nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 21:23:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge commit 'tor-0.2.1.20' into debian-merge

Browse Source 
* commit 'tor-0.2.1.20': (36 commits)
  bump to 0.2.1.20
  Move moria1 and Tonga to alternate IP addresses.
  read the "circwindow" parameter from the consensus
  Code to parse and access network parameters.
  Revert "Teach connection_ap_can_use_exit about Exclude*Nodes"
  Work around a memory leak in openssl 0.9.8g (and maybe others)
  Teach connection_ap_can_use_exit about Exclude*Nodes
  make some bug 1090 warnings go away
  Fix a memory leak when parsing a ns
  Fix obscure 64-bit big-endian hidserv bug
  turns out the packaging changes aren't in 0.2.1.20
  update changelog with bundle details
  Use an _actual_ fix for the byte-reverse warning.
  Use a simpler fix for the byte-reversing warning
  Fix compile warnings on Snow Leopard
  Add getinfo accepted-server-descriptor. Clean spec.
  Reduce log level for bug case that we now know really exists.
  Only send reachability status events on overall success/failure
  update the README instructions and OS X makefiles
  Avoid segfault when accessing hidden service.
  ...
This commit is contained in:
Peter Palfrader 2009-11-13 19:01:22 +01:00
commit 0e74939671
40 changed files with 527 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
ChangeLog
View File

@ -1,7 +1,74 @@
Changes in version 0.2.1.19 - 2009-07-28
Changes in version 0.2.1.20 - 2009-10-15
o Major bugfixes:
- Make accessing hidden services on 0.2.1.x work right
again. Bugfix on 0.2.1.3-alpha; workaround for bug 1038.
- Send circuit or stream sendme cells when our window has decreased
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
by Karsten when testing the "reduce circuit window" performance
patch. Bugfix on the 54th commit on Tor -- from July 2002,
before the release of Tor 0.0.0. This is the new winner of the
oldest-bug prize.
- Fix a remotely triggerable memory leak when a consensus document
contains more than one signature from the same voter. Bugfix on
0.2.0.3-alpha.
- Avoid segfault in rare cases when finishing an introduction circuit
as a client and finding out that we don't have an introduction key
for it. Fixes bug 1073. Reported by Aaron Swartz.
o Major features:
- Tor now reads the "circwindow" parameter out of the consensus,
and uses that value for its circuit package window rather than the
default of 1000 cells. Begins the implementation of proposal 168.
o New directory authorities:
- Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
authority.
- Move moria1 and tonga to alternate IP addresses.
o Minor bugfixes:
- Fix a signed/unsigned compile warning in 0.2.1.19.
- Fix possible segmentation fault on directory authorities. Bugfix on
0.2.1.14-rc.
- Fix an extremely rare infinite recursion bug that could occur if
we tried to log a message after shutting down the log subsystem.
Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
- Fix an obscure bug where hidden services on 64-bit big-endian
systems might mis-read the timestamp in v3 introduce cells, and
refuse to connect back to the client. Discovered by "rotor".
Bugfix on 0.2.1.6-alpha.
- We were triggering a CLOCK_SKEW controller status event whenever
we connect via the v2 connection protocol to any relay that has
a wrong clock. Instead, we should only inform the controller when
it's a trusted authority that claims our clock is wrong. Bugfix
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
- We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
- Don't warn when we're using a circuit that ends with a node
excluded in ExcludeExitNodes, but the circuit is not used to access
the outside world. This should help fix bug 1090. Bugfix on
0.2.1.6-alpha.
- Work around a small memory leak in some versions of OpenSSL that
stopped the memory used by the hostname TLS extension from being
freed.
o Minor features:
- Add a "getinfo status/accepted-server-descriptor" controller
command, which is the recommended way for controllers to learn
whether our server descriptor has been successfully received by at
least on directory authority. Un-recommend good-server-descriptor
getinfo and status events until we have a better design for them.
Changes in version 0.2.1.19 - 2009-07-28
Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
services on Tor 0.2.1.3-alpha through 0.2.1.18.
o Major bugfixes:
- Make accessing hidden services on 0.2.1.x work right again.
Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
part of patch provided by "optimist".
o Minor features:
- When a relay/bridge is writing out its identity key fingerprint to
@ -20,6 +87,12 @@ Changes in version 0.2.1.19 - 2009-07-28
Changes in version 0.2.1.18 - 2009-07-24
Tor 0.2.1.18 lays the foundations for performance improvements,
adds status events to help users diagnose bootstrap problems, adds
optional authentication/authorization for hidden services, fixes a
variety of potential anonymity problems, and includes a huge pile of
other features and bug fixes.
o Build fixes:
- Add LIBS=-lrt to Makefile.am so the Tor RPMs use a static libevent.
@ -82,6 +155,37 @@ Changes in version 0.2.1.17-rc - 2009-07-07
further bugs for relays on dynamic IP addresses.
Changes in version 0.2.0.35 - 2009-06-24
o Security fix:
- Avoid crashing in the presence of certain malformed descriptors.
Found by lark, and by automated fuzzing.
- Fix an edge case where a malicious exit relay could convince a
controller that the client's DNS question resolves to an internal IP
address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
o Major bugfixes:
- Finally fix the bug where dynamic-IP relays disappear when their
IP address changes: directory mirrors were mistakenly telling
them their old address if they asked via begin_dir, so they
never got an accurate answer about their new address, so they
just vanished after a day. For belt-and-suspenders, relays that
don't set Address in their config now avoid using begin_dir for
all direct connections. Should fix bugs 827, 883, and 900.
- Fix a timing-dependent, allocator-dependent, DNS-related crash bug
that would occur on some exit nodes when DNS failures and timeouts
occurred in certain patterns. Fix for bug 957.
o Minor bugfixes:
- When starting with a cache over a few days old, do not leak
memory for the obsolete router descriptors in it. Bugfix on
0.2.0.33; fixes bug 672.
- Hidden service clients didn't use a cached service descriptor that
was older than 15 minutes, but wouldn't fetch a new one either,
because there was already one in the cache. Now, fetch a v2
descriptor unless the same descriptor was added to the cache within
the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
Changes in version 0.2.1.16-rc - 2009-06-20
Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
a bunch of minor bugs.

31
ReleaseNotes
View File

@ -3,7 +3,38 @@ This document summarizes new features and bugfixes in each stable release
of Tor. If you want to see more detailed descriptions of the changes in
each development snapshot, see the ChangeLog file.
Changes in version 0.2.1.19 - 2009-07-28
Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
services.
o Major bugfixes:
- Make accessing hidden services on 0.2.1.x work right again.
Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
part of patch provided by "optimist".
o Minor features:
- When a relay/bridge is writing out its identity key fingerprint to
the "fingerprint" file and to its logs, write it without spaces. Now
it will look like the fingerprints in our bridges documentation,
and confuse fewer users.
o Minor bugfixes:
- Relays no longer publish a new server descriptor if they change
their MaxAdvertisedBandwidth config option but it doesn't end up
changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
fixes bug 1026. Patch from Sebastian.
- Avoid leaking memory every time we get a create cell but we have
so many already queued that we refuse it. Bugfix on 0.2.0.19-alpha;
fixes bug 1034. Reported by BarkerJr.
Changes in version 0.2.1.18 - 2009-07-24
Tor 0.2.1.18 lays the foundations for performance improvements,
adds status events to help users diagnose bootstrap problems, adds
optional authentication/authorization for hidden services, fixes a
variety of potential anonymity problems, and includes a huge pile of
other features and bug fixes.
o Major features (clients):
- Start sending "bootstrap phase" status events to the controller,
so it can keep the user informed of progress fetching directory

