- tor-commits - lists.torproject.org

[tor/maint-0.2.1] Fix a bug introduced by purging rend_cache on NEWNYM
by nickm＠torproject.org 28 Apr '11

28 Apr '11

commit f1cf9bd74d225e90ca123eb664c1c5538eedaa03 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Mon Apr 25 06:38:35 2011 -0700 Fix a bug introduced by purging rend_cache on NEWNYM If the user sent a SIGNAL NEWNYM command after we fetched a rendezvous descriptor, while we were building the introduction-point circuit, we would give up entirely on trying to connect to the hidden service. Original patch by rransom slightly edited to go into 0.2.1 --- src/or/rendclient.c | 25 +++++++++++++++++++++---- 1 files changed, 21 insertions(+), 4 deletions(-) diff --git a/src/or/rendclient.c b/src/or/rendclient.c index ca846d9..fb95efb 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -74,10 +74,27 @@ rend_client_send_introduction(origin_circuit_t *introcirc, if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, -1, &entry) < 1) { - log_warn(LD_REND, - "query %s didn't have valid rend desc in cache. Failing.", - escaped_safe_str(introcirc->rend_data->onion_address)); - goto perm_err; + log_info(LD_REND, + "query %s didn't have valid rend desc in cache. " + "Refetching descriptor.", + safe_str(introcirc->rend_data->onion_address)); + /* Fetch both v0 and v2 rend descriptors in parallel. Use whichever + * arrives first. Exception: When using client authorization, only + * fetch v2 descriptors.*/ + rend_client_refetch_v2_renddesc(introcirc->rend_data); + if (introcirc->rend_data->auth_type == REND_NO_AUTH) + rend_client_refetch_renddesc(introcirc->rend_data->onion_address); + { + connection_t *conn; + + while ((conn = connection_get_by_type_state_rendquery(CONN_TYPE_AP, + AP_CONN_STATE_CIRCUIT_WAIT, + introcirc->rend_data->onion_address, -1))) { + conn->state = AP_CONN_STATE_RENDDESC_WAIT; + } + } + + return -1; } /* first 20 bytes of payload are the hash of Bob's pk */

1 0

[tor/maint-0.2.1] Forget all rendezvous client state on SIGNAL NEWNYM
by nickm＠torproject.org 28 Apr '11

