When talking about the "master" Tor checkout, we now refer to it as "the
primary Tor repository". The "master" branch is instead called "main".

See: tpo/core/team#2.

This patch is part of a series of patches where we try to change our
primary branch name of tor.git from master to main.

See: team#2

Jigsaw52 authored 4 years ago and anonym committed 3 years ago

When seccomp sandbox is active, SAVECONF failed because it was not
able to save the backup files for torrc. This commit simplifies
the implementation of SAVECONF and sandbox by making it keep only
one backup of the configuration file.

The connection type for the listener part was missing from the "is
connection a listener" function.

This lead to our periodic event that retries our listeners to keep
trying to bind() again on an already opened MetricsPort.

Closes #40370

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

This resulted in the labels not being surrounded by double quotes and
thus Prometheus not liking it.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

Emit on the MetricsPort all the DNS statistics we have that is the total
number of queries seen and errors per record type.

Related to #40367

Signed-off-by: David Goulet <dgoulet@torproject.org>

We now keep track of all errors and total number of request seen. This
is so we can expose those values to the MetricsPort to help Exit
operators monitor the DNS requests and failures.

Related to #40367.

Signed-off-by: David Goulet <dgoulet@torproject.org>

This emits two events (read and write) of the total number that the
global connection limit was reached.

Related to #40367

Signed-off-by: David Goulet <dgoulet@torproject.org>

With this commit, a relay will emit metrics that give the total number
of sockets and total number of opened sockets.

Related to #40367

Signed-off-by: David Goulet <dgoulet@torproject.org>

With this commit, a relay now emits metrics event on the MetricsPort
related to how many onionskins were handled (processed or dropped) for
each handshake type.

Related to #40367

Signed-off-by: David Goulet <dgoulet@torproject.org>

With this commit, a relay now emits metrics event on the MetricsPort
related to the OOM invocation for:

  - DNS cache
  - GeoIP database
  - Cell queues
  - HSDir caches

Everytime the OOM is invoked, the number of bytes is added to the
metrics counter for that specific type of invocation.

Related to #40367

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

The basic functions for the relay subsystem to expose metrics onto the
MetricsPort.

Part of #40367

Signed-off-by: David Goulet <dgoulet@torproject.org>

Signed-off-by: David Goulet <dgoulet@torproject.org>

It is a common function that a lot of subsystem can use which is to
format a label so move it out of the HS subsystem into the more generic
metrics library.

Signed-off-by: David Goulet <dgoulet@torproject.org>

An entry can have multiple labels but only print once the comments at
the first one. This follows the Promtheus best practices.

Signed-off-by: David Goulet <dgoulet@torproject.org>

Patch from cypherpunks. Closes #40330.

"ours" to avoid version bump.

"ours" to avoid version bump.

This patch unbreaks the current build after tor!369 landed.

See: https://bugs.torproject.org/tpo/core/tor/40371

This change permits the newfstatat() system call, and fixes issues
40382 (and 40381).

This isn't a free change.  From the commit:

    // Libc 2.33 uses this syscall to implement both fstat() and stat().
    //
    // The trouble is that to implement fstat(fd, &st), it calls:
    //     newfstatat(fs, "", &st, AT_EMPTY_PATH)
    // We can't detect this usage in particular, because "" is a pointer
    // we don't control.  And we can't just look for AT_EMPTY_PATH, since
    // AT_EMPTY_PATH only has effect when the path string is empty.
    //
    // So our only solution seems to be allowing all fstatat calls, which
    // means that an attacker can stat() anything on the filesystem. That's
    // not a great solution, but I can't find a better one.