nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-10 13:13:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://git@git-rw.torproject.org/tor

Browse Source
This commit is contained in:
Roger Dingledine 2010-03-05 14:25:08 -05:00
commit 368ca2a646
8 changed files with 163 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ChangeLog
View File

@ -15,6 +15,10 @@ Changes in version 0.2.2.10-alpha - 2010-??-??
circuits now only differ from fast ones in that they can use nodes
not marked with the Fast flag.
o Minor features:
- Allow disabling building of the manpages. This speeds up the
build considerably.
o Minor bugfixes:
- Fix a memleak in the EXTENDCIRCUIT logic. Spotted by coverity.
Bugfix on 0.2.2.9-alpha.
@ -23,11 +27,16 @@ Changes in version 0.2.2.10-alpha - 2010-??-??
fixes bug 1255.
- Disallow values larger than INT32_MAX for PerConnBWRate|Burst
config option. Bugfix on 0.2.2.7-alpha.
- Ship the asciidoc-helper file in the tarball, so that people can
build from source if they want to, and touching the .1.txt files
doesn't break the build. Bugfix on 0.2.2.9-alpha.
o Code simplifications and refactoring:
- Fix some urls in the exit notice file and make it XHTML1.1 strict
compliant. Based on a patch from Christian Kujau.
- Don't use sed in asciidoc-helper anymore.
- Make the build process fail if asciidoc cannot be found, and
building with asciidoc isn't disabled.
Changes in version 0.2.2.9-alpha - 2010-02-22
o Directory authority changes:
@ -115,6 +124,10 @@ Changes in version 0.2.1.25 - 2010-??-??
- When freeing a cipher, zero it out completely. We only zeroed
the first ptrsize bytes. Bugfix on tor-0.0.2pre8. Discovered
and patched by ekir. Fixes bug 1254.
- Avoid a bug that set IPs incorrectly on relays that did't set
Address to an IP address, when that address fails to resolve.
Fixes bug 1269.
o Minor bugfixes:
- Fix a dereference-then-NULL-check sequence when publishing
descriptors. Bugfix on tor-0.2.1.5-alpha. Discovered by ekir,

23
configure.in
View File

@ -49,6 +49,15 @@ AC_ARG_ENABLE(transparent,
*) AC_MSG_ERROR(bad value for --enable-transparent) ;;
esac], [transparent=true])
AC_ARG_ENABLE(asciidoc,
AS_HELP_STRING(--disable-asciidoc, don't use asciidoc (disables building of manpages)),
[case "${enableval}" in
yes) asciidoc=true ;;
no) asciidoc=false ;;
*) AC_MSG_ERROR(bad value for --disable-asciidoc) ;;
esac], [asciidoc=true])
AC_ARG_ENABLE(threads,
AS_HELP_STRING(--disable-threads, disable multi-threading support))
@ -97,6 +106,20 @@ AC_CHECK_PROG([SED],[sed],[sed],[/bin/false])
dnl check for asciidoc and a2x
AC_PATH_PROG([ASCIIDOC], [asciidoc], none)
AC_PATH_PROG([A2X], [a2x], none)
AC_PATH_PROG([XSLTPROC], [xsltproc], none)
if test x$asciidoc = xtrue ; then
if test x$ASCIIDOC = xnone ; then
AC_MSG_ERROR("Couldn't find asciidoc. reconfigure with --disable-asciidoc to build without asciidoc.")
fi
if test x$A2X = xnone ; then
AC_MSG_ERROR("Couldn't find a2x. reconfigure with --disable-asciidoc to build without a2x.")
fi
if test x$XSLTPROC = xnone ; then
AC_MSG_ERROR("Couldn't find xsltproc. reconfigure with --disable-asciidoc to build without xsltproc.")
fi
fi
AM_CONDITIONAL(USE_ASCIIDOC, test x$asciidoc = xtrue)
AC_PATH_PROG([SHA1SUM], [sha1sum], none)
AC_PATH_PROG([OPENSSL], [openssl], none)