28 Apr '11

commit 440e48ddf27094e48c401c68c9014eca43b6867e Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Wed Apr 20 02:27:58 2011 -0700 Forget all rendezvous client state on SIGNAL NEWNYM --- changes/forget-rend-descs-on-newnym | 5 ++++ src/or/main.c | 2 + src/or/or.h | 2 + src/or/rendclient.c | 37 +++++++++++++++++++++++++++++++++++ src/or/rendcommon.c | 10 +++++++++ 5 files changed, 56 insertions(+), 0 deletions(-) diff --git a/changes/forget-rend-descs-on-newnym b/changes/forget-rend-descs-on-newnym new file mode 100644 index 0000000..c086973 --- /dev/null +++ b/changes/forget-rend-descs-on-newnym @@ -0,0 +1,5 @@ + o Security fixes: + - Forget all hidden service descriptors cached as a client when + processing a SIGNAL NEWNYM command. Fixes bug 3000. Bugfix on + 0.0.6. + diff --git a/src/or/main.c b/src/or/main.c index 96b7b45..e44fd49 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -785,6 +785,8 @@ signewnym_impl(time_t now) { circuit_expire_all_dirty_circs(); addressmap_clear_transient(); + rend_cache_purge(); + rend_client_cancel_descriptor_fetches(); time_of_last_signewnym = now; signewnym_is_pending = 0; } diff --git a/src/or/or.h b/src/or/or.h index 57e091e..897ad32 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -4039,6 +4039,7 @@ int rend_client_introduction_acked(origin_circuit_t *circ, size_t request_len); void rend_client_refetch_renddesc(const char *query); void rend_client_refetch_v2_renddesc(const rend_data_t *rend_query); +void rend_client_cancel_descriptor_fetches(void); int rend_client_remove_intro_point(extend_info_t *failed_intro, const rend_data_t *rend_query); int rend_client_rendezvous_acked(origin_circuit_t *circ, @@ -4137,6 +4138,7 @@ typedef struct rend_cache_entry_t { void rend_cache_init(void); void rend_cache_clean(void); void rend_cache_clean_v2_descs_as_dir(void); +void rend_cache_purge(void); void rend_cache_free_all(void); int rend_valid_service_id(const char *query); int rend_cache_lookup_desc(const char *query, int version, const char **desc, diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 51306b3..37cca14 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -557,8 +557,45 @@ rend_client_refetch_v2_renddesc(const rend_data_t *rend_query) return; } +/** Cancel all rendezvous descriptor fetches currently in progress. + */ +void +rend_client_cancel_descriptor_fetches(void) +{ + smartlist_t *connection_array = get_connection_array(); + + SMARTLIST_FOREACH_BEGIN(connection_array, connection_t *, conn) { + if (conn->type == CONN_TYPE_DIR && + (conn->purpose == DIR_PURPOSE_FETCH_RENDDESC || + conn->purpose == DIR_PURPOSE_FETCH_RENDDESC_V2)) { + /* It's a rendezvous descriptor fetch in progress -- cancel it + * by marking the connection for close. + * + * Even if this connection has already reached EOF, this is + * enough to make sure that if the descriptor hasn't been + * processed yet, it won't be. See the end of + * connection_handle_read; connection_reached_eof (indirectly) + * processes whatever response the connection received. */ + + const rend_data_t *rd = (TO_DIR_CONN(conn))->rend_data; + if (!rd) { + log_warn(LD_BUG | LD_REND, + "Marking for close dir conn fetching rendezvous " + "descriptor for unknown service!"); + } else { + log_debug(LD_REND, "Marking for close dir conn fetching v%d " + "rendezvous descriptor for service %s", + (int)(rd->rend_desc_version), + safe_str(rd->onion_address)); + } + connection_mark_for_close(conn); + } + } SMARTLIST_FOREACH_END(conn); +} + /** Remove failed_intro from ent. If ent now has no intro points, or * service is unrecognized, then launch a new renddesc fetch. + * * Return -1 if error, 0 if no intro points remain or service * unrecognized, 1 if recognized and some intro points remain. diff --git a/src/or/rendcommon.c b/src/or/rendcommon.c index d6f5443..ba28cca 100644 --- a/src/or/rendcommon.c +++ b/src/or/rendcommon.c @@ -871,6 +871,16 @@ rend_cache_clean(void) } } +/** Remove ALL entries from the rendezvous service descriptor cache. + */ +void +rend_cache_purge(void) +{ + if (rend_cache) + strmap_free(rend_cache, _rend_cache_entry_free); + rend_cache = strmap_new(); +} + /** Remove all old v2 descriptors and those for which this hidden service * directory is not responsible for any more. */ void

1 0

[tor/maint-0.2.1] Allow rend_client_send_introduction to fail transiently
by nickm＠torproject.org 28 Apr '11

