Merge branch 'bug26367_035_01'

changes/bug26367

@@ -0,0 +1,5 @@
+  o Removed features (hidden service, tor2web):
+    - Remove Tor2web functionalities. The Tor2webMode and
+      Tor2webRendezvousPoints options are now obsolete. Note that this feature
+      was never shipped in vanilla Tor and it was only possible to use this
+      feature by building the support at compile time. Closes ticket 26367.

configure.ac

@@ -179,13 +179,6 @@ if test "$enable_local_appdata" = "yes"; then
             [Defined if we default to host local appdata paths on Windows])
 fi
 
-# Tor2web mode flag
-AC_ARG_ENABLE(tor2web-mode,
-     AS_HELP_STRING(--enable-tor2web-mode, [support tor2web non-anonymous mode]),
-[if test "x$enableval" = "xyes"; then
-    CFLAGS="$CFLAGS -D ENABLE_TOR2WEB_MODE=1"
-fi])
-
 AC_ARG_ENABLE(tool-name-check,
      AS_HELP_STRING(--disable-tool-name-check, [check for sanely named toolchain when cross-compiling]))
 

doc/tor.1.txt

@@ -1337,7 +1337,7 @@ The following options are useful only for clients (that is, if
     to stick with them. This is desirable because constantly changing servers
     increases the odds that an adversary who owns some servers will observe a
     fraction of your paths. Entry Guards can not be used by Directory
-    Authorities, Single Onion Services, and Tor2web clients. In these cases,
+    Authorities, and Single Onion Services. In these cases,
     the this option is ignored. (Default: 1)
 
 [[GuardfractionFile]] **GuardfractionFile** __FILENAME__::
@@ -1527,32 +1527,6 @@ The following options are useful only for clients (that is, if
     Tor will look at the UseOptimisticData parameter in the networkstatus.
     (Default: auto)
 
-[[Tor2webMode]] **Tor2webMode** **0**|**1**::
-    When this option is set, Tor connects to hidden services
-    **non-anonymously**.  This option also disables client connections to
-    non-hidden-service hostnames through Tor. It **must only** be used when
-    running a tor2web Hidden Service web proxy.
-    To enable this option the compile time flag --enable-tor2web-mode must be
-    specified. Since Tor2webMode is non-anonymous, you can not run an
-    anonymous Hidden Service on a tor version compiled with Tor2webMode.
-    (Default: 0)
-
-[[Tor2webRendezvousPoints]] **Tor2webRendezvousPoints** __node__,__node__,__...__::
-    A list of identity fingerprints, nicknames, country codes and
-    address patterns of nodes that are allowed to be used as RPs
-    in HS circuits; any other nodes will not be used as RPs.
-    (Example:
-    Tor2webRendezvousPoints Fastyfasty, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, \{cc}, 255.254.0.0/8) +
- +
-    This feature can only be used if Tor2webMode is also enabled. +
- +
-    ExcludeNodes have higher priority than Tor2webRendezvousPoints,
-    which means that nodes specified in ExcludeNodes will not be
-    picked as RPs. +
- +
-    If no nodes in Tor2webRendezvousPoints are currently available for
-    use, Tor will choose a random node when building HS circuits.
-
 [[HSLayer2Nodes]] **HSLayer2Nodes** __node__,__node__,__...__::
     A list of identity fingerprints, nicknames, country codes, and
     address patterns of nodes that are allowed to be used as the

src/app/config/config.c

@@ -174,7 +174,6 @@ static config_abbrev_t option_abbrevs_[] = {
   PLURAL(AuthDirRejectCC),
   PLURAL(EntryNode),
   PLURAL(ExcludeNode),
-  PLURAL(Tor2webRendezvousPoint),
   PLURAL(FirewallPort),
   PLURAL(LongLivedPort),
   PLURAL(HiddenServiceNode),
@@ -598,8 +597,8 @@ static config_var_t option_vars_[] = {
   OBSOLETE("Support022HiddenServices"),
   V(TestSocks,                   BOOL,     "0"),
   V(TokenBucketRefillInterval,   MSEC_INTERVAL, "100 msec"),
-  V(Tor2webMode,                 BOOL,     "0"),
-  V(Tor2webRendezvousPoints,      ROUTERSET, NULL),
+  OBSOLETE("Tor2webMode"),
+  OBSOLETE("Tor2webRendezvousPoints"),
   OBSOLETE("TLSECGroup"),
   V(TrackHostExits,              CSV,      NULL),
   V(TrackHostExitsExpire,        INTERVAL, "30 minutes"),
@@ -1698,8 +1697,7 @@ options_need_geoip_info(const or_options_t *options, const char **reason_out)
     routerset_needs_geoip(options->ExcludeExitNodes) ||
     routerset_needs_geoip(options->ExcludeNodes) ||
     routerset_needs_geoip(options->HSLayer2Nodes) ||
-    routerset_needs_geoip(options->HSLayer3Nodes) ||
-    routerset_needs_geoip(options->Tor2webRendezvousPoints);
+    routerset_needs_geoip(options->HSLayer3Nodes);
 
   if (routerset_usage && reason_out) {
     *reason_out = "We've been configured to use (or avoid) nodes in certain "
@@ -1882,27 +1880,6 @@ options_act(const or_options_t *old_options)
              "in a non-anonymous mode. It will provide NO ANONYMITY.");
   }
 
