mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-14 07:03:44 +01:00
Merge branch 'small_typo_fixes'
This commit is contained in:
commit
c134bb5a8d
@ -546,7 +546,8 @@ const char *tor_socket_strerror(int e);
|
|||||||
#endif
|
#endif
|
||||||
#define ERRNO_IS_EINPROGRESS(e) ((e) == EINPROGRESS)
|
#define ERRNO_IS_EINPROGRESS(e) ((e) == EINPROGRESS)
|
||||||
#define ERRNO_IS_CONN_EINPROGRESS(e) ((e) == EINPROGRESS)
|
#define ERRNO_IS_CONN_EINPROGRESS(e) ((e) == EINPROGRESS)
|
||||||
#define ERRNO_IS_ACCEPT_EAGAIN(e) (ERRNO_IS_EAGAIN(e) || (e) == ECONNABORTED)
|
#define ERRNO_IS_ACCEPT_EAGAIN(e) \
|
||||||
|
(ERRNO_IS_EAGAIN(e) || (e) == ECONNABORTED)
|
||||||
#define ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e) \
|
#define ERRNO_IS_ACCEPT_RESOURCE_LIMIT(e) \
|
||||||
((e) == EMFILE || (e) == ENFILE || (e) == ENOBUFS || (e) == ENOMEM)
|
((e) == EMFILE || (e) == ENFILE || (e) == ENOBUFS || (e) == ENOMEM)
|
||||||
#define ERRNO_IS_EADDRINUSE(e) ((e) == EADDRINUSE)
|
#define ERRNO_IS_EADDRINUSE(e) ((e) == EADDRINUSE)
|
||||||
|
@ -208,3 +208,4 @@ curve25519_public_from_base64(curve25519_public_key_t *pkey,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1437,7 +1437,7 @@ pathbias_count_build_success(origin_circuit_t *circ)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Don't count cannibalized/reused circs for path bias
|
/* Don't count cannibalized/reused circs for path bias
|
||||||
* build success.. They get counted under use success */
|
* "build" success, since they get counted under "use" success. */
|
||||||
if (!circ->has_opened) {
|
if (!circ->has_opened) {
|
||||||
if (circ->cpath && circ->cpath->extend_info) {
|
if (circ->cpath && circ->cpath->extend_info) {
|
||||||
guard = entry_guard_get_by_id_digest(
|
guard = entry_guard_get_by_id_digest(
|
||||||
@ -1515,7 +1515,7 @@ pathbias_count_build_success(origin_circuit_t *circ)
|
|||||||
* are not possible to differentiate from unresponsive servers.
|
* are not possible to differentiate from unresponsive servers.
|
||||||
*
|
*
|
||||||
* The probe is sent at the end of the circuit lifetime for two
|
* The probe is sent at the end of the circuit lifetime for two
|
||||||
* reasons: to prevent cyptographic taggers from being able to
|
* reasons: to prevent cryptographic taggers from being able to
|
||||||
* drop cells to cause timeouts, and to prevent easy recognition
|
* drop cells to cause timeouts, and to prevent easy recognition
|
||||||
* of probes before any real client traffic happens.
|
* of probes before any real client traffic happens.
|
||||||
*
|
*
|
||||||
@ -1556,7 +1556,7 @@ pathbias_send_usable_probe(circuit_t *circ)
|
|||||||
|
|
||||||
circuit_change_purpose(circ, CIRCUIT_PURPOSE_PATH_BIAS_TESTING);
|
circuit_change_purpose(circ, CIRCUIT_PURPOSE_PATH_BIAS_TESTING);
|
||||||
|
|
||||||
/* Update timestamp for circuit_expire_building to kill us */
|
/* Update timestamp for when circuit_expire_building() should kill us */
|
||||||
tor_gettimeofday(&circ->timestamp_began);
|
tor_gettimeofday(&circ->timestamp_began);
|
||||||
|
|
||||||
/* Generate a random address for the nonce */
|
/* Generate a random address for the nonce */
|
||||||
@ -1710,7 +1710,7 @@ pathbias_check_close(origin_circuit_t *ocirc, int reason)
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
if (reason & END_CIRC_REASON_FLAG_REMOTE) {
|
if (reason & END_CIRC_REASON_FLAG_REMOTE) {
|
||||||
/* Unused remote circ close reasons all could be bias */
|
/* Remote circ close reasons on an unused circuit all could be bias */
|
||||||
log_info(LD_CIRC,
|
log_info(LD_CIRC,
|
||||||
"Circuit %d remote-closed without successful use for reason %d. "
|
"Circuit %d remote-closed without successful use for reason %d. "
|
||||||
"Circuit purpose %d currently %d,%s. Len %d.",
|
"Circuit purpose %d currently %d,%s. Len %d.",
|
||||||
@ -1836,6 +1836,8 @@ pathbias_count_unusable(origin_circuit_t *circ)
|
|||||||
/* In rare cases, CIRCUIT_PURPOSE_TESTING can get converted to
|
/* In rare cases, CIRCUIT_PURPOSE_TESTING can get converted to
|
||||||
* CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT and have no guards here.