28 Apr '11

commit 2ad18ae7366ce4979b44fa53d0105940005489c0 Author: Robert Ransom <rransom.8774(a)gmail.com> Date: Mon Apr 25 08:36:02 2011 -0700 Allow rend_client_send_introduction to fail transiently i.e. without closing the AP connection. --- changes/forget-rend-descs-on-newnym | 4 ++++ src/or/circuituse.c | 18 ++++++++++++------ src/or/rendclient.c | 20 ++++++++++---------- 3 files changed, 26 insertions(+), 16 deletions(-) diff --git a/changes/forget-rend-descs-on-newnym b/changes/forget-rend-descs-on-newnym index c086973..ab2fd61 100644 --- a/changes/forget-rend-descs-on-newnym +++ b/changes/forget-rend-descs-on-newnym @@ -2,4 +2,8 @@ - Forget all hidden service descriptors cached as a client when processing a SIGNAL NEWNYM command. Fixes bug 3000. Bugfix on 0.0.6. + o Code simplifications and refactoring: + - Allow rend_client_send_introduction to fail without closing the + AP connection permanently. + diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 996c99c..247aca7 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -1560,14 +1560,20 @@ connection_ap_handshake_attach_circuit(edge_connection_t *conn) "introduction. (stream %d sec old)", introcirc->_base.n_circ_id, rendcirc->_base.n_circ_id, conn_age); - if (rend_client_send_introduction(introcirc, rendcirc) < 0) { + switch (rend_client_send_introduction(introcirc, rendcirc)) { + case 0: /* success */ + rendcirc->_base.timestamp_dirty = time(NULL); + introcirc->_base.timestamp_dirty = time(NULL); + assert_circuit_ok(TO_CIRCUIT(rendcirc)); + assert_circuit_ok(TO_CIRCUIT(introcirc)); + return 0; + case -1: /* transient error */ + return 0; + case -2: /* permanent error */ return -1; + default: /* oops */ + tor_fragile_assert(); } - rendcirc->_base.timestamp_dirty = time(NULL); - introcirc->_base.timestamp_dirty = time(NULL); - assert_circuit_ok(TO_CIRCUIT(rendcirc)); - assert_circuit_ok(TO_CIRCUIT(introcirc)); - return 0; } } diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 37cca14..ca846d9 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -77,7 +77,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, log_warn(LD_REND, "query %s didn't have valid rend desc in cache. Failing.", escaped_safe_str(introcirc->rend_data->onion_address)); - goto err; + goto perm_err; } /* first 20 bytes of payload are the hash of Bob's pk */ @@ -115,13 +115,13 @@ rend_client_send_introduction(origin_circuit_t *introcirc, log_info(LD_REND, "Internal error: could not find intro key; we " "only have a v2 rend desc with %d intro points.", num_intro_points); - goto err; + goto perm_err; } } } if (crypto_pk_get_digest(intro_key, payload)<0) { log_warn(LD_BUG, "Internal error: couldn't hash public key."); - goto err; + goto perm_err; } /* Initialize the pending_final_cpath and start the DH handshake. */ @@ -132,11 +132,11 @@ rend_client_send_introduction(origin_circuit_t *introcirc, cpath->magic = CRYPT_PATH_MAGIC; if (!(cpath->dh_handshake_state = crypto_dh_new(DH_TYPE_REND))) { log_warn(LD_BUG, "Internal error: couldn't allocate DH."); - goto err; + goto perm_err; } if (crypto_dh_generate_public(cpath->dh_handshake_state)<0) { log_warn(LD_BUG, "Internal error: couldn't generate g^x."); - goto err; + goto perm_err; } } @@ -186,7 +186,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, if (crypto_dh_get_public(cpath->dh_handshake_state, tmp+dh_offset, DH_KEY_LEN)<0) { log_warn(LD_BUG, "Internal error: couldn't extract g^x."); - goto err; + goto perm_err; } note_crypto_pk_op(REND_CLIENT); @@ -199,7 +199,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, PK_PKCS1_OAEP_PADDING, 0); if (r<0) { log_warn(LD_BUG,"Internal error: hybrid pk encrypt failed."); - goto err; + goto perm_err; } payload_len = DIGEST_LEN + r; @@ -212,17 +212,17 @@ rend_client_send_introduction(origin_circuit_t *introcirc, introcirc->cpath->prev)<0) { /* introcirc is already marked for close. leave rendcirc alone. */ log_warn(LD_BUG, "Couldn't send INTRODUCE1 cell"); - return -1; + return -2; } /* Now, we wait for an ACK or NAK on this circuit. */ introcirc->_base.purpose = CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT; return 0; -err: +perm_err: circuit_mark_for_close(TO_CIRCUIT(introcirc), END_CIRC_REASON_INTERNAL); circuit_mark_for_close(TO_CIRCUIT(rendcirc), END_CIRC_REASON_INTERNAL); - return -1; + return -2; } /** Called when a rendezvous circuit is open; sends a establish

1 0

[obfsproxy/master] Howto instructions for using Tor with obfsproxy.
by nickm＠torproject.org 28 Apr '11

28 Apr '11

commit 7123e54eb9bdbae3fe92d2284105a2fd1e2c5a0f Author: George Kadianakis <desnacked(a)gmail.com> Date: Thu Apr 28 09:56:09 2011 -0400 Howto instructions for using Tor with obfsproxy. --- doc/tor-obfs-howto.txt | 101 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 101 insertions(+), 0 deletions(-) diff --git a/doc/tor-obfs-howto.txt b/doc/tor-obfs-howto.txt new file mode 100644 index 0000000..36ad7a3 --- /dev/null +++ b/doc/tor-obfs-howto.txt @@ -0,0 +1,101 @@ +How to set up Tor with Obfsproxy +================================ + + Preliminaries: + +This isn't the final interface--we should make it much easier. + +This is experimental code--if it breaks, you get to keep both smouldering +pieces. + + + + Ingredients: + +Client side needs: + +* a copy of obfsproxy: + git clone git://git.torproject.org/obfsproxy.git + Building it should be easy, just do "./configure && make". + +* a copy of Tor that supports the Socks5Proxy option. + The git version should do the trick. + +Bridge side needs: + +* a copy of obfsproxy: + git clone git://git.torproject.org/obfsproxy.git + Building it should be easy, just do "./configure && make". + +* a copy of Tor with BridgeRelay capabilities. + Quite easy to find nowadays. + + Port setup: + +Our port setup will be like this: + + 1050 1051 + +-----------+ +------------+ + ----| Proxy |-------------| Server |---- + | +-----------+ +------------+ | + | | ++------------+ +--------------+ +| Tor Client | | Tor Bridge | ++------------+ +--------------+ + 5000 5001 + + + + Setting up obfsproxies: + +This command will setup an obfsproxy socks client listening to the +obfs2 protocol on localhost:1050: +./obfsproxy socks obfs2 127.0.0.1:1050 + +This command will setup an obfsproxy server listening to the +obfs2 protocol on localhost:5001: +./obfsproxy server obfs2 127.0.0.1:1051 127.0.0.1:5001 + + Setting up Tor: + +Let's create .torrc_client and .torrc_bridge. +Warning: I'm only posting the relevant torrc options. + +torrc_client: +--- +SocksPort 5000 +UseBridges 1 +Bridge <bridge host>:1051 # This points to the bridge's obfsproxy server. + # You can change <bridge host> to 127.0.0.1 + # for local testing setup. +Socks5Proxy 127.0.0.1:1050 # This points to our obfsproxy client. +--- + +torrc_bridge: +--- +ORPort 5001 # Port where bridge will be listening on. +BridgeRelay 1 +ExitPolicy reject *:* +--- + + Bootstrap sequence: + +Since we are still in PoC state you have to bootstrap the Tors and the +obfsproxies with the correct sequence: + +1. Fire up server obfsproxy. +2. Fire up tor with torrc_bridge. +3. Fire up client obfsproxy. +4. Fire up tor with torrc_client. + + The End + +Now open Firefox on the client side and set it up to use a Socks +server on 127.0.0.1:5000. +Stuff should work now. + +If you were smart enough to open wireshark and sniff the traffic +before doing all the above, you would notice that the TLS handshake +was not carried out plaintext, effectively obfuscating your Tor +experience. Yes. +

