GitLab

at 2026-03-02T17:49:55+01:00

fixup! TB 40933: Add tor-launcher functionality

TB 44635: Gather conflux information on circuits.

fixup! TB 40933: Add tor-launcher functionality

TB 44635: Gather conflux information on circuits.

Proactively gather data about the circuits in TorProvider, and send the
complete information about a circuit, not only its node fingerprints.
Also, gather conflux sets, and send both conflux circuits to the
circuit display backend.

fixup! TB 3455: Add DomainIsolator, for isolating circuit by domain.

TB 44635: Gather conflux information on circuits.

Reword CircuitID to IsolationKey, for better clarity.

fixup! TB 3455: Add DomainIsolator, for isolating circuit by domain.

TB 44635: Gather conflux information on circuits.

Relay information collection now happens at the tor provider level.
So, adapt the code of TorDomainIsolator to take the data alrady
prepared.

fixup! TB 41600: Add a tor circuit display panel.

TB 44635: Gather conflux information on circuits.

Consume only the first circuit on the circuit display.

fixup! TB 42247: Android helpers for the TorProvider

TB 44635: Gather conflux information on circuits.

Update the getCircuit name to getCircuits.

   _updateCurrentBrowser() {

     const browser = gBrowser.selectedBrowser;

     const domain = TorDomainIsolator.getDomainForBrowser(browser);

-    const nodes = TorDomainIsolator.getCircuit(

+    const circuits = TorDomainIsolator.getCircuits(

       browser,

       domain,

       browser.contentPrincipal.originAttributes.userContextId

     );

+    // TODO: Handle multiple circuits (for conflux). Only show the primary

+    // circuit until the UI for that is developed.

+    const nodes = circuits.length ? circuits[0] : [];

     // We choose the currentURI, which matches what is shown in the URL bar and

     // will match up with the domain.

     // In contrast, documentURI corresponds to the shown page. E.g. it could

    * @return The circuit information as a {@link GeckoResult} object.

    */

   @AnyThread

-  public @NonNull GeckoResult<GeckoBundle> getTorCircuit() {

-    return mEventDispatcher.queryBundle("GeckoView:GetTorCircuit");

+  public @NonNull GeckoResult<GeckoBundle> getTorCircuits() {

+    return mEventDispatcher.queryBundle("GeckoView:GetTorCircuits");

   }

   /**

       case "GeckoView:HasCookieBannerRuleForBrowsingContextTree":

         this._hasCookieBannerRuleForBrowsingContextTree(aCallback);

         break;

-      case "GeckoView:GetTorCircuit":

-        this._getTorCircuit(aCallback);

+      case "GeckoView:GetTorCircuits":

+        this._getTorCircuits(aCallback);

         break;

       case "GeckoView:NewTorCircuit":

         this._newTorCircuit(aCallback);

     }

   }

-  _getTorCircuit(aCallback) {

+  _getTorCircuits(aCallback) {

     if (this.browser && aCallback) {

       const domain = lazy.TorDomainIsolator.getDomainForBrowser(this.browser);

-      const nodes = lazy.TorDomainIsolator.getCircuit(

+      const circuits = lazy.TorDomainIsolator.getCircuits(

         this.browser,

         domain,

         this.browser.contentPrincipal.originAttributes.userContextId

       );

-      aCallback?.onSuccess({ domain, nodes });

+      aCallback?.onSuccess({ domain, circuits });

     } else {

       aCallback?.onSuccess(null);

     }

  */

 /**

  * The ID of a circuit.

- * From control-spec.txt:

+ * From the control port specs:

  *   CircuitID = 1*16 IDChar

  *   IDChar = ALPHA / DIGIT

  *   Currently, Tor only uses digits, but this may change.

  *

  * @typedef {string} CircuitID

  */

+/**

+ * The ID to match paired conflux circuits.

+ * From the control port specs:

+ *   ConfluxID = 32*HEXDIG

+ *

+ * @typedef {string} ConfluxID

+ */

 /**

  * The ID of a stream.

- * From control-spec.txt:

+ * From the control port specs:

  *   CircuitID = 1*16 IDChar

  *   IDChar = ALPHA / DIGIT

  *   Currently, Tor only uses digits, but this may change.

  */

 /**

  * The fingerprint of a node.

