mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
Merge commit 'tor-0.2.1.20' into debian-merge
* commit 'tor-0.2.1.20': (36 commits) bump to 0.2.1.20 Move moria1 and Tonga to alternate IP addresses. read the "circwindow" parameter from the consensus Code to parse and access network parameters. Revert "Teach connection_ap_can_use_exit about Exclude*Nodes" Work around a memory leak in openssl 0.9.8g (and maybe others) Teach connection_ap_can_use_exit about Exclude*Nodes make some bug 1090 warnings go away Fix a memory leak when parsing a ns Fix obscure 64-bit big-endian hidserv bug turns out the packaging changes aren't in 0.2.1.20 update changelog with bundle details Use an _actual_ fix for the byte-reverse warning. Use a simpler fix for the byte-reversing warning Fix compile warnings on Snow Leopard Add getinfo accepted-server-descriptor. Clean spec. Reduce log level for bug case that we now know really exists. Only send reachability status events on overall success/failure update the README instructions and OS X makefiles Avoid segfault when accessing hidden service. ...
This commit is contained in:
commit
0e74939671
110
ChangeLog
110
ChangeLog
@ -1,7 +1,74 @@
|
||||
Changes in version 0.2.1.19 - 2009-07-28
|
||||
Changes in version 0.2.1.20 - 2009-10-15
|
||||
o Major bugfixes:
|
||||
- Make accessing hidden services on 0.2.1.x work right
|
||||
again. Bugfix on 0.2.1.3-alpha; workaround for bug 1038.
|
||||
- Send circuit or stream sendme cells when our window has decreased
|
||||
by 100 cells, not when it has decreased by 101 cells. Bug uncovered
|
||||
by Karsten when testing the "reduce circuit window" performance
|
||||
patch. Bugfix on the 54th commit on Tor -- from July 2002,
|
||||
before the release of Tor 0.0.0. This is the new winner of the
|
||||
oldest-bug prize.
|
||||
- Fix a remotely triggerable memory leak when a consensus document
|
||||
contains more than one signature from the same voter. Bugfix on
|
||||
0.2.0.3-alpha.
|
||||
- Avoid segfault in rare cases when finishing an introduction circuit
|
||||
as a client and finding out that we don't have an introduction key
|
||||
for it. Fixes bug 1073. Reported by Aaron Swartz.
|
||||
|
||||
o Major features:
|
||||
- Tor now reads the "circwindow" parameter out of the consensus,
|
||||
and uses that value for its circuit package window rather than the
|
||||
default of 1000 cells. Begins the implementation of proposal 168.
|
||||
|
||||
o New directory authorities:
|
||||
- Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
|
||||
authority.
|
||||
- Move moria1 and tonga to alternate IP addresses.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Fix a signed/unsigned compile warning in 0.2.1.19.
|
||||
- Fix possible segmentation fault on directory authorities. Bugfix on
|
||||
0.2.1.14-rc.
|
||||
- Fix an extremely rare infinite recursion bug that could occur if
|
||||
we tried to log a message after shutting down the log subsystem.
|
||||
Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
|
||||
- Fix an obscure bug where hidden services on 64-bit big-endian
|
||||
systems might mis-read the timestamp in v3 introduce cells, and
|
||||
refuse to connect back to the client. Discovered by "rotor".
|
||||
Bugfix on 0.2.1.6-alpha.
|
||||
- We were triggering a CLOCK_SKEW controller status event whenever
|
||||
we connect via the v2 connection protocol to any relay that has
|
||||
a wrong clock. Instead, we should only inform the controller when
|
||||
it's a trusted authority that claims our clock is wrong. Bugfix
|
||||
on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
|
||||
- We were telling the controller about CHECKING_REACHABILITY and
|
||||
REACHABILITY_FAILED status events whenever we launch a testing
|
||||
circuit or notice that one has failed. Instead, only tell the
|
||||
controller when we want to inform the user of overall success or
|
||||
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
|
||||
by SwissTorExit.
|
||||
- Don't warn when we're using a circuit that ends with a node
|
||||
excluded in ExcludeExitNodes, but the circuit is not used to access
|
||||
the outside world. This should help fix bug 1090. Bugfix on
|
||||
0.2.1.6-alpha.
|
||||
- Work around a small memory leak in some versions of OpenSSL that
|
||||
stopped the memory used by the hostname TLS extension from being
|
||||
freed.
|
||||
|
||||
o Minor features:
|
||||
- Add a "getinfo status/accepted-server-descriptor" controller
|
||||
command, which is the recommended way for controllers to learn
|
||||
whether our server descriptor has been successfully received by at
|
||||
least on directory authority. Un-recommend good-server-descriptor
|
||||
getinfo and status events until we have a better design for them.
|
||||
|
||||
|
||||
Changes in version 0.2.1.19 - 2009-07-28
|
||||
Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
|
||||
services on Tor 0.2.1.3-alpha through 0.2.1.18.
|
||||
|
||||
o Major bugfixes:
|
||||
- Make accessing hidden services on 0.2.1.x work right again.
|
||||
Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
|
||||
part of patch provided by "optimist".
|
||||
|
||||
o Minor features:
|
||||
- When a relay/bridge is writing out its identity key fingerprint to
|
||||
@ -20,6 +87,12 @@ Changes in version 0.2.1.19 - 2009-07-28
|
||||
|
||||
|
||||
Changes in version 0.2.1.18 - 2009-07-24
|
||||
Tor 0.2.1.18 lays the foundations for performance improvements,
|
||||
adds status events to help users diagnose bootstrap problems, adds
|
||||
optional authentication/authorization for hidden services, fixes a
|
||||
variety of potential anonymity problems, and includes a huge pile of
|
||||
other features and bug fixes.
|
||||
|
||||
o Build fixes:
|
||||
- Add LIBS=-lrt to Makefile.am so the Tor RPMs use a static libevent.
|
||||
|
||||
@ -82,6 +155,37 @@ Changes in version 0.2.1.17-rc - 2009-07-07
|
||||
further bugs for relays on dynamic IP addresses.
|
||||
|
||||
|
||||
Changes in version 0.2.0.35 - 2009-06-24
|
||||
o Security fix:
|
||||
- Avoid crashing in the presence of certain malformed descriptors.
|
||||
Found by lark, and by automated fuzzing.
|
||||
- Fix an edge case where a malicious exit relay could convince a
|
||||
controller that the client's DNS question resolves to an internal IP
|
||||
address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
|
||||
|
||||
o Major bugfixes:
|
||||
- Finally fix the bug where dynamic-IP relays disappear when their
|
||||
IP address changes: directory mirrors were mistakenly telling
|
||||
them their old address if they asked via begin_dir, so they
|
||||
never got an accurate answer about their new address, so they
|
||||
just vanished after a day. For belt-and-suspenders, relays that
|
||||
don't set Address in their config now avoid using begin_dir for
|
||||
all direct connections. Should fix bugs 827, 883, and 900.
|
||||
- Fix a timing-dependent, allocator-dependent, DNS-related crash bug
|
||||
that would occur on some exit nodes when DNS failures and timeouts
|
||||
occurred in certain patterns. Fix for bug 957.
|
||||
|
||||
o Minor bugfixes:
|
||||
- When starting with a cache over a few days old, do not leak
|
||||
memory for the obsolete router descriptors in it. Bugfix on
|
||||
0.2.0.33; fixes bug 672.
|
||||
- Hidden service clients didn't use a cached service descriptor that
|
||||
was older than 15 minutes, but wouldn't fetch a new one either,
|
||||
because there was already one in the cache. Now, fetch a v2
|
||||
descriptor unless the same descriptor was added to the cache within
|
||||
the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
|
||||
|
||||
|
||||
Changes in version 0.2.1.16-rc - 2009-06-20
|
||||
Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
|
||||
a bunch of minor bugs.
|
||||
|
31
ReleaseNotes
31
ReleaseNotes
@ -3,7 +3,38 @@ This document summarizes new features and bugfixes in each stable release
|
||||
of Tor. If you want to see more detailed descriptions of the changes in
|
||||
each development snapshot, see the ChangeLog file.
|
||||
|
||||
Changes in version 0.2.1.19 - 2009-07-28
|
||||
Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
|
||||
services.
|
||||
|
||||
o Major bugfixes:
|
||||
- Make accessing hidden services on 0.2.1.x work right again.
|
||||
Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
|
||||
part of patch provided by "optimist".
|
||||
|
||||
o Minor features:
|
||||
- When a relay/bridge is writing out its identity key fingerprint to
|
||||
the "fingerprint" file and to its logs, write it without spaces. Now
|
||||
it will look like the fingerprints in our bridges documentation,
|
||||
and confuse fewer users.
|
||||
|
||||
o Minor bugfixes:
|
||||
- Relays no longer publish a new server descriptor if they change
|
||||
their MaxAdvertisedBandwidth config option but it doesn't end up
|
||||
changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
|
||||
fixes bug 1026. Patch from Sebastian.
|
||||
- Avoid leaking memory every time we get a create cell but we have
|
||||
so many already queued that we refuse it. Bugfix on 0.2.0.19-alpha;
|
||||
fixes bug 1034. Reported by BarkerJr.
|
||||
|
||||
|
||||
Changes in version 0.2.1.18 - 2009-07-24
|
||||
Tor 0.2.1.18 lays the foundations for performance improvements,
|
||||
adds status events to help users diagnose bootstrap problems, adds
|
||||
optional authentication/authorization for hidden services, fixes a
|
||||
variety of potential anonymity problems, and includes a huge pile of
|
||||
other features and bug fixes.