1 0

[metrics-tasks/master] Add R code for #2686.
by karsten＠torproject.org 28 Apr '11

28 Apr '11

commit 3b7c299d3e869d92af69d01f3410dfd566ccc9d8 Author: Karsten Loesing <karsten.loesing(a)gmx.net> Date: Thu Apr 28 10:45:36 2011 +0200 Add R code for #2686. --- task-2686/.gitignore | 2 + task-2686/README | 3 + task-2686/cbt-cutoff-guards.R | 88 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 93 insertions(+), 0 deletions(-) diff --git a/task-2686/.gitignore b/task-2686/.gitignore new file mode 100644 index 0000000..29a7166 --- /dev/null +++ b/task-2686/.gitignore @@ -0,0 +1,2 @@ +*.csv + diff --git a/task-2686/README b/task-2686/README new file mode 100644 index 0000000..cf0ccf5 --- /dev/null +++ b/task-2686/README @@ -0,0 +1,3 @@ +$ R --slave -f filter.R --args *.mergedata +$ R --slave -f cbt-cutoff-guards.R + diff --git a/task-2686/cbt-cutoff-guards.R b/task-2686/cbt-cutoff-guards.R new file mode 100644 index 0000000..08a913c --- /dev/null +++ b/task-2686/cbt-cutoff-guards.R @@ -0,0 +1,88 @@ +# Load ggplot library without printing out stupid warnings +options(warn = -1) +suppressPackageStartupMessages(library("ggplot2")) + +# Read data +cbt <- read.csv("filtered.csv", stringsAsFactors = FALSE) + +# Transform data to put it in an ECDF. +transform <- function(data, filenamepart, guards, cbtcutoff, filesize) { + + # Remove unfinished or timed out downloads + data <- data[data$timeout == FALSE & data$failure == FALSE, ] + + # Remove all other cbt cutoffs and file sizes + data <- data[data$guards == filenamepart & data$filesize == filesize, ] + + # Order data frame by completion time + data <- data[order(data$completemillis), ] + + # Convert to a data frame that has ordered completion times on the x + # axis and CDF value on the y axis, plus source and filesize for + # distinguishing these values from the other data frames we're going to + # bind together. + data <- data.frame( + x = data$completemillis, + y = (1:length(data$completemillis)) / length(data$completemillis), + guards = guards, + cbtcutoff = cbtcutoff, + filesize = filesize, + stringsAsFactors = FALSE) + + # Return the transformed data frame + data +} + +data <- rbind( + transform(cbt, "slow50cbt", "slow", "50", "50kb"), + transform(cbt, "slow60cbt", "slow", "60", "50kb"), + transform(cbt, "slow70cbt", "slow", "70", "50kb"), + transform(cbt, "slow80cbt", "slow", "80", "50kb"), + transform(cbt, "slow99cbt", "slow", "99", "50kb"), + transform(cbt, "slow50cbt", "slow", "50", "1mb"), + transform(cbt, "slow60cbt", "slow", "60", "1mb"), + transform(cbt, "slow70cbt", "slow", "70", "1mb"), + transform(cbt, "slow80cbt", "slow", "80", "1mb"), + transform(cbt, "slow99cbt", "slow", "99", "1mb"), + transform(cbt, "fast50cbt", "fast", "50", "50kb"), + transform(cbt, "fast60cbt", "fast", "60", "50kb"), + transform(cbt, "fast70cbt", "fast", "70", "50kb"), + transform(cbt, "fast80cbt", "fast", "80", "50kb"), + transform(cbt, "fast99cbt", "fast", "99", "50kb"), + transform(cbt, "fast50cbt", "fast", "50", "1mb"), + transform(cbt, "fast60cbt", "fast", "60", "1mb"), + transform(cbt, "fast70cbt", "fast", "70", "1mb"), + transform(cbt, "fast80cbt", "fast", "80", "1mb"), + transform(cbt, "fast99cbt", "fast", "99", "1mb"), + transform(cbt, "regular50cbt", "regular", "50", "50kb"), + transform(cbt, "regular60cbt", "regular", "60", "50kb"), + transform(cbt, "regular70cbt", "regular", "70", "50kb"), + transform(cbt, "regular80cbt", "regular", "80", "50kb"), + transform(cbt, "regular99cbt", "regular", "99", "50kb"), + transform(cbt, "regular50cbt", "regular", "50", "1mb"), + transform(cbt, "regular60cbt", "regular", "60", "1mb"), + transform(cbt, "regular70cbt", "regular", "70", "1mb"), + transform(cbt, "regular80cbt", "regular", "80", "1mb"), + transform(cbt, "regular99cbt", "regular", "99", "1mb")) + +data <- data[data$y <= 0.9975, ] +data <- data[(data$x <= 120000 & data$filesize == "50kb") | + (data$x <= 600000 & data$filesize == "1mb"), ] + +data[data$guards == "slow", "guards"] <- "a) slowest overall" +data[data$guards == "regular", "guards"] <- "c) default" +data[data$guards == "fast", "guards"] <- "e) fastest overall" +data[data$filesize == "50kb", "filesize"] <- "a) 50 KB" +data[data$filesize == "1mb", "filesize"] <- "b) 1 MB" + +ggplot(data, aes(x = x / 1000, y = y, colour = cbtcutoff)) + +geom_line(size = 0.5) + +facet_grid(guards ~ filesize, scale = "free_x") + +scale_x_continuous("\nDownload completion time in seconds") + +scale_y_continuous("Fraction of completed downloads\n", + limits = c(0.85, 1), breaks = seq(0.9, 1, 0.05), formatter = "percent") + +scale_colour_manual("CBT cutoff", breaks = c("50", "60", "70", "80", "99"), + values = alpha("black", c(0.2, 0.35, 0.5, 0.7, 1))) + +opts(title = "Influence of guard nodes and circuit build timeouts on worst case performance\n") +ggsave("cbt-cutoff.png", width = 8, height = 6, dpi = 150) +

1 0

[arm/master] fix: Missed setup.py when renaming interface->cli
by atagar＠torproject.org 28 Apr '11

28 Apr '11

commit 1c907f900b09043c15b2fbdf0d87cdd67f111c18 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Apr 27 21:20:54 2011 -0700 fix: Missed setup.py when renaming interface->cli The setup.py still referenced interface, causing arm to fail to install. --- setup.py | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/setup.py b/setup.py index 9777da1..cb0069f 100644 --- a/setup.py +++ b/setup.py @@ -75,7 +75,7 @@ if "install" in sys.argv: # When installing we include a bundled copy of TorCtl. However, when creating # a deb we have a dependency on the python-torctl package instead: # http://packages.debian.org/unstable/main/python-torctl -installPackages = ['arm', 'arm.interface', 'arm.interface.graphing', 'arm.interface.connections', 'arm.util'] +installPackages = ['arm', 'arm.cli', 'arm.cli.graphing', 'arm.cli.connections', 'arm.util'] if not isDebInstall: installPackages.append('arm.TorCtl') setup(name='arm',

1 0

[arm/master] fix: Stacktrace from unjoined thread at shutdown
by atagar＠torproject.org 28 Apr '11