-#ifdef ENABLE_TOR2WEB_MODE
-/* LCOV_EXCL_START */
-  // XXXX This should move into options_validate()
-  if (!options->Tor2webMode) {
-    log_err(LD_CONFIG, "This copy of Tor was compiled to run in "
-            "'tor2web mode'. It can only be run with the Tor2webMode torrc "
-            "option enabled.");
-    return -1;
-  }
-/* LCOV_EXCL_STOP */
-#else /* !(defined(ENABLE_TOR2WEB_MODE)) */
-  // XXXX This should move into options_validate()
-  if (options->Tor2webMode) {
-    log_err(LD_CONFIG, "This copy of Tor was not compiled to run in "
-            "'tor2web mode'. It cannot be run with the Tor2webMode torrc "
-            "option enabled. To enable Tor2webMode recompile with the "
-            "--enable-tor2web-mode option.");
-    return -1;
-  }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
   /* If we are a bridge with a pluggable transport proxy but no
      Extended ORPort, inform the user that they are missing out. */
   if (server_mode(options) && options->ServerTransportPlugin &&
@@ -2164,8 +2141,6 @@ options_act(const or_options_t *old_options)
                          options->HSLayer2Nodes) ||
         !routerset_equal(old_options->HSLayer3Nodes,
                          options->HSLayer3Nodes) ||
-        !routerset_equal(old_options->Tor2webRendezvousPoints,
-                         options->Tor2webRendezvousPoints) ||
         options->StrictNodes != old_options->StrictNodes) {
       log_info(LD_CIRC,
                "Changed to using entry guards or bridges, or changed "
@@ -3307,23 +3282,12 @@ options_validate_single_onion(or_options_t *options, char **msg)
                                options->NATDPort_set ||
                                options->DNSPort_set ||
                                options->HTTPTunnelPort_set);
-  if (rend_service_non_anonymous_mode_enabled(options) && client_port_set &&
-      !options->Tor2webMode) {
+  if (rend_service_non_anonymous_mode_enabled(options) && client_port_set) {
     REJECT("HiddenServiceNonAnonymousMode is incompatible with using Tor as "
            "an anonymous client. Please set Socks/Trans/NATD/DNSPort to 0, or "
            "revert HiddenServiceNonAnonymousMode to 0.");
   }
 
-  /* If you run a hidden service in non-anonymous mode, the hidden service
-   * loses anonymity, even if SOCKSPort / Tor2web mode isn't used. */
-  if (!rend_service_non_anonymous_mode_enabled(options) &&
-      options->RendConfigLines && options->Tor2webMode) {
-    REJECT("Non-anonymous (Tor2web) mode is incompatible with using Tor as a "
-           "hidden service. Please remove all HiddenServiceDir lines, or use "
-           "a version of tor compiled without --enable-tor2web-mode, or use "
-           "HiddenServiceNonAnonymousMode.");
-  }
-
   if (rend_service_allow_non_anonymous_connection(options)
       && options->UseEntryGuards) {
     /* Single Onion services only use entry guards when uploading descriptors;
@@ -3793,26 +3757,6 @@ options_validate(or_options_t *old_options, or_options_t *options,
     REJECT("CircuitsAvailableTimeout is too large. Max is 24 hours.");
   }
 
-#ifdef ENABLE_TOR2WEB_MODE
-  if (options->Tor2webMode && options->UseEntryGuards) {
-    /* tor2web mode clients do not (and should not) use entry guards
-     * in any meaningful way.  Further, tor2web mode causes the hidden
-     * service client code to do things which break the path bias
-     * detector, and it's far easier to turn off entry guards (and
-     * thus the path bias detector with it) than to figure out how to
-     * make a piece of code which cannot possibly help tor2web mode
-     * users compatible with tor2web mode.
-     */
-    log_notice(LD_CONFIG,
-               "Tor2WebMode is enabled; disabling UseEntryGuards.");
-    options->UseEntryGuards = 0;
-  }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
-  if (options->Tor2webRendezvousPoints && !options->Tor2webMode) {
-    REJECT("Tor2webRendezvousPoints cannot be set without Tor2webMode.");
-  }
-
   if (options->EntryNodes && !options->UseEntryGuards) {
     REJECT("If EntryNodes is set, UseEntryGuards must be enabled.");
   }

src/app/config/or_options_st.h

@@ -262,14 +262,6 @@ struct or_options_t {
   int AllDirActionsPrivate; /**< Should every directory action be sent
                              * through a Tor circuit? */
 
-  /** Run in 'tor2web mode'? (I.e. only make client connections to hidden
-   * services, and use a single hop for all hidden-service-related
-   * circuits.) */
-  int Tor2webMode;
-
-  /** A routerset that should be used when picking RPs for HS circuits. */
-  routerset_t *Tor2webRendezvousPoints;
-
   /** A routerset that should be used when picking middle nodes for HS
    *  circuits. */
   routerset_t *HSLayer2Nodes;
@@ -543,9 +535,9 @@ struct or_options_t {
    * of fixed nodes? */
   int UseEntryGuards_option;
   /** Internal variable to remember whether we're actually acting on
-   * UseEntryGuards_option -- when we're a non-anonymous Tor2web client or
-   * Single Onion Service, it is always false, otherwise we use the value of
-   * UseEntryGuards_option. */
+   * UseEntryGuards_option -- when we're a non-anonymous Single Onion Service,
+   * it is always false, otherwise we use the value of UseEntryGuards_option.
+   * */
   int UseEntryGuards;
 
