Commit Graph

11054 Commits

Author SHA1 Message Date
Roger Dingledine
46434ecf5b Merge branch 'maint-0.2.3' 2012-07-01 17:37:59 -04:00
Roger Dingledine
d13389b30e Revert "Detect bug 6252 (unexpected sendme cell)"
This reverts commit c32ec9c425.

It turns out the two sides of the circuit don't actually stay in sync,
so it is perfectly normal for the circuit window on the exit relay to
grow to 2000+. We should fix that bug and then reconsider this patch.
2012-07-01 17:36:35 -04:00
Roger Dingledine
6061cd584c Merge branch 'maint-0.2.3' 2012-07-01 05:32:37 -04:00
Roger Dingledine
c32ec9c425 Detect bug 6252 (unexpected sendme cell)
I only check on circuits, not streams, since bloating your stream
window past the initial circuit window can't help you much.

Also, I compare to CIRCWINDOW_START_MAX so we don't have surprising
races if we lower CIRCWINDOW_START for an experiment.
2012-07-01 05:27:08 -04:00
Nick Mathewson
6abdcdf116 Fix crash bug from 4a8eaad7 (Bug 6255)
We were doing a tor_strclear() on client_keys_str when it might not
even be set.

Fix for bug 6255; bug not in any release of Tor.  Thanks to katmagic
for finding this one!
2012-06-29 00:32:27 -04:00
Nick Mathewson
da3edc4df0 Fix clang warning on d4285f03df. Not in any released tor. 2012-06-29 00:22:57 -04:00
Nick Mathewson
9c5a118272 bump version to 0.2.3.18-rc-dev 2012-06-28 16:01:55 -04:00
Nick Mathewson
19a81ef020 Merge commit '81cd3d7ad641a8dbf' 2012-06-28 15:52:57 -04:00
Nick Mathewson
e13e9c40c8 Never emit the "opt" prefix in any directory stuff
Fix for bug 5124.
2012-06-28 15:47:07 -04:00
Nick Mathewson
1e008e9876 Make check-spaces happy again 2012-06-28 15:40:08 -04:00
Brendan C
a6169800f8 Fix bug 3842: add a GETINFO signal/names
Also refactor SIGNAL so that it and signal/names use the same table.

(commit message by nickm)
2012-06-28 15:39:19 -04:00
Roger Dingledine
64f8e68e65 bump to 0.2.3.18-rc 2012-06-28 15:34:33 -04:00
Roger Dingledine
81cd3d7ad6 add a blurb for 0.2.3.18-rc, other minor cleanups 2012-06-28 15:32:36 -04:00
meejah
12298901fd add new GETINFO config/defaults
returns the default values for every configuration item, similar
to GETINFO config/names; include a changes entry for it.

Fix for bug 4971
2012-06-28 15:15:51 -04:00
Roger Dingledine
dd7a27d17e fix grammar in comment 2012-06-28 13:43:01 -04:00
Nick Mathewson
96746e39f6 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-28 10:57:23 -04:00
Nick Mathewson
217862b317 Merge remote-tracking branch 'public/bug6244_part2' into maint-0.2.3 2012-06-28 10:49:32 -04:00
Nick Mathewson
d4a64fdc02 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-28 10:48:06 -04:00
Andrea Shepard
bdc8270280 Downgrade 'Got a certificate, but we already have it' log message from warning to info, except when we're a dirauth (fixes bug 5238) 2012-06-28 10:42:43 -04:00
Nick Mathewson
d4285f03df Extend tor_sscanf so it can replace sscanf in rephist.c
Fixes bug 4195 and Coverity CID 448
2012-06-28 09:54:05 -04:00
Nick Mathewson
28c42fe029 Fix GETINFO address-mappings/... with wildcarded addresses. 2012-06-27 23:55:01 -04:00
Nick Mathewson
e12eba55b2 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-27 23:45:59 -04:00
Nick Mathewson
23f2e37ff7 Allow wildcarded mapaddress targets in controller MAPADDRESS command 2012-06-27 23:38:04 -04:00
Nick Mathewson
86197dfd4f Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-26 11:04:43 -04:00
Nick Mathewson
6330d2d9e6 Merge remote-tracking branch 'public/bug6227' into maint-0.2.3 2012-06-26 11:03:56 -04:00
Nick Mathewson
05dd0a9cd9 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-26 11:03:32 -04:00
Nick Mathewson
5fad3dc36b Fix a warning when using glibc's strcspn with clang.
With glibc 2.15 and clang 3.0, I get warnings from where we use the
strcpsn implementation in the header as strcspn(string, "=").  This
is apparently because clang sees that part of the strcspn macro
expands to "="[2], and doesn't realize that that part of the macro
is only evaluated when "="[1] != 0.
2012-06-26 11:02:44 -04:00
Nick Mathewson
9c8ec0aa20 Add a unit test for environment_variable_names_equal
I need this because I'm about to frob that function to stop using
strcspn() in order to get rid of a clang warning.
2012-06-26 10:50:37 -04:00
Nick Mathewson
201b852c27 Fix a compilation warning with clang 3.0
In b1ad1a1d02 we introduced an implicit (but safe)
long-to-int shortening that clang didn't like.

Warning not in any released version of Tor.
2012-06-26 10:48:31 -04:00
Nick Mathewson
4050800251 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-26 10:30:51 -04:00
Nick Mathewson
c4586f4df7 Downgrade message about md cache cleaning from notice to info
Fix for #6238
2012-06-26 10:30:11 -04:00
Nick Mathewson
4645f28c3b Bump the test util/threads timeout up to 150 sec
This should make some debian build systems happier.

Also, increase the select() timeout to a more reasonable 100 msec.
2012-06-25 13:44:34 -04:00
Nick Mathewson
7c9f6a994f Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-25 13:23:07 -04:00
George Kadianakis
53e4452f98 Don't do DNS lookups when parsing corrupted managed proxy messages.
The functions parse_{s,c}method_line() were using
tor_addr_port_lookup() which is capable of doing DNS lookups. DNS
lookups should not be necessary when parsing {C,S}METHOD lines.
2012-06-25 13:19:22 -04:00
Nick Mathewson
888d5d08fe Merge remote-tracking branch 'public/bug2385' 2012-06-25 12:05:36 -04:00
Nick Mathewson
aad71eef1b Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-25 11:59:33 -04:00
Nick Mathewson
2703e072a1 Merge remote-tracking branch 'public/bug6225' into maint-0.2.3 2012-06-25 11:51:19 -04:00
Nick Mathewson
8e5d3cab26 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-23 15:54:33 -04:00
Nick Mathewson
a6688c574e Catch a few more K&R violations with make check-spaces
We now catch bare {s that should be on the previous line with a do,
while, if, or for, and elses that should share a line with their
preceding }.