28 Apr '11

commit c4454e05284d36fb6ecafc9c2f33c7b0a9ffab43 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Apr 27 21:46:21 2011 -0700 fix: Stacktrace from unjoined thread at shutdown There's a rare (but repeated) stack trace due to an unjoined thread at shutdown: Exception in thread Thread-3 (most likely raised during interpreter shutdown): Traceback (most recent call last): File "/usr/lib/python2.6/threading.py", line 525, in __bootstrap_inner File "/home/atagar/Desktop/arm/src/util/sysTools.py", line 542, in run File "/usr/lib/python2.6/threading.py", line 135, in release <type 'exceptions.TypeError'>: 'NoneType' object is not callable This isn't harmful, but it is annoying. This change is attempting to be extra careful that all resourceTracker threads have been joined, and that the controller is stopped beforehand (preventing stray BW events from triggering additional queries). The stacktrace _seems_ to be more commonly caused by long-running arm processes, but I don't have a reliable repro case. --- src/cli/controller.py | 13 ++++++------- src/cli/graphing/resourceStats.py | 4 ++-- src/util/sysTools.py | 21 ++++----------------- 3 files changed, 12 insertions(+), 26 deletions(-) diff --git a/src/cli/controller.py b/src/cli/controller.py index 22d1772..8543ccb 100644 --- a/src/cli/controller.py +++ b/src/cli/controller.py @@ -825,20 +825,19 @@ def drawTorMonitor(stdscr, startTime, loggedEvents, isBlindMode): panels["conn"].join() panels["log"].join() - # joins on utility daemon threads - this might take a moment since - # the internal threadpools being joined might be sleeping conn = torTools.getConn() - myPid = conn.getMyPid() + conn.close() # joins on TorCtl event thread - resourceTracker = sysTools.getResourceTracker(myPid) if (myPid and sysTools.isTrackerAlive(myPid)) else None + # joins on utility daemon threads - this might take a moment since + # the internal threadpools being joined might be sleeping + resourceTrackers = sysTools.RESOURCE_TRACKERS.values() resolver = connections.getResolver("tor") if connections.isResolverAlive("tor") else None - if resourceTracker: resourceTracker.stop() + for tracker in resourceTrackers: tracker.stop() if resolver: resolver.stop() # sets halt flag (returning immediately) hostnames.stop() # halts and joins on hostname worker thread pool - if resourceTracker: resourceTracker.join() + for tracker in resourceTrackers: tracker.join() if resolver: resolver.join() # joins on halted resolver - conn.close() # joins on TorCtl event thread break elif key == curses.KEY_LEFT or key == curses.KEY_RIGHT: # switch page diff --git a/src/cli/graphing/resourceStats.py b/src/cli/graphing/resourceStats.py index f26d5c1..a9a8aee 100644 --- a/src/cli/graphing/resourceStats.py +++ b/src/cli/graphing/resourceStats.py @@ -36,9 +36,9 @@ class ResourceStats(graphPanel.GraphStats): primary, secondary = 0, 0 if self.queryPid: - resourceTracker = sysTools.getResourceTracker(self.queryPid) + resourceTracker = sysTools.getResourceTracker(self.queryPid, True) - if not resourceTracker.lastQueryFailed(): + if resourceTracker and not resourceTracker.lastQueryFailed(): primary, _, secondary, _ = resourceTracker.getResourceUsage() primary *= 100 # decimal percentage to whole numbers secondary /= 1048576 # translate size to MB so axis labels are short diff --git a/src/util/sysTools.py b/src/util/sysTools.py index 8d95733..2775194 100644 --- a/src/util/sysTools.py +++ b/src/util/sysTools.py @@ -347,27 +347,13 @@ def call(command, cacheAge=0, suppressExc=False, quiet=True): return results -def isTrackerAlive(pid): - """ - Provides true if a running, singleton instance exists for the given pid, - false otherwise. - - Arguments: - pid - pid of the process being tracked - """ - - if pid in RESOURCE_TRACKERS: - if RESOURCE_TRACKERS[pid].isAlive(): return True - else: del RESOURCE_TRACKERS[pid] - - return False - -def getResourceTracker(pid): +def getResourceTracker(pid, noSpawn = False): """ Provides a running singleton ResourceTracker instance for the given pid. Arguments: - pid - pid of the process being tracked + pid - pid of the process being tracked + noSpawn - returns None rather than generating a singleton instance if True """ if pid in RESOURCE_TRACKERS: @@ -375,6 +361,7 @@ def getResourceTracker(pid): if tracker.isAlive(): return tracker else: del RESOURCE_TRACKERS[pid] + if noSpawn: return None tracker = ResourceTracker(pid, CONFIG["queries.resourceUsage.rate"]) RESOURCE_TRACKERS[pid] = tracker tracker.start()

1 0

[arm/master] fix: ns/desc lookups could crash descriptor popup
by atagar＠torproject.org 28 Apr '11