2
configure.in
View File

@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc.
dnl See LICENSE for licensing information
AC_INIT
AM_INIT_AUTOMAKE(tor, 0.2.1.19)
AM_INIT_AUTOMAKE(tor, 0.2.1.20)
AM_CONFIG_HEADER(orconfig.h)
AC_CANONICAL_HOST

2
contrib/directory-archive/fetch-all
View File

@ -30,8 +30,8 @@ DIRSERVERS=""
DIRSERVERS="$DIRSERVERS 86.59.21.38:80" # tor26
DIRSERVERS="$DIRSERVERS 128.31.0.34:9031" # moria1
DIRSERVERS="$DIRSERVERS 128.31.0.34:9032" # moria2
#DIRSERVERS="$DIRSERVERS 140.247.60.64:80" # lefkada
DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum
DATEDIR=$(date "+%Y/%m/%d")
TIME=$(date "+%Y%m%d-%H%M%S")

1
contrib/directory-archive/fetch-all-v3
View File

@ -35,6 +35,7 @@ DIRSERVERS="$DIRSERVERS 80.190.246.100:80" # gabelmoo
DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum
#DIRSERVERS="$DIRSERVERS 128.31.0.34:9032" # moria2
DIRSERVERS="$DIRSERVERS 213.73.91.31:80" # dannenberg
DIRSERVERS="$DIRSERVERS 208.83.223.34:443" # urras
TIME=$(date "+%Y%m%d-%H%M%S")
. fetch-all-functions

2
contrib/osx/uninstall_tor_bundle.sh
View File

@ -134,7 +134,7 @@ fi
## clean up
echo ". Cleaning up"
rm -rf $TEMP_BOM_CONTENTS
rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/
rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/ /Library/Receipts/Privoxy.pkg /Library/Receipts/torbutton.pkg /Library/Receipts/Tor.pkg /Library/Receipts/Vidalia.pkg /Library/Receipts/TorStartup.pkg
echo ". Finished"

10
contrib/polipo/Makefile.osx
View File

@ -30,9 +30,13 @@ FILE_DEFINES = -DLOCAL_ROOT=\"$(LOCAL_ROOT)/\" \
DEFINES = $(FILE_DEFINES) $(PLATFORM_DEFINES)
UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc
LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk
CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL)
# Uncomment the UNIVERSAL, LDFLAGS, CFLAGS lines if you want universal binaries, otherwise
# you'll produce a binary only for your architecture and version of OSX
# UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc
# LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk
# CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL)
# If you uncommented the above CFLAGS, remove this next one.
CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES)
SRCS = util.c event.c io.c chunk.c atom.c object.c log.c diskcache.c main.c \
config.c local.c http.c client.c server.c auth.c tunnel.c \

2
contrib/polipo/README
View File

@ -1,4 +1,6 @@
Copyright 2007-2008 Andrew Lewman
Copyright 2009 The Tor Project
----------------
General Comments
----------------

3
contrib/tor-mingw.nsi.in
View File

@ -9,7 +9,7 @@
!include "FileFunc.nsh"
!insertmacro GetParameters
!define VERSION "0.2.1.19"
!define VERSION "0.2.1.20"
!define INSTALLER "tor-${VERSION}-win32.exe"
!define WEBSITE "https://www.torproject.org/"
!define LICENSE "LICENSE"
@ -216,6 +216,7 @@ Function un.InstallFiles
Delete "$INSTDIR\tor.ico"
Delete "$SMSTARTUP\Tor.lnk"
Delete "$INSTDIR\Uninstall.exe"
Delete "$INSTDIR\geoip"
FunctionEnd
Function un.InstallDirectories

35
doc/spec/control-spec.txt
View File

@ -558,6 +558,7 @@ $Id$
"status/circuit-established"
"status/enough-dir-info"
"status/good-server-descriptor"
"status/accepted-server-descriptor"
"status/..."
These provide the current internal Tor values for various Tor
states. See Section 4.1.10 for explanations. (Only a few of the
@ -1255,20 +1256,26 @@ $Id$
CLOCK_SKEW
SKEW="+" / "-" SECONDS
MIN_SKEW="+" / "-" SECONDS.
SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT" / "CONSENSUS"
SOURCE="DIRSERV:" IP ":" Port /
"NETWORKSTATUS:" IP ":" Port /
"OR:" IP ":" Port /
"CONSENSUS"
If "SKEW" is present, it's an estimate of how far we are from the
time declared in the source. (In other words, if we're an hour in
the past, the value is -3600.) "MIN_SKEW" is present, it's a lower
bound. If the source is a DIRSERV, we got the current time from a
connection to a dirserver. If the source is a NETWORKSTATUS, we
decided we're skewed because we got a v2 networkstatus from far in
the future. If the source is CONSENSUS, we decided we're skewed
because we got a networkstatus consensus from the future.
the future. If the source is OR, the skew comes from a NETINFO
cell from a connection to another relay. If the source is
CONSENSUS, we decided we're skewed because we got a networkstatus
consensus from the future.
{Controllers may want to warn the user if the skew is high, or if
multiple skew messages appear at severity WARN. Controllers
shouldn't blindly adjust the clock, since the more accurate source
of skew info (DIRSERV) is currently unauthenticated.}
{Tor should send this message to controllers when it thinks the
skew is so high that it will interfere with proper Tor operation.
Controllers shouldn't blindly adjust the clock, since the more
accurate source of skew info (DIRSERV) is currently
unauthenticated.}
BAD_LIBEVENT
"METHOD=" libevent method
@ -1482,18 +1489,22 @@ $Id$
We successfully uploaded our server descriptor to at least one
of the directory authorities, with no complaints.
{This event could affect the controller's idea of server status, but
the controller should not interrupt the user to tell them so.}
{Originally, the goal of this event was to declare "every authority
has accepted the descriptor, so there will be no complaints
about it." But since some authorities might be offline, it's
harder to get certainty than we had thought. As such, this event
is equivalent to ACCEPTED_SERVER_DESCRIPTOR below. Controllers
should just look at ACCEPTED_SERVER_DESCRIPTOR and should ignore
this event for now.}
NAMESERVER_STATUS
"NS=addr"
"STATUS=" "UP" / "DOWN"
"ERR=" message
One of our nameservers has changed status.
// actually notice
{This event could affect the controller's idea of server status, but
the controller should not interrupt the user to tell them so.}
{This event could affect the controller's idea of server status, but
the controller should not interrupt the user to tell them so.}
NAMESERVER_ALL_DOWN
All of our nameservers have gone down.

