From 6249b0fd7757293876549c58c6cfe351d44a1d11 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Tue, 28 Jul 2009 18:34:35 -0400 Subject: [PATCH 01/37] Fix a signed/unsigned compile warning in 0.2.1.19 --- ChangeLog | 5 +++++ src/or/config.c | 8 ++++---- src/or/or.h | 4 ++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index ed76e22f95..4fb38cf22f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +Changes in version 0.2.1.20 - 2009-??-?? + o Minor bugfixes: + - Fix a signed/unsigned compile warning in 0.2.1.19. + + Changes in version 0.2.1.19 - 2009-07-28 o Major bugfixes: - Make accessing hidden services on 0.2.1.x work right diff --git a/src/or/config.c b/src/or/config.c index 3f45b1e5e2..fa986a6fc2 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1224,10 +1224,10 @@ options_need_geoip_info(or_options_t *options, const char **reason_out) /** Return the bandwidthrate that we are going to report to the authorities * based on the config options. */ -int +uint32_t get_effective_bwrate(or_options_t *options) { - int bw = (int)options->BandwidthRate; + uint32_t bw = (int)options->BandwidthRate; if (bw > options->MaxAdvertisedBandwidth) bw = (int)options->MaxAdvertisedBandwidth; if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate) @@ -1237,10 +1237,10 @@ get_effective_bwrate(or_options_t *options) /** Return the bandwidthburst that we are going to report to the authorities * based on the config options. */ -int +uint32_t get_effective_bwburst(or_options_t *options) { - int bw = (int)options->BandwidthBurst; + uint32_t bw = (int)options->BandwidthBurst; if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst) bw = (int)options->RelayBandwidthBurst; return bw; diff --git a/src/or/or.h b/src/or/or.h index 1dcff28d6d..319b3a9d10 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2926,8 +2926,8 @@ int options_need_geoip_info(or_options_t *options, const char **reason_out); int getinfo_helper_config(control_connection_t *conn, const char *question, char **answer); -int get_effective_bwrate(or_options_t *options); -int get_effective_bwburst(or_options_t *options); +uint32_t get_effective_bwrate(or_options_t *options); +uint32_t get_effective_bwburst(or_options_t *options); #ifdef CONFIG_PRIVATE /* Used only by config.c and test.c */ From 6a960d515f35433344fc65ffdf4d58334bb33c3f Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Tue, 28 Jul 2009 20:44:51 -0400 Subject: [PATCH 02/37] credit optimist for the bug 1038 diagnosis also bring the release notes up to date --- ChangeLog | 14 ++++++++++++-- ReleaseNotes | 31 +++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4fb38cf22f..132c81597f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,9 +4,13 @@ Changes in version 0.2.1.20 - 2009-??-?? Changes in version 0.2.1.19 - 2009-07-28 + Tor 0.2.1.19 fixes a major bug with accessing and providing hidden + services on Tor 0.2.1.3-alpha through 0.2.1.18. + o Major bugfixes: - - Make accessing hidden services on 0.2.1.x work right - again. Bugfix on 0.2.1.3-alpha; workaround for bug 1038. + - Make accessing hidden services on 0.2.1.x work right again. + Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and + part of patch provided by "optimist". o Minor features: - When a relay/bridge is writing out its identity key fingerprint to @@ -25,6 +29,12 @@ Changes in version 0.2.1.19 - 2009-07-28 Changes in version 0.2.1.18 - 2009-07-24 + Tor 0.2.1.18 lays the foundations for performance improvements, + adds status events to help users diagnose bootstrap problems, adds + optional authentication/authorization for hidden services, fixes a + variety of potential anonymity problems, and includes a huge pile of + other features and bug fixes. + o Build fixes: - Add LIBS=-lrt to Makefile.am so the Tor RPMs use a static libevent. diff --git a/ReleaseNotes b/ReleaseNotes index f4e1a00cfb..bd2e3090a3 100644 --- a/ReleaseNotes +++ b/ReleaseNotes @@ -3,7 +3,38 @@ This document summarizes new features and bugfixes in each stable release of Tor. If you want to see more detailed descriptions of the changes in each development snapshot, see the ChangeLog file. +Changes in version 0.2.1.19 - 2009-07-28 + Tor 0.2.1.19 fixes a major bug with accessing and providing hidden + services. + + o Major bugfixes: + - Make accessing hidden services on 0.2.1.x work right again. + Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and + part of patch provided by "optimist". + + o Minor features: + - When a relay/bridge is writing out its identity key fingerprint to + the "fingerprint" file and to its logs, write it without spaces. Now + it will look like the fingerprints in our bridges documentation, + and confuse fewer users. + + o Minor bugfixes: + - Relays no longer publish a new server descriptor if they change + their MaxAdvertisedBandwidth config option but it doesn't end up + changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc; + fixes bug 1026. Patch from Sebastian. + - Avoid leaking memory every time we get a create cell but we have + so many already queued that we refuse it. Bugfix on 0.2.0.19-alpha; + fixes bug 1034. Reported by BarkerJr. + + Changes in version 0.2.1.18 - 2009-07-24 + Tor 0.2.1.18 lays the foundations for performance improvements, + adds status events to help users diagnose bootstrap problems, adds + optional authentication/authorization for hidden services, fixes a + variety of potential anonymity problems, and includes a huge pile of + other features and bug fixes. + o Major features (clients): - Start sending "bootstrap phase" status events to the controller, so it can keep the user informed of progress fetching directory From 4577bda7669885c077624f99657520b7b0f6f96b Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 30 Jul 2009 10:14:12 -0400 Subject: [PATCH 03/37] Cleaner fix for get_effective_bw(rate|burst), with comment on why it is ok. --- src/or/config.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/or/config.c b/src/or/config.c index fa986a6fc2..603f1b606d 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -1227,12 +1227,14 @@ options_need_geoip_info(or_options_t *options, const char **reason_out) uint32_t get_effective_bwrate(or_options_t *options) { - uint32_t bw = (int)options->BandwidthRate; + uint64_t bw = options->BandwidthRate; if (bw > options->MaxAdvertisedBandwidth) - bw = (int)options->MaxAdvertisedBandwidth; + bw = options->MaxAdvertisedBandwidth; if (options->RelayBandwidthRate > 0 && bw > options->RelayBandwidthRate) - bw = (int)options->RelayBandwidthRate; - return bw; + bw = options->RelayBandwidthRate; + + /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */ + return (uint32_t)bw; } /** Return the bandwidthburst that we are going to report to the authorities @@ -1240,10 +1242,11 @@ get_effective_bwrate(or_options_t *options) uint32_t get_effective_bwburst(or_options_t *options) { - uint32_t bw = (int)options->BandwidthBurst; + uint64_t bw = options->BandwidthBurst; if (options->RelayBandwidthBurst > 0 && bw > options->RelayBandwidthBurst) - bw = (int)options->RelayBandwidthBurst; - return bw; + bw = options->RelayBandwidthBurst; + /* ensure_bandwidth_cap() makes sure that this cast can't overflow. */ + return (uint32_t)bw; } /** Fetch the active option list, and take actions based on it. All of the From fe36f69ce8e87dba51385e191c2a266578baa810 Mon Sep 17 00:00:00 2001 From: Karsten Loesing Date: Sat, 1 Aug 2009 11:36:51 +0200 Subject: [PATCH 04/37] Make configuration of hidden services with authorization somewhat clearer. --- doc/tor.1.in | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/doc/tor.1.in b/doc/tor.1.in index d85747958b..1a72ebd09f 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -476,13 +476,15 @@ used when \fBFascistFirewall\fR is set. This option is deprecated; use ReachableAddresses instead. (Default: 80, 443) .LP .TP -\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP \fIservice-name\fR +\fBHidServAuth \fR\fIonion-address\fR \fIauth-cookie\fP [\fIservice-name\fR] Client authorization for a hidden service. Valid onion addresses contain 16 characters in a-z2-7 plus ".onion", and valid auth cookies contain 22 characters in A-Za-z0-9+/. The service name is only used for internal purposes, e.g., for Tor controllers. This option may be used multiple times for different hidden services. If a hidden service uses authorization and -this option is not set, the hidden service is not accessible. +this option is not set, the hidden service is not accessible. Hidden +services can be configured to require authorization using the +\fBHiddenServiceAuthorizeClient\fR option. .LP .TP \fBReachableAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP][:\fIPORT\fP]...\fP @@ -1305,7 +1307,8 @@ listed here are authorized to access the hidden service. Valid client names are 1 to 19 characters long and only use characters in A-Za-z0-9+-_ (no spaces). If this option is set, the hidden service is not accessible for clients without authorization any more. Generated authorization data -can be found in the hostname file. +can be found in the hostname file. Clients need to put this authorization +data in their configuration file using \fBHidServAuth\fR. .LP .TP \fBRendPostPeriod \fR\fIN\fR \fBseconds\fR|\fBminutes\fR|\fBhours\fR|\fBdays\fR|\fBweeks\fP From 0d12f12cf59cf8f16b89cd0397e189121c01b2ab Mon Sep 17 00:00:00 2001 From: Andrew Lewman Date: Sat, 1 Aug 2009 22:41:29 -0400 Subject: [PATCH 05/37] add receipts to be wiped. --- contrib/osx/uninstall_tor_bundle.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/osx/uninstall_tor_bundle.sh b/contrib/osx/uninstall_tor_bundle.sh index 9089407edb..b7c439429e 100755 --- a/contrib/osx/uninstall_tor_bundle.sh +++ b/contrib/osx/uninstall_tor_bundle.sh @@ -134,7 +134,7 @@ fi ## clean up echo ". Cleaning up" rm -rf $TEMP_BOM_CONTENTS -rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/ +rm -rf /Library/Privoxy/ /Library/StartupItems/Privoxy/ /Library/Tor/ /Library/StartupItems/Tor/ /Library/Torbutton/ /Library/Receipts/Privoxy.pkg /Library/Receipts/torbutton.pkg /Library/Receipts/Tor.pkg /Library/Receipts/Vidalia.pkg /Library/Receipts/TorStartup.pkg echo ". Finished" From 431202fb63af6ed872a4a7539bb1073c09cd7061 Mon Sep 17 00:00:00 2001 From: Andrew Lewman Date: Mon, 3 Aug 2009 12:40:43 -0400 Subject: [PATCH 06/37] add geoip file to uninstall --- contrib/tor-mingw.nsi.in | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index 053c142159..eccf41984a 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -216,6 +216,7 @@ Function un.InstallFiles Delete "$INSTDIR\tor.ico" Delete "$SMSTARTUP\Tor.lnk" Delete "$INSTDIR\Uninstall.exe" + Delete "$INSTDIR\geoip" FunctionEnd Function un.InstallDirectories From 8abe3bac7e66a5ef3f0d3275159e0012ccd7212f Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 10 Aug 2009 01:32:51 -0400 Subject: [PATCH 07/37] Set up urras as the seventh v3 directory authority. --- ChangeLog | 4 ++++ src/or/config.c | 2 ++ 2 files changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 132c81597f..9e3cd84f50 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,8 @@ Changes in version 0.2.1.20 - 2009-??