   int NumEntryGuards; /**< How many entry guards do we try to establish? */

src/core/or/channel.c

@@ -1882,13 +1882,6 @@ channel_do_open_actions(channel_t *chan)
     if (!get_options()->ConnectionPadding) {
       /* Disable if torrc disabled */
       channelpadding_disable_padding_on_channel(chan);
-    } else if (get_options()->Tor2webMode &&
-            !networkstatus_get_param(NULL,
-                                     CHANNELPADDING_TOR2WEB_PARAM,
-                                     CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1)) {
-      /* Disable if we're using tor2web and the consensus disabled padding
-       * for tor2web */
-      channelpadding_disable_padding_on_channel(chan);
     } else if (rend_service_allow_non_anonymous_connection(get_options()) &&
                !networkstatus_get_param(NULL,
                                         CHANNELPADDING_SOS_PARAM,

src/core/or/channelpadding.c

@@ -52,8 +52,6 @@ static int consensus_nf_conntimeout_clients;
 static int consensus_nf_pad_before_usage;
 /** Should we pad relay-to-relay connections? */
 static int consensus_nf_pad_relays;
-/** Should we pad tor2web connections? */
-static int consensus_nf_pad_tor2web;
 /** Should we pad rosos connections? */
 static int consensus_nf_pad_single_onion;
 
@@ -141,11 +139,6 @@ channelpadding_new_consensus_params(networkstatus_t *ns)
   consensus_nf_pad_relays =
     networkstatus_get_param(ns, "nf_pad_relays", 0, 0, 1);
 
-  consensus_nf_pad_tor2web =
-    networkstatus_get_param(ns,
-                            CHANNELPADDING_TOR2WEB_PARAM,
-                            CHANNELPADDING_TOR2WEB_DEFAULT, 0, 1);
-
   consensus_nf_pad_single_onion =
     networkstatus_get_param(ns,
                             CHANNELPADDING_SOS_PARAM,
@@ -740,15 +733,6 @@ channelpadding_decide_to_pad_channel(channel_t *chan)
     return CHANNELPADDING_WONTPAD;
   }
 
-  if (options->Tor2webMode && !consensus_nf_pad_tor2web) {
-    /* If the consensus just changed values, this channel may still
-     * think padding is enabled. Negotiate it off. */
-    if (chan->padding_enabled)
-      channelpadding_disable_padding_on_channel(chan);
-
-    return CHANNELPADDING_WONTPAD;
-  }
-
   if (rend_service_allow_non_anonymous_connection(options) &&
       !consensus_nf_pad_single_onion) {
     /* If the consensus just changed values, this channel may still

src/core/or/channelpadding.h

@@ -13,8 +13,6 @@
 
 #include "trunnel/channelpadding_negotiation.h"
 
-#define CHANNELPADDING_TOR2WEB_PARAM  "nf_pad_tor2web"
-#define CHANNELPADDING_TOR2WEB_DEFAULT 1
 #define CHANNELPADDING_SOS_PARAM  "nf_pad_single_onion"
 #define CHANNELPADDING_SOS_DEFAULT 1
 

src/core/or/circuitbuild.c

@@ -408,10 +408,10 @@ onion_populate_cpath(origin_circuit_t *circ)
    * edge cases. */
   tor_assert(circuit_get_cpath_len(circ));
   if (circuit_can_use_tap(circ)) {
-    /* Circuits from clients to intro points, and hidden services to
-     * rend points do not support ntor, because the hidden service protocol
-     * does not include ntor onion keys. This is also true for Tor2web clients
-     * and Single Onion Services. */
+    /* Circuits from clients to intro points, and hidden services to rend
+     * points do not support ntor, because the hidden service protocol does
+     * not include ntor onion keys. This is also true for Single Onion
+     * Services. */
     return 0;
   }
 
@@ -824,7 +824,6 @@ circuit_timeout_want_to_count_circ(const origin_circuit_t *circ)
  * accordingly.
  * Note that TAP handshakes in CREATE cells are only used for direct
  * connections:
- *  - from Tor2web to intro points not in the client's consensus, and
  *  - from Single Onions to rend points not in the service's consensus.
  * This is checked in onion_populate_cpath. */
 static void
@@ -1985,98 +1984,11 @@ choose_good_exit_server_general(router_crn_flags_t flags)
   return NULL;
 }
 
