Commit Graph

10620 Commits

Author SHA1 Message Date
Roger Dingledine
fcac4b4467 Build circuits more readily when DisableNetwork goes to 0
When Tor starts with DisabledNetwork set, it would correctly
conclude that it shouldn't try making circuits, but it would
mistakenly cache this conclusion and continue believing it even
when DisableNetwork is set to 0. Fixes the bug introduced by the
fix for bug 11200; bugfix on 0.2.5.4-alpha.
2014-08-06 18:30:14 -04:00
Roger Dingledine
0c869af7f8 fix three typos in comments 2014-08-06 02:20:51 -04:00
Roger Dingledine
29a82b5a8b Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-28 02:47:15 -04:00
Roger Dingledine
68a2e4ca4b Warn and drop the circuit if we receive an inbound 'relay early' cell
Those used to be normal to receive on hidden service circuits due to bug
1038, but the buggy Tor versions are long gone from the network so we
can afford to resume watching for them. Resolves the rest of bug 1038;
bugfix on 0.2.1.19.
2014-07-28 02:44:05 -04:00
Arlo Breault
8f70d756fb Confusing log message when circuit can't be extended 2014-07-27 15:01:15 -04:00
Nick Mathewson
d5558f0072 circuit_build_failed: distinguish "first hop chan failed", "CREATE failed"
Roger spotted this on tor-dev in his comments on proposal 221.

(Actually, detect DESTROY vs everything else, since arma likes
network timeout indicating failure but not overload indicating failure.)
2014-07-25 11:59:00 -04:00
Nick Mathewson
e001610c99 Implement proposal 221: Stop sending CREATE_FAST
This makes FastFirstHopPK an AUTOBOOL; makes the default "auto"; and
makes the behavior of "auto" be "look at the consensus."
2014-07-25 11:59:00 -04:00
Roger Dingledine
a3d8ffe010 fix typo that crept in to 0.2.4.4-alpha 2014-07-24 17:07:39 -04:00
Roger Dingledine
a57c07b210 Raise guard threshold to top 25% or 2000 kilounits
Authorities now assign the Guard flag to the fastest 25% of the
network (it used to be the fastest 50%). Also raise the consensus
weight that guarantees the Guard flag from 250 to 2000. For the
current network, this results in about 1100 guards, down from 2500.
This step paves the way for moving the number of entry guards
down to 1 (proposal 236) while still providing reasonable expected
performance for most users.

Implements ticket 12690.
2014-07-24 16:24:17 -04:00
Roger Dingledine
a4c641cce9 Merge branch 'maint-0.2.4' into maint-0.2.5 2014-07-24 16:23:08 -04:00
Roger Dingledine
9fc276a1c7 add a NumDirectoryGuards consensus param too 2014-07-24 16:19:47 -04:00
Roger Dingledine
56ee61b8ae Add and use a new NumEntryGuards consensus parameter.
When specified, it overrides our default of 3 entry guards.

(By default, it overrides the number of directory guards too.)

Implements ticket 12688.
2014-07-24 16:19:47 -04:00
Nick Mathewson
486bd4fae7 Use safe_str in channel_dumpstats: improve 12184 diagnostic 2014-07-18 21:20:44 +02:00
Anthony G. Basile
d504a4e36f src/or/connection.c: expose bucket_millis_empty for bufferevents test
Currently tor fails to build its test when enabled with bufferevents
because an #ifndef USE_BUFFEREVENTS hides bucket_millis_empty() and
friends.  This is fine if we don't run tests, but if we do, we need
these functions in src/or/libtor-testing.a when linking src/test/test.

This patch moves the functions outside the #ifndef and exposes them.

See downstream bug:

	https://bugs.gentoo.org/show_bug.cgi?id=510124
2014-07-16 10:37:00 +02:00
Nick Mathewson
5d2045ee8b diagnostic for 12184: Add a call to channel_dump_statistics 2014-07-16 10:34:39 +02:00
Nick Mathewson
32495ee309 Add another 8387 diagnostic
When we run into bug 8387 (if we run into it again), report when we
last called circuit_expire_old_circuits_clientside().  This will let
us know -- if my fix for 8387 doesn't work -- whether my diagnosis
was at least correct.

