Commit Graph

3103 Commits

Author SHA1 Message Date
teor
27f30040f6 Add TestingDirAuthVoteExit option (like TestingDirAuthVoteGuard)
Add the TestingDirAuthVoteExit option, a list of nodes to vote Exit for,
regardless of their uptime, bandwidth, or exit policy.

TestingTorNetwork must be set for this option to have any effect.

Works around an issue where authorities would take up to 35 minutes to
give nodes the Exit flag in a test network, despite short consensus
intervals. Partially implements ticket 13161.
2014-10-01 17:44:21 +10:00
Nick Mathewson
b448ec195d Clear the cached address from resolve_my_address() when our IP changes
Closes 11582; patch from "ra".
2014-09-29 13:47:58 -04:00
Nick Mathewson
2e607ff519 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-29 13:02:50 -04:00
Nick Mathewson
09951bea7f Don't use the getaddrinfo sandbox cache from tor-resolve
Fixes bug 13295; bugfix on 0.2.5.3-alpha.

The alternative here is to call crypto_global_init() from tor-resolve,
but let's avoid linking openssl into tor-resolve for as long as we
can.
2014-09-29 12:57:07 -04:00
Nick Mathewson
18f2bfb8c3 Note when 13290 was introduced. 2014-09-29 09:50:27 -04:00
Nick Mathewson
2b1b1def46 Merge remote-tracking branch 'teor/circuitstats-pareto-avoid-div-zero' 2014-09-29 09:48:02 -04:00
Nick Mathewson
ba7b6246b7 Note when 13291 was introduced. 2014-09-29 09:40:33 -04:00
teor
b827a08284 Stop spawn test failures due to a race condition with SIGCHLD on process exit
When a spawned process forks, fails, then exits very quickly, (this
typically occurs when exec fails), there is a race condition between the
SIGCHLD handler updating the process_handle's fields, and checking the
process status in those fields. The update can occur before or after the
spawn tests check the process status.

We check whether the process is running or not running (rather than just
checking if it is running) to avoid this issue.
2014-09-29 09:37:53 -04:00
Nick Mathewson
11ebbf5e88 Merge branch 'bug12971_take2_squashed' 2014-09-29 09:18:03 -04:00
rl1987
c5ad890904 Respond with 'Command not supported' SOCKS5 reply message upon reception of unsupported request. 2014-09-29 09:14:42 -04:00
Nick Mathewson
5e8cc766e6 Merge branch 'ticket961_squashed' 2014-09-29 09:05:18 -04:00
Nick Mathewson
f15e5aedbc Changes file for ticket 961 2014-09-29 09:05:11 -04:00
Nick Mathewson
dc019b0654 Merge remote-tracking branch 'yawning/bug13213' 2014-09-29 08:57:19 -04:00
Nick Mathewson
56f92ca02d Merge remote-tracking branch 'rl1987/bug13228' 2014-09-29 08:55:17 -04:00
teor
4d0ad34a92 Avoid division by zero in circuitstats pareto
In circuit_build_times_calculate_timeout() in circuitstats.c, avoid dividing
by zero in the pareto calculations.

If either the alpha or p parameters are 0, we would divide by zero, yielding
an infinite result; which would be clamped to INT32_MAX anyway. So rather
than dividing by zero, we just skip the offending calculation(s), and
use INT32_MAX for the result.

Division by zero traps under clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error.
2014-09-29 20:49:24 +10:00
teor
ffd92e8ef8 Stop test & bench build failures with --disable-curve25519
Ensure test & bench code that references curve25519 is disabled by the
appropriate macros. tor now builds with and without --disable-curve25519.
2014-09-29 12:19:04 +10:00
teor
ff8fe38a2f Stop spurious clang shallow analysis null pointer errors
Avoid 4 null pointer errors under clang shallow analysis (the default when
building under Xcode) by using tor_assert() to prove that the pointers
aren't null. Resolves issue 13284 via minor code refactoring.
2014-09-28 20:51:23 -04:00
rl1987
f20c72f456 Improving error message. 2014-09-28 18:09:25 +03:00
Nick Mathewson
7f5103ec59 Require two c99 features (midblock decls, designated initializers)
c99 lets us do neat stuff like:

    {
      int j, k;
      foo(&j, &k);
      int z = j + k;
    }

and also
    struct point { int x; int y; };
    struct point pt = { .x=5, .y=5 };

This commit makes the configure scripts check to make sure your
compiler implements them.  It also disables our longstanding warning
about midblock declarations.

