Welcome back ONION_V2_HOSTNAME! :)

Related to #40266
Signed-off-by: David Goulet <dgoulet@torproject.org>

Some days before this commit, the network experienced a DDoS on the directory
authorities that prevented them to generate a consensus for more than 5 hours
straight.

That in turn entirely disabled onion service v3, client and service side, due
to the subsystem requiring a live consensus to function properly.

We know require a reasonably live consensus which means that the HSv3
subsystem will to its job for using the best consensus tor can find. If the
entire network is using an old consensus, than this should be alright.

If the service happens to use a live consensus while a client is not, it
should still work because the client will use the current SRV it sees which
might be the previous SRV for the service for which it still publish
descriptors for.

If the service is using an old one and somehow can't get a new one while
clients are on a new one, then reachability issues might arise. However, this
is a situation we already have at the moment since the service will simply not
work if it doesn't have a live consensus while a client has one.

Fixes #40237

Signed-off-by: David Goulet <dgoulet@torproject.org>

Samanta Navarro authored Nov 11, 2020 and David Goulet committed Nov 12, 2020

Typos found with codespell.

Please keep in mind that this should have impact on actual code
and must be carefully evaluated:

src/core/or/lttng_circuit.inc
-    ctf_enum_value("CONTROLER", CIRCUIT_PURPOSE_CONTROLLER)
+    ctf_enum_value("CONTROLLER", CIRCUIT_PURPOSE_CONTROLLER)

This changes a LOT of code but in the end, behavior is the same.
Unfortunately, many functions had to be changed to accomodate but in majority
of cases, to become simpler.

Functions are also removed specifically those that were there to convert an
IPv4 as a host format to a tor_addr_t. Those are not needed anymore.

The IPv4 address field has been standardized to "ipv4_addr", the ORPort to
"ipv4_orport" (currently IPv6 uses ipv6_orport) and DirPort to "ipv4_dirport".

This is related to Sponsor 55 work that adds IPv6 support for relays and this
work is needed in order to have a common interface between IPv4 and IPv6.

Closes #40043.
Signed-off-by: David Goulet <dgoulet@torproject.org>

Guinness authored Jul 08, 2020 and David Goulet committed Jul 08, 2020

This commit modifies the behavior of `parse_extended_address` in such a way
that if it fails, it will always return a `BAD_HOSTNAME` value, which is then
used to return the 0xF6 extended error code.  This way, in any case that is
not a valid v2 address, we return the 0xF6 error code, which is the expected
behavior.
Signed-off-by: David Goulet <dgoulet@torproject.org>

This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        voting_schedule_recalculate_timing dirauth_sched_recalculate_timing \
        voting_schedule_get_start_of_next_interval voting_sched_get_start_of_interval_after \
        voting_schedule_get_next_valid_after_time dirauth_sched_get_next_valid_after_time

David Goulet authored Jan 13, 2020 and Nick Mathewson committed Jan 21, 2020

The hs_parse_address() can not be used without an options_t object existing
since on error it uses the escaped_safe_str() that looks at the options.

This new function won't log and returns an error message in case of failure
that can then be used to log.
Signed-off-by: David Goulet <dgoulet@torproject.org>

In order to achieve this, the parse_extended_hostname() had to be refactored
to return either success or failure and setting the hostname type in the given
parameter.

The reason for that is so it can detect invalid onion addresses that is having
a ".onion", the right length but just not passing validation.

That way, we can send back the prop304 ExtendedError "X'F1' Onion Service
Descriptor Is Invalid" to notify the SOCKS connection of the invalid onion
address.

Part of #30382
Signed-off-by: David Goulet <dgoulet@torproject.org>

Coverity is worried that we check "service" at the end of these test
functions, since it doesn't see any way to reach the cleanup code
without having first dereferenced the variable.

Removing the check would be unwise in this case: instead we add a
tt_assert check before using "service" so that coverity thinks that
the check is doing something useful.

Bugfix on 0.3.2.1-alpha.

This should fix about 15 CID issues, where coverity can't tell that
hs_free_all() frees the service we allocated.

Parts of this C file naturally belong in dircache, dirclient, and
dircommon: so, move them there.

haxxpop authored Apr 14, 2018 and David Goulet committed Sep 07, 2018

Previously, we encrypted the descriptor without the descriptor cookie. This
commit, when the client auth is enabled, the descriptor cookie is always used.

I also removed the code that is used to generate fake auth clients because it
will not be used anymore.
Signed-off-by: David Goulet <dgoulet@torproject.org>

George Kadianakis authored Jul 17, 2018 and Nick Mathewson committed Jul 17, 2018

The following bug was causing many issues for this branch in chutney:

In sr_state_get_start_time_of_current_protocol_run() we were using the
consensus valid-after to calculate beginning_of_current_round, but we were
using time(NULL) to calculate the current_round slot. This was causing time
sync issues when the consensus valid-after and time(NULL) were disagreeing on
what the current round is. Our fix is to use the consensus valid-after in both
places.

This also means that we are not using 'now' (aka time(NULL)) anymore in that
function, and hence we can remove that argument from the function (and its
callers). I'll do this in the next commit so that we keep things separated.

Furthermore, we fix a unittest that broke.

George Kadianakis authored Jun 14, 2018 and Nick Mathewson committed Jul 17, 2018

Now that the rev counter depends on the local time, we need to be more careful
in the unittests. Some unittests were breaking because they were using
consensus values from 1985, but they were not updating the local time
appropriately. That was causing the OPE module to complain that it was trying
to encrypt insanely large values.

I am very glad to have written this script.

Inline its contents (which were all includes) into or.h, and some of
its contents into other places that didn't include or.h at all.

Fewer modules needed this than I had expected.

This patch fixes a memory leak in helper_add_hsdir_to_networkstatus()
where the rs object might not get properly freed.

See: Coverity CID 1437427.

I was expecting this to be much worse.

This test was using the current time to pick the time period number,
and a randomly generated hs key.  Therefore, it sometimes picked an
index that would wrap around the example dht, and sometimes would
not.

The fix here is just to fix the time period and the public key.

Fixes bug 25997; bugfix on 0.3.2.1-alpha.

By doing so, it is renamed to voting_schedule_recalculate_timing(). This
required a lot of changes to include voting_schedule.h everywhere that this
function was used.

This effectively now makes voting_schedule.{c|h} not include dirauth/dirvote.h
for that symbol and thus no dependency on the dirauth module anymore.
Signed-off-by: David Goulet <dgoulet@torproject.org>

This is a pretty big commit but it only moves these files to src/or/dirauth:

  dircollate.c dirvote.c shared_random.c shared_random_state.c
  dircollate.h dirvote.h shared_random.h shared_random_state.h

Then many files are modified to change the include line for those header files
that have moved into a new directory.

Without using --disable-module-dirauth, everything builds fine. When using the
flag to disable the module, tor doesn't build due to linking errors. This will
be addressed in the next commit(s).

No code behavior change.
Signed-off-by: David Goulet <dgoulet@torproject.org>

Changing the name of this function should help keep us from misusing
it when node_has_preferred_descriptor() would be more appropriate.