-?? + o New directory authorities: + - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory + authority. + o Minor bugfixes: - Fix a signed/unsigned compile warning in 0.2.1.19. diff --git a/src/or/config.c b/src/or/config.c index 603f1b606d..84146c1063 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -921,6 +921,8 @@ add_default_trusted_dir_authorities(authority_type_t type) "dannenberg orport=443 no-v2 " "v3ident=585769C78764D58426B8B52B6651A5A71137189A " "213.73.91.31:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123", + "urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C " + "208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417", NULL }; for (i=0; dirservers[i]; i++) { From e53ee805a92e5e8f8afc8aa512d33464be710733 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 10 Aug 2009 03:06:56 -0400 Subject: [PATCH 08/37] directory-archive scripts now fetch from urras too --- contrib/directory-archive/fetch-all-v3 | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/directory-archive/fetch-all-v3 b/contrib/directory-archive/fetch-all-v3 index 02b3d5d9e8..a4746e02cf 100755 --- a/contrib/directory-archive/fetch-all-v3 +++ b/contrib/directory-archive/fetch-all-v3 @@ -35,6 +35,7 @@ DIRSERVERS="$DIRSERVERS 80.190.246.100:80" # gabelmoo DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum #DIRSERVERS="$DIRSERVERS 128.31.0.34:9032" # moria2 DIRSERVERS="$DIRSERVERS 213.73.91.31:80" # dannenberg +DIRSERVERS="$DIRSERVERS 208.83.223.34:443" # urras TIME=$(date "+%Y%m%d-%H%M%S") . fetch-all-functions From e50b7768b94bbcccef77be255920e3aac80a9555 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 10 Aug 2009 04:13:18 -0400 Subject: [PATCH 09/37] Send sendmes when we're down 100 cells, not 101. Send circuit or stream sendme cells when our window has decreased by 100 cells, not when it has decreased by 101 cells. Bug uncovered by Karsten when testing the "reduce circuit window" performance patch. Bugfix on the 54th commit on Tor -- from July 2002, before the release of Tor 0.0.0. This is the new winner of the oldest-bug prize. --- ChangeLog | 8 ++++++++ src/or/relay.c | 4 ++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9e3cd84f50..994ff4c7b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,12 @@ Changes in version 0.2.1.20 - 2009-??-?? + o Major bugfixes: + - Send circuit or stream sendme cells when our window has decreased + by 100 cells, not when it has decreased by 101 cells. Bug uncovered + by Karsten when testing the "reduce circuit window" performance + patch. Bugfix on the 54th commit on Tor -- from July 2002, + before the release of Tor 0.0.0. This is the new winner of the + oldest-bug prize. + o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory authority. diff --git a/src/or/relay.c b/src/or/relay.c index 3419e3d190..b26c582b82 100644 --- a/src/or/relay.c +++ b/src/or/relay.c @@ -1358,7 +1358,7 @@ connection_edge_consider_sending_sendme(edge_connection_t *conn) return; } - while (conn->deliver_window < STREAMWINDOW_START - STREAMWINDOW_INCREMENT) { + while (conn->deliver_window <= STREAMWINDOW_START - STREAMWINDOW_INCREMENT) { log_debug(conn->cpath_layer?LD_APP:LD_EXIT, "Outbuf %d, Queuing stream sendme.", (int)conn->_base.outbuf_flushlen); @@ -1472,7 +1472,7 @@ circuit_consider_sending_sendme(circuit_t *circ, crypt_path_t *layer_hint) { // log_fn(LOG_INFO,"Considering: layer_hint is %s", // layer_hint ? "defined" : "null"); - while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) < + while ((layer_hint ? layer_hint->deliver_window : circ->deliver_window) <= CIRCWINDOW_START - CIRCWINDOW_INCREMENT) { log_debug(LD_CIRC,"Queuing circuit sendme."); if (layer_hint) From a98643c1b5a39764204fcf6835a8b2bee670581d Mon Sep 17 00:00:00 2001 From: Karsten Loesing Date: Tue, 11 Aug 2009 17:33:58 +0200 Subject: [PATCH 10/37] Fix possible segmentation fault on directory authorities. The more verbose logs that were added in ee58153 also include a string that might not have been initialized. This can lead to segfaults, e.g., when setting up private Tor networks. Initialize this string with NULL. --- ChangeLog | 2 ++ src/or/dirserv.c | 7 ++++--- src/or/router.c | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 994ff4c7b3..d64423426e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,8 @@ Changes in version 0.2.1.20 - 2009-??-?? o Minor bugfixes: - Fix a signed/unsigned compile warning in 0.2.1.19. + - Fix possible segmentation fault on directory authorities. Bugfix on + 0.2.1.14-rc. Changes in version 0.2.1.19 - 2009-07-28 diff --git a/src/or/dirserv.c b/src/or/dirserv.c index a64a01bb80..349e383ab5 100644 --- a/src/or/dirserv.c +++ b/src/or/dirserv.c @@ -652,8 +652,8 @@ dirserv_add_multiple_descriptors(const char *desc, uint8_t purpose, /** Examine the parsed server descriptor in ri and maybe insert it into * the list of server descriptors. Set *msg to a message that should be - * passed back to the origin of this descriptor. Use source to produce - * better log messages. + * passed back to the origin of this descriptor, or NULL if there is no such + * message. Use source to produce better log messages. * * Return the status of the operation * @@ -667,6 +667,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) routerinfo_t *ri_old; char *desc, *nickname; size_t desclen = 0; + *msg = NULL; /* If it's too big, refuse it now. Otherwise we'll cache it all over the * network and it'll clog everything up. */ @@ -718,7 +719,7 @@ dirserv_add_descriptor(routerinfo_t *ri, const char **msg, const char *source) control_event_or_authdir_new_descriptor("REJECTED", desc, desclen, *msg); log_info(LD_DIRSERV, "Did not add descriptor from '%s' (source: %s): %s.", - nickname, source, *msg); + nickname, source, *msg ? *msg : "(no message)"); } else { smartlist_t *changed; control_event_or_authdir_new_descriptor("ACCEPTED", desc, desclen, *msg); diff --git a/src/or/router.c b/src/or/router.c index 859a1e805a..f0a1e40743 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -544,7 +544,7 @@ init_keys(void) /* Must be called after keys are initialized. */ mydesc = router_get_my_descriptor(); if (authdir_mode(options)) { - const char *m; + const char *m = NULL; routerinfo_t *ri; /* We need to add our own fingerprint so it gets recognized. */ if (dirserv_add_own_fingerprint(options->Nickname, get_identity_key())) { From c9b8a4a133780cb2ab3847292284a6e9292b70d1 Mon Sep 17 00:00:00 2001 From: Andrew Lewman Date: Thu, 13 Aug 2009 21:13:09 -0400 Subject: [PATCH 11/37] update fetch-all with dir auth --- contrib/directory-archive/fetch-all | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/directory-archive/fetch-all b/contrib/directory-archive/fetch-all index fabcbb8bc4..dfa5a1b3e5 100755 --- a/contrib/directory-archive/fetch-all +++ b/contrib/directory-archive/fetch-all @@ -30,8 +30,8 @@ DIRSERVERS="" DIRSERVERS="$DIRSERVERS 86.59.21.38:80" # tor26 DIRSERVERS="$DIRSERVERS 128.31.0.34:9031" # moria1 DIRSERVERS="$DIRSERVERS 128.31.0.34:9032" # moria2 -#DIRSERVERS="$DIRSERVERS 140.247.60.64:80" # lefkada DIRSERVERS="$DIRSERVERS 194.109.206.212:80" # dizum + DATEDIR=$(date "+%Y/%m/%d") TIME=$(date "+%Y%m%d-%H%M%S") From 9d11827780d15d8b398d8ce6b04110a4dea5e980 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 20 Aug 2009 11:51:34 -0400 Subject: [PATCH 12/37] Fix a rare infinite-recursion bug when shutting down. Once we had called log_free_all(), anything that tried to log a message (like a failed tor_assert()) would fail like this: 1. The logging call eventually invokes the _log() function. 2. _log() calls tor_mutex_lock(log_mutex). 3. tor_mutex_lock(m) calls tor_assert(m). 4. Since we freed the log_mutex, tor_assert() fails, and tries to log its failure. 5. GOTO 1. Now we allocate the mutex statically, and never destroy it on shutdown. Bugfix on 0.2.0.16-alpha, which introduced the log mutex. This bug was found by Matt Edman. --- ChangeLog | 3 +++ src/common/log.c | 18 +++++++++++------- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index d64423426e..842f05c1c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ Changes in version 0.2.1.20 - 2009-??-?? - Fix a signed/unsigned compile warning in 0.2.1.19. - Fix possible segmentation fault on directory authorities. Bugfix on 0.2.1.14-rc. + - Fix an extremely infinite recursion bug that could occur if we tried + to log a message after shutting down the log subsystem. Found by Matt + Edman. Bugfix on 0.2.0.16-alpha. Changes in version 0.2.1.19 - 2009-07-28 diff --git a/src/common/log.c b/src/common/log.c index a7b0c12c4a..ea09fca167 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -94,7 +94,8 @@ should_log_function_name(log_domain_mask_t domain, int severity) } /** A mutex to guard changes to logfiles and logging. */ -static tor_mutex_t *log_mutex = NULL; +static tor_mutex_t log_mutex; +static int log_mutex_initialized = 0; /** Linked list of logfile_t. */ static logfile_t *logfiles = NULL; @@ -105,9 +106,9 @@ static int syslog_count = 0; #endif #define LOCK_LOGS() STMT_BEGIN \ - tor_mutex_acquire(log_mutex); \ + tor_mutex_acquire(&log_mutex); \ STMT_END -#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(log_mutex); STMT_END +#define UNLOCK_LOGS() STMT_BEGIN tor_mutex_release(&log_mutex); STMT_END /** What's the lowest log level anybody cares about? Checking this lets us * bail out early from log_debug if we aren't debugging. */ @@ -448,8 +449,9 @@ logs_free_all(void) log_free(victim); } tor_free(appname); - tor_mutex_free(log_mutex); - log_mutex = NULL; + + /* We _could_ destroy the log mutex here, but that would screw up any logs + * that happened between here and the end of execution. */ } /** Remove and free the log entry victim from the linked-list @@ -545,8 +547,10 @@ add_stream_log(const log_severity_list_t *severity, void init_logging(void) { - if (!log_mutex) - log_mutex = tor_mutex_new(); + if (!log_mutex_initialized) { + tor_mutex_init(&log_mutex); + log_mutex_initialized = 1; + } } /** Add a log handler to receive messages during startup (before the real From 25f9e20a1c10aae6bf5b43a25c668b7295a64525 Mon Sep 17 00:00:00 2001 From: phobos Date: Tue, 25 Aug 2009 15:58:25 -0400 Subject: [PATCH 13/37] update osx-dmg creation directions for the new methods --- doc/tor-osx-dmg-creation.txt | 119 +++++++++++++++++++++++++---------- 1 file changed, 85 insertions(+), 34 deletions(-) diff --git a/doc/tor-osx-dmg-creation.txt b/doc/tor-osx-dmg-creation.txt index 6728e24ae8..9a89e98759 100644 --- a/doc/tor-osx-dmg-creation.txt +++ b/doc/tor-osx-dmg-creation.txt @@ -1,24 +1,103 @@ ## Instructions for building the official dmgs for OSX. ## +## The loose table of contents: +## Summary +## Single Architecture Binaries for PPC or X86, not both. +## Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X. +## Universal Binaries for OSX PPC and X86 +## Each section is delineated by ###. The following steps are the exact steps used to produce the "official" OSX builds of tor. -Summary: +### Summary: 1) Compile and install a static version of the latest release of libevent. 2) Acquire and install your preferred version of tor. Extract. 