Commit Graph

20525 Commits

Author SHA1 Message Date
Nick Mathewson
2f0d57db56 Fix a compilation error in the channel tests.
This would only show up on systems like windows where monotime_t and
monotime_coarse_t are different types.
2017-12-21 11:10:30 -05:00
Nick Mathewson
1eeb505e6f In 0.3.3, we use timestamps, not absolute milliseconds. 2017-12-21 10:57:45 -05:00
Nick Mathewson
b8a3602b2a Merge branch 'maint-0.3.2' 2017-12-21 10:54:05 -05:00
Nick Mathewson
84adb9fcca Merge branch 'maint-0.3.1' into maint-0.3.2 2017-12-21 10:50:33 -05:00
Nick Mathewson
08469a338a Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-21 10:50:06 -05:00
Nick Mathewson
03b4dd92a4 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-21 10:49:40 -05:00
Nick Mathewson
79a50afa0e Use monotime_coarse_absolute_msec() in destroy queue
This way it will match the insert queue in 029 and later.
2017-12-21 10:48:37 -05:00
Nick Mathewson
3b08184338 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-21 10:43:12 -05:00
Nick Mathewson
7d845976e3 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-21 10:43:06 -05:00
Nick Mathewson
9202087760 Merge branch 'bug24666_squashed_025' into maint-0.2.5 2017-12-21 10:40:10 -05:00
Nick Mathewson
cd1f708a7f Move free to end of test function so coverity won't complain. 2017-12-21 10:39:29 -05:00
Nick Mathewson
520cf21793 Move destroy cells into a separate queue type of their own, to save RAM
We've been seeing problems with destroy cells queues taking up a
huge amount of RAM.  We can mitigate this, since while a full packed
destroy cell takes 514 bytes, we only need 5 bytes to remember a
circuit ID and a reason.

Fixes bug 24666. Bugfix on 0.2.5.1-alpha, when destroy cell queues
were introduced.
2017-12-21 10:29:01 -05:00
Nick Mathewson
bcc96c77de Merge branch 'maint-0.3.2' 2017-12-21 10:27:39 -05:00
Nick Mathewson
c38157be9d clarify a comment 2017-12-21 10:27:37 -05:00
Nick Mathewson
d0c5fe257b Merge branch 'maint-0.3.2' 2017-12-21 10:20:35 -05:00
David Goulet
885ba513ff sched: Consider extra_space even if negative in KIST
With extra_space negative, it means that the "notsent" queue is quite large so
we must consider that value with the current computed tcp_space. If we end up
to have negative space, we should not add more data to the kernel since the
notsent queue is just too filled up.

Fixes #24665

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-21 09:32:04 -05:00
Nick Mathewson
5db94adac2 Fix a pair of memory leaks in tor_cleanup()
Spotted by coverity scan as 1426749 and 1426750

Bug not in any released Tor.
2017-12-21 08:50:41 -05:00
Nick Mathewson
bac0bcbba1 type error fix for monotime_coarse_add_msec on windows 2017-12-20 17:45:59 -05:00
David Goulet
fdfa4a5a14 sched: Use lower layer cell limit with KISTLite
Instead of using INT_MAX as a write limit for KISTLite, use the lower layer
limit which is using the specialized num_cells_writeable() of the channel that
will down the line check the connection's outbuf and limit it to 32KB
(OR_CONN_HIGHWATER).

That way we don't take the chance of bloating the connection's outbuf and we
keep the cells in the circuit queue which our OOM handler can take care of,
not the outbuf.

Finally, this commit adds a log_debug() in the update socket information
function of KIST so we can get the socket information in debug.

Fixes #24671

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-20 14:17:18 -05:00
Fernando Fernandez Mancera
ac9eebd636 Add some values to OOM log msg #24501
Exposing cell_queues_get_total_allocation(), buf_get_total_allocation(),
tor_compress_get_total_allocation(), tor_compress_get_total_allocation() when
hit MaxMemInQueues threshold.

Fixes #24501

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-20 18:31:30 +01:00
Nick Mathewson
5e92646715 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-20 12:15:24 -05:00
Nick Mathewson
08ed0d7930 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-20 12:15:24 -05:00
Nick Mathewson
7e45720cf4 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-12-20 12:15:24 -05:00
Nick Mathewson
0e790bb40d Merge branch 'maint-0.3.2' 2017-12-20 12:15:24 -05:00
Nick Mathewson
c604a76a53 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-20 12:15:23 -05:00
Nick Mathewson
877dd1d6c8 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-20 12:15:23 -05:00
Karsten Loesing
428f8a375b Update geoip and geoip6 to the December 6 2017 database. 2017-12-20 17:36:29 +01:00
Nick Mathewson
a499be33b8 Merge branch 'maint-0.3.2' 2017-12-20 11:19:23 -05:00
Nick Mathewson
565ec6100f Merge branch 'stack_again_032' into maint-0.3.2 2017-12-20 11:19:18 -05:00
Nick Mathewson
7ca0a9c4ae Merge remote-tracking branch 'ahf-oniongit/bugs/24605' 2017-12-20 11:16:17 -05:00
Nick Mathewson
c99ec36def expand documentation on tor_remove_file 2017-12-20 10:43:27 -05:00
Nick Mathewson
4b7b305bf0 Remove pre-unlink check tor_remove_file; check errno instead.
This removes a time-of-check/time-of-use issue, though in this case
it would probably be harmless.
2017-12-20 10:42:02 -05:00
Nick Mathewson
18543c2c9b Merge remote-tracking branch 'ffmancera/github/bug23271' 2017-12-20 10:40:32 -05:00
Nick Mathewson
3bc5806339 Merge branch 'maint-0.3.2' 2017-12-20 10:39:38 -05:00
Nick Mathewson
0a1b1430c8 Update the unit tests to reflect the change of 24425 2017-12-20 10:39:19 -05:00
Nick Mathewson
83ced3e7fe Merge branch 'maint-0.3.2' 2017-12-20 09:59:51 -05:00
Nick Mathewson
fc33caadae Merge remote-tracking branch 'dgoulet/ticket24425_032_01' into maint-0.3.2 2017-12-20 09:59:06 -05:00
Nick Mathewson
accd0ea65b Fix the clz32 and clz64 settings on MSVC.
Fixes bug 24633; bugfix on 0.2.9.1-alpha.
2017-12-20 09:37:18 -05:00
Nick Mathewson
28fbfa8712 whitespace fix 2017-12-20 09:17:13 -05:00
Nick Mathewson
69a320ce5d Merge branch 'xfer_time_coarse' 2017-12-20 09:15:30 -05:00
Nick Mathewson
60bf8f6cf6 Improve add_msec test to cover ms->sec rollover
Per mikeperry's suggestion, I'm making sure that the millisecond
part of the time will always roll over in this test.
2017-12-20 09:12:38 -05:00
Nick Mathewson
d43dc120e8 finish documentation on live_consensus_is_missing 2017-12-18 15:01:05 -05:00
Alexander Færøy
d4f4108601
Add MainloopStats option.
This patch adds support for MainloopStats that allow developers to get
main event loop statistics via Tor's heartbeat status messages. The new
status log message will show how many succesful, erroneous, and idle
event loop iterations we have had.

See: https://bugs.torproject.org/24605
2017-12-16 02:41:21 +01:00
Alexander Færøy
e44662a7f9
Fix additional whitespace in config module comment. 2017-12-16 02:22:37 +01:00
Nick Mathewson
93e7b837c8 Use same macros to simplify options_transition_affects_* 2017-12-15 15:33:29 -05:00
Nick Mathewson
376f97aaa1 Simplify the very repetitious options_transition_allowed() 2017-12-15 15:32:46 -05:00
Nick Mathewson
20f802ea3c Add an option to disable signal handler installation.
Closes ticket 24588.
2017-12-15 12:48:29 -05:00
Nick Mathewson
fdd5734875 Remove the unused is_parent==0 option from handle_signals. 2017-12-15 12:45:30 -05:00
Nick Mathewson
a61c36d53a indentation fix 2017-12-15 12:37:15 -05:00
Fernando Fernandez Mancera
61c721f145 Add remove file function and remove ephemeral files.
Adding tor_remove_file(filename) and refactoring tor_cleanup().

Removing CookieAuthFile and ExtORPortCookieAuthFile when tor_cleanup() is
called.

Fixes #23271.

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-15 17:01:22 +01:00
Nick Mathewson
5c4da2cacd bump to 0.3.2.7-rc-dev 2017-12-14 14:12:31 -05:00
Nick Mathewson
93b3c4b844 update to 0.3.2.7-rc 2017-12-13 12:06:37 -05:00
Nick Mathewson
f7e393eb4c Another attempt at fixing the STACK warning in tortls.c
Patch suggestion from catalyst.

Related to 24423
2017-12-13 10:09:10 -05:00
Nick Mathewson
219c969d7b Use monotime_coarse for transfer times and padding times
Using absolute_msec requires a 64-bit division operation every time
we calculate it, which gets expensive on 32-bit architectures.
Instead, just use the lazy "monotime_coarse_get()" operation, and
don't convert to milliseconds until we absolutely must.

In this case, it seemed fine to use a full monotime_coarse_t rather
than a truncated "stamp" as we did to solve this problem for the
timerstamps in buf_t and packed_cell_t: There are vastly more cells
and buffer chunks than there are channels, and using 16 bytes per
channel in the worst case is not a big deal.

