Commit Graph

8873 Commits

Author SHA1 Message Date
Robert Ransom
6cac100b13 Unbreak the build on libevent 1.x systems 2011-05-22 22:54:02 -07:00
Nick Mathewson
b80a8bba19 Merge branch 'feature3049-v2' into maint-0.2.2
Conflicts:
	src/common/Makefile.am
2011-05-23 01:19:04 -04:00
Nick Mathewson
1e69c60dcc The first argument for a libevent callback should be evutil_socket_t 2011-05-23 01:12:00 -04:00
Nick Mathewson
93b699e1ea Appease make check-spaces wrt procmon.h 2011-05-23 01:10:49 -04:00
Nick Mathewson
cfeafe5e77 Use a 64-bit type to hold sockets on win64.
On win64, sockets are of type UINT_PTR; on win32 they're u_int;
elsewhere they're int.  The correct windows way to check a socket for
being set is to compare it with INVALID_SOCKET; elsewhere you see if
it is negative.

On Libevent 2, all callbacks take sockets as evutil_socket_t; we've
been passing them int.

This patch should fix compilation and correctness when built for
64-bit windows.  Fixes bug 3270.
2011-05-23 00:17:48 -04:00
Roger Dingledine
1ba1bdee4b naked constants are ugly 2011-05-21 18:55:23 -04:00
Roger Dingledine
6b54edef4f finish a comment nickm started in 8ebceeb3 2011-05-21 18:34:55 -04:00
Roger Dingledine
0e8949a8fa remove some (confusing) dead code 2011-05-21 16:12:37 -04:00
Roger Dingledine
0235fe34d2 Merge branch 'bug1810' into maint-0.2.2 2011-05-21 16:09:55 -04:00
Sebastian Hahn
3ff7925a70 Don't recreate descriptor on sighup
We used to regenerate our descriptor whenever we'd get a sighup. This
was caused by a bug in options_transition_affects_workers() that would
return true even if the options were exactly the same. Down the call
path we'd call init_keys(), which made us make a new descriptor which
the authorities would reject, and the node would subsequently fall out
of the consensus.

This patch fixes only the first part of this bug:
options_transition_affects_workers() behaves correctly now. The second
part still wants a fix.
2011-05-21 16:08:21 -04:00
Roger Dingledine
a2851d3034 what's up with this trailing whitespace 2011-05-20 23:30:37 -04:00
Robert Ransom
7b34e3a965 Split out owning-controller-loss shutdown code into a function 2011-05-20 08:25:43 -07:00
Robert Ransom
bb860cedb2 Implement TAKEOWNERSHIP command 2011-05-20 08:25:43 -07:00
Robert Ransom
338a026610 Split control connection cleanup out of connection_free 2011-05-20 08:25:42 -07:00
Robert Ransom
86aeb152ca Fix comment typo 2011-05-20 08:25:42 -07:00
Robert Ransom
36afdebe1a Add an XXX 2011-05-20 08:25:42 -07:00
Robert Ransom
90f810801e Fix trailing asterisk in the output of "GETINFO info/names" 2011-05-20 08:25:42 -07:00
Robert Ransom
b3133d1cad Exit immediately if we can't monitor our owning controller process
tor_process_monitor_new can't currently return NULL, but if it ever can,
we want that to be an explicitly fatal error, without relying on the fact
that monitor_owning_controller_process's chain of caller will exit if it
fails.
2011-05-20 08:25:42 -07:00
Robert Ransom
0caa37db4d Fix some comments 2011-05-20 08:25:42 -07:00
Robert Ransom
4b266c6e72 Implement __OwningControllerProcess option
Implements part of feature 3049.
2011-05-20 08:25:42 -07:00
Roger Dingledine
b8ffb00cf1 log the reason for publishing a new relay descriptor
now we have a better chance of hunting down the root cause of bug 1810.
2011-05-19 23:59:52 -04:00
Sebastian Hahn
c13fb7feb1 Fix a compile warning on OSX 10.6 2011-05-20 05:53:55 +02:00
Roger Dingledine
073fed06c4 discard circuits when we change our bridge configuration
otherwise we might reuse circuits from the previous configuration,
which could be bad depending on the user's situation
2011-05-17 21:13:59 -04:00
Roger Dingledine
07c5026efa refetch bridge descriptors in a timely fashion
When we configure a new bridge via the controller, don't wait up to ten
seconds before trying to fetch its descriptor. This wasn't so bad when
you listed your bridges in torrc, but it's dreadful if you configure
your bridges via vidalia.
2011-05-17 20:48:46 -04:00
Nick Mathewson
bc89ef0ca8 Merge branch 'bug2752' into maint-0.2.2 2011-05-17 19:51:53 -04:00
Nick Mathewson
21ed575826 Handle NULL argument to get_configured_bridge_by_addr_port_digest
Fixes bug 2313; bugfix on 0.2.2.26-beta.
2011-05-17 19:46:47 -04:00
Nick Mathewson
2e07925a52 Oops; that function got renamed. 2011-05-17 19:45:05 -04:00
Robert Ransom
480a75cbbd Check onion keys in microdescriptors, too 2011-05-17 19:39:00 -04:00
Michael Yakubovich
a3707a1052 Fix bug2752 : 48-char HTTPProxyAuthenticator limitation
Bumped the char maximum to 512 for HTTPProxyAuthenticator &
HTTPSProxyAuthenticator. Now stripping all '\n' after base64
encoding in alloc_http_authenticator.
2011-05-16 16:09:35 -04:00
Nick Mathewson
e908e3a332 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Fixed trivial conflict due to headers moving into their own .h files
from or.h.