- * From control-spec.txt:

+ * From the control port specs:

  *   Fingerprint = "$" 40*HEXDIG

  * However, we do not keep the $ in our structures.

  *

 /**

  * @typedef {object} CircuitInfo

  * @property {CircuitID} id The ID of a circuit

- * @property {NodeFingerprint[]} nodes List of node fingerprints

+ * @property {NodeFingerprint[]} nodes List of node fingerprints, ordered from

+ * guard/bridge to exit.

+ * @property {ConfluxID} [confluxId] The conflux ID, for associating conflux

+ * circuits.

  */

 /**

  * @typedef {object} Bridge

     }

     const cmd = `GETCONF ${key}`;

     const reply = await this.#sendCommand(cmd);

-    // From control-spec.txt: a 'default' value semantically different from an

-    // empty string will not have an equal sign, just `250 $key`.

+    // From the control port specs: a 'default' value semantically different

+    // from an empty string will not have an equal sign, just `250 $key`.

     const defaultRe = new RegExp(`^250[-\\s]${key}$`, "gim");

     if (reply.match(defaultRe)) {

       return [];

           data.groups.data

         );

         if (maybeCircuit) {

-          this.#eventHandler.onCircuitBuilt(

-            maybeCircuit.id,

-            maybeCircuit.nodes

-          );

+          this.#eventHandler.onCircuitBuilt(maybeCircuit);

         } else if (closedEvent) {

           this.#eventHandler.onCircuitClosed(closedEvent.groups.ID);

         }

    */

   #parseCircBuilt(line) {

     const builtEvent =

-      /^(?<ID>[a-zA-Z0-9]{1,16})\sBUILT\s(?<Path>(,?\$([0-9a-fA-F]{40})(?:~[a-zA-Z0-9]{1,19})?)+)/.exec(

+      /^(?<ID>[a-zA-Z0-9]{1,16})\sBUILT\s(?<Path>(,?\$([0-9a-fA-F]{40})(?:~[a-zA-Z0-9]{1,19})?)+)(?<details>.*)/.exec(

         line

       );

     if (!builtEvent) {

     const nodes = Array.from(builtEvent.groups.Path.matchAll(fp), g =>

       g[1].toUpperCase()

     );

+    const circuit = { id: builtEvent.groups.ID, nodes };

+

     // In some cases, we might already receive SOCKS credentials in the

     // line. However, this might be a problem with Onion services: we get

     // also a 4-hop circuit that we likely do not want to show to the

     // need a technical explaination.

     // So we do not try to extract them for now. Otherwise, we could do

     // const credentials = this.#parseCredentials(line);

-    return { id: builtEvent.groups.ID, nodes };

+

+    // NOTE: We use a greedy leading ".*" to skip over previous fields that

+    // can contain arbitrary strings, like SOCKS_USERNAME and SOCKS_PASSWORD,

+    // which allows them to contain " CONFLUX_ID=" within their values.

+    // Although such a value is not expected from the usernames and passwords we

+    // set in Tor Browser, it may be set by an external tor user.

+    // NOTE: This assumes there is no other arbitrary string field after

+    // CONFLUX_ID.

+    const maybeConfluxId = builtEvent.groups.details.match(

+      /.* CONFLUX_ID=([0-9a-fA-F]{32,})(?:$| )/

+    );

+    if (maybeConfluxId) {

+      circuit.confluxId = maybeConfluxId[1];

+    }

+

+    return circuit;

   }

   /**

 /**

  * @callback OnCircuitBuilt

  *

- * @param {CircuitID} id The id of the circuit that has been built

- * @param {NodeFingerprint[]} nodes The onion routers composing the circuit

+ * @param {CircuitInfo} circuit The information about the circuit

  */

 /**

  * @callback OnCircuitClosed

 const lazy = {};

 ChromeUtils.defineESModuleGetters(lazy, {

+  ObjectUtils: "resource://gre/modules/ObjectUtils.sys.mjs",

   TorProviderBuilder: "resource://gre/modules/TorProviderBuilder.sys.mjs",

   TorProviderTopics: "resource://gre/modules/TorProviderBuilder.sys.mjs",

 });

 const CLEAR_TIMEOUT = 600_000;

 /**

- * @typedef {string} CircuitId A string that we use to identify a circuit.

