This patch makes Tor announce the relay specific bridge status page URL
when Tor is starting up before bootstrap occours.

See: tor#30477

In case building the descriptor would fail, we could still flag that we did in
fact publish the descriptors leading to no more attempt at publishing it which
in turn makes the relay silent for some hours and not try to rebuild the
descriptor later.

This has been spotted with #40231 because the operator used a localhost
address for the ORPort and "AssumeReachable 1" leading to this code path where
the descriptor failed to build but all conditions to "can I publish" were met.

Related to #40231

Signed-off-by: David Goulet <dgoulet@torproject.org>

David Goulet authored 4 years ago and Nick Mathewson committed 4 years ago

It turns out that 9 years ago, we stopped appending data into stats file and
rather overwrite everytime we have new stats (see commit
a6a127c8)

The load_stats_file() function was still thinking that we could have the same
line many times in the file which turns out to be false since 9 years ago.
However, that did not cause problem until IPv6 connection stats came along
which introduced a new line in conn-stats: "ipv6-conn-bi-direct ...".

Before, that file contained a single line starting with the tag
"conn-bi-direct".  That very tag appears also in the IPv6 tag (see above) so
the load_stats_file() function would consider that the IPv6 line as the last
tag to be appeneded to the file and fail to report the line above (for IPv4).
It would actually truncate the IPv6 line and report it (removing the "ipv6-"
part).

In other words, "conn-bi-direct" was not reported and instead
"ipv6-conn-bi-direct" was used without the "ipv6-" part.

This commit refactors the entire function so that now it looks for a
"timestamp tag" to validate and then if everything is fine, returns the entire
content of the file. The refactor simplifies the function, adds logging in
case of failures and modernize it in terms of coding standard.

Unit tests are also added that makes sure the loaded content matches the
entire file if timestamp validation passes.

Fixes #40226

Signed-off-by: David Goulet <dgoulet@torproject.org>

Alexander Hansen Færøy authored 4 years ago and Nick Mathewson committed 4 years ago

This patch makes Tor announce the relay specific bridge status page URL
when Tor is starting up before bootstrap occours.

See: tor#30477

Previously, we would treat *any* incoming circuit on a non-local
channel as meaning that our ORPort was reachable.  With this patch,
we make sure that the address that the peer _says_ we have is the
same as the one we're trying to advertise right now.

Closes 20165. Bugfix on 4f5192b2 in 0.1.0.1-rc, when
reachability self-tests were first introduced.

On an IPv6 reachability failure test, if the address was configured, don't
publish the descriptor and log warn. If the address was auto discovered, still
publish the descriptor.

Closes #33247.

Signed-off-by: David Goulet <dgoulet@torproject.org>

These now (or_port and dir_port) now have "find" names, since they
look at the portcfg first, then at the actual ports from the
listeners.

This is an automated commit, generated by this command:

./scripts/maint/rename_c_identifier.py \
        router_get_advertised_or_port routerconf_find_or_port \
        router_get_advertised_ipv6_or_ap routerconf_find_ipv6_or_ap \
        router_has_advertised_ipv6_orport routerconf_has_ipv6_orport \
        router_get_advertised_dir_port routerconf_find_dir_port

I had incorrectly believed that the router.c file was disabled when
we were building with relay mode disabled.

These parameters do not suppress checks, but they tell relays that
it's okay to publish even when those checks fail.

I have chosen lowercase hyphenated names, since these seem to be
more common in networkstatus params.

Closes #33224 and part of #34064.

This commit moves router_pick_published_address() and the related helper
functions into the new file.

The log_addr_has_changed() function has been made public in router.h so we can
use it in relay_resolve_addr.c.

This is a refactoring as part of Sponsor 55. Only code movement at this
commit.

Part of #33789

Signed-off-by: David Goulet <dgoulet@torproject.org>

Split "can extend over IPv6" and "has advertised IPv6 ORPort" into
separate functions. They currently have the same result, but this may
change in 33818 with ExtendAllowIPv6Addresses.

Part of 33817.

Add IPv4-only and IPv6-only tests for
circuit_open_connection_for_extend().

Part of 33817.

When an EXTEND2 cell has an IPv4 and an IPv6 address, choose one of them
uniformly at random.

Part of 33817.

When IPv6 ORPorts are set to "auto", tor relays and bridges would
advertise an incorrect port in their descriptor.

This may be a low-severity memory safety issue, because the published
port number may be derived from uninitialised or out-of-bounds memory
reads.

Fixes bug 32588; bugfix on 0.2.3.9-alpha.

Without this, -O0 builds fail, which is a sign that LTO builds may
fail too.

Part of 32123.

Also fix a missing mock in rsa-only parsing.

Tests 29017 and 29018.

Also, explicitly state when routerinfos and extra-infos are signed.
And tidy up some other comments.

Preparation for testing 29017 and 20918.

Tidy the arguments and return values of these functions, and clean up their
memory management.

Preparation for testing 29017 and 20918.

This patch has routers use the same canonicalization logic as
authorities when encoding their family lists.  Additionally, they
now warn if any router in their list is given by nickname, since
that's error-prone.

This patch also adds some long-overdue tests for family formatting.

Make them only include the headers that they needed, and sort their
headers while we're at it.

Since this is completely core functionality, I'm putting it in
core/mainloop, even though it depends on feature/hibernate. We'll
have to sort that out in the future.

(It turns out that some of the functions in router.h didn't even
exist any more, so I just got to delete their declarations completely.)

Note that I haven't separated the headers yet (there's still an

This is also used by onion services, so it needs to go in another
module.

David Goulet authored 6 years ago and Nick Mathewson committed 6 years ago

The OpenSSL "RSA" object is currently 408 bytes compares to the ASN.1 encoding
which is 140 for a 1024 RSA key.

We save 268 bytes per descriptor (routerinfo_t) *and* microdescriptor
(microdesc_t). Scaling this to 6000 relays, and considering client usually
only have microdescriptors, we save 1.608 MB of RAM which is considerable for
mobile client.

This commit makes it that we keep the RSA onion public key (used for TAP
handshake) in ASN.1 format instead of an OpenSSL RSA object.

Changes is done in both routerinfo_t and microdesc_t.

Closes #27246

Signed-off-by: David Goulet <dgoulet@torproject.org>