Closes ticket 13233.
2014-09-25 11:20:04 -04:00
Yawning Angel
fa60a64088 Do not launch pluggable transport plugins when DisableNetwork is set.
When DisableNetwork is set, do not launch pluggable transport plugins,
and if any are running already, terminate the existing instances.
Resolves ticket 13213.
2014-09-24 09:39:15 +00:00
Nick Mathewson
e6150c7fc0 Merge remote-tracking branch 'public/bug12693_025' 2014-09-22 14:45:38 -04:00
Nick Mathewson
bdd0c77643 Merge branch 'bug8197_squashed'
Conflicts:
	src/test/test_policy.c
2014-09-22 14:34:52 -04:00
rl1987
45fc0612d3 Adding changes file for 8197. 2014-09-22 14:18:01 -04:00
Nick Mathewson
c8d927bad4 changes file for 12884 2014-09-22 10:55:53 -04:00
Nick Mathewson
6c6ea8c425 Merge remote-tracking branch 'arma/feature13211' 2014-09-22 10:49:10 -04:00
Nick Mathewson
d3382297fe Merge remote-tracking branch 'arma/feature13153' 2014-09-22 10:42:54 -04:00
Nick Mathewson
01b23a6d49 changes file for 7733 2014-09-22 10:39:51 -04:00
Nick Mathewson
bc758e4a5e Merge remote-tracking branch 'intrigeri/bug13196-systemd-writable-run-directory' 2014-09-22 10:31:24 -04:00
Roger Dingledine
09183dc315 clients use optimistic data when reaching hidden services
Allow clients to use optimistic data when connecting to a hidden service,
which should cut out the initial round-trip for client-side programs
including Tor Browser.

(Now that Tor 0.2.2.x is obsolete, all hidden services should support
server-side optimistic data.)

See proposal 181 for details. Implements ticket 13211.
2014-09-21 20:02:12 -04:00
Roger Dingledine
bbfb1aca55 get rid of routerstatus->version_supports_optimistic_data
Clients are now willing to send optimistic circuit data (before they
receive a 'connected' cell) to relays of any version. We used to
only do it for relays running 0.2.3.1-alpha or later, but now all
relays are new enough.

Resolves ticket 13153.
2014-09-21 19:04:18 -04:00
Roger Dingledine
1b40ea036f Stop silently skipping invalid args to setevents
Return an error when the second or later arguments of the
"setevents" controller command are invalid events. Previously we
would return success while silently skipping invalid events.

Fixes bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
2014-09-21 16:05:24 -04:00
Roger Dingledine
e170205cd8 Merge branch 'maint-0.2.5' 2014-09-20 16:51:17 -04:00
Roger Dingledine
87576e826f Merge branch 'maint-0.2.4' into maint-0.2.5
Conflicts:
	src/or/config.c
2014-09-20 16:50:32 -04:00
Roger Dingledine
288b3ec603 Merge branch 'maint-0.2.3' into maint-0.2.4 2014-09-20 16:49:24 -04:00
Sebastian Hahn
0eec8e2aa5 gabelmoo's IPv4 address changed 2014-09-20 16:46:02 -04:00
intrigeri
2f47ab247a Add changes file for #13196.
Note that this will likely need to be folded with the changes file for #12751,
as this change is a mere fixup on top of the changes introduced for #12751.
2014-09-19 16:10:39 +00:00
Nick Mathewson
6d6e21a239 Merge branch 'bug4244b_squashed' 2014-09-18 15:31:08 -04:00
Roger Dingledine
905443f074 Clients no longer write "DirReqStatistics 0" in their saveconf output
Stop modifying the value of our DirReqStatistics torrc option just
because we're not a bridge or relay. This bug was causing Tor
Browser users to write "DirReqStatistics 0" in their torrc files
as if they had chosen to change the config.