3) "make dist-osx" 4) You now have a dmg from which you can install Tor. -## Universal Binaries for OSX PPC and X86 -## This method works in OSX 10.4 (Tiger) and newer OSX versions. -## See far below if you don't care about cross compiling for PPC and X86. -## The single architecture process starts with "###" +### Single Architecture Binaries for PPC or X86, not both. +### This method works in all versions of OSX 10.3 through 10.6 + +## Compiling libevent ## + +1) Download the latest stable libevent from +http://www.monkey.org/~provos/libevent/ + +2) The first step of compiling libevent is to configure it as +follows: + ./configure --enable-static --disable-shared + +3) Complete the "make" and "make install". You will need to be root, +or sudo -s, to complete the "make install". + +## Compiling Tor ## + +4) Get your preferred version of the tor source from https://www.torproject.org. Extract the +tarball. + +5) In the top level, this means /path/to/tor/, not tor/contrib/osx, +do a configure with these parameters: + CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \ + --bindir=/Library/Tor --sysconfdir=/Library + +6) In same top level dir, do a "make dist-osx". There now exists a +.dmg file in the same directory. Install from this dmg. + +### Backwards compatible single-architecture binaries for OSX x86 10.4 from newer versions of OS X. 1) Install the latest XCode updates available from http://developer.apple.com. -## Compiling libevent +## Compiling libevent ## + +2) Download latest stable libevent from +http://www.monkey.org/~provos/libevent/ + +3) The first step of compiling libevent is to configure it as +follows: +CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \ +LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \ +./configure --enable-static --disable-shared --disable-dependency-tracking + +4) Complete the "make" and "make install". You will need to be root, +or sudo -s, to complete the "make install". + +5) Check for a successful universal binary of libevent.a in, by default, +/usr/local/lib by using the following command: + "file /usr/local/lib/libevent.a" + + Your output should be: +/usr/local/lib/libevent.a (for architecture i386): current ar archive random library + +6) Get your preferred version of the tor source from https://www.torproject.org/download. +Extract the tarball. + +7) In the top level, this means /path/to/tor/, not tor/contrib/osx, +do a configure with these parameters: +CFLAGS="-O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386" \ +LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk" \ +CONFDIR=/Library/Tor \ +./configure --prefix=/Library/Tor --bindir=/Library/Tor \ +--sysconfdir=/Library --disable-dependency-tracking + +8) "make dist-osx" + +9) Confirm you have created a universal binary by issuing the follow command: +"file src/or/tor". Its output should be as follows: +src/or/tor (for architecture i386): Mach-O executable i386 + +10) There should exist in the top-level directory a +Tor-$VERSION-universal-Bundle.dmg + +11) Congrats. You have a backwards-compatible binary. You are now ready to install Tor. + +### Universal Binaries for OSX PPC and X86 +### This method works in OSX 10.4 (Tiger) and newer OSX versions. + +1) Install the latest XCode updates available from http://developer.apple.com. + +## Compiling libevent ## 2) Download latest stable libevent from http://www.monkey.org/~provos/libevent/ @@ -64,31 +143,3 @@ src/or/tor (for architecture ppc): Mach-O executable ppc Tor-$VERSION-universal-Bundle.dmg 11) Congrats. You have a universal binary. You are now ready to install Tor. - -### Single Architecture Binaries for PPC or X86, not both. -### This method works in all versions of OSX 10.3 through 10.5 - -### Compiling libevent - -1) Download the latest stable libevent from -http://www.monkey.org/~provos/libevent/ - -2) The first step of compiling libevent is to configure it as -follows: - ./configure --enable-static --disable-shared - -3) Complete the "make" and "make install". You will need to be root, -or sudo -s, to complete the "make install". - -### Compiling Tor - -4) Get your preferred version of the tor source from https://www.torproject.org. Extract the -tarball. - -5) In the top level, this means /path/to/tor/, not tor/contrib/osx, -do a configure with these parameters: - CONFDIR=/Library/Tor ./configure --prefix=/Library/Tor \ - --bindir=/Library/Tor --sysconfdir=/Library - -6) In same top level dir, do a "make dist-osx". There now exists a -.dmg file in the same directory. Install from this dmg. From 127069f3d2b739dfc50b04ad982c2a7a2764f1a7 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 26 Aug 2009 14:11:53 -0400 Subject: [PATCH 14/37] nobody forward-ported the 0.2.0.35 changelog --- ChangeLog | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/ChangeLog b/ChangeLog index 842f05c1c4..fb0383c466 100644 --- a/ChangeLog +++ b/ChangeLog @@ -114,6 +114,37 @@ Changes in version 0.2.1.17-rc - 2009-07-07 further bugs for relays on dynamic IP addresses. +Changes in version 0.2.0.35 - 2009-06-24 + o Security fix: + - Avoid crashing in the presence of certain malformed descriptors. + Found by lark, and by automated fuzzing. + - Fix an edge case where a malicious exit relay could convince a + controller that the client's DNS question resolves to an internal IP + address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta. + + o Major bugfixes: + - Finally fix the bug where dynamic-IP relays disappear when their + IP address changes: directory mirrors were mistakenly telling + them their old address if they asked via begin_dir, so they + never got an accurate answer about their new address, so they + just vanished after a day. For belt-and-suspenders, relays that + don't set Address in their config now avoid using begin_dir for + all direct connections. Should fix bugs 827, 883, and 900. + - Fix a timing-dependent, allocator-dependent, DNS-related crash bug + that would occur on some exit nodes when DNS failures and timeouts + occurred in certain patterns. Fix for bug 957. + + o Minor bugfixes: + - When starting with a cache over a few days old, do not leak + memory for the obsolete router descriptors in it. Bugfix on + 0.2.0.33; fixes bug 672. + - Hidden service clients didn't use a cached service descriptor that + was older than 15 minutes, but wouldn't fetch a new one either, + because there was already one in the cache. Now, fetch a v2 + descriptor unless the same descriptor was added to the cache within + the last 15 minutes. Fixes bug 997; reported by Marcus Griep. + + Changes in version 0.2.1.16-rc - 2009-06-20 Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes a bunch of minor bugs. From d52284559b7e06521cff2c7e8f3c710922b73dc6 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Thu, 27 Aug 2009 21:54:41 -0400 Subject: [PATCH 15/37] extremely infinite? who talks like that? --- ChangeLog | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fb0383c466..85c8321eb7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,9 +15,9 @@ Changes in version 0.2.1.20 - 2009-??-?? - Fix a signed/unsigned compile warning in 0.2.1.19. - Fix possible segmentation fault on directory authorities. Bugfix on 0.2.1.14-rc. - - Fix an extremely infinite recursion bug that could occur if we tried - to log a message after shutting down the log subsystem. Found by Matt - Edman. Bugfix on 0.2.0.16-alpha. + - Fix an extremely rare infinite recursion bug that could occur if + we tried to log a message after shutting down the log subsystem. + Found by Matt Edman. Bugfix on 0.2.0.16-alpha. Changes in version 0.2.1.19 - 2009-07-28 From 64f393d56f8ff58223db56f3b8e64f0074877616 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Fri, 28 Aug 2009 03:42:09 -0400 Subject: [PATCH 16/37] Only send netinfo clock_skew to controller if an authority told us so We were triggering a CLOCK_SKEW controller status event whenever we connect via the v2 connection protocol to any relay that has a wrong clock. Instead, we should only inform the controller when it's a trusted authority that claims our clock is wrong. Bugfix on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit. --- ChangeLog | 5 +++++ doc/spec/control-spec.txt | 20 +++++++++++++------- src/or/command.c | 8 +++++--- 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 85c8321eb7..34ba6a7168 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,11 @@ Changes in version 0.2.1.20 - 2009-??-?? - Fix an extremely rare infinite recursion bug that could occur if we tried to log a message after shutting down the log subsystem. Found by Matt Edman. Bugfix on 0.2.0.16-alpha. + - We were triggering a CLOCK_SKEW controller status event whenever + we connect via the v2 connection protocol to any relay that has + a wrong clock. Instead, we should only inform the controller when + it's a trusted authority that claims our clock is wrong. Bugfix + on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit. Changes in version 0.2.1.19 - 2009-07-28 diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt index 576c5dcd53..0cc3bb2928 100644 --- a/doc/spec/control-spec.txt +++ b/doc/spec/control-spec.txt @@ -1255,20 +1255,26 @@ $Id$ CLOCK_SKEW SKEW="+" / "-" SECONDS MIN_SKEW="+" / "-" SECONDS. - SOURCE="DIRSERV:IP:Port" / "NETWORKSTATUS:IP:PORT" / "CONSENSUS" + SOURCE="DIRSERV:" IP ":" Port / + "NETWORKSTATUS:" IP ":" Port / + "OR:" IP ":" Port / + "CONSENSUS" If "SKEW" is present, it's an estimate of how far we are from the time declared in the source. (In other words, if we're an hour in the past, the value is -3600.) "MIN_SKEW" is present, it's a lower bound. If the source is a DIRSERV, we got the current time from a connection to a dirserver. If the source is a NETWORKSTATUS, we decided we're skewed because we got a v2 networkstatus from far in - the future. If the source is CONSENSUS, we decided we're skewed - because we got a networkstatus consensus from the future. + the future. If the source is OR, the skew comes from a NETINFO + cell from a connection to another relay. If the source is + CONSENSUS, we decided we're skewed because we got a networkstatus + consensus from the future. - {Controllers may want to warn the user if the skew is high, or if - multiple skew messages appear at severity WARN. Controllers - shouldn't blindly adjust the clock, since the more accurate source - of skew info (DIRSERV) is currently unauthenticated.} + {Tor should send this message to controllers when it thinks the + skew is so high that it will interfere with proper Tor operation. + Controllers shouldn't blindly adjust the clock, since the more + accurate source of skew info (DIRSERV) is currently + unauthenticated.} BAD_LIBEVENT "METHOD=" libevent method diff --git a/src/or/command.c b/src/or/command.c index c36874be5c..98f093a72b 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -610,9 +610,11 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn) conn->_base.address, (int)conn->_base.port, apparent_skew>0 ? "ahead" : "behind", dbuf, apparent_skew>0 ? "behind" : "ahead"); - control_event_general_status(LOG_WARN, - "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d", - apparent_skew, conn->_base.address, conn->_base.port); + if (severity == LOG_WARN) /* only tell the controller if an authority */ + control_event_general_status(LOG_WARN, + "CLOCK_SKEW SKEW=%ld SOURCE=OR:%s:%d", + apparent_skew, + conn->_base.address, conn->_base.port); } /* XXX maybe act on my_apparent_addr, if the source is sufficiently From dd8f16beb555b8d46a7d5157743c762fb4a37068 Mon Sep 17 00:00:00 2001 From: Karsten Loesing Date: Sat, 29 Aug 2009 19:41:08 +0200 Subject: [PATCH 17/37] Avoid segfault when accessing hidden service. --- ChangeLog | 3 +++ src/or/rendclient.c | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 34ba6a7168..6282157f1e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ Changes in version 0.2.1.20 - 2009-??