There are still more millisecond operations here than strictly
necessary; let's see any divisions show up in profiles.
2017-12-13 09:46:58 -05:00
Nick Mathewson
dd6dec2665 Add a function to add msec to a monotime.
We'll use this for the channel padding logic.
2017-12-13 08:54:29 -05:00
Nick Mathewson
4c877ae874 Add monotime functions for clearing monotonic times
We need this to replace some of our "msec" users with monotime
users.
2017-12-13 08:29:23 -05:00
Nick Mathewson
426110dfa2 Merge branch 'maint-0.3.2' 2017-12-12 19:46:53 -05:00
Nick Mathewson
15b41fa6ae Make sandbox.c compile when libseccomp-dev is installed on arm64
Fixes ticket 24424.  Patch from weasel.
2017-12-12 19:46:03 -05:00
Nick Mathewson
9abef516f6 Merge branch 'maint-0.3.2' 2017-12-12 19:27:14 -05:00
Nick Mathewson
bf89b08930 Merge branch 'bug24367_032_squashed' into maint-0.3.2 2017-12-12 19:17:38 -05:00
teor
19a4abf2a9 Make sure bridges are definitely running before delaying directory fetches
Retry directory downloads when we get our first bridge descriptor
during bootstrap or while reconnecting to the network. Keep retrying
every time we get a bridge descriptor, until we have a reachable bridge.

Stop delaying bridge descriptor fetches when we have cached bridge
descriptors. Instead, only delay bridge descriptor fetches when we
have at least one reachable bridge.

Fixes bug 24367; bugfix on 0.2.0.3-alpha.
2017-12-12 19:17:25 -05:00
teor
6b5c70670b Simplify some conditionals in circuit_get_open_circ_or_launch()
When entry_list_is_constrained() is true, guards_retry_optimistic()
always returns true.

When entry_list_is_constrained() is false,
options->UseBridges is always false,
therefore !options->UseBridges is always true,
therefore (!options->UseBridges || ...) is always true.

Cleanup after #24367.
2017-12-12 19:17:25 -05:00
Nick Mathewson
13455c0f1a Merge branch 'maint-0.3.2' 2017-12-12 09:32:29 -05:00
Nick Mathewson
e622f208a3 Merge remote-tracking branch 'teor/bug23827-v2' 2017-12-12 09:27:03 -05:00
George Kadianakis
b6fd78ea30 hs-v3: Don't lookup an intro point while cleaning it up
Commit e80893e51b made tor call
hs_service_intro_circ_has_closed() when we mark for close a circuit.

When we cleanup intro points, we iterate over the descriptor's map of intro
points and we can possibly mark for close a circuit. This was problematic
because we would MAP_DEL_CURRENT() the intro point then free it and finally
mark for close the circuit which would lookup the intro point that we just
free in the map we are iterating over.

This can't be done and leads to a use-after-free because the intro point will
be returned successfully due to the fact that we are still in the loop
iterating. In other words, MAP_DEL_CURRENT() followed by a digest256map_get()
of the same object should never be done in the same loop.

Fixes #24595

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-12 09:21:25 -05:00
Nick Mathewson
9c604e2bbb Fix compilation: logfile_is_external() must accept const* 2017-12-12 09:21:12 -05:00
Nick Mathewson
6c5a73f87a Merge remote-tracking branch 'ahf-oniongit/bugs/24362' 2017-12-12 09:18:52 -05:00
Alexander Færøy
cbc465a3d1 Simplify explicit conditional checks into an inlined function.
This patch lifts the check for whether a given log file (`logfile_t`) is
an "external logfile" (handled by an external logging system such as
syslog, android's logging subsystem, or as an external C callback
function) into a function on its own.

See: https://bugs.torproject.org/24362
2017-12-12 01:17:57 +00:00
Nick Mathewson
eecfed0cd2 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-11 16:56:31 -05:00
Nick Mathewson
f7151387d9 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-11 16:56:31 -05:00
Nick Mathewson
cdee62da9e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-11 16:56:31 -05:00
Nick Mathewson
da38904efb Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-11 16:56:31 -05:00
Nick Mathewson
1deda2106b Merge branch 'bug24167_025' into maint-0.2.5 2017-12-11 16:56:28 -05:00
Nick Mathewson
eaaa1108a3 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-11 16:54:14 -05:00
Nick Mathewson
04524443d0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-11 16:54:14 -05:00
Nick Mathewson
2ea573ece8 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-11 16:54:14 -05:00
Nick Mathewson
bc1ea4f470 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-11 16:54:11 -05:00
Nick Mathewson
f5d4bdf305 Merge remote-tracking branch 'public/ticket23856_025_01' into maint-0.2.5 2017-12-11 16:53:02 -05:00
Nick Mathewson
736e7299ce Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-11 16:51:58 -05:00
Nick Mathewson
7fcb222ab7 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-11 16:51:58 -05:00
Nick Mathewson
7e486dd6f7 Merge remote-tracking branch 'public/bug23985_029' into maint-0.2.9 2017-12-11 16:51:54 -05:00
Nick Mathewson
f7b41bcdf0 Merge branch 'bug24086_031' into maint-0.3.1 2017-12-11 16:49:01 -05:00
Nick Mathewson
828333e38c Merge remote-tracking branch 'public/bug24099_031' into maint-0.3.1 2017-12-11 16:48:44 -05:00
Nick Mathewson
d2031f2c60 Merge remote-tracking branch 'public/bug23817_031' into maint-0.3.1 2017-12-11 16:45:54 -05:00
Nick Mathewson
d5400d50e7 Merge branch 'maint-0.3.2' 2017-12-11 16:43:51 -05:00
Nick Mathewson
ae608408e9 Merge remote-tracking branch 'asn/bug23862_031' into maint-0.3.1 2017-12-11 16:43:41 -05:00
Nick Mathewson
c55a054236 Merge remote-tracking branch 'asn/bug23862_030' into maint-0.3.0 2017-12-11 16:41:28 -05:00
Nick Mathewson
418d8bbe92 Merge branch 'stack_fixes_032_v2' into maint-0.3.2 2017-12-11 16:25:04 -05:00
Nick Mathewson
f539d89fd9 Move subtraction in rephist to try to avoid STACK warning
(I do not know why this one is happening)
2017-12-11 16:23:11 -05:00
Nick Mathewson
3da15bcbe8 Stop checking for sandbox:new_element() failures: it can't fail.
(It can't fail because the tor_malloc*() family of functions can
never return NULL)

Found with STACK
2017-12-11 16:06:25 -05:00
Nick Mathewson
472473ec5d transport_new() cannot fail; do not check for it to fail.
(It can't fail because the tor_malloc*() family of functions can
never return NULL)

Found with STACK.
2017-12-11 16:06:00 -05:00
Nick Mathewson
252db6ad26 Merge branch 'maint-0.3.2' 2017-12-11 16:02:10 -05:00
David Goulet
057139d383 sched: Avoid integer overflow when computing tcp_space
In KIST, we could have a small congestion window value than the unacked
packets leading to a integer overflow which leaves the tcp_space value to be
humongous.

This has no security implications but it results in KIST scheduler allowing to
send cells on a potentially saturated connection.

Found by #24423. Fixes #24590.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-11 15:45:19 -05:00
Nick Mathewson
f205dabf7a Stop using event_base_once().
This function leaks memory when the event_base is freed before the
event itself fires.  That's not harmful, but it's annoying when
trying to debug other memory leaks.

Fixes bug 24584; bugfix on 0.2.8.1-alpha.
2017-12-11 12:23:02 -05:00
Nick Mathewson
3b465ebf2e Changes file and tor_api.h tweaks for 24581. 2017-12-11 11:55:41 -05:00
Nick Mathewson
06ffafcb9d Set DH parameters to NULL on shutdown
If we don't do this, we will use freed memory on restart.

Part of 24581.
2017-12-11 11:52:19 -05:00
Nick Mathewson
474ca13d6a Mark libevent unitialized on shutdown.
This is necessary so that we will reinitialize it on startup.
2017-12-11 11:52:19 -05:00
Nick Mathewson
322abc030e On exit, free the event_base and set its pointer to NULL.
When we didn't do this before, we'd have some still-reachable memory
warnings, and we'd find ourselves crashing when we tried to
reinitialize libevent.

Part of 24581 (don't crash when restarting Tor in-process)
2017-12-11 11:52:19 -05:00
Nick Mathewson
e18840f619 Fix the log-severities memory-leak in tor-resolve.c
Also, rename the variable to have a more manageable name, and make
its scope more clear.