That is,
    if (foo)
    {
and
    if (foo) {
      ...
    }
    else

are now detected.

We should think about maybe making Tor uncrustify-clean some day,
but configuring uncrustify is an exercise in bizarreness, and
reformatting huge gobs of Tor is always painful.
2012-06-23 15:54:01 -04:00
Nick Mathewson
db9ce36b25 Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-23 15:37:57 -04:00
Nick Mathewson
ffd7189b3f Don't assert in get_string_from_pipe() on len==0
We can treat this case as an EAGAIN (probably because of an
unexpected internal NUL) rather than a crash-worthy problem.

Fixes bug 6225, again.  Bug not in any released version of Tor.
2012-06-23 15:35:43 -04:00
Nick Mathewson
b1ad1a1d02 Resolve crash caused by format_helper_exit_status changes in #5557
Because the string output was no longer equal in length to
HEX_ERRNO_SIZE, the write() call would add some extra spaces and
maybe a NUL, and the NUL would trigger an assert in
get_string_from_pipe.

Fixes bug 6225; bug not in any released version of Tor.
2012-06-23 15:32:04 -04:00
George Kadianakis
8c3a4a1d21 Improve log message issued when a managed proxy fails to launch. 2012-06-23 15:05:46 -04:00
Nick Mathewson
7761c1d6ac Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-22 22:41:12 -04:00
Nick Mathewson
ebda15e4b5 Merge remote-tracking branch 'public/bug6211' into maint-0.2.3 2012-06-22 22:38:59 -04:00
Nick Mathewson
a9de982c34 Merge remote-tracking branch 'public/bug6203_v2' into maint-0.2.3 2012-06-22 22:33:14 -04:00
Nick Mathewson
a08bbefa9b Merge remote-tracking branch 'origin/maint-0.2.3' 2012-06-22 22:23:20 -04:00
Nick Mathewson
4a7e4129af Style tweaks and add a warning about NUL-termination 2012-06-22 22:21:20 -04:00
Andrea Shepard
770374a6b3 Add unit test for format_hex_number_for_helper_exit_status() 2012-06-22 22:21:20 -04:00
Andrea Shepard
c21af69f29 Refactor unsigned int hex formatting out of format_helper_exit_status() in util.c 2012-06-22 22:21:20 -04:00
Andrea Shepard
4c62cc6f99 Make format_helper_exit_status() avoid unnecessary spaces 2012-06-22 22:21:19 -04:00
Nick Mathewson
f96f319b9e Increment master branch version to 0.2.4.0-alpha-dev 2012-06-20 16:41:31 -04:00
Nick Mathewson
c239c57d3c Fix a regression bug in AllowDotExit
The code that detected the source of a remapped address checked that
an address mapping's source was a given rewrite rule if addr_orig had
no .exit, and addr did have a .exit after processing that rule.  But
addr_orig was formatted for logging: it was not the original address
at all, but rather was the address escaped for logging and possibly
replaced with "[scrubbed]".

This new logic will correctly set ADDRMAPSRC_NONE in the case when the
address starts life as a .exit address, so that AllowDotExit can work
again.

Fixes bug 6211; bugfix on 0.2.3.17-beta
2012-06-19 19:50:03 -04:00
Nick Mathewson
0600e8cab1 Disable warning for marked-but-reading in main.c
It turns out this can happen.  Even though there is no reason for
connections to be marked but reading, we leave them reading anyway,
so warning here is unwarranted.  Let's turn that back on once we do
something sensible and disable reading when we mark.  Bugfix for
6203 on Tor 0.2.3.17-beta.

