Commit Graph

11357 Commits

Author SHA1 Message Date
George Kadianakis
03e89f0b72 Introduce get_lines_from_handle().
get_lines_from_handle() is a multiplatform function which drains lines
from a stream and stuffs it into a smartlist. It's useful for
line-based protocols, like the one managed proxy and the tor-fw-helper
protocols.
2012-09-05 18:02:27 +03:00
George Kadianakis
e8be040016 All loging messages are now sent to stderr.
stdout should be clean for control messages.
2012-09-05 18:02:27 +03:00
George Kadianakis
b9e160446a Refactor our backends' interface. 2012-09-05 18:02:27 +03:00
George Kadianakis
c5778553dc Further implement tor-fw-helper's TCP port forwarding system. 2012-09-05 18:02:27 +03:00
George Kadianakis
d7261fb7f1 Implement the new TCP port parsing logic in tor-fw-helper. 2012-09-05 18:02:27 +03:00
George Kadianakis
d19a78744e Refactor tor-fw-helper port forwarding logic.
Make it port-purpose-agnostic; that is it should treat each port as
equal, and not expect to get a DirPort and an ORPort.
2012-09-05 18:02:26 +03:00
Linus Nordberg
f7c97cd40b Remove AuthDirPublishIPv6 and let AuthDirHasIPv6Connectivity fill its function.
See #4771 for rationale.

Note that this patch does not take suggested changes in #4470 into
account and keeps treating AuthDirHasIPv6Connectivity as an
AUTOBOOL. Thus, bug fixes for that are included here as well.

This is a fix on master, unreleased as of now.
2012-09-05 13:35:39 +02:00
Linus Nordberg
0e53742a85 Make AuthDirHasIPv6Connectivity a BOOL.
This is a fix of unreleased tor. It solves ticket #6770.
2012-09-05 12:47:01 +02:00
Roger Dingledine
67065c3c06 minor typos i found while constructing the changelog 2012-09-05 04:46:27 -04:00
Nick Mathewson
4d87919ba6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-09-04 18:34:39 -04:00
Nick Mathewson
acfd487e7d Merge remote-tracking branch 'arma/bug6743' into maint-0.2.3 2012-09-04 18:33:56 -04:00
Nick Mathewson
d7a646edcf Merge branch 'bug5535_only_rebased' 2012-09-04 18:24:20 -04:00
Nick Mathewson
ec94d0307e Merge remote-tracking branch 'linus/bug6363_only-ln' 2012-09-04 18:23:18 -04:00
Linus Nordberg
d34c690e54 Allocate vote_microdesc_hash_t using tor_malloc_zero().
In case the struct grows in the future. Shouldn't be too expensive.
2012-09-04 20:19:41 +02:00
Linus Nordberg
8ef395d6a9 Whitespace. 2012-09-04 20:19:40 +02:00
Linus Nordberg
b337aa4c0e Remove spurious debug log printout. 2012-09-04 19:27:05 +02:00
Linus Nordberg
730dd9a6d0 Remove trailing semicolon from #define TOR_ADDR_NULL.
Can it ever help? I can only see harm. What am I missing?
2012-09-04 13:05:23 -04:00
Linus Nordberg
d827a5495a Take microdesc into account when deciding about preferred OR port. 2012-09-04 12:57:22 -04:00
Linus Nordberg
8b081231b5 Make node_ipv6_preferred() take microdescs into account.
Also, make node_get_prim_orport() indicate in its return value whether
a valid OR port was copied or not.

Maybe we should make it legal to pass ap_out==NULL?
2012-09-04 12:57:22 -04:00
Linus Nordberg
3746215350 Take microdesc IPv6 address into account when setting node->ipv6_preferred.
Also, do this only for clients, explicitly.

Also, give the flag a value every time we set consensus. We used to
touch it only when ClientPreferIPv6ORPort was set, which was wrong.
2012-09-04 12:57:21 -04:00
Linus Nordberg
0f45dbefed Use preferred OR for nodes with routerstatus and microdesc too.
extend_info_from_node() used to use the primary OR port (i.e. IPv4)
unless the node had routerinfo. Now that we have IPv6 addresses in
microdescs we may want to use them.

Note that this patch changes using r->cache_info.identity_digest into
using node->identity. I count on these being well synchronised, or
things would break in other ways. Right?
2012-09-04 12:57:21 -04:00
Linus Nordberg
7a8366a3eb Add IPv6 OR port to microdesc_t and populate it. 2012-09-04 12:57:21 -04:00
Linus Nordberg
e04e1a2e7d Clients connect to public relays over IPv6.
Add ClientUseIPv6 and ClientPreferIPv6ORPort configuration options.

Use "preferred OR port" for all entry nodes, not only for bridges.

Mark bridges with "prefer IPv6 OR port" if an IPv6 address is
configured in Bridge line and ClientPreferIPv6ORPort is set.

Mark relays with "prefer IPv6 OR port" if an IPv6 address is found in
descriptor and ClientPreferIPv6ORPort is set.

Filter "preferred OR port" through the ClientUseIPv6 config option. We
might want to move this test to where actual connection is being set
up once we have a fall back mechanism in place.

Have only non-servers pick an IPv6 address for the first hop: We
don't want relays to connect over IPv6 yet. (IPv6 has never been used
for second or third hops.)

Implements ticket 5535.
2012-09-04 12:57:21 -04:00
Linus Nordberg
d6ad00a01f Clear the ipv6_preferred flag like the others.
I'm not entirely sure that this is meningful but I'm pretty sure it's
not harmful. Seems like the logical thing to do.
2012-09-04 12:55:38 -04:00
Linus Nordberg
c76a332887 Fix a comment. 2012-09-04 12:51:08 -04:00
Linus Nordberg
585ef06978 Add tor_addr_port_new(). 2012-09-04 12:03:42 -04:00
Linus Nordberg
68901da5a1 Generate microdescriptors with "a" lines.
Generate and store all supported microdescriptor formats. Generate
votes with one "m" line for each format. Only "m" lines with version
info matching chosen consensus method will be voted upon.

An optimisation would be to combine "m" lines with identical hashes,
i.e. instead of "m 1,2,3 H1" and "m 4,5 H1", say "m 1,2,3,4,5 H1".
2012-09-04 11:56:34 -04:00
Linus Nordberg
156ffef249 Have directory authorities vote on IPv6 OR ports according to the spec
Define new new consensus method 14 adding "a" lines to vote and
consensus documents.

From proposal 186:

  As with other data in the vote derived from the descriptor, the
  consensus will include whichever set of "a" lines are given by the
  most authorities who voted for the descriptor digest that will be
  used for the router.

This patch implements this.
2012-09-04 11:52:22 -04:00
Nick Mathewson
485b4b7eee Rename configure.in to configure.ac
This is the preferred filename to use with Autoconf 2.50 and later.
2012-09-04 11:12:00 -04:00
Nick Mathewson
05ded76cb6 Merge remote-tracking branch 'arma/bug6759' 2012-09-04 10:18:51 -04:00
Nick Mathewson
3da9a14f1c Merge remote-tracking branch 'arma/feature6758' 2012-09-04 10:16:15 -04:00
Nick Mathewson
978a2251f3 Merge remote-tracking branch 'arma/feature6760' 2012-09-04 10:14:55 -04:00
Roger Dingledine
0a2fcc55c5 resolve an XXX by agreeing with nickm 2012-09-03 22:15:04 -04:00
Roger Dingledine
81c6db3288 make "Launching %d requests for %d routers" message more useful
specifically, specify what sort of routers we're fetching.
2012-09-03 22:10:49 -04:00
Roger Dingledine
3ea37e5faa quiet "I learned some more directory information" on startup
Reserve it for when new directory information arrives in response to
a fetch.

Resolves ticket 6760.
2012-09-03 19:49:44 -04:00
Roger Dingledine
2131cc125b Don't log about reloading the microdescriptor cache at startup
Addresses bug 6759.
2012-09-03 18:50:27 -04:00
Roger Dingledine
e964f81143 omit the first heartbeat message (resolves ticket 6758) 2012-09-03 18:13:35 -04:00
Roger Dingledine
4bd90e20b9 fix whitespace and trivial typo 2012-09-03 02:09:39 -04:00
Roger Dingledine
eb3d079667 Make begindir_cutoff the same as general_cutoff
Allow one-hop directory fetching circuits the full "circuit build timeout"
period, rather than just half of it, before failing them and marking
the relay down. This fix should help reduce cases where clients declare
relays (or worse, bridges) unreachable because the TLS handshake takes
a few seconds to complete.

Fixes bug 6743 (one piece of bug 3443); bugfix on 0.2.2.2-alpha, where
we changed the timeout from a static 30 seconds.
2012-09-01 01:25:17 -04:00
Nick Mathewson
9982122f34 Use a time-invariant comparison in choose_array_element_by_weight 2012-08-28 12:42:25 -04:00
Nick Mathewson
5c3199cda7 In choose-by-bw, scale to better use the range of uint64
The smart part of this is based on an approach and a suggestion by
rransom. The unsmart part is my own fault.
2012-08-27 19:36:12 -04:00
Nick Mathewson
ef628649c8 Spelling fix in util.c comments 2012-08-27 16:44:54 -04:00
Nick Mathewson
3363a0d26e Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:39:30 -04:00
Nick Mathewson
a7a4bbff47 Quiet "Set buildtimeout to low val" warnings: make them info
Fix for #6251
2012-08-27 16:37:09 -04:00
Nick Mathewson
f40378118c Merge remote-tracking branch 'mikeperry/bug6647' 2012-08-27 16:23:19 -04:00
Nick Mathewson
b252ffa7cb Downgrade path-bias warning messages to INFO for now.
We've had over two months to fix them, and didn't.  Now we need
0.2.3.x stable.  Yes, it would be cool to get this working in
0.2.3.x, but not at the expense of delaying every other feature that
_does_ work in 0.2.3.x.  We can do a real fix in 0.2.4.
2012-08-27 16:18:35 -04:00
Nick Mathewson
0c5a44ed0a Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:16:27 -04:00
Nick Mathewson
bffe0d3ccc Merge branch 'bug6710_023' into maint-0.2.3 2012-08-27 16:15:01 -04:00
Nick Mathewson
e232938ec8 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-27 16:09:29 -04:00
Nick Mathewson
443e4ae1ee Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/or/policies.c
2012-08-27 16:07:04 -04:00
Nick Mathewson
62d96284f7 Do not assert when comparing a null address/port against a policy
This can create a remote crash opportunity for/against directory
authorities.
2012-08-27 12:04:55 -04:00
Nick Mathewson
b7c172c9ec Disable extending to private/internal addresses by default
This is important, since otherwise an attacker can use timing info
to probe the internal network.

Also, add an option (ExtendAllowPrivateAddresses) so that
TestingTorNetwork won't break.