Suggested by Andrea.
2014-07-16 10:05:00 +02:00
Nick Mathewson
856114ab1c Merge remote-tracking branch 'public/bug8387_024' into maint-0.2.5 2014-07-16 10:01:56 +02:00
Nick Mathewson
ed3d7892c7 Fix a bug where streams would linger forever when we had no dirinfo
fixes bug 8387; fix on 0.1.1.11-alpha (code), or on 0.2.4.10-alpha (behavior).
2014-07-09 16:15:05 -04:00
Nick Mathewson
35791f4238 Remove executable bit from control.c, router.c
Fix for 12512.
2014-07-09 08:54:08 -04:00
Nick Mathewson
dd362b52f3 whitespace fixes 2014-06-16 15:18:02 -04:00
Nick Mathewson
a7cafb1ea9 Merge branch 'bug8746_v2_squashed'
Conflicts:
	src/common/include.am
2014-06-14 11:46:38 -04:00
Nick Mathewson
4ed03965a5 New waitpid-handler functions to run callbacks when a child exits.
Also, move 'procmon' into libor_event library, since it uses libevent.
2014-06-14 11:40:27 -04:00
Nick Mathewson
a58d94fb7c Merge branch 'bug12184_diagnostic_squashed' 2014-06-14 11:01:04 -04:00
Nick Mathewson
8f3e3279c1 Try to diagnose bug 12184
Check for consistency between the queued destroy cells and the marked
circuit IDs.  Check for consistency in the count of queued destroy
cells in several ways.  Check to see whether any of the marked circuit
IDs have somehow been marked longer than the channel has existed.
2014-06-14 11:00:44 -04:00
Nick Mathewson
cfca2a6037 Merge branch 'bug12191_squashed' 2014-06-13 08:40:59 -04:00
Nick Mathewson
f9f450d688 Also raise the check for 0 circuit ID in created cell.
And add a comment about why conditions that would cause us to drop a
cell should get checked before actions that would cause us to send a
destroy cell.

Spotted by 'cypherpunks'.

And note that these issues have been present since 0.0.8pre1 (commit
0da256ef), where we added a "shutting down" state, and started
responding to all create cells with DESTROY when shutting down.
2014-06-13 08:39:39 -04:00
Nick Mathewson
bbb1ffe535 sandbox: Permit stat() of DataDir/stats
This is a fix for another case of 12064 that alphawolf just spotted.

There's already an 0.2.5.5 changelog entry for this.
2014-06-13 08:36:43 -04:00
Nick Mathewson
02dafc270c whitespaces fixes 2014-06-11 12:00:14 -04:00
Nick Mathewson
3a2e25969f Merge remote-tracking branch 'public/ticket6799_024_v2_squashed'
Conflicts:
	src/or/channel.c
	src/or/circuitlist.c
	src/or/connection.c

Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
2014-06-11 11:57:56 -04:00
Nick Mathewson
6557e61295 Replace last_added_nonpadding with last_had_circuits
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits.  But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.

This is part of fixing 6799.

When applied to 0.2.5, it is also a fix for 12023.
2014-06-11 11:27:04 -04:00
Nick Mathewson
463f6628d3 Give each or_connection_t a slightly randomized idle_timeout
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.

Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.

Fix for ticket 6799.
2014-06-11 11:27:04 -04:00
Nick Mathewson
6f20dd7bfc Merge remote-tracking branch 'public/bug11970' 2014-06-11 11:01:52 -04:00
Nick Mathewson
e8dd34f165 Merge remote-tracking branch 'public/not_bug8093' 2014-06-11 09:24:16 -04:00
Nick Mathewson
af53e4bd1c Move circuit-id-in-use check for CREATE cells to before all other checks
This means that we never send a DESTROY cell in response to an attempt
to CREATE an existing circuit.  Fixes bug 12191.
2014-06-10 22:41:13 -04:00
Nick Mathewson
562299d57b Improved diagnostic log for bug 8387.
When we find a stranded one-hop circuit, log whether it is dirty,
log information about any streams on it, and log information about
connections they might be linked to.
2014-06-10 12:04:06 -04:00
Nick Mathewson
95d47a7481 Merge remote-tracking branch 'public/bug12169_relay_check' 2014-06-04 15:30:43 -04:00
Nick Mathewson
0073c5b517 Merge remote-tracking branch 'andrea/bug10616' 2014-06-04 15:12:45 -04:00
Nick Mathewson
b16321425f Bulletproof our 11246 fix a little, based on recommendation from andrea. 2014-06-04 12:27:42 -04:00
Nick Mathewson
e74c360156 Merge remote-tracking branch 'public/bug12195' 2014-06-04 12:16:03 -04:00
Nick Mathewson
84ed086d48 Fix ancient code that only checked circ_id, not circ_id and chan
This code mis-handled the case where a circuit got the same circuit
ID in both directions.  I found three instances of it in the
codebase, by grepping for [pn]_circ_id.