-#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
-/* The config option Tor2webRendezvousPoints has been set and we need
- * to pick an RP out of that set. Make sure that the RP we choose is
- * alive, and return it. Return NULL if no usable RP could be found in
- * Tor2webRendezvousPoints. */
-STATIC const node_t *
-pick_tor2web_rendezvous_node(router_crn_flags_t flags,
-                             const or_options_t *options)
-{
-  const node_t *rp_node = NULL;
-  const int need_desc = (flags & CRN_NEED_DESC) != 0;
-  const int pref_addr = (flags & CRN_PREF_ADDR) != 0;
-  const int direct_conn = (flags & CRN_DIRECT_CONN) != 0;
-
-  smartlist_t *whitelisted_live_rps = smartlist_new();
-  smartlist_t *all_live_nodes = smartlist_new();
-
-  tor_assert(options->Tor2webRendezvousPoints);
-
-  /* Add all running nodes to all_live_nodes */
-  router_add_running_nodes_to_smartlist(all_live_nodes,
-                                        0, 0, 0,
-                                        need_desc,
-                                        pref_addr,
-                                        direct_conn);
-
-  /* Filter all_live_nodes to only add live *and* whitelisted RPs to
-   * the list whitelisted_live_rps. */
-  SMARTLIST_FOREACH_BEGIN(all_live_nodes, node_t *, live_node) {
-    if (routerset_contains_node(options->Tor2webRendezvousPoints, live_node)) {
-      smartlist_add(whitelisted_live_rps, live_node);
-    }
-  } SMARTLIST_FOREACH_END(live_node);
-
-  /* Honor ExcludeNodes */
-  if (options->ExcludeNodes) {
-    routerset_subtract_nodes(whitelisted_live_rps, options->ExcludeNodes);
-  }
-
-  /* Now pick randomly amongst the whitelisted RPs. No need to waste time
-     doing bandwidth load balancing, for most use cases
-     'whitelisted_live_rps' contains a single OR anyway. */
-  rp_node = smartlist_choose(whitelisted_live_rps);
-
-  if (!rp_node) {
-    log_warn(LD_REND, "Could not find a Rendezvous Point that suits "
-             "the purposes of Tor2webRendezvousPoints. Choosing random one.");
-  }
-
-  smartlist_free(whitelisted_live_rps);
-  smartlist_free(all_live_nodes);
-
-  return rp_node;
-}
-#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
-
 /* Pick a Rendezvous Point for our HS circuits according to <b>flags</b>. */
 static const node_t *
 pick_rendezvous_node(router_crn_flags_t flags)
 {
   const or_options_t *options = get_options();
-
-#ifdef ENABLE_TOR2WEB_MODE
-  /* We want to connect directly to the node if we can */
-  router_crn_flags_t direct_flags = flags;
-  direct_flags |= CRN_PREF_ADDR;
-  direct_flags |= CRN_DIRECT_CONN;
-
-  /* The user wants us to pick specific RPs. */
-  if (options->Tor2webRendezvousPoints) {
-    const node_t *tor2web_rp = pick_tor2web_rendezvous_node(direct_flags,
-                                                            options);
-    if (tor2web_rp) {
-      return tor2web_rp;
-    }
-  }
-
-  /* Else, if no direct, preferred tor2web RP was found, fall back to choosing
-   * a random direct node */
-  const node_t *node = router_choose_random_node(NULL, options->ExcludeNodes,
-                                                 direct_flags);
-  /* Return the direct node (if found), or log a message and fall back to an
-   * indirect connection. */
-  if (node) {
-    return node;
-  } else {
-    log_info(LD_REND,
-             "Unable to find a random rendezvous point that is reachable via "
-             "a direct connection, falling back to a 3-hop path.");
-  }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
   return router_choose_random_node(NULL, options->ExcludeNodes, flags);
 }
 

src/core/or/circuitbuild.h

@@ -93,14 +93,10 @@ STATIC int
 onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit_ei,
                       int is_hs_v3_rp_circuit);
 
-#if defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS)
-enum router_crn_flags_t;
-STATIC const node_t *pick_tor2web_rendezvous_node(
-                                     enum router_crn_flags_t flags,
-                                     const or_options_t *options);
+#if defined(TOR_UNIT_TESTS)
 unsigned int cpath_get_n_hops(crypt_path_t **head_ptr);
 
-#endif /* defined(ENABLE_TOR2WEB_MODE) || defined(TOR_UNIT_TESTS) */
+#endif /* defined(TOR_UNIT_TESTS) */
 
 #endif /* defined(CIRCUITBUILD_PRIVATE) */
 

src/core/or/circuitstats.c

@@ -113,8 +113,7 @@ get_circuit_build_timeout_ms(void)
  *  2. If the torrc option LearnCircuitBuildTimeout is false.
  *  3. If we are a directory authority
  *  4. If we fail to write circuit build time history to our state file.
- *  5. If we are compiled or configured in Tor2web mode
- *  6. If we are configured in Single Onion mode
+ *  5. If we are configured in Single Onion mode
  */
 int
 circuit_build_times_disabled(const or_options_t *options)
@@ -136,7 +135,7 @@ circuit_build_times_disabled_(const or_options_t *options,
     int config_disabled = !options->LearnCircuitBuildTimeout;
     int dirauth_disabled = authdir_mode(options);
     int state_disabled = did_last_state_file_write_fail() ? 1 : 0;
-    /* LearnCircuitBuildTimeout and Tor2web/Single Onion Services are
+    /* LearnCircuitBuildTimeout and Single Onion Services are
      * incompatible in two ways:
      *
      * - LearnCircuitBuildTimeout results in a low CBT, which
@@ -148,12 +147,11 @@ circuit_build_times_disabled_(const or_options_t *options,
      *
      * If we fix both of these issues someday, we should test
      * these modes with LearnCircuitBuildTimeout on again. */
-    int tor2web_disabled = rend_client_allow_non_anonymous_connection(options);
     int single_onion_disabled = rend_service_allow_non_anonymous_connection(
                                                                       options);
 
     if (consensus_disabled || config_disabled || dirauth_disabled ||
-        state_disabled || tor2web_disabled || single_onion_disabled) {
+        state_disabled || single_onion_disabled) {
 #if 0
       log_debug(LD_CIRC,
                "CircuitBuildTime learning is disabled. "

src/core/or/circuituse.c

@@ -863,8 +863,7 @@ static time_t last_expired_clientside_circuits = 0;
 /**
  * As a diagnostic for bug 8387, log information about how many one-hop
  * circuits we have around that have been there for at least <b>age</b>
- * seconds. Log a few of them.
- * Ignores Single Onion Service intro and Tor2web redezvous circuits, they are
+ * seconds. Log a few of them. Ignores Single Onion Service intro, it is
  * expected to be long-term one-hop circuits.
  */
 void
@@ -889,13 +888,6 @@ circuit_log_ancient_one_hop_circuits(int age)
         (circ->purpose == CIRCUIT_PURPOSE_S_INTRO ||
          circ->purpose == CIRCUIT_PURPOSE_S_REND_JOINED))
       continue;
-    /* Tor2web deliberately makes long term one-hop rend connections,
-     * particularly when Tor2webRendezvousPoints is used. We only ignore
-     * active rend point connections, if we take a long time to rendezvous,
-     * that's worth logging. */
-    if (rend_client_allow_non_anonymous_connection(options) &&
-        circ->purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
-      continue;
     ocirc = CONST_TO_ORIGIN_CIRCUIT(circ);
 