10
doc/Makefile.am
View File

@ -13,13 +13,17 @@
# part of the source distribution, so that people without asciidoc can
# just use the .1 and .html files.
if USE_ASCIIDOC
asciidoc_files = tor tor-gencert tor-resolve torify
else
asciidoc_files =
endif
html_in = $(asciidoc_files:=.html.in)
man_in = $(asciidoc_files:=.1.in)
EXTRA_DIST = HACKING \
EXTRA_DIST = HACKING asciidoc-helper.sh \
$(html_in) $(man_in) $(asciidoc_files:=.1.txt) \
tor-osx-dmg-creation.txt tor-rpm-creation.txt \
tor-win32-mingw-creation.txt
@ -39,7 +43,7 @@ DIST_SUBDIRS = spec
# Generate the html documentation from asciidoc, but don't do
# machine-specific replacements yet
$(html_in) :
$(top_srcdir)/doc/asciidoc-helper.sh html @ASCIIDOC@ @SED@ $(top_srcdir)/doc/$@
$(top_srcdir)/doc/asciidoc-helper.sh html @ASCIIDOC@ $(top_srcdir)/doc/$@
tor.html.in : tor.1.txt
torify.html.in : torify.1.txt
@ -49,7 +53,7 @@ tor-resolve.html.in : tor-resolve.1.txt
# Generate the manpage from asciidoc, but don't do
# machine-specific replacements yet
$(man_in) :
$(top_srcdir)/doc/asciidoc-helper.sh man @A2X@ @SED@ $(top_srcdir)/doc/$@
$(top_srcdir)/doc/asciidoc-helper.sh man @A2X@ $(top_srcdir)/doc/$@
tor.1.in : tor.1.txt
torify.1.in : torify.1.txt

47
doc/asciidoc-helper.sh
View File

@ -4,51 +4,34 @@
# See LICENSE for licensing information
# Run this to generate .html.in or .1.in files from asciidoc files.
# Arguments:
# html|man asciidocpath sedpath outputfile
# html|man asciidocpath outputfile
set -e
if [ $# != 4 ]; then
if [ $# != 3 ]; then
exit 1;
fi
output=$4
input=`echo $output | $3 -e 's/html\.in$/1\.txt/g' -e 's/1\.in$/1\.txt/g'`
base=`echo $output | $3 -e 's/\.html\.in$//g' -e 's/\.1\.in$//g'`
output=$3
if [ "$1" = "html" ]; then
if [ "$2" != none ]; then
"$2" -d manpage -o $output $input;
else
echo "==================================";
echo;
echo "The manpage in html form for $base will ";
echo "NOT be available, because asciidoc doesn't appear to be ";
echo "installed!";
echo;
echo "==================================";
fi
input=${output%%.html.in}.1.txt
base=${output%%.html.in}
"$2" -d manpage -o $output $input;
elif [ "$1" = "man" ]; then
if test "$2" != none; then
if $2 -f manpage $input; then
mv $base.1 $output;
else
echo "==================================";
echo;
echo "a2x is installed, but some required docbook support files are";
echo "missing. Please install docbook-xsl and docbook-xml (Debian)";
echo "or similar.";
echo;
echo "==================================";
fi;
input=${output%%.1.in}.1.txt
base=${output%%.1.in}
if "$2" -f manpage $input; then
mv $base.1 $output;
else
echo "==================================";
echo;
echo "The manpage for $base will NOT be ";
echo "available, because a2x doesn't appear to be installed!";
echo "a2x is installed, but some required docbook support files are";
echo "missing. Please install docbook-xsl and docbook-xml (Debian)";
echo "or similar.";
echo;
echo "==================================";
exit 1;
fi
fi
touch $output; \

2
doc/spec/proposals/000-index.txt
View File

@ -90,6 +90,7 @@ Proposals by number:
167 Vote on network parameters in consensus [CLOSED]
168 Reduce default circuit window [OPEN]
169 Eliminate TLS renegotiation for the Tor connection handshake [DRAFT]
170 Configuration options regarding circuit building [DRAFT]
Proposals by status:
@ -101,6 +102,7 @@ Proposals by status:
141 Download server descriptors on demand
144 Increase the diversity of circuits by detecting nodes belonging the same provider
169 Eliminate TLS renegotiation for the Tor connection handshake [for 0.2.2]
170 Configuration options regarding circuit building
NEEDS-REVISION:
131 Help users to verify they are using Tor
OPEN:

95
doc/spec/proposals/170-user-path-config.txt Normal file
View File

@ -0,0 +1,95 @@
Title: Configuration options regarding circuit building
Filename: 170-user-path-config.txt
Author: Sebastian Hahn
Created: 01-March-2010
Status: Draft
Overview:
This document outlines how Tor handles the user configuration
options to influence the circuit building process.
Motivation:
Tor's treatment of the configuration *Nodes options was surprising
to many users, and quite a few conspiracy theories have crept up. We
should update our specification and code to better describe and
communicate what is going during circuit building, and how we're
honoring configuration. So far, we've been tracking a bugreport
about this behaviour (
https://bugs.torproject.org/flyspray/index.php?do=details&id=1090 )
and Nick replied in a thread on or-talk (
http://archives.seul.org/or/talk/Feb-2010/msg00117.html ).
This proposal tries to document our intention for those configuration
options.
Design:
Five configuration options are available to users to influence Tor's
circuit building. EntryNodes and ExitNodes define a list of nodes
that are for the Entry/Exit position in all circuits. ExcludeNodes
is a list of nodes that are used for no circuit, and
ExcludeExitNodes is a list of nodes that aren't used as the last
hop. StrictNodes defines Tor's behaviour in case of a conflict, for
example when a node that is excluded is the only available
introduction point. Setting StrictNodes to 1 breaks Tor's
functionality in that case, and it will refuse to build such a
circuit.
Neither Nick's email nor bug 1090 have clear suggestions how we
should behave in each case, so I tried to come up with something
that made sense to me.
Security implications:
Deviating from normal circuit building can break one's anonymity, so
the documentation of the above option should contain a warning to
make users aware of the pitfalls.
Specification:
It is proposed that the "User configuration" part of path-spec
(section 2.2.2) be replaced with this:
Users can alter the default behavior for path selection with
configuration options. In case of conflicts (excluding and requiring
the same node) the "StrictNodes" option is used to determine
behaviour. If a nodes is both excluded and required via a
configuration option, the exclusion takes preference.
- If "ExitNodes" is provided, then every request requires an exit
node on the ExitNodes list. If a request is supported by no nodes
on that list, and "StrictNodes" is false, then Tor treats that
request as if ExitNodes were not provided.
- "EntryNodes" behaves analogously.
- If "ExcludeNodes" is provided, then no circuit uses any of the
nodes listed. If a circuit requires an excluded node to be used,
and "StrictNodes" is false, then Tor uses the node in that
position while not using any other of the excluded nodes.
- If "ExcludeExitNodes" is provided, then Tor will not use the nodes
listed for the exit position in a circuit. If a circuit requires
an excluded node to be used in the exit position and "StrictNodes"
is false, then Tor builds that circuit as if ExcludeExitNodes were
not provided.
- If a user tries to connect to or resolve a hostname of the form
<target>.<servername>.exit and the "AllowDotExit" configuration
option is set to 1, the request is rewritten to a request for
<target>, and the request is only supported by the exit whose
nickname or fingerprint is <servername>. If "AllowDotExit" is set
to 0 (default), any request for <anything>.exit is denied.
- When any of the *Nodes settings are changed, all circuits are
expired immediately, to prevent a situation where a previously
built circuit is used even though some of its nodes are now
excluded.
Compatibility:
The old Strict*Nodes options are deprecated, and the StrictNodes
option is new. Tor users may need to update their configuration file.

2
src/or/config.c
View File

@ -2221,7 +2221,7 @@ resolve_my_address(int warn_severity, or_options_t *options,
if (tor_inet_aton(hostname, &in) == 0) {
/* then we have to resolve it */
explicit_ip = 0;
if (!tor_lookup_hostname(hostname, &addr)) {
if (tor_lookup_hostname(hostname, &addr)) {
uint32_t interface_ip;
if (explicit_hostname) {

12
src/or/routerlist.c
View File

@ -1574,10 +1574,10 @@ smartlist_choose_by_bandwidth_weights(smartlist_t *sl,
rule == WEIGHT_FOR_MID ||
rule == WEIGHT_FOR_DIR);
if (!sl || smartlist_len(sl) == 0) {
if (smartlist_len(sl) == 0) {
log_info(LD_CIRC,
"Empty routerlist passed in to node selection for rule %d",
rule);
"Empty routerlist passed in to consensus weight node "
"selection for rule %d", rule);
return NULL;
}
@ -1781,9 +1781,9 @@ smartlist_choose_by_bandwidth(smartlist_t *sl, bandwidth_weight_rule_t rule,
rule == WEIGHT_FOR_EXIT ||
rule == WEIGHT_FOR_GUARD);
if (!sl || smartlist_len(sl) == 0) {
log_warn(LD_CIRC,
"Empty routerlist passed in to node selection for rule %d",
if (smartlist_len(sl) == 0) {
log_info(LD_CIRC,
"Empty routerlist passed in to old node selection for rule %d",
rule);
return NULL;
}