- * Currently, it is a string that combines SOCKS credentials, to make it easier

- * to use as a map key.

- * It is not related to Tor's CircuitIDs.

+ * @typedef {string} IsolationKey A string that we use to identify an isolation

+ * key. Currently, it is a string that combines SOCKS credentials.

+ * Each isolation key is used to identify a set of circuits.

  */

 /**

  * @typedef {number} BrowserId

  */

-/**

- * @typedef {NodeData[]} CircuitData The data about the nodes, ordered from

- * guard (or bridge) to exit.

- */

 /**

  * @typedef BrowserCircuits Circuits related to a certain combination of

  * isolators (first-party domain and user context ID, currently).

- * @property {CircuitId} current The id of the last known circuit that has been

- * used to fetch data for the isolated context.

- * @property {CircuitId?} pending The id of the last used circuit for this

- * isolation context. We might or might not know data about it, yet. But if we

- * know it, we should move this id into current.

+ * @property {IsolationKey} current The last isolation key for which circuit

+ * information is known.

+ * @property {IsolationKey?} pending The last used isolation key.

+ * We might or might not know data about it, yet. But if we know it, we should

+ * move this key into current, and pending should be made null.

  */

 /**

   #catchallDirtySince = Date.now();

   /**

-   * A map that associates circuit ids to the circuit information.

+   * A map that associates an isolation context to its circuits.

    *

-   * @type {Map<CircuitId, CircuitData>}

+   * The circuits are represented with a multidimensional array.

+   * The outer layer contains an array for each circuit of the isolation context

+   * (when conflux is in use, a certain isolation context might use more than a

+   * circuit).

+   * The inner layer contains the data about a certain circuit, ordered from

+   * guard/bridge to exit.

+   *

+   * @type {Map<IsolationKey, NodeData[][]>}

    */

   #knownCircuits = new Map();

   }

   /**

-   * Get the last circuit used in a certain browser.

-   * The returned data is created when the circuit is first seen, therefore it

+   * Get the circuits being used for a certain browser. There may be multiple

+   * if conflux is being used.

+   *

+   * Note, this returns the last known circuits for the browser. In particular,

+   * the returned data is created when the circuit is first seen, therefore it

    * could be stale (i.e., the circuit might not be available anymore).

    *

    * @param {MozBrowser} browser The browser to get data for

    * for

    * @param {number} userContextId The user context domain we want to get the

    * circuit for

-   * @returns {NodeData[]} The node data, or an empty array if we do not have

-   * data for the requested key.

+   * @returns {NodeData[][]} An array of all the circuits being used for this

+   * context. Each circuit is represented by an array of nodes, ordered from

+   * the guard/bridge to the exit. If the context has no known circuits, then

+   * this will be an empty array.

    */

-  getCircuit(browser, domain, userContextId) {

+  getCircuits(browser, domain, userContextId) {

     const username = this.#makeUsername(domain, userContextId);

     const circuits = this.#browsers.get(browser.browserId)?.get(username);

     // This is the only place where circuit data can go out, so the only place

         // TODO: What UX to use here? See tor-browser#41708

       }

     } else if (topic === lazy.TorProviderTopics.CircuitCredentialsMatched) {

-      const { username, password, circuit } = subject.wrappedJSObject;

-      this.#updateCircuit(username, password, circuit);

+      const { username, password, circuits } = subject.wrappedJSObject;

+      this.#updateCircuits(username, password, circuits);

     }

   }

    *

    * @param {string} username The SOCKS username

    * @param {string} password The SOCKS password

-   * @returns {CircuitId} A string that combines username and password and can

-   * be used for map lookups.

+   * @returns {IsolationKey} A string that combines username and password and

+   * can be used as a key for maps.

    */

-  #credentialsToId(username, password) {

+  #credentialsToKey(username, password) {

     return `${username}|${password}`;

   }

       this.#browsers.set(browser.browserId, browserCircuits);

     }

     const circuitIds = browserCircuits.get(username) ?? {};

-    const id = this.#credentialsToId(username, password);

+    const id = this.#credentialsToKey(username, password);

     if (circuitIds.current === id) {

       // The circuit with these credentials was already built (we already knew

       // its nodes, or we would not have promoted it to the current circuit).

   }

   /**

-   * Update a circuit, and notify the related circuit displays if it changed.