     if (ocirc->build_state && ocirc->build_state->onehop_tunnel) {
@@ -1999,18 +1991,16 @@ circuit_should_use_vanguards(uint8_t purpose)
  * Return true for the set of conditions for which it is OK to use
  * a cannibalized circuit.
  *
- * Don't cannibalize for onehops, or tor2web, or certain purposes.
+ * Don't cannibalize for onehops, or certain purposes.
  */
 static int
 circuit_should_cannibalize_to_build(uint8_t purpose_to_build,
                                     int has_extend_info,
-                                    int onehop_tunnel,
-                                    int need_specific_rp)
+                                    int onehop_tunnel)
 {
 
-  /* Do not try to cannibalize if this is a one hop circuit, or
-   * is a tor2web/special rp. */
-  if (onehop_tunnel || need_specific_rp) {
+  /* Do not try to cannibalize if this is a one hop circuit. */
+  if (onehop_tunnel) {
     return 0;
   }
 
@@ -2059,7 +2049,6 @@ circuit_launch_by_extend_info(uint8_t purpose,
   origin_circuit_t *circ;
   int onehop_tunnel = (flags & CIRCLAUNCH_ONEHOP_TUNNEL) != 0;
   int have_path = have_enough_path_info(! (flags & CIRCLAUNCH_IS_INTERNAL) );
-  int need_specific_rp = 0;
 
   /* Keep some stats about our attempts to launch HS rendezvous circuits */
   if (purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
@@ -2075,20 +2064,11 @@ circuit_launch_by_extend_info(uint8_t purpose,
     return NULL;
   }
 
-  /* If Tor2webRendezvousPoints is enabled and we are dealing with an
-     RP circuit, we want a specific RP node so we shouldn't canibalize
-     an already existing circuit. */
-  if (get_options()->Tor2webRendezvousPoints &&
-      purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND) {
-    need_specific_rp = 1;
-  }
-
   /* If we can/should cannibalize another circuit to build this one,
    * then do so. */
   if (circuit_should_cannibalize_to_build(purpose,
                                           extend_info != NULL,
-                                          onehop_tunnel,
-                                          need_specific_rp)) {
+                                          onehop_tunnel)) {
     /* see if there are appropriate circs available to cannibalize. */
     /* XXX if we're planning to add a hop, perhaps we want to look for
      * internal circs rather than exit circs? -RD */
@@ -2485,16 +2465,6 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
     else
       new_circ_purpose = desired_circuit_purpose;
 
-#ifdef ENABLE_TOR2WEB_MODE
-    /* If tor2Web is on, then hidden service requests should be one-hop.
-     */
-    if (options->Tor2webMode &&
-        (new_circ_purpose == CIRCUIT_PURPOSE_C_ESTABLISH_REND ||
-         new_circ_purpose == CIRCUIT_PURPOSE_C_INTRODUCING)) {
-      want_onehop = 1;
-    }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
     /* Determine what kind of a circuit to launch, and actually launch it. */
     {
       int flags = CIRCLAUNCH_NEED_CAPACITY;

src/core/or/connection_edge.c

@@ -1842,18 +1842,6 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       return -1;
     }
 
-#ifdef ENABLE_TOR2WEB_MODE
-    /* If we're running in Tor2webMode, we don't allow anything BUT .onion
-     * addresses. */
-    if (options->Tor2webMode) {
-      log_warn(LD_APP, "Refusing to connect to non-hidden-service hostname "
-               "or IP address %s because tor2web mode is enabled.",
-               safe_str_client(socks->address));
-      connection_mark_unattached_ap(conn, END_STREAM_REASON_ENTRYPOLICY);
-      return -1;
-    }
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
-
     /* socks->address is a non-onion hostname or IP address.
      * If we can't do any non-onion requests, refuse the connection.
      * If we have a hostname but can't do DNS, refuse the connection.

src/core/or/or.h

@@ -101,10 +101,6 @@ struct curve25519_public_key_t;
 #define cell_t tor_cell_t
 #endif
 
-#ifdef ENABLE_TOR2WEB_MODE
-#define NON_ANONYMOUS_MODE_ENABLED 1
-#endif
-
 /** Helper macro: Given a pointer to to.base_, of type from*, return &to. */
 #define DOWNCAST(to, ptr) ((to*)SUBTYPE_P(ptr, to, base_))
 

src/feature/dircache/directory.c

@@ -803,10 +803,8 @@ directory_choose_address_routerstatus(const routerstatus_t *status,
    * allowed by the firewall.
    *
    * (When Tor uploads and downloads a hidden service descriptor, it uses
-   * DIRIND_ANONYMOUS, except for Tor2Web, which uses DIRIND_ONEHOP.
-   * So this code will only modify the address for Tor2Web's HS descriptor
-   * fetches. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS, to avoid
-   * HSDirs denying service by rejecting descriptors.)
+   * DIRIND_ANONYMOUS. Even Single Onion Servers (NYI) use DIRIND_ANONYMOUS,
+   * to avoid HSDirs denying service by rejecting descriptors.)
    */
 