Conflicts:
	src/or/or.h
2011-05-16 14:49:55 -04:00
Nick Mathewson
4a22046c86 squash! Add crypto_pk_check_key_public_exponent function
Rename crypto_pk_check_key_public_exponent to crypto_pk_public_exponent_ok:
it's nice to name predicates s.t. you can tell how to interpret true
and false.
2011-05-16 14:45:06 -04:00
Robert Ransom
987190c2bc Require that certain public keys have public exponent 65537 2011-05-16 14:28:46 -04:00
Robert Ransom
d2629f78a0 Add crypto_pk_check_key_public_exponent function 2011-05-16 14:07:34 -04:00
Robert Ransom
7571e9f1cb Check fetched rendezvous descriptors' service IDs 2011-05-16 14:07:24 -04:00
Nick Mathewson
919bf6ff3c Merge remote-tracking branch 'public/bug2850' into maint-0.2.2
Fixed a trivial conflict where this and the ControlSocketGroupWritable
code both added different functions to the same part of connection.c.

Conflicts:
	src/or/connection.c
2011-05-16 11:10:17 -04:00
Nick Mathewson
83fe07d3f2 Increase the length of the buffer in smartlist_string_num_isin().
This was harmless, since we only used this for checking for lists of
port values, but it's the principle of the thing.

Fixes 3175; bugfix on 0.1.0.1-rc
2011-05-15 22:13:53 -04:00
Nick Mathewson
b95dd03e5f Log descriptions of nodes, not just nicknames.
This patch introduces a few new functions in router.c to produce a
more helpful description of a node than its nickame, and then tweaks
nearly all log messages taking a nickname as an argument to call these
functions instead.

There are a few cases where I left the old log messages alone: in
these cases, the nickname was that of an authority (whose nicknames
are useful and unique), or the message already included an identity
and/or an address.  I might have missed a couple more too.

This is a fix for bug 3045.
2011-05-15 21:58:46 -04:00
Nick Mathewson
f72e792be5 Make check_private_dir check for group ownership as appropriate 2011-05-15 20:20:30 -04:00
Nick Mathewson
287f6cb128 Fix up some comment issues spotted by rransom 2011-05-15 20:20:30 -04:00
Nick Mathewson
4b800408fa Check permissions on the directory holding a control socket 2011-05-15 20:20:29 -04:00
Nick Mathewson
5d147d8527 Add a new flag to check_private_dir to make it _not_ change permissions
We'll need this for checking permissions on the directories that hold
control sockets: if somebody says "ControlSocket ~/foo", it would be
pretty rude to do a chmod 700 on their homedir.
2011-05-15 20:20:29 -04:00
Nick Mathewson
3b6cbf2534 Add a function to pull off the final component of a path 2011-05-15 20:20:29 -04:00
Nick Mathewson
b147c01295 Make check_private_dir accept g+rx dirs if told to do so. 2011-05-15 20:20:29 -04:00
Sebastian Hahn
4198261291 Clean up the 2972 implementation a little 2011-05-15 20:20:28 -04:00
Jérémy Bobbio
d41ac64ad6 Add UnixSocketsGroupWritable config flag
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel.  But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.

This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.

See <http://bugs.debian.org/552556> for more details.
2011-05-15 20:20:28 -04:00
Nick Mathewson
2b9c5ee301 Preserve bridge download status across SETCONF, HUP
This code changes it so that we don't remove bridges immediately when
we start re-parsing our configuration.  Instead, we mark them all, and
remove all the marked ones after re-parsing our bridge lines.  As we
add a bridge, we see if it's already in the list.  If so, we just
unmark it.

This new behavior will lose the property we used to have that bridges
were in bridge_list in the same order in which they appeared in the
torrc.  I took a quick look through the code, and I'm pretty sure we
didn't actually depend on that anywhere.

This is for bug 3019; it's a fix on 0.2.0.3-alpha.
2011-05-15 20:13:44 -04:00
Nick Mathewson
bc44393eb5 Fixup whitespace issues from 3122 commit 2011-05-15 20:12:01 -04:00
Nick Mathewson
4c3853aca8 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/networkstatus.c
2011-05-15 20:09:10 -04:00
Nick Mathewson
00ff80e0ae Fixup whitespace issues from 3122 commit 2011-05-15 20:06:36 -04:00
Nick Mathewson
d29c2eb921 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-15 19:56:27 -04:00
Nick Mathewson
10d670674a Another doc tweak on tor_memcmp: <b>b</b>, not <b>. 2011-05-15 19:56:05 -04:00
Roger Dingledine
b48f83ab8c minor tweaks to 4b19730c82 2011-05-15 19:20:42 -04:00
Nick Mathewson
69ff26b05c Merge branch 'bug3026' into maint-0.2.2 2011-05-15 12:18:23 -04:00
Nick Mathewson
f287100934 Replace a nasty add-malloc-snprintf with a nice clean asprintf 2011-05-15 11:41:49 -04:00
Nick Mathewson
a5d40c2d0f Merge branch 'bug1345' into maint-0.2.2 2011-05-15 11:40:14 -04:00
Nick Mathewson
2bb6bdc3f9 Better doc for consider_recording_trackexithost 2011-05-15 11:37:33 -04:00
Nick Mathewson
228b77f64e Merge branch 'bug2732-simpler' into maint-0.2.2 2011-05-15 11:17:54 -04:00
Nick Mathewson
1b512fb914 Rip out more of hid_serv_acting_as_directory
rransom notes correctly that now that we aren't checking our HSDir
flag, we have no actual reason to check whether we are listed in the
consensus at all when determining if we should act like a hidden
service directory.
2011-05-15 11:17:44 -04:00
Nick Mathewson
da8297dbcb Handle transitions in Automap*, VirtualAddrNetwork correctly
Previously, if they changed in torrc during a SIGHUP, all was well,
since we would just clear all transient entries from the addrmap
thanks to bug 1345.  But if you changed them from the controller, Tor
would leave old mappings in place.