119
doc/tor-osx-dmg-creation.txt
View File

@ -1,24 +1,103 @@
## Instructions for building the official dmgs for OSX.
##
## The loose table of contents:
## Summary
## Single Architecture Binaries for PPC or X86, not both.
## Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X.
## Universal Binaries for OSX PPC and X86
## Each section is delineated by ###.
The following steps are the exact steps used to produce the "official"
OSX builds of tor.
Summary:
### Summary:
1) Compile and install a static version of the latest release of
libevent.
2) Acquire and install your preferred version of tor. Extract.
3) "make dist-osx"
4) You now have a dmg from which you can install Tor.
## Universal Binaries for OSX PPC and X86
## This method works in OSX 10.4 (Tiger) and newer OSX versions.
## See far below if you don't care about cross compiling for PPC and X86.
## The single architecture process starts with "###"
### Single Architecture Binaries for PPC or X86, not both.
### This method works in all versions of OSX 10.3 through 10.6
## Compiling libevent ##
1) Download the latest stable libevent from
http://www.monkey.org/~provos/libevent/
2) The first step of compiling libevent is to configure it as
follows:
./configure --enable-static --disable-shared
3) Complete the "make" and "make install". You will need to be root,
or sudo -s, to complete the "make install".
## Compiling Tor ##
4) Get your preferred version of the tor source from https://www.torproject.org. Extract the
tarball.
5) In the top level, this means /path/to/tor/, not tor/contrib/osx,
do a configure with these parameters:
CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
--bindir=/Library/Tor --sysconfdir=/Library
6) In same top level dir, do a "make dist-osx". There now exists a
.dmg file in the same directory. Install from this dmg.
### Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X.
1) Install the latest XCode updates available from http://developer.apple.com.
## Compiling libevent
## Compiling libevent ##
2) Download latest stable libevent from
http://www.monkey.org/~provos/libevent/
3) The first step of compiling libevent is to configure it as
follows:
CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \
LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
./configure --enable-static --disable-shared --disable-dependency-tracking
4) Complete the "make" and "make install". You will need to be root,
or sudo -s, to complete the "make install".
5) Check for a successful universal binary of libevent.a in, by default,
/usr/local/lib by using the following command:
"file /usr/local/lib/libevent.a"
Your output should be:
/usr/local/lib/libevent.a (for architecture i386): current ar archive random library
6) Get your preferred version of the tor source from https://www.torproject.org/download.
Extract the tarball.
7) In the top level, this means /path/to/tor/, not tor/contrib/osx,
do a configure with these parameters:
CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \
LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
CONFDIR=/Library/Tor \
./configure --prefix=/Library/Tor --bindir=/Library/Tor \
--sysconfdir=/Library --disable-dependency-tracking
8) "make dist-osx"
9) Confirm you have created a universal binary by issuing the follow command:
"file src/or/tor". Its output should be as follows:
src/or/tor (for architecture i386): Mach-O executable i386
10) There should exist in the top-level directory a
Tor-$VERSION-universal-Bundle.dmg
11) Congrats. You have a backwards-compatible binary. You are now ready to install Tor.
### Universal Binaries for OSX PPC and X86
### This method works in OSX 10.4 (Tiger) and newer OSX versions.
1) Install the latest XCode updates available from http://developer.apple.com.
## Compiling libevent ##
2) Download latest stable libevent from
http://www.monkey.org/~provos/libevent/
@ -64,31 +143,3 @@ src/or/tor (for architecture ppc): Mach-O executable ppc
Tor-$VERSION-universal-Bundle.dmg
11) Congrats. You have a universal binary. You are now ready to install Tor.
### Single Architecture Binaries for PPC or X86, not both.
### This method works in all versions of OSX 10.3 through 10.5
### Compiling libevent
1) Download the latest stable libevent from
http://www.monkey.org/~provos/libevent/
2) The first step of compiling libevent is to configure it as
follows:
./configure --enable-static --disable-shared
3) Complete the "make" and "make install". You will need to be root,
or sudo -s, to complete the "make install".
### Compiling Tor
4) Get your preferred version of the tor source from https://www.torproject.org. Extract the
tarball.
5) In the top level, this means /path/to/tor/, not tor/contrib/osx,
do a configure with these parameters:
CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
--bindir=/Library/Tor --sysconfdir=/Library
6) In same top level dir, do a "make dist-osx". There now exists a
.dmg file in the same directory. Install from this dmg.

9
doc/tor.1.in
View File

@ -476,13 +476,15 @@ used when \fBFascistFirewall\fR is set. This option is deprecated; use
ReachableAddresses instead. (Default: 80, 443)
.LP
.TP
\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP \fIservice-name\fR
\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP [\fIservice-name\fR]
Client authorization for a hidden service. Valid onion addresses contain 16
characters in a-z2-7 plus ".onion", and valid auth cookies contain 22
characters in A-Za-z0-9+/. The service name is only used for internal
purposes, e.g., for Tor controllers. This option may be used multiple times
for different hidden services. If a hidden service uses authorization and
this option is not set, the hidden service is not accessible.
this option is not set, the hidden service is not accessible. Hidden
services can be configured to require authorization using the
\fBHiddenServiceAuthorizeClient\fR option.
.LP
.TP
\fBReachableAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP][:\fIPORT\fP]...\fP
@ -1305,7 +1307,8 @@ listed here are authorized to access the hidden service. Valid client names
are 1 to 19 characters long and only use characters in A-Za-z0-9+-_
(no spaces). If this option is set, the hidden service is not accessible
for clients without authorization any more. Generated authorization data
can be found in the hostname file.
can be found in the hostname file. Clients need to put this authorization
data in their configuration file using \fBHidServAuth\fR.
.LP
.TP
\fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP

9
src/common/address.c
View File

@ -373,10 +373,11 @@ tor_addr_parse_reverse_lookup_name(tor_addr_t *result, const char *address,
return -1; /* malformed. */
/* reverse the bytes */
inaddr.s_addr = (((inaddr.s_addr & 0x000000fful) << 24)
|((inaddr.s_addr & 0x0000ff00ul) << 8)
|((inaddr.s_addr & 0x00ff0000ul) >> 8)
|((inaddr.s_addr & 0xff000000ul) >> 24));
inaddr.s_addr = (uint32_t)
(((inaddr.s_addr & 0x000000ff) << 24)
|((inaddr.s_addr & 0x0000ff00) << 8)
|((inaddr.s_addr & 0x00ff0000) >> 8)
|((inaddr.s_addr & 0xff000000) >> 24));
if (result) {
tor_addr_from_in(result, &inaddr);

22
src/common/log.c
View File

@ -94,7 +94,8 @@ should_log_function_name(log_domain_mask_t domain, int severity)
}
/** A mutex to guard changes to logfiles and logging. */
static tor_mutex_t *log_mutex = NULL;
static tor_mutex_t log_mutex;
static int log_mutex_initialized = 0;
/** Linked list of logfile_t. */
static logfile_t *logfiles = NULL;
@ -105,9 +106,9 @@ static int syslog_count = 0;
#endif
#define LOCK_LOGS() STMT_BEGIN \
tor_mutex_acquire(log_mutex); \
tor_mutex_acquire(&log_mutex); \
STMT_END
#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(log_mutex); STMT_END
#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(&log_mutex); STMT_END
/** What's the lowest log level anybody cares about? Checking this lets us
* bail out early from log_debug if we aren't debugging. */
@ -148,8 +149,8 @@ _log_prefix(char *buf, size_t buf_len, int severity)
t = (time_t)now.tv_sec;
n = strftime(buf, buf_len, "%b %d %H:%M:%S", tor_localtime_r(&t, &tm));
r = tor_snprintf(buf+n, buf_len-n, ".%.3ld [%s] ",
(long)now.tv_usec / 1000, sev_to_string(severity));
r = tor_snprintf(buf+n, buf_len-n, ".%.3i [%s] ",
(int)now.tv_usec / 1000, sev_to_string(severity));
if (r<0)
return buf_len-1;
else
@ -448,8 +449,9 @@ logs_free_all(void)
log_free(victim);
}
tor_free(appname);
tor_mutex_free(log_mutex);
log_mutex = NULL;
/* We _could_ destroy the log mutex here, but that would screw up any logs
* that happened between here and the end of execution. */
}
/** Remove and free the log entry <b>victim</b> from the linked-list
@ -545,8 +547,10 @@ add_stream_log(const log_severity_list_t *severity,
void
init_logging(void)
{
if (!log_mutex)
log_mutex = tor_mutex_new();
if (!log_mutex_initialized) {
tor_mutex_init(&log_mutex);
log_mutex_initialized = 1;
}
}
/** Add a log handler to receive messages during startup (before the real