   /* Initialise the OR / Dir addresses */

src/feature/rend/rendclient.c

@@ -449,12 +449,7 @@ directory_get_from_hs_dir(const char *desc_id,
   char desc_id_base32[REND_DESC_ID_V2_LEN_BASE32 + 1];
   char descriptor_cookie_base64[3*REND_DESC_COOKIE_LEN_BASE64];
   const rend_data_v2_t *rend_data;
-#ifdef ENABLE_TOR2WEB_MODE
-  const int tor2web_mode = get_options()->Tor2webMode;
-  const int how_to_fetch = tor2web_mode ? DIRIND_ONEHOP : DIRIND_ANONYMOUS;
-#else
   const int how_to_fetch = DIRIND_ANONYMOUS;
-#endif /* defined(ENABLE_TOR2WEB_MODE) */
 
   tor_assert(desc_id);
   tor_assert(rend_query);
@@ -1223,35 +1218,3 @@ rend_parse_service_authorization(const or_options_t *options,
   }
   return res;
 }
-
-/* Can Tor client code make direct (non-anonymous) connections to introduction
- * or rendezvous points?
- * Returns true if tor was compiled with NON_ANONYMOUS_MODE_ENABLED, and is
- * configured in Tor2web mode. */
-int
-rend_client_allow_non_anonymous_connection(const or_options_t *options)
-{
-  /* Tor2web support needs to be compiled in to a tor binary. */
-#ifdef NON_ANONYMOUS_MODE_ENABLED
-  /* Tor2web */
-  return options->Tor2webMode ? 1 : 0;
-#else
-  (void)options;
-  return 0;
-#endif /* defined(NON_ANONYMOUS_MODE_ENABLED) */
-}
-
-/* At compile-time, was non-anonymous mode enabled via
- * NON_ANONYMOUS_MODE_ENABLED ? */
-int
-rend_client_non_anonymous_mode_enabled(const or_options_t *options)
-{
-  (void)options;
-  /* Tor2web support needs to be compiled in to a tor binary. */
-#ifdef NON_ANONYMOUS_MODE_ENABLED
-  /* Tor2web */
-  return 1;
-#else
-  return 0;
-#endif /* defined(NON_ANONYMOUS_MODE_ENABLED) */
-}

src/feature/rend/rendclient.h

@@ -47,8 +47,5 @@ rend_service_authorization_t *rend_client_lookup_service_authorization(
                                                 const char *onion_address);
 void rend_service_authorization_free_all(void);
 
-int rend_client_allow_non_anonymous_connection(const or_options_t *options);
-int rend_client_non_anonymous_mode_enabled(const or_options_t *options);
-
 #endif /* !defined(TOR_RENDCLIENT_H) */
 

src/feature/rend/rendcommon.c

@@ -979,37 +979,27 @@ rend_auth_decode_cookie(const char *cookie_in, uint8_t *cookie_out,
 
 /* Is this a rend client or server that allows direct (non-anonymous)
  * connections?
- * Clients must be specifically compiled and configured in this mode.
- * Onion services can be configured to start in this mode.
- * Prefer rend_client_allow_non_anonymous_connection() or
- * rend_service_allow_non_anonymous_connection() whenever possible, so that
- * checks are specific to Single Onion Services or Tor2web. */
+ * Onion services can be configured to start in this mode for single onion. */
 int
 rend_allow_non_anonymous_connection(const or_options_t* options)
 {
-  return (rend_client_allow_non_anonymous_connection(options)
-          || rend_service_allow_non_anonymous_connection(options));
+  return rend_service_allow_non_anonymous_connection(options);
 }
 
 /* Is this a rend client or server in non-anonymous mode?
- * Clients must be specifically compiled in this mode.
- * Onion services can be configured to start in this mode.
- * Prefer rend_client_non_anonymous_mode_enabled() or
- * rend_service_non_anonymous_mode_enabled() whenever possible, so that checks
- * are specific to Single Onion Services or Tor2web. */
+ * Onion services can be configured to start in this mode for single onion. */
 int
 rend_non_anonymous_mode_enabled(const or_options_t *options)
 {
-  return (rend_client_non_anonymous_mode_enabled(options)
-          || rend_service_non_anonymous_mode_enabled(options));
+  return rend_service_non_anonymous_mode_enabled(options);
 }
 
 /* Make sure that tor only builds one-hop circuits when they would not
  * compromise user anonymity.
  *
- * One-hop circuits are permitted in Tor2web or Single Onion modes.
+ * One-hop circuits are permitted in Single Onion modes.
  *
- * Tor2web or Single Onion modes are also allowed to make multi-hop circuits.
+ * Single Onion modes are also allowed to make multi-hop circuits.
  * For example, single onion HSDir circuits are 3-hop to prevent denial of
  * service.
  */

src/feature/rend/rendmid.c

@@ -237,7 +237,7 @@ rend_mid_establish_rendezvous(or_circuit_t *circ, const uint8_t *request,
   }
 
   /* Check if we are configured to accept established rendezvous cells from
-   * client or in other words tor2web clients. */
+   * client or in other words Tor2Web clients. */
   if (channel_is_client(circ->p_chan) &&
       dos_should_refuse_single_hop_client()) {
     /* Note it down for the heartbeat log purposes. */

src/test/test_channelpadding.c

@@ -406,81 +406,12 @@ test_channelpadding_killonehop(void *arg)
   setup_mock_consensus();
   setup_mock_network();
 
-  /* Do we disable padding if tor2webmode or rsos are enabled, and
-   * the consensus says don't pad?  */
-
-  /* Ensure we can kill tor2web and rsos padding if we want. */
-  // First, test that padding works if either is enabled
-  smartlist_clear(current_md_consensus->net_params);
-  channelpadding_new_consensus_params(current_md_consensus);
+  /* Do we disable padding if rsos is enabled, and the consensus says don't
+   * pad?  */
 
   monotime_coarse_t now;
   monotime_coarse_get(&now);
 