Thanks to cypherpunks for pointing out the general stupidity of the
original code here.
2012-06-19 12:22:43 -04:00
Nick Mathewson
4a8eaad7ef Clear a couple more fields in rend_service_load_auth_keys 2012-06-18 13:13:53 -04:00
Nick Mathewson
b8d1e8e375 Refactor exit path in rend_service_load_auth_keys
Now it's an orthodox "goto err/done" exit path, and it isn't some
screwy thing where we stick err/done at the end of a loop and
duplicate our cleanup code.
2012-06-18 13:10:02 -04:00
Nick Mathewson
e5a61c5176 Fix indentation in rend_service_load_auth_keys 2012-06-18 13:01:33 -04:00
Nick Mathewson
be28d10622 Refactor rend_service_load_keys() into main portion and auth portion. 2012-06-18 12:59:29 -04:00
Nick Mathewson
53f5a38942 Fix indentation and whitespace in rend_service_load_keys 2012-06-18 12:45:55 -04:00
Nick Mathewson
b44693f32d Refactor rend_service_load_keys() into outer loop and loop contents 2012-06-18 12:43:20 -04:00
Nick Mathewson
e6782b355a Merge remote-tracking branch 'public/bug3311' 2012-06-18 12:07:39 -04:00
Nick Mathewson
4432fa40dd Merge remote-tracking branch 'andrea/bug6028' 2012-06-18 11:51:55 -04:00
Roger Dingledine
26855fe22c conn_type_to_string() on a listener already says it's a listener 2012-06-16 02:29:03 -04:00
Andrea Shepard
10130e5979 Appease make check-spaces 2012-06-15 21:48:15 -07:00
Andrea Shepard
b5280efc17 Clean up keys on stack in rend_parse_service_authorization() 2012-06-15 21:47:06 -07:00
Andrea Shepard
7f24b9b8c3 Clean up keys on stack in rend_client_refetch_v2_renddesc() 2012-06-15 21:39:28 -07:00
Andrea Shepard
a8bcbe7bf7 Clean up keys on stack in rend_client_send_introduction() 2012-06-15 21:25:25 -07:00
Andrea Shepard
ab2e007ffb In rend_service_load_keys(), clear extended descriptor cookie and buffer, clear temporary heap space for client key, and check if serializing client key fails 2012-06-15 21:17:02 -07:00
Andrea Shepard
276f95182c Clean keys on stack in rend_service_rendezvous_has_opened() 2012-06-15 20:54:45 -07:00
Andrea Shepard
88c5d3ca55 Clean keys on stack in rend_service_intro_has_opened() 2012-06-15 20:43:33 -07:00
Andrea Shepard
d43ba536df Clean up keys on stack in rend_service_introduce() 2012-06-15 20:19:02 -07:00
Andrea Shepard
9f55dfd915 Clean up keys on stack in rend_service_load_keys() 2012-06-15 19:54:54 -07:00
Roger Dingledine
c37b8023b7 fix the typo on the typo fix 2012-06-15 20:34:16 -04:00
Andrea Shepard
1f7f10e4f3 Always set *socket_error to something appropriate when returning -1 from connection_connect() 2012-06-15 16:53:32 -07:00
Roger Dingledine
ca525db02d fix typos from 783f705d 2012-06-15 17:08:25 -04:00
Nick Mathewson
97555f4537 fix a compiler warning added in one of my XXX023 fixes. 2012-06-15 16:43:59 -04:00
Nick Mathewson
30c4653780 Whitespace fix 2012-06-15 16:12:24 -04:00
Nick Mathewson
eab75d2c36 Fix a typo found by Mike. 2012-06-15 16:12:04 -04:00
Nick Mathewson
bdfb399867 Merge remote-tracking branch 'public/xxx023' 2012-06-15 16:10:59 -04:00
Nick Mathewson
87409771c4 Clarify some messages about publishing hidden service descriptors
Fix for bug 3311.
2012-06-15 15:25:46 -04:00
Nick Mathewson
cc21e56ed4 Check the correct consensus before giving it to the client
Previously, a directory would check the latest NS consensus for
having the signatures the client wanted, and use that consensus's
valid_until time to set the HTTP lifetime.  With this patch, the
directory looks at NS consensus or the microdesc consensus,
depending on what the client asked for.
2012-06-15 15:07:54 -04:00
Nick Mathewson
32bf258881 Change a silent ignore-the-bug in microdesc.c to a LOG_INFO
I don't believe this bug occurs, but there was an XXX023 to make
sure it doesn't.
2012-06-15 15:07:54 -04:00
Nick Mathewson
e62104a7d2 Move tor_gettimeofday_cached() into compat_libevent 2012-06-15 15:07:53 -04:00
Nick Mathewson
1755f792ed Refactor GETINFO process/descriptor-limit
Previously it duplicated some getrlimit code and content from compat.c;
now it doesn't.
2012-06-15 15:07:53 -04:00
Nick Mathewson
783f705ddc Document that we are unlikely to underflow session group IDs. 2012-06-15 15:07:53 -04:00
Nick Mathewson
2491fff5a6 Triage the XXX023 and XXX022 comments: postpone many. 2012-06-15 15:07:52 -04:00
Nick Mathewson
879b1e1010 Merge remote-tracking branch 'public/bug5932' 2012-06-15 14:44:32 -04:00
Nick Mathewson
8030ec4f27 Downgrade log messages about cbt enabled/disabled. Bug 6169. 2012-06-15 09:57:18 -04:00
Roger Dingledine
afa07b4f87 bump to 0.2.3.17-beta-dev 2012-06-15 04:29:32 -04:00
Roger Dingledine
a1caa96f9b another little step at making debugging 5458 easier 2012-06-15 03:58:47 -04:00
Roger Dingledine
5625812f9a tab-man returneth (this time using the name 'rob') 2012-06-15 03:28:18 -04:00
Roger Dingledine
4c87e82c6c bump to 0.2.3.17-beta 2012-06-15 03:13:00 -04:00
Mike Perry
daedae4115 Lower the default path bias notice rate to 40%.
I saw 72% on a test run with 26 circuits. 70% might be a little close to the
line. That, or min_circs is too low and we need to be more patient. We still
need to test/simulate more.
2012-06-14 21:20:10 -07:00
Mike Perry
61a5730392 For now, never disable any guards. 2012-06-14 13:20:01 -07:00
Mike Perry
8d59690033 Defend against entry node path bias attacks
The defense counts the circuit failure rate for each guard for the past N
circuits. Failure is defined as the ability to complete a first hop, but not
finish completing the circuit all the way to the exit.

If the failure rate exceeds a certain amount, a notice is emitted.

If it exceeds a greater amount, a warn is emitted and the guard is disabled.

These values are governed by consensus parameters which we intend to tune as
we perform experiments and statistical simulations.
2012-06-14 13:19:56 -07:00
Nick Mathewson
4fdce6b091 Merge remote-tracking branch 'asn-mytor/bug5589_take2' 2012-06-14 13:05:16 -04:00
George Kadianakis
aa212b173c Remove validate_pluggable_transports_config(): redundant since 9d9b5ed0.
The warning message of validate_pluggable_transports_config() is
superseded by the changes in the warning message of
connection_or_connect() when the proxy credentials can't be found.
2012-06-14 18:01:22 +03:00
Nick Mathewson
e5beb82e04 Merge remote-tracking branch 'public/bug4663' 2012-06-13 17:01:53 -04:00
Nick Mathewson
5b0977df31 One more fix for bug 5049. 2012-06-13 16:45:13 -04:00
Andrea Shepard
d98590d3b7 Satisfy make check-spaces 2012-06-13 16:45:13 -04:00
Andrea Shepard
aa284561c8 Move cbt->liveness.timeouts_after_firsthop free code into its own function 2012-06-13 16:45:13 -04:00
Andrea Shepard
39a9178ba7 Early exit from circuit_build_times_set_timeout() if adaptive timeouts are disabled 2012-06-13 16:45:13 -04:00
Andrea Shepard
0c3c0b1ddd Don't poll to see if we need to build circuits for timeout data if LearnCircuitBuildTimeout is disabled 2012-06-13 16:45:12 -04:00
Andrea Shepard
a0f76289fd Use K&R style 2012-06-13 16:45:12 -04:00
Andrea Shepard
7df26de948 Unconditionally use config CircuitBuildTimeout if LearnCircuitBuildTimeout is disabled 2012-06-13 16:44:33 -04:00
Andrea Shepard
5177ab9e47 Don't track circuit timeout history unless we're actually using adaptive timeouts 2012-06-13 16:44:33 -04:00
Andrea Shepard
41a458ece1 Add debug logging to circuit_build_times_* of circuitbuild.c to trace queries of consensus parameters for bug 5049 2012-06-13 16:44:33 -04:00
Nick Mathewson
54ef039ba5 Merge branch 'bug5263_023' 2012-06-13 16:23:16 -04:00
Nick Mathewson
9282c88998 Add rate-limited log message to bug5263 fix
Initially I said, "I claim that we shouldn't be reading and marked;
let's see if I'm right."  But Rob finds that it does.
2012-06-13 16:21:06 -04:00
Rob G. Jansen
03b48352c6 Fix busy Libevent loops (infinite loops in Shadow)
There is a bug causing busy loops in Libevent and infinite loops in
the Shadow simulator. A connection that is marked for close, wants
to flush, is held open to flush, but is rate limited (the token
bucket is empty) triggers the bug.