Because of the issue in command_process_relay_cell(), this would
have made roughly one circuit in a million completely nonfunctional.

Fixes bug 12195.
2014-06-03 18:19:08 -04:00
Andrea Shepard
2de0281879 Squelch spurious LD_BUG message in connection_ap_handshake_socks_reply() 2014-06-03 14:37:49 -07:00
Nick Mathewson
dd0745d066 Don't try to fetch bridge descriptors when DisableNetwork is set
Patch from Roger; changes file by me.

Fixes 10405; bugfix on 0.2.3.9-alpha, where DisableNetwork was
introduced.
2014-06-02 02:17:28 -04:00
Nick Mathewson
723894f114 Merge remote-tracking branch 'public/bug12170_024_v2' 2014-06-02 00:47:51 -04:00
Nick Mathewson
ad8977e394 Avoid needless router_dir_info_has_changed from router_set_status
On some profiles of Andrea's from #11332, I found that a great deal
of time can still be attributed to functions called from
update_router_have_minimum_dir_info().  This is making our
digestmap, tor_memeq, and siphash functions take a much bigger
portion of runtime than they really should.

If we're calling update_router_have_minimum_dir_info() too often,
that's because we're calling router_dir_info_changed() too often.
And it looks like most of the callers of router_dir_info_changed()
are coming as tail-calls from router_set_status() as invoked by
channel_do_open_actions().

But we don't need to call router_dir_info_changed() so much!  (I'm
not quite sure we need to call it from here at all, but...) Surely
we don't need to call it from router_set_status when the router's
status has not actually changed.

This patch makes us call router_dir_info_changed() from
router_set_status only when we are changing the router's status.

Fix for bug 12170.  This is leftover from our fix back in 273ee3e81
in 0.1.2.1-alpha, where we started caching the value of
update_router_have_minimum_dir_info().
2014-06-02 00:45:15 -04:00
Nick Mathewson
d9564d5285 Use uint32 !=, not tor_memneq, for relay cell integrity checking
tor_memeq has started to show up on profiles, and this is one of the
most frequent callers of that function, appearing as it does on every
cell handled for entry or exit.

59f9097d5c introduced tor_memneq here;
it went into Tor 0.2.1.31.  Fixes part of 12169.
2014-06-01 14:05:10 -04:00
Nick Mathewson
14842de9a7 sandbox: Allow DirPortFrontPage unconditionally if it's set
fixes 12114; bug not in any release.

Improves fix for 12028
2014-05-27 19:21:11 -04:00
Nick Mathewson
824bebd409 sandbox: Correct fix for hs part of 12064
Bugfix on cfd0ee514c279bc6c7b; bug not in any released version of tor
2014-05-23 11:46:44 -04:00
Nick Mathewson
5de91d118d Merge branch 'bug11965_v2' 2014-05-23 11:23:00 -04:00
Nick Mathewson
802c063148 Postpone fetches based on should_delay_dir_fetch(), not DisableNetwork
Without this fix, when running with bridges, we would try fetching
directory info far too early, and have up to a 60 second delay if we
started with bridge descriptors available.

