRICS_H) */

1 0

[tor/master] hs: Collect introduction circuit metrics
by ahf＠torproject.org 27 Oct '20

27 Oct '20

commit 97731196c4141093f96b632ce38f440fec8db831 Author: David Goulet <dgoulet(a)torproject.org> Date: Tue Oct 20 15:05:06 2020 -0400 hs: Collect introduction circuit metrics Tracks the total number of established introduction circuit. Related to #40063 Signed-off-by: David Goulet <dgoulet(a)torproject.org> --- src/feature/hs/hs_metrics.h | 10 ++++++++++ src/feature/hs/hs_metrics_entry.c | 6 ++++++ src/feature/hs/hs_metrics_entry.h | 2 ++ src/feature/hs/hs_service.c | 9 +++++++++ 4 files changed, 27 insertions(+) diff --git a/src/feature/hs/hs_metrics.h b/src/feature/hs/hs_metrics.h index 21af42e01c..506831b3fd 100644 --- a/src/feature/hs/hs_metrics.h +++ b/src/feature/hs/hs_metrics.h @@ -57,4 +57,14 @@ void hs_metrics_update_by_service(const hs_metrics_key_t key, #define hs_metrics_new_rdv(i) \ hs_metrics_update_by_ident(HS_METRICS_NUM_RDV, (i), 0, 1) +/** New introduction circuit has been established. This is called when the + * INTRO_ESTABLISHED has been received by the service. */ +#define hs_metrics_new_established_intro(s) \ + hs_metrics_update_by_service(HS_METRICS_NUM_ESTABLISHED_INTRO, (s), 0, 1) + +/** Established introduction circuit closes. This is called when + * INTRO_ESTABLISHED circuit is marked for close. */ +#define hs_metrics_close_established_intro(i) \ + hs_metrics_update_by_ident(HS_METRICS_NUM_ESTABLISHED_INTRO, (i), 0, 1) + #endif /* !defined(TOR_FEATURE_HS_HS_METRICS_H) */ diff --git a/src/feature/hs/hs_metrics_entry.c b/src/feature/hs/hs_metrics_entry.c index 78f5253327..e4da0921aa 100644 --- a/src/feature/hs/hs_metrics_entry.c +++ b/src/feature/hs/hs_metrics_entry.c @@ -53,6 +53,12 @@ const hs_metrics_entry_t base_metrics[] = .name = "hs_rdv_num_total", .help = "Total number of rendezvous circuit created", }, + { + .key = HS_METRICS_NUM_ESTABLISHED_INTRO, + .type = METRICS_TYPE_GAUGE, + .name = "hs_intro_established_count", + .help = "Total number of established introduction circuit", + }, }; /** Size of base_metrics array that is number of entries. */ diff --git a/src/feature/hs/hs_metrics_entry.h b/src/feature/hs/hs_metrics_entry.h index 924696df4f..f68c1ab8e9 100644 --- a/src/feature/hs/hs_metrics_entry.h +++ b/src/feature/hs/hs_metrics_entry.h @@ -25,6 +25,8 @@ typedef enum { HS_METRICS_NUM_ESTABLISHED_RDV = 3, /** Number of rendezsvous circuits created. */ HS_METRICS_NUM_RDV = 4, + /** Number of established introducton points. */ + HS_METRICS_NUM_ESTABLISHED_INTRO = 5, } hs_metrics_key_t; /** The metadata of an HS metrics. */ diff --git a/src/feature/hs/hs_service.c b/src/feature/hs/hs_service.c index 6cf5257eb9..3d0e5dc1db 100644 --- a/src/feature/hs/hs_service.c +++ b/src/feature/hs/hs_service.c @@ -3451,6 +3451,9 @@ service_handle_intro_established(origin_circuit_t *circ, goto err; } + /* Update metrics. */ + hs_metrics_new_established_intro(service); + log_info(LD_REND, "Successfully received an INTRO_ESTABLISHED cell " "on circuit %u for service %s", TO_CIRCUIT(circ)->n_circ_id, @@ -3597,6 +3600,12 @@ hs_service_circuit_cleanup_on_close(const circuit_t *circ) tor_assert(CIRCUIT_IS_ORIGIN(circ)); switch (circ->purpose) { + case CIRCUIT_PURPOSE_S_INTRO: + /* About to close an established introduction circuit. Update the metrics + * to reflect how many we have at the moment. */ + hs_metrics_close_established_intro( + &CONST_TO_ORIGIN_CIRCUIT(circ)->hs_ident->identity_pk); + break; case CIRCUIT_PURPOSE_S_REND_JOINED: /* About to close an established rendezvous circuit. Update the metrics to * reflect how many we have at the moment. */

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-commits October 2020