Fixes bug 4244; bugfix on 0.2.3.1-alpha.
2014-09-18 15:29:14 -04:00
Nick Mathewson
d14127eb7a Use the DL_SCHED_CONSENSUS schedule for consensuses.
Fixes bug 11679; bugfix on 0.2.2.6-alpha
2014-09-18 10:52:58 -04:00
Nick Mathewson
35156ffcc3 Merge remote-tracking branch 'public/ticket_13119_v3' 2014-09-17 10:27:40 -04:00
Nick Mathewson
feee445771 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-16 11:11:48 -04:00
Nick Mathewson
be0e26272b Merge remote-tracking branch 'origin/maint-0.2.4' into maint-0.2.5 2014-09-16 11:10:02 -04:00
Roger Dingledine
0c3b3650aa clients now send correct address for rendezvous point
Clients now send the correct address for their chosen rendezvous point
when trying to access a hidden service. They used to send the wrong
address, which would still work some of the time because they also
sent the identity digest of the rendezvous point, and if the hidden
service happened to try connecting to the rendezvous point from a relay
that already had a connection open to it, the relay would reuse that
connection. Now connections to hidden services should be more robust
and faster. Also, this bug meant that clients were leaking to the hidden
service whether they were on a little-endian (common) or big-endian (rare)
system, which for some users might have reduced their anonymity.

Fixes bug 13151; bugfix on 0.2.1.5-alpha.
2014-09-16 11:05:36 -04:00
Nick Mathewson
c72a94ea1c Add a changes file for 13119 2014-09-15 21:39:12 -04:00
Nick Mathewson
2914d56ea4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-11 08:59:24 -04:00
Roger Dingledine
6215ebb266 Reduce log severity for unused ClientTransportPlugin lines
Tor Browser includes several ClientTransportPlugin lines in its
torrc-defaults file, leading every Tor Browser user who looks at her
logs to see these notices and wonder if they're dangerous.

Resolves bug 13124; bugfix on 0.2.5.3-alpha.
2014-09-11 08:02:37 -04:00
Nick Mathewson
48558ed1aa Merge remote-tracking branch 'public/bug13104_025' 2014-09-11 00:11:26 -04:00
Nick Mathewson
9e595a95a8 Add a changes file for bug 13104 2014-09-11 00:05:56 -04:00
Nick Mathewson
73ee161d8a Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-10 23:48:59 -04:00
Nick Mathewson
3c2c6a6116 In routerlist_assert_ok(), check r2 before taking &(r2->cache_info)
Technically, we're not allowed to take the address of a member can't
exist relative to the null pointer.  That makes me wonder how any sane
compliant system implements the offsetof macro, but let's let sleeping
balrogs lie.

Fixes 13096; patch on 0.1.1.9-alpha; patch from "teor", who was using
clang -fsanitize=undefined-trap -fsanitize-undefined-trap-on-error -ftrapv
2014-09-10 23:48:11 -04:00
Nick Mathewson
e07206afea Merge remote-tracking branch 'yawning/bug_8402' 2014-09-10 23:41:55 -04:00
Nick Mathewson
5474d8ae05 Merge remote-tracking branch 'public/torrc_minimal' 2014-09-10 23:36:27 -04:00
Nick Mathewson
93dfb12037 Remember log messages that happen before logs are configured
(And replay them once we know our first real logs.)

This is an implementation for issue 6938.  It solves the problem of
early log mesages not getting sent to log files, but not the issue of
early log messages not getting sent to controllers.
2014-09-10 23:34:43 -04:00
Nick Mathewson
a9b2e5eac6 Merge remote-tracking branch 'public/bug12908_025' into maint-0.2.5 2014-09-10 22:12:47 -04:00
Nick Mathewson
916d53d6ce Mark StrictE{ntry,xit}Nodes as obsolete. 2014-09-10 07:10:10 -04:00
Yawning Angel
cae44838fe Fix issues brought up in nickm's review.
* Update pt_get_proxy_uri() documentation.
 * proxy_supported is now unsigned.
 * Added a changes file.
2014-09-09 18:21:19 +00:00
Nick Mathewson
8e39395199 Merge remote-tracking branch 'asn/bug13064' 2014-09-09 12:26:16 -04:00
Nick Mathewson
1eea7a68ed Use S?SIZE_MAX, not S?SIZE_T_MAX
This fixes bug 13102 (not on any released Tor) where using the
standard SSIZE_MAX name broke mingw64, and we didn't realize.