The VirtualAddrNetwork bug has been here since 0.1.1.19-rc; the
AutomapHosts* bug has been here since 0.2.0.1-alpha.
2011-05-13 16:59:31 -04:00
Nick Mathewson
a3ae591115 When TrackExitHosts changes, remove all no-longer-valid mappings
This bug couldn't happen when TrackExitHosts changed in torrc, since
the SIGHUP to reload the torrc would clear out all the transient
addressmap entries before.  But if you used SETCONF to change
TrackExitHosts, old entries would be left alone: that's a bug, and so
this is a bugfix on Tor 0.1.0.1-rc.
2011-05-13 16:28:50 -04:00
Nick Mathewson
ec81d17d0c Raise the TrackHostExits membership code into its own function 2011-05-13 16:22:10 -04:00
Nick Mathewson
09da83e1e8 Don't clear out transient addressmap entries on HUP
If you really want to purge the client DNS cache, the TrackHostExits
mappings, and the virtual address mappings, you should be using NEWNYM
instead.

Fixes bug 1345; bugfix on Tor 0.1.0.1-rc.

Note that this needs more work: now that we aren't nuking the
transient addressmap entries on HUP, we need to make sure that
configuration changes to VirtualAddressMap and TrackHostExits actually
have a reasonable effect.
2011-05-13 16:20:01 -04:00
Nick Mathewson
2253697a04 New smartlist function to see if two lists of strings are equal.
We'll use this to detect changes in CSV options.
2011-05-13 16:18:53 -04:00
Nick Mathewson
7f654a6a6f Add a ControlPortFileGroupWritable option 2011-05-13 10:41:29 -04:00
Nick Mathewson
dad12188a6 Write automatically-chosen control ports to a file. 2011-05-13 10:41:28 -04:00
Nick Mathewson
c55c8f0d49 new GETINFO command to return list of listeners of a given type 2011-05-13 10:41:19 -04:00
Nick Mathewson
28cc7b0180 Add a new "tor_sockaddr_to_str()" function
It does what it says on the tin.  It turns out I'll want this in a couple
of places.
2011-05-13 10:41:18 -04:00
Nick Mathewson
3da661b242 Advertise correct DirPort/ORPort when configured with "auto"
We'll eventually want to do more work here to make sure that the ports
are stable over multiple invocations.  Otherwise, turning your node on
and off will get you a new DirPort/ORPort needlessly.
2011-05-13 10:41:18 -04:00
Nick Mathewson
6f5998fd73 Correct the signature for is_listening_on_low_port for "auto" ports 2011-05-13 10:41:18 -04:00
Nick Mathewson
61c06cbc66 Teach retry_listener about "auto" ports.
Otherwise, it will just immediately close any port declared with "auto"
on the grounds that it wasn't configured.  Now, it will allow "auto" to
match any port.

This means FWIW if you configure a socks port with SocksPort 9999
and then transition to SocksPort auto, the original socksport will
not get closed and reopened.  I'm considering this a feature.
2011-05-13 10:41:18 -04:00
Nick Mathewson
5fec8fe559 "(Socks|Control|etc)Port auto" now tells Tor to open an arbitrary port
This is the major part of the implementation for trac issue 3076.
2011-05-13 10:41:18 -04:00
Nick Mathewson
e0d5a6e184 Downgrade the "we launched 10 circuits for this stream" message. (See bug 3080) 2011-05-12 19:41:08 -04:00
Nick Mathewson
59a6df8882 Merge remote-tracking branch 'public/bug3122_memcmp_022' into maint-0.2.2 2011-05-12 19:25:14 -04:00
Nick Mathewson
1f678277a1 Merge remote-tracking branch 'public/bug3122_memcmp_squashed' into maint-0.2.1 2011-05-12 19:20:40 -04:00
mikey99
42fcf059d2 Fixes ticket #2503
HTTPS error code 403 is now reported as:
"The https proxy refused to allow connection".
Used a switch statement for additional error codes to be explained
in the future.
2011-05-12 17:33:09 -04:00
Nick Mathewson
bdff7e3299 Unmap microdesc cache before replacing it.
If we do a replace-then-munmap, windows will never actually rewrite
the microdesc cache.

Found by wanoskarnet; bugfix on 0.2.2.6-alpha.
2011-05-12 11:19:52 -04:00
Robert Ransom
c714a098ea Improve a documentation comment 2011-05-12 02:57:09 -07:00
Robert Ransom
cb9df5e53c Fix comment typo 2011-05-12 00:27:19 -07:00
Nick Mathewson
7779c63e93 Accept hs descriptors even if we don't see an HSDir for us
The old behavior contributed to unreliability when hidden services and
hsdirs had different consensus versions, and so had different opinions
about who should be cacheing hsdir info.

Bugfix on 0.2.0.10-alpha; based on discussions surrounding bug 2732.
2011-05-12 00:53:07 -04:00
Nick Mathewson
6b83b3ba2a bug 3026: do not upload our vote to ourself 2011-05-12 00:47:00 -04:00
Nick Mathewson
b47f574c1e Merge branch 'bug1352' into maint-0.2.2 2011-05-12 00:14:10 -04:00
Nick Mathewson
8057b7363e Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-11 22:52:26 -04:00
Nick Mathewson
13847b8db6 Fix crash when read_file_to_string() fails in SAVECONF
The new behavior is to try to rename the old file if there is one there
that we can't read.  In all likelihood, that will fail too, but at least
we tried, and at least it won't crash.
2011-05-11 22:05:41 -04:00
Nick Mathewson
8fb38331c3 Hand-tune the new tor_memcmp instances in 0.2.2 2011-05-11 16:32:30 -04:00
Nick Mathewson
0cbcbc3412 Re-apply the automated conversion to 0.2.2 to make handle any memcmps that snuck in 2011-05-11 16:27:27 -04:00
Nick Mathewson
9964c314c6 fwd-port test_util_di_ops into tinytest format 2011-05-11 16:25:51 -04:00
Nick Mathewson
44ad734573 Merge remote-tracking branch 'public/3122_memcmp_squashed' into bug3122_memcmp_022
Conflicts throughout.  All resolved in favor of taking HEAD and
adding tor_mem* or fast_mem* ops as appropriate.

	src/common/Makefile.am
	src/or/circuitbuild.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/dirvote.c
	src/or/networkstatus.c
	src/or/rendclient.c
	src/or/rendservice.c
	src/or/router.c
	src/or/routerlist.c
	src/or/routerparse.c
	src/or/test.c
2011-05-11 16:24:29 -04:00
Nick Mathewson
59f9097d5c Hand-conversion and audit phase of memcmp transition
Here I looked at the results of the automated conversion and cleaned
them up as follows:

   If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
   changed it to a fast_memcmp or fast_memeq.

   Otherwise if there was a tor_memcmp that could turn into a
   tor_memneq or tor_memeq, I converted it.

This wants close attention.

[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
2011-05-11 16:12:51 -04:00
Nick Mathewson
db7b2a33ee Automated conversion of memcmp to tor_memcmp/tor_mem[n]eq
This commit is _exactly_ the result of

perl -i -pe 's/\bmemcmp\(/tor_memcmp\(/g' src/*/*.[ch]
perl -i -pe 's/\!\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*==\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*!=\s*tor_memcmp\(/tor_memneq\(/g' src/*/*.[ch]
git checkout src/common/di_ops.[ch]
git checkout src/or/test.c
git checkout src/common/test.h
2011-05-11 16:12:51 -04:00
Nick Mathewson
1d703ed22b Add a "di_ops.h" include to util.h 2011-05-11 16:12:51 -04:00
Nick Mathewson
4b19730c82 Add a data-independent variant of memcmp and a d-i memeq function.
The tor_memcmp code is by Robert Ransom, and the tor_memeq code is
by me.  Both incorporate some ideas from DJB's stuff.
2011-05-11 16:12:33 -04:00
Roger Dingledine
7206d784dc Merge branch 'maint-0.2.1' into maint-0.2.2 2011-05-10 23:05:51 -04:00
Roger Dingledine
e7b10e5ecf Update to the May 1 2011 Maxmind GeoLite Country database 2011-05-10 23:04:11 -04:00
Robert Ransom
b7452dcbcb Fix comment typo 2011-05-10 05:15:02 -07:00
Nick Mathewson
09d7af7789 Merge remote-tracking branch 'public/bug3022_v2' into maint-0.2.2 2011-05-09 13:37:56 -04:00
Sebastian Hahn
9da4e25183 Remove some dead code, found by clang 2011-05-09 13:19:46 -04:00
Sebastian Hahn
d7d25558fa Remove a duplicated line, found by clang 2011-05-09 13:19:46 -04:00
Sebastian Hahn
1c668540fe Fix potential null pointer deref during dirvote
Found by using clang's analyzer.
2011-05-09 13:19:46 -04:00
Sebastian Hahn
1827e60976 Fix a potential null deref when rebuilding md cache
Issue discovered using clang's static analyzer
2011-05-09 13:19:45 -04:00
Sebastian Hahn
8ebb3ce6e2 CONN_LOG_PROTECT()'s first argument may not be 0
Make that explicit by adding an assert and removing a null-check. All of
its callers currently depend on the argument being non-null anyway.
Silences a few clang complaints.
2011-05-09 13:19:45 -04:00
Sebastian Hahn
80e57af50f Appease clang - and my tortured mind
This possible div by 0 warning from clang's analyzer was quite fun to
track down. Turns out the current behaviour is safe.
2011-05-09 13:19:45 -04:00
Sebastian Hahn
58a16a4d6f Add an assert to un-confuse clang's analyzer
The analyzer assumed that bootstrap_percent could be less than 0 when we
call control_event_bootstrap_problem(), which would mean we're calling
log_fn() with undefined values. The assert makes it clear this can't
happen.
2011-05-09 13:19:44 -04:00
Sebastian Hahn
532c13693e Fix a docstring 2011-05-09 13:19:44 -04:00
Nick Mathewson
330116f034 Fix up some check-spaces issues 2011-05-05 21:53:46 -04:00
Nick Mathewson
9583a534ac Merge remote-tracking branch 'rransom/bug3106' into maint-0.2.2 2011-05-04 23:18:47 -04:00
Robert Ransom
66339f74b4 Handle crypto_pk_get_digest failures semi-sensibly
Fixes bug 3106.
2011-05-04 20:06:24 -07:00
Nick Mathewson
ab1460f3ae Merge remote-tracking branch 'sebastian/win_warning' into maint-0.2.2 2011-05-04 20:33:16 -04:00
Sebastian Hahn
9a490bb53b Fix compile warning on windows 2011-05-05 02:22:46 +02:00
Nick Mathewson
aba7bb705a Set SO_REUSEADDR on all sockets, not just listeners
See bug 2850 for rationale: it appears that on some busy exits, the OS
decides that every single port is now unusable because they have been
all used too recently.
2011-05-03 22:22:20 -04:00
Nick Mathewson
4126de6888 Fix circuit_list_path_impl(): internal circuits do not have an "exit". Trivial fix for 3079. 2011-05-03 21:53:59 -04:00
Nick Mathewson
68ae5afa5a Change who calls microdesc_cache_rebuild().
Previously we ensured that it would get called periodically by doing
it from inside the code that added microdescriptors.  That won't work
though: it would interfere with our code that tried to read microdescs
from disk initially.  Instead, we should consider rebuilding the cache
periodically, and on startup.
2011-05-03 17:28:28 -04:00
Nick Mathewson
cb6c909664 Rebuild the microdesc cache when a sufficient number of bytes are dropped
Previously on 0.2.2, we'd never clean the cache.  Now that we can
clean it, we want to add a condition to rebuild it: that should happen
whenever we have dropped enough microdescriptors that we could save a
lot of space.