+   * Update the circuits associated to a certain isolation context, and notify

+   * the related circuit displays if they changed.

    *

    * This function is called when a certain stream has succeeded and so we can

-   * associate its SOCKS credential to the circuit it is using.

-   * We receive only the fingerprints of the circuit nodes, but they are enough

-   * to check if the circuit has changed. If it has, we also get the nodes'

-   * information through the control port.

+   * associate its SOCKS credentials to the circuit it is using.

    *

    * @param {string} username The SOCKS username

    * @param {string} password The SOCKS password

-   * @param {NodeFingerprint[]} circuit The fingerprints of the nodes that

-   * compose the circuit

+   * @param {NodeData[][]} circuits The circuits being used for this isolation

+   * context. Each is represented by an array of nodes.

    */

-  async #updateCircuit(username, password, circuit) {

-    const id = this.#credentialsToId(username, password);

-    let data = this.#knownCircuits.get(id) ?? [];

-    // Should we modify the lower layer to send a circuit identifier, instead?

-    if (

-      circuit.length === data.length &&

-      circuit.every((fp, index) => fp === data[index].fingerprint)

-    ) {

+  async #updateCircuits(username, password, circuits) {

+    const key = this.#credentialsToKey(username, password);

+    let current = this.#knownCircuits.get(key);

+    if (lazy.ObjectUtils.deepEqual(current, circuits)) {

       return;

     }

-

-    const provider = await lazy.TorProviderBuilder.build();

-    data = await Promise.all(

-      circuit.map(fingerprint => provider.getNodeInfo(fingerprint))

-    );

-    logger.debug(`Updating circuit ${id}`, data);

-    this.#knownCircuits.set(id, data);

+    logger.info(`Updating circuits for ${key}`, circuits);

+    this.#knownCircuits.set(key, circuits);

     // We know that something changed, but we cannot know if anyone is

     // interested in this change. So, we have to notify all the possible

     // consumers of the data in any case.

    * built before the new identity but not yet used. If we cleaned the map, we

    * risked of not having the data about it.

    *

-   * @type {Map<CircuitID, Promise<NodeFingerprint[]>>}

+   * @type {Map<CircuitID, CircuitInfo>}

    */

   #circuits = new Map();

+

+  /**

+   * Cache with node information.

+   *

+   * As a matter of fact, the circuit display backend continuously ask for

+   * information about the same nodes (e.g., the guards/bridges, and the exit

+   * for conflux circuits).

+   * Therefore, we can keep a cache of them to avoid a few control port lookups.

+   * And since it is likely we will get asked information about all nodes that

+   * appear in circuits, we can build this cache proactively.

+   *

+   * @type {Map<NodeFingerprint, Promise<NodeData>>}

+   */

+  #nodeInfo = new Map();

+

   /**

    * The last used bridge, or null if bridges are not in use or if it was not

    * possible to detect the bridge. This needs the user to have specified bridge

     );

   }

-  /**

-   * Returns tha data about a relay or a bridge.

-   *

-   * @param {string} id The fingerprint of the node to get data about

-   * @returns {Promise<NodeData>}

-   */

-  async getNodeInfo(id) {

-    const node = {

-      fingerprint: id,

-      ipAddrs: [],

-      bridgeType: null,

-      regionCode: null,

-    };

-    const bridge = (await this.#controller.getBridges())?.find(

-      foundBridge => foundBridge.id?.toUpperCase() === id.toUpperCase()

-    );

-    if (bridge) {

-      node.bridgeType = bridge.transport ?? "";

-      // Attempt to get an IP address from bridge address string.

-      const ip = bridge.addr.match(/^\[?([^\]]+)\]?:\d+$/)?.[1];

-      if (ip && !ip.startsWith("0.")) {

-        node.ipAddrs.push(ip);

-      }

-    } else {

-      node.ipAddrs = await this.#controller.getNodeAddresses(id);

-    }

-    // tor-browser#43116, tor-browser-build#41224: on Android, we do not ship

-    // the GeoIP databases to save some space. So skip it for now.

-    if (node.ipAddrs.length && !TorLauncherUtil.isAndroid) {

-      // Get the country code for the node's IP address.

-      try {

-        // Expect a 2-letter ISO3166-1 code, which should also be a valid

-        // BCP47 Region subtag.