-  tried_to_write_cell = 0;
-  get_options_mutable()->Tor2webMode = 1;
-  monotime_coarse_add_msec(&client_relay3->next_padding_time, &now, 100);
-  decision = channelpadding_decide_to_pad_channel(client_relay3);
-  tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
-  tt_assert(client_relay3->pending_padding_callback);
-  tt_int_op(tried_to_write_cell, OP_EQ, 0);
-
-  decision = channelpadding_decide_to_pad_channel(client_relay3);
-  tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_ALREADY_SCHEDULED);
-
-  // Wait for the timer
-  new_time += 101*NSEC_PER_MSEC;
-  monotime_coarse_set_mock_time_nsec(new_time);
-  monotime_set_mock_time_nsec(new_time);
-  monotime_coarse_get(&now);
-  timers_run_pending();
-  tt_int_op(tried_to_write_cell, OP_EQ, 1);
-  tt_assert(!client_relay3->pending_padding_callback);
-
-  // Then test disabling each via consensus param
-  smartlist_add(current_md_consensus->net_params,
-                (void*)"nf_pad_tor2web=0");
-  channelpadding_new_consensus_params(current_md_consensus);
-
-  // Before the client tries to pad, the relay will still pad:
-  tried_to_write_cell = 0;
-  monotime_coarse_add_msec(&relay3_client->next_padding_time, &now, 100);
-  get_options_mutable()->ORPort_set = 1;
-  get_options_mutable()->Tor2webMode = 0;
-  decision = channelpadding_decide_to_pad_channel(relay3_client);
-  tt_int_op(decision, OP_EQ, CHANNELPADDING_PADDING_SCHEDULED);
-  tt_assert(relay3_client->pending_padding_callback);
-
-  // Wait for the timer
-  new_time += 101*NSEC_PER_MSEC;
-  monotime_coarse_set_mock_time_nsec(new_time);
-  monotime_set_mock_time_nsec(new_time);
-  monotime_coarse_get(&now);
-  timers_run_pending();
-  tt_int_op(tried_to_write_cell, OP_EQ, 1);
-  tt_assert(!client_relay3->pending_padding_callback);
-
-  // Test client side (it should stop immediately, but send a negotiate)
-  tried_to_write_cell = 0;
-  tt_assert(relay3_client->padding_enabled);
-  tt_assert(client_relay3->padding_enabled);
-  get_options_mutable()->Tor2webMode = 1;
-  /* For the relay to receive the negotiate: */
-  get_options_mutable()->ORPort_set = 1;
-  decision = channelpadding_decide_to_pad_channel(client_relay3);
-  tt_int_op(decision, OP_EQ, CHANNELPADDING_WONTPAD);
-  tt_int_op(tried_to_write_cell, OP_EQ, 1);
-  tt_assert(!client_relay3->pending_padding_callback);
-  tt_assert(!relay3_client->padding_enabled);
-
-  // Test relay side (it should have gotten the negotiation to disable)
-  get_options_mutable()->ORPort_set = 1;
-  get_options_mutable()->Tor2webMode = 0;
-  tt_int_op(channelpadding_decide_to_pad_channel(relay3_client), OP_EQ,
-      CHANNELPADDING_WONTPAD);
-  tt_assert(!relay3_client->padding_enabled);
-
-  /* Repeat for SOS */
   // First, test that padding works if either is enabled
   smartlist_clear(current_md_consensus->net_params);
   channelpadding_new_consensus_params(current_md_consensus);

src/test/test_hs.c

@@ -354,76 +354,6 @@ test_hs_desc_event(void *arg)
   tor_free(received_msg);
 }
 
-/* Make sure we always pick the right RP, given a well formatted
- * Tor2webRendezvousPoints value. */
-static void
-test_pick_tor2web_rendezvous_node(void *arg)
-{
-  or_options_t *options = get_options_mutable();
-  const node_t *chosen_rp = NULL;
-  router_crn_flags_t flags = CRN_NEED_DESC;
-  int retval, i;
-  const char *tor2web_rendezvous_str = "test003r";
-
-  (void) arg;
-
-  /* Setup fake routerlist. */
-  helper_setup_fake_routerlist();
-
-  /* Parse Tor2webRendezvousPoints as a routerset. */
-  options->Tor2webRendezvousPoints = routerset_new();
-  options->UseMicrodescriptors = 0;
-  retval = routerset_parse(options->Tor2webRendezvousPoints,
-                           tor2web_rendezvous_str,
-                           "test_tor2web_rp");
-  tt_int_op(retval, OP_GE, 0);
-
-  /* Pick rendezvous point. Make sure the correct one is
-     picked. Repeat many times to make sure it works properly. */
-  for (i = 0; i < 50 ; i++) {
-    chosen_rp = pick_tor2web_rendezvous_node(flags, options);
-    tt_assert(chosen_rp);
-    tt_str_op(chosen_rp->ri->nickname, OP_EQ, tor2web_rendezvous_str);
-  }
-
- done:
-  routerset_free(options->Tor2webRendezvousPoints);
-}
-
-/* Make sure we never pick an RP if Tor2webRendezvousPoints doesn't
- * correspond to an actual node. */
-static void
-test_pick_bad_tor2web_rendezvous_node(void *arg)
-{
-  or_options_t *options = get_options_mutable();
-  const node_t *chosen_rp = NULL;
-  router_crn_flags_t flags = CRN_NEED_DESC;
-  int retval, i;
-  const char *tor2web_rendezvous_str = "dummy";
-
-  (void) arg;
-
-  /* Setup fake routerlist. */
-  helper_setup_fake_routerlist();
-
-  /* Parse Tor2webRendezvousPoints as a routerset. */
-  options->Tor2webRendezvousPoints = routerset_new();
-  retval = routerset_parse(options->Tor2webRendezvousPoints,
-                           tor2web_rendezvous_str,
-                           "test_tor2web_rp");
-  tt_int_op(retval, OP_GE, 0);
-
-  /* Pick rendezvous point. Since Tor2webRendezvousPoints was set to a
-     dummy value, we shouldn't find any eligible RPs. */
-  for (i = 0; i < 50 ; i++) {
-    chosen_rp = pick_tor2web_rendezvous_node(flags, options);
-    tt_ptr_op(chosen_rp, OP_EQ, NULL);
-  }
-
- done:
-  routerset_free(options->Tor2webRendezvousPoints);
-}
-
 /* Make sure rend_data_t is valid at creation, destruction and when
  * duplicated. */
 static void
@@ -1046,11 +976,6 @@ struct testcase_t hs_tests[] = {
     NULL, NULL },
   { "hs_desc_event", test_hs_desc_event, TT_FORK,
     NULL, NULL },
-  { "pick_tor2web_rendezvous_node", test_pick_tor2web_rendezvous_node, TT_FORK,
-    NULL, NULL },
-  { "pick_bad_tor2web_rendezvous_node",
-    test_pick_bad_tor2web_rendezvous_node, TT_FORK,
-    NULL, NULL },
   { "hs_auth_cookies", test_hs_auth_cookies, TT_FORK,
     NULL, NULL },
   { "single_onion_poisoning_create_dir_none", test_single_onion_poisoning,