Fixes bug 11965. Fix on 0.2.3.6-alpha, arma thinks.
2014-05-23 11:22:35 -04:00
Nick Mathewson
cfd0ee514c sandbox: allow reading of hidden service configuration files.
fixes part of 12064
2014-05-22 20:39:10 -04:00
Nick Mathewson
85f49abfbe sandbox: refactor string-based option-unchanged tests to use a macro
There was too much code duplication in doing it the old way, and I
nearly made a copy-and-paste error in the last commit.
2014-05-22 20:00:22 -04:00
Nick Mathewson
ffc1fde01f sandbox: allow access to cookie files, approved-routers
fixes part of 12064
2014-05-22 19:56:56 -04:00
Michael Wolf
387f294d40 sandbox: allow access to various stats/*-stats files
Fix for 12064 part 1
2014-05-22 19:48:24 -04:00
Nick Mathewson
e425fc7804 sandbox: revamp sandbox_getaddrinfo cacheing
The old cache had problems:
     * It needed to be manually preloaded. (It didn't remember any
       address you didn't tell it to remember)
     * It was AF_INET only.
     * It looked at its cache even if the sandbox wasn't turned on.
     * It couldn't remember errors.
     * It had some memory management problems. (You can't use memcpy
       to copy an addrinfo safely; it has pointers in.)

This patch fixes those issues, and moves to a hash table.

Fixes bug 11970; bugfix on 0.2.5.1-alpha.
2014-05-22 17:39:36 -04:00
Nick Mathewson
1a73e17801 Merge remote-tracking branch 'andrea/bug11476' 2014-05-22 16:27:29 -04:00
Andrea Shepard
170e0df741 Eliminate #ifdef ENABLE_MEMPOOLS in packed_cell_new/free() 2014-05-21 10:53:25 -07:00
Nick Mathewson
2609b939d6 fix a wide line 2014-05-20 15:22:27 -04:00
Nick Mathewson
c21377e7bc sandbox: support logfile rotation
Fixes bug 12032; bugfix on 0.2.5.1-alpha
2014-05-20 15:21:48 -04:00
Nick Mathewson
268a117cdf sandbox: tolerate reloading with DirPortFrontPage set
Also, don't tolerate changing DirPortFrontPage.

Fixes bug 12028; bugfix on 0.2.5.1-alpha.
2014-05-20 14:58:28 -04:00
Nick Mathewson
465982012c sandbox: Disallow options which would make us call exec()
None of the things we might exec() can possibly run under the
sanbox, so rather than crash later, we have to refuse to accept the
configuration nice and early.

The longer-term solution is to have an exec() helper, but wow is
that risky.

fixes 12043; bugfix on 0.2.5.1-alpha
2014-05-20 12:21:31 -04:00
Nick Mathewson
f87071f49e sandbox: Permit access to stats/dirreq-stats
This prevents a crash when rotating logs with dirreq-stats enabled

fixes 12035; bugfix on 0.2.5.1-alpha.
2014-05-20 12:06:08 -04:00
Nick Mathewson
0b2b5b7606 Oops; permit rename with the correct filename 2014-05-20 12:03:27 -04:00
Nick Mathewson
ace9063fb4 Fix a sentence that I never 2014-05-20 11:58:18 -04:00
Nick Mathewson
f6d3006363 Sandbox: allow access to stats/bridge-stats
Fix for 12041; bugfix on 0.2.5.1-alpha.
2014-05-20 11:57:29 -04:00
Roger Dingledine
767b18ea8e note a comment that nickm didn't finish 2014-05-17 00:02:41 -04:00
Nick Mathewson
2d21a8f4d6 Merge remote-tracking branch 'public/bug11469_024' 2014-05-15 13:35:08 -04:00
Nick Mathewson
1badef5cec Use DirPort for uploading descriptors.
When we converted the horrible set of options that previously
controlled "use ORPort or DirPort? Anonymously or Non-anonymouly?" to
a single 'indirection' argument, we missed
directory_post_to_dirservers.

The problematic code was introduced in 5cbeb6080, which went into
0.2.4.3-alpha.  This is a fix for bug 11469.
2014-05-14 21:49:57 -04:00
Nick Mathewson
9b4ac986cb Use tor_getpw{nam,uid} wrappers to fix bug 11946
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd).  The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.

To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.

