Merge branch 'maint-0.3.3' into maint-0.3.4

changes/bug24104

@@ -0,0 +1,4 @@
+  o Minor bugfix (relay statistics):
+    - Update relay descriptor on bandwidth changes only when the uptime is
+      smaller than 24h in order to reduce the efficiency of guard discovery
+      attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.

src/or/rephist.c

@@ -1,5 +1,5 @@
 /* Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -1203,8 +1203,8 @@ find_largest_max(bw_array_t *b)
  *
  * Return the smaller of these sums, divided by NUM_SECS_ROLLING_MEASURE.
  */
-int
-rep_hist_bandwidth_assess(void)
+MOCK_IMPL(int,
+rep_hist_bandwidth_assess,(void))
 {
   uint64_t w,r;
   r = find_largest_max(read_array);
@@ -3205,4 +3205,3 @@ rep_hist_free_all(void)
   tor_assert_nonfatal(rephist_total_alloc == 0);
   tor_assert_nonfatal_once(rephist_total_num == 0);
 }
-

src/or/rephist.h

@@ -1,7 +1,7 @@
 /* Copyright (c) 2001 Matej Pfajfar.
  * Copyright (c) 2001-2004, Roger Dingledine.
  * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
- * Copyright (c) 2007-2017, The Tor Project, Inc. */
+ * Copyright (c) 2007-2018, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 /**
@@ -22,7 +22,7 @@ void rep_hist_make_router_pessimal(const char *id, time_t when);
 void rep_hist_note_dir_bytes_read(size_t num_bytes, time_t when);
 void rep_hist_note_dir_bytes_written(size_t num_bytes, time_t when);
 
-int rep_hist_bandwidth_assess(void);
+MOCK_DECL(int, rep_hist_bandwidth_assess, (void));
 char *rep_hist_get_bandwidth_lines(void);
 void rep_hist_update_state(or_state_t *state);
 int rep_hist_load_state(or_state_t *state, char **err);
@@ -137,4 +137,3 @@ void rep_hist_prep_published_padding_counts(time_t now);
 void rep_hist_padding_count_timers(uint64_t num_timers);
 
 #endif /* !defined(TOR_REPHIST_H) */
-

src/or/router.c

@@ -2630,14 +2630,30 @@ mark_my_descriptor_dirty(const char *reason)
  * if our previous bandwidth estimate was exactly 0. */
 #define MAX_BANDWIDTH_CHANGE_FREQ (3*60*60)
 
+/** Maximum uptime to republish our descriptor because of large shifts in
+ * estimated bandwidth. */
+#define MAX_UPTIME_BANDWIDTH_CHANGE (24*60*60)
+
+/** By which factor bandwidth shifts have to change to be considered large. */
+#define BANDWIDTH_CHANGE_FACTOR 2
+
 /** Check whether bandwidth has changed a lot since the last time we announced
- * bandwidth. If so, mark our descriptor dirty. */
+ * bandwidth while the uptime is smaller than MAX_UPTIME_BANDWIDTH_CHANGE.
+ * If so, mark our descriptor dirty. */
 void
 check_descriptor_bandwidth_changed(time_t now)
 {
   static time_t last_changed = 0;
   uint64_t prev, cur;
   const routerinfo_t *my_ri = router_get_my_routerinfo();
+
+  int hibernating = we_are_hibernating();
+
+  /* If the relay uptime is bigger than MAX_UPTIME_BANDWIDTH_CHANGE,
+   * the next regularly scheduled descriptor update (18h) will be enough */
+  if (get_uptime() > MAX_UPTIME_BANDWIDTH_CHANGE && !hibernating)
+    return;
+
   if (!my_ri) /* make sure routerinfo exists */
     return;
 
@@ -2645,10 +2661,10 @@ check_descriptor_bandwidth_changed(time_t now)
 