-?? a wrong clock. Instead, we should only inform the controller when it's a trusted authority that claims our clock is wrong. Bugfix on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit. + - Avoid segfault in rare cases when finishing an introduction circuit + as a client and finding out that we don't have an introduction key + for it. Fixes bug 1073. Reported by Aaron Swartz. Changes in version 0.2.1.19 - 2009-07-28 diff --git a/src/or/rendclient.c b/src/or/rendclient.c index a5d7c1016e..5e3c20e807 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -94,6 +94,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, } }); if (!intro_key) { + int num_intro_points = smartlist_len(entry->parsed->intro_nodes); if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, 0, &entry) > 0) { log_warn(LD_BUG, "We have both a v0 and a v2 rend desc for this " @@ -109,7 +110,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, } else { log_warn(LD_BUG, "Internal error: could not find intro key; we " "only have a v2 rend desc with %d intro points.", - smartlist_len(entry->parsed->intro_nodes)); + num_intro_points); goto err; } } From ca5e41afd7e3cb164b7c3ac99c8a338a121f682f Mon Sep 17 00:00:00 2001 From: phobos Date: Sun, 30 Aug 2009 20:40:02 -0400 Subject: [PATCH 18/37] update the README instructions and OS X makefiles --- contrib/polipo/Makefile.osx | 10 +++++++--- contrib/polipo/README | 2 ++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/contrib/polipo/Makefile.osx b/contrib/polipo/Makefile.osx index 8e748e2adb..55ed1c62f8 100644 --- a/contrib/polipo/Makefile.osx +++ b/contrib/polipo/Makefile.osx @@ -30,9 +30,13 @@ FILE_DEFINES = -DLOCAL_ROOT=\"$(LOCAL_ROOT)/\" \ DEFINES = $(FILE_DEFINES) $(PLATFORM_DEFINES) -UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc -LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk -CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL) +# Uncomment the UNIVERSAL, LDFLAGS, CFLAGS lines if you want universal binaries, otherwise +# you'll produce a binary only for your architecture and version of OSX +# UNIVERSAL = -O -g -mmacosx-version-min=10.4 -isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc +# LDFLAGS = -Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk +# CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) $(UNIVERSAL) +# If you uncommented the above CFLAGS, remove this next one. +CFLAGS = $(MD5INCLUDES) $(CDEBUGFLAGS) $(DEFINES) $(EXTRA_DEFINES) SRCS = util.c event.c io.c chunk.c atom.c object.c log.c diskcache.c main.c \ config.c local.c http.c client.c server.c auth.c tunnel.c \ diff --git a/contrib/polipo/README b/contrib/polipo/README index 038e354413..e05ab0ceec 100644 --- a/contrib/polipo/README +++ b/contrib/polipo/README @@ -1,4 +1,6 @@ Copyright 2007-2008 Andrew Lewman +Copyright 2009 The Tor Project + ---------------- General Comments ---------------- From 4c297f74f79e0e3d357d20bfc584eccc758d1fd8 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 31 Aug 2009 16:14:41 -0400 Subject: [PATCH 19/37] Only send reachability status events on overall success/failure We were telling the controller about CHECKING_REACHABILITY and REACHABILITY_FAILED status events whenever we launch a testing circuit or notice that one has failed. Instead, only tell the controller when we want to inform the user of overall success or overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported by SwissTorExit. --- ChangeLog | 6 ++++++ src/or/circuitbuild.c | 10 +++++++++- src/or/circuituse.c | 5 ----- src/or/directory.c | 5 ----- src/or/main.c | 13 +++++++++++-- src/or/router.c | 17 ++++++++--------- 6 files changed, 34 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index 34ba6a7168..806d147d99 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,12 @@ Changes in version 0.2.1.20 - 2009-??-?? a wrong clock. Instead, we should only inform the controller when it's a trusted authority that claims our clock is wrong. Bugfix on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit. + - We were telling the controller about CHECKING_REACHABILITY and + REACHABILITY_FAILED status events whenever we launch a testing + circuit or notice that one has failed. Instead, only tell the + controller when we want to inform the user of overall success or + overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported + by SwissTorExit. Changes in version 0.2.1.19 - 2009-07-28 diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index d78981e09b..2d20efae3d 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -527,9 +527,16 @@ inform_testing_reachability(void) routerinfo_t *me = router_get_my_routerinfo(); if (!me) return 0; - if (me->dir_port) + control_event_server_status(LOG_NOTICE, + "CHECKING_REACHABILITY ORADDRESS=%s:%d", + me->address, me->or_port); + if (me->dir_port) { tor_snprintf(dirbuf, sizeof(dirbuf), " and DirPort %s:%d", me->address, me->dir_port); + control_event_server_status(LOG_NOTICE, + "CHECKING_REACHABILITY DIRADDRESS=%s:%d", + me->address, me->dir_port); + } log(LOG_NOTICE, LD_OR, "Now checking whether ORPort %s:%d%s %s reachable... " "(this may take up to %d minutes -- look for log " "messages indicating success)", @@ -537,6 +544,7 @@ inform_testing_reachability(void) me->dir_port ? dirbuf : "", me->dir_port ? "are" : "is", TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT/60); + return 1; } diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 6a54c34397..3acc0e9a74 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -724,17 +724,12 @@ circuit_testing_opened(origin_circuit_t *circ) static void circuit_testing_failed(origin_circuit_t *circ, int at_last_hop) { - routerinfo_t *me = router_get_my_routerinfo(); if (server_mode(get_options()) && check_whether_orport_reachable()) return; - if (!me) - return; log_info(LD_GENERAL, "Our testing circuit (to see if your ORPort is reachable) " "has failed. I'll try again later."); - control_event_server_status(LOG_WARN, "REACHABILITY_FAILED ORADDRESS=%s:%d", - me->address, me->or_port); /* These aren't used yet. */ (void)circ; diff --git a/src/or/directory.c b/src/or/directory.c index 4ab2633022..7fc2fb1bdc 100644 --- a/src/or/directory.c +++ b/src/or/directory.c @@ -554,11 +554,6 @@ void connection_dir_request_failed(dir_connection_t *conn) { if (directory_conn_is_self_reachability_test(conn)) { - routerinfo_t *me = router_get_my_routerinfo(); - if (me) - control_event_server_status(LOG_WARN, - "REACHABILITY_FAILED DIRADDRESS=%s:%d", - me->address, me->dir_port); return; /* this was a test fetch. don't retry. */ } if (entry_list_can_grow(get_options())) diff --git a/src/or/main.c b/src/or/main.c index 60c42aaae3..62335d3421 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1185,17 +1185,26 @@ second_elapsed_callback(int fd, short event, void *args) TIMEOUT_UNTIL_UNREACHABILITY_COMPLAINT) { /* every 20 minutes, check and complain if necessary */ routerinfo_t *me = router_get_my_routerinfo(); - if (me && !check_whether_orport_reachable()) + if (me && !check_whether_orport_reachable()) { log_warn(LD_CONFIG,"Your server (%s:%d) has not managed to confirm that " "its ORPort is reachable. Please check your firewalls, ports, " "address, /etc/hosts file, etc.", me->address, me->or_port); - if (me && !check_whether_dirport_reachable()) + control_event_server_status(LOG_WARN, + "REACHABILITY_FAILED ORADDRESS=%s:%d", + me->address, me->or_port); + } + + if (me && !check_whether_dirport_reachable()) { log_warn(LD_CONFIG, "Your server (%s:%d) has not managed to confirm that its " "DirPort is reachable. Please check your firewalls, ports, " "address, /etc/hosts file, etc.", me->address, me->dir_port); + control_event_server_status(LOG_WARN, + "REACHABILITY_FAILED DIRADDRESS=%s:%d", + me->address, me->dir_port); + } } /** If more than this many seconds have elapsed, probably the clock diff --git a/src/or/router.c b/src/or/router.c index f0a1e40743..fcfbe79112 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -770,9 +770,6 @@ consider_testing_reachability(int test_or, int test_dir) me->address, me->or_port); circuit_launch_by_router(CIRCUIT_PURPOSE_TESTING, me, CIRCLAUNCH_NEED_CAPACITY|CIRCLAUNCH_IS_INTERNAL); - control_event_server_status(LOG_NOTICE, - "CHECKING_REACHABILITY ORADDRESS=%s:%d", - me->address, me->or_port); } tor_addr_from_ipv4h(&addr, me->addr); @@ -788,10 +785,6 @@ consider_testing_reachability(int test_or, int test_dir) DIR_PURPOSE_FETCH_SERVERDESC, ROUTER_PURPOSE_GENERAL, 1, "authority.z", NULL, 0, 0); - - control_event_server_status(LOG_NOTICE, - "CHECKING_REACHABILITY DIRADDRESS=%s:%d", - me->address, me->dir_port); } } @@ -807,8 +800,11 @@ router_orport_found_reachable(void) " Publishing server descriptor." : ""); can_reach_or_port = 1; mark_my_descriptor_dirty(); - if (!me) + if (!me) { /* should never happen */ + log_warn(LD_BUG, "ORPort found reachable, but I have no routerinfo " + "yet. Failing to inform controller of success."); return; + } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED ORADDRESS=%s:%d", me->address, me->or_port); @@ -826,8 +822,11 @@ router_dirport_found_reachable(void) can_reach_dir_port = 1; if (!me || decide_to_advertise_dirport(get_options(), me->dir_port)) mark_my_descriptor_dirty(); - if (!me) + if (!me) { /* should never happen */ + log_warn(LD_BUG, "DirPort found reachable, but I have no routerinfo " + "yet. Failing to inform controller of success."); return; + } control_event_server_status(LOG_NOTICE, "REACHABILITY_SUCCEEDED DIRADDRESS=%s:%d", me->address, me->dir_port); From da219ee92445a8defa1ef33ffa2e82b63afe0402 Mon Sep 17 00:00:00 2001 From: Karsten Loesing Date: Tue, 1 Sep 2009 00:16:33 +0200 Subject: [PATCH 20/37] Reduce log level for bug case that we now know really exists. --- src/or/rendclient.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 5e3c20e807..3dd77a854b 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -94,10 +94,14 @@ rend_client_send_introduction(origin_circuit_t *introcirc, } }); if (!intro_key) { + /** XXX This case probably means that the intro point vanished while + * we were building a circuit to it. In the future, we should find + * out how that happened and whether we should kill the circuits to + * removed intro points immediately. See task 1073. */ int num_intro_points = smartlist_len(entry->parsed->intro_nodes); if (rend_cache_lookup_entry(introcirc->rend_data->onion_address, 0, &entry) > 0) { - log_warn(LD_BUG, "We have both a v0 and a v2 rend desc for this " + log_info(LD_REND, "We have both a v0 and a v2 rend desc for this " "service. The v2 desc doesn't contain the introduction " "point (and key) to send an INTRODUCE1/2 cell to this " "introduction point. Assuming the introduction point " @@ -108,7 +112,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, /* See flyspray task 1024. */ intro_key = entry->parsed->pk; } else { - log_warn(LD_BUG, "Internal error: could not find intro key; we " + log_info(LD_REND, "Internal error: could not find intro key; we " "only have a v2 rend desc with %d intro points.", num_intro_points); goto err; From 075c004095e25940707aa496b49e29caefdd73e8 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 31 Aug 2009 18:37:25 -0400 Subject: [PATCH 21/37] Add getinfo accepted-server-descriptor. Clean spec. Add a "getinfo status/accepted-server-descriptor" controller command, which is the recommended way for controllers to learn whether our server descriptor has been successfully received by at least on directory authority. Un-recommend good-server-descriptor getinfo and status events until we have a better design for them. --- ChangeLog | 7 +++++++ doc/spec/control-spec.txt | 15 ++++++++++----- src/or/control.c | 6 +++++- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 806d147d99..3699dbc99d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,13 @@ Changes in version 0.2.1.20 - 2009-??-?? overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported by SwissTorExit. + o Minor features: + - Add a "getinfo status/accepted-server-descriptor" controller + command, which is the recommended way for controllers to learn + whether our server descriptor has been successfully received by at + least on directory authority. Un-recommend good-server-descriptor + getinfo and status events until we have a better design for them. + Changes in version 0.2.1.19 - 2009-07-28 Tor 0.2.1.19 fixes a major bug with accessing and providing hidden diff --git a/doc/spec/control-spec.txt b/doc/spec/control-spec.txt index 0cc3bb2928..cf92e2b9e3 100644 --- a/doc/spec/control-spec.txt +++ b/doc/spec/control-spec.txt @@ -558,6 +558,7 @@ $Id$ "status/circuit-established" "status/enough-dir-info" "status/good-server-descriptor" + "status/accepted-server-descriptor" "status/..." These provide the current internal Tor values for various Tor states. See Section 4.1.10 for explanations. (Only a few of the @@ -1488,18 +1489,22 @@ $Id$ We successfully uploaded our server descriptor to at least one of the directory authorities, with no complaints. - {This event could affect the controller's idea of server status, but - the controller should not interrupt the user to tell them so.} + {Originally, the goal of this event was to declare "every authority + has accepted the descriptor, so there will be no complaints + about it." But since some authorities might be offline, it's + harder to get certainty than we had thought. As such, this event + is equivalent to ACCEPTED_SERVER_DESCRIPTOR below. Controllers + should just look at ACCEPTED_SERVER_DESCRIPTOR and should ignore + this event for now.} NAMESERVER_STATUS "NS=addr" "STATUS=" "UP" / "DOWN" "ERR=" message One of our nameservers has changed status. - // actually notice - {This event could affect the controller's idea of server status, but - the controller should not interrupt the user to tell them so.