-        const regionCode = await this.#controller.getIPCountry(node.ipAddrs[0]);

-        if (regionCode && regionCode !== "??") {

-          node.regionCode = regionCode.toUpperCase();

-        }

-      } catch (e) {

-        logger.warn(`Cannot get a country for IP ${node.ipAddrs[0]}`, e);

-      }

-    }

-    return node;

-  }

-

   /**

    * Add a private key to the Tor configuration.

    *

     return crypto.getRandomValues(new Uint8Array(kPasswordLen));

   }

+  // Circuit handling.

+

   /**

    * Ask Tor the circuits it already knows to populate our circuit map with the

    * circuits that were already open before we started listening for events.

    */

   async #fetchCircuits() {

-    for (const { id, nodes } of await this.#controller.getCircuits()) {

-      this.onCircuitBuilt(id, nodes);

+    for (const circuit of await this.#controller.getCircuits()) {

+      this.onCircuitBuilt(circuit);

+    }

+  }

+

+  /**

+   * Returns tha data about a relay or a bridge.

+   *

+   * @param {string} id The fingerprint of the node to get data about

+   * @returns {Promise<NodeData>}

+   */

+  #getNodeInfo(id) {

+    // This is an async method, so it will not insert the result, but a promise.

+    // However, this is what we want.

+    const info = this.#nodeInfo.getOrInsertComputed(id, async () => {

+      const node = {

+        fingerprint: id,

+        ipAddrs: [],

+        bridgeType: null,

+        regionCode: null,

+      };

+

+      const bridge = (await this.#controller.getBridges())?.find(

+        foundBridge => foundBridge.id?.toUpperCase() === id.toUpperCase()

+      );

+      if (bridge) {

+        node.bridgeType = bridge.transport ?? "";

+        // Attempt to get an IP address from bridge address string.

+        const ip = bridge.addr.match(/^\[?([^\]]+)\]?:\d+$/)?.[1];

+        if (ip && !ip.startsWith("0.")) {

+          node.ipAddrs.push(ip);

+        }

+      } else {

+        node.ipAddrs = await this.#controller.getNodeAddresses(id);

+      }

+

+      // tor-browser#43116, tor-browser-build#41224: on Android, we do not ship

+      // the GeoIP databases to save some space. So skip it for now.

+      if (node.ipAddrs.length && !TorLauncherUtil.isAndroid) {

+        // Get the country code for the node's IP address.

+        try {

+          // Expect a 2-letter ISO3166-1 code, which should also be a valid

+          // BCP47 Region subtag.

+          const regionCode = await this.#controller.getIPCountry(

+            node.ipAddrs[0]

+          );

+          if (regionCode && regionCode !== "??") {

+            node.regionCode = regionCode.toUpperCase();

+          }

+        } catch (e) {

+          logger.warn(`Cannot get a country for IP ${node.ipAddrs[0]}`, e);

+        }

+      }

+      return node;

+    });

+

+    const MAX_NODES = 300;

+    while (this.#nodeInfo.size > MAX_NODES) {

+      const oldestKey = this.#nodeInfo.keys().next().value;

+      this.#nodeInfo.delete(oldestKey);

     }

+

+    return info;

   }

   // Notification handlers

    * If a change of bridge is detected (including a change from bridge to a

    * normal guard), a notification is broadcast.

    *

-   * @param {CircuitID} id The circuit ID

-   * @param {NodeFingerprint[]} nodes The nodes that compose the circuit

+   * @param {CircuitInfo} circuit The information about the circuit

    */

-  async onCircuitBuilt(id, nodes) {

-    this.#circuits.set(id, nodes);

-    logger.debug(`Built tor circuit ${id}`, nodes);

+  onCircuitBuilt(circuit) {

+    logger.debug(`Built tor circuit ${circuit.id}`, circuit);

+

     // Ignore circuits of length 1, that are used, for example, to probe

     // bridges. So, only store them, since we might see streams that use them,

     // but then early-return.

-    if (nodes.length === 1) {

+    if (circuit.nodes.length === 1) {

       return;

     }

-    if (this.#currentBridge?.fingerprint !== nodes[0]) {

-      const nodeInfo = await this.getNodeInfo(nodes[0]);

+    this.#circuits.set(circuit.id, circuit);

+

+    for (const fingerprint of circuit.nodes) {

+      // To make the pending onStreamSentConnect call for this circuit faster,

+      // we pre-fetch the node data, which should be cached by the time it is

+      // called. No need to await here.