No changes file, since 0.2.3 doesn't need one and 0.2.2 already has some
changes files for the backport of the microdesc_clean_cahce() function.
2011-05-03 17:03:49 -04:00
Nick Mathewson
56fbd728c2 Backport microdesc_cache_clean to 0.2.2
Otherwise we have no way to keep authorities' microdesc caches in 0.2.2
from growing without bound.
2011-05-03 16:45:15 -04:00
Nick Mathewson
970715dd8f Fix a check for when to rebuild the microdesc cache. (Backport from 0.2.3. 2011-05-03 16:29:39 -04:00
Nick Mathewson
698fa0fc67 Add missing code to set cache->journal_len when reading microdesc journal
This could be one reason that authorities' journals would grow without
bound; related to bug 2230. Bugfix on 0.2.2.6-alpha.  Fix by
"cypherpunks".
2011-05-03 16:22:31 -04:00
Nick Mathewson
dbd73b9689 Clean up a warning a bit 2011-04-29 11:14:53 -04:00
Nick Mathewson
bcdffc0f80 Rate-limit v2 networkstatus download fail warnings
This fixes part of 1352.  We don't care deeply about these warnings,
since v2 networkstatuses aren't a big deal.
2011-04-28 21:25:24 -04:00
Nick Mathewson
50c6b55757 Rename connection_dir_download_networkstatus_failed: be clear that it means v2 2011-04-28 21:23:32 -04:00
Nick Mathewson
f0d9e2d650 Merge remote-tracking branch 'arma/bug3012' into maint-0.2.2 2011-04-28 21:15:14 -04:00
Roger Dingledine
66de6f7eb8 relays checkpoint their state file twice a day 2011-04-28 21:06:25 -04:00
Nick Mathewson
cd42ae7185 Only authorities should automatically download v2 networkstatus documents
Clients and relays haven't used them since early 0.2.0.x.  The only
remaining use by authorities learning about new relays ahead of scedule;
see proposal 147 for what we intend to do about that.

We're leaving in an option (FetchV2Networkstatus) to manually fetch v2
networkstatuses, because apparently dnsel and maybe bwauth want them.

This fixes bug 3022.
2011-04-28 21:06:07 -04:00
Nick Mathewson
4010427b51 Merge remote-tracking branch 'arma/bug3039' into maint-0.2.2 2011-04-28 20:53:44 -04:00
Roger Dingledine
df3cf881d1 stop putting wacky values into state->lastwritten 2011-04-28 20:40:15 -04:00
Nick Mathewson
5693fedb60 Clarify comment to say which version fixed 2722 2011-04-28 20:38:15 -04:00
Nick Mathewson
6b9aadd557 Merge remote-tracking branches 'rransom/bug2722' and 'rransom/bug2722b' into maint-0.2.2 2011-04-28 20:36:38 -04:00
Nick Mathewson
c122897925 Merge remote-tracking branch 'sebastian/bug3020' into maint-0.2.2 2011-04-28 20:03:57 -04:00
Roger Dingledine
710227a77f fix a function comment 2011-04-28 19:19:04 -04:00
Sebastian Hahn
525d2700dd Correctly check elapsed time in last hibernation period
Fix bug 3020.
2011-04-29 01:18:32 +02:00
Nick Mathewson
6dfc0d5301 Avoid false positives from proxy_mode()
Previously it would erroneously return true if ListenAddr was set for
a client port, even if that port itself was 0.  This would give false
positives, which were not previously harmful... but which were about
to become.
2011-04-28 18:11:58 -04:00
Robert Ransom
b8708b5bd3 Fix bug 1930 2011-04-28 18:11:58 -04:00
Robert Ransom
ddd1b7be2d Ignore SIGNAL NEWNYM on relay-only Tor instances 2011-04-28 18:10:17 -04:00
Robert Ransom
df5c7fedbd Don't allow v0 HS auths to act as clients
A v0 HS authority stores v0 HS descriptors in the same descriptor
cache that its HS client functionality uses.  Thus, if the HS
authority operator clears its client HS descriptor cache, ALL v0
HS descriptors will be lost.  That would be bad.
2011-04-28 18:10:16 -04:00
John Brooks
2dc9546eef Correct the logic from f14754fbd for tor_gmtime_r 2011-04-28 17:13:45 -04:00
Nick Mathewson
51e551d383 Detect and handle NULL returns from (gm/local)time_r
These functions can return NULL for otherwise-valid values of
time_t.  Notably, the glibc gmtime manpage says it can return NULL
if the year if greater than INT_MAX, and the windows MSDN gmtime
page says it can return NULL for negative time_t values.