I did this with
   perl -i -pe 's/SIZE_T_MAX/SIZE_MAX/' src/*/*.[ch] src/*/*/*.[ch]
2014-09-09 12:08:03 -04:00
Sebastian Hahn
409a56281e Remove client-side bad directory logic
Implements the second half of #13060.
2014-09-09 11:54:20 -04:00
Sebastian Hahn
8099dee992 Remove dirauth support for the BadDirectory flag
Implements the first half of #13060. The second half will be to remove
client support, too.
2014-09-09 11:54:15 -04:00
Nick Mathewson
59f3cce0dc Merge branch 'bug12899_squashed' 2014-09-09 11:51:18 -04:00
Sebastian Hahn
607724c696 Remove support for naming directory authorities
This implements the meat of #12899. This commit should simply remove the
parts of Tor dirauths used to check whether a relay was supposed to be
named or not, it doesn't yet convert to a new mechanism for
reject/invalid/baddir/badexiting relays.
2014-09-09 11:50:21 -04:00
Nick Mathewson
4af88d68b4 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 11:05:28 -04:00
Nick Mathewson
8eed82b3d4 Merge remote-tracking branch 'andrea/bug12160_025' into maint-0.2.5 2014-09-09 11:04:54 -04:00
Nick Mathewson
dd22ab519a Merge remote-tracking branch 'public/bug12700_024' into maint-0.2.5 2014-09-09 10:51:39 -04:00
Nick Mathewson
2997908228 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:27:41 -04:00
Nick Mathewson
8391c96091 Clean up the MVSC nmake files so they work again.
Fixes bug 13081; bugfix on 0.2.5.1-alpha. Patch from "NewEraCracker."
2014-09-09 10:27:05 -04:00
Nick Mathewson
ad0ae89b3c Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-09 10:22:42 -04:00
Nick Mathewson
a3c49ca79a Add more escaped() calls in directory.c
Patch from teor to fix 13071.
2014-09-09 10:22:01 -04:00
Nick Mathewson
2ecaa59bd7 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-08 15:16:45 -04:00
Nick Mathewson
d229025fef Expand the event_mask field in controller conns to 64 bits
Back in 078d6bcd, we added an event number 0x20, but we didn't make
the event_mask field big enough to compensate.

Patch by "teor". Fixes 13085; bugfix on 0.2.5.1-alpha.
2014-09-08 15:16:02 -04:00
George Kadianakis
0f50f5f373 Evaluate TestingDirAuthVoteGuard only after filling all rs elements. 2014-09-06 14:37:41 +03:00
Andrea Shepard
39a017809b Correctly update channel local mark when address of incoming connection changes after handshake; fixes bug #12160 2014-09-05 11:12:08 -07:00
Sebastian Hahn
10fe5bad9a Remove the AuthDirRejectUnlisted config option
This is in preparation for a big patch series removing the entire Naming
system from Tor. In its wake, the approved-routers file is being
deprecated, and a replacement option to allow only pre-approved routers
is not being implemented.
2014-09-04 06:25:38 +02:00
Nick Mathewson
7573e66b99 Treat Z_BUF_ERROR as TOR_ZLIB_BUF_FULL when finalizing a zlib buffer
Otherwise, when we're out of input *and* finalizing, we might report
TOR_ZLIB_OK erroneously and not finalize the buffer.

(I don't believe this can happen in practice, with our code today:
write_to_buf_zlib ensures that we are never trying to write into a
completely empty buffer, and zlib says "Z_OK" if you give it even
one byte to write into.)

Fixes bug 11824; bugfix on 0.1.1.23 (06e09cdd47).
2014-09-03 13:42:46 -04:00
Nick Mathewson
54348201f7 Merge remote-tracking branch 'intrigeri/bug12939-systemd-no-new-privileges'
Conflicts:
	contrib/dist/tor.service.in
2014-09-03 13:29:43 -04:00
Nick Mathewson
f58cdb3be7 Merge remote-tracking branch 'intrigeri/bug12751-systemd-filesystem-sandbox' 2014-09-03 13:28:46 -04:00
Nick Mathewson
8a79b56ac6 Divide torrc.sample into torrc.sample and torrc.minimal
torrc.minimal is now the one that should change as infrequently as
possible.  To schedule an change to go into it eventually, make your
change to torrc.minimal.in-sample.

torrc.sample is now the volatile one: we can change it to our hearts'
content.