Fixes bug 24582; bugfix on 0.2.1.1-alpha.
2017-12-11 11:49:57 -05:00
Nick Mathewson
ea929e8456 Merge remote-tracking branch 'public/feature24427' 2017-12-11 09:59:46 -05:00
Nick Mathewson
c2822bbc63 Fix compilation of 23459 patch.
The free() changes of 23447 had broken the pending 23459 patch.
2017-12-11 09:55:38 -05:00
Nick Mathewson
7803b19c43 Merge remote-tracking branch 'ffmancera/github/bug23459' 2017-12-11 09:53:39 -05:00
Nick Mathewson
030d3d52f5 Merge remote-tracking branch 'teor/comment24575' 2017-12-11 09:46:23 -05:00
Nick Mathewson
98682f689b Merge branch 'maint-0.3.2' 2017-12-11 09:45:17 -05:00
Matt Traudt
265b8e8645 Function declaration whitespace 2017-12-11 09:43:09 -05:00
Matt Traudt
67793b615b One more missed chance to use get_scheduler_state_string 2017-12-11 09:43:09 -05:00
Matt Traudt
667f931177 Make get_scheduler_state_string available to scheduler*.c 2017-12-11 09:43:09 -05:00
Matt Traudt
8797c8fbd3 Remove now-duplicate log_debug lines 2017-12-11 09:43:09 -05:00
Matt Traudt
07898fb2a6 Helper to log chan scheduler_states as strings not ints 2017-12-11 09:43:09 -05:00
Matt Traudt
273325e216 Add all the missed scheduler_state assignments 2017-12-11 09:43:08 -05:00
Matt Traudt
5e7fdb8b3f Fix cosmetic issues around scheduler_set_channel_state
Whitespace issues

Line length

Unused variable
2017-12-11 09:43:04 -05:00
Nick Mathewson
d68abbe358 Merge remote-tracking branch 'dgoulet/bug23603_032_02' into maint-0.3.2 2017-12-11 09:42:12 -05:00
ArunaMaurya221B
ad5cfa3039 Bug:24531 Function to change channel scheduler state for easy debugging added. 2017-12-11 08:46:43 -05:00
ArunaMaurya221B
d77cacb7ab Bug:24531 Add function to change scheduler state and always use it 2017-12-11 08:46:39 -05:00
Alexander Færøy
b0b8f7c30c Add support for Android's logging subsystem.
This patch adds support for Android's logging subsystem in Tor. When
debugging Android applications it is useful to be able to collect
information about the application running on the platform via the
various system services that is available on the platform.

This patch allows you to add "Log notice android" to your torrc and have
Tor send everything above and including the notice severity to Android's
ring buffer which can be inspected using the 'adb logcat' program.

See: https://bugs.torproject.org/24362
2017-12-11 13:22:39 +00:00
Nick Mathewson
58e8094816 Fix compilation with --disable-memory-sentinels
We'd broken this with the recent _free() rewrite.
2017-12-11 08:01:54 -05:00
Alexander Færøy
78a582ed88 Restructure log initilization function to allow multiple backends without arguments.
This patch ensures that we more easily can extend our log backends that
does not take any additional argument other than a single keyword. This
patch is mostly reindentation of some code which is why it is split out
into its own patch.

See: https://bugs.torproject.org/24362
2017-12-11 13:00:48 +00:00
teor
35055cfa7f
Update the comment in options_transition_affects_guards()
It referred to the an old function name.

Fixes #24575, bugfix on 0.3.0.
2017-12-11 03:18:48 +11:00
Nick Mathewson
6f3a862966
Run the download_status_increment test in a forked process.
It messes with global state somehow in a way that makes several of
the entryconn tests fail now.
2017-12-11 00:57:04 +11:00
teor
bbc781885d
fixup! Add networkstatus_consensus_has_ipv6() and unit tests
This is what happens when you don't run:
make check-spaces
make check-changes
2017-12-11 00:53:03 +11:00
teor
b66b62fb75
Stop waiting for microdescs if the consensus supports IPv6 ORPorts
Also make IPv6-only clients wait for microdescs for relays, even if we were
previously using descriptors (or were using them as a bridge) and have
a cached descriptor for them.

But if node_is_a_configured_bridge(), stop waiting for its IPv6 address in
a microdescriptor, because we'll never use it.

Implements #23827.
2017-12-11 00:34:31 +11:00
teor
28d4355a6e
Add networkstatus_consensus_has_ipv6() and unit tests
networkstatus_consensus_has_ipv6() tells us whether the consensus method of
our current consensus supports IPv6 ORPorts in the consensus.

Part of #23827.
2017-12-11 00:34:19 +11:00
Nick Mathewson
241b676638 Fix up test_circuitstats to use the new circuit_free macro 2017-12-08 17:52:45 -05:00
Nick Mathewson
0340c02975 Merge remote-tracking branch 'mikeperry/bug23114_squashed2' 2017-12-08 17:50:34 -05:00
Nick Mathewson
b189c613bb move a macro; fix a build? 2017-12-08 15:11:18 -05:00
Nick Mathewson
5ee0cccd49 Merge branch 'macro_free_v2_squashed' 2017-12-08 14:58:43 -05:00
Nick Mathewson
fa0d24286b Convert remaining function (mostly static) to new free style 2017-12-08 14:47:19 -05:00
Nick Mathewson
17dcce3fe1 Fix wide lines introduced by previous patch. 2017-12-08 14:47:19 -05:00
Nick Mathewson
285632a61b Replace all FREE_AND_NULL* uses to take a type and a free function.
This commit was made mechanically by this perl script:

\#!/usr/bin/perl -w -i -p

next if /^#define FREE_AND_NULL/;
s/\bFREE_AND_NULL\((\w+),/FREE_AND_NULL\(${1}_t, ${1}_free_,/;
s/\bFREE_AND_NULL_UNMATCHED\(/FREE_AND_NULL\(/;
2017-12-08 14:47:19 -05:00
Nick Mathewson
95531ddfbf Let's have only one FREE_AND_NULL variant.
This commit removes the old FREE_AND_NULL, and renames the old
FREE_AND_NULL_UNMATCHED so that it is now called FREE_AND_NULL.

This will break all the FREE_AND_NULL_* users; the next commit will
fix them.
2017-12-08 14:47:19 -05:00
Nick Mathewson
1d348989b0 Make tor_free only evaluate its input once (at least on gcc and clang) 2017-12-08 14:47:19 -05:00
Nick Mathewson
db024adc90 Switch to a safer FREE_AND_NULL implementation
This one only evaluates the input once, so it cannot mess up even if
there are side effects.
2017-12-08 14:47:19 -05:00
Nick Mathewson
176ad729d9 Change the free macro convention in the rest of src/or/*.h 2017-12-08 14:47:19 -05:00
Nick Mathewson
0792cc107e Convert connection_free to a nulling macro. 2017-12-08 14:47:19 -05:00
Nick Mathewson
a48ba072a9 Rename connection_free_ to connection_free_minimal. 2017-12-08 14:47:19 -05:00
Nick Mathewson
b0cc9856ee Update free functions into macros: src/or/ part 1
This covers addressmap.h (no change needed) through confparse.h
2017-12-08 14:47:19 -05:00
Nick Mathewson
c92ac9f5cb Convert the rest of src/common's headers to use FREE_AND_NULL 2017-12-08 14:47:19 -05:00
Nick Mathewson
44010c6fc1 Merge branch 'dgoulet_ticket23709_033_01_squashed' 2017-12-08 14:44:09 -05:00
David Goulet
e96c577ed2 test: Make older GCC happy and thus our oniongit pipeline
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-08 14:43:27 -05:00
David Goulet
6120efd771 chan: Do not re-queue after a fail cell write
Couple things happen in this commit. First, we do not re-queue a cell back in
the circuit queue if the write packed cell failed. Currently, it is close to
impossible to have it failed but just in case, the channel is mark as closed
and we move on.

The second thing is that the channel_write_packed_cell() always took ownership
of the cell whatever the outcome. This means, on success or failure, it needs
to free it.

It turns out that that we were using the wrong free function in one case and
not freeing it in an other possible code path. So, this commit makes sure we
only free it in one place that is at the very end of
channel_write_packed_cell() which is the top layer of the channel abstraction.
This makes also channel_tls_write_packed_cell_method() return a negative value
on error.

Two unit tests had to be fixed (quite trivial) due to a double free of the
packed cell in the test since now we do free it in all cases correctly.

Part of #23709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-08 14:43:27 -05:00
Fernando Fernandez Mancera
8559827280 Split client-side get_rend_circ into two functions.
Split hs_circuitmap_get_rend_circ_client_side(). One returns only established
circuits (hs_circuitmap_get_established_rend_circ_client_side()) and the other
returns all kinds of circuits.

Fixes #23459

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-08 18:14:08 +01:00
Nick Mathewson
021fdd39e4 Use mach_approximate_time() for coarse time where available.
This lets us have a coarse-time implementation with reasonable
performance characteristics on OSX and iOS.

Implements 24427.
2017-12-08 09:24:02 -05:00
teor
bb7c5b431d
Move a comment to relay_send_end_cell_from_edge()
It looks like it was left behind in a refactor.