(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox.  It's not desirable either.)
2014-05-14 13:53:14 -04:00
Nick Mathewson
e12af2adb0 Add a pair of wrapper functions: tor_getpwnam() and tor_getpwuid()
We'll use these to deal with being unable to access the user DB
after we install the sandbox, to fix bug 11946.
2014-05-14 13:50:43 -04:00
Andrea Shepard
39d4e67be8 Add --disable-mempools configure option 2014-05-12 18:23:34 -07:00
dana koch
d6e6c63baf Quench clang's complaints with -Wshorten-64-to-32 when time_t is not long.
On OpenBSD 5.4, time_t is a 32-bit integer. These instances contain
implicit treatment of long and time_t as comparable types, so explicitly
cast to time_t.
2014-05-11 23:36:00 -04:00
Nick Mathewson
4eb3018f94 Move structures into (private) part of buffers.h so we can inspect them while testing 2014-05-08 12:40:40 -04:00
Nick Mathewson
5b861ae53f Merge remote-tracking branch 'public/bug11648' 2014-05-08 12:01:23 -04:00
Nick Mathewson
411c622906 Merge commit 'bb9b4c37f8e7f5cf78918f382e90d8b11ff42551' into maint-0.2.4 2014-05-07 23:11:32 -04:00
Nick Mathewson
683b80bf81 Merge remote-tracking branch 'public/bug11737_diagnostic' 2014-05-07 22:52:44 -04:00
Nick Mathewson
0de2625675 Merge remote-tracking branch 'public/bug8387_diagnostic' 2014-05-07 22:15:24 -04:00
Nick Mathewson
48b9c6fcc6 Better log message for 8387 diagnostic 2014-05-07 22:13:29 -04:00
Nick Mathewson
6d39c8d156 Always finalize a zlib stream of server descriptors.
Possible fix for bug 11648.
2014-05-07 10:23:08 -04:00
Nick Mathewson
499e77663e Basic tests for get_unique_circ_id_by_chan. 2014-05-07 02:57:50 -04:00
Nick Mathewson
4a740451ac Merge remote-tracking branch 'public/bug11750' 2014-05-06 20:44:41 -04:00
Nick Mathewson
5cea500ce7 Merge branch 'bug11743_option_b' 2014-05-06 20:40:40 -04:00
Nick Mathewson
2fa601c797 Future-proof "id" lines against proposal 220. 2014-05-06 17:10:59 -04:00
Nick Mathewson
f077bb55ab fix a copy-paste comment mistake 2014-05-06 17:09:16 -04:00
Nick Mathewson
c7549cb4cd Merge remote-tracking branch 'karsten/bug11742' 2014-05-06 13:54:37 -04:00
Nick Mathewson
a06044a485 Check HT_REP_IS_BAD_() when giving a bug-7164 warning.
This may let us know if we're hitting 7164 because of an
hte_hash-corruption situation proposed by "cypherpunks" in bug
11737.
2014-05-06 13:03:24 -04:00
Nick Mathewson
0ad607d604 Faster chan_circid_entry_hash implementation
Since this is critical-path, let's tune the value we pass to
csiphash a little so it fits into one whole round.
2014-05-06 12:27:18 -04:00
Nick Mathewson
78301d99fe Fix compilation with DEBUG_DNS_CACHE
Reported by cypherpunks.

Fix for #11761; bugfix on 0.2.3.13-alpha where we made ht.h stop using
_identifiers.
2014-05-06 10:18:34 -04:00
Nick Mathewson
8127f4db30 Use siphash on channel/circuit-id map too
Fixes ticket 11750.
2014-05-05 12:13:58 -04:00
Nick Mathewson
4a621a50f5 Consensus method 18: Add a base64 ID digest to the microdesc
This is a stopgap measure to make sure that microdescriptors never
collide; see bug 11743.
2014-05-05 11:31:24 -04:00
Nick Mathewson
5d496963b4 Don't start sandbox except for CMD_RUN_TOR
This was crashing on --verify-config in the debian startup script, if you
had sandboxing enabled.  Fixes 11609; fix on 0.2.5.1-alpha.
2014-05-05 10:29:35 -04:00
Karsten Loesing
1289474dbd Remove /tor/dbg-stability.txt URL.
The /tor/dbg-stability.txt URL was meant to help debug WFU and MTBF
calculations, but nobody was using it.