|
||||
|
||||
o Major features (clients):
|
||||
- Start sending "bootstrap phase" status events to the controller,
|
||||
so it can keep the user informed of progress fetching directory
|
||||
|
@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc.
|
||||
dnl See LICENSE for licensing information
|
||||
|
||||
AC_INIT
|
||||
AM_INIT_AUTOMAKE(tor, 0.2.1.19)
|
||||
AM_INIT_AUTOMAKE(tor, 0.2.1.20)
|
||||
AM_CONFIG_HEADER(orconfig.h)
|
||||
|
||||
AC_CANONICAL_HOST
|
||||
|
@ -30,8 +30,8 @@ DIRSERVERS=""
|
||||
DIRSERVERS="$DIRSERVERS 86.59.21.38:80" # tor26
|
||||
DIRSERVERS="$DIRSERVERS 128.31.0.34:9031" # moria1
|
||||
DIRSERVERS="$DIRSERVERS 128.31.0.34:9032" # moria2
|
||||
#DIRSERVERS="$DIRSERVERS 140.247.60.64:80" # lefkada
|
||||
DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum
|
||||
|
||||
DATEDIR=$(date "+%Y/%m/%d")
|
||||
TIME=$(date "+%Y%m%d-%H%M%S")
|
||||
|
||||
|
@ -35,6 +35,7 @@ DIRSERVERS="$DIRSERVERS 80.190.246.100:80" # gabelmoo
|
||||
DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum
|
||||
#DIRSERVERS="$DIRSERVERS 128.31.0.34:9032" # moria2
|
||||
DIRSERVERS="$DIRSERVERS 213.73.91.31:80" # dannenberg
|
||||
DIRSERVERS="$DIRSERVERS 208.83.223.34:443" # urras
|
||||
TIME=$(date "+%Y%m%d-%H%M%S")
|
||||
|
||||
. fetch-all-functions
|
||||
|
@ -134,7 +134,7 @@ fi
|
||||
## clean up
|
||||
echo ". Cleaning up"
|
||||
rm -rf $TEMP_BOM_CONTENTS
|
||||
rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/
|
||||
rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/ /Library/Receipts/Privoxy.pkg /Library/Receipts/torbutton.pkg /Library/Receipts/Tor.pkg /Library/Receipts/Vidalia.pkg /Library/Receipts/TorStartup.pkg
|
||||
|
||||
echo ". Finished"
|
||||
|
||||
|
@ -30,9 +30,13 @@ FILE_DEFINES = -DLOCAL_ROOT=\"$(LOCAL_ROOT)/\" \
|
||||
|
||||
DEFINES = $(FILE_DEFINES) $(PLATFORM_DEFINES)
|
||||
|
||||
UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc
|
||||
LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk
|
||||
CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL)
|
||||
# Uncomment the UNIVERSAL, LDFLAGS, CFLAGS lines if you want universal binaries, otherwise
|
||||
# you'll produce a binary only for your architecture and version of OSX
|
||||
# UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc
|
||||
# LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk
|
||||
# CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL)
|
||||
# If you uncommented the above CFLAGS, remove this next one.
|
||||
CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES)
|
||||
|
||||
SRCS = util.c event.c io.c chunk.c atom.c object.c log.c diskcache.c main.c \
|
||||
config.c local.c http.c client.c server.c auth.c tunnel.c \
|
||||
|
@ -1,4 +1,6 @@
|
||||
Copyright 2007-2008 Andrew Lewman
|
||||
Copyright 2009 The Tor Project
|
||||
|
||||
----------------
|
||||
General Comments
|
||||
----------------
|
||||
|
@ -9,7 +9,7 @@
|
||||
!include "FileFunc.nsh"
|
||||
!insertmacro GetParameters
|
||||
|
||||
!define VERSION "0.2.1.19"
|
||||
!define VERSION "0.2.1.20"
|
||||
!define INSTALLER "tor-${VERSION}-win32.exe"
|
||||
!define WEBSITE "https://www.torproject.org/"
|
||||
!define LICENSE "LICENSE"
|
||||
@ -216,6 +216,7 @@ Function un.InstallFiles
|
||||
Delete "$INSTDIR\tor.ico"
|
||||
Delete "$SMSTARTUP\Tor.lnk"
|
||||
Delete "$INSTDIR\Uninstall.exe"
|
||||
Delete "$INSTDIR\geoip"
|
||||
FunctionEnd
|
||||
|
||||
Function un.InstallDirectories
|
||||
|
@ -558,6 +558,7 @@ $Id$
|
||||
"status/circuit-established"
|
||||
"status/enough-dir-info"
|
||||
"status/good-server-descriptor"
|
||||
"status/accepted-server-descriptor"
|
||||
"status/..."
|
||||
These provide the current internal Tor values for various Tor
|
||||
states. See Section 4.1.10 for explanations. (Only a few of the
|
||||
@ -1255,20 +1256,26 @@ $Id$
|
||||
CLOCK_SKEW
|
||||
SKEW="+" / "-" SECONDS
|
||||
MIN_SKEW="+" / "-" SECONDS.
|
||||
SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT" / "CONSENSUS"
|
||||
SOURCE="DIRSERV:" IP ":" Port /
|
||||
"NETWORKSTATUS:" IP ":" Port /
|
||||
"OR:" IP ":" Port /
|
||||
"CONSENSUS"
|
||||
If "SKEW" is present, it's an estimate of how far we are from the
|
||||
time declared in the source. (In other words, if we're an hour in
|
||||
the past, the value is -3600.) "MIN_SKEW" is present, it's a lower
|
||||
bound. If the source is a DIRSERV, we got the current time from a
|
||||
connection to a dirserver. If the source is a NETWORKSTATUS, we
|
||||
decided we're skewed because we got a v2 networkstatus from far in
|
||||
the future. If the source is CONSENSUS, we decided we're skewed
|
||||
because we got a networkstatus consensus from the future.
|
||||
the future. If the source is OR, the skew comes from a NETINFO
|
||||
cell from a connection to another relay. If the source is
|
||||
CONSENSUS, we decided we're skewed because we got a networkstatus
|
||||
consensus from the future.
|
||||
|
||||
{Controllers may want to warn the user if the skew is high, or if
|
||||
multiple skew messages appear at severity WARN. Controllers
|
||||
shouldn't blindly adjust the clock, since the more accurate source
|
||||
of skew info (DIRSERV) is currently unauthenticated.}
|
||||
{Tor should send this message to controllers when it thinks the
|
||||
skew is so high that it will interfere with proper Tor operation.
|
||||
Controllers shouldn't blindly adjust the clock, since the more
|
||||
accurate source of skew info (DIRSERV) is currently
|
||||
unauthenticated.}
|
||||
|
||||
BAD_LIBEVENT
|
||||
"METHOD=" libevent method
|
||||
@ -1482,18 +1489,22 @@ $Id$
|
||||
We successfully uploaded our server descriptor to at least one
|
||||
of the directory authorities, with no complaints.
|
||||
|
||||
{This event could affect the controller's idea of server status, but
|
||||
the controller should not interrupt the user to tell them so.}
|
||||
{Originally, the goal of this event was to declare "every authority
|
||||
has accepted the descriptor, so there will be no complaints
|
||||
about it." But since some authorities might be offline, it's
|
||||
harder to get certainty than we had thought. As such, this event
|
||||
is equivalent to ACCEPTED_SERVER_DESCRIPTOR below. Controllers
|
||||
should just look at ACCEPTED_SERVER_DESCRIPTOR and should ignore
|
||||
this event for now.}
|
||||
|
||||
NAMESERVER_STATUS
|
||||
"NS=addr"
|
||||
"STATUS=" "UP" / "DOWN"
|
||||
"ERR=" message
|
||||
One of our nameservers has changed status.
|
||||
// actually notice
|
||||
|
||||
{This event could affect the controller's idea of server status, but
|
||||
the controller should not interrupt the user to tell them so.}
|
||||
{This event could affect the controller's idea of server status, but
|
||||
the controller should not interrupt the user to tell them so.}
|
||||
|
||||
NAMESERVER_ALL_DOWN
|
||||
All of our nameservers have gone down.
|
||||
|
@ -1,24 +1,103 @@
|
||||
## Instructions for building the official dmgs for OSX.
|
||||
##
|
||||
## The loose table of contents:
|
||||
## Summary
|
||||
## Single Architecture Binaries for PPC or X86, not both.
|
||||
## Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X.
|
||||
## Universal Binaries for OSX PPC and X86
|
||||
## Each section is delineated by ###.
|
||||
|
||||
The following steps are the exact steps used to produce the "official"
|
||||
OSX builds of tor.
|
||||
|
||||
Summary:
|
||||
### Summary:
|
||||
1) Compile and install a static version of the latest release of
|
||||
libevent.
|
||||
2) Acquire and install your preferred version of tor. Extract.
|
||||
3) "make dist-osx"
|
||||
4) You now have a dmg from which you can install Tor.
|
||||
|
||||
## Universal Binaries for OSX PPC and X86
|
||||
## This method works in OSX 10.4 (Tiger) and newer OSX versions.
|
||||
## See far below if you don't care about cross compiling for PPC and X86.
|
||||
## The single architecture process starts with "###"
|
||||
### Single Architecture Binaries for PPC or X86, not both.
|
||||
### This method works in all versions of OSX 10.3 through 10.6
|
||||
|
||||
## Compiling libevent ##
|
||||
|
||||
1) Download the latest stable libevent from
|
||||
http://www.monkey.org/~provos/libevent/
|
||||
|
||||
2) The first step of compiling libevent is to configure it as
|
||||
follows:
|
||||
./configure --enable-static --disable-shared
|
||||
|
||||
3) Complete the "make" and "make install". You will need to be root,
|
||||
or sudo -s, to complete the "make install".