|
* CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT and have no guards here.
|
||||||
* No need to log that case. */
|
* No need to log that case. */
|
||||||
|
/* XXX note cut-and-paste code in this function compared to nearby
|
||||||
|
* functions. Would be nice to refactor. -RD */
|
||||||
log_info(LD_CIRC,
|
log_info(LD_CIRC,
|
||||||
"Stream-failing circuit has no known guard. "
|
"Stream-failing circuit has no known guard. "
|
||||||
"Circuit is a %s currently %s",
|
"Circuit is a %s currently %s",
|
||||||
@ -1886,11 +1888,11 @@ pathbias_count_timeout(origin_circuit_t *circ)
|
|||||||
double
|
double
|
||||||
pathbias_get_closed_count(entry_guard_t *guard)
|
pathbias_get_closed_count(entry_guard_t *guard)
|
||||||
{
|
{
|
||||||
circuit_t *circ = global_circuitlist;
|
circuit_t *circ;
|
||||||
int open_circuits = 0;
|
int open_circuits = 0;
|
||||||
|
|
||||||
/* Count currently open circuits. Give them the benefit of the doubt */
|
/* Count currently open circuits. Give them the benefit of the doubt. */
|
||||||
for ( ; circ; circ = circ->next) {
|
for (circ = global_circuitlist; circ; circ = circ->next) {
|
||||||
origin_circuit_t *ocirc = NULL;
|
origin_circuit_t *ocirc = NULL;
|
||||||
if (!CIRCUIT_IS_ORIGIN(circ) || /* didn't originate here */
|
if (!CIRCUIT_IS_ORIGIN(circ) || /* didn't originate here */
|
||||||
circ->marked_for_close) /* already counted */
|
circ->marked_for_close) /* already counted */
|
||||||
@ -1928,9 +1930,10 @@ pathbias_get_success_count(entry_guard_t *guard)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/** Increment the number of times we successfully extended a circuit to
|
/** Increment the number of times we successfully extended a circuit to
|
||||||
* 'guard', first checking if the failure rate is high enough that we should
|
* <b>guard</b>, first checking if the failure rate is high enough that
|
||||||
* eliminate the guard. Return -1 if the guard looks no good; return 0 if the
|
* we should eliminate the guard. Return -1 if the guard looks no good;
|
||||||
* guard looks fine. */
|
* return 0 if the guard looks fine.