4
src/common/torint.h
View File

@ -119,6 +119,10 @@ typedef unsigned int uint32_t;
#endif
#endif
#ifndef INT32_MIN
#define INT32_MIN (-2147483647-1)
#endif
#if (SIZEOF_LONG == 4)
#ifndef HAVE_INT32_T
typedef signed long int32_t;

13
src/common/tortls.c
View File

@ -829,6 +829,9 @@ tor_tls_new(int sock, int isServer)
if (!SSL_set_cipher_list(result->ssl,
isServer ? SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST)) {
tls_log_errors(NULL, LOG_WARN, "setting ciphers");
#ifdef SSL_set_tlsext_host_name
SSL_set_tlsext_host_name(result->ssl, NULL);
#endif
SSL_free(result->ssl);
tor_free(result);
return NULL;
@ -839,6 +842,9 @@ tor_tls_new(int sock, int isServer)
bio = BIO_new_socket(sock, BIO_NOCLOSE);
if (! bio) {
tls_log_errors(NULL, LOG_WARN, "opening BIO");
#ifdef SSL_set_tlsext_host_name
SSL_set_tlsext_host_name(result->ssl, NULL);
#endif
SSL_free(result->ssl);
tor_free(result);
return NULL;
@ -919,6 +925,9 @@ tor_tls_free(tor_tls_t *tls)
if (!removed) {
log_warn(LD_BUG, "Freeing a TLS that was not in the ssl->tls map.");
}
#ifdef SSL_set_tlsext_host_name
SSL_set_tlsext_host_name(tls->ssl, NULL);
#endif
SSL_free(tls->ssl);
tls->ssl = NULL;
tls->negotiated_callback = NULL;
@ -1443,8 +1452,8 @@ tor_tls_used_v1_handshake(tor_tls_t *tls)
* buffer and *<b>wbuf_bytes</b> to the amount actually used. */
void
tor_tls_get_buffer_sizes(tor_tls_t *tls,
int *rbuf_capacity, int *rbuf_bytes,
int *wbuf_capacity, int *wbuf_bytes)
size_t *rbuf_capacity, size_t *rbuf_bytes,
size_t *wbuf_capacity, size_t *wbuf_bytes)
{
if (tls->ssl->s3->rbuf.buf)
*rbuf_capacity = tls->ssl->s3->rbuf.len;

4
src/common/tortls.h
View File

@ -73,8 +73,8 @@ void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
size_t *n_read, size_t *n_written);
void tor_tls_get_buffer_sizes(tor_tls_t *tls,
int *rbuf_capacity, int *rbuf_bytes,
int *wbuf_capacity, int *wbuf_bytes);
size_t *rbuf_capacity, size_t *rbuf_bytes,
size_t *wbuf_capacity, size_t *wbuf_bytes);
int tor_tls_used_v1_handshake(tor_tls_t *tls);

7
src/common/util.c
View File

@ -1816,7 +1816,8 @@ write_chunks_to_file_impl(const char *fname, const smartlist_t *chunks,
int open_flags)
{
open_file_t *file = NULL;
int fd, result;
int fd;
ssize_t result;
fd = start_writing_to_file(fname, open_flags, 0600, &file);
if (fd<0)
return -1;
@ -1901,7 +1902,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
int fd; /* router file */
struct stat statbuf;
char *string;
int r;
ssize_t r;
int bin = flags & RFTS_BIN;
tor_assert(filename);
@ -1960,7 +1961,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
* match for size. */
int save_errno = errno;
log_warn(LD_FS,"Could read only %d of %ld bytes of file \"%s\".",
r, (long)statbuf.st_size,filename);
(int)r, (long)statbuf.st_size,filename);
tor_free(string);
close(fd);
errno = save_errno;

58
src/or/circuitbuild.c
View File

@ -527,9 +527,16 @@ inform_testing_reachability(void)
routerinfo_t *me = router_get_my_routerinfo();
if (!me)
return 0;
if (me->dir_port)
control_event_server_status(LOG_NOTICE,
"CHECKING_REACHABILITY ORADDRESS=%s:%d",
me->address, me->or_port);
if (me->dir_port) {
tor_snprintf(dirbuf, sizeof(dirbuf), " and DirPort %s:%d",
me->address, me->dir_port);
control_event_server_status(LOG_NOTICE,
"CHECKING_REACHABILITY DIRADDRESS=%s:%d",
me->address, me->dir_port);
}
log(LOG_NOTICE, LD_OR, "Now checking whether ORPort %s:%d%s %s reachable... "
"(this may take up to %d minutes -- look for log "
"messages indicating success)",
@ -537,6 +544,7 @@ inform_testing_reachability(void)
me->dir_port ? dirbuf : "",
me->dir_port ? "are" : "is",
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60);
return 1;
}
@ -1436,13 +1444,16 @@ choose_good_exit_server(uint8_t purpose, routerlist_t *dir,
/** Log a warning if the user specified an exit for the circuit that
* has been excluded from use by ExcludeNodes or ExcludeExitNodes. */
static void
warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit)
{
or_options_t *options = get_options();
routerset_t *rs = options->ExcludeNodes;
const char *description;
int severity;
int domain = LD_CIRC;
uint8_t purpose = circ->_base.purpose;
if (circ->build_state->onehop_tunnel)
return;
switch (purpose)
{
@ -1455,48 +1466,40 @@ warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
(int)purpose);
return;
case CIRCUIT_PURPOSE_C_GENERAL:
if (circ->build_state->is_internal)
return;
description = "Requested exit node";
rs = options->_ExcludeExitNodesUnion;
severity = LOG_WARN;
break;
case CIRCUIT_PURPOSE_C_INTRODUCING:
case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
case CIRCUIT_PURPOSE_C_INTRODUCE_ACKED:
description = "Introduction point for hidden service";
severity = LOG_INFO;
break;
case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
case CIRCUIT_PURPOSE_S_CONNECT_REND:
case CIRCUIT_PURPOSE_S_REND_JOINED:
case CIRCUIT_PURPOSE_TESTING:
return;
case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
case CIRCUIT_PURPOSE_C_REND_READY:
case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
case CIRCUIT_PURPOSE_C_REND_JOINED:
description = "Chosen rendezvous point";
severity = LOG_WARN;
domain = LD_BUG;
break;
case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
description = "Chosen introduction point";
severity = LOG_INFO;
break;
case CIRCUIT_PURPOSE_S_CONNECT_REND:
case CIRCUIT_PURPOSE_S_REND_JOINED:
description = "Client-selected rendezvous point";
severity = LOG_INFO;
break;
case CIRCUIT_PURPOSE_TESTING:
description = "Target for testing circuit";
severity = LOG_INFO;
break;
case CIRCUIT_PURPOSE_CONTROLLER:
rs = options->_ExcludeExitNodesUnion;
description = "Controller-selected circuit target";
severity = LOG_WARN;
break;
}
if (routerset_contains_extendinfo(rs, exit))
log_fn(severity, domain, "%s '%s' is in ExcludeNodes%s. Using anyway.",
if (routerset_contains_extendinfo(rs, exit)) {
log_fn(LOG_WARN, domain, "%s '%s' is in ExcludeNodes%s. Using anyway "
"(circuit purpose %d).",
description,exit->nickname,
rs==options->ExcludeNodes?"":" or ExcludeExitNodes.");
rs==options->ExcludeNodes?"":" or ExcludeExitNodes",
(int)purpose);
circuit_log_path(LOG_WARN, domain, circ);
}
return;
}
@ -1521,7 +1524,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit)
}
if (exit) { /* the circuit-builder pre-requested one */
warn_if_last_router_excluded(circ->_base.purpose, exit);
warn_if_last_router_excluded(circ, exit);
log_info(LD_CIRC,"Using requested exit node '%s'", exit->nickname);
exit = extend_info_dup(exit);
} else { /* we have to decide one */
@ -1568,6 +1571,7 @@ int
circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit)
{
int err_reason = 0;
warn_if_last_router_excluded(circ, exit);
circuit_append_new_exit(circ, exit);
circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING);
if ((err_reason = circuit_send_next_onion_skin(circ))<0) {
@ -1825,7 +1829,7 @@ onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice)
hop->extend_info = extend_info_dup(choice);
hop->package_window = CIRCWINDOW_START;
hop->package_window = circuit_initial_package_window();
hop->deliver_window = CIRCWINDOW_START;
return 0;