|
||||
|
||||
## Compiling Tor ##
|
||||
|
||||
4) Get your preferred version of the tor source from https://www.torproject.org. Extract the
|
||||
tarball.
|
||||
|
||||
5) In the top level, this means /path/to/tor/, not tor/contrib/osx,
|
||||
do a configure with these parameters:
|
||||
CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
|
||||
--bindir=/Library/Tor --sysconfdir=/Library
|
||||
|
||||
6) In same top level dir, do a "make dist-osx". There now exists a
|
||||
.dmg file in the same directory. Install from this dmg.
|
||||
|
||||
### Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X.
|
||||
|
||||
1) Install the latest XCode updates available from http://developer.apple.com.
|
||||
|
||||
## Compiling libevent
|
||||
## Compiling libevent ##
|
||||
|
||||
2) Download latest stable libevent from
|
||||
http://www.monkey.org/~provos/libevent/
|
||||
|
||||
3) The first step of compiling libevent is to configure it as
|
||||
follows:
|
||||
CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \
|
||||
LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
|
||||
./configure --enable-static --disable-shared --disable-dependency-tracking
|
||||
|
||||
4) Complete the "make" and "make install". You will need to be root,
|
||||
or sudo -s, to complete the "make install".
|
||||
|
||||
5) Check for a successful universal binary of libevent.a in, by default,
|
||||
/usr/local/lib by using the following command:
|
||||
"file /usr/local/lib/libevent.a"
|
||||
|
||||
Your output should be:
|
||||
/usr/local/lib/libevent.a (for architecture i386): current ar archive random library
|
||||
|
||||
6) Get your preferred version of the tor source from https://www.torproject.org/download.
|
||||
Extract the tarball.
|
||||
|
||||
7) In the top level, this means /path/to/tor/, not tor/contrib/osx,
|
||||
do a configure with these parameters:
|
||||
CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \
|
||||
LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \
|
||||
CONFDIR=/Library/Tor \
|
||||
./configure --prefix=/Library/Tor --bindir=/Library/Tor \
|
||||
--sysconfdir=/Library --disable-dependency-tracking
|
||||
|
||||
8) "make dist-osx"
|
||||
|
||||
9) Confirm you have created a universal binary by issuing the follow command:
|
||||
"file src/or/tor". Its output should be as follows:
|
||||
src/or/tor (for architecture i386): Mach-O executable i386
|
||||
|
||||
10) There should exist in the top-level directory a
|
||||
Tor-$VERSION-universal-Bundle.dmg
|
||||
|
||||
11) Congrats. You have a backwards-compatible binary. You are now ready to install Tor.
|
||||
|
||||
### Universal Binaries for OSX PPC and X86
|
||||
### This method works in OSX 10.4 (Tiger) and newer OSX versions.
|
||||
|
||||
1) Install the latest XCode updates available from http://developer.apple.com.
|
||||
|
||||
## Compiling libevent ##
|
||||
|
||||
2) Download latest stable libevent from
|
||||
http://www.monkey.org/~provos/libevent/
|
||||
@ -64,31 +143,3 @@ src/or/tor (for architecture ppc): Mach-O executable ppc
|
||||
Tor-$VERSION-universal-Bundle.dmg
|
||||
|
||||
11) Congrats. You have a universal binary. You are now ready to install Tor.
|
||||
|
||||
### Single Architecture Binaries for PPC or X86, not both.
|
||||
### This method works in all versions of OSX 10.3 through 10.5
|
||||
|
||||
### Compiling libevent
|
||||
|
||||
1) Download the latest stable libevent from
|
||||
http://www.monkey.org/~provos/libevent/
|
||||
|
||||
2) The first step of compiling libevent is to configure it as
|
||||
follows:
|
||||
./configure --enable-static --disable-shared
|
||||
|
||||
3) Complete the "make" and "make install". You will need to be root,
|
||||
or sudo -s, to complete the "make install".
|
||||
|
||||
### Compiling Tor
|
||||
|
||||
4) Get your preferred version of the tor source from https://www.torproject.org. Extract the
|
||||
tarball.
|
||||
|
||||
5) In the top level, this means /path/to/tor/, not tor/contrib/osx,
|
||||
do a configure with these parameters:
|
||||
CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \
|
||||
--bindir=/Library/Tor --sysconfdir=/Library
|
||||
|
||||
6) In same top level dir, do a "make dist-osx". There now exists a
|
||||
.dmg file in the same directory. Install from this dmg.
|
||||
|
@ -476,13 +476,15 @@ used when \fBFascistFirewall\fR is set. This option is deprecated; use
|
||||
ReachableAddresses instead. (Default: 80, 443)
|
||||
.LP
|
||||
.TP
|
||||
\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP \fIservice-name\fR
|
||||
\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP [\fIservice-name\fR]
|
||||
Client authorization for a hidden service. Valid onion addresses contain 16
|
||||
characters in a-z2-7 plus ".onion", and valid auth cookies contain 22
|
||||
characters in A-Za-z0-9+/. The service name is only used for internal
|
||||
purposes, e.g., for Tor controllers. This option may be used multiple times
|
||||
for different hidden services. If a hidden service uses authorization and
|
||||
this option is not set, the hidden service is not accessible.
|
||||
this option is not set, the hidden service is not accessible. Hidden
|
||||
services can be configured to require authorization using the
|
||||
\fBHiddenServiceAuthorizeClient\fR option.
|
||||
.LP
|
||||
.TP
|
||||
\fBReachableAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP][:\fIPORT\fP]...\fP
|
||||
@ -1305,7 +1307,8 @@ listed here are authorized to access the hidden service. Valid client names
|
||||
are 1 to 19 characters long and only use characters in A-Za-z0-9+-_
|
||||
(no spaces). If this option is set, the hidden service is not accessible
|
||||
for clients without authorization any more. Generated authorization data
|
||||
can be found in the hostname file.
|
||||
can be found in the hostname file. Clients need to put this authorization
|
||||
data in their configuration file using \fBHidServAuth\fR.
|
||||
.LP
|
||||
.TP
|
||||
\fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP
|
||||
|
@ -373,10 +373,11 @@ tor_addr_parse_reverse_lookup_name(tor_addr_t *result, const char *address,
|
||||
return -1; /* malformed. */
|
||||
|
||||
/* reverse the bytes */
|
||||
inaddr.s_addr = (((inaddr.s_addr & 0x000000fful) << 24)
|
||||
|((inaddr.s_addr & 0x0000ff00ul) << 8)
|
||||
|((inaddr.s_addr & 0x00ff0000ul) >> 8)
|
||||
|((inaddr.s_addr & 0xff000000ul) >> 24));
|
||||
inaddr.s_addr = (uint32_t)
|
||||
(((inaddr.s_addr & 0x000000ff) << 24)
|
||||
|((inaddr.s_addr & 0x0000ff00) << 8)
|
||||
|((inaddr.s_addr & 0x00ff0000) >> 8)
|
||||
|((inaddr.s_addr & 0xff000000) >> 24));
|
||||
|
||||
if (result) {
|
||||
tor_addr_from_in(result, &inaddr);
|
||||
|
@ -94,7 +94,8 @@ should_log_function_name(log_domain_mask_t domain, int severity)
|
||||
}
|
||||
|
||||
/** A mutex to guard changes to logfiles and logging. */
|
||||
static tor_mutex_t *log_mutex = NULL;
|
||||
static tor_mutex_t log_mutex;
|
||||
static int log_mutex_initialized = 0;
|
||||
|
||||
/** Linked list of logfile_t. */
|
||||
static logfile_t *logfiles = NULL;
|
||||
@ -105,9 +106,9 @@ static int syslog_count = 0;
|
||||
#endif
|
||||
|
||||
#define LOCK_LOGS() STMT_BEGIN \
|
||||
tor_mutex_acquire(log_mutex); \
|
||||
tor_mutex_acquire(&log_mutex); \
|
||||
STMT_END
|
||||
#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(log_mutex); STMT_END
|
||||
#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(&log_mutex); STMT_END
|
||||
|
||||
/** What's the lowest log level anybody cares about? Checking this lets us
|
||||
* bail out early from log_debug if we aren't debugging. */
|
||||
@ -148,8 +149,8 @@ _log_prefix(char *buf, size_t buf_len, int severity)
|
||||
t = (time_t)now.tv_sec;
|
||||
|
||||
n = strftime(buf, buf_len, "%b %d %H:%M:%S", tor_localtime_r(&t, &tm));
|
||||
r = tor_snprintf(buf+n, buf_len-n, ".%.3ld [%s] ",
|
||||
(long)now.tv_usec / 1000, sev_to_string(severity));
|
||||
r = tor_snprintf(buf+n, buf_len-n, ".%.3i [%s] ",
|
||||
(int)now.tv_usec / 1000, sev_to_string(severity));
|
||||
if (r<0)
|
||||
return buf_len-1;
|
||||
else
|
||||
@ -448,8 +449,9 @@ logs_free_all(void)
|
||||
log_free(victim);
|
||||
}
|
||||
tor_free(appname);
|
||||
tor_mutex_free(log_mutex);
|
||||
log_mutex = NULL;
|
||||
|
||||
/* We _could_ destroy the log mutex here, but that would screw up any logs
|
||||
* that happened between here and the end of execution. */
|
||||
}
|
||||
|
||||
/** Remove and free the log entry <b>victim</b> from the linked-list
|
||||
@ -545,8 +547,10 @@ add_stream_log(const log_severity_list_t *severity,
|
||||
void
|
||||
init_logging(void)
|
||||
{
|
||||
if (!log_mutex)
|
||||
log_mutex = tor_mutex_new();
|
||||
if (!log_mutex_initialized) {
|
||||
tor_mutex_init(&log_mutex);
|
||||