This commit fixes the bug. Details are below.

This currently happens on read and write callbacks when the active
socket is marked for close. In this case, Tor doesn't actually try
to complete the read or write (it returns from those methods when
marked), but instead tries to clear the connection with
conn_close_if_marked(). Tor will not close a marked connection that
contains data: it must be flushed first. The bug occurs when this
flush operation on the marked connection can not occur because the
connection is rate-limited (its write token bucket is empty).

The fix is to detect when rate limiting is preventing a marked
connection from properly flushing. In this case, it should be
flagged as read/write_blocked_on_bandwidth and the read/write events
de-registered from Libevent. When the token bucket gets refilled, it
will check the associated read/write_blocked_on_bandwidth flag, and
add the read/write event back to Libevent, which will cause it to
fire. This time, it will be properly flushed and closed.

The reason that both read and write events are both de-registered
when the marked connection can not flush is because both result in
the same behavior. Both read/write events on marked connections will
never again do any actual reads/writes, and are only useful to
trigger the flush and close the connection. By setting the
associated read/write_blocked_on_bandwidth flag, we ensure that the
event will get added back to Libevent, properly flushed, and closed.

Why is this important? Every Shadow event occurs at a discrete time
instant. If Tor does not properly deregister Libevent events that
fire but result in Tor essentially doing nothing, Libevent will
repeatedly fire the event. In Shadow this means infinite loop,
outside of Shadow this means wasted CPU cycles.
2012-06-13 16:04:07 -04:00
Nick Mathewson
37ef4f1689 Change smartlist_create->smartlist_new in bug4744 branch as merged to master 2012-06-13 12:16:02 -04:00
Nick Mathewson
aa1fc73e33 Merge branch 'bug4744_squashed' 2012-06-13 12:09:13 -04:00
Nick Mathewson
df6bd478ee Implement the client side of proposal 198
This is a feature removal: we no longer fake any ciphersuite other
than the not-really-standard SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
(0xfeff).  This change will let servers rely on our actually
supporting what we claim to support, and thereby let Tor migrate to
better TLS ciphersuites.

As a drawback, Tor instances that use old openssl versions and
openssl builds with ciphers disabled will no longer give the
"firefox" cipher list.
2012-06-13 12:06:28 -04:00
Nick Mathewson
5a3d9636f5 Merge remote-tracking branch 'public/bug3940_redux' 2012-06-13 11:40:38 -04:00
Sebastian Hahn
9dd4e5a9b0 Fix another clang compile warning
We forgot this when we fixed 5969.
2012-06-13 16:51:56 +02:00
Karsten Loesing
2133b6e5ba Fix integer overflow in cell stats spotted by atagar.
Fixes #5849.
2012-06-13 10:12:39 -04:00
Roger Dingledine
068046eebc Merge branch 'maint-0.2.2' 2012-06-13 03:48:43 -04:00
Karsten Loesing
229abbf4bb Update to the June 2012 GeoIP database.
Manually removed range 0.116.0.0 to 0.119.255.255 which Maxmind says is
assigned to AT.  This is very likely a bug in their database, because
0.0.0.0/8 is a reserved range.
2012-06-13 09:21:00 +02:00
Nick Mathewson
f4fccee4d2 Add a warning for using HTTPProxy with no other proxy.
From what I can tell, this configuration is usually a mistake, and
leads people to think that all their traffic is getting proxied when
in fact practically none of it is.  Resolves the issue behind "bug"
4663.
2012-06-12 15:21:41 -04:00
Nick Mathewson
ba9a12119c fixup! An attempt at bug3940 and making AllowDotExit 0 work with MapAddress 2012-06-11 21:50:52 -04:00
Nick Mathewson
c18b6ec3d4 Document ADDRMAPSRC_NONE. 2012-06-11 21:49:08 -04:00
Nick Mathewson
f0f70ba6f1 Merge branch 'bug5452' 2012-06-11 14:44:26 -04:00
Andrea Shepard
6b73fad709 Make RECOMMENDED_MIN_CIRCUIT_BUILD_TIMEOUT warning tell the user how to fix it. 2012-06-11 11:09:19 -07:00
Nick Mathewson
667a12b471 Merge remote-tracking branch 'public/bug4592' 2012-06-11 10:34:48 -04:00
Nick Mathewson
70910479e3 Merge remote-tracking branch 'public/bug5598'
Conflicts:
	doc/tor.1.txt

Conflict was on a formatting issue in the manpage.
2012-06-11 10:26:48 -04:00
Nick Mathewson
a6180b7f29 Merge branch 'bug6097' 2012-06-11 10:14:01 -04:00
Andrea Shepard
4fb2a14fae Warn if the user has set CircuitBuildTimeout stupidly low and turned off LearnCircuitBuildTimeout 2012-06-08 23:44:06 -07:00
Nick Mathewson
8be6058d8f changes file and whitespace fix for bug5235 patch 2012-06-08 14:33:16 -04:00
Andrea Shepard
554ec65ce7 Rate-limit 'Weighted bandwidth is 0.000000 ...' message; it can be produced in extreme quantities 2012-06-08 14:33:16 -04:00
Roger Dingledine
167f6f1e96 typo noticed by "_raptor" 2012-06-07 15:35:19 -04:00
Nick Mathewson
b0bab82790 Merge remote-tracking branch 'arma/bug3886'
Conflicts:
	src/or/dirserv.c
2012-06-07 13:30:55 -04:00
Nick Mathewson
f9fddba539 Downgrade an eventdns warning to PROTOCOL_WARN. 2012-06-07 13:03:39 -04:00
Nick Mathewson
bf9252587b Fix mingw build with -DUNICODE -D_UNICODE
This is a very blunt fix, and mostly just turns some func() calls
into FuncA() to make things build again.  Fixes bug 6097.
2012-06-07 11:59:32 -04:00
Nick Mathewson
1e5683b167 Be more careful calling wcstombs
The function is not guaranteed to NUL-terminate its output.  It
*is*, however, guaranteed not to generate more than two bytes per
multibyte character (plus terminating nul), so the general approach
I'm taking is to try to allocate enough space, AND to manually add a
NUL at the end of each buffer just in case I screwed up the "enough
space" thing.