|
||||||
|
*/
|
||||||
static int
|
static int
|
||||||
entry_guard_inc_circ_attempt_count(entry_guard_t *guard)
|
entry_guard_inc_circ_attempt_count(entry_guard_t *guard)
|
||||||
{
|
{
|
||||||
@ -1949,7 +1952,7 @@ entry_guard_inc_circ_attempt_count(entry_guard_t *guard)
|
|||||||
if (!guard->path_bias_disabled) {
|
if (!guard->path_bias_disabled) {
|
||||||
log_warn(LD_CIRC,
|
log_warn(LD_CIRC,
|
||||||
"Your Guard %s=%s is failing an extremely large amount of "
|
"Your Guard %s=%s is failing an extremely large amount of "
|
||||||
"circuits. To avoid potential route manipluation attacks, "
|
"circuits. To avoid potential route manipulation attacks, "
|
||||||
"Tor has disabled use of this guard. "
|
"Tor has disabled use of this guard. "
|
||||||
"Success counts are %ld/%ld. %ld circuits completed, %ld "
|
"Success counts are %ld/%ld. %ld circuits completed, %ld "
|
||||||
"were unusable, %ld collapsed, and %ld timed out. For "
|
"were unusable, %ld collapsed, and %ld timed out. For "
|
||||||
@ -1992,7 +1995,7 @@ entry_guard_inc_circ_attempt_count(entry_guard_t *guard)
|
|||||||
"Your Guard %s=%s is failing a very large amount of "
|
"Your Guard %s=%s is failing a very large amount of "
|
||||||
"circuits. Most likely this means the Tor network is "
|
"circuits. Most likely this means the Tor network is "
|
||||||
"overloaded, but it could also mean an attack against "
|
"overloaded, but it could also mean an attack against "
|
||||||
"you or the potentially the guard itself. "
|
"you or potentially the guard itself. "
|
||||||
"Success counts are %ld/%ld. %ld circuits completed, %ld "
|
"Success counts are %ld/%ld. %ld circuits completed, %ld "
|
||||||
"were unusable, %ld collapsed, and %ld timed out. For "
|
"were unusable, %ld collapsed, and %ld timed out. For "
|
||||||
"reference, your timeout cutoff is %ld seconds.",
|
"reference, your timeout cutoff is %ld seconds.",
|
||||||
@ -2058,10 +2061,9 @@ entry_guard_inc_circ_attempt_count(entry_guard_t *guard)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** A created or extended cell came back to us on the circuit, and it included
|
/** A "created" cell <b>reply</b> came back to us on circuit <b>circ</b>.
|
||||||
* reply_cell as its body. (If <b>reply_type</b> is CELL_CREATED, the body
|
* (The body of <b>reply</b> varies depending on what sort of handshake
|
||||||
* contains (the second DH key, plus KH). If <b>reply_type</b> is
|
* this is.)
|
||||||
* CELL_CREATED_FAST, the body contains a secret y and a hash H(x|y).)
|
|
||||||
*
|
*
|
||||||
* Calculate the appropriate keys and digests, make sure KH is
|
* Calculate the appropriate keys and digests, make sure KH is
|
||||||
* correct, and initialize this hop of the cpath.
|
* correct, and initialize this hop of the cpath.
|
||||||
@ -2117,9 +2119,9 @@ circuit_finish_handshake(origin_circuit_t *circ,
|
|||||||
|
|
||||||
/** We received a relay truncated cell on circ.
|
/** We received a relay truncated cell on circ.
|
||||||
*
|
*
|
||||||
* Since we don't ask for truncates currently, getting a truncated
|
* Since we don't send truncates currently, getting a truncated
|
||||||
* means that a connection broke or an extend failed. For now,
|
* means that a connection broke or an extend failed. For now,
|
||||||
* just give up: for circ to close, and return 0.
|
* just give up: force circ to close, and return 0.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
circuit_truncated(origin_circuit_t *circ, crypt_path_t *layer, int reason)
|
circuit_truncated(origin_circuit_t *circ, crypt_path_t *layer, int reason)
|
||||||
@ -2130,7 +2132,7 @@ circuit_truncated(origin_circuit_t *circ, crypt_path_t *layer, int reason)
|
|||||||
tor_assert(circ);
|
tor_assert(circ);
|
||||||
tor_assert(layer);
|
tor_assert(layer);
|
||||||
|
|
||||||
/* XXX Since we don't ask for truncates currently, getting a truncated
|
/* XXX Since we don't send truncates currently, getting a truncated
|
||||||
* means that a connection broke or an extend failed. For now,
|
* means that a connection broke or an extend failed. For now,
|
||||||
* just give up.
|
* just give up.
|
||||||
*/
|
*/
|
||||||
@ -2223,15 +2225,18 @@ onionskin_answer(or_circuit_t *circ,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Choose a length for a circuit of purpose <b>purpose</b>.
|
/** Choose a length for a circuit of purpose <b>purpose</b>: three + the
|
||||||
* Default length is 3 + the number of endpoints that would give something
|
* number of endpoints that would give something away about our destination.