Fixes #11742.
2014-05-05 11:21:35 +02:00
Nick Mathewson
df03e9b737 have only one code path for #9635 logging 2014-05-01 12:40:33 -04:00
Nick Mathewson
7ad0cd209c Merge remote-tracking branch 'public/bug9635' 2014-05-01 12:39:39 -04:00
Nick Mathewson
a2b59dba71 Merge branch 'bug11654_squashed' 2014-05-01 12:34:59 -04:00
George Kadianakis
a787575b7f Fix a misuse of strlcpy() introduced by the #11156 patch. 2014-05-01 12:34:50 -04:00
Nick Mathewson
0e20825bf2 whitespace fix 2014-05-01 12:31:38 -04:00
Nick Mathewson
b51ce90777 Merge remote-tracking branch 'public/valgrind_tests' 2014-05-01 12:29:31 -04:00
Nick Mathewson
b6c8a14bf3 Merge remote-tracking branch 'public/bug4345a_024' 2014-05-01 12:13:07 -04:00
Nick Mathewson
1bbd3811c1 Merge remote-tracking branch 'public/bug10849_025'
Conflicts:
	src/or/config.c
2014-05-01 11:51:22 -04:00
Nick Mathewson
14bc6e8993 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4
Conflicts:
	src/or/microdesc.c
2014-05-01 11:44:25 -04:00
Nick Mathewson
6a4f5d9b4d Downgrade bug 7164 warning to INFO
The 0.2.5.x warning is the one that might help us track this down; the
warnings in stable are just annoying users over and over and over.
2014-05-01 11:42:02 -04:00
Nick Mathewson
630b4af260 Merge remote-tracking branch 'andrea/bug11476' 2014-05-01 11:30:55 -04:00
Nick Mathewson
9511522bd4 Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-30 20:26:55 -04:00
Nick Mathewson
efab3484e6 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-30 20:25:15 -04:00
Nick Mathewson
8828794dc2 Merge remote-tracking branch 'public/bug10849_023_bruteforce' into maint-0.2.3 2014-04-30 20:23:22 -04:00
Nick Mathewson
35699ef9f5 Drop the MaxMemInCellQueues lower limit down to 256 MB.
on #9686, gmorehose reports that the 500 MB lower limit is too high
for raspberry pi users.

This is a backport of 647248729f to 0.2.4.

Note that in 0.2.4, the option is called MaxMemInCellQueues.
2014-04-29 20:48:22 -04:00
Nick Mathewson
b0e078d5af Log info on ancient one-hop circuits in heartbeat
This is an attempt to diagnose 8387.
2014-04-29 14:02:12 -04:00
dana koch
88679aa53f Quench gcc's complaints about discarding constness in TO_ORIGIN_CIRCUIT.
This was previously satisfied by using a temporary variable, but there
are three other instances in circuitlist.c that gcc is now bothered by,
so now introduce a CONST_TO_ORIGIN_CIRCUIT that takes a const
circuit_t instead.
2014-04-29 13:18:12 -04:00
Nick Mathewson
0514bcd37c Merge remote-tracking branch 'origin/maint-0.2.4' 2014-04-29 13:03:27 -04:00
Nick Mathewson
1d3ffc0ec9 Merge remote-tracking branch 'origin/maint-0.2.3' into maint-0.2.4 2014-04-29 13:02:18 -04:00
Nick Mathewson
65575b0755 Stop leaking memory in error cases of md parsing
When clearing a list of tokens, it's important to do token_clear()
on them first, or else any keys they contain will leak.  This didn't
leak memory on any of the successful microdescriptor parsing paths,
but it does leak on some failing paths when the failure happens
during tokenization.