Fix for bug 6710; bugfix on all released versions of Tor.
2012-08-27 11:19:29 -04:00
Nick Mathewson
5898c09c3a Fix whitespace 2012-08-27 10:53:40 -04:00
Nick Mathewson
7795f42e4b Merge branch 'bug6524_nm' 2012-08-27 10:33:24 -04:00
Jim Meyering
90d1c85757 build: minimal adjustments to make out-of-tree build work 2012-08-27 10:00:22 -04:00
Nick Mathewson
b3b4f31936 Merge remote-tracking branch 'linus/bug6364' 2012-08-27 09:53:37 -04:00
Nick Mathewson
6f7dbd3d34 Merge remote-tracking branch 'linus/bug6362' 2012-08-27 09:50:22 -04:00
Nick Mathewson
6864a44a4a Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-24 12:51:50 -04:00
Nick Mathewson
ce4add498f Merge remote-tracking branch 'public/bug6472' into maint-0.2.3 2012-08-24 12:51:02 -04:00
Nick Mathewson
ca09ea0a8b Make node_assert_ok less duplicatey
This comes at the cost of making its failure message a little less
friendly, but since when do assertion failures count as
user-friendly?
2012-08-24 12:48:23 -04:00
Nick Mathewson
03ca9c63c8 Clarify docs on get_configured_bridge_by_*_digest 2012-08-24 12:31:09 -04:00
Mike Perry
e13abda470 Bug 6647: Use correct scale constant and prevent rounding error
We were effectively resetting our counts, and the rounding error
leads to incorrect log messages.
2012-08-23 20:28:29 -07:00
Mike Perry
4950618b13 Bug 6475: Demote pathbias log messages for 0.2.3.x
Also make a couple of them less scary.

We'll do a separate, additional commit on 0.2.4.x to bump them back
up again.
2012-08-23 20:28:25 -07:00
Mike Perry
880c71304b Disable path bias accounting if we have no guards.
This should eliminate a lot of notices for Directory Authorities and other
situations where circuits built without using guard nodes.
2012-08-23 19:47:08 -07:00
Linus Nordberg
3410a46ebc Move ipv6_preferred from routerinfo_t to node_t.
Move extend_info_from_router() from circuitbuild.c to router.c and
make it static.

Add get_configured_bridge_by_orports_digest() and have
get_configured_bridge_by_routerinfo() and
node_is_a_configured_bridge() use it. We now consider all OR ports of
a bridge when looking for it.

Move node_get_*_orport to nodelist.c.

Fix a cut'n'paste error in header of nodelist.h.

Add node_assert_ok().

Add router_get_all_orports(). It's duplicating code from
node_get_all_orports(). Worth fixing at the cost of complicating the
API slightly?
2012-08-23 22:13:12 +02:00
Nick Mathewson
6d703f8db5 Make the _sha1.i file generation quieter 2012-08-23 13:14:41 -04:00
Linus Nordberg
734b09080f Fetch IPv6 address from NETINFO "other OR's address" field.
The my_apparent_addr is still unused, apart from now being logged in
the "Got good NETINFO cell" info message.
2012-08-21 18:43:36 +02:00
Nick Mathewson
64676d0571 Merge branch 'bug6638' 2012-08-21 11:20:58 -04:00
Nick Mathewson
939d01f0ba Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-21 10:36:51 -04:00
Nick Mathewson
991a8acba2 Merge remote-tracking branch 'public/bug6404' into maint-0.2.3 2012-08-21 10:35:40 -04:00
Nick Mathewson
d517233e71 Merge remote-tracking branch 'linus/bug6621' 2012-08-21 10:21:53 -04:00
Nick Mathewson
778d90122c Avoid spurious warnings in rend_service_introduce
There was some code in the "err:" block that would always log a
warning, reporting an "unknown error" if we hadn't set err_msg.  But
there were also plenty of "goto err" blocks that did their own
logging, and never set err_msg at all.  Now we should only log when
we have an error message to log.

This fixes bug 6638, from no released Tor version.
2012-08-21 10:15:52 -04:00
Linus Nordberg
9216e2819b Send IPv6 address in NETINFO cells.
Closes #6364.
2012-08-20 17:01:18 +02:00
Linus Nordberg
5671586dc7 Make all relays, not only bridges, capable of advertising an IPv6 OR port.
Closes #6362.
2012-08-19 14:48:22 +02:00
Nick Mathewson
661bd3fe71 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 17:10:16 -04:00
Nick Mathewson
88859b2ff1 whitespace fix 2012-08-17 17:10:03 -04:00
Nick Mathewson
223e7cfabe When iterating over connections pending DNS, skip marked ones
Failure to do this would lead to double-free cases and similar,
especially when the exit's DNS was broken. See bug 6472 for full
details; this is a fix for 6472.

Anonymous patch from "cypherpunks" on trac.
2012-08-17 16:46:11 -04:00
Nick Mathewson
1c64f99a1a Merge remote-tracking branch 'public/bug5124' 2012-08-17 16:05:09 -04:00
Nick Mathewson
d9746bd468 Remove needless flush-on-write code.
Long ago, before we had cell queues, it was necessary to maybe call
connection_handle_write() from connectino_write_to_buf_impl() on OR
connections, so that we wouldn't get into a loop of reading infinite
amounts of data and queueing it all on an outbuf before bothering to
write any data.

If that doesn't sounds like what our code does now, you're right:
right now, we won't stick more than OR_CONN_HIGHWATER bytes of cells
on an outbuf, and we won't suck more than CELL_QUEUE_HIGHWATER_SIZE
cells off any edge connection. So, there's no more call for that
code.

Removing this code will simplify our data flow, and that should be
something we can all get behind.
2012-08-17 16:01:30 -04:00
Nick Mathewson
a9d56289ee Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 15:59:40 -04:00
Linus Nordberg
9ed87b37d0 Consider IPv6 OR ports when deciding whether a routerinfo change is cosmetic.
Closes #6423.
2012-08-17 15:59:13 -04:00
Nick Mathewson
851197f11d Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 14:04:28 -04:00
Nick Mathewson
97602c9de4 Merge branch 'bug6379' into maint-0.2.3 2012-08-17 13:57:07 -04:00
Nick Mathewson
4c8fcba86c Fix more warnings from openbsd_malloc
Apparently, (void)writev is not enough to suppress the "you are
ignoring the return value!" warnings on Linux.  Instead, remove the
whole warning/error logic when compiling openbsd_malloc for Tor: we
can't use it.
2012-08-17 13:49:52 -04:00
Nick Mathewson
eec86939d1 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 12:39:31 -04:00
Nick Mathewson
e9172e51fb Merge remote-tracking branch 'public/bug6244_part_c' into maint-0.2.3 2012-08-17 12:37:49 -04:00
Nick Mathewson
1728801bbc Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 12:34:52 -04:00
Nick Mathewson
676f71054f Merge remote-tracking branch 'public/bug6507' into maint-0.2.3 2012-08-17 12:33:17 -04:00
Nick Mathewson
a4669d8704 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 12:10:44 -04:00
Nick Mathewson
a74d4182f1 Whitespace and build fixes on 6475 patch 2012-08-17 12:10:31 -04:00
Nick Mathewson
3621f30ad4 Merge remote-tracking branch 'mikeperry/bug6475' into maint-0.2.3 2012-08-17 12:08:42 -04:00
Nick Mathewson
274e281741 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-17 11:54:05 -04:00
Nick Mathewson
f25e8d034b Merge remote-tracking branch 'public/bug6514' into maint-0.2.3 2012-08-17 11:53:06 -04:00
Linus Nordberg
b1c4b3ad0e Make authorities not set Running unless all advertised OR ports are reachable.
Resolves #6621.
2012-08-17 12:53:25 +02:00
Mike Perry
4e42a8a2f2 Address Nick's comments from code review.
Also promote log messages to notice and rate-limit them.
2012-08-16 16:29:19 -07:00
Mike Perry
ec6a7effb8 Bug 6475: Explicitly track our path bias state.
This is done to avoid spurious warns. Additional log lines are also
added to try to track down the codepaths where we are somehow overcounting
success counts.
2012-08-15 19:59:55 -07:00
Nick Mathewson
6a33c33a12 Fix warnings and 64-bit problems in openbsd-malloc code
The warning fixes are:
  - Only define issetugid if it's missing.
  - Explicitly ignore the return value of writev.
  - Explicitly cast the retval of readlink() to int.

The 64-bit problems are related to just storing a size_t in an int. Not cool!  Use a size_t instead.

Fix for bug 6379. Bugfix on 0.2.0.20-rc, which introduced openbsd-malloc.
2012-08-15 19:26:53 -04:00
Nick Mathewson
2ba52f4095 Fix wildcarded address mappings from the control port
Apparently, we weren't actually detecting wildcardedness when parsing
them: whoops!

bug 6244.  Bugfix on 0.2.3.9-alpha
2012-08-15 17:59:30 -04:00
Nick Mathewson
959f850056 Raise the part of torrc mapaddress handling that knows wildcards
This patch extracts the inner part of config_register_addressmaps --
the part that knows about detecting wildcard addresses addresses --
and makes it into a new function.  The new function is deliberately
not moved or reindented, so that the diff is smaller.

I need this to fix bug 6244.
2012-08-15 17:52:40 -04:00
Nick Mathewson
cdd882ee71 Check for stream_id, not conn, on extend cells.
Extend cells aren't allowed to have a stream_id, but we were only
blocking them when they had a stream_id that corresponded to a
connection.  As far as I can tell, this change is harmless: it will
make some kinds of broken clients not work any more, but afaik nobody
actually make a client that was broken in that way.

Found while hunting for other places where we made the same mistake
as in 6271.

Bugfix on d7f50337c1 back from May 2003, which introduced
telescoping circuit construction into 0.0.2pre8.
2012-08-15 13:16:41 -04:00
Nick Mathewson
a9eed33111 Fix memory leak in dirvote_create_microdescriptor
Found by George, who gets a cookie.
2012-08-14 03:07:17 -04:00
Nick Mathewson
f45cde05f9 Remove tor_malloc_roundup().
This function never actually did us any good, and it added a little
complexity.  See the changes file for more info.
2012-08-13 13:27:32 -04:00
Nick Mathewson
d993b04485 Reject attempts to say FooPort and FooPort 0 in the same cfg domain 2012-08-09 16:13:03 -04:00
Nick Mathewson
e1fb3b8d65 Fix spaces from last patch 2012-08-09 16:02:57 -04:00
Nick Mathewson
dfe03d36c8 Don't infer we have a FooPort from the presence of a FooPort line
Thanks to the changes we started making with SocksPort and friends
in 0.2.3.3-alpha, any of our code that did "if (options->Sockport)"
became wrong, since "SocksPort 0" would make that test true whereas
using the default SocksPort value would make it false.  (We didn't
actually do "if (options->SockPort)" but we did have tests for
TransPort.  When we moved DirPort, ORPort, and ControlPort over to
the same system in 0.2.3.9-alpha, the problem got worse, since our
code is littered with checks for DirPort and ORPort as booleans.

This code renames the current linelist-based FooPort options to
FooPort_lines, and adds new FooPort_set options which get set at
parse-and-validate time on the or_options_t.  FooPort_set is true
iff we will actually try to open a listener of the given type. (I
renamed the FooPort options rather than leave them alone so that
every previous user of a FooPort would need to get inspected, and so
that any new code that forgetfully uses FooPort will need fail to
compile.)

Fix for bug 6507.
2012-08-09 15:48:43 -04:00
Nick Mathewson
07df4dd52d Refactor the core of choosing by weights into a function
This eliminates duplicated code, and lets us test a hairy piece of
functionality.
2012-08-09 14:15:58 -04:00
Nick Mathewson
9bfb274abb Refactor smartlist_choose_node_by_bandwidth to be less horrible.
With this patch, I dump the old kludge of using magic negative
numbers to indicate unknown bandwidths.  I also compute each node's
weighted bandwidth exactly once, rather than computing it once in
a loop to compute the total weighted bandwidth and a second time in
a loop to find which one we picked.
2012-08-09 12:59:04 -04:00
Nick Mathewson
50aecc68ca Use a smarter fix for bug 1203.
Previously, we had incremented rand_bw so that when we later tested
"tmp >= rand_bw", we wouldn't have an off-by-one error.  But instead,
it makes more sense to leave rand_bw alone and test "tmp > rand_bw".