Also, our formatting code is not guaranteed to correctly handle
years after 9999 CE.

This patch tries to correct this by detecting NULL values from
gmtime/localtime_r, and trying to clip them to a reasonable end of
the scale.  If they are in the middle of the scale, we call it a
downright error.

Arguably, it's a bug to get out-of-bounds dates like this to begin
with.  But we've had bugs of this kind in the past, and warning when
we see a bug is much kinder than doing a NULL-pointer dereference.

Boboper found this one too.
2011-04-28 17:12:54 -04:00
Nick Mathewson
3055acbdbe Merge remote-tracking branch 'sebastian/bug2497' into maint-0.2.2 2011-04-28 16:05:34 -04:00
Robert Ransom
2c0258b69a Clean up merge of bug3k_021 2011-04-28 15:52:42 -04:00
Sebastian Hahn
4b13ebd5ab Merge branch 'bug3k_021' into bug3k_022
Conflicts:
	src/or/or.h
	src/or/rendclient.c
2011-04-28 19:00:34 +02:00
Sebastian Hahn
8a36f21251 Fix a failure case of connection_ap_handshake_attach_circuit()
tor_fragile_assert() might be a no-op, so we have to return something
here to indicate failure to the caller.
2011-04-28 18:14:50 +02:00
Robert Ransom
f1cf9bd74d Fix a bug introduced by purging rend_cache on NEWNYM
If the user sent a SIGNAL NEWNYM command after we fetched a rendezvous
descriptor, while we were building the introduction-point circuit, we
would give up entirely on trying to connect to the hidden service.

Original patch by rransom slightly edited to go into 0.2.1
2011-04-28 18:14:50 +02:00
Robert Ransom
2ad18ae736 Allow rend_client_send_introduction to fail transiently
i.e. without closing the AP connection.
2011-04-28 18:14:50 +02:00
Robert Ransom
440e48ddf2 Forget all rendezvous client state on SIGNAL NEWNYM 2011-04-28 18:14:50 +02:00
Nick Mathewson
0130e7c9d2 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/torint.h
2011-04-27 22:14:28 -04:00
Nick Mathewson
34510f9278 Fix clear_trackhostexits_mapping() to actually work as advertised
Previously, it would remove every trackhostexits-derived mapping
*from* xyz.<exitname>.exit; it was supposed to remove every
trackhostexits-derived mapping *to* xyz.<exitname>.exit.

Bugfix on 0.2.0.20-rc: fixes an XXX020 added while staring at bug-1090
issues.
2011-04-27 17:23:05 -04:00
Roger Dingledine
cba1d29b7f make make check-spaces happier.
(still not happy.)
2011-04-27 15:18:34 -04:00
cypherpunks
247cbab6c8 Fix double-free bug in microdesc parser 2011-04-27 15:15:32 -04:00
Roger Dingledine
0c40dda3ad explain an argument in a function comment 2011-04-27 13:43:11 -04:00
Nick Mathewson
748350ace1 Instead of checking whether we have unremoved intro points, check for usable ones 2011-04-27 00:01:41 -04:00
Roger Dingledine
b8b557dcb2 better user-facing warnings for unexpected last hops
these still aren't perfect, but we won't know how to correct them until
we start experiencing surprised users.
2011-04-27 00:01:41 -04:00
Roger Dingledine
f7a5bc16d6 warn if we launch too many circuits for a given stream 2011-04-27 00:01:41 -04:00
Roger Dingledine
f962dda8c1 revert most of ef81649d2f
Now we believe it to be the case that we never build a circuit for our
stream that has an unsuitable exit, so we'll never need to use such
a circuit. The risk is that we have some code that builds the circuit,
but now we refuse to use it, meaning we just build a bazillion circuits
and ignore them all.
2011-04-27 00:01:41 -04:00
Nick Mathewson
8ee92f28e0 Add a circuit_purpose_to_string() function, and use it
We had a circuit_purpose_to_controller_string() function, but it was
pretty coarse-grained and didn't try to be human-readable.
2011-04-27 00:01:35 -04:00
Sebastian Hahn
e03e90bf59 Fix a check-spaces complaint 2011-04-26 23:55:23 -04:00
Sebastian Hahn
92ec36a061 Explain the "using anyway" log message better
Also add a request to report any cases where we are not honoring
StrictNodes to the developers: These should now all be bugs.
2011-04-26 23:55:23 -04:00
Sebastian Hahn
8e2904e269 Fix a log msg 2011-04-26 23:55:22 -04:00
Nick Mathewson
79a3b3cd37 Check transition of circuit purpose from INTRO->GENERAL if nodes are constrained
This looked at first like another fun way around our node selection
logic: if we had introduction circuits, and we wound up building too
many, we would turn extras into general-purpose circuits.  But when we
did so, we wouldn't necessarily check whether the general-purpose
circuits conformed to our node constraints.  For example, the last
node could totally be in ExcludedExitNodes and we wouldn't have cared...