log_mutex_initialized = 1;
|
||||
}
|
||||
}
|
||||
|
||||
/** Add a log handler to receive messages during startup (before the real
|
||||
|
@ -119,6 +119,10 @@ typedef unsigned int uint32_t;
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifndef INT32_MIN
|
||||
#define INT32_MIN (-2147483647-1)
|
||||
#endif
|
||||
|
||||
#if (SIZEOF_LONG == 4)
|
||||
#ifndef HAVE_INT32_T
|
||||
typedef signed long int32_t;
|
||||
|
@ -829,6 +829,9 @@ tor_tls_new(int sock, int isServer)
|
||||
if (!SSL_set_cipher_list(result->ssl,
|
||||
isServer ? SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST)) {
|
||||
tls_log_errors(NULL, LOG_WARN, "setting ciphers");
|
||||
#ifdef SSL_set_tlsext_host_name
|
||||
SSL_set_tlsext_host_name(result->ssl, NULL);
|
||||
#endif
|
||||
SSL_free(result->ssl);
|
||||
tor_free(result);
|
||||
return NULL;
|
||||
@ -839,6 +842,9 @@ tor_tls_new(int sock, int isServer)
|
||||
bio = BIO_new_socket(sock, BIO_NOCLOSE);
|
||||
if (! bio) {
|
||||
tls_log_errors(NULL, LOG_WARN, "opening BIO");
|
||||
#ifdef SSL_set_tlsext_host_name
|
||||
SSL_set_tlsext_host_name(result->ssl, NULL);
|
||||
#endif
|
||||
SSL_free(result->ssl);
|
||||
tor_free(result);
|
||||
return NULL;
|
||||
@ -919,6 +925,9 @@ tor_tls_free(tor_tls_t *tls)
|
||||
if (!removed) {
|
||||
log_warn(LD_BUG, "Freeing a TLS that was not in the ssl->tls map.");
|
||||
}
|
||||
#ifdef SSL_set_tlsext_host_name
|
||||
SSL_set_tlsext_host_name(tls->ssl, NULL);
|
||||
#endif
|
||||
SSL_free(tls->ssl);
|
||||
tls->ssl = NULL;
|
||||
tls->negotiated_callback = NULL;
|
||||
@ -1443,8 +1452,8 @@ tor_tls_used_v1_handshake(tor_tls_t *tls)
|
||||
* buffer and *<b>wbuf_bytes</b> to the amount actually used. */
|
||||
void
|
||||
tor_tls_get_buffer_sizes(tor_tls_t *tls,
|
||||
int *rbuf_capacity, int *rbuf_bytes,
|
||||
int *wbuf_capacity, int *wbuf_bytes)
|
||||
size_t *rbuf_capacity, size_t *rbuf_bytes,
|
||||
size_t *wbuf_capacity, size_t *wbuf_bytes)
|
||||
{
|
||||
if (tls->ssl->s3->rbuf.buf)
|
||||
*rbuf_capacity = tls->ssl->s3->rbuf.len;
|
||||
|
@ -73,8 +73,8 @@ void tor_tls_get_n_raw_bytes(tor_tls_t *tls,
|
||||
size_t *n_read, size_t *n_written);
|
||||
|
||||
void tor_tls_get_buffer_sizes(tor_tls_t *tls,
|
||||
int *rbuf_capacity, int *rbuf_bytes,
|
||||
int *wbuf_capacity, int *wbuf_bytes);
|
||||
size_t *rbuf_capacity, size_t *rbuf_bytes,
|
||||
size_t *wbuf_capacity, size_t *wbuf_bytes);
|
||||
|
||||
int tor_tls_used_v1_handshake(tor_tls_t *tls);
|
||||
|
||||
|
@ -1816,7 +1816,8 @@ write_chunks_to_file_impl(const char *fname, const smartlist_t *chunks,
|
||||
int open_flags)
|
||||
{
|
||||
open_file_t *file = NULL;
|
||||
int fd, result;
|
||||
int fd;
|
||||
ssize_t result;
|
||||
fd = start_writing_to_file(fname, open_flags, 0600, &file);
|
||||
if (fd<0)
|
||||
return -1;
|
||||
@ -1901,7 +1902,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
|
||||
int fd; /* router file */
|
||||
struct stat statbuf;
|
||||
char *string;
|
||||
int r;
|
||||
ssize_t r;
|
||||
int bin = flags & RFTS_BIN;
|
||||
|
||||
tor_assert(filename);
|
||||
@ -1960,7 +1961,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
|
||||
* match for size. */
|
||||
int save_errno = errno;
|
||||
log_warn(LD_FS,"Could read only %d of %ld bytes of file \"%s\".",
|
||||
r, (long)statbuf.st_size,filename);
|
||||
(int)r, (long)statbuf.st_size,filename);
|
||||
tor_free(string);
|
||||
close(fd);
|
||||
errno = save_errno;
|
||||
|
@ -527,9 +527,16 @@ inform_testing_reachability(void)
|
||||
routerinfo_t *me = router_get_my_routerinfo();
|
||||
if (!me)
|
||||
return 0;
|
||||
if (me->dir_port)
|
||||
control_event_server_status(LOG_NOTICE,
|
||||
"CHECKING_REACHABILITY ORADDRESS=%s:%d",
|
||||
me->address, me->or_port);
|
||||
if (me->dir_port) {
|
||||
tor_snprintf(dirbuf, sizeof(dirbuf), " and DirPort %s:%d",
|
||||
me->address, me->dir_port);
|
||||
control_event_server_status(LOG_NOTICE,
|
||||
"CHECKING_REACHABILITY DIRADDRESS=%s:%d",
|
||||
me->address, me->dir_port);
|
||||
}
|
||||
log(LOG_NOTICE, LD_OR, "Now checking whether ORPort %s:%d%s %s reachable... "
|
||||
"(this may take up to %d minutes -- look for log "
|
||||
"messages indicating success)",
|
||||
@ -537,6 +544,7 @@ inform_testing_reachability(void)
|
||||
me->dir_port ? dirbuf : "",
|
||||
me->dir_port ? "are" : "is",
|
||||
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -1436,13 +1444,16 @@ choose_good_exit_server(uint8_t purpose, routerlist_t *dir,
|
||||
/** Log a warning if the user specified an exit for the circuit that
|
||||
* has been excluded from use by ExcludeNodes or ExcludeExitNodes. */
|
||||
static void
|
||||
warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
|
||||
warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit)
|
||||
{
|
||||
or_options_t *options = get_options();
|
||||
routerset_t *rs = options->ExcludeNodes;
|
||||
const char *description;
|
||||
int severity;
|
||||
int domain = LD_CIRC;
|
||||
uint8_t purpose = circ->_base.purpose;
|
||||
|
||||
if (circ->build_state->onehop_tunnel)
|
||||
return;
|
||||
|
||||
switch (purpose)
|
||||
{
|
||||
@ -1455,48 +1466,40 @@ warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit)
|
||||
(int)purpose);
|
||||
return;
|
||||
case CIRCUIT_PURPOSE_C_GENERAL:
|
||||
if (circ->build_state->is_internal)
|
||||
return;
|
||||
description = "Requested exit node";
|
||||
rs = options->_ExcludeExitNodesUnion;
|
||||
severity = LOG_WARN;
|
||||
break;
|
||||
case CIRCUIT_PURPOSE_C_INTRODUCING:
|
||||
case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
|
||||
case CIRCUIT_PURPOSE_C_INTRODUCE_ACKED:
|
||||
description = "Introduction point for hidden service";
|
||||
severity = LOG_INFO;
|
||||
break;
|
||||
case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
|
||||
case CIRCUIT_PURPOSE_S_CONNECT_REND:
|
||||
case CIRCUIT_PURPOSE_S_REND_JOINED:
|
||||
case CIRCUIT_PURPOSE_TESTING:
|
||||
return;
|
||||
case CIRCUIT_PURPOSE_C_ESTABLISH_REND:
|
||||
case CIRCUIT_PURPOSE_C_REND_READY:
|
||||
case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
|
||||
case CIRCUIT_PURPOSE_C_REND_JOINED:
|
||||
description = "Chosen rendezvous point";
|
||||
severity = LOG_WARN;
|
||||
domain = LD_BUG;
|
||||
break;
|
||||
case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO:
|
||||
description = "Chosen introduction point";
|
||||
severity = LOG_INFO;
|
||||
break;
|
||||
case CIRCUIT_PURPOSE_S_CONNECT_REND:
|
||||
case CIRCUIT_PURPOSE_S_REND_JOINED:
|
||||
description = "Client-selected rendezvous point";
|
||||
severity = LOG_INFO;
|
||||
break;
|
||||
case CIRCUIT_PURPOSE_TESTING:
|
||||
description = "Target for testing circuit";
|
||||
severity = LOG_INFO;
|
||||
break;
|
||||
case CIRCUIT_PURPOSE_CONTROLLER:
|
||||
rs = options->_ExcludeExitNodesUnion;
|
||||
description = "Controller-selected circuit target";
|
||||
severity = LOG_WARN;
|
||||
break;
|
||||
}
|
||||
|
||||
if (routerset_contains_extendinfo(rs, exit))
|
||||
log_fn(severity, domain, "%s '%s' is in ExcludeNodes%s. Using anyway.",
|
||||
if (routerset_contains_extendinfo(rs, exit)) {
|
||||
log_fn(LOG_WARN, domain, "%s '%s' is in ExcludeNodes%s. Using anyway "
|
||||
"(circuit purpose %d).",
|
||||
description,exit->nickname,
|
||||
rs==options->ExcludeNodes?"":" or ExcludeExitNodes.");
|
||||
rs==options->ExcludeNodes?"":" or ExcludeExitNodes",
|
||||
(int)purpose);
|
||||
circuit_log_path(LOG_WARN, domain, circ);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
@ -1521,7 +1524,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit)
|
||||
}
|
||||
|
||||
if (exit) { /* the circuit-builder pre-requested one */
|
||||
warn_if_last_router_excluded(circ->_base.purpose, exit);
|
||||
warn_if_last_router_excluded(circ, exit);
|
||||
log_info(LD_CIRC,"Using requested exit node '%s'", exit->nickname);
|
||||
exit = extend_info_dup(exit);
|
||||
} else { /* we have to decide one */
|
||||
@ -1568,6 +1571,7 @@ int
|
||||
circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit)
|
||||
{
|
||||
int err_reason = 0;
|
||||
warn_if_last_router_excluded(circ, exit);
|
||||
circuit_append_new_exit(circ, exit);
|
||||
circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING);
|
||||
if ((err_reason = circuit_send_next_onion_skin(circ))<0) {
|
||||
@ -1825,7 +1829,7 @@ onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice)
|
||||
|
||||
hop->extend_info = extend_info_dup(choice);
|
||||
|
||||
hop->package_window = CIRCWINDOW_START;
|
||||
hop->package_window = circuit_initial_package_window();
|
||||
hop->deliver_window = CIRCWINDOW_START;
|
||||
|
||||
return 0;
|
||||
|
@ -361,6 +361,19 @@ circuit_purpose_to_controller_string(uint8_t purpose)
|
||||
}
|
||||
}
|
||||
|
||||
/** Pick a reasonable package_window to start out for our circuits.