15
src/or/circuitlist.c
View File

@ -361,6 +361,19 @@ circuit_purpose_to_controller_string(uint8_t purpose)
}
}
/** Pick a reasonable package_window to start out for our circuits.
* Originally this was hard-coded at 1000, but now the consensus votes
* on the answer. See proposal 168. */
int32_t
circuit_initial_package_window(void)
{
int32_t num = networkstatus_get_param(NULL, "circwindow", CIRCWINDOW_START);
/* If the consensus tells us a negative number, we'd assert. */
if (num < 0)
num = CIRCWINDOW_START;
return num;
}
/** Initialize the common elements in a circuit_t, and add it to the global
* list. */
static void
@ -368,7 +381,7 @@ init_circuit_base(circuit_t *circ)
{
circ->timestamp_created = time(NULL);
circ->package_window = CIRCWINDOW_START;
circ->package_window = circuit_initial_package_window();
circ->deliver_window = CIRCWINDOW_START;
circuit_add(circ);

5
src/or/circuituse.c
View File

@ -724,17 +724,12 @@ circuit_testing_opened(origin_circuit_t *circ)
static void
circuit_testing_failed(origin_circuit_t *circ, int at_last_hop)
{
routerinfo_t *me = router_get_my_routerinfo();
if (server_mode(get_options()) && check_whether_orport_reachable())
return;
if (!me)
return;
log_info(LD_GENERAL,
"Our testing circuit (to see if your ORPort is reachable) "
"has failed. I'll try again later.");
control_event_server_status(LOG_WARN, "REACHABILITY_FAILED ORADDRESS=%s:%d",
me->address, me->or_port);
/* These aren't used yet. */
(void)circ;

10
src/or/command.c
View File

@ -575,7 +575,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
/* Consider all the other addresses; if any matches, this connection is
* "canonical." */
tor_addr_t addr;
const char *next = decode_address_from_payload(&addr, cp, end-cp);
const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp));
if (next == NULL) {
log_fn(LOG_PROTOCOL_WARN, LD_OR,
"Bad address in netinfo cell; closing connection.");
@ -610,9 +610,11 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
conn->_base.address, (int)conn->_base.port,
apparent_skew>0 ? "ahead" : "behind", dbuf,
apparent_skew>0 ? "behind" : "ahead");
control_event_general_status(LOG_WARN,
"CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
apparent_skew, conn->_base.address, conn->_base.port);
if (severity == LOG_WARN) /* only tell the controller if an authority */
control_event_general_status(LOG_WARN,
"CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
apparent_skew,
conn->_base.address, conn->_base.port);
}
/* XXX maybe act on my_apparent_addr, if the source is sufficiently

32
src/or/config.c
View File

@ -904,14 +904,14 @@ add_default_trusted_dir_authorities(authority_type_t type)
int i;
const char *dirservers[] = {
"moria1 v1 orport=9001 v3ident=E2A2AF570166665D738736D0DD58169CC61D8A8B "
"128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
"128.31.0.39:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
"moria2 v1 orport=9002 128.31.0.34:9032 "
"719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
"tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
"86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
"dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
"194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
"Tonga orport=443 bridge no-v2 82.94.251.206:80 "
"Tonga orport=443 bridge no-v2 82.94.251.203:80 "
"4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
"ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
"216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
@ -921,6 +921,8 @@ add_default_trusted_dir_authorities(authority_type_t type)
"dannenberg orport=443 no-v2 "
"v3ident=585769C78764D58426B8B52B6651A5A71137189A "
"213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
"urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
"208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
NULL
};
for (i=0; dirservers[i]; i++) {
@ -1224,26 +1226,29 @@ options_need_geoip_info(or_options_t *options, const char **reason_out)
/** Return the bandwidthrate that we are going to report to the authorities
* based on the config options. */
int
uint32_t
get_effective_bwrate(or_options_t *options)
{
int bw = (int)options->BandwidthRate;
uint64_t bw = options->BandwidthRate;
if (bw > options->MaxAdvertisedBandwidth)
bw = (int)options->MaxAdvertisedBandwidth;
bw = options->MaxAdvertisedBandwidth;
if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate)
bw = (int)options->RelayBandwidthRate;
return bw;
bw = options->RelayBandwidthRate;
/* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
return (uint32_t)bw;
}
/** Return the bandwidthburst that we are going to report to the authorities
* based on the config options. */
int
uint32_t
get_effective_bwburst(or_options_t *options)
{
int bw = (int)options->BandwidthBurst;
uint64_t bw = options->BandwidthBurst;
if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst)
bw = (int)options->RelayBandwidthBurst;
return bw;
bw = options->RelayBandwidthBurst;
/* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
return (uint32_t)bw;
}
/** Fetch the active option list, and take actions based on it. All of the
@ -2499,7 +2504,8 @@ is_local_addr(const tor_addr_t *addr)
* the same /24 as last_resolved_addr will be the same as checking whether
* it was on net 0, which is already done by is_internal_IP.
*/
if ((last_resolved_addr & 0xffffff00ul) == (ip & 0xffffff00ul))
if ((last_resolved_addr & (uint32_t)0xffffff00ul)
== (ip & (uint32_t)0xffffff00ul))
return 1;
}
return 0;
@ -4182,7 +4188,7 @@ options_init_from_string(const char *cf,
err:
config_free(&options_format, newoptions);
if (*msg) {
int len = strlen(*msg)+256;
int len = (int)strlen(*msg)+256;
char *newmsg = tor_malloc(len);
tor_snprintf(newmsg, len, "Failed to parse/validate config: %s", *msg);