Fixes 24559.
2017-12-08 12:49:33 +11:00
Nick Mathewson
afceb431ed add a missing windows underscore 2017-12-07 15:14:49 -05:00
Nick Mathewson
45b9b2245f Merge branch 'maint-0.3.2' 2017-12-07 08:42:56 -05:00
Nick Mathewson
4b41ffa64d Merge branch 'arthuredelstein_18859+1_031' into maint-0.3.2 2017-12-07 08:42:49 -05:00
Nick Mathewson
c2c0f83c23 Revert accidentally-committed code from 046acf208b 2017-12-07 08:28:57 -05:00
Mike Perry
050bb67974 Add tests for circuitstats.c
These tests primarily test the relaxed and measured behavior of
circuitstats.c, to make sure we did not break it with #23100 or #23114.
2017-12-07 00:04:39 +00:00
Mike Perry
125df07d60 Report close and timeout rates since uptime, not based on data.
Bug #23114 was harder to see because we were just reporting our math,
rather than reporting behavior.
2017-12-07 00:04:39 +00:00
Mike Perry
ed89588c4f Bug #23114: Time out circuits immediately.
This changes the purpose of circuits that are past the timeout to measurement
*as they are built*, ensuring accurate application of the timeout logic.
2017-12-07 00:04:38 +00:00
Mike Perry
b5d4cd1b41 Bug #23100: Count all 3 hop circuits for CBT.
This change causes us to count anything once it reaches 3 hops (but not
after).
2017-12-07 00:04:33 +00:00
Arthur Edelstein
2bd91dbd34 Don't consider a port "handled" by an isolated circuit.
Previously, circuit_stream_is_being_handled incorrectly reported
that (1) an exit port was "handled" by a circuit regardless of
whether the circuit was already isolated in some way, and
(2) that a stream could be "handled" by a circuit even if their
isolation settings were incompatible.

As a result of (1), in Tor Browser, circuit_get_unhandled_ports was
reporting that all ports were handled even though all non-internal
circuits had already been isolated by a SOCKS username+password.

Therefore, circuit_predict_and_launch_new was declining to launch
new exit circuits. Then, when the user visited a new site in Tor
Browser, a stream with new SOCKS credentials would be initiated,
and the stream would have to wait while a new circuit with those
credentials could be built. That wait was making the
time-to-first-byte longer than it needed to be.

Now, clean, not-yet-isolated circuit(s) will be automatically
launched ahead of time and be ready for use whenever a new stream
with new SOCKS credentials (or other isolation criteria) is
initiated.

Fixes bug 18859. Thanks to Nick Mathewson for improvements.
2017-12-06 14:18:41 -08:00
Nick Mathewson
046acf208b Fix a compiler warning 2017-12-06 15:46:54 -05:00
Nick Mathewson
5f518c69aa Merge remote-tracking branch 'public/monotime_coarse_stamps' 2017-12-06 15:43:50 -05:00
Nick Mathewson
c470a6d278 Merge remote-tracking branch 'teor/bug24488' 2017-12-06 14:44:03 -05:00
Nick Mathewson
d4ca18573c Merge remote-tracking branch 'dgoulet/bug24502_032_01' into maint-0.3.2 2017-12-06 14:37:53 -05:00
Nick Mathewson
91f72bbb6c Merge remote-tracking branch 'teor/bug24489' 2017-12-06 14:37:15 -05:00
Nick Mathewson
aa6212a858 Merge remote-tracking branch 'dgoulet/bug24502_032_01' 2017-12-06 14:31:33 -05:00
David Goulet
1a55a5ff06 test: Add a KIST test for a non opened channel
This makes sure that a non opened channel is never put back in the channel
pending list and that its state is consistent with what we expect that is
IDLE.

Test the fixes in #24502.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-06 11:33:01 -05:00
Alexander Færøy
9fa38bd996
Check the return value of hs_parse_address().
This patch adds a check for the return value of `hs_parse_address()` in
`hs_control_hspost_command()`. Since it should not be possible for
`hs_parse_address()` to fail in this context we wrap the error check
with the `BUG()` macro.

See: https://bugs.torproject.org/24543
2017-12-06 14:56:52 +01:00
Nick Mathewson
01700d779c Initialize pk so that older gcc versions don't freak out. 2017-12-05 20:00:49 -05:00
Nick Mathewson
a7a0cebb59 Merge branch 'more_directories_squashed' 2017-12-05 19:49:45 -05:00
Nick Mathewson
a57bcffcc7 Implement the various get_foodir_*() functions. 2017-12-05 19:49:29 -05:00
Nick Mathewson
a9806af261 Create a CacheDirectory and KeyDirectory options.
They work the same as DataDirectory, but default slightly different.

Tor is not actually updated to use them yet.
2017-12-05 19:49:28 -05:00
Nick Mathewson
39a780e85a Clean up a needlessly complex get_datadir_fname use 2017-12-05 19:49:28 -05:00
Nick Mathewson
3907faf2fd New accessors for keydir/cachedir access
This patch is a result of auditing all of our uses of
get_datadir_fname() and its kin, and dividing them into cache vs
keys vs other data.

The new get_keydir_fname() and get_cachedir_fname() functions don't
actually do anything new yet.
2017-12-05 19:49:28 -05:00
Nick Mathewson
7b34ab3e38 Extract common code for creating the keys directory.
This had somehow gotten duplicated between router.c and routerkeys.c
2017-12-05 19:49:28 -05:00
Nick Mathewson
2e872f6b32 Use get_datadir_fname() accessor in networkstatus.c 2017-12-05 19:49:28 -05:00
Nick Mathewson
36779df4c4 Extract the code that creates the datadir into a separate function. 2017-12-05 19:49:28 -05:00
Nick Mathewson
e8a6a6635b Merge branch 'dgoulet_ticket20699_033_01' 2017-12-05 19:43:23 -05:00
David Goulet
c094802697 control: Improve ADD_ONION helper function comments
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
8c02fc15ae control: Don't use void pointer for ADD_ONION secret key
Make this a bit more safe with at least type checking of the pointers
depending on the version.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
9c6560fe29 test: Add HS_DESC v3 unit tests
This introduces the test_hs_control.c file which at this commit contains basic
unit test for the HS_DESC event.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
ace42acff0 control: HSPOST command support for v3
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
475d8d1a3d control: Don't check if Server is an HSDir for HSPOST
This is removed for two reasons. First, HSDir accepts descriptor even though
they don't think they are in fact an HSDir. This is to avoid consensus desync
between client/service and directories.

Second, our malicious HSDir scanner uses the HSPOST command to post on all
relays in order to test them before they could become HSDir. We had to remove
that check from the tor code that the scanner uses.

Thus, this check should not be enforced by the control port for the above use
cases. It is also a bit more complex with v3 support for which not all HSDir
support it so basically irrelevant check.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
683fccba8f hs-v3: Add an handler for the HSPOST command
It is not used yet at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
e71c6199dd hs-v3: Add a public function to upload a descriptor to an HSDir
This is groundwork for the HSPOST control port command that needs a way in the
HS subsystem to upload a service descriptor to a specific HSDir.

To do so, we add a public function that takes a series of parameters including
a fully encoded descriptor and initiate a directory request to a specific
routerstatut_t object.

It is for now not used but should be, in future commit, by the HSPOST command.
This commit has no behavior change, only refactoring.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
2c8e97db58 hs-v3: Implement HS_DESC_CONTENT event
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
cc26d4fa21 control: Support HS v3 for CIRC and CIRC_MINOR event
"REND_QUERY=" can now output a v3 address.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
13bb4f60f0 hs-v3: Support HS_DESC UPLOAD failed
When failing to upload a descriptor, signal the control port with a FAILED
event.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
427b247c8d hs-v3: Implement HS_DESC UPLOADED event
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
c7050eaa16 hs-v3: Implement HS_DESC UPLOAD event
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
b71a9b60cc hs-v3: Implement HS_DESC CREATED event
This makes the REPLICA= field optional for the control port event. A v2
service will always pass it and v3 is ignored.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
3b436d495f hs-v3: Implement HS_DESC RECEIVED event
Adds a v3 specific function to handle a received event.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
8365de1da3 hs-v3: Implement HS_DESC FAILED event
A new v3 specific function has been added named
control_event_hsv3_descriptor_failed().

The HS v3 subsystem now uses it.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
743d0b9d91 hs-v3: Implement HS_DESC REQUESTED event
This changes the control_event_hs_descriptor_requested() call to add the hsdir
index optional value. v2 passes NULL all the time.

This commit creates hs_control.{c|h} that contains wrappers for the HS
subsystem to interact with the control port subsystem.

The descriptor REQUESTED event is implemented following proposal 284 extension
for v3.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
e7d606900e control: Rename two HS v2 specific functions
Make control_event_hs_descriptor_received() and
control_event_hs_descriptor_failed() v2 specific because they take a
rend_data_t object and v3 will need to pass a different object.

No behavior change.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
beacbbe210 control: Refactor control_event_hs_descriptor_receive_end
First, rename and make that function static because it is internal to
control.c and called by two HS_DESC events.

Second, make it take more basic parameters and thus not a rend_data_t object
so we can still use the function for v3 HS that doesn't use that object.

Third, move the descriptor ID lookup to the two specific events (yes little
code duplication there) because they get a rend_data_t object which won't be
the case for v3.

Finally, through this refactoring, change the pointer check to BUG() and
change some parameter names to reflect what they really are.

No behavior change at this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
242ddc85c8 control: Refactor HS_DESC events functions to not be v2 specific
This is a naming refactor mostly _except_ for a the events' function that take
a rend_data_t which will require much more refactoring.

No behavior change at this commit, cleanup and renaming stuff to not be only
v2 specific.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
4633a93ca8 hs-v3: Downgrade warning log when an intro circuit has closed
When an intro circuit has closed, do not warn anymore when we can't find the
service. It is possible to hit that condition if the service is removed before
the circuits were fully closed. This happens in the case of deleting an
ephemeral service.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
David Goulet
f0e3331f3c hs-v3: Add ephemeral service support
The functions are now used by the ADD_ONION/DEL_ONION control port command as
well. This commits makes them fully functionnal with hidden service v3.

Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 19:39:46 -05:00
Nick Mathewson
1969d57363 Change our build process to run Cargo from inside the build tree
Instead of using the cwd to specify the location of Cargo.toml, we
use the --manifest-path option to specify its location explicitly.

This works around the bug that isis diagnosed on our jenkins builds.
2017-12-05 14:23:55 -05:00
Nick Mathewson
a798ba6e9b Merge branch 'maint-0.3.2' 2017-12-05 12:10:06 -05:00
Nick Mathewson
779e4b9dcf Tweaks to strings in 24500 2017-12-05 12:09:57 -05:00
Fernando Fernandez Mancera
313360e6e6 Make errno error log more useful for getrandom()
Making errno error log more useful for getrandom() call. Adding if statement to
make difference between ENOSYS and other errors.

Fixes #24500

Signed-off-by: Fernando Fernandez Mancera <ffernandezmancera@gmail.com>
2017-12-05 12:05:09 -05:00
David Goulet
68601a85ca test: Add HSv3 unit test for expiring intro point
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 10:55:41 -05:00
David Goulet
e80893e51b hs-v3: Cleanup HS circuits when marking as closed
First, hs_service_intro_circ_has_closed() is now called in circuit_mark_for
close() because the HS subsystem needs to learn when an intro point is
actually not established anymore as soon as possible. There is a time window
between a close and a free.

Second, when we mark for close, we also remove it from the circuitmap because
between the close and the free, a service can launch an new circuit to that
same intro point and thus register it which only succeeds if the intro point
authentication key is not already in the map.

However, we still do a remove from the circuitmap in circuit_free() in order
to also cleanup the circuit if it wasn't marked for close prior to the free.

Fixes #23603

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 10:55:41 -05:00
David Goulet
ba63c4099a hs-v3: Don't cleanup intro point in has_closed()
The hs_service_intro_circ_has_closed() was removing intro point objects if too
many retries.

We shouldn't cleanup those objects in that function at all but rather let
cleanup_intro_points() do its job and clean it properly.

This was causing an issue in #23603.

Furthermore, this moves the logic of remembering failing intro points in the
cleanup_intro_points() function which should really be the only function to
know when to cleanup and thus when an introduction point should be remembered
as a failed one.

Fixes #23603

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-05 10:55:41 -05:00
David Goulet
97702c69b0 sched: Set channel scheduler state to IDLE when not opened
In the KIST main loop, if the channel happens to be not opened, set its state
to IDLE so we can release it properly later on. Prior to this fix, the channel
was in PENDING state, removed from the channel pending list and then kept in
that state because it is not opened.

This bug was introduced in commit dcabf801e5 for
which we made the scheduler loop not consider unopened channel.

This has no consequences on tor except for an annoying but harmless BUG()
warning.

Fixes #24502

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-04 14:48:15 -05:00
Nick Mathewson
0694a6dc01 Don't pass --quiet to cargo for now
Fixes bug 24518.
2017-12-04 14:19:22 -05:00
Nick Mathewson
70b19894ae Merge branch 'maint-0.3.2' 2017-12-04 13:23:52 -05:00
David Goulet
ff6c8cf861 sched: Downgrade warning log to info in KIST
Some platforms don't have good monotonic time support so don't warn when the
diff between the last run of the scheduler time and now is negative. The
scheduler recovers properly from this so no need to be noisy.

Fixes #23696

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-12-04 12:22:02 -05:00
Nick Mathewson
f50d64b62e Merge branch 'bug23826-23828_squashed' 2017-12-04 11:43:11 -05:00
teor
9acfd70f26
Sprinkle some consts in networkstatus_getinfo_by_purpose()
And note where we change the running flag, but probably shouldn't.

Implements ticket 24489.
2017-12-02 21:21:41 +11:00
teor
f1a5000b98
Make set_routerstatus_from_routerinfo() set IPv6 unspecified addresses
When creating a routerstatus (vote) from a routerinfo (descriptor),
set the IPv6 address to the unspecified IPv6 address, and explicitly
initialise the port to zero.

Also clarify the documentation for the function.

Fixes bug 24488; bugfix on 0.2.4.1-alpha.
2017-12-02 21:00:22 +11:00
Nick Mathewson
953a8f8510 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-12-01 12:13:40 -05:00
Nick Mathewson
5c03bb7c0c Merge branch 'maint-0.3.0' into maint-0.3.1 2017-12-01 12:13:40 -05:00
Nick Mathewson
3bca705c54 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-12-01 12:13:40 -05:00
Nick Mathewson
b86c9acac3 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-12-01 12:13:40 -05:00
Nick Mathewson
cf3da63b90 Merge branch 'maint-0.3.2' 2017-12-01 12:13:40 -05:00
Nick Mathewson
f97f301b5b Merge branch 'maint-0.2.5' into maint-0.2.8 2017-12-01 12:13:39 -05:00
Nick Mathewson
461e34bb3d Fix a clang compilation warning in rendservice.c
Fixes bug 24480; bugfix on 0.2.5.16.
2017-12-01 12:13:15 -05:00
Nick Mathewson
998a247123 bump to 0.3.2.6-alpha-dev 2017-12-01 09:34:31 -05:00
Nick Mathewson
a12dbbd882 bump to 0.3.1.9-dev 2017-12-01 09:34:20 -05:00
Nick Mathewson
1983068ba9 bump to 0.3.0.13-dev 2017-12-01 09:34:09 -05:00
Nick Mathewson
73869c99a0 bump to 0.2.9.14-dev 2017-12-01 09:34:00 -05:00
Nick Mathewson
8f858de819 bump to 0.2.8.17-dev 2017-12-01 09:33:51 -05:00
Nick Mathewson
162a087e5f bump to 0.2.5.16-dev 2017-12-01 09:33:41 -05:00
George Kadianakis
1c9f063486 Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-12-01 14:13:22 +02:00
George Kadianakis
210f0c24f0 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-12-01 14:09:29 +02:00
George Kadianakis
6bd64e8212 Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-12-01 14:06:32 +02:00
George Kadianakis
8276a0ab85 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-12-01 14:06:28 +02:00
Nick Mathewson
424ab08b5a bump to 0.3.2.6-alpha 2017-11-30 12:26:30 -05:00
Nick Mathewson
4ebd436541 version bump to 0.3.1.9 2017-11-30 12:25:48 -05:00
Nick Mathewson
f2ecdeb724 version bump to 0.3.0.13 2017-11-30 12:25:01 -05:00
Nick Mathewson
16c9cfd658 version bump to 0.2.9.14 2017-11-30 12:24:07 -05:00
Nick Mathewson
6ee4472544 version bump to 0.2.8.17 2017-11-30 12:22:32 -05:00
Nick Mathewson
6bda6777c1 bump to 0.2.5.16 2017-11-30 12:19:48 -05:00
Nick Mathewson
cef844d017 Merge branch 'maint-0.3.2' 2017-11-30 12:07:59 -05:00
Nick Mathewson
fd73a168ca Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-30 12:07:59 -05:00
Nick Mathewson
ee48eb1eb5 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-30 12:07:59 -05:00
Nick Mathewson
5fc0587c04 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-30 12:07:59 -05:00
Nick Mathewson
7e2b012b46 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-30 12:07:59 -05:00
Nick Mathewson
ba4a9cf0c0 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-30 12:07:59 -05:00
Nick Mathewson
d459c08b7d Merge branch 'trove-2017-012_030' into maint-0.3.0 2017-11-30 12:07:43 -05:00
Nick Mathewson
52d7af631c Merge branch 'trove-2017-010_029' into maint-0.2.9 2017-11-30 12:07:26 -05:00
Nick Mathewson
f49876d66e Merge branch 'trove-2017-012_025' into maint-0.2.5 2017-11-30 12:06:21 -05:00
Nick Mathewson
08ce39fb0f Merge branch 'trove-2017-011_025' into maint-0.2.5 2017-11-30 12:06:17 -05:00
Nick Mathewson
a6a0c7a4ec Merge branch 'trove-2017-009_025' into maint-0.2.5 2017-11-30 12:05:59 -05:00
Nick Mathewson
766d0a2d98 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-30 11:48:12 -05:00
Nick Mathewson
500f04a74e Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-30 11:48:12 -05:00
Nick Mathewson
072e194a15 Merge branch 'bug21394_029' into maint-0.2.9 2017-11-30 11:48:06 -05:00
Nick Mathewson
a1b0a0b9cd Avoid use-after-free error in 20020 fix
CID 1424328; found by coverity; bugfix on 93dbce4ddd98ca9a4ff2f;
bug not in any released Tor.
2017-11-30 11:44:15 -05:00
Nick Mathewson
1c7121be54 Merge branch 'bug24119_squashed' 2017-11-30 08:00:34 -05:00
Alex Xu (Hello71)
f1e8e54964 Simplify channel_rsa_id_group_set_badness, #24119 2017-11-30 08:00:24 -05:00
Nick Mathewson
27f017639f Merge branch 'ticket20020' 2017-11-29 20:24:34 -05:00
Nick Mathewson
20fa6a3883 Merge branch 'maint-0.3.2' 2017-11-29 12:06:14 -05:00
Nick Mathewson
f0007f2b8d Merge branch 'bug24050_029_squashed' into maint-0.3.2 2017-11-29 12:05:49 -05:00
Nick Mathewson
eb1976202e Fix unit tests for 24050. 2017-11-29 12:05:36 -05:00
Nick Mathewson
6a9c3d6e3a Merge branch 'maint-0.3.2' 2017-11-29 12:02:44 -05:00
Nick Mathewson
9b44bb49b4 Merge branch 'bug24050_029_squashed' into maint-0.3.2 2017-11-29 12:02:07 -05:00
Nick Mathewson
a94c486102 Make the cache_ipv4_answers default become 0 again, for real.
Fortunately, use_cached_ipv4_answers was already 0, so we wouldn't
actually use this info, but it's best not to have it.