   /* Consider ourselves to have zero bandwidth if we're hibernating or
    * shutting down. */
-  cur = we_are_hibernating() ? 0 : rep_hist_bandwidth_assess();
+  cur = hibernating ? 0 : rep_hist_bandwidth_assess();
   if ((prev != cur && (!prev || !cur)) ||
-      cur > prev*2 ||
-      cur < prev/2) {
+      cur > (prev * BANDWIDTH_CHANGE_FACTOR) ||
+      cur < (prev / BANDWIDTH_CHANGE_FACTOR) ) {
     if (last_changed+MAX_BANDWIDTH_CHANGE_FREQ < now || !prev) {
       log_info(LD_GENERAL,
                "Measured bandwidth has changed; rebuilding descriptor.");

src/test/log_test_helpers.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2015-2017, The Tor Project, Inc. */
+/* Copyright (c) 2015-2018, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 #define LOG_PRIVATE
 #include "torlog.h"
@@ -158,6 +158,26 @@ mock_saved_log_has_message_containing(const char *msg)
   return 0;
 }
 
+/**
+ * Return true iff there is not a message recorded by log capture
+ * that contains <b>msg</b> as a substring.
+ */
+int
+mock_saved_log_has_message_not_containing(const char *msg)
+{
+  if (saved_logs) {
+    SMARTLIST_FOREACH(
+      saved_logs, mock_saved_log_entry_t *, m,
+      {
+        if (msg && m->generated_msg && strstr(m->generated_msg, msg))
+          return 0;
+      }
+    );
+  }
+
+  return 1;
+}
+
 /** Return true iff the saved logs have any messages with <b>severity</b> */
 int
 mock_saved_log_has_severity(int severity)
@@ -238,4 +258,3 @@ mock_dump_saved_logs(void)
            escaped(m->generated_msg));
   } SMARTLIST_FOREACH_END(m);
 }
-

src/test/log_test_helpers.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2014-2017, The Tor Project, Inc. */
+/* Copyright (c) 2014-2018, The Tor Project, Inc. */
 /* See LICENSE for licensing information */
 
 #include "or.h"
@@ -24,6 +24,7 @@ void teardown_capture_of_logs(void);
 
 int mock_saved_log_has_message(const char *msg);
 int mock_saved_log_has_message_containing(const char *msg);
+int mock_saved_log_has_message_not_containing(const char *msg);
 int mock_saved_log_has_severity(int severity);
 int mock_saved_log_has_entry(void);
 int mock_saved_log_n_entries(void);
@@ -46,6 +47,10 @@ void mock_dump_saved_logs(void);
   assert_log_predicate(mock_saved_log_has_message_containing(str), \
                 "expected log to contain " # str);
 
+#define expect_log_msg_not_containing(str) \
+  assert_log_predicate(mock_saved_log_has_message_not_containing(str), \
+                "expected log to not contain " # str);
+
 #define expect_log_msg_containing_either(str1, str2)                    \
   assert_log_predicate(mock_saved_log_has_message_containing(str1) ||   \
                        mock_saved_log_has_message_containing(str2),     \
@@ -106,4 +111,3 @@ void mock_dump_saved_logs(void);
                 "expected log to not contain entries");
 
 #endif /* !defined(TOR_LOG_TEST_HELPERS_H) */
-

src/test/test_router.c

@@ -11,11 +11,15 @@
 #include "config.h"
 #include "crypto_curve25519.h"
 #include "crypto_ed25519.h"
+#include "hibernate.h"
+#include "main.h"
+#include "rephist.h"
 #include "router.h"
 #include "routerlist.h"
 
 /* Test suite stuff */
 #include "test.h"
+#include "log_test_helpers.h"
 
 NS_DECL(const routerinfo_t *, router_get_my_routerinfo, (void));
 
@@ -102,11 +106,129 @@ test_router_dump_router_to_string_no_bridge_distribution_method(void *arg)
   tor_free(desc);
 }
 