8
src/or/control.c
View File

@ -1789,7 +1789,11 @@ getinfo_helper_events(control_connection_t *control_conn,
*answer = tor_strdup(has_completed_circuit ? "1" : "0");
} else if (!strcmp(question, "status/enough-dir-info")) {
*answer = tor_strdup(router_have_minimum_dir_info() ? "1" : "0");
} else if (!strcmp(question, "status/good-server-descriptor")) {
} else if (!strcmp(question, "status/good-server-descriptor") ||
!strcmp(question, "status/accepted-server-descriptor")) {
/* They're equivalent for now, until we can figure out how to make
* good-server-descriptor be what we want. See comment in
* control-spec.txt. */
*answer = tor_strdup(directories_have_accepted_server_descriptor()
? "1" : "0");
} else if (!strcmp(question, "status/reachability-succeeded/or")) {
@ -2597,7 +2601,7 @@ handle_control_resolve(control_connection_t *conn, uint32_t len,
int is_reverse = 0;
(void) len; /* body is nul-terminated; it's safe to ignore the length */
if (!(conn->event_mask & (1L<<EVENT_ADDRMAP))) {
if (!(conn->event_mask & ((uint32_t)1L<<EVENT_ADDRMAP))) {
log_warn(LD_CONTROL, "Controller asked us to resolve an address, but "
"isn't listening for ADDRMAP events. It probably won't see "
"the answer.");

9
src/or/directory.c
View File

@ -554,11 +554,6 @@ void
connection_dir_request_failed(dir_connection_t *conn)
{
if (directory_conn_is_self_reachability_test(conn)) {
routerinfo_t *me = router_get_my_routerinfo();
if (me)
control_event_server_status(LOG_WARN,
"REACHABILITY_FAILED DIRADDRESS=%s:%d",
me->address, me->dir_port);
return; /* this was a test fetch. don't retry. */
}
if (entry_list_can_grow(get_options()))
@ -877,7 +872,7 @@ static char *
directory_get_consensus_url(int supports_conditional_consensus)
{
char *url;
int len;
size_t len;
if (supports_conditional_consensus) {
char *authority_id_list;
@ -2347,7 +2342,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url)
need_at_least = smartlist_len(want_authorities)/2+1;
SMARTLIST_FOREACH(want_authorities, const char *, d, {
char want_digest[DIGEST_LEN];
int want_len = strlen(d)/2;
size_t want_len = strlen(d)/2;
if (want_len > DIGEST_LEN)
want_len = DIGEST_LEN;

7
src/or/dirserv.c
View File

@ -652,8 +652,8 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
/** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
* the list of server descriptors. Set *<b>msg</b> to a message that should be
* passed back to the origin of this descriptor. Use <b>source</b> to produce
* better log messages.
* passed back to the origin of this descriptor, or NULL if there is no such
* message. Use <b>source</b> to produce better log messages.
*
* Return the status of the operation
*
@ -667,6 +667,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
routerinfo_t *ri_old;
char *desc, *nickname;
size_t desclen = 0;
*msg = NULL;
/* If it's too big, refuse it now. Otherwise we'll cache it all over the
* network and it'll clog everything up. */
@ -718,7 +719,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
log_info(LD_DIRSERV,
"Did not add descriptor from '%s' (source: %s): %s.",
nickname, source, *msg);
nickname, source, *msg ? *msg : "(no message)");
} else {
smartlist_t *changed;
control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);

6
src/or/eventdns.c
View File

@ -2385,7 +2385,7 @@ out1:
/* exported function */
int
evdns_nameserver_add(unsigned long int address) {
evdns_nameserver_add(uint32_t address) {
struct sockaddr_in sin;
memset(&sin, 0, sizeof(sin));
sin.sin_family = AF_INET;
@ -2416,13 +2416,13 @@ evdns_nameserver_ip_add(const char *ip_as_string) {
cp = strchr(ip_as_string, ':');
if (*ip_as_string == '[') {
int len;
size_t len;
if (!(cp = strchr(ip_as_string, ']'))) {
log(EVDNS_LOG_DEBUG, "Nameserver missing closing ]");
return 4;
}
len = cp-(ip_as_string + 1);
if (len > (int)sizeof(buf)-1) {
if (len > sizeof(buf)-1) {
log(EVDNS_LOG_DEBUG, "[Nameserver] does not fit in buffer.");
return 4;
}

4
src/or/eventdns.h
View File

@ -112,7 +112,7 @@
*
* API reference:
*
* int evdns_nameserver_add(unsigned long int address)
* int evdns_nameserver_add(uint32_t address)
* Add a nameserver. The address should be an IP address in
* network byte order. The type of address is chosen so that
* it matches in_addr.s_addr.
@ -258,7 +258,7 @@ typedef void (*evdns_callback_type) (int result, char type, int count, int ttl,
int evdns_init(void);
void evdns_shutdown(int fail_requests);
const char *evdns_err_to_string(int err);
int evdns_nameserver_add(unsigned long int address);
int evdns_nameserver_add(uint32_t address);
int evdns_count_nameservers(void);
int evdns_clear_nameservers_and_suspend(void);
int evdns_resume(void);

17
src/or/main.c
View File

@ -1185,17 +1185,26 @@ second_elapsed_callback(int fd, short event, void *args)
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
/* every 20 minutes, check and complain if necessary */
routerinfo_t *me = router_get_my_routerinfo();
if (me && !check_whether_orport_reachable())
if (me && !check_whether_orport_reachable()) {
log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that "
"its ORPort is reachable. Please check your firewalls, ports, "
"address, /etc/hosts file, etc.",
me->address, me->or_port);
if (me && !check_whether_dirport_reachable())
control_event_server_status(LOG_WARN,
"REACHABILITY_FAILED ORADDRESS=%s:%d",
me->address, me->or_port);
}
if (me && !check_whether_dirport_reachable()) {
log_warn(LD_CONFIG,
"Your server (%s:%d) has not managed to confirm that its "
"DirPort is reachable. Please check your firewalls, ports, "
"address, /etc/hosts file, etc.",
me->address, me->dir_port);
control_event_server_status(LOG_WARN,
"REACHABILITY_FAILED DIRADDRESS=%s:%d",
me->address, me->dir_port);
}
}
/** If more than this many seconds have elapsed, probably the clock
@ -1599,7 +1608,7 @@ dumpstats(int severity)
{
time_t now = time(NULL);
time_t elapsed;
int rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
size_t rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
log(severity, LD_GENERAL, "Dumping stats:");
@ -1635,7 +1644,7 @@ dumpstats(int severity)
log(severity, LD_GENERAL,
"Conn %d: %d/%d bytes used on OpenSSL read buffer; "
"%d/%d bytes used on write buffer.",
i, rbuf_len, rbuf_cap, wbuf_len, wbuf_cap);
i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap);
}
}
}