+      this.#getNodeInfo(fingerprint);

+    }

+

+    this.#maybeBridgeChanged(circuit);

+  }

+

+  /**

+   * Broadcast a bridge change, if needed.

+   *

+   * @param {CircuitInfo} circuit The information about the circuit

+   */

+  #maybeBridgeChanged(circuit) {

+    if (this.#currentBridge?.fingerprint === circuit.nodes[0]) {

+      return;

+    }

+    this.#getNodeInfo(circuit.nodes[0]).then(nodeInfo => {

       let notify = false;

       if (nodeInfo?.bridgeType) {

-        logger.info(`Bridge changed to ${nodes[0]}`);

+        logger.info(`Bridge changed to ${circuit.nodes[0]}`);

         this.#currentBridge = nodeInfo;

         notify = true;

       } else if (this.#currentBridge) {

       if (notify) {

         Services.obs.notifyObservers(null, TorProviderTopics.BridgeChanged);

       }

-    }

+    });

   }

   /**

   /**

    * Handle a notification about a stream switching to the sentconnect status.

    *

-   * @param {StreamID} streamId The ID of the stream that switched to the

+   * @param {StreamID} _streamId The ID of the stream that switched to the

    * sentconnect status.

    * @param {CircuitID} circuitId The ID of the circuit used by the stream

    * @param {string} username The SOCKS username

    * @param {string} password The SOCKS password

    */

-  async onStreamSentConnect(streamId, circuitId, username, password) {

+  async onStreamSentConnect(_streamId, circuitId, username, password) {

     if (!username || !password) {

       return;

     }

     logger.debug("Stream sentconnect event", username, password, circuitId);

-    let circuit = this.#circuits.get(circuitId);

-    if (!circuit) {

-      circuit = new Promise((resolve, reject) => {

-        this.#controlConnection.getCircuits().then(circuits => {

-          for (const { id, nodes } of circuits) {

-            if (id === circuitId) {

-              resolve(nodes);

-              return;

-            }

-            // Opportunistically collect circuits, since we are iterating them.

-            this.#circuits.set(id, nodes);

-          }

-          logger.error(

-            `Seen a STREAM SENTCONNECT with circuit ${circuitId}, but Tor did not send information about it.`

-          );

-          reject();

-        });

-      });

-      this.#circuits.set(circuitId, circuit);

+    if (!this.#circuits.has(circuitId)) {

+      // tor-browser#42132: When using onion-grater (e.g., in Tails), we might

+      // not receive the CIRC BUILT event, as it is impossible to know whether

+      // that circuit will be the browser's at that point. So, we will have to

+      // poll circuits and wait for that to finish to be able to get the data.

+      try {

+        await this.#fetchCircuits();

+      } catch {

+        return;

+      }

     }

-    try {

-      circuit = await circuit;

-    } catch {

+

+    const primaryCircuit = this.#circuits.get(circuitId);

+    if (!primaryCircuit) {

+      logger.error(

+        `Seen a STREAM SENTCONNECT with circuit ${circuitId}, but Tor did not send information about it.`

+      );

       return;

     }

+

+    const circuitIds = [circuitId];

+    if (primaryCircuit.confluxId) {

+      circuitIds.push(

+        ...this.#circuits

+          .entries()

+          .filter(

+            ([id, circ]) =>

+              circ.confluxId === primaryCircuit.confluxId && id != circuitId

+          )

+          .map(([id]) => id)

+      );

+    }

+    const circuits = await Promise.all(

+      circuitIds.map(id =>

+        Promise.all(this.#circuits.get(id).nodes.map(n => this.#getNodeInfo(n)))

+      )

+    );

     Services.obs.notifyObservers(

       {

         wrappedJSObject: {

           username,

           password,

-          circuit,

+          circuits,

         },

       },

       TorProviderTopics.CircuitCredentialsMatched

Pier Angelo Vendrame pushed to branch tor-browser-148.0a1-16.0-2 at The Tor Project / Applications / Tor Browser

Commits:

6 changed files:

Changes: