The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2020-06-27T13:52:13Zhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27655TB 8.5a1 fails to load reachable onion services2020-06-27T13:52:13ZtraumschuleTB 8.5a1 fails to load reachable onion servicesSometimes i fail to load reachable onion services with TB 8.5a1.
I usually double check with another local tor service and reach the site with `torsocks w3m $address`.
Tested with Tor's onion services and my own v3 services.
Nothing s...Sometimes i fail to load reachable onion services with TB 8.5a1.
I usually double check with another local tor service and reach the site with `torsocks w3m $address`.
Tested with Tor's onion services and my own v3 services.
Nothing special in the log. Copied Tor Log To Clipboard, last lines:
```
9/12/18, 10:53:52.230 [NOTICE] Heartbeat: Tor's uptime is 4 days 6:00 hours, with 9 circuits open. I've sent <scrubbed>
9/12/18, 10:53:52.240 [NOTICE] Average packaged cell fullness: 47.910%. TLS write overhead: 4%
```Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27649rust protover double-counts protocol versions2020-06-27T13:52:13ZTracrust protover double-counts protocol versionsOr triple-, or N-counts. `"Bar=1,1,1,1,1,1,1"` gets parsed as 7 votes.
It fails the unit test from legacy/trac#27205.
**Trac**:
**Username**: cyberpunksOr triple-, or N-counts. `"Bar=1,1,1,1,1,1,1"` gets parsed as 7 votes.
It fails the unit test from legacy/trac#27205.
**Trac**:
**Username**: cyberpunksTor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27648Stop setting the IPv6 preferred flag on nodes2020-07-28T23:00:38ZteorStop setting the IPv6 preferred flag on nodesInstead:
* for guards, decide on the address to use at random
* for bridges, decide on the address to use at random, but make it more likely that we will use the configured addressInstead:
* for guards, decide on the address to use at random
* for bridges, decide on the address to use at random, but make it more likely that we will use the configured addressTor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27647When randomly choosing IPv4 or IPv6, set IPv6 probability based on IPv6 weight2020-06-27T13:52:13ZteorWhen randomly choosing IPv4 or IPv6, set IPv6 probability based on IPv6 weightWe can't make 50% of clients use IPv6 until most relays have IPv6. Otherwise, we would overload the IPv6 Guards. Right now, about 25% of Guard consensus weight has IPv6:
https://metrics.torproject.org/advbw-ipv6.html
When we are randoml...We can't make 50% of clients use IPv6 until most relays have IPv6. Otherwise, we would overload the IPv6 Guards. Right now, about 25% of Guard consensus weight has IPv6:
https://metrics.torproject.org/advbw-ipv6.html
When we are randomly choosing IPv4 or IPv6, we need to set the initial IPv6 probability based on the IPv6 Guard consensus weight. (Or the number of IPv6 bridges, if we're using bridges.)
With IPv4-only, IPv6-only, and DualStack Entry nodes, the formulas are:
```
IPv4-capable-weight = IPv4-only + DualStack
IPv6-capable-weight = IPv6-only + DualStack
Total-weight = IPv4-only + IPv6-only + DualStack
IPv4-capable-fraction = IPv4-capable-weight / Total-weight
IPv6-capable-fraction = IPv6-capable-weight / Total-weight
IPv4-probability = IPv4-capable-fraction / (IPv4-capable-fraction + IPv6-capable-fraction)
IPv6-probability = IPv6-capable-fraction / (IPv4-capable-fraction + IPv6-capable-fraction)
```
We should update these probabilities whenever we get a new consensus, new bridge lines, or new bridge descriptors.Tor: unspecifiedNeel Chauhanneel@neelc.orgNeel Chauhanneel@neelc.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/27645Add unit tests for UTF-8 and invalid ContactInfo lines2022-06-16T18:03:18ZteorAdd unit tests for UTF-8 and invalid ContactInfo linesIn legacy/trac#27428, we reject non-UTF-8 ContactInfo lines.
We should add some tests to test_options.c for UTF-8 and invalid ContactInfo lines.In legacy/trac#27428, we reject non-UTF-8 ContactInfo lines.
We should add some tests to test_options.c for UTF-8 and invalid ContactInfo lines.https://gitlab.torproject.org/tpo/core/tor/-/issues/27644wrong documentation of networkstatus_read_cached_consensus_impl2020-06-27T13:52:14ZTracwrong documentation of networkstatus_read_cached_consensus_implIt says false when it meant to say 'true.'
**Trac**:
**Username**: cyberpunksIt says false when it meant to say 'true.'
**Trac**:
**Username**: cyberpunksTor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27631Update to September GeoIP2 database2020-06-27T13:52:14ZKarsten LoesingUpdate to September GeoIP2 database[My geoip-2018-09-06 branch](https://gitweb.torproject.org/user/karsten/tor.git/log/?h=geoip-2018-09-06) contains the updated `geoip` and `geoip6` files with IPv4 and IPv6 ranges and is supposed to be merged into maint-0.2.9 and other b...[My geoip-2018-09-06 branch](https://gitweb.torproject.org/user/karsten/tor.git/log/?h=geoip-2018-09-06) contains the updated `geoip` and `geoip6` files with IPv4 and IPv6 ranges and is supposed to be merged into maint-0.2.9 and other branches that are still maintained.Tor: 0.2.9.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27630use strcmpstart() in rend_parse_v2_service_descriptor2020-06-27T13:52:14ZTracuse strcmpstart() in rend_parse_v2_service_descriptor
**Trac**:
**Username**: cyberpunks
**Trac**:
**Username**: cyberpunksTor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27629add len argument to consensus parsing functions2020-06-27T13:52:14ZTracadd len argument to consensus parsing functions
**Trac**:
**Username**: cyberpunks
**Trac**:
**Username**: cyberpunksTor: 0.4.0.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27625add unit tests for tokenize_string() and get_next_token()2020-06-27T13:52:14ZTracadd unit tests for tokenize_string() and get_next_token()It looks like there aren't any.
**Trac**:
**Username**: cyberpunksIt looks like there aren't any.
**Trac**:
**Username**: cyberpunksTor: 0.4.0.x-finalrl1987rl1987https://gitlab.torproject.org/tpo/core/tor/-/issues/27620Use trunnel to parse and generate SOCKS wire format in tor-resolve2021-08-23T15:16:06Zrl1987Use trunnel to parse and generate SOCKS wire format in tor-resolveTor: 0.4.0.x-finalrl1987rl1987https://gitlab.torproject.org/tpo/core/tor/-/issues/27618LLVM scan-build: src/tools/tor-resolve.c:224:3: warning: Value stored to 'soc...2020-06-27T13:52:14Zrl1987LLVM scan-build: src/tools/tor-resolve.c:224:3: warning: Value stored to 'socklen' is never read```
src/tools/tor-resolve.c:224:3: warning: Value stored to 'socklen' is never read
socklen = tor_addr_to_sockaddr(sockshost, socksport,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
``````
src/tools/tor-resolve.c:224:3: warning: Value stored to 'socklen' is never read
socklen = tor_addr_to_sockaddr(sockshost, socksport,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
```Tor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27615Travis cache sticky failures2020-07-28T22:58:00ZTaylor YuTravis cache sticky failuresIt looks like there's at least one example of Travis caching corrupt artifacts in a way that causes "sticky" failures when attempting to rebuild that subjob. I had to clear the caches to get it to rebuild.
We should keep track of futur...It looks like there's at least one example of Travis caching corrupt artifacts in a way that causes "sticky" failures when attempting to rebuild that subjob. I had to clear the caches to get it to rebuild.
We should keep track of future instances of this kind of failure. We should also decide whether the speedup from the cache is worth the time spent diagnosing persistent failures that turn out to be cached.
```
gcc -std=gnu99 -ftrapv -fsanitize=address -g -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-all -Wstack-protector --param ssp-buffer-size=1 -fPIE -fno-omit-frame-pointer -fasynchronous-unwind-tables -Wall -fno-strict-aliasing -Waddress -Warray-bounds -Wdouble-promotion -Wextra -Winit-self -Wlogical-op -Wmissing-field-initializers -Wmissing-format-attribute -Wmissing-noreturn -Wnormalized=nfkc -Woverlength-strings -Woverride-init -Wshadow -Wstrict-overflow=1 -Wsuggest-attribute=format -Wsuggest-attribute=noreturn -Wsync-nand -Wtrampolines -Wunused-but-set-parameter -Wunused-but-set-variable -Wunused-local-typedefs -Wvariadic-macros -W -Wfloat-equal -Wundef -Wpointer-arith -Wstrict-prototypes -Wmissing-prototypes -Wwrite-strings -Wredundant-decls -Wchar-subscripts -Wcomment -Wformat=2 -Wwrite-strings -Wnested-externs -Wbad-function-cast -Wswitch-enum -Waggregate-return -Wpacked -Wunused -Wunused-parameter -Wold-style-definition -Wmissing-declarations -Werror -pie -z relro -z now -rdynamic -o src/test/test src/test/src_test_test-log_test_helpers.o src/test/src_test_test-hs_test_helpers.o src/test/src_test_test-rend_test_helpers.o src/test/src_test_test-test.o src/test/src_test_test-test_accounting.o src/test/src_test_test-test_addr.o src/test/src_test_test-test_address.o src/test/src_test_test-test_address_set.o src/test/src_test_test-test_bridges.o src/test/src_test_test-test_buffers.o src/test/src_test_test-test_bwmgt.o src/test/src_test_test-test_cell_formats.o src/test/src_test_test-test_cell_queue.o src/test/src_test_test-test_channel.o src/test/src_test_test-test_channelpadding.o src/test/src_test_test-test_channeltls.o src/test/src_test_test-test_checkdir.o src/test/src_test_test-test_circuitlist.o src/test/src_test_test-test_circuitmux.o src/test/src_test_test-test_circuitbuild.o src/test/src_test_test-test_circuituse.o src/test/src_test_test-test_circuitstats.o src/test/src_test_test-test_compat_libevent.o src/test/src_test_test-test_config.o src/test/src_test_test-test_connection.o src/test/src_test_test-test_conscache.o src/test/src_test_test-test_consdiff.o src/test/src_test_test-test_consdiffmgr.o src/test/src_test_test-test_containers.o src/test/src_test_test-test_controller.o src/test/src_test_test-test_controller_events.o src/test/src_test_test-test_crypto.o src/test/src_test_test-test_crypto_ope.o src/test/src_test_test-test_data.o src/test/src_test_test-test_dir.o src/test/src_test_test-test_dir_common.o src/test/src_test_test-test_dir_handle_get.o src/test/src_test_test-test_dos.o src/test/src_test_test-test_entryconn.o src/test/src_test_test-test_entrynodes.o src/test/src_test_test-test_geoip.o src/test/src_test_test-test_guardfraction.o src/test/src_test_test-test_extorport.o src/test/src_test_test-test_hs.o src/test/src_test_test-test_hs_common.o src/test/src_test_test-test_hs_config.o src/test/src_test_test-test_hs_cell.o src/test/src_test_test-test_hs_ntor.o src/test/src_test_test-test_hs_service.o src/test/src_test_test-test_hs_client.o src/test/src_test_test-test_hs_intropoint.o src/test/src_test_test-test_hs_control.o src/test/src_test_test-test_handles.o src/test/src_test_test-test_hs_cache.o src/test/src_test_test-test_hs_descriptor.o src/test/src_test_test-test_introduce.o src/test/src_test_test-test_keypin.o src/test/src_test_test-test_link_handshake.o src/test/src_test_test-test_logging.o src/test/src_test_test-test_mainloop.o src/test/src_test_test-test_microdesc.o src/test/src_test_test-test_nodelist.o src/test/src_test_test-test_oom.o src/test/src_test_test-test_oos.o src/test/src_test_test-test_options.o src/test/src_test_test-test_pem.o src/test/src_test_test-test_periodic_event.o src/test/src_test_test-test_policy.o src/test/src_test_test-test_procmon.o src/test/src_test_test-test_proto_http.o src/test/src_test_test-test_proto_misc.o src/test/src_test_test-test_protover.o src/test/src_test_test-test_pt.o src/test/src_test_test-test_relay.o src/test/src_test_test-test_relaycell.o src/test/src_test_test-test_relaycrypt.o src/test/src_test_test-test_rendcache.o src/test/src_test_test-test_replay.o src/test/src_test_test-test_router.o src/test/src_test_test-test_routerkeys.o src/test/src_test_test-test_routerlist.o src/test/src_test_test-test_routerset.o src/test/src_test_test-test_scheduler.o src/test/src_test_test-test_shared_random.o src/test/src_test_test-test_socks.o src/test/src_test_test-test_status.o src/test/src_test_test-test_storagedir.o src/test/src_test_test-test_threads.o src/test/src_test_test-test_tortls.o src/test/src_test_test-test_util.o src/test/src_test_test-test_util_format.o src/test/src_test_test-test_util_process.o src/test/src_test_test-test_voting_schedule.o src/test/src_test_test-test_x509.o src/test/src_test_test-test_helpers.o src/test/src_test_test-test_dns.o src/test/src_test_test-testing_common.o src/test/src_test_test-testing_rsakeys.o src/ext/src_test_test-tinytest.o src/test/src_test_test-test_crypto_openssl.o src/test/src_test_test-test_tortls_openssl.o src/core/libtor-app-testing.a src/lib/libtor-compress-testing.a src/lib/libtor-evloop-testing.a src/lib/libtor-tls-testing.a src/lib/libtor-crypt-ops-testing.a src/ext/keccak-tiny/libkeccak-tiny.a src/lib/libcurve25519_donna.a src/ext/ed25519/ref10/libed25519_ref10.a src/ext/ed25519/donna/libed25519_donna.a src/lib/libtor-process-testing.a src/lib/libtor-time-testing.a src/lib/libtor-fs-testing.a src/lib/libtor-encoding-testing.a src/lib/libtor-sandbox-testing.a src/lib/libtor-container-testing.a src/lib/libtor-net-testing.a src/lib/libtor-thread-testing.a src/lib/libtor-memarea-testing.a src/lib/libtor-math-testing.a src/lib/libtor-meminfo-testing.a src/lib/libtor-osinfo-testing.a src/lib/libtor-term-testing.a src/lib/libtor-log-testing.a src/lib/libtor-lock-testing.a src/lib/libtor-fdio-testing.a src/lib/libtor-string-testing.a src/lib/libtor-smartlist-core-testing.a src/lib/libtor-malloc-testing.a src/lib/libtor-wallclock-testing.a src/lib/libtor-err-testing.a src/lib/libtor-intmath.a src/lib/libtor-ctime-testing.a src/trunnel/libor-trunnel-testing.a src/lib/libtor-trace.a -lz -lm -levent -lssl -lcrypto -llzma -lscrypt -lseccomp -lcap -lpthread -ldl
src/core/libtor-app.a(connection.o): In function `connection_process_inbuf':
/home/travis/build/tlyu/tor/src/core/mainloop/connection.c:4582: undefined reference to `TO_EDGE_CONN'
src/core/libtor-app.a(connection.o): In function `connection_flushed_some':
/home/travis/build/tlyu/tor/src/core/mainloop/connection.c:4608: undefined reference to `TO_EDGE_CONN'
/home/travis/build/tlyu/tor/src/core/mainloop/connection.c:4608: undefined reference to `connection_edge_flushed_some'
```
This seems to have been something like a corrupted libtor-app.a or connection_edge.o that got cached.Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27606Handle coverity issues related to recently merged HS client auth2020-06-27T13:52:15ZGeorge KadianakisHandle coverity issues related to recently merged HS client authTor: 0.3.5.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27594new warning: Requested exit point '<snip>' is not known. Closing.2020-07-28T22:58:32Ztoralfnew warning: Requested exit point '<snip>' is not known. Closing.Get this at a stable Debian with Tor 0.3.3.9 (git-ca1a436fa8e53a32) since today regularly every x hours at a bridge.
This didn't happened before.
It is always the same $snip key. There aren't other warnings in warn.logGet this at a stable Debian with Tor 0.3.3.9 (git-ca1a436fa8e53a32) since today regularly every x hours at a bridge.
This didn't happened before.
It is always the same $snip key. There aren't other warnings in warn.logTor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27593Call CRYPTO_set_mem_functions with tor_malloc, tor_realloc and tor_free2020-07-28T22:58:51Zrl1987Call CRYPTO_set_mem_functions with tor_malloc, tor_realloc and tor_freelegacy/trac#8415 deals with attaching our memory management code to libevent. We should do the same with OpenSSL.
Note that OpenSSL had some API changes in last few years in this area.legacy/trac#8415 deals with attaching our memory management code to libevent. We should do the same with OpenSSL.
Note that OpenSSL had some API changes in last few years in this area.Tor: unspecifiedhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27563cached_dir_t for consensus is redundant with conscache code2022-06-17T12:59:56ZNick Mathewsoncached_dir_t for consensus is redundant with conscache codeWe can throw away the cached_dir_t that we use to store our consensus as a directory cache, if we use the consensus cache code instead. This would save a few MB of ram.We can throw away the cached_dir_t that we use to store our consensus as a directory cache, if we use the consensus cache code instead. This would save a few MB of ram.https://gitlab.torproject.org/tpo/core/tor/-/issues/27550hs-v3: Don't warn so loudly when tor is unable to decode a descriptor2020-06-27T13:52:15ZDavid Gouletdgoulet@torproject.orghs-v3: Don't warn so loudly when tor is unable to decode a descriptorWith legacy/trac#20700, we introduce client authorization making tor client without it trying to access a .onion with it to be unable to decode the descriptor. This leads to big warnings:
```
Sep 07 13:55:44.156 [info] handle_response_f...With legacy/trac#20700, we introduce client authorization making tor client without it trying to access a .onion with it to be unable to decode the descriptor. This leads to big warnings:
```
Sep 07 13:55:44.156 [info] handle_response_fetch_hsdesc_v3(): Received v3 hsdesc (body size 14111, status 200 ("OK"))
Sep 07 13:55:44.157 [warn] Encrypted service descriptor MAC check failed
Sep 07 13:55:44.157 [warn] Decrypting encrypted desc failed.
Sep 07 13:55:44.157 [warn] Service descriptor decryption failed.
Sep 07 13:55:44.157 [warn] Could not parse received descriptor as client.
...
```
We should definitely not print warning if decoding fails but maybe a "unable to use descriptor" instead and the rest at info level.
Second, there is the retry behavior. Two cases:
1) Tor is configured with client authorization for A.onion:
If we get the descriptor and unable to decode A.onion while we know we have a client authorization configured, I think we should make Tor stop and just tell the user that it didn't worked.
2) Tor doesn't have client authorization for A.onion
In that case, if the decoding fails, we should *probably* make Tor stop trying on all HSDir and instead go at notice level saying "Unable to access A.onion. Maybe you need authorization?" kind of message.
Failing to decode a descriptor now is imo highly unlikely so we could assume that in this case, chances are that you'll get a better descriptor at the next HSDir are thin!Tor: 0.3.3.x-finalhttps://gitlab.torproject.org/tpo/core/tor/-/issues/27549hs-v3: Refactor the descriptor cookie computation code2021-09-16T14:28:09ZDavid Gouletdgoulet@torproject.orghs-v3: Refactor the descriptor cookie computation codeThese functions have very very similar code for computing `hs_desc_build_authorized_client()` and `decrypt_descriptor_cookie()` for computing the keys for the client authorization.
We should refactor this and consolidate since they do ...These functions have very very similar code for computing `hs_desc_build_authorized_client()` and `decrypt_descriptor_cookie()` for computing the keys for the client authorization.
We should refactor this and consolidate since they do the same work on both sides (client and service).CollecTor 1.7.0David Gouletdgoulet@torproject.orgDavid Gouletdgoulet@torproject.orghttps://gitlab.torproject.org/tpo/core/tor/-/issues/27547hs-v3: Client authorization feature needs a changes file and man page2020-06-27T13:52:16ZDavid Gouletdgoulet@torproject.orghs-v3: Client authorization feature needs a changes file and man pageTo remind ourselves that we can't release 035 without the changes file and man page entry for the v3 client authorization.To remind ourselves that we can't release 035 without the changes file and man page entry for the v3 client authorization.Tor: 0.3.5.x-final