Fixes bug 11618; bugfix on 0.2.2.6-alpha.
2014-04-29 13:00:00 -04:00
Nick Mathewson
212e982d9b Fix leaks in dir voting tests 2014-04-29 12:48:02 -04:00
Andrea Shepard
91ff10f6be Make --disable-buf-freelists build and pass unit tests 2014-04-29 02:18:34 -07:00
Nick Mathewson
1b7e297985 Fix capitalization of MaxMemInQueues
This won't affect anybody's configuration, but it makes it match what
we documented. Fixes part of 11634.
2014-04-28 12:25:52 -04:00
Nick Mathewson
4b519de5f9 Actually put ExtORPortCookieAuthFile into config.c
Fixes bug 11635; bugfix on 0.2.5.1-alpha.
2014-04-28 12:23:18 -04:00
Nick Mathewson
c7951731ed Fix memory leaks in test_circuit_timeout
Found with valgrind.
2014-04-26 00:10:04 -04:00
Nick Mathewson
f8248abbd6 Forbid TunneledDirConns 0 and PreferTunneledDirConns 0 if being a HS
Fixes bug 10849; bugfix on 0.2.1.1-alpha (I believe)
2014-04-25 14:24:41 -04:00
Nick Mathewson
d3c05a79f0 Merge branch 'scanbuild_fixes' 2014-04-25 01:24:39 -04:00
Nick Mathewson
95e617c828 whitespace fix 2014-04-24 12:34:23 -04:00
Nick Mathewson
5a9ac0df99 Merge remote-tracking branch 'public/bug11553_025' 2014-04-24 10:48:32 -04:00
Nick Mathewson
67aa3685e7 Merge branch 'bug11396_v2_squashed'
Conflicts:
	src/or/main.c
2014-04-24 10:31:38 -04:00
Nick Mathewson
e3af72647d Expose the real maxmeminqueues via a GETINFO
That is, GETINFO limits/max-mem-in-queues
2014-04-24 10:26:14 -04:00
Nick Mathewson
17ecd04fde Change the logic for the default for MaxMemInQueues
If we can't detect the physical memory, the new default is 8 GB on
64-bit architectures, and 1 GB on 32-bit architectures.

If we *can* detect the physical memory, the new default is
  CLAMP(256 MB, phys_mem * 0.75, MAX_DFLT)
where MAX_DFLT is 8 GB on 64-bit architectures and 2 GB on 32-bit
architectures.

You can still override the default by hand.  The logic here is simply
trying to choose a lower default value on systems with less than 12 GB
of physical RAM.
2014-04-24 10:26:14 -04:00
Nick Mathewson
aca05fc5c0 get_total_system_memory(): see how much RAM we have 2014-04-24 10:26:14 -04:00
Nick Mathewson
17ad309d33 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
Conflicts:
	src/or/circuitbuild.c
2014-04-23 12:44:18 -04:00
Nick Mathewson
a770b74501 Improvements to #11553 fix based on review
Use a per-channel ratelim_t to control the rate at which we report
failures for each channel.

Explain why I picked N=32.

Never return a zero circID.