Fixes bug 5909.
2012-06-07 11:09:38 -04:00
Nick Mathewson
99618a9641 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-06-07 09:46:14 -04:00
Robert Ransom
0dc47dfebf Send a CRLF at the end of a STATUS_* event, not in the middle of it
Fixes bug 6094; bugfix on commit 3a9351b57e.
2012-06-07 03:22:06 +00:00
Nick Mathewson
8a341cc429 Change the default for DynamicDHGroups to 0
This feature can make Tor relays less identifiable by their use of the
mod_ssl DH group, but at the cost of some usability (#4721) and bridge
tracing (#6087) regressions.

We should try to turn this on by default again if we find that the
mod_ssl group is uncommon and/or we move to a different DH group size
(see #6088).  Before we can do so, we need a fix for bugs #6087 and

Resolves ticket #5598 for now.
2012-06-06 12:00:04 -04:00
Roger Dingledine
f136e835d8 bump to 0.2.3.16-alpha-dev 2012-06-05 18:37:19 -04:00
Roger Dingledine
80b2308aec today is the day for 0.2.3.16-alpha 2012-06-05 12:14:57 -04:00
Nick Mathewson
7b2afb61b2 Merge branch 'bug5603' 2012-06-05 11:47:34 -04:00
Nick Mathewson
64167e1772 Minor changes to bug5603
* Minor stylistic changes to comments and doxygen
  * Use strcmp_opt; it already exists.
  * Tighten bridge_has_digest implementation a little.
2012-06-05 11:40:31 -04:00
Nick Mathewson
d09a3ecd01 Merge remote-tracking branch 'public/getfilesize_64'
Conflicts:
	src/common/compat.c

The getfilesize change conflicted with the removal of file_handle
from the windows tor_mmap_t.
2012-06-05 11:10:42 -04:00
Nick Mathewson
b482c870ca Fix some mingw build warnings
These include:
   - Having a weird in_addr that can't be initialized with {0}
   - Needing INVALID_HANDLE_VALUE instead of -1 for file handles.
   - Having a weird dependent definition for struct stat.
   - pid is signed, not unsigned.
2012-06-05 11:06:26 -04:00
Nick Mathewson
2468a1bd2c Revert "Disable (Cell,DirReq,Entry,ExitPort)Statistics on bridges"
This reverts commit 981e896dd2.

Apparently Karsten still needs DirReqStatistics for bridges; see
2012-06-05 10:47:05 -04:00
Nick Mathewson
38642a9369 Downgrade tor_assert(0) to tor_fragile_assert() in windows stub create_unix_sockaddr 2012-06-05 10:36:34 -04:00
Nick Mathewson
7f45ea5c41 Merge remote-tracking branch 'public/bug3894' 2012-06-05 10:31:00 -04:00
Nick Mathewson
b4bd4964eb Merge remote-tracking branch 'public/format_doubles'
Conflicts:
	src/or/geoip.c
2012-06-05 10:30:50 -04:00
Nick Mathewson
981e896dd2 Disable (Cell,DirReq,Entry,ExitPort)Statistics on bridges
These stats are currently discarded, but we might as well
hard-disable them on bridges, to be clean.

Fix for bug 5824; bugfix on 0.2.1.17-rc.

Patch originally by Karsten Loesing.
2012-06-05 10:25:50 -04:00
Nick Mathewson
1ce0c5eba9 Merge remote-tracking branch 'public/bug4657'
Conflicts:
	src/or/router.c
2012-06-05 10:20:44 -04:00
Nick Mathewson
c19a2ff691 Merge remote-tracking branch 'public/bug4710' 2012-06-05 10:16:28 -04:00
Nick Mathewson
20d6f787aa Fix "make check-spaces" issues 2012-06-05 00:49:18 -04:00
Nick Mathewson
913067f788 Resolve about 24 DOCDOCs 2012-06-05 00:17:54 -04:00
Nick Mathewson
064e7c19c6 Missing copyright/license statement for procmon.c 2012-06-04 21:02:13 -04:00
Nick Mathewson
0fa107a6aa Update copyright dates to 2012; add a few missing copyright statements 2012-06-04 20:58:17 -04:00
Nick Mathewson
173b18c79b Add about 60 more DOCDOC comments to 0.2.3
Also, try to resolve some doxygen issues.  First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
2012-06-04 19:59:08 -04:00
Nick Mathewson
361260ff8f Resolve some markup complaints from doxygen 2012-06-04 19:56:33 -04:00
Nick Mathewson
f68c042637 Resolve all currently pending DOCDOC items in master 2012-06-04 19:05:51 -04:00
Nick Mathewson
b2be6c7f97 Document the new exit_source_out argument to addressmap_rewrite 2012-06-04 17:15:21 -04:00
Nick Mathewson
41e8bee188 Merge origin/maint-0.2.2 for 6007_strict
This code shouldn't have any effect in 0.2.3, since we already accept
(and handle) data received while we are expecting a renegotiation.
(That's because the 0.2.3.x handshake _does_ have data there instead of
the renegotiation.)

I'm leaving it in anyway, since if it breaks anything, we'll want it
broken in master too so we can find out about it.  I added an XXX023
comment so that we can come back later and fix that.
2012-06-04 11:47:36 -04:00
Nick Mathewson
491dc3a601 Merge remote-tracking branch 'public/bug6007_strict_squashed' into maint-0.2.2 2012-06-04 11:40:52 -04:00
Nick Mathewson
329e1c65d3 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-06-04 11:36:33 -04:00
Nick Mathewson
6d85a79653 Merge remote-tracking branch 'public/bug6033' into maint-0.2.2 2012-06-04 11:33:27 -04:00
Nick Mathewson
af54a01828 Kill non-open OR connections with any data on their inbufs.
This fixes a DoS issue where a client could send so much data in 5
minutes that they exhausted the server's RAM.  Fix for bug 5934 and
6007.  Bugfix on 0.2.0.20-rc, which enabled the v2 handshake.
2012-06-04 11:29:18 -04:00
Nick Mathewson
75b72bf621 Fix build warning on Lenny about strtok_r unit test
This fixes a warning in efb8a09f, where Debain Lenny's GCC doesn't get
that
    for (i=0; i<3; ++i) {
      const char *p;
      switch(i) {
       case 0:
         p="X"; break;
       case 1:
         p="Y"; break;
       case 2:
         p="Z"; break;
      }
      printf("%s\n", p);
    }
will never try to print an uninitialezed value.