+static routerinfo_t *mock_router_get_my_routerinfo_result = NULL;
+
+static const routerinfo_t *
+mock_router_get_my_routerinfo(void)
+{
+  return mock_router_get_my_routerinfo_result;
+}
+
+static long
+mock_get_uptime_3h(void)
+{
+  return 3*60*60;
+}
+
+static long
+mock_get_uptime_1d(void)
+{
+  return 24*60*60;
+}
+
+static int
+mock_rep_hist_bandwidth_assess(void)
+{
+  return 20001;
+}
+
+static int
+mock_we_are_not_hibernating(void)
+{
+  return 0;
+}
+
+static int
+mock_we_are_hibernating(void)
+{
+  return 0;
+}
+
+static void
+test_router_check_descriptor_bandwidth_changed(void *arg)
+{
+  (void)arg;
+  routerinfo_t routerinfo;
+  memset(&routerinfo, 0, sizeof(routerinfo));
+  mock_router_get_my_routerinfo_result = NULL;
+
+  MOCK(we_are_hibernating, mock_we_are_not_hibernating);
+  MOCK(router_get_my_routerinfo, mock_router_get_my_routerinfo);
+  mock_router_get_my_routerinfo_result = &routerinfo;
+
+  /* When uptime is less than 24h, no previous bandwidth, no last_changed
+   * Uptime: 10800, last_changed: 0, Previous bw: 0, Current bw: 0 */
+  routerinfo.bandwidthcapacity = 0;
+  MOCK(get_uptime, mock_get_uptime_3h);
+  setup_full_capture_of_logs(LOG_INFO);
+  check_descriptor_bandwidth_changed(time(NULL));
+  expect_log_msg_not_containing(
+     "Measured bandwidth has changed; rebuilding descriptor.");
+  teardown_capture_of_logs();
+
+  /* When uptime is less than 24h, previous bandwidth,
+   * last_changed more than 3h ago
+   * Uptime: 10800, last_changed: 0, Previous bw: 10000, Current bw: 0 */
+  routerinfo.bandwidthcapacity = 10000;
+  setup_full_capture_of_logs(LOG_INFO);
+  check_descriptor_bandwidth_changed(time(NULL));
+  expect_log_msg_containing(
+     "Measured bandwidth has changed; rebuilding descriptor.");
+  teardown_capture_of_logs();
+
+  /* When uptime is less than 24h, previous bandwidth,
+   * last_changed more than 3h ago, and hibernating
+   * Uptime: 10800, last_changed: 0, Previous bw: 10000, Current bw: 0 */
+
+  UNMOCK(we_are_hibernating);
+  MOCK(we_are_hibernating, mock_we_are_hibernating);
+  routerinfo.bandwidthcapacity = 10000;
+  setup_full_capture_of_logs(LOG_INFO);
+  check_descriptor_bandwidth_changed(time(NULL));
+  expect_log_msg_not_containing(
+     "Measured bandwidth has changed; rebuilding descriptor.");
+  teardown_capture_of_logs();
+  UNMOCK(we_are_hibernating);
+  MOCK(we_are_hibernating, mock_we_are_not_hibernating);
+
+  /* When uptime is less than 24h, last_changed is not more than 3h ago
+   * Uptime: 10800, last_changed: x, Previous bw: 10000, Current bw: 0 */
+  setup_full_capture_of_logs(LOG_INFO);
+  check_descriptor_bandwidth_changed(time(NULL));
+  expect_log_msg_not_containing(
+     "Measured bandwidth has changed; rebuilding descriptor.");
+  teardown_capture_of_logs();
+
+  /* When uptime is less than 24h and bandwidthcapacity does not change
+   * Uptime: 10800, last_changed: x, Previous bw: 10000, Current bw: 20001 */
+  MOCK(rep_hist_bandwidth_assess, mock_rep_hist_bandwidth_assess);
+  setup_full_capture_of_logs(LOG_INFO);
+  check_descriptor_bandwidth_changed(time(NULL) + 6*60*60 + 1);
+  expect_log_msg_containing(
+     "Measured bandwidth has changed; rebuilding descriptor.");
+  UNMOCK(get_uptime);
+  UNMOCK(rep_hist_bandwidth_assess);
+  teardown_capture_of_logs();
+
+  /* When uptime is more than 24h */
+  MOCK(get_uptime, mock_get_uptime_1d);
+  setup_full_capture_of_logs(LOG_INFO);
+  check_descriptor_bandwidth_changed(time(NULL));
+  expect_log_msg_not_containing(
+     "Measured bandwidth has changed; rebuilding descriptor.");
+  teardown_capture_of_logs();
+
+ done:
+  UNMOCK(get_uptime);
+  UNMOCK(router_get_my_routerinfo);
+  UNMOCK(we_are_hibernating);
+}
+
 #define ROUTER_TEST(name, flags)                          \
   { #name, test_router_ ## name, flags, NULL, NULL }
 
 struct testcase_t router_tests[] = {
   ROUTER_TEST(dump_router_to_string_no_bridge_distribution_method, TT_FORK),
+  ROUTER_TEST(check_descriptor_bandwidth_changed, TT_FORK),
   END_OF_TESTCASES
 };
-