} + {This event could affect the controller's idea of server status, but + the controller should not interrupt the user to tell them so.} NAMESERVER_ALL_DOWN All of our nameservers have gone down. diff --git a/src/or/control.c b/src/or/control.c index 90c99fd51a..328da21862 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -1789,7 +1789,11 @@ getinfo_helper_events(control_connection_t *control_conn, *answer = tor_strdup(has_completed_circuit ? "1" : "0"); } else if (!strcmp(question, "status/enough-dir-info")) { *answer = tor_strdup(router_have_minimum_dir_info() ? "1" : "0"); - } else if (!strcmp(question, "status/good-server-descriptor")) { + } else if (!strcmp(question, "status/good-server-descriptor") || + !strcmp(question, "status/accepted-server-descriptor")) { + /* They're equivalent for now, until we can figure out how to make + * good-server-descriptor be what we want. See comment in + * control-spec.txt. */ *answer = tor_strdup(directories_have_accepted_server_descriptor() ? "1" : "0"); } else if (!strcmp(question, "status/reachability-succeeded/or")) { From aea9cf1011cf3c7badfd1bc49f0a27f96f234cf9 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Tue, 1 Sep 2009 05:23:47 +0200 Subject: [PATCH 22/37] Fix compile warnings on Snow Leopard Big thanks to nickm and arma for helping me with this! --- src/common/address.c | 8 ++++---- src/common/log.c | 4 ++-- src/common/tortls.c | 4 ++-- src/common/tortls.h | 4 ++-- src/common/util.c | 7 ++++--- src/or/command.c | 2 +- src/or/config.c | 5 +++-- src/or/control.c | 2 +- src/or/directory.c | 4 ++-- src/or/eventdns.c | 6 +++--- src/or/eventdns.h | 4 ++-- src/or/main.c | 4 ++-- src/or/rendclient.c | 2 +- src/or/rendservice.c | 2 +- src/or/routerparse.c | 5 +++-- src/or/test.c | 2 +- src/tools/tor-gencert.c | 4 ++-- src/tools/tor-resolve.c | 4 ++-- 18 files changed, 38 insertions(+), 35 deletions(-) diff --git a/src/common/address.c b/src/common/address.c index fac9d50e15..88cbbb7470 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -373,10 +373,10 @@ tor_addr_parse_reverse_lookup_name(tor_addr_t *result, const char *address, return -1; /* malformed. */ /* reverse the bytes */ - inaddr.s_addr = (((inaddr.s_addr & 0x000000fful) << 24) - |((inaddr.s_addr & 0x0000ff00ul) << 8) - |((inaddr.s_addr & 0x00ff0000ul) >> 8) - |((inaddr.s_addr & 0xff000000ul) >> 24)); + inaddr.s_addr = (((inaddr.s_addr & (uint32_t)0x000000fful) << 24) + |((inaddr.s_addr & (uint32_t)0x0000ff00ul) << 8) + |((inaddr.s_addr & (uint32_t)0x00ff0000ul) >> 8) + |((inaddr.s_addr & (uint32_t)0xff000000ul) >> 24)); if (result) { tor_addr_from_in(result, &inaddr); diff --git a/src/common/log.c b/src/common/log.c index ea09fca167..423a687a51 100644 --- a/src/common/log.c +++ b/src/common/log.c @@ -149,8 +149,8 @@ _log_prefix(char *buf, size_t buf_len, int severity) t = (time_t)now.tv_sec; n = strftime(buf, buf_len, "%b %d %H:%M:%S", tor_localtime_r(&t, &tm)); - r = tor_snprintf(buf+n, buf_len-n, ".%.3ld [%s] ", - (long)now.tv_usec / 1000, sev_to_string(severity)); + r = tor_snprintf(buf+n, buf_len-n, ".%.3i [%s] ", + (int)now.tv_usec / 1000, sev_to_string(severity)); if (r<0) return buf_len-1; else diff --git a/src/common/tortls.c b/src/common/tortls.c index f14eab18a5..aeb0ca0800 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -1443,8 +1443,8 @@ tor_tls_used_v1_handshake(tor_tls_t *tls) * buffer and *wbuf_bytes to the amount actually used. */ void tor_tls_get_buffer_sizes(tor_tls_t *tls, - int *rbuf_capacity, int *rbuf_bytes, - int *wbuf_capacity, int *wbuf_bytes) + size_t *rbuf_capacity, size_t *rbuf_bytes, + size_t *wbuf_capacity, size_t *wbuf_bytes) { if (tls->ssl->s3->rbuf.buf) *rbuf_capacity = tls->ssl->s3->rbuf.len; diff --git a/src/common/tortls.h b/src/common/tortls.h index 44e3b499ef..d00690911c 100644 --- a/src/common/tortls.h +++ b/src/common/tortls.h @@ -73,8 +73,8 @@ void tor_tls_get_n_raw_bytes(tor_tls_t *tls, size_t *n_read, size_t *n_written); void tor_tls_get_buffer_sizes(tor_tls_t *tls, - int *rbuf_capacity, int *rbuf_bytes, - int *wbuf_capacity, int *wbuf_bytes); + size_t *rbuf_capacity, size_t *rbuf_bytes, + size_t *wbuf_capacity, size_t *wbuf_bytes); int tor_tls_used_v1_handshake(tor_tls_t *tls); diff --git a/src/common/util.c b/src/common/util.c index 7b9e5eb562..9dcf9fba64 100644 --- a/src/common/util.c +++ b/src/common/util.c @@ -1816,7 +1816,8 @@ write_chunks_to_file_impl(const char *fname, const smartlist_t *chunks, int open_flags) { open_file_t *file = NULL; - int fd, result; + int fd; + ssize_t result; fd = start_writing_to_file(fname, open_flags, 0600, &file); if (fd<0) return -1; @@ -1901,7 +1902,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out) int fd; /* router file */ struct stat statbuf; char *string; - int r; + ssize_t r; int bin = flags & RFTS_BIN; tor_assert(filename); @@ -1960,7 +1961,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out) * match for size. */ int save_errno = errno; log_warn(LD_FS,"Could read only %d of %ld bytes of file \"%s\".", - r, (long)statbuf.st_size,filename); + (int)r, (long)statbuf.st_size,filename); tor_free(string); close(fd); errno = save_errno; diff --git a/src/or/command.c b/src/or/command.c index 98f093a72b..67e463723f 100644 --- a/src/or/command.c +++ b/src/or/command.c @@ -575,7 +575,7 @@ command_process_netinfo_cell(cell_t *cell, or_connection_t *conn) /* Consider all the other addresses; if any matches, this connection is * "canonical." */ tor_addr_t addr; - const char *next = decode_address_from_payload(&addr, cp, end-cp); + const char *next = decode_address_from_payload(&addr, cp, (int)(end-cp)); if (next == NULL) { log_fn(LOG_PROTOCOL_WARN, LD_OR, "Bad address in netinfo cell; closing connection."); diff --git a/src/or/config.c b/src/or/config.c index 84146c1063..8fd70bec9f 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2504,7 +2504,8 @@ is_local_addr(const tor_addr_t *addr) * the same /24 as last_resolved_addr will be the same as checking whether * it was on net 0, which is already done by is_internal_IP. */ - if ((last_resolved_addr & 0xffffff00ul) == (ip & 0xffffff00ul)) + if ((last_resolved_addr & (uint32_t)0xffffff00ul) + == (ip & (uint32_t)0xffffff00ul)) return 1; } return 0; @@ -4187,7 +4188,7 @@ options_init_from_string(const char *cf, err: config_free(&options_format, newoptions); if (*msg) { - int len = strlen(*msg)+256; + int len = (int)strlen(*msg)+256; char *newmsg = tor_malloc(len); tor_snprintf(newmsg, len, "Failed to parse/validate config: %s", *msg); diff --git a/src/or/control.c b/src/or/control.c index 328da21862..5688b8e71f 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -2601,7 +2601,7 @@ handle_control_resolve(control_connection_t *conn, uint32_t len, int is_reverse = 0; (void) len; /* body is nul-terminated; it's safe to ignore the length */ - if (!(conn->event_mask & (1L<event_mask & ((uint32_t)1L< DIGEST_LEN) want_len = DIGEST_LEN; diff --git a/src/or/eventdns.c b/src/or/eventdns.c index 4ae17a40c3..a889e803ed 100644 --- a/src/or/eventdns.c +++ b/src/or/eventdns.c @@ -2385,7 +2385,7 @@ out1: /* exported function */ int -evdns_nameserver_add(unsigned long int address) { +evdns_nameserver_add(uint32_t address) { struct sockaddr_in sin; memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; @@ -2416,13 +2416,13 @@ evdns_nameserver_ip_add(const char *ip_as_string) { cp = strchr(ip_as_string, ':'); if (*ip_as_string == '[') { - int len; + size_t len; if (!(cp = strchr(ip_as_string, ']'))) { log(EVDNS_LOG_DEBUG, "Nameserver missing closing ]"); return 4; } len = cp-(ip_as_string + 1); - if (len > (int)sizeof(buf)-1) { + if (len > sizeof(buf)-1) { log(EVDNS_LOG_DEBUG, "[Nameserver] does not fit in buffer."); return 4; } diff --git a/src/or/eventdns.h b/src/or/eventdns.h index 734bacf2d2..bf3b64d08a 100644 --- a/src/or/eventdns.h +++ b/src/or/eventdns.h @@ -112,7 +112,7 @@ * * API reference: * - * int evdns_nameserver_add(unsigned long int address) + * int evdns_nameserver_add(uint32_t address) * Add a nameserver. The address should be an IP address in * network byte order. The type of address is chosen so that * it matches in_addr.s_addr. @@ -258,7 +258,7 @@ typedef void (*evdns_callback_type) (int result, char type, int count, int ttl, int evdns_init(void); void evdns_shutdown(int fail_requests); const char *evdns_err_to_string(int err); -int evdns_nameserver_add(unsigned long int address); +int evdns_nameserver_add(uint32_t address); int evdns_count_nameservers(void); int evdns_clear_nameservers_and_suspend(void); int evdns_resume(void); diff --git a/src/or/main.c b/src/or/main.c index 62335d3421..ca09af0561 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -1608,7 +1608,7 @@ dumpstats(int severity) { time_t now = time(NULL); time_t elapsed; - int rbuf_cap, wbuf_cap, rbuf_len, wbuf_len; + size_t rbuf_cap, wbuf_cap, rbuf_len, wbuf_len; log(severity, LD_GENERAL, "Dumping stats:"); @@ -1644,7 +1644,7 @@ dumpstats(int severity) log(severity, LD_GENERAL, "Conn %d: %d/%d bytes used on OpenSSL read buffer; " "%d/%d bytes used on write buffer.", - i, rbuf_len, rbuf_cap, wbuf_len, wbuf_cap); + i, (int)rbuf_len, (int)rbuf_cap, (int)wbuf_len, (int)wbuf_cap); } } } diff --git a/src/or/rendclient.c b/src/or/rendclient.c index a5d7c1016e..38383e8abb 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -146,7 +146,7 @@ rend_client_send_introduction(origin_circuit_t *introcirc, REND_DESC_COOKIE_LEN); v3_shift += 2+REND_DESC_COOKIE_LEN; } - set_uint32(tmp+v3_shift+1, htonl(time(NULL))); + set_uint32(tmp+v3_shift+1, htonl((uint32_t)time(NULL))); v3_shift += 4; } /* if version 2 only write version number */ else if (entry->parsed->protocols & (1<<2)) { diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 2fd041d33e..7ba00993c4 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1013,7 +1013,7 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request, /* Check timestamp. */ memcpy((char*)&ts, buf+1+v3_shift, sizeof(uint32_t)); v3_shift += 4; - ts = ntohl(ts); + ts = ntohl((uint32_t)ts); if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 || (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) { log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.", diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 8021158e31..97dd20f4e3 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -1917,8 +1917,9 @@ routerstatus_parse_entry_from_string(memarea_t *area, for (i=0; i < tok->n_args; ++i) { if (!strcmpstart(tok->args[i], "Bandwidth=")) { int ok; - rs->bandwidth = tor_parse_ulong(strchr(tok->args[i], '=')+1, 10, - 0, UINT32_MAX, &ok, NULL); + rs->bandwidth = (uint32_t)tor_parse_ulong(strchr(tok->args[i], '=')+1, + 10, 0, UINT32_MAX, + &ok, NULL); if (!ok) { log_warn(LD_DIR, "Invalid Bandwidth %s", escaped(tok->args[i])); goto err; diff --git a/src/or/test.c b/src/or/test.c index 7b7411e2f8..e06dd5951f 100644 --- a/src/or/test.c +++ b/src/or/test.c @@ -410,7 +410,7 @@ test_crypto_dh(void) char p2[DH_BYTES]; char s1[DH_BYTES]; char s2[DH_BYTES]; - int s1len, s2len; + ssize_t s1len, s2len; test_eq(crypto_dh_get_bytes(dh1), DH_BYTES); test_eq(crypto_dh_get_bytes(dh2), DH_BYTES); diff --git a/src/tools/tor-gencert.c b/src/tools/tor-gencert.c index 4971668c9f..c7d9282076 100644 --- a/src/tools/tor-gencert.c +++ b/src/tools/tor-gencert.c @@ -70,7 +70,7 @@ show_help(void) static void crypto_log_errors(int severity, const char *doing) { - unsigned int err; + unsigned long err; const char *msg, *lib, *func; while ((err = ERR_get_error()) != 0) { msg = (const char*)ERR_reason_error_string(err); @@ -94,7 +94,7 @@ load_passphrase(void) { char *cp; char buf[1024]; /* "Ought to be enough for anybody." */ - int n = read_all(passphrase_fd, buf, sizeof(buf), 0); + ssize_t n = read_all(passphrase_fd, buf, sizeof(buf), 0); if (n < 0) { log_err(LD_GENERAL, "Couldn't read from passphrase fd: %s", strerror(errno)); diff --git a/src/tools/tor-resolve.c b/src/tools/tor-resolve.c index fe4e882416..f12c3d8dd3 100644 --- a/src/tools/tor-resolve.c +++ b/src/tools/tor-resolve.c @@ -51,7 +51,7 @@ static void usage(void) ATTR_NORETURN; /** Set *out to a newly allocated SOCKS4a resolve request with * username and hostname as provided. Return the number * of bytes in the request. */ -static int +static ssize_t build_socks_resolve_request(char **out, const char *username, const char *hostname, @@ -184,7 +184,7 @@ do_resolve(const char *hostname, uint32_t sockshost, uint16_t socksport, int s; struct sockaddr_in socksaddr; char *req = NULL; - int len = 0; + ssize_t len = 0; tor_assert(hostname); tor_assert(result_addr); From 2f0184ece11d6663cb2dd4e161e29dd8861a20af Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 1 Sep 2009 15:41:38 -0400 Subject: [PATCH 23/37] Use a simpler fix for the byte-reversing warning --- src/common/address.