Found by buildbots.  Bug in no released versions of Tor.
2012-06-04 11:11:04 -04:00
Nick Mathewson
841a8d551a Work around a bug in OpenSSL 1.0.1's TLS 1.1 and TLS 1.2 support
It appears that when OpenSSL negotiates a 1.1 or 1.2 connection, and it
decides to renegotiate, the client will send a record with version "1.0"
rather than with the current TLS version.  This would cause the
connection to fail whenever both sides had OpenSSL 1.0.1, and the v2 Tor
handshake was in use.

As a workaround, disable TLS 1.1 and TLS 1.2.  When a later version of
OpenSSL is released, we can make this conditional on running a fixed
version of OpenSSL.

Alternatively, we could disable TLS 1.1 and TLS 1.2 only on the client
side.  But doing it this way for now means that we not only fix TLS with
patched clients; we also fix TLS when the server has this patch and the
client does not.  That could be important to keep the network running
well.

Fixes bug 6033.
2012-06-02 20:09:05 -04:00
George Kadianakis
1e95a4a1f6 Improve conflict resolution when adding new bridges. 2012-06-03 00:21:49 +03:00
Nick Mathewson
0cbe3ff313 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-31 17:00:37 -04:00
Nick Mathewson
834654f145 Make all begindir or one-hop circuits internal
This solves bug 5283, where client traffic could get sent over the
same circuit as an anonymized connection to a directory, even if
that circuit used an exit node unsuitable for clients.  By marking
the directory connection as needs_internal, we ensure that the
(non-internal!) client-traffic connection won't be sent over the
same circuit.
2012-05-31 16:55:54 -04:00
Nick Mathewson
dff73d26f3 Merge remote-tracking branch 'public/bug5089'
Conflicts:
	src/test/test_util.c

Merge the unit tests; I added some when I did this branch against
0.2.2, and then the test format changed and master added more tests.
2012-05-31 16:21:54 -04:00
Nick Mathewson
b86c562d76 A few more get_parent_directory tests. 2012-05-31 15:12:45 -04:00
Nick Mathewson
fc0842275d Merge remote-tracking branch 'public/bug5374' 2012-05-31 15:07:19 -04:00
Nick Mathewson
d1bbd84a6d Merge remote-tracking branch 'linus/bug4873_ln' 2012-05-31 14:37:29 -04:00
Nick Mathewson
fc5d960fbd Merge remote-tracking branch 'public/bug5541_v2' 2012-05-31 12:40:30 -04:00
Nick Mathewson
0e207f9acb Merge remote-tracking branch 'public/close_file_mapping'
Conflicts:
	src/common/compat.h

Conflict was between replacement of MS_WINDOWS with _WIN32 in
master, and with removal of file_handle from tor_mmap_t struct in
close_file_mapping branch (for bug 5951 fix).
2012-05-31 12:38:11 -04:00
Nick Mathewson
2e58882b90 reindent CreateFile arguments. 2012-05-31 12:36:54 -04:00
Nick Mathewson
f1aae1236f Merge remote-tracking branch 'linus/bug5355_ln' 2012-05-31 12:33:16 -04:00
Nick Mathewson
155543d26e Merge remote-tracking branch 'public/bug1938' 2012-05-31 12:24:02 -04:00
Nick Mathewson
11bf5585aa Merge remote-tracking branch 'public/bug2954_more' 2012-05-31 12:22:02 -04:00
Linus Nordberg
0ed963e72a Remove unexpected "unexpectedly". 2012-05-31 13:08:57 +02:00
Linus Nordberg
c074562a17 Remove spurioius return in one out of four if-else clauses.
We do return right after the if-else.  This return (with its confusing
comments) comes from before 6b7c3b42 but doesn't make sense now.
2012-05-31 13:05:24 +02:00
Nick Mathewson
32d6acade8 Merge remote-tracking branch 'public/bug3196' 2012-05-31 01:02:27 -04:00
Nick Mathewson
ffc21b653f Merge remote-tracking branch 'origin/maint-0.2.2'
(For bug 5969 fix)
2012-05-31 00:07:52 -04:00
Nick Mathewson
3a9351b57e Fix more clang format-nonliteral warnings (bug 5969) 2012-05-30 23:59:49 -04:00
Nick Mathewson
fe68a80f8f Merge branch 'bug5604' 2012-05-30 17:00:36 -04:00
Nick Mathewson
d7e4777791 Add a little documentation for the bug5604 fix 2012-05-30 17:00:22 -04:00
Nick Mathewson
37f42c2f58 Merge remote-tracking branch 'public/bug5954' 2012-05-30 16:38:20 -04:00
Nick Mathewson
711e4b4237 Merge remote-tracking branch 'linus/bug4369' 2012-05-30 13:05:15 -04:00
Nick Mathewson
e284894672 Add __attribute__(format)s for our varargs printf/scanf wrappers
It turns out that if you set the third argument of
__attribute__(format) to 0, GCC and Clang will check the format
argument without expecting to find variadic arguments.  This is the
correct behavior for vsnprintf, vasprintf, and vscanf.

I'm hoping this will fix bug 5969 (a clang warning) by telling clang that
the format argument to tor_vasprintf is indeed a format string.
2012-05-30 12:14:38 -04:00
Sebastian Hahn
a5a8296892 Fix clang 3.1 compile warning in crypto.c
(Tweaked by nickm)
2012-05-30 11:56:43 -04:00
Nick Mathewson
9e53cdca86 Merge remote-tracking branch 'public/bug5916' 2012-05-30 11:14:41 -04:00
Linus Nordberg
f998590e5b Don't stomp on errno. 2012-05-29 15:38:03 +02:00
Linus Nordberg
2f0c0f92f8 Fix minor typo in warning printout. 2012-05-29 15:03:22 +02:00
Nick Mathewson
9d41629aa0 Delay getsockname() call until after connect() is done
On Windows, getsockname() on a nonblocking apparently won't work
until the connection is done connecting.  On XP, it seems to fail by
reporting success and declaring that your address is INADDR_ANY.  On the
Win8 preview, though, it fails more loudly and says WSAEINVAL.

Fix for bug 5374; bugfix on 0.1.1.14-alpha.
2012-05-24 16:57:36 -04:00
Nick Mathewson
254504fc14 Have get_parent_directory() handle "/foo" and "/" correctly.
The parent of "/foo" is "/"; and "/" is its own parent.

This would cause Tor to fail if you tried to have a PF_UNIX control
socket in the root directory.  That would be a stupid thing to do
for other reasons, but there's no reason to fail like _this_.

