Commit Graph

1385 Commits

Author SHA1 Message Date
Nick Mathewson
69df16e376 Rewrite the logic for deciding when to drop old/superseded certificates
Fixes bug 11454, where we would keep around a superseded descriptor
if the descriptor replacing it wasn't at least a week later.  Bugfix
on 0.2.1.8-alpha.

Fixes bug 11457, where a certificate with a publication time in the
future could make us discard existing (and subsequent!) certificates
with correct publication times.  Bugfix on 0.2.0.3-alpha.
2015-01-09 10:28:59 -05:00
Nick Mathewson
90db39448d Downgrade warnings about extrainfo incompatibility when reading cache
Fixes  13762.
2015-01-07 13:11:06 -05:00
Nick Mathewson
f54e54b0b4 Bump copyright dates to 2015, in case someday this matters. 2015-01-02 14:27:39 -05:00
teor
1ee41b3eef Allow consensus interval of 10 seconds when testing
Decrease minimum consensus interval to 10 seconds
when TestingTorNetwork is set. (Or 5 seconds for
the first consensus.)

Fix code that assumes larger interval values.

This assists in quickly bootstrapping a testing
Tor network.

Fixes bugs 13718 & 13823.
2014-12-24 06:13:32 +11:00
Nick Mathewson
3d2366c676 Merge remote-tracking branch 'public/bug13126'
Conflicts:
	src/or/or.h
2014-11-26 09:03:30 -05:00
Nick Mathewson
81433e7432 Merge remote-tracking branch 'rl1987/bug13644' 2014-11-12 13:12:14 -05:00
rl1987
a6520ed537 Renaming ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN. 2014-11-11 20:56:40 +02:00
rl1987
7025f2dc59 Print a warning when extra info document is found incompatible with router descriptor. 2014-11-09 17:41:18 +02:00
teor
fd7e9e9030 Stop failing when key files are zero-length
Instead, generate new keys, and overwrite the empty key files.
Adds FN_EMPTY to file_status_t and file_status.
Fixes bug 13111.

Related changes due to review of FN_FILE usage:
Stop generating a fresh .old RSA key file when the .old file is missing.
Avoid overwriting .old key files with empty key files.
Skip loading zero-length extra info store, router store, stats, state,
and key files.
2014-11-08 20:31:20 +11:00
Nick Mathewson
415a841378 Remove smartlist_choose_node_by_bandwidth()
We were only using it when smartlist_choose_node_by_bandwidth_weights
failed.  But that function could only fail in the presence of
buggy/ancient authorities or in the absence of a consensus.  Either
way, it's better to use sensible defaults and a nicer algorithm.
2014-11-03 13:30:19 -05:00
Nick Mathewson
bbd8d07167 Apply new calloc coccinelle patch 2014-11-02 11:56:02 -05:00
Nick Mathewson
dc05b8549a Use digest256map for computing microdescriptor downloads 2014-10-31 11:32:32 -04:00
Nick Mathewson
fcdcb377a4 Add another year to our copyright dates.
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code.  Right?
2014-10-28 15:30:16 -04:00
rl1987
f1ebe6bda4 Fix smartlist_choose_node_by_bandwidth() so that it rejects ORs with BadExit flag. 2014-10-28 14:07:08 -04:00
Nick Mathewson
f5fc7e3306 Fix a crash bug introduced in 223d354e3.
Arma found this and commented on #11243.  Bug not in any released
version of Tor.
2014-10-26 14:09:03 -04:00
Nick Mathewson
2d4c40ee5f Fix a use-after-free error in cleaned-up rouerlist code.
Bug not in any released tor.  This is CID 1248521
2014-10-20 09:04:53 -04:00
Nick Mathewson
d950e24332 Merge remote-tracking branch 'public/bug11243_squashed' 2014-10-13 14:32:43 -04:00
Nick Mathewson
223d354e34 Bugfixes on bug11243 fix for the not-added cases and tests
1. The test that adds things to the cache needs to set the clock back so
    that the descriptors it adds are valid.

 2. We split ROUTER_NOT_NEW into ROUTER_TOO_OLD, so that we can
    distinguish "already had it" from "rejected because of old published
    date".

 3. We make extrainfo_insert() return a was_router_added_t, and we
    make its caller use it correctly.  This is probably redundant with
    the extrainfo_is_bogus flag.
2014-10-13 14:31:11 -04:00
Nick Mathewson
3efeb711f1 Unit tests for 11243: loading ri, ei, mds from lists
These tests make sure that entries are actually marked
undownloadable as appropriate.
2014-10-13 14:30:02 -04:00
Nick Mathewson
a30594605e Treat unparseable (micro)descriptors and extrainfos as undownloadable
One pain point in evolving the Tor design and implementing has been
adding code that makes clients reject directory documents that they
previously would have accepted, if those descriptors actually exist.
When this happened, the clients would get the document, reject it,
and then decide to try downloading it again, ad infinitum.  This
problem becomes particularly obnoxious with authorities, since if
some authorities accept a descriptor that others don't, the ones
that don't accept it would go crazy trying to re-fetch it over and
over. (See for example ticket #9286.)