Fixes bug 24050; bugfix on 0.2.6.3-alpha
2017-11-29 12:01:45 -05:00
David Goulet
7bb269548d hs-v3: Bump hsdir_spread_store from 3 to 4
Per the analysis in
https://trac.torproject.org/projects/tor/ticket/23170#comment:17, this will
greatly improve service reachability.

Closes #24425

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-29 09:19:02 -05:00
David Goulet
6ab07419c8 Use local descriptor object to exclude self in path selection
TROVE-2017-12. Severity: Medium

When choosing a random node for a circuit, directly use our router
descriptor to exclude ourself instead of the one in the global
descriptor list. That list could be empty because tor could be
downloading them which could lead to not excluding ourself.

Closes #21534
2017-11-28 19:14:10 -05:00
David Goulet
91cee3c9e7 Guard: Don't pick ourselves as a possible Guard
TROVE-2017-12. Severity: Medium

Thankfully, tor will close any circuits that we try to extend to
ourselves so this is not problematic but annoying.

Part of #21534.
2017-11-28 19:12:56 -05:00
David Goulet
3030741b5d hs-v2: Remove any expiring intro from the retry list
TROVE-2017-13. Severity: High.

In the unlikely case that a hidden service could be missing intro circuit(s),
that it didn't have enough directory information to open new circuits and that
an intro point was about to expire, a use-after-free is possible because of
the intro point object being both in the retry list and expiring list at the
same time.

The intro object would get freed after the circuit failed to open and then
access a second time when cleaned up from the expiring list.

Fixes #24313
2017-11-28 18:41:29 -05:00
Nick Mathewson
1880a6a88e Avoid asking for passphrase on junky PEM input
Fixes bug 24246 and TROVE-2017-011.

This bug is so old, it's in Matej's code.  Seems to have been
introduced with e01522bbed.
2017-11-27 15:25:03 -05:00
Nick Mathewson
2c0487ecfb Handle NULL input to protover_compute_for_old_tor()
Fixes bug 24245; bugfix on 0.2.9.4-alpha. TROVE-2017-010.
2017-11-27 15:16:30 -05:00
Nick Mathewson
2834cc9c18 Fix length of replaycache-checked data.
This is a regression; we should have been checking only the
public-key encrypted portion.  Fixes bug 24244, TROVE-2017-009, and
CVE-2017-8819.
2017-11-27 15:12:19 -05:00
Nick Mathewson
b230860608 Merge branch 'maint-0.3.2' 2017-11-27 10:04:16 -05:00
Nick Mathewson
ef54610442 Merge branch 'ticket23856_025_01' into maint-0.3.2 2017-11-27 10:02:03 -05:00
David Goulet
8be50ca3ea relay: Change bandwidth stats interval to 24 hours
Going from 4 hours to 24 hours in order to try reduce the efficiency of guard
discovery attacks.

Closes #23856

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-27 10:00:40 -05:00
Nick Mathewson
9c37e8c8d1 Fix unit tests that depended on monotonic msec. 2017-11-27 09:43:15 -05:00
Nick Mathewson
c3c0a05f51 Add a new notion of "stamps" to be a fast 32-bit monotonic timestamp
The goal here is to replace our use of msec-based timestamps with
something less precise, but easier to calculate.  We're doing this
because calculating lots of msec-based timestamps requires lots of
64/32 division operations, which can be inefficient on 32-bit
platforms.

We make sure that these stamps can be calculated using only the
coarse monotonic timer and 32-bit bitwise operations.
2017-11-27 09:43:15 -05:00
Nick Mathewson
b1c4ab0bec Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-27 09:09:34 -05:00
Nick Mathewson
703ab95e9f Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-27 09:09:34 -05:00
Nick Mathewson
30b3229252 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-27 09:09:34 -05:00
Nick Mathewson
722c64fc23 Merge branch 'maint-0.3.2' 2017-11-27 09:09:34 -05:00
Nick Mathewson
4bb287aa39 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-27 09:09:34 -05:00
Sebastian Hahn
25c90230be Add bastet's ipv6 address
Implements ticket 24394
2017-11-27 09:09:16 -05:00
Alex Xu (Hello71)
2cda005ac4 Add fast paths to channel_rsa_id_group_set_badness, #24119 2017-11-24 12:42:51 -05:00
David Goulet
428ee55e51 doc: Update channel.c top comments from latest
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
04762be612 test: Cleanup unused code in test_channel.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
d443a5258f test: Add unit test for channel_listener_t
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
8c5ed4f150 test: Add unit test for channel_get_for_extend()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
36f1fb3be3 test: Add unit test for channel_check_for_duplicates()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
47aaaf4403 test: Add channel state unit test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
3ed0b28a01 test: Fix memleak of channel cmux
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
08d0c39b91 test: Fix channel dumpstats test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
bd7823b29b test: Fix channel lifecycle and lifecycle_2
They were broken due to previous commit. Fixes are trivial.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
fa8c98985b test: Add outbound channel cell test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
636eec32bf test: Improve the inbound channel cell test
First, that test was broken from the previous commit because the
channel_queue_cell() has been removed. This now tests the
channel_process_cell() directly.

Second, it wasn't testing much except if the channel subsystem actually went
through the cell handler. This commit adds more checks on the state of a
channel going from open, receiving a cell and closing.

Third, this and the id_map unit test are working, not the others so they've
been marked as not working and future commit will improve and fix those.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
1dc4f96d9c channel: Remove nickname attribute from channel_t
This was never set thus never could have been used. Get rid of it to simplify
the code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
163477b11e channel: Remove dead code
This removed code that was either never reached or irrelevant after the
incoming/outgoing queue removal such as the "timestamp_drained".

Lots of things are also removed from channel.h that do not exists anymore or
not used.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:50:13 -05:00
David Goulet
0e7b23535c channel: Add and cleanup comments
No code nor behavior change, only documentation.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:47:37 -05:00
David Goulet
56833bf449 channel: Requeue cell to circuit if channnel failed
If the channel layer failed to write a cell from the circuit queue, requeue it
so it can be retried on the same channel later.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:47:21 -05:00
David Goulet
6d1ea7766b channel: Remove unused write cell functions
The channel_write_cell() and channel_write_var_cell() can't be possibly called
nor are used by tor. We only write on the connection outbuf packed cell coming
from the scheduler that takes them from the circuit queue.

This makes channel_write_packed_cell() the only usable function. It is
simplify and now returns a code value. The reason for this is that in the next
commit(s), we'll re-queue the cell onto the circuit queue if the write fails.

Finally, channel unit tests are being removed with this commit because they do
not match the new semantic. They will be re-written in future commits.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:46:15 -05:00
David Goulet
e1c29a769c channel: Remove everything related to queue size
The channel subsystem was doing a whole lot to track and try to predict the
channel queue size but they are gone due to previous commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:44:46 -05:00
David Goulet
46a0709261 channel: Remove incoming/outgoing queue
For the rationale, see ticket #23709.

This is a pretty massive commit. Those queues were everywhere in channel.c and
it turns out that it was used by lots of dead code.

The channel subsystem *never* handles variable size cell (var_cell_t) or
unpacked cells (cell_t). The variable ones are only handled in channeltls and
outbound cells are always packed from the circuit queue so this commit removes
code related to variable and unpacked cells.

However, inbound cells are unpacked (cell_t), that is untouched and is handled
via channel_process_cell() function.

In order to make the commit compile, test have been modified but not passing
at this commit. Also, many tests have been removed but better improved ones
get added in future commits.

This commit also adds a XXX: which indicates that the handling process of
outbound cells isn't fully working. This as well is fixed in a future commit.

Finally, at this commit, more dead code remains, it will be cleanup in future
commits.