Bug found by Esteban Manchado Velázquez. Fix for bug 5089; bugfix on
Tor 0.2.2.26-beta.  Unit test included.
2012-05-24 12:56:31 -04:00
Nick Mathewson
281a5e4670 Warn and ignore the MyFamily setting if BridgeRelay is also set
Roger explains at
  http://archives.seul.org/tor/talk/Nov-2011/msg00209.html :

  "If you list your bridge as part of your family in the relay
  descriptor, then everybody can learn your bridge fingerprint, and
  they can look up your bridge's descriptor (and thus location) at
  the bridge directory authority."

Now, we can't stop relays from listing bridges, but we can warn when
we notice a bridge listing anybody, which might help some.

This fixes bug 4657; it's a fix on 0.2.0.3-alpha, where bridges were
first introduced.
2012-05-24 12:39:26 -04:00
Nick Mathewson
6b7c3b42ee Change an assertion into a warning in connection_or_handle_event_cb()
Possibly addresses bug 4873, though IMO that's likely not a real
bug: it seems likely to have been an ssl version mismatch.
2012-05-24 11:14:28 -04:00
Nick Mathewson
0da40bba88 Abort writing cached-microdescs if a failed write has occurred.
Bug 2954; fix on 0.2.2.6-alpha.
2012-05-24 11:07:01 -04:00
Nick Mathewson
2418bc9594 New "GETINFO dormant" to report whether Tor has gone idle
Torbutton needs this; see bug 5954 and 4718.
2012-05-24 10:42:55 -04:00
Nick Mathewson
e7d34935fb Use GetFileSize correctly on win32
(Use its second parameter to find the high 32 bits of the file size;
check its return value for error conditions.)
2012-05-24 10:31:11 -04:00
Nick Mathewson
ab1b81e838 Close the windows file handle after CreateFileMapping; it isn't needed
I did the changes file; the rest came pseudonymously
2012-05-23 12:39:05 -04:00
George Kadianakis
ec7fd08ccf Fix the unittest breakage introduced by a8a862c. 2012-05-18 20:52:24 +03:00
Nick Mathewson
466276faa5 Merge remote-tracking branch 'asn/bug5602' 2012-05-18 12:36:04 -04:00
Nick Mathewson
4c4dd505be Fix a hard-to-trigger memory leak in launch_resolve
To hit this leak, you need to be a relay that gets a RESOLVE request
or an exit node getting a BEGIN or RESOLVE request.  You must either
have unconfigured (and unconfigurable) nameservers, or you must have
somehow set DisableNetwork after a network request arrived but
before you managed to process it.

So, I doubt this is reached often.  Still, a leak's a leak.  Fix for
bug 5916; bugfix on 0.2.3.9-alpha and 0.1.2.1-alpha.
2012-05-18 12:21:46 -04:00
Nick Mathewson
c1da29e22d Merge remote-tracking branch 'asn/bug5646' 2012-05-18 12:10:40 -04:00
George Kadianakis
153b9892f0 Extract data from DESTROY cell _after_ protocol violation checks. 2012-05-18 15:22:03 +03:00
George Kadianakis
a8a862c909 Ignore unknown lines from managed proxies. 2012-05-18 15:04:48 +03:00
George Kadianakis
5dc9acb5e5 Use a more helpful log message when we can't find a proxy. 2012-05-18 03:07:46 +03:00
Nick Mathewson
f35271bf3e Fix some more FreeBSD4 issues (based on a patch from grarpamp)
Apparently, freebsd 4 doesn't like malloc.h, needs sys/param.h for
MIN/MAX, and doesn't have a SIZE_MAX.

For bug 3894.
2012-05-16 14:34:17 -04:00
Nick Mathewson
0bec9f320b Use %f, not %lf when formatting doubles
%f is correct; %lf is only needed with scanf.  Apparently, on some
old BSDs, %lf is deprecated.

Didn't we do this before?  Yes, we did.  But we only got the
instances of %lf, not more complicated things like %.5lf .  This
patch tries to get everything.

Based on a patch for 3894 by grarpamp.
2012-05-16 14:26:35 -04:00
Nick Mathewson
2b6e91c2ee Report EADDRNOTAVAIL and EADDRINUSE as RESOURCELIMIT
These errors usually mean address exhaustion; reporting them as such
lets clients adjust their load to try other exits.

Fix for bug 4710; bugfix on 0.1.0.1-rc, which started using
END_STREAM_REASON_RESOURCELIMIT.
2012-05-16 12:46:24 -04:00
Nick Mathewson
d732b87e60 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-16 12:20:56 -04:00
Nick Mathewson
75fc4dbbca Make the succeeding parse_http_time tests more obviously right
(When the correct answer is given in terms of seconds since the
epoch, it's hard to be sure that it really is the right answer
just by reading the code.)
2012-05-16 12:19:56 -04:00
Sebastian Hahn
679aa93e23 Fix month check in parse_http_time, add test 2012-05-16 12:15:13 -04:00
Nick Mathewson
801923ac21 Remove more dubiosity in struct tm handling. related to bug5346 2012-05-16 12:15:08 -04:00
Nick Mathewson
1abe533b33 Reject an additional type of bad date in parse_http_time 2012-05-16 12:14:48 -04:00
Esteban Manchado Velázquez
d0d9c3d71e Fix parse_http_time and add tests
* It seems parse_http_time wasn't parsing correctly any date with commas (RFCs
  1123 and 850). Fix that.
* It seems parse_http_time was reporting the wrong month (they start at 0, not
  1). Fix that.
* Add some tests for parse_http_time, covering all three formats.
2012-05-16 12:14:48 -04:00
Nick Mathewson
3f55b76360 Merge remote-tracking branch 'public/bug5139' 2012-05-16 11:47:13 -04:00
Fabian Keil
2888644a9f In connection_ap_handshake_process_socks(), mark the socks request as finished if a reply is send after a parse error
Silences the log message:
[warn] {BUG} _connection_mark_unattached_ap(): Bug: stream (marked at connection_edge.c:2224) sending two socks replies?
after the client triggered the "Tor is not an HTTP Proxy" response.

No additional socks reply was sent, though.
2012-05-16 11:37:31 -04:00
Roger Dingledine
f89de0a79f Remove over-two-months-old entry guards even while running.
Previously, we only did this check at startup, which could lead to
us holding a guard indefinitely, and give weird results.  Fixes bug
5380; bugfix on 0.2.1.14-rc.