src/test/test_options.c

@@ -2458,36 +2458,6 @@ test_options_validate__circuits(void *ignored)
   tor_free(msg);
 }
 
-static void
-test_options_validate__tor2web(void *ignored)
-{
-  (void)ignored;
-  int ret;
-  char *msg;
-  options_test_data_t *tdata = NULL;
-
-  free_options_test_data(tdata);
-  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
-                                "Tor2webRendezvousPoints 1\n");
-  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
-  tt_int_op(ret, OP_EQ, -1);
-  tt_str_op(msg, OP_EQ,
-            "Tor2webRendezvousPoints cannot be set without Tor2webMode.");
-  tor_free(msg);
-
-  free_options_test_data(tdata);
-  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
-                                "Tor2webRendezvousPoints 1\nTor2webMode 1\n");
-  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
-  tt_int_op(ret, OP_EQ, 0);
-  tor_free(msg);
-
- done:
-  policies_free_all();
-  free_options_test_data(tdata);
-  tor_free(msg);
-}
-
 static void
 test_options_validate__rend(void *ignored)
 {
@@ -2601,13 +2571,11 @@ test_options_validate__single_onion(void *ignored)
   tt_ptr_op(msg, OP_EQ, NULL);
   free_options_test_data(tdata);
 
-  /* Test that SOCKSPort must come with Tor2webMode if
-   * HiddenServiceSingleHopMode is 1 */
+  /* Test that SOCKSPort if HiddenServiceSingleHopMode is 1 */
   tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
                                 "SOCKSPort 5000\n"
                                 "HiddenServiceSingleHopMode 1\n"
                                 "HiddenServiceNonAnonymousMode 1\n"
-                                "Tor2webMode 0\n"
                                 );
   ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
   tt_int_op(ret, OP_EQ, -1);
@@ -2622,7 +2590,6 @@ test_options_validate__single_onion(void *ignored)
                                 "SOCKSPort 0\n"
                                 "HiddenServiceSingleHopMode 1\n"
                                 "HiddenServiceNonAnonymousMode 1\n"
-                                "Tor2webMode 0\n"
                                 );
   ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
   tt_int_op(ret, OP_EQ, 0);
@@ -2632,27 +2599,13 @@ test_options_validate__single_onion(void *ignored)
   tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
                                 "SOCKSPort 5000\n"
                                 "HiddenServiceSingleHopMode 0\n"
-                                "Tor2webMode 0\n"
-                                );
-  ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
-  tt_int_op(ret, OP_EQ, 0);
-  tt_ptr_op(msg, OP_EQ, NULL);
-  free_options_test_data(tdata);
-
-  tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
-                                "SOCKSPort 5000\n"
-                                "HiddenServiceSingleHopMode 1\n"
-                                "HiddenServiceNonAnonymousMode 1\n"
-                                "Tor2webMode 1\n"
                                 );
   ret = options_validate(tdata->old_opt, tdata->opt, tdata->def_opt, 0, &msg);
   tt_int_op(ret, OP_EQ, 0);
   tt_ptr_op(msg, OP_EQ, NULL);
   free_options_test_data(tdata);
 
-  /* Test that a hidden service can't be run with Tor2web
-   * Use HiddenServiceNonAnonymousMode instead of Tor2webMode, because
-   * Tor2webMode requires a compilation #define */
+  /* Test that a hidden service can't be run in non anonymous mode. */
   tdata = get_options_test_data(TEST_OPTIONS_DEFAULT_VALUES
                   "HiddenServiceNonAnonymousMode 1\n"
                   "HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/\n"
@@ -4257,7 +4210,6 @@ struct testcase_t options_tests[] = {
   LOCAL_VALIDATE_TEST(path_bias),
   LOCAL_VALIDATE_TEST(bandwidth),
   LOCAL_VALIDATE_TEST(circuits),
-  LOCAL_VALIDATE_TEST(tor2web),
   LOCAL_VALIDATE_TEST(rend),
   LOCAL_VALIDATE_TEST(single_onion),
   LOCAL_VALIDATE_TEST(accounting),