This patch tries to solve this problem by tracking, if a descriptor
isn't parseable, what its digest was, and whether it is invalid
because of some flaw that applies to the portion containing the
digest.  (This excludes RSA signature problems: RSA signatures
aren't included in the digest.  This means that a directory
authority can still put another directory authority into a loop by
mentioning a descriptor, and then serving that descriptor with an
invalid RSA signatures.  But that would also make the misbehaving
directory authority get DoSed by the server it's attacking, so it's
not much of an issue.)

We already have a mechanism to mark something undownloadable with
downloadstatus_mark_impossible(); we use that here for
microdescriptors, extrainfos, and router descriptors.

Unit tests to follow in another patch.

Closes ticket #11243.
2014-10-13 14:30:02 -04:00
teor
ff42222845 Improve DIRINFO flags' usage comments
Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in functions
which take them as arguments. Replace 0 with NO_DIRINFO in a function call
for clarity.

Seeks to prevent future issues like 13163.
2014-10-08 05:36:54 +11:00
Nick Mathewson
ac9b0a3110 Try to make max_dl_per_request a bit smarter 2014-09-29 10:56:38 -04:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
Nick Mathewson
6523eff9b3 Send long URLs when requesting ordinary server descriptors too. 2014-09-23 13:04:22 -04:00
Nick Mathewson
055ad9c5fb fixup! Send more descriptor requests per attempt when using tunneled connections
Limit the number of simultaneous connections to a single router for
server descriptors too.
2014-09-23 12:57:10 -04:00
Nick Mathewson
0fdfdae7e3 fixup! Refactor initiate_descriptor_downloads() to be safer
Calculate digest_len correctly.

Also, refactor setting of initial variables to look a little nicer.
2014-09-23 12:56:16 -04:00
Nick Mathewson
55b21b366c fixup! Make router_pick_directory_server respect PDS_NO_EXISTING_*
Document n_busy_out, and set it correctly when we goto retry_without_exclude.
2014-09-23 12:47:39 -04:00
Nick Mathewson
02464694b2 fixup! Send more descriptor requests per attempt when using tunneled connections
Compilation fixes
2014-09-23 12:34:51 -04:00
Nick Mathewson
06bda50600 fixup! Download microdescriptors if you're a cache 2014-09-23 12:32:02 -04:00
Arlo Breault
5ed5ac185b Send more descriptor requests per attempt when using tunneled connections 2014-09-23 12:22:28 -04:00
Arlo Breault
21d5dbd474 Refactor initiate_descriptor_downloads() to be safer
(It's smarter to use asprintf and join than character pointers and a
long buffer.)
2014-09-23 12:21:08 -04:00
Arlo Breault
29f15a97ed Make router_pick_directory_server respect PDS_NO_EXISTING_* 2014-09-23 12:19:15 -04:00
George Kadianakis
24a7726955 Implement Tor2webRendezvousPoints functionality. 2014-09-15 16:07:48 +03:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
59f9a5c786 Avoid divide by zero and NaNs in scale_array_elements_to_u64
Patch from teor; part of 13104
2014-09-10 23:59:21 -04:00
Nick Mathewson
73ee161d8a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-10 23:48:59 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Nick Mathewson
2a0a5fe612 Explicitly cast when dividing ints then implicitly casting to double.
Coverity thinks that when we do "double x = int1/int2;", we probably
meant "double x = ((double)int1) / int2;".  In these cases, we
didn't.

[Coverity CID 1232089 and 1232090]
2014-08-21 10:19:26 -04:00
Nick Mathewson
2bfd92d0d1 Apply coccinelle script to replace malloc(a*b)->calloc(a,b) 2014-08-13 10:39:56 -04:00
Nick Mathewson
bb68c731b8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-08 10:09:17 -04:00
Roger Dingledine
0c869af7f8 fix three typos in comments 2014-08-06 02:20:51 -04:00
Nick Mathewson
d8705ec720 Merge remote-tracking branch 'asn/bug12207_second_draft' 2014-07-16 15:33:00 +02:00
George Kadianakis
b74442db94 Change interface of router_descriptor_is_too_old(). 2014-07-09 19:20:41 +03:00
George Kadianakis
4245662b28 Functionify the descriptor age check so that we can NOP it in tests. 2014-06-24 14:19:07 -04:00
Arlo Breault
48d7fceee5 Update a comment and undef an identifier
* Trac #11452
2014-06-23 20:28:34 -04:00
Karsten Loesing
5e9bd1b5db Believe that v3 dirauths always serve extra infos.
Clients should always believe that v3 directory authorities serve
extra-info documents, regardless of whether their server descriptor
contains a "caches-extra-info" line or not.

Fixes part of #11683.
2014-05-05 15:31:52 +02:00
Nick Mathewson
1bbd3811c1 Merge remote-tracking branch 'public/bug10849_025'
Conflicts:
	src/or/config.c
2014-05-01 11:51:22 -04:00
Nick Mathewson
438a03ef7c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-16 15:37:19 -04:00
Nick Mathewson
3fc0f9efb8 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 14:57:14 -04:00
Nick Mathewson
ef3d7f2f97 remove note about dannenberg; it has upgraded. 2014-04-16 14:56:49 -04:00
Nick Mathewson
f050cf75b0 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-16 13:32:20 -04:00
Nick Mathewson
2ce0750d21 Update the authority signing key blacklist
Now it only has dannenberg
2014-04-16 13:31:40 -04:00
Nick Mathewson
03e0c7e366 Answer a question in a comment; fix a wide line. 2014-04-15 20:52:31 -04:00
Nick Mathewson
bc4c966851 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-14 18:00:54 -04:00
Nick Mathewson
149931571a Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/routerlist.h
2014-04-14 18:00:38 -04:00
Nick Mathewson
09ed8a5dbb Tweak changes file and comment dates. 2014-04-14 17:58:49 -04:00
Nick Mathewson
46cf63bb42 Fill in the list of blacklisted signing keys.
I used a list of certificate files from arma, and a little script,
both at 11464.
2014-04-14 17:57:39 -04:00
Nick Mathewson
50ad393924 Code to blacklist authority signing keys
(I need a list of actual signing keys to blacklist.)
2014-04-14 17:57:39 -04:00
Roger Dingledine
aacbf551c4 note a missing word 2014-04-09 01:01:52 -04:00
Nick Mathewson
c0441cca8b Merge branch 'bug8787_squashed' 2014-03-31 11:57:56 -04:00
Nick Mathewson
1a9b4bd28c Munmap the right pointers in routerlist_free() 2014-03-31 11:43:51 -04:00
Andrea Shepard
df076eccfa Always check returns from tor_munmap_file() in microdesc.c 2014-03-31 11:27:08 -04:00
Andrea Shepard
947a6daa31 Always check returns from tor_munmap_file() in routerlist.c 2014-03-31 11:27:08 -04:00
Karsten Loesing
7450403410 Take out remaining V1 directory code. 2014-03-18 10:40:10 +01:00
Nick Mathewson
9077118ee2 Remove the unused router_hex_digest_matches
When I removed some unused functions in 5bfa373eee, this became
unused as well.
2014-03-11 11:17:46 -04:00
Nick Mathewson
b8ceb464e5 Merge branch 'bug11156_squashed' 2014-03-10 14:08:38 -04:00
George Kadianakis
6606e676ee Don't do directory fetches before all PTs have been configured. 2014-03-10 14:07:56 -04:00
Nick Mathewson
f0b2dc83b6 Merge remote-tracking branch 'arma/ticket5528'
Conflicts:
	src/or/router.c
	src/test/test_dir.c
2014-03-05 12:44:40 -05:00
Nick Mathewson
0b7a66fac7 whitespace fix 2014-02-28 08:57:29 -05:00
Nick Mathewson
b3a6907493 Remove a bunch of functions that were never called. 2014-02-15 15:33:34 -05:00
Nick Mathewson
ce450bddb7 Remove TunnelDirConns and PreferTunnelledDirConns
These options were added back in 0.1.2.5-alpha, but no longer make any
sense now that all directories support tunneled connections and
BEGIN_DIR cells.  These options were on by default; now they are
always-on.

This is a fix for 10849, where TunnelDirConns 0 would break hidden
services -- and that bug arrived, I think, in 0.2.0.10-alpha.
2014-02-11 11:10:55 -05:00
Karsten Loesing
00ec6e6af0 More fixes to rip out all of the v2 directory code.
(This was a squash commit, but I forgot to squash it. Sorry! --Nick)
2014-02-03 13:34:30 -05:00
Nick Mathewson
3193cbe2ba Rip out all of the v2 directory code.
The remaining vestige is that we continue to publish the V2dir flag,
and that, for the controller, we continue to emit v2 directory
formats when requested.
2014-01-29 15:17:05 -05:00
Nick Mathewson
0546edde66 Merge branch 'bug1376' 2013-10-11 12:51:15 -04:00
Nick Mathewson
df4693fed5 Merge remote-tracking branch 'origin/maint-0.2.4' 2013-10-10 11:24:16 -04:00
Nick Mathewson
7dbf66713f When freeing a cert_list_t, avoid memory leak.
We were freeing these on exit, but when we added the dl_status_map
field to them in fddb814f, we forgot to arrange for it to be freed.