|
||||
* Originally this was hard-coded at 1000, but now the consensus votes
|
||||
* on the answer. See proposal 168. */
|
||||
int32_t
|
||||
circuit_initial_package_window(void)
|
||||
{
|
||||
int32_t num = networkstatus_get_param(NULL, "circwindow", CIRCWINDOW_START);
|
||||
/* If the consensus tells us a negative number, we'd assert. */
|
||||
if (num < 0)
|
||||
num = CIRCWINDOW_START;
|
||||
return num;
|
||||
}
|
||||
|
||||
/** Initialize the common elements in a circuit_t, and add it to the global
|
||||
* list. */
|
||||
static void
|
||||
@ -368,7 +381,7 @@ init_circuit_base(circuit_t *circ)
|
||||
{
|
||||
circ->timestamp_created = time(NULL);
|
||||
|
||||
circ->package_window = CIRCWINDOW_START;
|
||||
circ->package_window = circuit_initial_package_window();
|
||||
circ->deliver_window = CIRCWINDOW_START;
|
||||
|
||||
circuit_add(circ);
|
||||
|
@ -724,17 +724,12 @@ circuit_testing_opened(origin_circuit_t *circ)
|
||||
static void
|
||||
circuit_testing_failed(origin_circuit_t *circ, int at_last_hop)
|
||||
{
|
||||
routerinfo_t *me = router_get_my_routerinfo();
|
||||
if (server_mode(get_options()) && check_whether_orport_reachable())
|
||||
return;
|
||||
if (!me)
|
||||
return;
|
||||
|
||||
log_info(LD_GENERAL,
|
||||
"Our testing circuit (to see if your ORPort is reachable) "
|
||||
"has failed. I'll try again later.");
|
||||
control_event_server_status(LOG_WARN, "REACHABILITY_FAILED ORADDRESS=%s:%d",
|
||||
me->address, me->or_port);
|
||||
|
||||
/* These aren't used yet. */
|
||||
(void)circ;
|
||||
|
@ -575,7 +575,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
|
||||
/* Consider all the other addresses; if any matches, this connection is
|
||||
* "canonical." */
|
||||
tor_addr_t addr;
|
||||
const char *next = decode_address_from_payload(&addr, cp, end-cp);
|
||||
const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp));
|
||||
if (next == NULL) {
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_OR,
|
||||
"Bad address in netinfo cell; closing connection.");
|
||||
@ -610,9 +610,11 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn)
|
||||
conn->_base.address, (int)conn->_base.port,
|
||||
apparent_skew>0 ? "ahead" : "behind", dbuf,
|
||||
apparent_skew>0 ? "behind" : "ahead");
|
||||
control_event_general_status(LOG_WARN,
|
||||
"CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
|
||||
apparent_skew, conn->_base.address, conn->_base.port);
|
||||
if (severity == LOG_WARN) /* only tell the controller if an authority */
|
||||
control_event_general_status(LOG_WARN,
|
||||
"CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d",
|
||||
apparent_skew,
|
||||
conn->_base.address, conn->_base.port);
|
||||
}
|
||||
|
||||
/* XXX maybe act on my_apparent_addr, if the source is sufficiently
|
||||
|
@ -904,14 +904,14 @@ add_default_trusted_dir_authorities(authority_type_t type)
|
||||
int i;
|
||||
const char *dirservers[] = {
|
||||
"moria1 v1 orport=9001 v3ident=E2A2AF570166665D738736D0DD58169CC61D8A8B "
|
||||
"128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
|
||||
"128.31.0.39:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441",
|
||||
"moria2 v1 orport=9002 128.31.0.34:9032 "
|
||||
"719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF",
|
||||
"tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 "
|
||||
"86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
|
||||
"dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 "
|
||||
"194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
|
||||
"Tonga orport=443 bridge no-v2 82.94.251.206:80 "
|
||||
"Tonga orport=443 bridge no-v2 82.94.251.203:80 "
|
||||
"4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
|
||||
"ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 "
|
||||
"216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
|
||||
@ -921,6 +921,8 @@ add_default_trusted_dir_authorities(authority_type_t type)
|
||||
"dannenberg orport=443 no-v2 "
|
||||
"v3ident=585769C78764D58426B8B52B6651A5A71137189A "
|
||||
"213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
|
||||
"urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C "
|
||||
"208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
|
||||
NULL
|
||||
};
|
||||
for (i=0; dirservers[i]; i++) {
|
||||
@ -1224,26 +1226,29 @@ options_need_geoip_info(or_options_t *options, const char **reason_out)
|
||||
|
||||
/** Return the bandwidthrate that we are going to report to the authorities
|
||||
* based on the config options. */
|
||||
int
|
||||
uint32_t
|
||||
get_effective_bwrate(or_options_t *options)
|
||||
{
|
||||
int bw = (int)options->BandwidthRate;
|
||||
uint64_t bw = options->BandwidthRate;
|
||||
if (bw > options->MaxAdvertisedBandwidth)
|
||||
bw = (int)options->MaxAdvertisedBandwidth;
|
||||
bw = options->MaxAdvertisedBandwidth;
|
||||
if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate)
|
||||
bw = (int)options->RelayBandwidthRate;
|
||||
return bw;
|
||||
bw = options->RelayBandwidthRate;
|
||||
|
||||
/* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
|
||||
return (uint32_t)bw;
|
||||
}
|
||||
|
||||
/** Return the bandwidthburst that we are going to report to the authorities
|
||||
* based on the config options. */
|
||||
int
|
||||
uint32_t
|
||||
get_effective_bwburst(or_options_t *options)
|
||||
{
|
||||
int bw = (int)options->BandwidthBurst;
|
||||
uint64_t bw = options->BandwidthBurst;
|
||||
if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst)
|
||||
bw = (int)options->RelayBandwidthBurst;
|
||||
return bw;
|
||||
bw = options->RelayBandwidthBurst;
|
||||
/* ensure_bandwidth_cap() makes sure that this cast can't overflow. */
|
||||
return (uint32_t)bw;
|
||||
}
|
||||
|
||||
/** Fetch the active option list, and take actions based on it. All of the
|
||||
@ -2499,7 +2504,8 @@ is_local_addr(const tor_addr_t *addr)
|
||||
* the same /24 as last_resolved_addr will be the same as checking whether
|
||||
* it was on net 0, which is already done by is_internal_IP.