28 Apr '11

commit 4ca251a6b4be812d8fdc0468a0ae43bc5595cf27 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Apr 27 19:48:32 2011 -0700 fix: ns/desc lookups could crash descriptor popup The exception handling for the consensus and descriptor lookups in descriptorPopup.py were expecting TorCtl exceptions rather than a None result. Caught by asn. --- src/cli/descriptorPopup.py | 25 +++++++++++-------------- 1 files changed, 11 insertions(+), 14 deletions(-) diff --git a/src/cli/descriptorPopup.py b/src/cli/descriptorPopup.py index cdc959d..d57546c 100644 --- a/src/cli/descriptorPopup.py +++ b/src/cli/descriptorPopup.py @@ -3,9 +3,7 @@ # Released under the GPL v3 (http://www.gnu.org/licenses/gpl.html) import math -import socket import curses -from TorCtl import TorCtl import controller import connections.connEntry @@ -47,20 +45,19 @@ class PopupProperties: self.text.append(UNRESOLVED_MSG) else: conn = torTools.getConn() + self.showLineNum = True - try: - self.showLineNum = True - self.text.append("ns/id/%s" % fingerprint) - self.text += conn.getConsensusEntry(fingerprint).split("\n") - except (socket.error, TorCtl.ErrorReply, TorCtl.TorCtlClosed): - self.text = self.text + [ERROR_MSG, ""] + self.text.append("ns/id/%s" % fingerprint) + consensusEntry = conn.getConsensusEntry(fingerprint) - try: - descCommand = "desc/id/%s" % fingerprint - self.text.append("desc/id/%s" % fingerprint) - self.text += conn.getDescriptorEntry(fingerprint).split("\n") - except (socket.error, TorCtl.ErrorReply, TorCtl.TorCtlClosed): - self.text = self.text + [ERROR_MSG] + if consensusEntry: self.text += consensusEntry.split("\n") + else: self.text = self.text + [ERROR_MSG, ""] + + self.text.append("desc/id/%s" % fingerprint) + descriptorEntry = conn.getDescriptorEntry(fingerprint) + + if descriptorEntry: self.text += descriptorEntry.split("\n") + else: self.text = self.text + [ERROR_MSG] def handleKey(self, key, height): if key == curses.KEY_UP: self.scroll = max(self.scroll - 1, 0)

1 0

[arm/master] fix: Misparsing circut paths for Tor < 0.2.2.1
by atagar＠torproject.org 28 Apr '11