Note that this is still safe.  To take the example from the bug1203
writeup: Suppose that we have 3 nodes with bandwidth 1.  So the
bandwidth array is { 1, 1, 1 }, and the total bandwidth is 3.  We
choose rand_bw == 0, 1, or 2.  With the first iteration of the loop,
tmp is now 1; with the second, tmp is 2; with the third, tmp is 3.
Now that our check is tmp > rand_bw, we will set i in the first
iteration of the loop iff rand_bw == 0; in the second iteration of
the loop iff rand_bw == 1, and in the third iff rand_bw == 2.
That's what we want.

Incidentally, this change makes the bug 6538 fix more ironclad: once
rand_bw is set to UINT64_MAX, tmp > rand_bw is obviously false
regardless of the value of tmp.
2012-08-09 12:41:28 -04:00
Nick Mathewson
640a51684c Remove remaining timing-dependency in choosing nodes by bandwidth
The old approach, because of its "tmp >= rand_bw &&
!i_has_been_chosen" check, would run through the second part of the
loop slightly slower than the first part.  Now, we remove
i_has_been_chosen, and instead set rand_bw = UINT64_MAX, so that
every instance of the loop will do exactly the same amount of work
regardless of the initial value of rand_bw.

Fix for bug 6538.
2012-08-09 12:40:03 -04:00
Nick Mathewson
e106812a77 Change smartlist_choose_node_by_bandwidth to avoid double
This should make our preferred solution to #6538 easier to
implement, avoid a bunch of potential nastiness with excessive
int-vs-double math, and generally make the code there a little less
scary.

"But wait!" you say.  "Is it really safe to do this? Won't the
results come out differently?"

Yes, but not much.  We now round every weighted bandwidth to the
nearest byte before computing on it.  This will make every node that
had a fractional part of its weighted bandwidth before either
slighty more likely or slightly less likely.  Further, the rand_bw
value was only ever set with integer precision, so it can't
accurately sample routers with tiny fractional bandwidth values
anyway.  Finally, doing repeated double-vs-uint64 comparisons is
just plain sad; it will involve an implicit cast to double, which is
never a fun thing.
2012-08-09 12:21:37 -04:00
Stewart Smith
2606c8b289 Fix up make distcheck and greatly simplify docs dependencies (although it's still a bit odd) 2012-08-09 11:03:48 -04:00
Stewart Smith
2e80ae895d fix circular dependency for generating code digests 2012-08-09 11:03:48 -04:00
Stewart Smith
8f466a1c60 fix TESTS to include full path to src/test/test 2012-08-09 11:03:48 -04:00
Stewart Smith
7bb04f111a fix dependencies for some generated files 2012-08-09 11:03:47 -04:00
Stewart Smith
2a4a149624 Move to non-recursive make
This gives us a few benefits:
1) make -j clean all
   this will start working, as it should. It currently doesn't.
2) increased parallel build
   recursive make will max out at number of files in a directory,
   non-recursive make doesn't have such a limitation
3) Removal of duplicate information in make files,
   less error prone

I've also slightly updated how we call AM_INIT_AUTOMAKE, as the way
that was used was not only deprecated but will be *removed* in the next
major automake release (1.13).... so probably best that we can continue
to bulid tor without requiring old automake.
(see http://www.gnu.org/software/automake/manual/html_node/Public-Macros.html )

For more reasons  why, see resources such as:
http://miller.emu.id.au/pmiller/books/rmch/
2012-08-09 11:03:47 -04:00
Nick Mathewson
ca90aea5eb Temporarily make spurious sendmes warn louder at arma's suggestion. 2012-08-09 10:55:33 -04:00
Nick Mathewson
0b21170085 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-09 10:52:45 -04:00
Nick Mathewson
91b52a259a Merge remote-tracking branch 'public/bug6252_again' into maint-0.2.3 2012-08-09 10:50:11 -04:00
Nick Mathewson
d373922217 Speak not the name of INT_MIN; it can upset older compilers
And more to the point, some GCCs will warn that you can't say it
before C90.

Bug not in any released version of Tor.
2012-08-03 13:54:12 -04:00
Nick Mathewson
aa584fd3a3 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-03 12:04:36 -04:00
Nick Mathewson
93be3a8822 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3
Conflicts:
	src/or/routerlist.c
2012-08-03 12:04:11 -04:00
Robert Ransom
308f6dad20 Mitigate a side-channel leak of which relays Tor chooses for a circuit
Tor's and OpenSSL's current design guarantee that there are other leaks,
but this one is likely to be more easily exploitable, and is easy to fix.
2012-08-03 11:49:51 -04:00
Nick Mathewson
860c4fc811 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-03 11:46:03 -04:00
Robert Ransom
82c5e385cb Remove bogus comment claiming that an assertion is triggerable by consensus 2012-08-03 11:45:33 -04:00
Nick Mathewson
6c64681879 Fix a bunch of "implicit 64->32" warnings from introduce refactoring 2012-08-03 11:31:04 -04:00
Nick Mathewson
babf8e2a85 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-08-03 11:23:06 -04:00
Nick Mathewson
1040afb242 Merge remote-tracking branch 'origin/maint-0.2.2' into maint-0.2.3 2012-08-03 11:18:40 -04:00
Nick Mathewson
57e35ad3d9 Avoid possible segfault when handling networkstatus vote with bad flavor
Fix for 6530; fix on 0.2.2.6-alpha.
2012-08-03 10:53:00 -04:00
Matthew Finkel
b50eb14bbf Updated docs for new connections. 2012-08-02 16:15:23 -04:00
Nick Mathewson
65d8448209 Merge remote-tracking branch 'sysrqb/bug6518' 2012-08-02 15:45:10 -04:00
Matthew Finkel
a47e4343de Constify struct sockaddr *sa parameter for check
The values are only being checked, not modified.
2012-08-02 15:29:38 -04:00
Matthew Finkel
d91bbf376c Removed redundant check_sockaddr_family_match call 2012-08-02 15:13:34 -04:00
Nick Mathewson
2d6d5db2fe Defensive programming: clear rs_out between iterations.
I can't currently find a bug here, but there are a couple of
near-misses.  Addresses ticket 6514; reported pseudonymously on
IRC.
2012-08-01 17:25:34 -04:00
Nick Mathewson
c49975a2b8 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-31 17:20:36 -04:00
Nick Mathewson
62637fa224 Avoid hard (impossible?)-to-trigger double-free in dns_resolve()
Fixes 6480; fix on 0.2.0.1-alpha; based on pseudonymous patch.
2012-07-31 17:19:17 -04:00
Nick Mathewson
3763959ef0 test_assert is always in affect: no need for extra gotos 2012-07-31 17:08:13 -04:00
Nick Mathewson
3c30417339 Remove duplicate code in test_introduce.c
Two of the do_*_test functions were actually prefixes of the third,
which suggests a trivial code elimination step
2012-07-31 17:08:13 -04:00
Nick Mathewson
92f5eaa235 Whitespace tweaks 2012-07-31 17:08:13 -04:00
Andrea Shepard
96c7612679 Unit tests for new rend_intro_cell_t parser 2012-07-31 17:08:13 -04:00
Andrea Shepard
048c128f93 Add replaycache.h to noinst_HEADERS in src/or/Makefile.am 2012-07-31 17:08:12 -04:00
Andrea Shepard
471ab34032 Refactor INTRODUCE2 parsing code in rend_service_introduce() 2012-07-31 17:08:12 -04:00
Andrea Shepard
36c968491f Use new replaycache_t structure for replay detection in rend_service_introduce() 2012-07-31 17:08:12 -04:00
Andrea Shepard
8f63ef10ad Implement replaycache_t for bug 6177, and unit tests for the preceding 2012-07-31 17:08:05 -04:00
Nick Mathewson
d3e1e458e1 Remove the upper limit on the size of MD we can generate. 2012-07-31 13:12:07 -04:00
Nick Mathewson
063138e001 Warn at parse time for routerstatus entry missing a microdesc consensus
In 0.2.3.18-rc, we started warning on this case while building a
list of missing microdescriptor digests.  That turned out to spam
the logs; instead let's warn at parse time.

Partial fix for bug 6404.
2012-07-31 11:01:57 -04:00
Nick Mathewson
7143d112a6 Don't include a router in an md consensus if we can't find a md for it.
The spec requires that every router in a microdesc consensus have an
m line; we weren't obeying that spec.

This creates a new consensus method (13) to allow voting to continue
to work right. Partial fix for bug 6404; fix on 0.2.2.6-alpha.
2012-07-31 10:54:14 -04:00
Nick Mathewson
2503cfad24 Allow microdescs to be up to 2k. Partial fix for 6404. 2012-07-31 10:48:35 -04:00
Nick Mathewson
5919e8e561 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-31 10:29:34 -04:00
Nick Mathewson
aed93f8ad9 Merge branch 'bug6490_v2' into maint-0.2.3 2012-07-31 10:28:43 -04:00
Nick Mathewson
2bd45213c9 Warn when accounting is used in a way likely to link hidden services
Fix for 6490.
2012-07-31 10:28:16 -04:00
Roger Dingledine
1049d315d7 Merge branch 'maint-0.2.3' 2012-07-31 05:10:23 -04:00
Roger Dingledine
1004489354 trivial grammar fix 2012-07-31 05:10:05 -04:00
Nick Mathewson
08e65ce04f Fix small memleak introduced in recent patch; fixe 6455. 2012-07-24 10:20:00 -04:00
Nick Mathewson
20b625a0fd Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-23 12:36:04 -04:00
Nick Mathewson
692005b38d Merge remote-tracking branch 'asn/bug6274_take3' into maint-0.2.3 2012-07-23 12:35:23 -04:00
Linus Nordberg
fff842a47c Add config option AuthDirPublishIPv6.
Test for config option AuthDirPublishIPv6 == 1 rather than for running
as a bridge authority when deciding whether to care or not about IPv6
OR ports in descriptors.

Implements enhancement #6406.
2012-07-19 17:51:15 -04:00
Nick Mathewson
6208106c18 Try to re-approximate the older semantics of nodelist_add_routerinfo 2012-07-19 17:51:15 -04:00
Linus Nordberg
dee4f068ee Don't shadow 'buf'. 2012-07-19 18:21:23 +02:00
Linus Nordberg
044da1bf0f Add configure option AuthDirHasIPv6Connectivity.
Implements enhancement 5974.
2012-07-19 18:21:22 +02:00
Linus Nordberg
cdef2b181a Rename routers_have_same_or_addr() to reflect the fact that it now checks both OR ports. 2012-07-19 18:21:22 +02:00
Linus Nordberg
7c80a4502c Include IPv6 OR ports in status documents only if we're a bridge authority. 2012-07-19 18:21:21 +02:00
Linus Nordberg
6d99c51f15 Don't put unreachable IPv6 OR port in routerstatus.
To have only reachable ports in "a" lines.
2012-07-19 18:21:21 +02:00
Linus Nordberg
dda177b19e Add "a" line to status document. 2012-07-19 18:21:21 +02:00
Linus Nordberg
4cce8ab742 Add last_reachable and testing_since for IPv6 OR port. 2012-07-19 18:21:20 +02:00
Linus Nordberg
c1ff07440e Don't assume that a node has routerinfo.
We can end up in dirserv_orconn_tls_done() with a node missing
routerinfo in at least two cases -- command_process_certs_cell() and
connection_or_check_valid_tls_handshake() -- and probably more.
2012-07-19 18:21:20 +02:00
Linus Nordberg
631ec5c4fe Move last_reachable and testing_since from routerinfo_t to node_t. 2012-07-19 18:21:20 +02:00
Nick Mathewson
24451e6f7d Avoid double-typedef of transport_t.
You can say "struct foo_t" as much as you want, but you'd better not
have "typedef struct foo_t foo_t" more than once.

Fix for bug 6416.  Bug not in any released version of Tor.
2012-07-19 09:06:11 -04:00
George Kadianakis
a1d060a68f Better handling of server managed proxies when Tor is not a relay. 2012-07-18 20:01:02 +02:00
Nick Mathewson
5ade278605 Check ewma_enabled before doing circ-has-become-inactive check
This avoids a possible crash bug in flush_from_first_active_circuit.

Fixes bug 6341; bugfix on 0.2.2.7-alpha.

Bug reported and fixed by a pseudonymous user on IRC.
2012-07-18 10:28:55 -04:00
Roger Dingledine
c1bd104111 Detect bug 6252 (unexpected sendme cell)
I only check on circuits, not streams, since bloating your stream
window past the initial circuit window can't help you much.

Also, I compare to CIRCWINDOW_START_MAX so we don't have surprising
races if we lower CIRCWINDOW_START for an experiment.
2012-07-18 10:23:04 -04:00
Nick Mathewson
f8c9cc713d Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-18 10:14:40 -04:00
Nick Mathewson
b355ddb20f Merge branch 'smartlist_shorten' into maint-0.2.3 2012-07-18 10:14:14 -04:00
Nick Mathewson
78dec94307 Tweaks to 6400 changes file and docs as suggested by arma 2012-07-18 10:12:19 -04:00
Nick Mathewson
ec8bdc5da8 Merge remote-tracking branch 'asn/bug3589' 2012-07-17 12:05:08 -04:00
Nick Mathewson
f9478b7a79 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-17 12:03:10 -04:00
Nick Mathewson
4cac5df554 Improve message on spurious SOCKSListenAddress 2012-07-17 12:02:55 -04:00
Nick Mathewson
efdf6c7118 Fix the remaining instances of nexted SMARTLIST_FOREACH 2012-07-17 10:41:24 -04:00
Nick Mathewson
7faf115dff Change all SMARTLIST_FOREACH loops of >=10 lines to use BEGIN/END
The SMARTLIST_FOREACH macro is more convenient than BEGIN/END when
you have a nice short loop body, but using it for long bodies makes
your preprocessor tell the compiler that all the code is on the same
line.  That causes grief, since compiler warnings and debugger lines
will all refer to that one line.

So, here's a new style rule: SMARTLIST_FOREACH blocks need to be
short.
2012-07-17 10:34:08 -04:00
Nick Mathewson
0b6fb5ebcd Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-17 09:50:18 -04:00
Linus Nordberg
21c6c84853 Allow TestingTorNetwork when alternate dir and bridge authorities are set.
Allow TestingTorNetwork when AlternateDirAuthority and
AlternateBridgeAuthority is set even if DirServer is not.
2012-07-17 09:35:38 -04:00
Nick Mathewson
7ac8a4a037 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-16 11:50:53 -04:00
Nick Mathewson
93b7301755 Refer to the correct variable in a loop when parsing entry guard state
Fixes bug 6397 and coverity issue 709599. Bugfix on 0.2.3.17-beta.
2012-07-16 11:49:45 -04:00
Nick Mathewson
d32f5081e1 Coverity 709056: Check return value on fputs in tor-gencert 2012-07-16 11:38:39 -04:00
George Kadianakis
8b9f4d75f2 Address Nick's comments.
- Add a changes/ file.
- Make it compile under --enable-gcc-warnings.
- Update the file-level documentation of src/or/transports.c.
- Only update descriptor if at least a managed proxy was configured.
- Add our external IP address to the extra-info descriptor instead of 0.0.0.0.
2012-07-12 15:28:43 +02:00
Roger Dingledine
6cad84503b Merge branch 'maint-0.2.3' 2012-07-06 16:32:08 -04:00
Roger Dingledine
5ddb9b3134 Merge branch 'maint-0.2.2' into maint-0.2.3 2012-07-06 16:31:40 -04:00
Roger Dingledine
4e7552e552 Revert to the May 2012 geoip db
The June 2012 db marks too many relays as country "A1".
Addresses bug 6334.
2012-07-06 16:29:51 -04:00
Roger Dingledine
1fee920999 Merge branch 'maint-0.2.3' 2012-07-06 08:59:26 -04:00
Roger Dingledine
27ec0248d2 Merge remote-tracking branch 'nickm/bug6271_part_a' into maint-0.2.3 2012-07-06 08:57:29 -04:00
Nick Mathewson
7e1a0bb24e Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-06 08:03:16 -04:00
George Kadianakis
62c1311b3a Fix port range in parse_port_range(). 2012-07-06 08:02:14 -04:00
Nick Mathewson
419f541aa7 Fix a bug handling SENDME cells on nonexistent streams.
This could result in bizarre window values. Report and patch
contributed pseudymously.  Fixes part of bug 6271. This bug was
introduced before the first Tor release, in svn commit r152.

(bug 6271, part a.)
2012-07-06 07:29:54 -04:00
Nick Mathewson
d30783ecbb Fix compilation on 32-bit. Fix for bug 6277, not in any released tor. 2012-07-05 16:44:07 -04:00
Nick Mathewson
7e8d7a017e Merge remote-tracking branch 'origin/maint-0.2.3' 2012-07-05 05:08:54 -04:00
Nick Mathewson
e9b33ed1bf On windows, ENOBUFS starts with WSA. #6296. Fix on 0.2.18-rc 2012-07-05 05:01:00 -04:00
George Kadianakis
f8e49c5789 Change extra-info "method" to "transport". 2012-07-03 21:26:03 +03:00
George Kadianakis
ca4e986c1d Mark descriptor as dirty if all managed proxies are configured. 2012-07-03 21:26:03 +03:00
George Kadianakis
9dea3a03b9 Add pluggable transport info to extra-info descriptors. 2012-07-03 21:26:03 +03:00
George Kadianakis
4bafe24400 Constify some functions. 2012-07-03 21:26:03 +03:00
George Kadianakis
17caec3676 Make some transports.c functions static.
- Also reorder functions.
2012-07-03 21:26:03 +03:00
George Kadianakis
aecc728a5a Refactor mp->transports to use transport_t. 2012-07-03 21:26:03 +03:00
George Kadianakis
d11b772a6c Introduce a transport_t deep copy function. 2012-07-03 21:26:03 +03:00
George Kadianakis
6173d36340 Move transport-related functions from circuitbuild.c to transports.c.
Move 'transport_t' to transports.h, and all transport-related
functions that don't rely on 'bridge_list' to transports.c.
2012-07-03 21:26:03 +03:00
Roger Dingledine
46434ecf5b Merge branch 'maint-0.2.3' 2012-07-01 17:37:59 -04:00
Roger Dingledine
d13389b30e Revert "Detect bug 6252 (unexpected sendme cell)"
This reverts commit c32ec9c425.

It turns out the two sides of the circuit don't actually stay in sync,
so it is perfectly normal for the circuit window on the exit relay to
grow to 2000+. We should fix that bug and then reconsider this patch.
2012-07-01 17:36:35 -04:00
Roger Dingledine
6061cd584c Merge branch 'maint-0.2.3' 2012-07-01 05:32:37 -04:00
Roger Dingledine
c32ec9c425 Detect bug 6252 (unexpected sendme cell)
I only check on circuits, not streams, since bloating your stream
window past the initial circuit window can't help you much.

Also, I compare to CIRCWINDOW_START_MAX so we don't have surprising
races if we lower CIRCWINDOW_START for an experiment.
2012-07-01 05:27:08 -04:00
Nick Mathewson
6abdcdf116 Fix crash bug from 4a8eaad7 (Bug 6255)
We were doing a tor_strclear() on client_keys_str when it might not
even be set.

Fix for bug 6255; bug not in any release of Tor.  Thanks to katmagic
for finding this one!
2012-06-29 00:32:27 -04:00
Nick Mathewson
da3edc4df0 Fix clang warning on d4285f03df. Not in any released tor. 2012-06-29 00:22:57 -04:00
Nick Mathewson
9c5a118272 bump version to 0.2.3.18-rc-dev 2012-06-28 16:01:55 -04:00
Nick Mathewson
19a81ef020 Merge commit '81cd3d7ad641a8dbf' 2012-06-28 15:52:57 -04:00
Nick Mathewson
e13e9c40c8 Never emit the "opt" prefix in any directory stuff
Fix for bug 5124.
2012-06-28 15:47:07 -04:00
Nick Mathewson
1e008e9876 Make check-spaces happy again 2012-06-28 15:40:08 -04:00
Brendan C
a6169800f8 Fix bug 3842: add a GETINFO signal/names
Also refactor SIGNAL so that it and signal/names use the same table.

(commit message by nickm)
2012-06-28 15:39:19 -04:00
Roger Dingledine
64f8e68e65 bump to 0.2.3.18-rc 2012-06-28 15:34:33 -04:00
Roger Dingledine
81cd3d7ad6 add a blurb for 0.2.3.18-rc, other minor cleanups 2012-06-28 15:32:36 -04:00
meejah
12298901fd add new GETINFO config/defaults
returns the default values for every configuration item, similar
to GETINFO config/names; include a changes entry for it.

Fix for bug 4971
2012-06-28 15:15:51 -04:00
Roger Dingledine
dd7a27d17e fix grammar in comment 2012-06-28 13:43:01 -04:00
Nick Mathewson
96746e39f6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-28 10:57:23 -04:00
Nick Mathewson
217862b317 Merge remote-tracking branch 'public/bug6244_part2' into maint-0.2.3 2012-06-28 10:49:32 -04:00
Nick Mathewson
d4a64fdc02 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-28 10:48:06 -04:00
Andrea Shepard
bdc8270280 Downgrade 'Got a certificate, but we already have it' log message from warning to info, except when we're a dirauth (fixes bug 5238) 2012-06-28 10:42:43 -04:00
Nick Mathewson
d4285f03df Extend tor_sscanf so it can replace sscanf in rephist.c
Fixes bug 4195 and Coverity CID 448
2012-06-28 09:54:05 -04:00
Nick Mathewson
28c42fe029 Fix GETINFO address-mappings/... with wildcarded addresses. 2012-06-27 23:55:01 -04:00
Nick Mathewson
e12eba55b2 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-27 23:45:59 -04:00
Nick Mathewson
23f2e37ff7 Allow wildcarded mapaddress targets in controller MAPADDRESS command 2012-06-27 23:38:04 -04:00
Nick Mathewson
86197dfd4f Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-26 11:04:43 -04:00
Nick Mathewson
6330d2d9e6 Merge remote-tracking branch 'public/bug6227' into maint-0.2.3 2012-06-26 11:03:56 -04:00
Nick Mathewson
05dd0a9cd9 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-26 11:03:32 -04:00
Nick Mathewson
5fad3dc36b Fix a warning when using glibc's strcspn with clang.
With glibc 2.15 and clang 3.0, I get warnings from where we use the
strcpsn implementation in the header as strcspn(string, "=").  This
is apparently because clang sees that part of the strcspn macro
expands to "="[2], and doesn't realize that that part of the macro
is only evaluated when "="[1] != 0.
2012-06-26 11:02:44 -04:00
Nick Mathewson
9c8ec0aa20 Add a unit test for environment_variable_names_equal
I need this because I'm about to frob that function to stop using
strcspn() in order to get rid of a clang warning.
2012-06-26 10:50:37 -04:00
Nick Mathewson
201b852c27 Fix a compilation warning with clang 3.0
In b1ad1a1d02 we introduced an implicit (but safe)
long-to-int shortening that clang didn't like.

Warning not in any released version of Tor.
2012-06-26 10:48:31 -04:00
Nick Mathewson
4050800251 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-26 10:30:51 -04:00
Nick Mathewson
c4586f4df7 Downgrade message about md cache cleaning from notice to info
Fix for #6238
2012-06-26 10:30:11 -04:00
Nick Mathewson
4645f28c3b Bump the test util/threads timeout up to 150 sec
This should make some debian build systems happier.

Also, increase the select() timeout to a more reasonable 100 msec.
2012-06-25 13:44:34 -04:00
Nick Mathewson
7c9f6a994f Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-25 13:23:07 -04:00
George Kadianakis
53e4452f98 Don't do DNS lookups when parsing corrupted managed proxy messages.
The functions parse_{s,c}method_line() were using
tor_addr_port_lookup() which is capable of doing DNS lookups. DNS
lookups should not be necessary when parsing {C,S}METHOD lines.
2012-06-25 13:19:22 -04:00
Nick Mathewson
888d5d08fe Merge remote-tracking branch 'public/bug2385' 2012-06-25 12:05:36 -04:00
Nick Mathewson
aad71eef1b Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-25 11:59:33 -04:00
Nick Mathewson
2703e072a1 Merge remote-tracking branch 'public/bug6225' into maint-0.2.3 2012-06-25 11:51:19 -04:00
Nick Mathewson
8e5d3cab26 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-23 15:54:33 -04:00
Nick Mathewson
a6688c574e Catch a few more K&R violations with make check-spaces
We now catch bare {s that should be on the previous line with a do,
while, if, or for, and elses that should share a line with their
preceding }.

That is,
    if (foo)
    {
and
    if (foo) {
      ...
    }
    else

are now detected.

We should think about maybe making Tor uncrustify-clean some day,
but configuring uncrustify is an exercise in bizarreness, and
reformatting huge gobs of Tor is always painful.
2012-06-23 15:54:01 -04:00
Nick Mathewson
db9ce36b25 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-23 15:37:57 -04:00
Nick Mathewson
ffd7189b3f Don't assert in get_string_from_pipe() on len==0
We can treat this case as an EAGAIN (probably because of an
unexpected internal NUL) rather than a crash-worthy problem.

Fixes bug 6225, again.  Bug not in any released version of Tor.
2012-06-23 15:35:43 -04:00
Nick Mathewson
b1ad1a1d02 Resolve crash caused by format_helper_exit_status changes in #5557
Because the string output was no longer equal in length to
HEX_ERRNO_SIZE, the write() call would add some extra spaces and
maybe a NUL, and the NUL would trigger an assert in
get_string_from_pipe.

Fixes bug 6225; bug not in any released version of Tor.
2012-06-23 15:32:04 -04:00
George Kadianakis
8c3a4a1d21 Improve log message issued when a managed proxy fails to launch. 2012-06-23 15:05:46 -04:00
Nick Mathewson
7761c1d6ac Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-22 22:41:12 -04:00
Nick Mathewson
ebda15e4b5 Merge remote-tracking branch 'public/bug6211' into maint-0.2.3 2012-06-22 22:38:59 -04:00
Nick Mathewson
a9de982c34 Merge remote-tracking branch 'public/bug6203_v2' into maint-0.2.3 2012-06-22 22:33:14 -04:00
Nick Mathewson
a08bbefa9b Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-22 22:23:20 -04:00
Nick Mathewson
4a7e4129af Style tweaks and add a warning about NUL-termination 2012-06-22 22:21:20 -04:00
Andrea Shepard
770374a6b3 Add unit test for format_hex_number_for_helper_exit_status() 2012-06-22 22:21:20 -04:00
Andrea Shepard
c21af69f29 Refactor unsigned int hex formatting out of format_helper_exit_status() in util.c 2012-06-22 22:21:20 -04:00
Andrea Shepard
4c62cc6f99 Make format_helper_exit_status() avoid unnecessary spaces 2012-06-22 22:21:19 -04:00
Nick Mathewson
f96f319b9e Increment master branch version to 0.2.4.0-alpha-dev 2012-06-20 16:41:31 -04:00
Nick Mathewson
c239c57d3c Fix a regression bug in AllowDotExit
The code that detected the source of a remapped address checked that
an address mapping's source was a given rewrite rule if addr_orig had
no .exit, and addr did have a .exit after processing that rule.  But
addr_orig was formatted for logging: it was not the original address
at all, but rather was the address escaped for logging and possibly
replaced with "[scrubbed]".

This new logic will correctly set ADDRMAPSRC_NONE in the case when the
address starts life as a .exit address, so that AllowDotExit can work
again.

Fixes bug 6211; bugfix on 0.2.3.17-beta
2012-06-19 19:50:03 -04:00
Nick Mathewson
0600e8cab1 Disable warning for marked-but-reading in main.c
It turns out this can happen.  Even though there is no reason for
connections to be marked but reading, we leave them reading anyway,
so warning here is unwarranted.  Let's turn that back on once we do
something sensible and disable reading when we mark.  Bugfix for
6203 on Tor 0.2.3.17-beta.

Thanks to cypherpunks for pointing out the general stupidity of the
original code here.
2012-06-19 12:22:43 -04:00
Nick Mathewson
4a8eaad7ef Clear a couple more fields in rend_service_load_auth_keys 2012-06-18 13:13:53 -04:00
Nick Mathewson
b8d1e8e375 Refactor exit path in rend_service_load_auth_keys
Now it's an orthodox "goto err/done" exit path, and it isn't some
screwy thing where we stick err/done at the end of a loop and
duplicate our cleanup code.
2012-06-18 13:10:02 -04:00
Nick Mathewson
e5a61c5176 Fix indentation in rend_service_load_auth_keys 2012-06-18 13:01:33 -04:00
Nick Mathewson
be28d10622 Refactor rend_service_load_keys() into main portion and auth portion. 2012-06-18 12:59:29 -04:00
Nick Mathewson
53f5a38942 Fix indentation and whitespace in rend_service_load_keys 2012-06-18 12:45:55 -04:00
Nick Mathewson
b44693f32d Refactor rend_service_load_keys() into outer loop and loop contents 2012-06-18 12:43:20 -04:00
Nick Mathewson
e6782b355a Merge remote-tracking branch 'public/bug3311' 2012-06-18 12:07:39 -04:00
Nick Mathewson
4432fa40dd Merge remote-tracking branch 'andrea/bug6028' 2012-06-18 11:51:55 -04:00
Roger Dingledine
26855fe22c conn_type_to_string() on a listener already says it's a listener 2012-06-16 02:29:03 -04:00
Andrea Shepard
10130e5979 Appease make check-spaces 2012-06-15 21:48:15 -07:00
Andrea Shepard
b5280efc17 Clean up keys on stack in rend_parse_service_authorization() 2012-06-15 21:47:06 -07:00
Andrea Shepard
7f24b9b8c3 Clean up keys on stack in rend_client_refetch_v2_renddesc() 2012-06-15 21:39:28 -07:00
Andrea Shepard
a8bcbe7bf7 Clean up keys on stack in rend_client_send_introduction() 2012-06-15 21:25:25 -07:00
Andrea Shepard
ab2e007ffb In rend_service_load_keys(), clear extended descriptor cookie and buffer, clear temporary heap space for client key, and check if serializing client key fails 2012-06-15 21:17:02 -07:00
Andrea Shepard
276f95182c Clean keys on stack in rend_service_rendezvous_has_opened() 2012-06-15 20:54:45 -07:00
Andrea Shepard
88c5d3ca55 Clean keys on stack in rend_service_intro_has_opened() 2012-06-15 20:43:33 -07:00
Andrea Shepard
d43ba536df Clean up keys on stack in rend_service_introduce() 2012-06-15 20:19:02 -07:00
Andrea Shepard
9f55dfd915 Clean up keys on stack in rend_service_load_keys() 2012-06-15 19:54:54 -07:00
Roger Dingledine
c37b8023b7 fix the typo on the typo fix 2012-06-15 20:34:16 -04:00
Andrea Shepard
1f7f10e4f3 Always set *socket_error to something appropriate when returning -1 from connection_connect() 2012-06-15 16:53:32 -07:00
Roger Dingledine
ca525db02d fix typos from 783f705d 2012-06-15 17:08:25 -04:00
Nick Mathewson
97555f4537 fix a compiler warning added in one of my XXX023 fixes. 2012-06-15 16:43:59 -04:00
Nick Mathewson
30c4653780 Whitespace fix 2012-06-15 16:12:24 -04:00
Nick Mathewson
eab75d2c36 Fix a typo found by Mike. 2012-06-15 16:12:04 -04:00
Nick Mathewson
bdfb399867 Merge remote-tracking branch 'public/xxx023' 2012-06-15 16:10:59 -04:00
Nick Mathewson
87409771c4 Clarify some messages about publishing hidden service descriptors
Fix for bug 3311.
2012-06-15 15:25:46 -04:00
Nick Mathewson
cc21e56ed4 Check the correct consensus before giving it to the client
Previously, a directory would check the latest NS consensus for
having the signatures the client wanted, and use that consensus's
valid_until time to set the HTTP lifetime.  With this patch, the
directory looks at NS consensus or the microdesc consensus,
depending on what the client asked for.
2012-06-15 15:07:54 -04:00
Nick Mathewson
32bf258881 Change a silent ignore-the-bug in microdesc.c to a LOG_INFO
I don't believe this bug occurs, but there was an XXX023 to make
sure it doesn't.
2012-06-15 15:07:54 -04:00
Nick Mathewson
e62104a7d2 Move tor_gettimeofday_cached() into compat_libevent 2012-06-15 15:07:53 -04:00
Nick Mathewson
1755f792ed Refactor GETINFO process/descriptor-limit
Previously it duplicated some getrlimit code and content from compat.c;
now it doesn't.
2012-06-15 15:07:53 -04:00
Nick Mathewson
783f705ddc Document that we are unlikely to underflow session group IDs. 2012-06-15 15:07:53 -04:00
Nick Mathewson
2491fff5a6 Triage the XXX023 and XXX022 comments: postpone many. 2012-06-15 15:07:52 -04:00
Nick Mathewson
879b1e1010 Merge remote-tracking branch 'public/bug5932' 2012-06-15 14:44:32 -04:00
Nick Mathewson
8030ec4f27 Downgrade log messages about cbt enabled/disabled. Bug 6169. 2012-06-15 09:57:18 -04:00
Roger Dingledine
afa07b4f87 bump to 0.2.3.17-beta-dev 2012-06-15 04:29:32 -04:00
Roger Dingledine
a1caa96f9b another little step at making debugging 5458 easier 2012-06-15 03:58:47 -04:00
Roger Dingledine
5625812f9a tab-man returneth (this time using the name 'rob') 2012-06-15 03:28:18 -04:00
Roger Dingledine
4c87e82c6c bump to 0.2.3.17-beta 2012-06-15 03:13:00 -04:00
Mike Perry
daedae4115 Lower the default path bias notice rate to 40%.
I saw 72% on a test run with 26 circuits. 70% might be a little close to the
line. That, or min_circs is too low and we need to be more patient. We still
need to test/simulate more.
2012-06-14 21:20:10 -07:00
Mike Perry
61a5730392 For now, never disable any guards. 2012-06-14 13:20:01 -07:00
Mike Perry
8d59690033 Defend against entry node path bias attacks
The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.

If the failure rate exceeds a certain amount, a notice is emitted.

If it exceeds a greater amount, a warn is emitted and the guard is disabled.

These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
2012-06-14 13:19:56 -07:00
Nick Mathewson
4fdce6b091 Merge remote-tracking branch 'asn-mytor/bug5589_take2' 2012-06-14 13:05:16 -04:00
George Kadianakis
aa212b173c Remove validate_pluggable_transports_config(): redundant since 9d9b5ed0.
The warning message of validate_pluggable_transports_config() is
superseded by the changes in the warning message of
connection_or_connect() when the proxy credentials can't be found.
2012-06-14 18:01:22 +03:00
Nick Mathewson
e5beb82e04 Merge remote-tracking branch 'public/bug4663' 2012-06-13 17:01:53 -04:00
Nick Mathewson
5b0977df31 One more fix for bug 5049. 2012-06-13 16:45:13 -04:00
Andrea Shepard
d98590d3b7 Satisfy make check-spaces 2012-06-13 16:45:13 -04:00
Andrea Shepard
aa284561c8 Move cbt->liveness.timeouts_after_firsthop free code into its own function 2012-06-13 16:45:13 -04:00
Andrea Shepard
39a9178ba7 Early exit from circuit_build_times_set_timeout() if adaptive timeouts are disabled 2012-06-13 16:45:13 -04:00
Andrea Shepard
0c3c0b1ddd Don't poll to see if we need to build circuits for timeout data if LearnCircuitBuildTimeout is disabled 2012-06-13 16:45:12 -04:00
Andrea Shepard
a0f76289fd Use K&R style 2012-06-13 16:45:12 -04:00
Andrea Shepard
7df26de948 Unconditionally use config CircuitBuildTimeout if LearnCircuitBuildTimeout is disabled 2012-06-13 16:44:33 -04:00
Andrea Shepard
5177ab9e47 Don't track circuit timeout history unless we're actually using adaptive timeouts 2012-06-13 16:44:33 -04:00
Andrea Shepard
41a458ece1 Add debug logging to circuit_build_times_* of circuitbuild.c to trace queries of consensus parameters for bug 5049 2012-06-13 16:44:33 -04:00
Nick Mathewson
54ef039ba5 Merge branch 'bug5263_023' 2012-06-13 16:23:16 -04:00
Nick Mathewson
9282c88998 Add rate-limited log message to bug5263 fix
Initially I said, "I claim that we shouldn't be reading and marked;
let's see if I'm right."  But Rob finds that it does.
2012-06-13 16:21:06 -04:00
Rob G. Jansen
03b48352c6 Fix busy Libevent loops (infinite loops in Shadow)
There is a bug causing busy loops in Libevent and infinite loops in
the Shadow simulator. A connection that is marked for close, wants
to flush, is held open to flush, but is rate limited (the token
bucket is empty) triggers the bug.

This commit fixes the bug. Details are below.

This currently happens on read and write callbacks when the active
socket is marked for close. In this case, Tor doesn't actually try
to complete the read or write (it returns from those methods when
marked), but instead tries to clear the connection with
conn_close_if_marked(). Tor will not close a marked connection that
contains data: it must be flushed first. The bug occurs when this
flush operation on the marked connection can not occur because the
connection is rate-limited (its write token bucket is empty).

The fix is to detect when rate limiting is preventing a marked
connection from properly flushing. In this case, it should be
flagged as read/write_blocked_on_bandwidth and the read/write events
de-registered from Libevent. When the token bucket gets refilled, it
will check the associated read/write_blocked_on_bandwidth flag, and
add the read/write event back to Libevent, which will cause it to
fire. This time, it will be properly flushed and closed.

The reason that both read and write events are both de-registered
when the marked connection can not flush is because both result in
the same behavior. Both read/write events on marked connections will
never again do any actual reads/writes, and are only useful to
trigger the flush and close the connection. By setting the
associated read/write_blocked_on_bandwidth flag, we ensure that the
event will get added back to Libevent, properly flushed, and closed.

Why is this important? Every Shadow event occurs at a discrete time
instant. If Tor does not properly deregister Libevent events that
fire but result in Tor essentially doing nothing, Libevent will
repeatedly fire the event. In Shadow this means infinite loop,
outside of Shadow this means wasted CPU cycles.
2012-06-13 16:04:07 -04:00
Nick Mathewson
37ef4f1689 Change smartlist_create->smartlist_new in bug4744 branch as merged to master 2012-06-13 12:16:02 -04:00
Nick Mathewson
aa1fc73e33 Merge branch 'bug4744_squashed' 2012-06-13 12:09:13 -04:00
Nick Mathewson
df6bd478ee Implement the client side of proposal 198
This is a feature removal: we no longer fake any ciphersuite other
than the not-really-standard SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
(0xfeff).  This change will let servers rely on our actually
supporting what we claim to support, and thereby let Tor migrate to
better TLS ciphersuites.

As a drawback, Tor instances that use old openssl versions and
openssl builds with ciphers disabled will no longer give the
"firefox" cipher list.
2012-06-13 12:06:28 -04:00
Nick Mathewson
5a3d9636f5 Merge remote-tracking branch 'public/bug3940_redux' 2012-06-13 11:40:38 -04:00
Sebastian Hahn
9dd4e5a9b0 Fix another clang compile warning
We forgot this when we fixed 5969.
2012-06-13 16:51:56 +02:00
Karsten Loesing
2133b6e5ba Fix integer overflow in cell stats spotted by atagar.
Fixes #5849.
2012-06-13 10:12:39 -04:00
Roger Dingledine
068046eebc Merge branch 'maint-0.2.2' 2012-06-13 03:48:43 -04:00
Karsten Loesing
229abbf4bb Update to the June 2012 GeoIP database.
Manually removed range 0.116.0.0 to 0.119.255.255 which Maxmind says is
assigned to AT.  This is very likely a bug in their database, because
0.0.0.0/8 is a reserved range.
2012-06-13 09:21:00 +02:00
Nick Mathewson
f4fccee4d2 Add a warning for using HTTPProxy with no other proxy.
From what I can tell, this configuration is usually a mistake, and
leads people to think that all their traffic is getting proxied when
in fact practically none of it is.  Resolves the issue behind "bug"
4663.
2012-06-12 15:21:41 -04:00
Nick Mathewson
ba9a12119c fixup! An attempt at bug3940 and making AllowDotExit 0 work with MapAddress 2012-06-11 21:50:52 -04:00
Nick Mathewson
c18b6ec3d4 Document ADDRMAPSRC_NONE. 2012-06-11 21:49:08 -04:00
Nick Mathewson
f0f70ba6f1 Merge branch 'bug5452' 2012-06-11 14:44:26 -04:00
Andrea Shepard
6b73fad709 Make RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT warning tell the user how to fix it. 2012-06-11 11:09:19 -07:00
Nick Mathewson
667a12b471 Merge remote-tracking branch 'public/bug4592' 2012-06-11 10:34:48 -04:00
Nick Mathewson
70910479e3 Merge remote-tracking branch 'public/bug5598'
Conflicts:
	doc/tor.1.txt

Conflict was on a formatting issue in the manpage.
2012-06-11 10:26:48 -04:00
Nick Mathewson
a6180b7f29 Merge branch 'bug6097' 2012-06-11 10:14:01 -04:00
Andrea Shepard
4fb2a14fae Warn if the user has set CircuitBuildTimeout stupidly low and turned off LearnCircuitBuildTimeout 2012-06-08 23:44:06 -07:00
Nick Mathewson
8be6058d8f changes file and whitespace fix for bug5235 patch 2012-06-08 14:33:16 -04:00
Andrea Shepard
554ec65ce7 Rate-limit 'Weighted bandwidth is 0.000000 ...' message; it can be produced in extreme quantities 2012-06-08 14:33:16 -04:00
Roger Dingledine
167f6f1e96 typo noticed by "_raptor" 2012-06-07 15:35:19 -04:00
Nick Mathewson
b0bab82790 Merge remote-tracking branch 'arma/bug3886'
Conflicts:
	src/or/dirserv.c
2012-06-07 13:30:55 -04:00
Nick Mathewson
f9fddba539 Downgrade an eventdns warning to PROTOCOL_WARN. 2012-06-07 13:03:39 -04:00
Nick Mathewson
bf9252587b Fix mingw build with -DUNICODE -D_UNICODE
This is a very blunt fix, and mostly just turns some func() calls
into FuncA() to make things build again.  Fixes bug 6097.
2012-06-07 11:59:32 -04:00
Nick Mathewson
1e5683b167 Be more careful calling wcstombs
The function is not guaranteed to NUL-terminate its output.  It
*is*, however, guaranteed not to generate more than two bytes per
multibyte character (plus terminating nul), so the general approach
I'm taking is to try to allocate enough space, AND to manually add a
NUL at the end of each buffer just in case I screwed up the "enough
space" thing.

Fixes bug 5909.
2012-06-07 11:09:38 -04:00
Nick Mathewson
99618a9641 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-06-07 09:46:14 -04:00
Robert Ransom
0dc47dfebf Send a CRLF at the end of a STATUS_* event, not in the middle of it
Fixes bug 6094; bugfix on commit 3a9351b57e.
2012-06-07 03:22:06 +00:00
Nick Mathewson
8a341cc429 Change the default for DynamicDHGroups to 0
This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.

We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088).  Before we can do so, we need a fix for bugs #6087 and

Resolves ticket #5598 for now.
2012-06-06 12:00:04 -04:00
Roger Dingledine
f136e835d8 bump to 0.2.3.16-alpha-dev 2012-06-05 18:37:19 -04:00
Roger Dingledine
80b2308aec today is the day for 0.2.3.16-alpha 2012-06-05 12:14:57 -04:00
Nick Mathewson
7b2afb61b2 Merge branch 'bug5603' 2012-06-05 11:47:34 -04:00
Nick Mathewson
64167e1772 Minor changes to bug5603
* Minor stylistic changes to comments and doxygen
  * Use strcmp_opt; it already exists.
  * Tighten bridge_has_digest implementation a little.
2012-06-05 11:40:31 -04:00
Nick Mathewson
d09a3ecd01 Merge remote-tracking branch 'public/getfilesize_64'
Conflicts:
	src/common/compat.c

The getfilesize change conflicted with the removal of file_handle
from the windows tor_mmap_t.
2012-06-05 11:10:42 -04:00
Nick Mathewson
b482c870ca Fix some mingw build warnings
These include:
   - Having a weird in_addr that can't be initialized with {0}
   - Needing INVALID_HANDLE_VALUE instead of -1 for file handles.
   - Having a weird dependent definition for struct stat.
   - pid is signed, not unsigned.
2012-06-05 11:06:26 -04:00
Nick Mathewson
2468a1bd2c Revert "Disable (Cell,DirReq,Entry,ExitPort)Statistics on bridges"
This reverts commit 981e896dd2.

Apparently Karsten still needs DirReqStatistics for bridges; see
2012-06-05 10:47:05 -04:00
Nick Mathewson
38642a9369 Downgrade tor_assert(0) to tor_fragile_assert() in windows stub create_unix_sockaddr 2012-06-05 10:36:34 -04:00
Nick Mathewson
7f45ea5c41 Merge remote-tracking branch 'public/bug3894' 2012-06-05 10:31:00 -04:00
Nick Mathewson
b4bd4964eb Merge remote-tracking branch 'public/format_doubles'
Conflicts:
	src/or/geoip.c
2012-06-05 10:30:50 -04:00
Nick Mathewson
981e896dd2 Disable (Cell,DirReq,Entry,ExitPort)Statistics on bridges
These stats are currently discarded, but we might as well
hard-disable them on bridges, to be clean.

Fix for bug 5824; bugfix on 0.2.1.17-rc.

Patch originally by Karsten Loesing.
2012-06-05 10:25:50 -04:00
Nick Mathewson
1ce0c5eba9 Merge remote-tracking branch 'public/bug4657'
Conflicts:
	src/or/router.c
2012-06-05 10:20:44 -04:00
Nick Mathewson
c19a2ff691 Merge remote-tracking branch 'public/bug4710' 2012-06-05 10:16:28 -04:00
Nick Mathewson
20d6f787aa Fix "make check-spaces" issues 2012-06-05 00:49:18 -04:00
Nick Mathewson
913067f788 Resolve about 24 DOCDOCs 2012-06-05 00:17:54 -04:00
Nick Mathewson
064e7c19c6 Missing copyright/license statement for procmon.c 2012-06-04 21:02:13 -04:00
Nick Mathewson
0fa107a6aa Update copyright dates to 2012; add a few missing copyright statements 2012-06-04 20:58:17 -04:00
Nick Mathewson
173b18c79b Add about 60 more DOCDOC comments to 0.2.3
Also, try to resolve some doxygen issues.  First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
2012-06-04 19:59:08 -04:00
Nick Mathewson
361260ff8f Resolve some markup complaints from doxygen 2012-06-04 19:56:33 -04:00
Nick Mathewson
f68c042637 Resolve all currently pending DOCDOC items in master 2012-06-04 19:05:51 -04:00
Nick Mathewson
b2be6c7f97 Document the new exit_source_out argument to addressmap_rewrite 2012-06-04 17:15:21 -04:00
Nick Mathewson
41e8bee188 Merge origin/maint-0.2.2 for 6007_strict
This code shouldn't have any effect in 0.2.3, since we already accept
(and handle) data received while we are expecting a renegotiation.
(That's because the 0.2.3.x handshake _does_ have data there instead of
the renegotiation.)

I'm leaving it in anyway, since if it breaks anything, we'll want it
broken in master too so we can find out about it.  I added an XXX023
comment so that we can come back later and fix that.
2012-06-04 11:47:36 -04:00
Nick Mathewson
491dc3a601 Merge remote-tracking branch 'public/bug6007_strict_squashed' into maint-0.2.2 2012-06-04 11:40:52 -04:00
Nick Mathewson
329e1c65d3 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-06-04 11:36:33 -04:00
Nick Mathewson
6d85a79653 Merge remote-tracking branch 'public/bug6033' into maint-0.2.2 2012-06-04 11:33:27 -04:00
Nick Mathewson
af54a01828 Kill non-open OR connections with any data on their inbufs.
This fixes a DoS issue where a client could send so much data in 5
minutes that they exhausted the server's RAM.  Fix for bug 5934 and
6007.  Bugfix on 0.2.0.20-rc, which enabled the v2 handshake.
2012-06-04 11:29:18 -04:00
Nick Mathewson
75b72bf621 Fix build warning on Lenny about strtok_r unit test
This fixes a warning in efb8a09f, where Debain Lenny's GCC doesn't get
that
    for (i=0; i<3; ++i) {
      const char *p;
      switch(i) {
       case 0:
         p="X"; break;
       case 1:
         p="Y"; break;
       case 2:
         p="Z"; break;
      }
      printf("%s\n", p);
    }
will never try to print an uninitialezed value.

Found by buildbots.  Bug in no released versions of Tor.
2012-06-04 11:11:04 -04:00
Nick Mathewson
841a8d551a Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support
It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
decides to renegotiate, the client will send a record with version "1.0"
rather than with the current TLS version.  This would cause the
connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
handshake was in use.

As a workaround, disable TLS 1.1 and TLS 1.2.  When a later version of
OpenSSL is released, we can make this conditional on running a fixed
version of OpenSSL.

Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
side.  But doing it this way for now means that we not only fix TLS with
patched clients; we also fix TLS when the server has this patch and the
client does not.  That could be important to keep the network running
well.

Fixes bug 6033.
2012-06-02 20:09:05 -04:00
George Kadianakis
1e95a4a1f6 Improve conflict resolution when adding new bridges. 2012-06-03 00:21:49 +03:00
Nick Mathewson
0cbe3ff313 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-31 17:00:37 -04:00
Nick Mathewson
834654f145 Make all begindir or one-hop circuits internal
This solves bug 5283, where client traffic could get sent over the
same circuit as an anonymized connection to a directory, even if
that circuit used an exit node unsuitable for clients.  By marking
the directory connection as needs_internal, we ensure that the
(non-internal!) client-traffic connection won't be sent over the
same circuit.
2012-05-31 16:55:54 -04:00
Nick Mathewson
dff73d26f3 Merge remote-tracking branch 'public/bug5089'
Conflicts:
	src/test/test_util.c

Merge the unit tests; I added some when I did this branch against
0.2.2, and then the test format changed and master added more tests.
2012-05-31 16:21:54 -04:00
Nick Mathewson
b86c562d76 A few more get_parent_directory tests. 2012-05-31 15:12:45 -04:00
Nick Mathewson
fc0842275d Merge remote-tracking branch 'public/bug5374' 2012-05-31 15:07:19 -04:00
Nick Mathewson
d1bbd84a6d Merge remote-tracking branch 'linus/bug4873_ln' 2012-05-31 14:37:29 -04:00
Nick Mathewson
fc5d960fbd Merge remote-tracking branch 'public/bug5541_v2' 2012-05-31 12:40:30 -04:00
Nick Mathewson
0e207f9acb Merge remote-tracking branch 'public/close_file_mapping'
Conflicts:
	src/common/compat.h

Conflict was between replacement of MS_WINDOWS with _WIN32 in
master, and with removal of file_handle from tor_mmap_t struct in
close_file_mapping branch (for bug 5951 fix).
2012-05-31 12:38:11 -04:00
Nick Mathewson
2e58882b90 reindent CreateFile arguments. 2012-05-31 12:36:54 -04:00
Nick Mathewson
f1aae1236f Merge remote-tracking branch 'linus/bug5355_ln' 2012-05-31 12:33:16 -04:00
Nick Mathewson
155543d26e Merge remote-tracking branch 'public/bug1938' 2012-05-31 12:24:02 -04:00
Nick Mathewson
11bf5585aa Merge remote-tracking branch 'public/bug2954_more' 2012-05-31 12:22:02 -04:00
Linus Nordberg
0ed963e72a Remove unexpected "unexpectedly". 2012-05-31 13:08:57 +02:00
Linus Nordberg
c074562a17 Remove spurioius return in one out of four if-else clauses.
We do return right after the if-else.  This return (with its confusing
comments) comes from before 6b7c3b42 but doesn't make sense now.
2012-05-31 13:05:24 +02:00
Nick Mathewson
32d6acade8 Merge remote-tracking branch 'public/bug3196' 2012-05-31 01:02:27 -04:00
Nick Mathewson
ffc21b653f Merge remote-tracking branch 'origin/maint-0.2.2'
(For bug 5969 fix)
2012-05-31 00:07:52 -04:00
Nick Mathewson
3a9351b57e Fix more clang format-nonliteral warnings (bug 5969) 2012-05-30 23:59:49 -04:00
Nick Mathewson
fe68a80f8f Merge branch 'bug5604' 2012-05-30 17:00:36 -04:00
Nick Mathewson
d7e4777791 Add a little documentation for the bug5604 fix 2012-05-30 17:00:22 -04:00
Nick Mathewson
37f42c2f58 Merge remote-tracking branch 'public/bug5954' 2012-05-30 16:38:20 -04:00
Nick Mathewson
711e4b4237 Merge remote-tracking branch 'linus/bug4369' 2012-05-30 13:05:15 -04:00
Nick Mathewson
e284894672 Add __attribute__(format)s for our varargs printf/scanf wrappers
It turns out that if you set the third argument of
__attribute__(format) to 0, GCC and Clang will check the format
argument without expecting to find variadic arguments.  This is the
correct behavior for vsnprintf, vasprintf, and vscanf.

I'm hoping this will fix bug 5969 (a clang warning) by telling clang that
the format argument to tor_vasprintf is indeed a format string.
2012-05-30 12:14:38 -04:00
Sebastian Hahn
a5a8296892 Fix clang 3.1 compile warning in crypto.c
(Tweaked by nickm)
2012-05-30 11:56:43 -04:00
Nick Mathewson
9e53cdca86 Merge remote-tracking branch 'public/bug5916' 2012-05-30 11:14:41 -04:00
Linus Nordberg
f998590e5b Don't stomp on errno. 2012-05-29 15:38:03 +02:00
Linus Nordberg
2f0c0f92f8 Fix minor typo in warning printout. 2012-05-29 15:03:22 +02:00
Nick Mathewson
9d41629aa0 Delay getsockname() call until after connect() is done
On Windows, getsockname() on a nonblocking apparently won't work
until the connection is done connecting.  On XP, it seems to fail by
reporting success and declaring that your address is INADDR_ANY.  On the
Win8 preview, though, it fails more loudly and says WSAEINVAL.

Fix for bug 5374; bugfix on 0.1.1.14-alpha.
2012-05-24 16:57:36 -04:00
Nick Mathewson
254504fc14 Have get_parent_directory() handle "/foo" and "/" correctly.
The parent of "/foo" is "/"; and "/" is its own parent.

This would cause Tor to fail if you tried to have a PF_UNIX control
socket in the root directory.  That would be a stupid thing to do
for other reasons, but there's no reason to fail like _this_.

Bug found by Esteban Manchado Velázquez. Fix for bug 5089; bugfix on
Tor 0.2.2.26-beta.  Unit test included.
2012-05-24 12:56:31 -04:00
Nick Mathewson
281a5e4670 Warn and ignore the MyFamily setting if BridgeRelay is also set
Roger explains at
  http://archives.seul.org/tor/talk/Nov-2011/msg00209.html :

  "If you list your bridge as part of your family in the relay
  descriptor, then everybody can learn your bridge fingerprint, and
  they can look up your bridge's descriptor (and thus location) at
  the bridge directory authority."

Now, we can't stop relays from listing bridges, but we can warn when
we notice a bridge listing anybody, which might help some.

This fixes bug 4657; it's a fix on 0.2.0.3-alpha, where bridges were
first introduced.
2012-05-24 12:39:26 -04:00
Nick Mathewson
6b7c3b42ee Change an assertion into a warning in connection_or_handle_event_cb()
Possibly addresses bug 4873, though IMO that's likely not a real
bug: it seems likely to have been an ssl version mismatch.
2012-05-24 11:14:28 -04:00
Nick Mathewson
0da40bba88 Abort writing cached-microdescs if a failed write has occurred.
Bug 2954; fix on 0.2.2.6-alpha.
2012-05-24 11:07:01 -04:00
Nick Mathewson
2418bc9594 New "GETINFO dormant" to report whether Tor has gone idle
Torbutton needs this; see bug 5954 and 4718.
2012-05-24 10:42:55 -04:00
Nick Mathewson
e7d34935fb Use GetFileSize correctly on win32
(Use its second parameter to find the high 32 bits of the file size;
check its return value for error conditions.)
2012-05-24 10:31:11 -04:00
Nick Mathewson
ab1b81e838 Close the windows file handle after CreateFileMapping; it isn't needed
I did the changes file; the rest came pseudonymously
2012-05-23 12:39:05 -04:00
George Kadianakis
ec7fd08ccf Fix the unittest breakage introduced by a8a862c. 2012-05-18 20:52:24 +03:00
Nick Mathewson
466276faa5 Merge remote-tracking branch 'asn/bug5602' 2012-05-18 12:36:04 -04:00
Nick Mathewson
4c4dd505be Fix a hard-to-trigger memory leak in launch_resolve
To hit this leak, you need to be a relay that gets a RESOLVE request
or an exit node getting a BEGIN or RESOLVE request.  You must either
have unconfigured (and unconfigurable) nameservers, or you must have
somehow set DisableNetwork after a network request arrived but
before you managed to process it.

So, I doubt this is reached often.  Still, a leak's a leak.  Fix for
bug 5916; bugfix on 0.2.3.9-alpha and 0.1.2.1-alpha.
2012-05-18 12:21:46 -04:00
Nick Mathewson
c1da29e22d Merge remote-tracking branch 'asn/bug5646' 2012-05-18 12:10:40 -04:00
George Kadianakis
153b9892f0 Extract data from DESTROY cell _after_ protocol violation checks. 2012-05-18 15:22:03 +03:00
George Kadianakis
a8a862c909 Ignore unknown lines from managed proxies. 2012-05-18 15:04:48 +03:00
George Kadianakis
5dc9acb5e5 Use a more helpful log message when we can't find a proxy. 2012-05-18 03:07:46 +03:00
Nick Mathewson
f35271bf3e Fix some more FreeBSD4 issues (based on a patch from grarpamp)
Apparently, freebsd 4 doesn't like malloc.h, needs sys/param.h for
MIN/MAX, and doesn't have a SIZE_MAX.

For bug 3894.
2012-05-16 14:34:17 -04:00
Nick Mathewson
0bec9f320b Use %f, not %lf when formatting doubles
%f is correct; %lf is only needed with scanf.  Apparently, on some
old BSDs, %lf is deprecated.

Didn't we do this before?  Yes, we did.  But we only got the
instances of %lf, not more complicated things like %.5lf .  This
patch tries to get everything.

Based on a patch for 3894 by grarpamp.
2012-05-16 14:26:35 -04:00
Nick Mathewson
2b6e91c2ee Report EADDRNOTAVAIL and EADDRINUSE as RESOURCELIMIT
These errors usually mean address exhaustion; reporting them as such
lets clients adjust their load to try other exits.

Fix for bug 4710; bugfix on 0.1.0.1-rc, which started using
END_STREAM_REASON_RESOURCELIMIT.
2012-05-16 12:46:24 -04:00
Nick Mathewson
d732b87e60 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-16 12:20:56 -04:00
Nick Mathewson
75fc4dbbca Make the succeeding parse_http_time tests more obviously right
(When the correct answer is given in terms of seconds since the
epoch, it's hard to be sure that it really is the right answer
just by reading the code.)
2012-05-16 12:19:56 -04:00
Sebastian Hahn
679aa93e23 Fix month check in parse_http_time, add test 2012-05-16 12:15:13 -04:00
Nick Mathewson
801923ac21 Remove more dubiosity in struct tm handling. related to bug5346 2012-05-16 12:15:08 -04:00
Nick Mathewson
1abe533b33 Reject an additional type of bad date in parse_http_time 2012-05-16 12:14:48 -04:00
Esteban Manchado Velázquez
d0d9c3d71e Fix parse_http_time and add tests
* It seems parse_http_time wasn't parsing correctly any date with commas (RFCs
  1123 and 850). Fix that.
* It seems parse_http_time was reporting the wrong month (they start at 0, not
  1). Fix that.
* Add some tests for parse_http_time, covering all three formats.
2012-05-16 12:14:48 -04:00
Nick Mathewson
3f55b76360 Merge remote-tracking branch 'public/bug5139' 2012-05-16 11:47:13 -04:00
Fabian Keil
2888644a9f In connection_ap_handshake_process_socks(), mark the socks request as finished if a reply is send after a parse error
Silences the log message:
[warn] {BUG} _connection_mark_unattached_ap(): Bug: stream (marked at connection_edge.c:2224) sending two socks replies?
after the client triggered the "Tor is not an HTTP Proxy" response.

No additional socks reply was sent, though.
2012-05-16 11:37:31 -04:00
Roger Dingledine
f89de0a79f Remove over-two-months-old entry guards even while running.
Previously, we only did this check at startup, which could lead to
us holding a guard indefinitely, and give weird results.  Fixes bug
5380; bugfix on 0.2.1.14-rc.

(Patch by Roger; changes file and commit message by Nick)
2012-05-16 11:31:28 -04:00
Nick Mathewson
a6cb07bd9e Correct documentation for remove_obsolete_entry_guards. 2012-05-16 11:31:28 -04:00
Nick Mathewson
517b9c602a Merge remote-tracking branch 'public/bug2297' 2012-05-16 11:14:00 -04:00
Nick Mathewson
a925fc9189 Merge remote-tracking branch 'public/bug2822' 2012-05-16 11:10:09 -04:00
Nick Mathewson
a3046fd5e5 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-16 10:57:08 -04:00
Nick Mathewson
3ed4c5dc05 Correct the bulletproofing of routerlist_insert()
The original code updated some variables, but forgot to remove a
replaced old-routerdesc from rl->old_routers.

Related to bug 1776.
2012-05-16 10:51:02 -04:00
Nick Mathewson
ee246bbe95 Merge remote-tracking branch 'public/bug3296' 2012-05-16 10:40:21 -04:00
Nick Mathewson
b41dd8069f When ReloadTorrcOnSIGHUP=1, do non-reload activities anyway
Previously, we skipped everything that got invoked from
options_init_from_torrc.  But some of the stuff in
options_act_reversible and options_act is actually important, like
reopening the logs.

Now, a SIGHUP always makes the effects of an options_set() happen,
even though the options haven't changed.

Fix for bug 5095; bugfix on 0.2.1.9-alpha, which introduced
__ReloadTorrcOnSIGHUP.
2012-05-16 10:36:21 -04:00
Nick Mathewson
d9ceab5bc3 Fix some remaining nmake/msvc build issues 2012-05-16 10:08:24 -04:00
Nick Mathewson
d5ccaa6e2b Merge branch 'win32_winnt' 2012-05-16 09:56:49 -04:00
Nick Mathewson
89c1689009 Change our ciphersuite list to match ff8 2012-05-15 15:25:54 -04:00
Nick Mathewson
edf0d5b12c Prevent an (impossible) null-pointer dereference in connection_edge_process_relay_cell
This would happen if the deliver window could become negative
because of an nonexistent connection.  (Fortunately, _that_ can't
occur, thanks to circuit_consider_sending_sendme.  Still, if we
change our windowing logic at all, we won't want this to become
triggerable.)  Fix for bug 5541.  Bugfix on 4a66865d, back from
0.0.2pre14.  asn found this.  Nice catch, asn!
2012-05-15 14:45:51 -04:00
Nick Mathewson
e3243ad5f6 Treat SW_SERVER_HELLO_B as another sign of an SSL handshake
We've been only treating SW_SERVER_HELLO_A as meaning that an SSL
handshake was happening.  But that's not right: if the initial
attempt to write a ServerHello fails, we would get a callback in
state SW_SERVER_HELLO_B instead.

(That's "instead" and not "in addition": any failed attempt to write
the hello will fail and cause the info callback not to get written.)

Fix for bug 4592; bugfix on 0.2.0.13-alpha.
2012-05-15 11:15:43 -04:00
Nick Mathewson
521cb58187 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-15 10:05:19 -04:00
Nick Mathewson
5905a0b2db Merge branch 'bug5796_022_squashed' into maint-0.2.2 2012-05-15 10:04:49 -04:00
Nick Mathewson
f2a6eedded Fix a crash bug on SETCIRCUITPURPOSE. 2012-05-15 10:03:10 -04:00
Nick Mathewson
92cba63459 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-15 10:01:12 -04:00
Nick Mathewson
0be946c693 Merge remote-tracking branch 'karsten/geoip-may2012' into maint-0.2.2 2012-05-15 10:00:51 -04:00
Nick Mathewson
009453f919 Merge remote-tracking branch 'linus/task-5891' 2012-05-15 08:33:08 -04:00
Linus Nordberg
e3716598fc Assert that rep_hist_format_desc_stats() returns !NULL.
The guard against this is the test for
start_of_served_descs_stats_interval != 0 done earlier.
2012-05-15 13:12:34 +02:00
Karsten Loesing
57359b5336 Fix desc stats on bridge authorities that didn't serve anything. 2012-05-15 12:39:08 +02:00
Nick Mathewson
21e3261914 Bump _WIN32_WINNT to 0x0501 throughout the code
This tells the windows headers to give us definitions that didn't
exist before XP -- like the ones that we need for IPv6 support.

See bug #5861.  We didn't run into this issue with mingw, since
mingw doesn't respect _WIN32_WINNT as well as it should for some of
its definitions.
2012-05-14 13:46:37 -04:00
Nick Mathewson
9ffccb3f49 Remove all instances of WIN32_WINNT (without leading _)
We started adding it in 59e2c77824 back in 2004, 8 years and 3
days ago.  It's time to deprogram ourselves from this cargo cult.
2012-05-14 13:36:52 -04:00
Nick Mathewson
d8de831932 MSVC build issue: it can't tell that tor_assert(0) aborts. 2012-05-14 13:07:27 -04:00
Nick Mathewson
43e15300ba MSVC build issue: make 'const' in declaration match 'const' in definition
MSVC warns if you declare a function as having a "int foo" argument
and then implement it with a "const int foo" argument, even though
the latter "const" is not a part of the function's interface.
2012-05-14 13:05:36 -04:00
Nick Mathewson
757725ffde MSVC build issue: we use INLINE as the one that will magically work 2012-05-14 13:04:37 -04:00
Nick Mathewson
7134be0637 MSVC build issue: add magic to make openssl headers in aes.c work 2012-05-14 13:04:13 -04:00
Nick Mathewson
02d206a58b Be a good git person: store nmakefiles in correct text fmt 2012-05-14 13:01:05 -04:00
Nick Mathewson
f1fca8aa4d Remove the unused torrc.bridge.in. Bug 5622. 2012-05-14 12:37:39 -04:00