Fixes #23709

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 15:37:59 -05:00
David Goulet
d165f0fd30 relay: Improve comment in append_cell_to_circuit_queue()
This function is part of the tor fast path so this commit adds more
documentation to it as it is critical.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 09:41:10 -05:00
David Goulet
bf242ebe6c relay: Remove dead code
append_cell_to_circuit_queue() had code disabled from commit
2a95f31716

This code is 4+ years old related to bug #9072 so if we ever want to revisit
it, lets inspect/revert this commit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-22 09:41:10 -05:00
Nick Mathewson
a7e777ab8e bump to 0.3.2.5-alpha-dev 2017-11-22 08:34:02 -05:00
Nick Mathewson
bf882b0373 re-run ./scripts/maint/annotate_ifdef_directives 2017-11-21 14:07:43 -05:00
Nick Mathewson
5da0a73838 Merge branch 'ticket23953_033_squashed' 2017-11-21 14:06:57 -05:00
Nick Mathewson
25f882a9cf Use stdatomic.h for atomic_counter_t where available.
Closes ticket 23953.
2017-11-21 14:06:48 -05:00
Nick Mathewson
8b3580255d Merge remote-tracking branch 'teor/bug24372' 2017-11-21 13:57:48 -05:00
Nick Mathewson
1cc344b277 Merge remote-tracking branch 'teor/bug23760_nc' 2017-11-21 13:56:57 -05:00
Nick Mathewson
5da6120e88 bump version to 0.3.2.5-alpha 2017-11-21 12:54:11 -05:00
Nick Mathewson
517032b8ce Merge branch 'maint-0.3.2' 2017-11-21 12:41:39 -05:00
Nick Mathewson
ba94dc28e8 Merge branches 'bug24099_031' and 'bug24086_031' into maint-0.3.2 2017-11-21 12:37:46 -05:00
Nick Mathewson
ea13a47791 add an explanatory comment about the error codes 2017-11-21 12:36:32 -05:00
teor
03b18f6288
Fix a confusing comment about tie-breaking in compute_routerstatus_consensus()
Closes bug 24372.
2017-11-22 02:27:28 +11:00
Neel Chauhan
83b8034a98
Introduce node_get_curve25519_onion_key() in extend_info_from_node() 2017-11-22 02:20:54 +11:00
teor
d7833c9d27
Avoid crashing if we call num_usable_bridges() when bridges are not enabled
This applies the changes in 23524 to num_usable_bridges(), because it has
replaced any_bridge_descriptors_known().

The original changes file still applies.
2017-11-22 02:01:51 +11:00
teor
690f646bf8
Stop checking cached bridge descriptors for usable bridges
Stop checking for bridge descriptors when we actually want to know if
any bridges are usable. This avoids potential bootstrapping issues.
Fixes bug 24367; bugfix on 0.2.0.3-alpha.

Stop stalling when bridges are changed at runtime. Stop stalling when
old bridge descriptors are cached, but they are not in use.
Fixes bug 24367; bugfix on 23347 in 0.3.2.1-alpha.
2017-11-22 02:00:34 +11:00
Nick Mathewson
b1ab360eca Merge branch 'maint-0.3.2' 2017-11-20 14:35:26 -05:00
Nick Mathewson
da82e0b579 Merge branch 'bug23817_031' into maint-0.3.2 2017-11-20 14:29:50 -05:00
George Kadianakis
69f93f806c Check number of usable guards when applying md restrictions.
We used to check whether we have enough filtered guards (guard set when
torrc is applied) but that's not good enough, since that might be bad in
some cases where many guards are not reachable (might cause overblocking
and hence reacahbility issues).

We now check if we have enough reachable filtered guards before applying
md restrictions which should prevent overblocking.
2017-11-20 14:28:56 -05:00
Nick Mathewson
729f9a286c Merge branch 'maint-0.3.2' 2017-11-20 13:22:10 -05:00
Nick Mathewson
846df5b3cd Merge remote-tracking branches 'public/ticket24315_029' and 'public/bug24198_029' into maint-0.3.2 2017-11-20 13:20:25 -05:00
Nick Mathewson
68c21860e3 Add another assertion to check for 24086 root causes
In cdm_diff_ht_set_status(), we shouldn't have been allowing the
status CDM_DIFF_PRESENT to be set if there wasn't actually a handle.
2017-11-20 11:06:31 -05:00
Nick Mathewson
3bb29dd707 Correctly handle partial success in consensus diff calculation.
Previously, if store_multiple() reported a partial success, we would
store all the handles it gave us as if they had succeeded.  But it's
possible for the diff to be only partially successful -- for
example, if LZMA failed but the other compressors succeeded.

Fixes bug 24086; bugfix on 0.3.1.1-alpha.
2017-11-20 11:04:37 -05:00
David Goulet
5d180309ea hs: Rename rend_service_add_ephemeral_status_t
Move it to hs_common.h and rename it "hs_service_add_ephemeral_status_t". It
will be shared between v2 and v3 services.

Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
49f21b6ba3 control: Support HSv3 interface for ADD_ONION
At this commit, the key handling and generation is supported for a v3 service
(ED25519-V3). However, the service creation is not yet implemented. This only
adds the interface and code to deal with the new ED25519-V3 key type.

Tests have been updated for RSA key type but nothing yet for ED25519-v3.

Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
660de600a0 control: Implement GETINFO hs/service/desc/id/<ADDR> for HSv3
Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
0a3b295448 hs-v3: Add a lookup service current descriptor function
This will be used by the control port command "GETINFO
hs/service/desc/id/<ADDR>" which returns the encoded current descriptor for
the given onion address.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
e1d8e611c8 control: Implement GETINFO hs/client/desc/id/<ADDR> for HSv3
Part of #20699

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
David Goulet
05766eae30 hs-v3: Add an encoded descriptor client cache lookup function
This commit adds hs_cache_lookup_encoded_as_client() function that returns the
encoded descriptor for a given service public key. This will be needed by the
"GETINFO hs/client/desc/id/<ADDR>" control port command.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 11:02:30 -05:00
Nick Mathewson
c8ee12b2e8 Recover better from empty/invalid storagedir files
If we can't read a file because of an FS issue, we say "we can't
read that" and move on.  But if we can't read it because it's empty,
because it has no labels, or because its labels are misformatted, we
should remove it.

Fixes bug 24099; bugfix on 0.3.1.1-alpha.
2017-11-20 10:14:41 -05:00
Nick Mathewson
cabcb752d7 In storagedir, take more care with errno on empty or mislabeled file
Required for 24099 fix -- we won't be able to act based on errno
unless we can trust it.
2017-11-20 10:10:13 -05:00
Nick Mathewson
04812e59df Merge branch 'maint-0.3.2' 2017-11-20 08:39:39 -05:00
Nick Mathewson
e0f7a2dbd4 Merge branch 'bug23681_029_01_squashed' into maint-0.3.2 2017-11-20 08:39:34 -05:00
David Goulet
981bb60575 circuit: Don't timeout opened C_INTRODUCING circuit
A circuit with purpose C_INTRODUCING means that its state is opened but the
INTRODUCE1 cell hasn't been sent yet. We shouldn't consider that circuit when
looking for timing out "building circuit". We have to wait on the rendezvous
circuit to be opened before sending that cell so the intro circuit needs to be
kept alive for at least that period of time.

This patch makes that the purpose C_INTRODUCING is ignored in the
circuit_expire_building() which means that we let the circuit idle timeout
take care of it if we end up never using it.

Fixes #23681

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-20 08:33:44 -05:00
Nick Mathewson
7358559524 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-18 11:02:42 -05:00
Nick Mathewson
2d849716df Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-18 11:02:08 -05:00
Nick Mathewson
53c3174ee4 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-18 11:01:43 -05:00
Nick Mathewson
d388f9d879 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-18 11:01:33 -05:00
Nick Mathewson
43e0472fcf Move an assertion to make scan-build happy again. 2017-11-18 10:51:23 -05:00
Nick Mathewson
7813b0e0ed Merge branch 'maint-0.3.2' 2017-11-18 10:27:29 -05:00
Nick Mathewson
d45bf0c65c Add an extra check in test_entrynodes
This check makes it so we can reach "done" without setting "conn",
and so the "if (conn)" check will not be redundant, and so coverity
won't complain.  Fixes CID 1422205.  Not actually a bug.
2017-11-18 10:26:45 -05:00
Nick Mathewson
b9bce4288e Merge branch 'maint-0.3.2' 2017-11-18 10:23:52 -05:00
Nick Mathewson
a5b8b55c1c Fix memory leak in unit test for bridge distribution config.
Also, check for the actual message, and fix some string confusion,
while we're at it.