28 Apr '11

commit 03aa67dcb5589e626306e89ef3dc92eb9c300de8 Author: Damian Johnson <atagar(a)torproject.org> Date: Wed Apr 27 21:13:05 2011 -0700 fix: Misparsing circut paths for Tor < 0.2.2.1 For Tor versions prior to 0.2.2.1 our circuit paths could contain nickname-only entries. These were being misparsed (expecting them to always start with fingerprints), resulting in screwed up circuit entries in the connection panel. Caught by asn. --- src/util/torTools.py | 67 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 files changed, 65 insertions(+), 2 deletions(-) diff --git a/src/util/torTools.py b/src/util/torTools.py index 5d8ffd8..b527f1e 100644 --- a/src/util/torTools.py +++ b/src/util/torTools.py @@ -330,6 +330,7 @@ class Controller(TorCtl.PostEventListener): self._fingerprintLookupCache = {} # lookup cache with (ip, port) -> fingerprint mappings self._fingerprintsAttachedCache = None # cache of relays we're connected to self._nicknameLookupCache = {} # lookup cache with fingerprint -> nickname mappings + self._nicknameToFpLookupCache = {} # lookup cache with nickname -> fingerprint mappings self._consensusLookupCache = {} # lookup cache with network status entries self._descriptorLookupCache = {} # lookup cache with relay descriptors self._isReset = False # internal flag for tracking resets @@ -389,6 +390,7 @@ class Controller(TorCtl.PostEventListener): self._fingerprintLookupCache = {} self._fingerprintsAttachedCache = None self._nicknameLookupCache = {} + self._nicknameToFpLookupCache = {} self._consensusLookupCache = {} self._descriptorLookupCache = {} @@ -1164,6 +1166,44 @@ class Controller(TorCtl.PostEventListener): return result + def getNicknameFingerprint(self, relayNickname): + """ + Provides the fingerprint associated with the given relay. This provides + None if no such relay exists. + + Arguments: + relayNickname - nickname of the relay + """ + + self.connLock.acquire() + + result = None + if self.isAlive(): + # determine the nickname if it isn't yet cached + if not relayNickname in self._nicknameToFpLookupCache: + # Fingerprints are base64 encoded hex with an extra '='. For instance... + # GETINFO ns/name/torexp2 -> + # r torexp2 NPfjt8Vjr+drcbbFLQONN3KapNo LxoHteGax7ZNYh/9g/FF8I617fY 2011-04-27 15:20:35 141.161.20.50 9001 0 + # decode base64 of "NPfjt8Vjr+drcbbFLQONN3KapNo=" -> + # "4\xf7\xe3\xb7\xc5c\xaf\xe7kq\xb6\xc5-\x03\x8d7r\x9a\xa4\xda" + # encode hex of the above -> + # "34f7e3b7c563afe76b71b6c52d038d37729aa4da" + + relayFingerprint = None + consensusEntry = self.getInfo("ns/name/%s" % relayNickname) + if consensusEntry: + encodedFp = consensusEntry.split()[2] + decodedFp = (encodedFp + "=").decode('base64').encode('hex') + relayFingerprint = decodedFp.upper() + + self._nicknameToFpLookupCache[relayNickname] = relayFingerprint + + result = self._nicknameToFpLookupCache[relayNickname] + + self.connLock.release() + + return result + def addEventListener(self, listener): """ Directs further tor controller events to callback functions of the @@ -1433,6 +1473,7 @@ class Controller(TorCtl.PostEventListener): self._fingerprintLookupCache = {} self._fingerprintsAttachedCache = None self._nicknameLookupCache = {} + self._nicknameToFpLookupCache = {} self._consensusLookupCache = {} if self._fingerprintMappings != None: @@ -1870,6 +1911,12 @@ class Controller(TorCtl.PostEventListener): # 91 BUILT $E4AE6E2FE320FBBD31924E8577F3289D4BE0B4AD=Qwerty PURPOSE=GENERAL # would belong to a single hop circuit, most likely fetching the # consensus via a directory mirror. + # + # The path is made up of "$<fingerprint>[=<nickname]" entries for new + # versions of Tor, but in versions prior to 0.2.2.1-alpha this was + # just "$<fingerprint>" OR <nickname>. The dolar sign can't be used in + # nicknames so this can be used to differentiate. + circStatusResults = self.getInfo("circuit-status") if circStatusResults == "": @@ -1885,8 +1932,24 @@ class Controller(TorCtl.PostEventListener): # 5 LAUNCHED PURPOSE=TESTING if len(lineComp) < 4: continue - path = tuple([hopEntry[1:41] for hopEntry in lineComp[2].split(",")]) - result.append((int(lineComp[0]), lineComp[1], lineComp[3][8:], path)) + path = [] + for hopEntry in lineComp[2].split(","): + if hopEntry[0] == "$": path.append(hopEntry[1:41]) + else: + relayFingerprint = self.getNicknameFingerprint(hopEntry) + + # It shouldn't be possible for this lookup to fail, but we + # need to fill something (callers won't expect our own client + # paths to have unknown relays). If this turns out to be wrong + # then log a warning. + + if relayFingerprint: path.append(relayFingerprint) + else: + msg = "Unable to determine the fingerprint for a relay in our own circuit: %s" % hopEntry + log.log(log.WARN, msg) + path.append("0" * 40) + + result.append((int(lineComp[0]), lineComp[1], lineComp[3][8:], tuple(path))) elif key == "hsPorts": result = [] hsOptions = self.getOptionMap("HiddenServiceOptions")

1 0

[tor/master] Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
by nickm＠torproject.org 28 Apr '11

28 Apr '11

commit 0130e7c9d2842ad58e1b84829aeab16a2efba3bb Merge: 7f85509 43ffd02 Author: Nick Mathewson <nickm(a)torproject.org> Date: Wed Apr 27 22:14:28 2011 -0400 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 Conflicts: src/common/torint.h changes/bug2475 | 5 +++++ src/common/crypto.c | 2 +- src/common/torint.h | 4 +++- 3 files changed, 9 insertions(+), 2 deletions(-) diff --cc src/common/torint.h index f5bebf8,d489684..0b5c29a --- a/src/common/torint.h +++ b/src/common/torint.h @@@ -329,8 -330,10 +329,10 @@@ typedef uint32_t uintptr_t #endif #endif -/* Any ssize_t larger than this amount is likely to be an underflow. */ ++/** Any ssize_t larger than this amount is likely to be an underflow. */ + #define SSIZE_T_CEILING ((ssize_t)(SSIZE_T_MAX-16)) -/* Any size_t larger than this amount is likely to be an underflow. */ +/** Any size_t larger than this amount is likely to be an underflow. */ - #define SIZE_T_CEILING (SSIZE_T_MAX-16) + #define SIZE_T_CEILING ((size_t)(SSIZE_T_MAX-16)) #endif /* __TORINT_H */

1 0