...except that the circuit should already be internal, so it won't get user
streams attached to it, so the transition should generally be allowed.
Add an assert to make sure we're right about this, and have it not
check whether ExitNodes is set, since that's irrelevant to internal
circuits.
2011-04-26 23:54:18 -04:00
Nick Mathewson
6afad6b691 When cannibalizing a circuit, make sure it has no ExcludeNodes on it
This could happen if StrictNodes was 0 and we were forced to pick an
excluded node as the last hop of the circuit.
2011-04-26 23:54:17 -04:00
Nick Mathewson
80adb3de50 When there is a transition in permitted nodes, apply it to trackexithosts map
IOW, if we were using TrackExitHosts, and we added an excluded node or
removed a node from exitnodes, we wouldn't actually remove the mapping
that points us at the new node.

Also, note with an XXX022 comment a place that I think we are looking
at the wrong string.
2011-04-26 23:54:17 -04:00
Nick Mathewson
128582cc1f Simplify calls to routerset_equal
The routerset_equal function explicitly handles NULL inputs, so
there's no need to check inputs for NULL before calling it.

Also fix a bug in routerset_equal where a non-NULL routerset with no
entries didn't get counted as equal to a NULL routerset.  This was
untriggerable, I think, but potentially annoying down the road.
2011-04-26 23:54:17 -04:00
Nick Mathewson
84f0e87c6a If we have chosen an exit that shares a family with all bridges, fail the circuit
We could probably do something smarter here, but the situation is
unusual enough that it's okay to just fail the circuit.
2011-04-26 23:54:17 -04:00
Nick Mathewson
b59a289365 Do not try to download descriptors for bridges in ExcludeNodes. 2011-04-26 23:54:16 -04:00
Nick Mathewson
ad78bafb71 Correct the behavior of .exit with ExcludeNodes, StrictNodes, etc.
ExcludeExitNodes foo now means that foo.exit doesn't work.  If
StrictNodes is set, then ExcludeNodes foo also overrides foo.exit.

foo.exit , however, still works even if foo is not listed in ExitNodes.
2011-04-26 23:54:16 -04:00
Nick Mathewson
ed7c267743 Note another place that we need to fix a 1090 issue. 2011-04-26 23:54:16 -04:00
Nick Mathewson
4851de554d Do not automatically ignore Fast/Stable for exits when ExitNodes is set
This once maybe made sense when ExitNodes meant "Here are 3 exits;
use them all", but now it more typically means "Here are 3
countries; exit from there."  Using non-Fast/Stable exits created a
potential partitioning opportunity and an annoying stability
problem.

(Don't worry about the case where all of our ExitNodes are non-Fast
or non-Stable: we handle that later in the function by retrying with
need_capacity and need_uptime set to 0.)
2011-04-26 23:54:16 -04:00
Nick Mathewson
e4689d8402 Note a slightly less likely way to violate ExcludeNodes 2011-04-26 23:54:16 -04:00
Nick Mathewson
db2fd28308 Note that circuit purpose changing can violate ExcludeNodes 2011-04-26 23:54:16 -04:00
Nick Mathewson
ca74badbe9 If we're excluded, and StrictNodes is set, do not do self-tests. 2011-04-26 23:54:15 -04:00
Nick Mathewson
affdec8d04 Add an XXX022-1090 to note consider_exit_fmily b0rkenness 2011-04-26 23:54:15 -04:00
Roger Dingledine
5710ea6475 three more cases where maybe we want to exclude 2011-04-26 23:54:15 -04:00
Roger Dingledine
9f47cfc21a make formal a constraint that's been true a while now 2011-04-26 23:54:15 -04:00
Roger Dingledine
2b5c39211c refuse moria1.exit if moria1 is excluded
add a note reminding us to do this for foo.moria1.exit if we decide to.
2011-04-26 23:54:15 -04:00
Roger Dingledine
bcea155ce0 note another case where strictnodes is considered for exits 2011-04-26 23:54:14 -04:00
Roger Dingledine
0ad3836f73 If ExitNodes and Exclude{Exit}Nodes overlap, obey Exclude{Exit}Nodes.
Also, ExitNodes are always strict.
2011-04-26 23:54:14 -04:00
Roger Dingledine
5d12495d98 the new entrynodes behavior is always strict 2011-04-26 23:54:13 -04:00
Roger Dingledine
719b5b87de don't exit enclave to excluded relays 2011-04-26 23:54:13 -04:00
Roger Dingledine
7e2e8074d5 slight tweak on circuit_conforms_to_options
this function really needs to get a total rewrite (or die)

For now, use #if 0 to disable it.
2011-04-26 23:54:04 -04:00
Roger Dingledine
4906188b62 handle excludenodes for dir fetch/post
If we're picking a random directory node, never pick an excluded one.
But if we've chosen a specific one (or all), allow it unless strictnodes
is set (in which case warn so the user knows it's their fault).