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/common/address.c b/src/common/address.c index 88cbbb7470..3e0ea25d90 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -373,10 +373,11 @@ tor_addr_parse_reverse_lookup_name(tor_addr_t *result, const char *address, return -1; /* malformed. */ /* reverse the bytes */ - inaddr.s_addr = (((inaddr.s_addr & (uint32_t)0x000000fful) << 24) - |((inaddr.s_addr & (uint32_t)0x0000ff00ul) << 8) - |((inaddr.s_addr & (uint32_t)0x00ff0000ul) >> 8) - |((inaddr.s_addr & (uint32_t)0xff000000ul) >> 24)); + inaddr.s_addr = (uint32_t) + (((inaddr.s_addr & 0x000000fful) << 24) + |((inaddr.s_addr & 0x0000ff00ul) << 8) + |((inaddr.s_addr & 0x00ff0000ul) >> 8) + |((inaddr.s_addr & 0xff000000ul) >> 24)); if (result) { tor_addr_from_in(result, &inaddr); From bddda9bbdb047e52652f7c6f9c2047df15a4e08e Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Tue, 1 Sep 2009 15:51:09 -0400 Subject: [PATCH 24/37] Use an _actual_ fix for the byte-reverse warning. (Given that we're pretty much assuming that int is 32 bits, and given that hex values are always unsigned, taking out the "ul" from 0xff000000 should be fine.) --- src/common/address.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/common/address.c b/src/common/address.c index 3e0ea25d90..2fe013a2cd 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -374,10 +374,10 @@ tor_addr_parse_reverse_lookup_name(tor_addr_t *result, const char *address, /* reverse the bytes */ inaddr.s_addr = (uint32_t) - (((inaddr.s_addr & 0x000000fful) << 24) - |((inaddr.s_addr & 0x0000ff00ul) << 8) - |((inaddr.s_addr & 0x00ff0000ul) >> 8) - |((inaddr.s_addr & 0xff000000ul) >> 24)); + (((inaddr.s_addr & 0x000000ff) << 24) + |((inaddr.s_addr & 0x0000ff00) << 8) + |((inaddr.s_addr & 0x00ff0000) >> 8) + |((inaddr.s_addr & 0xff000000) >> 24)); if (result) { tor_addr_from_in(result, &inaddr); From 5657e803f8ea1203c4d9159b96ece489e50797ac Mon Sep 17 00:00:00 2001 From: Andrew Lewman Date: Tue, 1 Sep 2009 15:28:03 -0400 Subject: [PATCH 25/37] update changelog with bundle details --- ChangeLog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/ChangeLog b/ChangeLog index 3699dbc99d..5b02e5d68e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,6 +37,21 @@ Changes in version 0.2.1.20 - 2009-??-?? least on directory authority. Un-recommend good-server-descriptor getinfo and status events until we have a better design for them. + o Packaging changes: + - Upgrade Vidalia to 0.2.3 from 0.1.15. See + https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHANGELOG + for details of what's new in Vidalia 0.2.3. + - Windows Vidalia Bundle: update Privoxy to 3.0.14-beta from 3.0.6 + - OS X Vidalia Bundle: replace Privoxy with Polipo 1.0.4 plus Tor + specific configuration + - OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as + x86-only for better compatibility with OS X 10.6, aka Snow Leopard. + - OS X Tor Expert Bundle: Tor is compiled as x86-only for + better compatibility with OS X 10.6, aka Snow Leopard. + - OS X Vidalia Bundle: The multi-package installer is now replaced + by a simple drag and drop to the /Applications folder. This change + occured with the upgrade to Vidalia 0.2.3. + Changes in version 0.2.1.19 - 2009-07-28 Tor 0.2.1.19 fixes a major bug with accessing and providing hidden From 3db36d86c48f47b63e7597a9d28fd02ed577aa50 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Tue, 1 Sep 2009 22:46:41 -0400 Subject: [PATCH 26/37] turns out the packaging changes aren't in 0.2.1.20 --- ChangeLog | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5b02e5d68e..3699dbc99d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -37,21 +37,6 @@ Changes in version 0.2.1.20 - 2009-??-?? least on directory authority. Un-recommend good-server-descriptor getinfo and status events until we have a better design for them. - o Packaging changes: - - Upgrade Vidalia to 0.2.3 from 0.1.15. See - https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHANGELOG - for details of what's new in Vidalia 0.2.3. - - Windows Vidalia Bundle: update Privoxy to 3.0.14-beta from 3.0.6 - - OS X Vidalia Bundle: replace Privoxy with Polipo 1.0.4 plus Tor - specific configuration - - OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as - x86-only for better compatibility with OS X 10.6, aka Snow Leopard. - - OS X Tor Expert Bundle: Tor is compiled as x86-only for - better compatibility with OS X 10.6, aka Snow Leopard. - - OS X Vidalia Bundle: The multi-package installer is now replaced - by a simple drag and drop to the /Applications folder. This change - occured with the upgrade to Vidalia 0.2.3. - Changes in version 0.2.1.19 - 2009-07-28 Tor 0.2.1.19 fixes a major bug with accessing and providing hidden From fcacf224913b3a0a08cef06a7241348f49b26e49 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 2 Sep 2009 20:36:11 -0400 Subject: [PATCH 27/37] Fix obscure 64-bit big-endian hidserv bug Fix an obscure bug where hidden services on 64-bit big-endian systems might mis-read the timestamp in v3 introduce cells, and refuse to connect back to the client. Discovered by "rotor". Bugfix on 0.2.1.6-alpha. --- ChangeLog | 4 ++++ src/or/rendservice.c | 5 ++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3699dbc99d..1da6a97193 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,10 @@ Changes in version 0.2.1.20 - 2009-??-?? - Fix an extremely rare infinite recursion bug that could occur if we tried to log a message after shutting down the log subsystem. Found by Matt Edman. Bugfix on 0.2.0.16-alpha. + - Fix an obscure bug where hidden services on 64-bit big-endian + systems might mis-read the timestamp in v3 introduce cells, and + refuse to connect back to the client. Discovered by "rotor". + Bugfix on 0.2.1.6-alpha. - We were triggering a CLOCK_SKEW controller status event whenever we connect via the v2 connection protocol to any relay that has a wrong clock. Instead, we should only inform the controller when diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 7ba00993c4..3144ef2f04 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1011,13 +1011,12 @@ rend_service_introduce(origin_circuit_t *circuit, const char *request, } /* Check timestamp. */ - memcpy((char*)&ts, buf+1+v3_shift, sizeof(uint32_t)); + ts = ntohl(get_uint32(buf+1+v3_shift)); v3_shift += 4; - ts = ntohl((uint32_t)ts); if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 || (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) { log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.", - (now - ts) < 0 ? "old" : "new"); + (now - ts) < 0 ? "old" : "new"); return -1; } } From b792afa91901abaa04417051d1369fa8e643d90d Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Sun, 13 Sep 2009 21:47:55 +0200 Subject: [PATCH 28/37] Fix a memory leak when parsing a ns Adding the same vote to a networkstatus consensus leads to a memory leak on the client side. Fix that by only using the first vote from any given voter, and ignoring the others. Problem found by Rotor, who also helped writing the patch. Thanks! --- ChangeLog | 3 +++ src/or/routerparse.c | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1da6a97193..aabe9b4fbe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ Changes in version 0.2.1.20 - 2009-??-?? patch. Bugfix on the 54th commit on Tor -- from July 2002, before the release of Tor 0.0.0. This is the new winner of the oldest-bug prize. + - Fix a remotely triggerable memory leak when a consensus document + contains more than one signature from the same voter. Bugfix on + 0.2.0.3-alpha. o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 97dd20f4e3..189458ee1e 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -2509,6 +2509,14 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, } else { if (tok->object_size >= INT_MAX) goto err; + /* We already parsed a vote from this voter. Use the first one. */ + if (v->signature) { + log_fn(LOG_PROTOCOL_WARN, LD_DIR, "We received a networkstatus " + "that contains two votes from the same voter. Ignoring " + "the second vote."); + continue; + } + v->signature = tor_memdup(tok->object_body, tok->object_size); v->signature_len = (int) tok->object_size; } From 113ba0e7270147b6eed10668970e1719139c4f27 Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Fri, 11 Sep 2009 15:40:09 +0200 Subject: [PATCH 29/37] make some bug 1090 warnings go away When we excluded some Exits, we were sometimes warning the user that we were going to use the node regardless. Many of those warnings were in fact bogus, because the relay in question was not used to connect to the outside world. Based on patch by Rotor, thanks! --- ChangeLog | 4 ++++ src/or/circuitbuild.c | 46 ++++++++++++++++++++----------------------- 2 files changed, 25 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1da6a97193..039cf5e162 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,10 @@ Changes in version 0.2.1.20 - 2009-??-?? controller when we want to inform the user of overall success or overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported by SwissTorExit. + - Don't warn when we're using a circuit that ends with a node + excluded in ExcludeExitNodes, but the circuit is not used to access + the outside world. This should help fix bug 1090. Bugfix on + 0.2.1.6-alpha. o Minor features: - Add a "getinfo status/accepted-server-descriptor" controller diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 2d20efae3d..983eb6dac1 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1444,13 +1444,16 @@ choose_good_exit_server(uint8_t purpose, routerlist_t *dir, /** Log a warning if the user specified an exit for the circuit that * has been excluded from use by ExcludeNodes or ExcludeExitNodes. */ static void -warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit) +warn_if_last_router_excluded(origin_circuit_t *circ, const extend_info_t *exit) { or_options_t *options = get_options(); routerset_t *rs = options->ExcludeNodes; const char *description; - int severity; int domain = LD_CIRC; + uint8_t purpose = circ->_base.purpose; + + if (circ->build_state->onehop_tunnel) + return; switch (purpose) { @@ -1463,48 +1466,40 @@ warn_if_last_router_excluded(uint8_t purpose, const extend_info_t *exit) (int)purpose); return; case CIRCUIT_PURPOSE_C_GENERAL: + if (circ->build_state->is_internal) + return; description = "Requested exit node"; rs = options->_ExcludeExitNodesUnion; - severity = LOG_WARN; break; case CIRCUIT_PURPOSE_C_INTRODUCING: case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT: case CIRCUIT_PURPOSE_C_INTRODUCE_ACKED: - description = "Introduction point for hidden service"; - severity = LOG_INFO; - break; + case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO: + case CIRCUIT_PURPOSE_S_CONNECT_REND: + case CIRCUIT_PURPOSE_S_REND_JOINED: + case CIRCUIT_PURPOSE_TESTING: + return; case CIRCUIT_PURPOSE_C_ESTABLISH_REND: case CIRCUIT_PURPOSE_C_REND_READY: case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED: case CIRCUIT_PURPOSE_C_REND_JOINED: description = "Chosen rendezvous point"; - severity = LOG_WARN; domain = LD_BUG; break; - case CIRCUIT_PURPOSE_S_ESTABLISH_INTRO: - description = "Chosen introduction point"; - severity = LOG_INFO; - break; - case CIRCUIT_PURPOSE_S_CONNECT_REND: - case CIRCUIT_PURPOSE_S_REND_JOINED: - description = "Client-selected rendezvous point"; - severity = LOG_INFO; - break; - case CIRCUIT_PURPOSE_TESTING: - description = "Target for testing circuit"; - severity = LOG_INFO; - break; case CIRCUIT_PURPOSE_CONTROLLER: rs = options->_ExcludeExitNodesUnion; description = "Controller-selected circuit target"; - severity = LOG_WARN; break; } - if (routerset_contains_extendinfo(rs, exit)) - log_fn(severity, domain, "%s '%s' is in ExcludeNodes%s. Using anyway.", + if (routerset_contains_extendinfo(rs, exit)) { + log_fn(LOG_WARN, domain, "%s '%s' is in ExcludeNodes%s. Using anyway " + "(circuit purpose %d).", description,exit->nickname, - rs==options->ExcludeNodes?"":" or ExcludeExitNodes."); + rs==options->ExcludeNodes?"":" or ExcludeExitNodes", + (int)purpose); + circuit_log_path(LOG_WARN, domain, circ); + } return; } @@ -1529,7 +1524,7 @@ onion_pick_cpath_exit(origin_circuit_t *circ, extend_info_t *exit) } if (exit) { /* the circuit-builder pre-requested one */ - warn_if_last_router_excluded(circ->_base.purpose, exit); + warn_if_last_router_excluded(circ, exit); log_info(LD_CIRC,"Using requested exit node '%s'", exit->nickname); exit = extend_info_dup(exit); } else { /* we have to decide one */ @@ -1576,6 +1571,7 @@ int circuit_extend_to_new_exit(origin_circuit_t *circ, extend_info_t *exit) { int err_reason = 0; + warn_if_last_router_excluded(circ, exit); circuit_append_new_exit(circ, exit); circuit_set_state(TO_CIRCUIT(circ), CIRCUIT_STATE_BUILDING); if ((err_reason = circuit_send_next_onion_skin(circ))<0) { From dc3229313b6d2aaff437c6fc7fa55ead4409e93d Mon Sep 17 00:00:00 2001 From: Sebastian Hahn Date: Wed, 16 Sep 2009 02:23:04 +0200 Subject: [PATCH 30/37] Teach connection_ap_can_use_exit about Exclude*Nodes To further attempt to fix bug 1090, make sure connection_ap_can_use_exit always returns 0 when the chosen exit router is excluded. This should fix bug1090. --- ChangeLog | 2 ++ src/or/connection_edge.c | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 50b3b4450e..fc51140c63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,8 @@ Changes in version 0.2.1.20 - 2009-??-?? excluded in ExcludeExitNodes, but the circuit is not used to access the outside world. This should help fix bug 1090. Bugfix on 0.2.1.6-alpha. + - Teach connection_ap_can_use_exit to respect the Exclude*Nodes config + options. Should fix bug 1090. Bugfix on 0.0.2-pre16. o Minor features: - Add a "getinfo status/accepted-server-descriptor" controller diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index d699591cdc..ba1304a653 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2851,11 +2851,13 @@ connection_edge_is_rendezvous_stream(edge_connection_t *conn) /** Return 1 if router exit is likely to allow stream conn * to exit from it, or 0 if it probably will not allow it. * (We might be uncertain if conn's destination address has not yet been - * resolved.) + * resolved.) If the router is in the list of excluded nodes, also return 0; */ int connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) { + or_options_t *options = get_options(); + tor_assert(conn); tor_assert(conn->_base.type == CONN_TYPE_AP); tor_assert(conn->socks_request); @@ -2901,6 +2903,10 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) if (!conn->chosen_exit_name && policy_is_reject_star(exit->exit_policy)) return 0; } + if (options->_ExcludeExitNodesUnion && + routerset_contains_router(options->_ExcludeExitNodesUnion, exit)) + return 0; + return 1; } From 9c38941195309c3d9a8620536f7f7246c780b9c7 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Thu, 17 Sep 2009 00:01:20 -0400 Subject: [PATCH 31/37] Work around a memory leak in openssl 0.9.8g (and maybe others) --- ChangeLog | 3 +++ src/common/tortls.c | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/ChangeLog b/ChangeLog index fccae7daed..6446943e57 100644 --- a/ChangeLog +++ b/ChangeLog @@ -45,6 +45,9 @@ Changes in version 0.2.1.20 - 2009-??-?? - Avoid segfault in rare cases when finishing an introduction circuit as a client and finding out that we don't have an introduction key for it. Fixes bug 1073. Reported by Aaron Swartz. + - Work around a small memory leak in some versions of OpenSSL that + stopped the memory used by the hostname TLS extension from being + freed. o Minor features: - Add a "getinfo status/accepted-server-descriptor" controller diff --git a/src/common/tortls.c b/src/common/tortls.c index aeb0ca0800..c6b11e9a6e 100644 --- a/src/common/tortls.c +++ b/src/common/tortls.c @@ -829,6 +829,9 @@ tor_tls_new(int sock, int isServer) if (!SSL_set_cipher_list(result->ssl, isServer ? SERVER_CIPHER_LIST : CLIENT_CIPHER_LIST)) { tls_log_errors(NULL, LOG_WARN, "setting ciphers"); +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(result->ssl, NULL); +#endif SSL_free(result->ssl); tor_free(result); return NULL; @@ -839,6 +842,9 @@ tor_tls_new(int sock, int isServer) bio = BIO_new_socket(sock, BIO_NOCLOSE); if (! bio) { tls_log_errors(NULL, LOG_WARN, "opening BIO"); +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(result->ssl, NULL); +#endif SSL_free(result->ssl); tor_free(result); return NULL; @@ -919,6 +925,9 @@ tor_tls_free(tor_tls_t *tls) if (!removed) { log_warn(LD_BUG, "Freeing a TLS that was not in the ssl->tls map."); } +#ifdef SSL_set_tlsext_host_name + SSL_set_tlsext_host_name(tls->ssl, NULL); +#endif SSL_free(tls->ssl); tls->ssl = NULL; tls->negotiated_callback = NULL; From 95008db08d1bb5d7b608654fc1a115a42cd15252 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Sun, 20 Sep 2009 23:50:48 -0400 Subject: [PATCH 32/37] Revert "Teach connection_ap_can_use_exit about Exclude*Nodes" This reverts commit dc3229313b6d2aaff437c6fc7fa55ead4409e93d. We're going to do this more thoroughly in 0.2.2.x, and not in maint-0.2.1. --- ChangeLog | 2 -- src/or/connection_edge.c | 8 +------- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6446943e57..1f33eb741f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,8 +40,6 @@ Changes in version 0.2.1.20 - 2009-??-?? excluded in ExcludeExitNodes, but the circuit is not used to access the outside world. This should help fix bug 1090. Bugfix on 0.2.1.6-alpha. - - Teach connection_ap_can_use_exit to respect the Exclude*Nodes config - options. Should fix bug 1090. Bugfix on 0.0.2-pre16. - Avoid segfault in rare cases when finishing an introduction circuit as a client and finding out that we don't have an introduction key for it. Fixes bug 1073. Reported by Aaron Swartz. diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index ba1304a653..d699591cdc 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2851,13 +2851,11 @@ connection_edge_is_rendezvous_stream(edge_connection_t *conn) /** Return 1 if router exit is likely to allow stream conn * to exit from it, or 0 if it probably will not allow it. * (We might be uncertain if conn's destination address has not yet been - * resolved.) If the router is in the list of excluded nodes, also return 0; + * resolved.) */ int connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) { - or_options_t *options = get_options(); - tor_assert(conn); tor_assert(conn->_base.type == CONN_TYPE_AP); tor_assert(conn->socks_request); @@ -2903,10 +2901,6 @@ connection_ap_can_use_exit(edge_connection_t *conn, routerinfo_t *exit) if (!conn->chosen_exit_name && policy_is_reject_star(exit->exit_policy)) return 0; } - if (options->_ExcludeExitNodesUnion && - routerset_contains_router(options->_ExcludeExitNodesUnion, exit)) - return 0; - return 1; } From 83c3f118db0ae3911ea72403856df9fb08b2d0e5 Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Wed, 14 Oct 2009 16:15:41 -0400 Subject: [PATCH 33/37] Code to parse and access network parameters. Partial backport of 381766ce4b1145460. Partial backport of 56c6d78520a98fb64. --- src/common/torint.h | 4 ++++ src/or/networkstatus.c | 31 +++++++++++++++++++++++++++++++ src/or/or.h | 12 +++++++++--- src/or/routerparse.c | 31 +++++++++++++++++++++++++++++++ 4 files changed, 75 insertions(+), 3 deletions(-) diff --git a/src/common/torint.h b/src/common/torint.h index 1f7421174a..f8441859a9 100644 --- a/src/common/torint.h +++ b/src/common/torint.h @@ -119,6 +119,10 @@ typedef unsigned int uint32_t; #endif #endif +#ifndef INT32_MIN +#define INT32_MIN (-2147483647-1) +#endif + #if (SIZEOF_LONG == 4) #ifndef HAVE_INT32_T typedef signed long int32_t; diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 573197a53f..05da73b5cb 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -286,6 +286,10 @@ networkstatus_vote_free(networkstatus_t *ns) SMARTLIST_FOREACH(ns->known_flags, char *, c, tor_free(c)); smartlist_free(ns->known_flags); } + if (ns->net_params) { + SMARTLIST_FOREACH(ns->net_params, char *, c, tor_free(c)); + smartlist_free(ns->net_params); + } if (ns->supported_methods) { SMARTLIST_FOREACH(ns->supported_methods, char *, c, tor_free(c)); smartlist_free(ns->supported_methods); @@ -1884,6 +1888,33 @@ networkstatus_dump_bridge_status_to_file(time_t now) tor_free(status); } +/** Return the value of a integer parameter from the networkstatus ns + * whose name is param_name. Return default_val if ns is NULL, + * or if it has no parameter called param_name. */ +int32_t +networkstatus_get_param(networkstatus_t *ns, const char *param_name, + int32_t default_val) +{ + size_t name_len; + + if (!ns || !ns->net_params) + return default_val; + + name_len = strlen(param_name); + + SMARTLIST_FOREACH_BEGIN(ns->net_params, const char *, p) { + if (!strcmpstart(p, param_name) && p[name_len] == '=') { + int ok=0; + long v = tor_parse_long(p+name_len+1, 10, INT32_MIN, INT32_MAX, &ok, + NULL); + if (ok) + return (int32_t) v; + } + } SMARTLIST_FOREACH_END(p); + + return default_val; +} + /** If question is a string beginning with "ns/" in a format the * control interface expects for a GETINFO question, set *answer to a * newly-allocated string containing networkstatus lines for the appropriate diff --git a/src/or/or.h b/src/or/or.h index 319b3a9d10..0c0d8e869e 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1655,6 +1655,10 @@ typedef struct networkstatus_t { * not listed here, the voter has no opinion on what its value should be. */ smartlist_t *known_flags; + /** List of key=value strings for the parameters in this vote or + * consensus, sorted by key. */ + smartlist_t *net_params; + /** List of networkstatus_voter_info_t. For a vote, only one element * is included. For a consensus, one element is included for every voter * whose vote contributed to the consensus. */ @@ -3570,9 +3574,9 @@ dirserv_generate_networkstatus_vote_obj(crypto_pk_env_t *private_key, authority_cert_t *cert); #ifdef DIRVOTE_PRIVATE -char * -format_networkstatus_vote(crypto_pk_env_t *private_key, - networkstatus_t *v3_ns); +char *format_networkstatus_vote(crypto_pk_env_t *private_key, + networkstatus_t *v3_ns); +char *dirvote_compute_params(smartlist_t *votes); #endif /********************************* dns.c ***************************/ @@ -3787,6 +3791,8 @@ void signed_descs_update_status_from_consensus_networkstatus( char *networkstatus_getinfo_helper_single(routerstatus_t *rs); char *networkstatus_getinfo_by_purpose(const char *purpose_string, time_t now); void networkstatus_dump_bridge_status_to_file(time_t now); +int32_t networkstatus_get_param(networkstatus_t *ns, const char *param_name, + int32_t default_val); int getinfo_helper_networkstatus(control_connection_t *conn, const char *question, char **answer); void networkstatus_free_all(void); diff --git a/src/or/routerparse.c b/src/or/routerparse.c index 189458ee1e..4e1d0cd592 100644 --- a/src/or/routerparse.c +++ b/src/or/routerparse.c @@ -77,6 +77,7 @@ typedef enum { K_VOTING_DELAY, K_KNOWN_FLAGS, + K_PARAMS, K_VOTE_DIGEST, K_CONSENSUS_DIGEST, K_CONSENSUS_METHODS, @@ -383,6 +384,7 @@ static token_rule_t networkstatus_token_table[] = { T1("valid-until", K_VALID_UNTIL, CONCAT_ARGS, NO_OBJ ), T1("voting-delay", K_VOTING_DELAY, GE(2), NO_OBJ ), T1("known-flags", K_KNOWN_FLAGS, ARGS, NO_OBJ ), + T01("params", K_PARAMS, ARGS, NO_OBJ ), T( "fingerprint", K_FINGERPRINT, CONCAT_ARGS, NO_OBJ ), CERTIFICATE_MEMBERS @@ -420,6 +422,7 @@ static token_rule_t networkstatus_consensus_token_table[] = { T01("client-versions", K_CLIENT_VERSIONS, CONCAT_ARGS, NO_OBJ ), T01("server-versions", K_SERVER_VERSIONS, CONCAT_ARGS, NO_OBJ ), T01("consensus-method", K_CONSENSUS_METHOD, EQ(1), NO_OBJ), + T01("params", K_PARAMS, ARGS, NO_OBJ ), END_OF_TABLE }; @@ -2310,6 +2313,34 @@ networkstatus_parse_vote_from_string(const char *s, const char **eos_out, goto err; } + tok = find_opt_by_keyword(tokens, K_PARAMS); + if (tok) { + inorder = 1; + ns->net_params = smartlist_create(); + for (i = 0; i < tok->n_args; ++i) { + int ok=0; + char *eq = strchr(tok->args[i], '='); + if (!eq) { + log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i])); + goto err; + } + tor_parse_long(eq+1, 10, INT32_MIN, INT32_MAX, &ok, NULL); + if (!ok) { + log_warn(LD_DIR, "Bad element '%s' in params", escaped(tok->args[i])); + goto err; + } + if (i > 0 && strcmp(tok->args[i-1], tok->args[i]) >= 0) { + log_warn(LD_DIR, "%s >= %s", tok->args[i-1], tok->args[i]); + inorder = 0; + } + smartlist_add(ns->net_params, tor_strdup(tok->args[i])); + } + if (!inorder) { + log_warn(LD_DIR, "params not in order"); + goto err; + } + } + ns->voters = smartlist_create(); SMARTLIST_FOREACH_BEGIN(tokens, directory_token_t *, _tok) { From 23943364263b8cb38e81a63715f872691269d5ed Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 14 Oct 2009 17:07:32 -0400 Subject: [PATCH 34/37] read the "circwindow" parameter from the consensus backport of c43859c5c12361fad505 backport of 0d13e0ed145f4c1b5bd1 --- ChangeLog | 5 +++++ src/or/circuitbuild.c | 2 +- src/or/circuitlist.c | 15 ++++++++++++++- src/or/networkstatus.c | 8 ++++++-- src/or/or.h | 5 +++-- src/or/rendclient.c | 2 +- src/or/rendservice.c | 2 +- 7 files changed, 31 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1f33eb741f..731a483880 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,11 @@ Changes in version 0.2.1.20 - 2009-??-?? contains more than one signature from the same voter. Bugfix on 0.2.0.3-alpha. + o Major features: + - Tor now reads the "circwindow" parameter out of the consensus, + and uses that value for its circuit package window rather than the + default of 1000 cells. Begins the implementation of proposal 168. + o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory authority. diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 983eb6dac1..4b5ba62fa2 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1829,7 +1829,7 @@ onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice) hop->extend_info = extend_info_dup(choice); - hop->package_window = CIRCWINDOW_START; + hop->package_window = circuit_initial_package_window(); hop->deliver_window = CIRCWINDOW_START; return 0; diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c index 252eaf9f8e..5918bdd7ae 100644 --- a/src/or/circuitlist.c +++ b/src/or/circuitlist.c @@ -361,6 +361,19 @@ circuit_purpose_to_controller_string(uint8_t purpose) } } +/** Pick a reasonable package_window to start out for our circuits. + * Originally this was hard-coded at 1000, but now the consensus votes + * on the answer. See proposal 168. */ +int32_t +circuit_initial_package_window(void) +{ + int32_t num = networkstatus_get_param(NULL, "circwindow", CIRCWINDOW_START); + /* If the consensus tells us a negative number, we'd assert. */ + if (num < 0) + num = CIRCWINDOW_START; + return num; +} + /** Initialize the common elements in a circuit_t, and add it to the global * list. */ static void @@ -368,7 +381,7 @@ init_circuit_base(circuit_t *circ) { circ->timestamp_created = time(NULL); - circ->package_window = CIRCWINDOW_START; + circ->package_window = circuit_initial_package_window(); circ->deliver_window = CIRCWINDOW_START; circuit_add(circ); diff --git a/src/or/networkstatus.c b/src/or/networkstatus.c index 05da73b5cb..f4a0761f7b 100644 --- a/src/or/networkstatus.c +++ b/src/or/networkstatus.c @@ -1889,14 +1889,18 @@ networkstatus_dump_bridge_status_to_file(time_t now) } /** Return the value of a integer parameter from the networkstatus ns - * whose name is param_name. Return default_val if ns is NULL, - * or if it has no parameter called param_name. */ + * whose name is param_name. If ns is NULL, try loading the + * latest consensus ourselves. Return default_val if no latest + * consensus, or if it has no parameter called param_name. */ int32_t networkstatus_get_param(networkstatus_t *ns, const char *param_name, int32_t default_val) { size_t name_len; + if (!ns) /* if they pass in null, go find it ourselves */ + ns = networkstatus_get_latest_consensus(); + if (!ns || !ns->net_params) return default_val; diff --git a/src/or/or.h b/src/or/or.h index 0c0d8e869e..ae65127e36 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -1853,9 +1853,9 @@ typedef struct crypt_path_t { struct crypt_path_t *prev; /**< Link to previous crypt_path_t in the * circuit. */ - int package_window; /**< How many bytes are we allowed to originate ending + int package_window; /**< How many cells are we allowed to originate ending * at this step? */ - int deliver_window; /**< How many bytes are we willing to deliver originating + int deliver_window; /**< How many cells are we willing to deliver originating * at this step? */ } crypt_path_t; @@ -2789,6 +2789,7 @@ void circuit_set_n_circid_orconn(circuit_t *circ, circid_t id, or_connection_t *conn); void circuit_set_state(circuit_t *circ, uint8_t state); void circuit_close_all_marked(void); +int32_t circuit_initial_package_window(void); origin_circuit_t *origin_circuit_new(void); or_circuit_t *or_circuit_new(circid_t p_circ_id, or_connection_t *p_conn); circuit_t *circuit_get_by_circid_orconn(circid_t circ_id, diff --git a/src/or/rendclient.c b/src/or/rendclient.c index 13e43c87b7..47a8818a50 100644 --- a/src/or/rendclient.c +++ b/src/or/rendclient.c @@ -703,7 +703,7 @@ rend_client_receive_rendezvous(origin_circuit_t *circ, const char *request, /* set the windows to default. these are the windows * that alice thinks bob has. */ - hop->package_window = CIRCWINDOW_START; + hop->package_window = circuit_initial_package_window(); hop->deliver_window = CIRCWINDOW_START; onion_append_to_cpath(&circ->cpath, hop); diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 3144ef2f04..d2868b738d 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -1556,7 +1556,7 @@ rend_service_rendezvous_has_opened(origin_circuit_t *circuit) /* set the windows to default. these are the windows * that bob thinks alice has. */ - hop->package_window = CIRCWINDOW_START; + hop->package_window = circuit_initial_package_window(); hop->deliver_window = CIRCWINDOW_START; onion_append_to_cpath(&circuit->cpath, hop); From 2bee297d57c9a345e791f54f0b6f373b53f74bef Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Wed, 14 Oct 2009 19:36:08 -0400 Subject: [PATCH 35/37] Move moria1 and Tonga to alternate IP addresses. --- ChangeLog | 1 + src/or/config.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 731a483880..96ffff9b1e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,7 @@ Changes in version 0.2.1.20 - 2009-??-?? o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory authority. + - Move moria1 and Tonga to alternate IP addresses. o Minor bugfixes: - Fix a signed/unsigned compile warning in 0.2.1.19. diff --git a/src/or/config.c b/src/or/config.c index 8fd70bec9f..4e2a1765dc 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -904,14 +904,14 @@ add_default_trusted_dir_authorities(authority_type_t type) int i; const char *dirservers[] = { "moria1 v1 orport=9001 v3ident=E2A2AF570166665D738736D0DD58169CC61D8A8B " - "128.31.0.34:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441", + "128.31.0.39:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441", "moria2 v1 orport=9002 128.31.0.34:9032 " "719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF", "tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 " "86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D", "dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 " "194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755", - "Tonga orport=443 bridge no-v2 82.94.251.206:80 " + "Tonga orport=443 bridge no-v2 82.94.251.203:80 " "4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D", "ides orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 " "216.224.124.114:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B", From 16dc543851bb82c481d4319d557ffea5bef6cc50 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Thu, 15 Oct 2009 12:00:35 -0400 Subject: [PATCH 36/37] bump to 0.2.1.20 --- ChangeLog | 10 +++++----- configure.in | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 96ffff9b1e..e8ec768408 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -Changes in version 0.2.1.20 - 2009-??-?? +Changes in version 0.2.1.20 - 2009-10-15 o Major bugfixes: - Send circuit or stream sendme cells when our window has decreased by 100 cells, not when it has decreased by 101 cells. Bug uncovered @@ -9,6 +9,9 @@ Changes in version 0.2.1.20 - 2009-??-?? - Fix a remotely triggerable memory leak when a consensus document contains more than one signature from the same voter. Bugfix on 0.2.0.3-alpha. + - Avoid segfault in rare cases when finishing an introduction circuit + as a client and finding out that we don't have an introduction key + for it. Fixes bug 1073. Reported by Aaron Swartz. o Major features: - Tor now reads the "circwindow" parameter out of the consensus, @@ -18,7 +21,7 @@ Changes in version 0.2.1.20 - 2009-??-?? o New directory authorities: - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory authority. - - Move moria1 and Tonga to alternate IP addresses. + - Move moria1 and tonga to alternate IP addresses. o Minor bugfixes: - Fix a signed/unsigned compile warning in 0.2.1.19. @@ -46,9 +49,6 @@ Changes in version 0.2.1.20 - 2009-??-?? excluded in ExcludeExitNodes, but the circuit is not used to access the outside world. This should help fix bug 1090. Bugfix on 0.2.1.6-alpha. - - Avoid segfault in rare cases when finishing an introduction circuit - as a client and finding out that we don't have an introduction key - for it. Fixes bug 1073. Reported by Aaron Swartz. - Work around a small memory leak in some versions of OpenSSL that stopped the memory used by the hostname TLS extension from being freed. diff --git a/configure.in b/configure.in index 5b30198f22..ce3b0a3be5 100644 --- a/configure.in +++ b/configure.in @@ -5,7 +5,7 @@ dnl Copyright (c) 2007-2008, The Tor Project, Inc. dnl See LICENSE for licensing information AC_INIT -AM_INIT_AUTOMAKE(tor, 0.2.1.19) +AM_INIT_AUTOMAKE(tor, 0.2.1.20) AM_CONFIG_HEADER(orconfig.h) AC_CANONICAL_HOST diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index eccf41984a..7644d24449 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -9,7 +9,7 @@ !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.1.19" +!define VERSION "0.2.1.20" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 03e615850f..dc049bfdc7 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -226,6 +226,6 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.1.19" +#define VERSION "0.2.1.20" From 751e9b2bb64f5c4f5af6e3c9105c85deae17943e Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Fri, 13 Nov 2009 19:57:10 +0100 Subject: [PATCH 37/37] New upstream version --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 00eae0f0ac..90afa018bb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +tor (0.2.1.20-1) unstable; urgency=low + + * New upstream version. + + -- Peter Palfrader Fri, 13 Nov 2009 19:02:47 +0100 + tor (0.2.1.19-1) unstable; urgency=low * New upstream version.