|
||||
*/
|
||||
if ((last_resolved_addr & 0xffffff00ul) == (ip & 0xffffff00ul))
|
||||
if ((last_resolved_addr & (uint32_t)0xffffff00ul)
|
||||
== (ip & (uint32_t)0xffffff00ul))
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@ -4182,7 +4188,7 @@ options_init_from_string(const char *cf,
|
||||
err:
|
||||
config_free(&options_format, newoptions);
|
||||
if (*msg) {
|
||||
int len = strlen(*msg)+256;
|
||||
int len = (int)strlen(*msg)+256;
|
||||
char *newmsg = tor_malloc(len);
|
||||
|
||||
tor_snprintf(newmsg, len, "Failed to parse/validate config: %s", *msg);
|
||||
|
@ -1789,7 +1789,11 @@ getinfo_helper_events(control_connection_t *control_conn,
|
||||
*answer = tor_strdup(has_completed_circuit ? "1" : "0");
|
||||
} else if (!strcmp(question, "status/enough-dir-info")) {
|
||||
*answer = tor_strdup(router_have_minimum_dir_info() ? "1" : "0");
|
||||
} else if (!strcmp(question, "status/good-server-descriptor")) {
|
||||
} else if (!strcmp(question, "status/good-server-descriptor") ||
|
||||
!strcmp(question, "status/accepted-server-descriptor")) {
|
||||
/* They're equivalent for now, until we can figure out how to make
|
||||
* good-server-descriptor be what we want. See comment in
|
||||
* control-spec.txt. */
|
||||
*answer = tor_strdup(directories_have_accepted_server_descriptor()
|
||||
? "1" : "0");
|
||||
} else if (!strcmp(question, "status/reachability-succeeded/or")) {
|
||||
@ -2597,7 +2601,7 @@ handle_control_resolve(control_connection_t *conn, uint32_t len,
|
||||
int is_reverse = 0;
|
||||
(void) len; /* body is nul-terminated; it's safe to ignore the length */
|
||||
|
||||
if (!(conn->event_mask & (1L<<EVENT_ADDRMAP))) {
|
||||
if (!(conn->event_mask & ((uint32_t)1L<<EVENT_ADDRMAP))) {
|
||||
log_warn(LD_CONTROL, "Controller asked us to resolve an address, but "
|
||||
"isn't listening for ADDRMAP events. It probably won't see "
|
||||
"the answer.");
|
||||
|
@ -554,11 +554,6 @@ void
|
||||
connection_dir_request_failed(dir_connection_t *conn)
|
||||
{
|
||||
if (directory_conn_is_self_reachability_test(conn)) {
|
||||
routerinfo_t *me = router_get_my_routerinfo();
|
||||
if (me)
|
||||
control_event_server_status(LOG_WARN,
|
||||
"REACHABILITY_FAILED DIRADDRESS=%s:%d",
|
||||
me->address, me->dir_port);
|
||||
return; /* this was a test fetch. don't retry. */
|
||||
}
|
||||
if (entry_list_can_grow(get_options()))
|
||||
@ -877,7 +872,7 @@ static char *
|
||||
directory_get_consensus_url(int supports_conditional_consensus)
|
||||
{
|
||||
char *url;
|
||||
int len;
|
||||
size_t len;
|
||||
|
||||
if (supports_conditional_consensus) {
|
||||
char *authority_id_list;
|
||||
@ -2347,7 +2342,7 @@ client_likes_consensus(networkstatus_t *v, const char *want_url)
|
||||
need_at_least = smartlist_len(want_authorities)/2+1;
|
||||
SMARTLIST_FOREACH(want_authorities, const char *, d, {
|
||||
char want_digest[DIGEST_LEN];
|
||||
int want_len = strlen(d)/2;
|
||||
size_t want_len = strlen(d)/2;
|
||||
if (want_len > DIGEST_LEN)
|
||||
want_len = DIGEST_LEN;
|
||||
|
||||
|
@ -652,8 +652,8 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose,
|
||||
|
||||
/** Examine the parsed server descriptor in <b>ri</b> and maybe insert it into
|
||||
* the list of server descriptors. Set *<b>msg</b> to a message that should be
|
||||
* passed back to the origin of this descriptor. Use <b>source</b> to produce
|
||||
* better log messages.
|
||||
* passed back to the origin of this descriptor, or NULL if there is no such
|
||||
* message. Use <b>source</b> to produce better log messages.
|
||||
*
|
||||
* Return the status of the operation
|
||||
*
|
||||
@ -667,6 +667,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
|
||||
routerinfo_t *ri_old;
|
||||
char *desc, *nickname;
|
||||
size_t desclen = 0;
|
||||
*msg = NULL;
|
||||
|
||||
/* If it's too big, refuse it now. Otherwise we'll cache it all over the
|
||||
* network and it'll clog everything up. */
|
||||
@ -718,7 +719,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source)
|
||||
control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg);
|
||||
log_info(LD_DIRSERV,
|
||||
"Did not add descriptor from '%s' (source: %s): %s.",
|
||||
nickname, source, *msg);
|
||||
nickname, source, *msg ? *msg : "(no message)");
|
||||
} else {
|
||||
smartlist_t *changed;
|
||||
control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg);
|
||||
|
@ -2385,7 +2385,7 @@ out1:
|
||||
|
||||
/* exported function */
|
||||
int
|
||||
evdns_nameserver_add(unsigned long int address) {
|
||||
evdns_nameserver_add(uint32_t address) {
|
||||
struct sockaddr_in sin;
|
||||
memset(&sin, 0, sizeof(sin));
|
||||
sin.sin_family = AF_INET;
|
||||
@ -2416,13 +2416,13 @@ evdns_nameserver_ip_add(const char *ip_as_string) {
|
||||
|
||||
cp = strchr(ip_as_string, ':');
|
||||
if (*ip_as_string == '[') {
|
||||
int len;
|
||||
size_t len;
|
||||
if (!(cp = strchr(ip_as_string, ']'))) {
|
||||
log(EVDNS_LOG_DEBUG, "Nameserver missing closing ]");
|
||||
return 4;
|
||||
}
|
||||
len = cp-(ip_as_string + 1);
|
||||
if (len > (int)sizeof(buf)-1) {
|
||||
if (len > sizeof(buf)-1) {
|
||||
log(EVDNS_LOG_DEBUG, "[Nameserver] does not fit in buffer.");
|
||||
return 4;
|
||||
}
|
||||
|
@ -112,7 +112,7 @@
|
||||
*
|
||||
* API reference:
|
||||
*
|
||||
* int evdns_nameserver_add(unsigned long int address)
|
||||
* int evdns_nameserver_add(uint32_t address)
|
||||
* Add a nameserver. The address should be an IP address in
|
||||
* network byte order. The type of address is chosen so that
|
||||
* it matches in_addr.s_addr.
|
||||
@ -258,7 +258,7 @@ typedef void (*evdns_callback_type) (int result, char type, int count, int ttl,
|
||||
int evdns_init(void);
|
||||
void evdns_shutdown(int fail_requests);
|
||||
const char *evdns_err_to_string(int err);
|
||||
int evdns_nameserver_add(unsigned long int address);
|
||||
int evdns_nameserver_add(uint32_t address);
|
||||
int evdns_count_nameservers(void);
|
||||
int evdns_clear_nameservers_and_suspend(void);
|
||||
int evdns_resume(void);
|
||||
|
@ -1185,17 +1185,26 @@ second_elapsed_callback(int fd, short event, void *args)
|
||||
TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) {
|
||||
/* every 20 minutes, check and complain if necessary */
|
||||
routerinfo_t *me = router_get_my_routerinfo();
|
||||
if (me && !check_whether_orport_reachable())
|
||||
if (me && !check_whether_orport_reachable()) {
|
||||
log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that "
|
||||
"its ORPort is reachable. Please check your firewalls, ports, "
|
||||
"address, /etc/hosts file, etc.",
|
||||
me->address, me->or_port);
|
||||
if (me && !check_whether_dirport_reachable())
|
||||
control_event_server_status(LOG_WARN,
|
||||
"REACHABILITY_FAILED ORADDRESS=%s:%d",
|
||||
me->address, me->or_port);
|
||||
}
|
||||
|
||||
if (me && !check_whether_dirport_reachable()) {
|
||||
log_warn(LD_CONFIG,
|
||||
"Your server (%s:%d) has not managed to confirm that its "
|
||||
"DirPort is reachable. Please check your firewalls, ports, "
|
||||
"address, /etc/hosts file, etc.",
|
||||
me->address, me->dir_port);
|
||||
control_event_server_status(LOG_WARN,
|
||||
"REACHABILITY_FAILED DIRADDRESS=%s:%d",
|
||||
me->address, me->dir_port);
|
||||
}
|
||||
}
|
||||
|
||||
/** If more than this many seconds have elapsed, probably the clock
|
||||
@ -1599,7 +1608,7 @@ dumpstats(int severity)
|
||||
{
|
||||
time_t now = time(NULL);
|
||||
time_t elapsed;
|
||||
int rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
|
||||
size_t rbuf_cap, wbuf_cap, rbuf_len, wbuf_len;
|
||||
|
||||
log(severity, LD_GENERAL, "Dumping stats:");
|
||||
|
||||
@ -1635,7 +1644,7 @@ dumpstats(int severity)
|
||||
log(severity, LD_GENERAL,
|
||||
"Conn %d: %d/%d bytes used on OpenSSL read buffer; "
|
||||
"%d/%d bytes used on write buffer.",
|
||||
i, rbuf_len, rbuf_cap, wbuf_len, wbuf_cap);
|
||||
i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -286,6 +286,10 @@ networkstatus_vote_free(networkstatus_t *ns)
|
||||
SMARTLIST_FOREACH(ns->known_flags, char *, c, tor_free(c));
|
||||
smartlist_free(ns->known_flags);
|
||||
}
|
||||
if (ns->net_params) {
|
||||
SMARTLIST_FOREACH(ns->net_params, char *, c, tor_free(c));
|
||||
smartlist_free(ns->net_params);
|
||||
}
|
||||
if (ns->supported_methods) {
|
||||
SMARTLIST_FOREACH(ns->supported_methods, char *, c, tor_free(c));
|
||||
smartlist_free(ns->supported_methods);
|
||||
@ -1884,6 +1888,37 @@ networkstatus_dump_bridge_status_to_file(time_t now)
|
||||
tor_free(status);