Closes ticket #11144
2014-09-02 19:14:30 -04:00
Sebastian Hahn
962765a35d Don't list relays w/ bw estimate of 0 in the consensus
This implements a feature from bug 13000. Instead of starting a bwauth
run with this wrong idea about their bw, relays should do the self-test
and then get measured.
2014-09-02 18:55:01 -04:00
Sebastian Hahn
14abf1c3f1 Don't delay uploading a new desc if bw estimate was 0
When a tor relay starts up and has no historical information about its
bandwidth capability, it uploads a descriptor with a bw estimate of 0.
It then starts its bw selftest, but has to wait 20 minutes to upload the
next descriptor due to the MAX_BANDWIDTH_CHANGE_FREQ delay. This change
should mean that on average, relays start seeing meaningful traffic a
little quicker, since they will have a higher chance to appear in the
consensus with a nonzero bw.

Patch by Roger, changes file and comment by Sebastian.
2014-09-02 18:54:56 -04:00
Nick Mathewson
e3c143f521 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956 Fix a number of clang analyzer false-positives
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.

Closes 13036.  Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
67c0ad5426 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-09-01 16:23:34 -04:00
rl1987
8139db3725 Adding changes file. 2014-09-01 16:22:52 -04:00
Nick Mathewson
f113a263de Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:45:56 -04:00
Nick Mathewson
41058dce95 Merge remote-tracking branch 'arma/bug12996b' into maint-0.2.5 2014-08-29 16:44:50 -04:00
Roger Dingledine
7a878c192f Downgrade "Unexpected onionskin length after decryption" warning
It's now a protocol-warn, since there's nothing relay operators can
do about a client that sends them a malformed create cell.

Resolves bug 12996; bugfix on 0.0.6rc1.
2014-08-29 16:38:54 -04:00
Nick Mathewson
d6fa8239c8 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-29 16:13:04 -04:00
Nick Mathewson
4a6f5bb2dd Improve "Tried to establish rendezvous on non-OR or non-edge circuit"
Instead of putting it all in one warning message, log what exactly
was wrong with the circuit.

Resolves ticket 12997.
2014-08-29 16:05:58 -04:00
Nick Mathewson
42350968a9 Drop check for NTE_BAD_KEYSET error
Any error when acquiring the CryptoAPI context should get treated as
bad.  Also, this one can't happen for the arguments we're giving.
Fixes bug 10816; bugfix on 0.0.2pre26.
2014-08-29 13:24:29 -04:00
Nick Mathewson
cc3b04a8c1 Merge remote-tracking branch 'origin/maint-0.2.5' 2014-08-28 08:36:00 -04:00
Roger Dingledine
37a76d75dd Resume expanding abbreviations for command-line options
The fix for bug 4647 accidentally removed our hack from bug 586 that
rewrote HashedControlPassword to __HashedControlSessionPassword when
it appears on the commandline (which allowed the user to set her own
HashedControlPassword in the torrc file while the controller generates
a fresh session password for each run).

Fixes bug 12948; bugfix on 0.2.5.1-alpha.
2014-08-28 08:33:43 -04:00
Nick Mathewson
9f9b19ed7b Initialize crash handler in unit tests
This way, we don't get locking failures when we hit an assertion in
the unit tests.  Also, we might find out about unit test bugs from
folks who can't do gdb.
2014-08-27 20:03:00 -04:00
intrigeri
9f0161f73d Add changes file for #12751. 2014-08-27 03:33:05 +00:00
intrigeri
a8dd279fa5 Add changes file for #12939. 2014-08-27 03:32:20 +00:00
Nick Mathewson
fdb7fc70d0 Merge remote-tracking branch 'public/bug10163' 2014-08-26 09:44:16 -04:00
Nick Mathewson
59e114832e Merge branch 'bug11792_1_squashed'
Conflicts:
	src/or/circuitlist.c
2014-08-24 13:09:08 -04:00
Nick Mathewson
68e430a6fb Kill non-tunneled directory connections when handling OOM.
Another part of 11792.
2014-08-24 13:04:38 -04:00
Nick Mathewson
8e55cafd67 Count zlib buffer memory towards OOM totals.
Part of 11792.

(Uses the zlib-endorsed formula for memory needs for inflate/deflate
from "zconf.h".)
2014-08-24 13:04:27 -04:00
Nick Mathewson
446e481c90 Check for duplicate arguments to tor-gencert
Found by coverity, which noticed that if you said
  tor-gencert -i identity1 -i identity2
we would leak "identity1".

[CID 1198201, 1198202, 1198203]
2014-08-21 11:22:42 -04:00