Fixes bug 24345; bugfix on 0.3.2.3-alpha.
2017-11-18 10:22:14 -05:00
Nick Mathewson
2f086888b1 Make all the crypto free() functions macros that clear their targets 2017-11-17 12:01:30 -05:00
Nick Mathewson
94db8f32e4 Make all the free() functions from container.h clear their targets 2017-11-17 12:01:19 -05:00
Nick Mathewson
c1bdb80aba Add a macro to call a free_ function and clear a variable 2017-11-17 11:45:47 -05:00
Nick Mathewson
fcdec00685 Merge branch 'maint-0.3.2' 2017-11-17 09:59:26 -05:00
Nick Mathewson
3a5ca47d8f Fix a clang unitialized-var warning 2017-11-17 09:57:52 -05:00
George Kadianakis
7e52947d57 Intoduce unittest for skipping outdated dirservers. 2017-11-17 09:57:46 -05:00
Nick Mathewson
9fbc835f10 Fix a wide comment 2017-11-17 09:57:15 -05:00
Nick Mathewson
2cee26b164 Merge branch 'bug23817_031' into maint-0.3.2 2017-11-17 09:56:53 -05:00
Nick Mathewson
96b69942a5 Make should_set_md_dirserver_restriction() look at num filtered guards
This seems closer to what the code intended.
2017-11-17 09:52:41 -05:00
George Kadianakis
c400ffc2e8 Skip dirserver restrictions in small networks. 2017-11-17 09:52:41 -05:00
George Kadianakis
f61e3090fb Introduce new guard restriction and use it to skip outdated dirs. 2017-11-17 09:52:40 -05:00
George Kadianakis
7fc64f02a3 Introduce cache for outdated microdesc dirservers.
We gonna use this cache to avoid dirservers without outdated md info.
2017-11-17 09:52:40 -05:00
Nick Mathewson
94dce246ee Merge branch 'maint-0.3.2' 2017-11-17 09:26:11 -05:00
Matt Traudt
b98614f1af Only log about lost KIST support once 2017-11-17 09:25:47 -05:00
Nick Mathewson
cfacd44240 Merge branch 'maint-0.3.2' 2017-11-17 09:23:07 -05:00
Nick Mathewson
85778dc92d Merge remote-tracking branch 'dgoulet/bug23861_032_01' into maint-0.3.2 2017-11-17 09:23:04 -05:00
Neel Chauhan
eb793c31cf Add error message for exit_node in hs_circ_send_introduce1() 2017-11-17 08:42:07 -05:00
Neel Chauhan
b8addf9746 Use memset() on intro1_data in hs_circ_send_introduce1() 2017-11-17 08:42:07 -05:00
Neel Chauhan
27d34f36e0 Add smartlist_add() to get_lspecs_from_node) 2017-11-17 08:42:07 -05:00
Nick Mathewson
368dc1003e Merge branch 'maint-0.3.2' 2017-11-17 08:35:56 -05:00
Nick Mathewson
3a364309ac Merge branch 'bug24167_025' into maint-0.3.2 2017-11-17 08:35:52 -05:00
Nick Mathewson
4ef70ff389 Merge branch 'maint-0.3.2' 2017-11-17 08:35:04 -05:00
Nick Mathewson
0571015819 Merge branch 'ticket24097_032' into maint-0.3.2 2017-11-17 08:35:01 -05:00
Nick Mathewson
4b56df9874 Merge branch 'maint-0.3.2' 2017-11-17 08:34:23 -05:00
Nick Mathewson
2d3904aba6 Check the libc version to decide whether to allow openat. 2017-11-16 14:06:38 -05:00
Nick Mathewson
d2d6a1b082 Make our seccomp2 sandbox handle Glibc 2.26
There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
2017-11-16 13:56:22 -05:00
Nick Mathewson
7461cd3067 Permit kill(pid, 0) in the seccomp2 sandbox.
We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
2017-11-16 12:44:47 -05:00
Nick Mathewson
95238eb917 Fix a traceback when closing a blocked connection "immediately".
When we close a connection via connection_close_immediately, we kill
its events immediately. But if it had been blocked on bandwidth
read/write, we could try to re-add its (nonexistent) events later
from connection_bucket_refill -- if we got to that callback before
we swept the marked connections.

Fixes bug 24167.  Fortunately, this hasn't been a crash bug since we
introduced connection_check_event in 0.2.9.10, and backported it.

This is a bugfix on commit 89d422914a, I believe, which
appeared in Tor 0.1.0.1-rc.
2017-11-16 12:05:56 -05:00
David Goulet
380a95116a relay: Avoid extra LOG_NOTICE for every new descriptor batch
Commit 56c5e282a7 suppressed that same log
statement in directory_info_has_arrived() for microdescriptors so do the same
for the descriptors. As the commit says, we already have the bootstrap
progress for this.

Fixes #23861

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-16 10:57:05 -05:00
Nick Mathewson
2a98fcb848 Downgrade evdns warnings about weird replies.
evdns is allowed to give us unrecognized object types; it is allowed
to give us non-IPv4 answer types, and it is (even) allowed to give
us empty answers without an error.

Closes ticket 24097.
2017-11-16 09:30:19 -05:00
Nick Mathewson
93dbce4ddd Log a better message if a router we're re-adding is expired.
Addresses ticket 20020.
2017-11-16 08:35:06 -05:00
Nick Mathewson
ef55a7a69a Tweak the message when we re-enable CBT.
Implements ticket 20963.
2017-11-15 14:42:59 -05:00
Nick Mathewson
ceeacc734d Merge branch 'maint-0.3.2' 2017-11-15 14:25:25 -05:00
Nick Mathewson
ae8683621a Merge remote-tracking branch 'asn/bug23662_032' into maint-0.3.2 2017-11-15 14:25:20 -05:00
Nick Mathewson
6aeabd454e Reindent the body of get_data_directory()
I don't know why it wasn't indented properly, but we may as well fix
it now.
2017-11-14 15:56:25 -05:00
Nick Mathewson
192be00691 Make the DataDirectory option immutable.
By convention, the torrc options that the user sets are
unchangeable.  If we need to change them, we should be using a copy
that's stored in another field

To avoid trouble, I'm keeping DataDirectory as the name for the
field that the rest of Tor uses, and using DataDirectory_option for
the confparse-controlled field.

This commit also modernizes some older string handling code in the
DataDirectory normalization function.
2017-11-14 15:54:36 -05:00
Nick Mathewson
bf8a7201ce Remove remove_file_if_very_old() -- nothing calls it. 2017-11-14 15:33:58 -05:00
Nick Mathewson
702a13c9d3 Merge branch 'maint-0.3.2' 2017-11-14 14:45:11 -05:00
Nick Mathewson
6dc784bdb3 Merge remote-tracking branch 'dgoulet/bug24230_032_01' into maint-0.3.2 2017-11-14 14:45:07 -05:00
George Kadianakis
c4a56ed5c2 Silence a warning about failed descriptor uploads.
Due to #23662 this can happen under natural causes and does not disturb
the functionality of the service. This is a simple 0.3.2 fix for now,
and we plan to fix this properly in 0.3.3.
2017-11-14 17:16:33 +02:00
Nick Mathewson
9f2efd02a1 Minimal implementation of bridge-distribution-request
Just advertise the line when we're a bridge, using "any" if we're
published or "none" if we aren't.

This is done in lieu of a full backport of #18329.
2017-11-13 20:44:51 -05:00
Nick Mathewson
1d5e693b63 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 20:36:04 -05:00
Nick Mathewson
50fbede459 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 20:36:04 -05:00
Nick Mathewson
1b9bb2c847 Merge branch 'bug22895_027' into maint-0.2.9 2017-11-13 20:35:59 -05:00
Nick Mathewson
fea5c8a015 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 12:57:58 -05:00
Nick Mathewson
543fd89fb7 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-13 12:57:58 -05:00
Nick Mathewson
800797e7f3 Merge branch 'bug23291_028' into maint-0.2.8 2017-11-13 12:57:55 -05:00
Nick Mathewson
0c6d05cdd4 Merge branch 'maint-0.3.2' 2017-11-13 12:27:44 -05:00
Nick Mathewson
d0b75b5ade Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-13 12:27:36 -05:00
David Goulet
7df28ce299 hs-v3: Fix consensus param "hsdir-interval" name
The dir-spec.txt specifies it to be "hsdir_interval" (underscore).

Fixes #24262

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-13 11:48:56 -05:00
Nick Mathewson
0b4e59b7c6 Merge remote-tracking branch 'sebastian/bug24137' 2017-11-13 11:32:35 -05:00
Nick Mathewson
3300a6e93a Merge remote-tracking branch 'arma/ticket23637' into maint-0.3.2 2017-11-13 11:20:20 -05:00
Nick Mathewson
16bdb9e365 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:18:02 -05:00
Nick Mathewson
91188540af Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 11:18:02 -05:00
Nick Mathewson
ab415ae950 Merge remote-tracking branch 'teor/bug23470-029' into maint-0.2.9 2017-11-13 11:17:58 -05:00
Nick Mathewson
9092e9019a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:15:50 -05:00
Nick Mathewson
666653758d Merge branch 'bug8185_025' into maint-0.2.9 2017-11-13 11:15:47 -05:00
Nick Mathewson
0fc2b7f82e Merge branch 'bug8185_031' into maint-0.3.1 2017-11-13 11:15:40 -05:00
Nick Mathewson
ece63105d9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:13:22 -05:00
Nick Mathewson
c928fb988a Merge branch 'ticket21953_029' into maint-0.2.9 2017-11-13 11:13:18 -05:00
Nick Mathewson
fdefda95bc Add corresponding rust-c coupling comments to C 2017-11-13 10:03:46 -05:00
Nick Mathewson
edf3d6b7ee Merge remote-tracking branch 'chelseakomlo/24032-cargo-rust-sync' 2017-11-13 09:59:10 -05:00
Nick Mathewson
a5ef2b619d Make node_get_curve25519_onion_key() return a const ptr 2017-11-12 17:07:16 -05:00
Nick Mathewson
f92736517b Merge branch 'bug23577_squashed' 2017-11-12 17:05:39 -05:00
Neel Chauhan
fb718e9912 Make setup_introduce1_data() take a node_t instead of an extend_info_t
Clients add rendezvous point IPv6 addresses to introduce cell link specifiers,
when the node has a valid IPv6 address.

Also check the node's IPv4 address is valid before adding any link specifiers.

Implements #23577.
2017-11-12 17:05:25 -05:00
Neel Chauhan
0ee50a414c Introduce node_get_curve25519_onion_key() 2017-11-12 17:05:25 -05:00
Chelsea Holland Komlo
1c50331b9a annotate where C and Rust need to stay in sync 2017-11-11 23:19:34 -05:00
Nick Mathewson
11eaf208c0 Merge branch 'bug24247_032' 2017-11-11 14:46:33 -05:00