|
||||
}
|
||||
|
||||
/** Return the value of a integer parameter from the networkstatus <b>ns</b>
|
||||
* whose name is <b>param_name</b>. If <b>ns</b> is NULL, try loading the
|
||||
* latest consensus ourselves. Return <b>default_val</b> if no latest
|
||||
* consensus, or if it has no parameter called <b>param_name</b>. */
|
||||
int32_t
|
||||
networkstatus_get_param(networkstatus_t *ns, const char *param_name,
|
||||
int32_t default_val)
|
||||
{
|
||||
size_t name_len;
|
||||
|
||||
if (!ns) /* if they pass in null, go find it ourselves */
|
||||
ns = networkstatus_get_latest_consensus();
|
||||
|
||||
if (!ns || !ns->net_params)
|
||||
return default_val;
|
||||
|
||||
name_len = strlen(param_name);
|
||||
|
||||
SMARTLIST_FOREACH_BEGIN(ns->net_params, const char *, p) {
|
||||
if (!strcmpstart(p, param_name) && p[name_len] == '=') {
|
||||
int ok=0;
|
||||
long v = tor_parse_long(p+name_len+1, 10, INT32_MIN, INT32_MAX, &ok,
|
||||
NULL);
|
||||
if (ok)
|
||||
return (int32_t) v;
|
||||
}
|
||||
} SMARTLIST_FOREACH_END(p);
|
||||
|
||||
return default_val;
|
||||
}
|
||||
|
||||
/** If <b>question</b> is a string beginning with "ns/" in a format the
|
||||
* control interface expects for a GETINFO question, set *<b>answer</b> to a
|
||||
* newly-allocated string containing networkstatus lines for the appropriate
|
||||
|
21
src/or/or.h
21
src/or/or.h
@ -1655,6 +1655,10 @@ typedef struct networkstatus_t {
|
||||
* not listed here, the voter has no opinion on what its value should be. */
|
||||
smartlist_t *known_flags;
|
||||
|
||||
/** List of key=value strings for the parameters in this vote or
|
||||
* consensus, sorted by key. */
|
||||
smartlist_t *net_params;
|
||||
|
||||
/** List of networkstatus_voter_info_t. For a vote, only one element
|
||||
* is included. For a consensus, one element is included for every voter
|
||||
* whose vote contributed to the consensus. */
|
||||
@ -1849,9 +1853,9 @@ typedef struct crypt_path_t {
|
||||
struct crypt_path_t *prev; /**< Link to previous crypt_path_t in the
|
||||
* circuit. */
|
||||
|
||||
int package_window; /**< How many bytes are we allowed to originate ending
|
||||
int package_window; /**< How many cells are we allowed to originate ending
|
||||
* at this step? */
|
||||
int deliver_window; /**< How many bytes are we willing to deliver originating
|
||||
int deliver_window; /**< How many cells are we willing to deliver originating
|
||||
* at this step? */
|
||||
} crypt_path_t;
|
||||
|
||||
@ -2785,6 +2789,7 @@ void circuit_set_n_circid_orconn(circuit_t *circ, circid_t id,
|
||||
or_connection_t *conn);
|
||||
void circuit_set_state(circuit_t *circ, uint8_t state);
|
||||
void circuit_close_all_marked(void);
|
||||
int32_t circuit_initial_package_window(void);
|
||||
origin_circuit_t *origin_circuit_new(void);
|
||||
or_circuit_t *or_circuit_new(circid_t p_circ_id, or_connection_t *p_conn);
|
||||
circuit_t *circuit_get_by_circid_orconn(circid_t circ_id,
|
||||
@ -2926,8 +2931,8 @@ int options_need_geoip_info(or_options_t *options, const char **reason_out);
|
||||
int getinfo_helper_config(control_connection_t *conn,
|
||||
const char *question, char **answer);
|
||||
|
||||
int get_effective_bwrate(or_options_t *options);
|
||||
int get_effective_bwburst(or_options_t *options);
|
||||
uint32_t get_effective_bwrate(or_options_t *options);
|
||||
uint32_t get_effective_bwburst(or_options_t *options);
|
||||
|
||||
#ifdef CONFIG_PRIVATE
|
||||
/* Used only by config.c and test.c */
|
||||
@ -3570,9 +3575,9 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key,
|
||||
authority_cert_t *cert);
|
||||
|
||||
#ifdef DIRVOTE_PRIVATE
|
||||
char *
|
||||
format_networkstatus_vote(crypto_pk_env_t *private_key,
|
||||
networkstatus_t *v3_ns);
|
||||
char *format_networkstatus_vote(crypto_pk_env_t *private_key,
|
||||
networkstatus_t *v3_ns);
|
||||
char *dirvote_compute_params(smartlist_t *votes);
|
||||
#endif
|
||||
|
||||
/********************************* dns.c ***************************/
|
||||
@ -3787,6 +3792,8 @@ void signed_descs_update_status_from_consensus_networkstatus(
|
||||
char *networkstatus_getinfo_helper_single(routerstatus_t *rs);
|
||||
char *networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now);
|
||||
void networkstatus_dump_bridge_status_to_file(time_t now);
|
||||
int32_t networkstatus_get_param(networkstatus_t *ns, const char *param_name,
|
||||
int32_t default_val);
|
||||
int getinfo_helper_networkstatus(control_connection_t *conn,
|
||||
const char *question, char **answer);
|
||||
void networkstatus_free_all(void);
|
||||
|
@ -1358,7 +1358,7 @@ connection_edge_consider_sending_sendme(edge_connection_t *conn)
|
||||
return;
|
||||
}
|
||||
|
||||
while (conn->deliver_window < STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
|
||||
while (conn->deliver_window <= STREAMWINDOW_START - STREAMWINDOW_INCREMENT) {
|
||||
log_debug(conn->cpath_layer?LD_APP:LD_EXIT,
|
||||
"Outbuf %d, Queuing stream sendme.",
|
||||
(int)conn->_base.outbuf_flushlen);
|
||||
@ -1472,7 +1472,7 @@ circuit_consider_sending_sendme(circuit_t *circ, crypt_path_t *layer_hint)
|
||||
{
|
||||
// log_fn(LOG_INFO,"Considering: layer_hint is %s",
|
||||
// layer_hint ? "defined" : "null");
|
||||
while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <
|
||||
while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <=
|
||||
CIRCWINDOW_START - CIRCWINDOW_INCREMENT) {
|
||||
log_debug(LD_CIRC,"Queuing circuit sendme.");
|
||||
if (layer_hint)
|
||||
|
@ -94,9 +94,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
|
||||
}
|
||||
});
|
||||
if (!intro_key) {
|
||||
/** XXX This case probably means that the intro point vanished while
|
||||
* we were building a circuit to it. In the future, we should find
|
||||
* out how that happened and whether we should kill the circuits to
|
||||
* removed intro points immediately. See task 1073. */
|
||||
int num_intro_points = smartlist_len(entry->parsed->intro_nodes);
|
||||
if (rend_cache_lookup_entry(introcirc->rend_data->onion_address,
|
||||
0, &entry) > 0) {
|
||||
log_warn(LD_BUG, "We have both a v0 and a v2 rend desc for this "
|
||||
log_info(LD_REND, "We have both a v0 and a v2 rend desc for this "
|
||||
"service. The v2 desc doesn't contain the introduction "
|
||||
"point (and key) to send an INTRODUCE1/2 cell to this "
|
||||
"introduction point. Assuming the introduction point "
|
||||
@ -107,9 +112,9 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
|
||||
/* See flyspray task 1024. */
|
||||
intro_key = entry->parsed->pk;
|
||||
} else {
|
||||
log_warn(LD_BUG, "Internal error: could not find intro key; we "
|
||||
log_info(LD_REND, "Internal error: could not find intro key; we "
|
||||
"only have a v2 rend desc with %d intro points.",
|
||||
smartlist_len(entry->parsed->intro_nodes));
|
||||
num_intro_points);
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
@ -146,7 +151,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc,
|
||||
REND_DESC_COOKIE_LEN);
|
||||
v3_shift += 2+REND_DESC_COOKIE_LEN;
|
||||
}
|
||||
set_uint32(tmp+v3_shift+1, htonl(time(NULL)));
|
||||
set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL)));
|
||||
v3_shift += 4;
|
||||
} /* if version 2 only write version number */
|
||||
else if (entry->parsed->protocols & (1<<2)) {
|
||||
@ -698,7 +703,7 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request,
|
||||
/* set the windows to default. these are the windows
|
||||
* that alice thinks bob has.
|
||||
*/
|
||||
hop->package_window = CIRCWINDOW_START;
|
||||
hop->package_window = circuit_initial_package_window();
|
||||
hop->deliver_window = CIRCWINDOW_START;
|
||||
|
||||
onion_append_to_cpath(&circ->cpath, hop);
|
||||
|
@ -1011,13 +1011,12 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request,
|
||||
}
|
||||
|
||||
/* Check timestamp. */
|
||||
memcpy((char*)&ts, buf+1+v3_shift, sizeof(uint32_t));
|
||||
ts = ntohl(get_uint32(buf+1+v3_shift));
|
||||
v3_shift += 4;
|
||||
ts = ntohl(ts);
|
||||
if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
|
||||
(now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
|
||||
log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
|
||||
(now - ts) < 0 ? "old" : "new");
|
||||
(now - ts) < 0 ? "old" : "new");
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@ -1557,7 +1556,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit)
|
||||
/* set the windows to default. these are the windows
|
||||
* that bob thinks alice has.