I've moved the cert_list_free() code into its own function, and added
an appropriate dsmap_free() call.

Fixes bug 9644; bugfix on 0.2.4.13-alpha.
2013-09-19 12:22:49 -04:00
Nick Mathewson
e0b2cd061b Merge remote-tracking branch 'ctoader/gsoc-cap-stage2'
Conflicts:
	src/common/sandbox.c
2013-09-13 12:31:41 -04:00
Kevin Butler
1bdb391ed0 Added no_tempfile parameter to write_chunks_to_file to do non-atomic writes. Implements #1376. 2013-09-01 00:24:07 +01:00
Cristian Toader
c15d09293b added experimental support for open syscall path param 2013-07-23 14:01:53 +03:00
Nick Mathewson
a3e0a87d95 Completely refactor how FILENAME_PRIVATE works
We previously used FILENAME_PRIVATE identifiers mostly for
identifiers exposed only to the unit tests... but also for
identifiers exposed to the benchmarker, and sometimes for
identifiers exposed to a similar module, and occasionally for no
really good reason at all.

Now, we use FILENAME_PRIVATE identifiers for identifiers shared by
Tor and the unit tests.  They should be defined static when we
aren't building the unit test, and globally visible otherwise. (The
STATIC macro will keep us honest here.)

For identifiers used only by the unit tests and never by Tor at all,
on the other hand, we wrap them in #ifdef TOR_UNIT_TESTS.

This is not the motivating use case for the split test/non-test
build system; it's just a test example to see how it works, and to
take a chance to clean up the code a little.
2013-07-10 15:20:10 -04:00
Karsten Loesing
1293835440 Lower dir fetch retry schedules in testing networks.
Also lower maximum interval without directory requests, and raise
maximum download tries.

Implements #6752.
2013-05-16 12:08:48 +02:00
Andrea Shepard
50beb81d53 Merge branch 'maint-0.2.4' 2013-05-10 21:05:34 -07:00
Andrea Shepard
aaa3a085db Merge bug5595-v2-squashed into maint-0.2.4 2013-05-10 19:39:48 -07:00
Andrea Shepard
ac73ceb728 Rephrase comment in trusted_dirs_load_certs_from_string() to reflect 5595 fix 2013-05-09 10:55:07 -07:00
Andrea Shepard
17692b2fe2 Make warning in authority_cert_dl_failed() LD_BUG per NickM code review 2013-05-09 10:55:07 -07:00
Andrea Shepard
2824bf3445 Use tor_asprintf() and clean up string handling in authority_certs_fetch_missing() 2013-05-09 10:55:02 -07:00
Andrea Shepard
7b6ee54bdc Avoid duplicate downloads by (fp,sk) and by fp for authority certs when bootstrapping 2013-05-09 10:55:01 -07:00
Andrea Shepard
fddb814fea When downloading certificates, distinguish requesting by identity digest from requesting by ID digest, signing key pair; fixes bug 5595 2013-05-09 10:55:01 -07:00
Nick Mathewson
d34d0b4dc5 Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/dirserv.c
2013-04-14 21:57:56 -04:00
Nick Mathewson
52cadff0d6 Rename all fields which measure bw in kb to end with _kb 2013-04-14 21:45:05 -04:00
Akshay Hebbar Y S
36acde6b4e Removed obsolete code related to cached-routers 2013-04-01 21:50:35 -04:00
Nick Mathewson
f15d9cf5db Merge remote-tracking branch 'origin/maint-0.2.4' 2013-03-18 14:50:36 -04:00
Nick Mathewson
26639b7798 Merge remote-tracking branch 'public/no_dup_guards' into maint-0.2.4 2013-03-18 14:50:01 -04:00
Nick Mathewson
b163e801bc Merge remote-tracking branch 'origin/maint-0.2.4'
Conflicts:
	src/or/routerlist.c
2013-03-15 12:20:17 -04:00
Nick Mathewson
289653c392 Remove a few more unused functions. 2013-03-01 21:57:52 -05:00
Nick Mathewson
5bfa373eee Remove some totally unused functions 2013-02-23 23:31:31 -05:00
Nick Mathewson
365e302f61 Remove a bunch of unused macro definitions 2013-02-23 23:05:25 -05:00
Nick Mathewson
1070a720ad Be more robust when excluding existing nodes as new dirguards
In addition to rejecting them post-hoc, avoid picking them in the
first place.  This makes us less likely to decide that we can't add
guards at all.
2013-02-14 12:06:59 -05:00
Roger Dingledine
178599f026 get rid of the new caching notion in resolve_my_address()
and replace it with the good old-fashioned two functions approach
2013-02-12 04:25:42 -05:00