When warning that we won't connect to a strictly excluded node,
log what it was we were trying to do at that node.

When ExcludeNodes is set but StrictNodes is not set, we only use
non-excluded nodes if we can, but fall back to using excluded nodes
if none of those nodes is usable.
2011-04-26 23:53:50 -04:00
Roger Dingledine
ad3da53536 If EntryNodes and ExcludeNodes overlap, obey ExcludeNodes. 2011-04-26 23:53:49 -04:00
Roger Dingledine
82178a81f6 refuse excluded hidserv nodes if strictnodes
Make hidden services more flaky for people who set both ExcludeNodes
and StrictNodes. Not recommended, especially for hidden service operators.
2011-04-26 23:53:20 -04:00
Nick Mathewson
f810a1afe9 Expose a new process_signal(uintptr_t), not signal_callback()
This is a tweak to the bug2917 fix.  Basically, if we want to simulate
a signal arriving in the controller, we shouldn't have to pretend that
we're Libevent, or depend on how Tor sets up its Libevent callbacks.
2011-04-26 15:20:08 -04:00
Nick Mathewson
a7a906603e Merge remote-tracking branch 'sebastian/bug2917' into maint-0.2.2 2011-04-26 15:17:03 -04:00
Nick Mathewson
b75d1daf40 Merge remote-tracking branch 'public/bug2332' into maint-0.2.2 2011-04-26 13:10:54 -04:00
Nick Mathewson
43ffd023e9 Make SIZE_T_CEILING unsigned; add a signed SSIZE_T_CEILING
None of the comparisons were _broken_ previously, but avoiding
signed/unsigned comparisons makes everybody happier.

Fixes bug2475.
2011-04-26 13:03:58 -04:00
Nick Mathewson
bb6d45af1f Downgrade notice to info when downloading a cert. 2011-04-26 12:47:09 -04:00
Roger Dingledine
9d673dcd20 fix some comments before they create conflicts 2011-04-26 11:29:22 -04:00
Nick Mathewson
1cff525973 Fix compilation in last patch 2011-04-26 11:14:46 -04:00
Nick Mathewson
f083347adf Merge remote-tracking branch 'sebastian/bug2704' into maint-0.2.2 2011-04-26 11:07:48 -04:00
Sebastian Hahn
6fde2b46d2 Fix more of bug 2704
The last entry of the *Maxima values in the state file was inflated by a
factor of NUM_SECS_ROLLING_MEASURE (currently 10). This could lead to
a wrong maximum value propagating through the state file history.
2011-04-26 15:36:17 +02:00
Sebastian Hahn
4c789ec08c Don't leak the local hostname in relay nicknames
Fixes bug 2979, reported by tagnaq.
2011-04-26 05:08:32 +02:00
Nick Mathewson
f3b58dfa53 Merge commit '91aa6f08bcf0acbdfa038aaffe73e327ddd87c67' into maint-0.2.2 2011-04-25 19:03:15 -04:00
Sebastian Hahn
91aa6f08bc Make the Log configuration option expand ~ 2011-04-22 16:06:52 +02:00
Nick Mathewson
a0514ba531 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-04-21 13:40:00 -04:00
Nick Mathewson
e98583594d Fix a bug in removing DNSPort requests from their circular list
Under heavy load, this could result in an assertion failure.  Fix for
bug 2933; bugfix on 0.2.0.10-alpha.
2011-04-21 13:39:00 -04:00
Sebastian Hahn
3f7f96d9e7 Prevent hugely inflated observed bandwidth values
When reading the bw history from the state file, we'd add the 900-second
value as traffic that occured during one second. Fix that by adding the
average value to each second.

This bug was present since 0.2.0.5-alpha, but was hidden until
0.2.23-alpha when we started using the saved values.
2011-04-19 15:38:26 -04:00
Sebastian Hahn
13c3884ff6 Don't sometimes undercount bw average
This fixes the first part of bug 2704. It should occur only rarely when
no bw maxima are known. Bugfix on 0.2.2.23-alpha. Fixes bug 2704.
2011-04-19 15:38:10 -04:00
Nick Mathewson
5cc322e547 Standardize our printf code on %d, not %i. 2011-04-19 12:40:29 -04:00
Nick Mathewson
dfc9c6a0f9 Merge remote-tracking branch 'rransom/bug2750-v3' into maint-0.2.1 2011-04-19 12:30:50 -04:00
Nick Mathewson
cfd7b118a7 Ouch: correctly tabify the micro-revision.i target in Makefile.am (0.2.1 only) 2011-04-19 12:29:20 -04:00
Sebastian Hahn
c1927d7d5f Don't report empty bw-history lines in extrainfo
Some tor relays would report lines like these in their extrainfo
documents:
dirreq-write-history 2011-03-14 16:46:44 (900 s)

This was confusing to some people who look at the stats. It would happen
whenever a relay first starts up, or when a relay has dirport disabled.
Change this so that lines without actual bw entries are omitted.
Implements ticket 2497.
2011-04-19 14:51:40 +02:00
Nick Mathewson
48bdc2f729 Correct HS descriptor length check
Fixes bug 2948.
2011-04-18 13:53:13 -07:00
Robert Ransom
130db1bdeb Merge branch 'bug2750-v3' into bug2948 2011-04-18 13:36:19 -07:00