Thanks to Andrea and to cypherpunks.
2014-04-23 12:39:01 -04:00
Nick Mathewson
7a8cac14d5 Merge remote-tracking branch 'public/bug10268' 2014-04-23 11:11:08 -04:00
Nick Mathewson
66833311eb Merge remote-tracking branch 'public/bug11200' 2014-04-23 11:07:52 -04:00
Nick Mathewson
830492fbda Merge branch 'bug11156_issue2_squashed' 2014-04-23 11:05:54 -04:00
George Kadianakis
29c28d312c Slightly improve the documentation of src/or/transports.c
Make it clear that a SIGHUP is not the only action that can cause a
config re-read.
2014-04-23 11:05:45 -04:00
George Kadianakis
fa0c5da68b Rename the got_hup element of managed proxies.
Since we need to toggle that element in non-SIGHUP situations too where
the config was re-read (like in SETCONF or RESETCONF).
2014-04-23 11:05:45 -04:00
George Kadianakis
bf7cb6acf6 Don't halt bootstrap to figure out if we should restart PT proxies.
Instead, figure out if we should restart PT proxies _immediately_ after
we re-read the config file.
2014-04-23 11:05:45 -04:00
Nick Mathewson
9e44df2c98 Merge remote-tracking branch 'public/bug9229_024' into maint-0.2.4 2014-04-23 11:01:39 -04:00
Nick Mathewson
7b4b137dc9 Merge remote-tracking branch 'public/bug9229_025'
Conflicts:
	src/or/entrynodes.c
2014-04-23 11:00:49 -04:00
Nick Mathewson
78f555a248 scan-build: sizeof(ptr*) in a debugging log in ext_orport.c
Instead of taking the length of a buffer, we were taking the length of
a pointer, so that our debugging log would cover only the first
sizeof(void*) bytes of the client nonce.
2014-04-19 12:53:57 -04:00
Nick Mathewson
d4ad254917 scan-build: bulletproof last-chance errormsg generation in rendservice.c
If 'intro' is NULL in these functions, I'm pretty sure that the
error message must be set before we hit the end.  But scan-build
doesn't notice that, and is worried that we'll do a null-pointer
dereference in the last-chance errormsg generation.
2014-04-18 21:24:16 -04:00
Nick Mathewson
1b3bddd013 scan-build: Have clear_pending_onions walk the lists more obviously
As it stands, it relies on the fact that onion_queue_entry_remove
will magically remove each onionskin from the right list.  This
patch changes the logic to be more resilient to possible bugs in
onion_queue_entry_remove, and less confusing to static analysis tools.
2014-04-18 21:17:40 -04:00
Nick Mathewson
78bc814c04 scan-build: in cpuworker, initialize tv_start
scan-build doesn't realize that a request can't be timed at the end
unless it's timed at the start, and so it's not possible for us to
be subtracting start from end without start being set.
Nevertheless, let's not confuse it.
2014-04-18 21:12:45 -04:00
Nick Mathewson
895b6789e8 scan-build: get_proxy_addrport should always set its outputs
When get_proxy_addrport returned PROXY_NONE, it would leave
addr/port unset. This is inconsistent, and could (if we used the
function in a stupid way) lead to undefined behavior. Bugfix on
5b050a9b0, though I don't think it affects tor-as-it-is.
2014-04-18 20:41:40 -04:00
Nick Mathewson
7cd9520ba9 scan-build: when logging a path length, check build_state.
Throughout circuituse, when we log about a circuit, we log its
desired path length from build_state. scan-build is irrationally
concerned that build_state might be NULL.
2014-04-18 20:40:34 -04:00
Nick Mathewson
7106492571 scan-build: Be consistent with a needless check in circuitmux.c
In circuitmux_detach_all_circuits, we check whether an HT iterator
gives us NULL.  That should be impossible for an HT iterator.  But
our checking it has confused scan-build (justly) into thinking that
our later use of HT_NEXT_RMV might not be kosher.  I'm taking the
coward's route here and strengthening the check.  Bugfix on
fd31dd44. (Not a real bug though)
2014-04-18 20:35:59 -04:00
Nick Mathewson
0fd0f5f7a9 scan-build: Avoid crashing on BUG in circuit_get_by_rend_token_and_purpose
If we fail in circuit_get_by_rend_token_and_purpose because the
circuit has no rend_info, don't try to reference fiends from its
rend_info when logging an error.  Bugfix on 8b9a2cb68, which is
going into Tor 0.2.5.4-alpha.
2014-04-18 20:31:42 -04:00
Nick Mathewson
d1be2f5cf8 scan-build: circuit_cpath_support_ntor had a dead initialization
We were initializing cpath twice, which doesn't make sense.
2014-04-18 20:29:51 -04:00
Nick Mathewson
41a8930fa1 scan-build: check impossible null-pointer case in buffers.c
When maintaining buffer freelists, we don't skip more than there
are, so (*chp) can't be null to begin with.  scan-build has no way
to know that.
2014-04-18 20:28:46 -04:00
Nick Mathewson
0cca8dc35a Merge remote-tracking branch 'public/bug9963_v2_024' 2014-04-18 15:25:36 -04:00
Nick Mathewson
fd9961d220 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025 2014-04-18 13:23:44 -04:00
Nick Mathewson
985deaaaf7 Add a rate-limiter for the other circuitID exhaustion warning 2014-04-18 13:22:42 -04:00
Nick Mathewson
47a0c10728 Diagnostic warning to see if it's pending destroys causing 11553 2014-04-18 13:04:37 -04:00
Nick Mathewson
bd169aa9a5 Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
Conflicts:
	src/or/channel.h
2014-04-18 13:00:45 -04:00
Nick Mathewson
0d75344b0e Switch to random allocation on circuitIDs.
Fixes a possible root cause of 11553 by only making 64 attempts at
most to pick a circuitID.  Previously, we would test every possible
circuit ID until we found one or ran out.

This algorithm succeeds probabilistically. As the comment says:

  This potentially causes us to give up early if our circuit ID
  space is nearly full.  If we have N circuit IDs in use, then we
  will reject a new circuit with probability (N / max_range) ^
  MAX_CIRCID_ATTEMPTS.  This means that in practice, a few percent
  of our circuit ID capacity will go unused.

  The alternative here, though, is to do a linear search over the
  whole circuit ID space every time we extend a circuit, which is
  not so great either.

This makes new vs old clients distinguishable, so we should try to
batch it with other patches that do that, like 11438.
2014-04-18 12:58:58 -04:00