35
src/or/networkstatus.c
View File

@ -286,6 +286,10 @@ networkstatus_vote_free(networkstatus_t *ns)
SMARTLIST_FOREACH(ns->known_flags, char *, c, tor_free(c));
smartlist_free(ns->known_flags);
}
if (ns->net_params) {
SMARTLIST_FOREACH(ns->net_params, char *, c, tor_free(c));
smartlist_free(ns->net_params);
}
if (ns->supported_methods) {
SMARTLIST_FOREACH(ns->supported_methods, char *, c, tor_free(c));
smartlist_free(ns->supported_methods);
@ -1884,6 +1888,37 @@ networkstatus_dump_bridge_status_to_file(time_t now)
tor_free(status);
}
/** Return the value of a integer parameter from the networkstatus <b>ns</b>
* whose name is <b>param_name</b>. If <b>ns</b> is NULL, try loading the
* latest consensus ourselves. Return <b>default_val</b> if no latest
* consensus, or if it has no parameter called <b>param_name</b>. */
int32_t
networkstatus_get_param(networkstatus_t *ns, const char *param_name,
int32_t default_val)
{
size_t name_len;
if (!ns) /* if they pass in null, go find it ourselves */
ns = networkstatus_get_latest_consensus();
if (!ns || !ns->net_params)
return default_val;
name_len = strlen(param_name);
SMARTLIST_FOREACH_BEGIN(ns->net_params, const char *, p) {
if (!strcmpstart(p, param_name) && p[name_len] == '=') {
int ok=0;
long v = tor_parse_long(p+name_len+1, 10, INT32_MIN, INT32_MAX, &ok,
NULL);
if (ok)
return (int32_t) v;
}
} SMARTLIST_FOREACH_END(p);
return default_val;
}
/** If <b>question</b> is a string beginning with "ns/" in a format the
* control interface expects for a GETINFO question, set *<b>answer</b> to a
* newly-allocated string containing networkstatus lines for the appropriate

21
src/or/or.h
View File

@ -1655,6 +1655,10 @@ typedef struct networkstatus_t {
* not listed here, the voter has no opinion on what its value should be. */
smartlist_t *known_flags;
/** List of key=value strings for the parameters in this vote or
* consensus, sorted by key. */
smartlist_t *net_params;
/** List of networkstatus_voter_info_t. For a vote, only one element
* is included. For a consensus, one element is included for every voter
* whose vote contributed to the consensus. */
@ -1849,9 +1853,9 @@ typedef struct crypt_path_t {
struct crypt_path_t *prev; /**< Link to previous crypt_path_t in the
* circuit. */
int package_window; /**< How many bytes are we allowed to originate ending
int package_window; /**< How many cells are we allowed to originate ending
* at this step? */
int deliver_window; /**< How many bytes are we willing to deliver originating
int deliver_window; /**< How many cells are we willing to deliver originating
* at this step? */
} crypt_path_t;
@ -2785,6 +2789,7 @@ void circuit_set_n_circid_orconn(circuit_t *circ, circid_t id,
or_connection_t *conn);
void circuit_set_state(circuit_t *circ, uint8_t state);
void circuit_close_all_marked(void);
int32_t circuit_initial_package_window(void);
origin_circuit_t *origin_circuit_new(void);
or_circuit_t *or_circuit_new(circid_t p_circ_id, or_connection_t *p_conn);
circuit_t *circuit_get_by_circid_orconn(circid_t circ_id,
@ -2926,8 +2931,8 @@ int options_need_geoip_info(or_options_t *options, const char **reason_out);
int getinfo_helper_config(control_connection_t *conn,
const char *question, char **answer);
int get_effective_bwrate(or_options_t *options);
int get_effective_bwburst(or_options_t *options);
uint32_t get_effective_bwrate(or_options_t *options);
uint32_t get_effective_bwburst(or_options_t *options);
#ifdef CONFIG_PRIVATE
/* Used only by config.c and test.c */
@ -3570,9 +3575,9 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
authority_cert_t *cert);
#ifdef DIRVOTE_PRIVATE
char *
format_networkstatus_vote(crypto_pk_env_t *private_key,
networkstatus_t *v3_ns);
char *format_networkstatus_vote(crypto_pk_env_t *private_key,
networkstatus_t *v3_ns);
char *dirvote_compute_params(smartlist_t *votes);
#endif
/********************************* dns.c ***************************/
@ -3787,6 +3792,8 @@ void signed_descs_update_status_from_consensus_networkstatus(
char *networkstatus_getinfo_helper_single(routerstatus_t *rs);
char *networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now);
void networkstatus_dump_bridge_status_to_file(time_t now);
int32_t networkstatus_get_param(networkstatus_t *ns, const char *param_name,
int32_t default_val);
int getinfo_helper_networkstatus(control_connection_t *conn,
const char *question, char **answer);
void networkstatus_free_all(void);

4
src/or/relay.c
View File

@ -1358,7 +1358,7 @@ connection_edge_consider_sending_sendme(edge_connection_t *conn)
return;
}
while (conn->deliver_window < STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
while (conn->deliver_window <= STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
log_debug(conn->cpath_layer?LD_APP:LD_EXIT,
"Outbuf %d, Queuing stream sendme.",
(int)conn->_base.outbuf_flushlen);
@ -1472,7 +1472,7 @@ circuit_consider_sending_sendme(circuit_t *circ, crypt_path_t *layer_hint)
{
// log_fn(LOG_INFO,"Considering: layer_hint is %s",
// layer_hint ? "defined" : "null");
while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <
while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <=
CIRCWINDOW_START - CIRCWINDOW_INCREMENT) {
log_debug(LD_CIRC,"Queuing circuit sendme.");
if (layer_hint)

15
src/or/rendclient.c
View File

@ -94,9 +94,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
}
});
if (!intro_key) {
/** XXX This case probably means that the intro point vanished while
* we were building a circuit to it. In the future, we should find
* out how that happened and whether we should kill the circuits to
* removed intro points immediately. See task 1073. */
int num_intro_points = smartlist_len(entry->parsed->intro_nodes);
if (rend_cache_lookup_entry(introcirc->rend_data->onion_address,
0, &entry) > 0) {
log_warn(LD_BUG, "We have both a v0 and a v2 rend desc for this "
log_info(LD_REND, "We have both a v0 and a v2 rend desc for this "
"service. The v2 desc doesn't contain the introduction "
"point (and key) to send an INTRODUCE1/2 cell to this "
"introduction point. Assuming the introduction point "
@ -107,9 +112,9 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
/* See flyspray task 1024. */
intro_key = entry->parsed->pk;
} else {
log_warn(LD_BUG, "Internal error: could not find intro key; we "
log_info(LD_REND, "Internal error: could not find intro key; we "
"only have a v2 rend desc with %d intro points.",
smartlist_len(entry->parsed->intro_nodes));
num_intro_points);
goto err;
}
}
@ -146,7 +151,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
REND_DESC_COOKIE_LEN);
v3_shift += 2+REND_DESC_COOKIE_LEN;
}
set_uint32(tmp+v3_shift+1, htonl(time(NULL)));
set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
v3_shift += 4;
} /* if version 2 only write version number */
else if (entry->parsed->protocols & (1<<2)) {
@ -698,7 +703,7 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
/* set the windows to default. these are the windows
* that alice thinks bob has.
*/
hop->package_window = CIRCWINDOW_START;
hop->package_window = circuit_initial_package_window();
hop->deliver_window = CIRCWINDOW_START;
onion_append_to_cpath(&circ->cpath, hop);

7
src/or/rendservice.c
View File

@ -1011,13 +1011,12 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
}
/* Check timestamp. */
memcpy((char*)&ts, buf+1+v3_shift, sizeof(uint32_t));
ts = ntohl(get_uint32(buf+1+v3_shift));
v3_shift += 4;
ts = ntohl(ts);
if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
(now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
(now - ts) < 0 ? "old" : "new");
(now - ts) < 0 ? "old" : "new");
return -1;
}
}
@ -1557,7 +1556,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
/* set the windows to default. these are the windows
* that bob thinks alice has.
*/
hop->package_window = CIRCWINDOW_START;
hop->package_window = circuit_initial_package_window();
hop->deliver_window = CIRCWINDOW_START;
onion_append_to_cpath(&circuit->cpath, hop);