|
||||||
* away. If the routerlist <b>routers</b> doesn't have enough routers
|
*
|
||||||
|
* If the routerlist <b>nodes</b> doesn't have enough routers
|
||||||
* to handle the desired path length, return as large a path length as
|
* to handle the desired path length, return as large a path length as
|
||||||
* is feasible, except if it's less than 2, in which case return -1.
|
* is feasible, except if it's less than 2, in which case return -1.
|
||||||
|
* XXX ^^ I think this behavior is a hold-over from back when we had only a
|
||||||
|
* few relays in the network, and certainly back before guards existed.
|
||||||
|
* We should very likely get rid of it. -RD
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
new_route_len(uint8_t purpose, extend_info_t *exit,
|
new_route_len(uint8_t purpose, extend_info_t *exit, smartlist_t *nodes)
|
||||||
smartlist_t *nodes)
|
|
||||||
{
|
{
|
||||||
int num_acceptable_routers;
|
int num_acceptable_routers;
|
||||||
int routelen;
|
int routelen;
|
||||||
|
@ -452,15 +452,15 @@ circuit_expire_building(void)
|
|||||||
SET_CUTOFF(stream_cutoff, MAX(options->CircuitStreamTimeout,15)*1000 + 1000);
|
SET_CUTOFF(stream_cutoff, MAX(options->CircuitStreamTimeout,15)*1000 + 1000);
|
||||||
|
|
||||||
/* Be lenient with cannibalized circs. They already survived the official
|
/* Be lenient with cannibalized circs. They already survived the official
|
||||||
* CBT, and they're usually not perf-critical. */
|
* CBT, and they're usually not performance-critical. */
|
||||||
SET_CUTOFF(cannibalized_cutoff,
|
SET_CUTOFF(cannibalized_cutoff,
|
||||||
MAX(circ_times.close_ms*(4/6.0),
|
MAX(circ_times.close_ms*(4/6.0),
|
||||||
options->CircuitStreamTimeout * 1000) + 1000);
|
options->CircuitStreamTimeout * 1000) + 1000);
|
||||||
|
|
||||||
// Intro circs have an extra round trip (and are also 4 hops long)
|
/* Intro circs have an extra round trip (and are also 4 hops long) */
|
||||||
SET_CUTOFF(c_intro_cutoff, circ_times.timeout_ms * (14/6.0) + 1000);
|
SET_CUTOFF(c_intro_cutoff, circ_times.timeout_ms * (14/6.0) + 1000);
|
||||||
|
|
||||||
// Server intro circs have an extra round trip
|
/* Server intro circs have an extra round trip */
|
||||||
SET_CUTOFF(s_intro_cutoff, circ_times.timeout_ms * (9/6.0) + 1000);
|
SET_CUTOFF(s_intro_cutoff, circ_times.timeout_ms * (9/6.0) + 1000);
|
||||||
|
|
||||||
SET_CUTOFF(close_cutoff, circ_times.close_ms);
|
SET_CUTOFF(close_cutoff, circ_times.close_ms);
|
||||||
|
@ -374,7 +374,7 @@ onion_skin_server_handshake(int type,
|
|||||||
|
|
||||||
/** Perform the final (client-side) step of a circuit-creation handshake of
|
/** Perform the final (client-side) step of a circuit-creation handshake of
|
||||||
* type <b>type</b>, using our state in <b>handshake_state</b> and the
|
* type <b>type</b>, using our state in <b>handshake_state</b> and the
|
||||||
* server's response in <b>reply</b> On success, generate <b>keys_out_len</b>
|
* server's response in <b>reply</b>. On success, generate <b>keys_out_len</b>
|
||||||
* bytes worth of key material in <b>keys_out_len</b>, set
|
* bytes worth of key material in <b>keys_out_len</b>, set
|
||||||
* <b>rend_authenticator_out</b> to the "KH" field that can be used to
|
* <b>rend_authenticator_out</b> to the "KH" field that can be used to
|
||||||
* establish introduction points at this hop, and return 0. On failure,
|
* establish introduction points at this hop, and return 0. On failure,
|
||||||
|
Loading…
Reference in New Issue
Block a user