|
||||
*/
|
||||
hop->package_window = CIRCWINDOW_START;
|
||||
hop->package_window = circuit_initial_package_window();
|
||||
hop->deliver_window = CIRCWINDOW_START;
|
||||
|
||||
onion_append_to_cpath(&circuit->cpath, hop);
|
||||
|
@ -544,7 +544,7 @@ init_keys(void)
|
||||
/* Must be called after keys are initialized. */
|
||||
mydesc = router_get_my_descriptor();
|
||||
if (authdir_mode(options)) {
|
||||
const char *m;
|
||||
const char *m = NULL;
|
||||
routerinfo_t *ri;
|
||||
/* We need to add our own fingerprint so it gets recognized. */
|
||||
if (dirserv_add_own_fingerprint(options->Nickname, get_identity_key())) {
|
||||
@ -770,9 +770,6 @@ consider_testing_reachability(int test_or, int test_dir)
|
||||
me->address, me->or_port);
|
||||
circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me,
|
||||
CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL);
|
||||
control_event_server_status(LOG_NOTICE,
|
||||
"CHECKING_REACHABILITY ORADDRESS=%s:%d",
|
||||
me->address, me->or_port);
|
||||
}
|
||||
|
||||
tor_addr_from_ipv4h(&addr, me->addr);
|
||||
@ -788,10 +785,6 @@ consider_testing_reachability(int test_or, int test_dir)
|
||||
DIR_PURPOSE_FETCH_SERVERDESC,
|
||||
ROUTER_PURPOSE_GENERAL,
|
||||
1, "authority.z", NULL, 0, 0);
|
||||
|
||||
control_event_server_status(LOG_NOTICE,
|
||||
"CHECKING_REACHABILITY DIRADDRESS=%s:%d",
|
||||
me->address, me->dir_port);
|
||||
}
|
||||
}
|
||||
|
||||
@ -807,8 +800,11 @@ router_orport_found_reachable(void)
|
||||
" Publishing server descriptor." : "");
|
||||
can_reach_or_port = 1;
|
||||
mark_my_descriptor_dirty();
|
||||
if (!me)
|
||||
if (!me) { /* should never happen */
|
||||
log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo "
|
||||
"yet. Failing to inform controller of success.");
|
||||
return;
|
||||
}
|
||||
control_event_server_status(LOG_NOTICE,
|
||||
"REACHABILITY_SUCCEEDED ORADDRESS=%s:%d",
|
||||
me->address, me->or_port);
|
||||
@ -826,8 +822,11 @@ router_dirport_found_reachable(void)
|
||||
can_reach_dir_port = 1;
|
||||
if (!me || decide_to_advertise_dirport(get_options(), me->dir_port))
|
||||
mark_my_descriptor_dirty();
|
||||
if (!me)
|
||||
if (!me) { /* should never happen */
|
||||
log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo "
|
||||
"yet. Failing to inform controller of success.");
|
||||
return;
|
||||
}
|
||||
control_event_server_status(LOG_NOTICE,
|
||||
"REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d",
|
||||
me->address, me->dir_port);
|
||||
|
@ -77,6 +77,7 @@ typedef enum {
|
||||
K_VOTING_DELAY,
|
||||
|
||||
K_KNOWN_FLAGS,
|
||||
K_PARAMS,
|
||||
K_VOTE_DIGEST,
|
||||
K_CONSENSUS_DIGEST,
|
||||
K_CONSENSUS_METHODS,
|
||||
@ -383,6 +384,7 @@ static token_rule_t networkstatus_token_table[] = {
|
||||
T1("valid-until", K_VALID_UNTIL, CONCAT_ARGS, NO_OBJ ),
|
||||
T1("voting-delay", K_VOTING_DELAY, GE(2), NO_OBJ ),
|
||||
T1("known-flags", K_KNOWN_FLAGS, ARGS, NO_OBJ ),
|
||||
T01("params", K_PARAMS, ARGS, NO_OBJ ),
|
||||
T( "fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ),
|
||||
|
||||
CERTIFICATE_MEMBERS
|
||||
@ -420,6 +422,7 @@ static token_rule_t networkstatus_consensus_token_table[] = {
|
||||
T01("client-versions", K_CLIENT_VERSIONS, CONCAT_ARGS, NO_OBJ ),
|
||||
T01("server-versions", K_SERVER_VERSIONS, CONCAT_ARGS, NO_OBJ ),
|
||||
T01("consensus-method", K_CONSENSUS_METHOD, EQ(1), NO_OBJ),
|
||||
T01("params", K_PARAMS, ARGS, NO_OBJ ),
|
||||
|
||||
END_OF_TABLE
|
||||
};
|
||||
@ -1917,8 +1920,9 @@ routerstatus_parse_entry_from_string(memarea_t *area,
|
||||
for (i=0; i < tok->n_args; ++i) {
|
||||
if (!strcmpstart(tok->args[i], "Bandwidth=")) {
|
||||
int ok;
|
||||
rs->bandwidth = tor_parse_ulong(strchr(tok->args[i], '=')+1, 10,
|
||||
0, UINT32_MAX, &ok, NULL);
|
||||
rs->bandwidth = (uint32_t)tor_parse_ulong(strchr(tok->args[i], '=')+1,
|
||||
10, 0, UINT32_MAX,
|
||||
&ok, NULL);
|
||||
if (!ok) {
|
||||
log_warn(LD_DIR, "Invalid Bandwidth %s", escaped(tok->args[i]));
|
||||
goto err;
|
||||
@ -2309,6 +2313,34 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
|
||||
goto err;
|
||||
}
|
||||
|
||||
tok = find_opt_by_keyword(tokens, K_PARAMS);
|
||||
if (tok) {
|
||||
inorder = 1;
|
||||
ns->net_params = smartlist_create();
|
||||
for (i = 0; i < tok->n_args; ++i) {
|
||||
int ok=0;
|
||||
char *eq = strchr(tok->args[i], '=');
|
||||
if (!eq) {
|
||||
log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
|
||||
goto err;
|
||||
}
|
||||
tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL);
|
||||
if (!ok) {
|
||||
log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i]));
|
||||
goto err;
|
||||
}
|
||||
if (i > 0 && strcmp(tok->args[i-1], tok->args[i]) >= 0) {
|
||||
log_warn(LD_DIR, "%s >= %s", tok->args[i-1], tok->args[i]);
|
||||
inorder = 0;
|
||||
}
|
||||
smartlist_add(ns->net_params, tor_strdup(tok->args[i]));
|
||||
}
|
||||
if (!inorder) {
|
||||
log_warn(LD_DIR, "params not in order");
|
||||
goto err;
|
||||
}
|
||||
}
|
||||
|
||||
ns->voters = smartlist_create();
|
||||
|
||||
SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, _tok) {
|
||||
@ -2508,6 +2540,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out,
|
||||
} else {
|
||||
if (tok->object_size >= INT_MAX)
|
||||
goto err;
|
||||
/* We already parsed a vote from this voter. Use the first one. */
|
||||
if (v->signature) {
|
||||
log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus "
|
||||
"that contains two votes from the same voter. Ignoring "
|
||||
"the second vote.");
|
||||
continue;
|
||||
}
|
||||
|
||||
v->signature = tor_memdup(tok->object_body, tok->object_size);
|
||||
v->signature_len = (int) tok->object_size;
|
||||
}
|
||||
|
@ -410,7 +410,7 @@ test_crypto_dh(void)
|
||||
char p2[DH_BYTES];
|
||||
char s1[DH_BYTES];
|
||||
char s2[DH_BYTES];
|
||||
int s1len, s2len;
|
||||
ssize_t s1len, s2len;
|
||||
|
||||
test_eq(crypto_dh_get_bytes(dh1), DH_BYTES);
|
||||
test_eq(crypto_dh_get_bytes(dh2), DH_BYTES);
|
||||
|
@ -70,7 +70,7 @@ show_help(void)
|
||||
static void
|
||||
crypto_log_errors(int severity, const char *doing)
|
||||
{
|
||||
unsigned int err;
|
||||
unsigned long err;
|
||||
const char *msg, *lib, *func;
|
||||
while ((err = ERR_get_error()) != 0) {
|
||||
msg = (const char*)ERR_reason_error_string(err);
|
||||
@ -94,7 +94,7 @@ load_passphrase(void)
|
||||
{
|
||||
char *cp;
|
||||
char buf[1024]; /* "Ought to be enough for anybody." */
|
||||
int n = read_all(passphrase_fd, buf, sizeof(buf), 0);
|
||||
ssize_t n = read_all(passphrase_fd, buf, sizeof(buf), 0);
|
||||
if (n < 0) {
|
||||
log_err(LD_GENERAL, "Couldn't read from passphrase fd: %s",
|
||||
strerror(errno));
|
||||
|
@ -51,7 +51,7 @@ static void usage(void) ATTR_NORETURN;
|
||||
/** Set *<b>out</b> to a newly allocated SOCKS4a resolve request with
|
||||
* <b>username</b> and <b>hostname</b> as provided. Return the number
|
||||
* of bytes in the request. */
|
||||
static int
|
||||
static ssize_t
|
||||
build_socks_resolve_request(char **out,
|
||||
const char *username,
|
||||
const char *hostname,
|
||||
@ -184,7 +184,7 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport,
|
||||
int s;
|
||||
struct sockaddr_in socksaddr;
|
||||
char *req = NULL;
|
||||
int len = 0;
|
||||
ssize_t len = 0;
|
||||
|
||||
tor_assert(hostname);
|
||||
tor_assert(result_addr);
|
||||
|
@ -226,6 +226,6 @@
|
||||
#define USING_TWOS_COMPLEMENT
|
||||
|
||||
/* Version number of package */
|
||||
#define VERSION "0.2.1.19"
|
||||
#define VERSION "0.2.1.20"
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user