19
src/or/router.c
View File

@ -544,7 +544,7 @@ init_keys(void)
/* Must be called after keys are initialized. */
mydesc = router_get_my_descriptor();
if (authdir_mode(options)) {
const char *m;
const char *m = NULL;
routerinfo_t *ri;
/* We need to add our own fingerprint so it gets recognized. */
if (dirserv_add_own_fingerprint(options->Nickname, get_identity_key())) {
@ -770,9 +770,6 @@ consider_testing_reachability(int test_or, int test_dir)
me->address, me->or_port);
circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me,
CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL);
control_event_server_status(LOG_NOTICE,
"CHECKING_REACHABILITY ORADDRESS=%s:%d",
me->address, me->or_port);
}
tor_addr_from_ipv4h(&addr, me->addr);
@ -788,10 +785,6 @@ consider_testing_reachability(int test_or, int test_dir)
DIR_PURPOSE_FETCH_SERVERDESC,
ROUTER_PURPOSE_GENERAL,
1, "authority.z", NULL, 0, 0);
control_event_server_status(LOG_NOTICE,
"CHECKING_REACHABILITY DIRADDRESS=%s:%d",
me->address, me->dir_port);
}
}
@ -807,8 +800,11 @@ router_orport_found_reachable(void)
" Publishing server descriptor." : "");
can_reach_or_port = 1;
mark_my_descriptor_dirty();
if (!me)
if (!me) { /* should never happen */
log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo "
"yet. Failing to inform controller of success.");
return;
}
control_event_server_status(LOG_NOTICE,
"REACHABILITY_SUCCEEDED ORADDRESS=%s:%d",
me->address, me->or_port);
@ -826,8 +822,11 @@ router_dirport_found_reachable(void)
can_reach_dir_port = 1;
if (!me || decide_to_advertise_dirport(get_options(), me->dir_port))
mark_my_descriptor_dirty();
if (!me)
if (!me) { /* should never happen */
log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo "
"yet. Failing to inform controller of success.");
return;
}
control_event_server_status(LOG_NOTICE,
"REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d",
me->address, me->dir_port);

44
src/or/routerparse.c
View File

@ -77,6 +77,7 @@ typedef enum {
K_VOTING_DELAY,
K_KNOWN_FLAGS,
K_PARAMS,
K_VOTE_DIGEST,
K_CONSENSUS_DIGEST,
K_CONSENSUS_METHODS,
@ -383,6 +384,7 @@ static token_rule_t networkstatus_token_table[] = {
T1("valid-until", K_VALID_UNTIL, CONCAT_ARGS, NO_OBJ ),
T1("voting-delay", K_VOTING_DELAY, GE(2), NO_OBJ ),
T1("known-flags", K_KNOWN_FLAGS, ARGS, NO_OBJ ),
T01("params", K_PARAMS, ARGS, NO_OBJ ),
T( "fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
CERTIFICATE_MEMBERS
@ -420,6 +422,7 @@ static token_rule_t networkstatus_consensus_token_table[] = {
T01("client-versions", K_CLIENT_VERSIONS, CONCAT_ARGS, NO_OBJ ),
T01("server-versions", K_SERVER_VERSIONS, CONCAT_ARGS, NO_OBJ ),
T01("consensus-method", K_CONSENSUS_METHOD, EQ(1), NO_OBJ),
T01("params", K_PARAMS, ARGS, NO_OBJ ),
END_OF_TABLE
};
@ -1917,8 +1920,9 @@ routerstatus_parse_entry_from_string(memarea_t *area,
for (i=0; i < tok->n_args; ++i) {
if (!strcmpstart(tok->args[i], "Bandwidth=")) {
int ok;
rs->bandwidth = tor_parse_ulong(strchr(tok->args[i], '=')+1, 10,
0, UINT32_MAX, &ok, NULL);
rs->bandwidth = (uint32_t)tor_parse_ulong(strchr(tok->args[i], '=')+1,
10, 0, UINT32_MAX,
&ok, NULL);
if (!ok) {
log_warn(LD_DIR, "Invalid Bandwidth %s", escaped(tok->args[i]));
goto err;
@ -2309,6 +2313,34 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
goto err;
}
tok = find_opt_by_keyword(tokens, K_PARAMS);
if (tok) {
inorder = 1;
ns->net_params = smartlist_create();
for (i = 0; i < tok->n_args; ++i) {
int ok=0;
char *eq = strchr(tok->args[i], '=');
if (!eq) {
log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
goto err;
}
tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
if (!ok) {
log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
goto err;
}
if (i > 0 && strcmp(tok->args[i-1], tok->args[i]) >= 0) {
log_warn(LD_DIR, "%s >= %s", tok->args[i-1], tok->args[i]);
inorder = 0;
}
smartlist_add(ns->net_params, tor_strdup(tok->args[i]));
}
if (!inorder) {
log_warn(LD_DIR, "params not in order");
goto err;
}
}
ns->voters = smartlist_create();
SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, _tok) {
@ -2508,6 +2540,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
} else {
if (tok->object_size >= INT_MAX)
goto err;
/* We already parsed a vote from this voter. Use the first one. */
if (v->signature) {
log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
"that contains two votes from the same voter. Ignoring "
"the second vote.");
continue;
}
v->signature = tor_memdup(tok->object_body, tok->object_size);
v->signature_len = (int) tok->object_size;
}

2
src/or/test.c
View File

@ -410,7 +410,7 @@ test_crypto_dh(void)
char p2[DH_BYTES];
char s1[DH_BYTES];
char s2[DH_BYTES];
int s1len, s2len;
ssize_t s1len, s2len;
test_eq(crypto_dh_get_bytes(dh1), DH_BYTES);
test_eq(crypto_dh_get_bytes(dh2), DH_BYTES);

4
src/tools/tor-gencert.c
View File

@ -70,7 +70,7 @@ show_help(void)
static void
crypto_log_errors(int severity, const char *doing)
{
unsigned int err;
unsigned long err;
const char *msg, *lib, *func;
while ((err = ERR_get_error()) != 0) {
msg = (const char*)ERR_reason_error_string(err);
@ -94,7 +94,7 @@ load_passphrase(void)
{
char *cp;
char buf[1024]; /* "Ought to be enough for anybody." */
int n = read_all(passphrase_fd, buf, sizeof(buf), 0);
ssize_t n = read_all(passphrase_fd, buf, sizeof(buf), 0);
if (n < 0) {
log_err(LD_GENERAL, "Couldn't read from passphrase fd: %s",
strerror(errno));

4
src/tools/tor-resolve.c
View File

@ -51,7 +51,7 @@ static void usage(void) ATTR_NORETURN;
/** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with
* <b>username</b> and <b>hostname</b> as provided. Return the number
* of bytes in the request. */
static int
static ssize_t
build_socks_resolve_request(char **out,
const char *username,
const char *hostname,
@ -184,7 +184,7 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
int s;
struct sockaddr_in socksaddr;
char *req = NULL;
int len = 0;
ssize_t len = 0;
tor_assert(hostname);
tor_assert(result_addr);

2
src/win32/orconfig.h
View File

@ -226,6 +226,6 @@
#define USING_TWOS_COMPLEMENT
/* Version number of package */
#define VERSION "0.2.1.19"
#define VERSION "0.2.1.20"