(Patch by Roger; changes file and commit message by Nick)
2012-05-16 11:31:28 -04:00
Nick Mathewson
a6cb07bd9e Correct documentation for remove_obsolete_entry_guards. 2012-05-16 11:31:28 -04:00
Nick Mathewson
517b9c602a Merge remote-tracking branch 'public/bug2297' 2012-05-16 11:14:00 -04:00
Nick Mathewson
a925fc9189 Merge remote-tracking branch 'public/bug2822' 2012-05-16 11:10:09 -04:00
Nick Mathewson
a3046fd5e5 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-16 10:57:08 -04:00
Nick Mathewson
3ed4c5dc05 Correct the bulletproofing of routerlist_insert()
The original code updated some variables, but forgot to remove a
replaced old-routerdesc from rl->old_routers.

Related to bug 1776.
2012-05-16 10:51:02 -04:00
Nick Mathewson
ee246bbe95 Merge remote-tracking branch 'public/bug3296' 2012-05-16 10:40:21 -04:00
Nick Mathewson
b41dd8069f When ReloadTorrcOnSIGHUP=1, do non-reload activities anyway
Previously, we skipped everything that got invoked from
options_init_from_torrc.  But some of the stuff in
options_act_reversible and options_act is actually important, like
reopening the logs.

Now, a SIGHUP always makes the effects of an options_set() happen,
even though the options haven't changed.

Fix for bug 5095; bugfix on 0.2.1.9-alpha, which introduced
__ReloadTorrcOnSIGHUP.
2012-05-16 10:36:21 -04:00
Nick Mathewson
d9ceab5bc3 Fix some remaining nmake/msvc build issues 2012-05-16 10:08:24 -04:00
Nick Mathewson
d5ccaa6e2b Merge branch 'win32_winnt' 2012-05-16 09:56:49 -04:00
Nick Mathewson
89c1689009 Change our ciphersuite list to match ff8 2012-05-15 15:25:54 -04:00
Nick Mathewson
edf0d5b12c Prevent an (impossible) null-pointer dereference in connection_edge_process_relay_cell
This would happen if the deliver window could become negative
because of an nonexistent connection.  (Fortunately, _that_ can't
occur, thanks to circuit_consider_sending_sendme.  Still, if we
change our windowing logic at all, we won't want this to become
triggerable.)  Fix for bug 5541.  Bugfix on 4a66865d, back from
0.0.2pre14.  asn found this.  Nice catch, asn!
2012-05-15 14:45:51 -04:00
Nick Mathewson
e3243ad5f6 Treat SW_SERVER_HELLO_B as another sign of an SSL handshake
We've been only treating SW_SERVER_HELLO_A as meaning that an SSL
handshake was happening.  But that's not right: if the initial
attempt to write a ServerHello fails, we would get a callback in
state SW_SERVER_HELLO_B instead.

(That's "instead" and not "in addition": any failed attempt to write
the hello will fail and cause the info callback not to get written.)

Fix for bug 4592; bugfix on 0.2.0.13-alpha.
2012-05-15 11:15:43 -04:00
Nick Mathewson
521cb58187 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-15 10:05:19 -04:00
Nick Mathewson
5905a0b2db Merge branch 'bug5796_022_squashed' into maint-0.2.2 2012-05-15 10:04:49 -04:00
Nick Mathewson
f2a6eedded Fix a crash bug on SETCIRCUITPURPOSE. 2012-05-15 10:03:10 -04:00
Nick Mathewson
92cba63459 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-15 10:01:12 -04:00
Nick Mathewson
0be946c693 Merge remote-tracking branch 'karsten/geoip-may2012' into maint-0.2.2 2012-05-15 10:00:51 -04:00
Nick Mathewson
009453f919 Merge remote-tracking branch 'linus/task-5891' 2012-05-15 08:33:08 -04:00
Linus Nordberg
e3716598fc Assert that rep_hist_format_desc_stats() returns !NULL.
The guard against this is the test for
start_of_served_descs_stats_interval != 0 done earlier.
2012-05-15 13:12:34 +02:00
Karsten Loesing
57359b5336 Fix desc stats on bridge authorities that didn't serve anything. 2012-05-15 12:39:08 +02:00
Nick Mathewson
21e3261914 Bump _WIN32_WINNT to 0x0501 throughout the code
This tells the windows headers to give us definitions that didn't
exist before XP -- like the ones that we need for IPv6 support.

See bug #5861.  We didn't run into this issue with mingw, since
mingw doesn't respect _WIN32_WINNT as well as it should for some of
its definitions.
2012-05-14 13:46:37 -04:00
Nick Mathewson
9ffccb3f49 Remove all instances of WIN32_WINNT (without leading _)
We started adding it in 59e2c77824 back in 2004, 8 years and 3
days ago.  It's time to deprogram ourselves from this cargo cult.
2012-05-14 13:36:52 -04:00
Nick Mathewson
d8de831932 MSVC build issue: it can't tell that tor_assert(0) aborts. 2012-05-14 13:07:27 -04:00
Nick Mathewson
43e15300ba MSVC build issue: make 'const' in declaration match 'const' in definition
MSVC warns if you declare a function as having a "int foo" argument
and then implement it with a "const int foo" argument, even though
the latter "const" is not a part of the function's interface.
2012-05-14 13:05:36 -04:00
Nick Mathewson
757725ffde MSVC build issue: we use INLINE as the one that will magically work 2012-05-14 13:04:37 -04:00
Nick Mathewson
7134be0637 MSVC build issue: add magic to make openssl headers in aes.c work 2012-05-14 13:04:13 -04:00
Nick Mathewson
02d206a58b Be a good git person: store nmakefiles in correct text fmt 2012-05-14 13:01:05 -04:00
Nick Mathewson
f1fca8aa4d Remove the unused torrc.bridge.in. Bug 5622. 2012-05-14 12:37:39 -04:00
Nick Mathewson
c5e87ef234 We do not need to define _WIN32 by hand; MSVC does that for us
Bug 5858; fix on 0.2.3.12-alpha
2012-05-14 12:22:51 -04:00
Nick Mathewson
b6028b9e8b Fix win32 compilation of 31eb73f88e 2012-05-14 12:08:05 -04:00
Nick Mathewson
31eb73f88e Do not publish the "git-XXX" tag in server descriptors
Instead, allow packagers to put a 'TOR_BUILD_TAG' field in the
server descriptor to indicate a platform-specific value, if they
need to.  (According to weasel, this was his use for the git- tag
previously.)

This is part of 2988
2012-05-11 18:06:12 -04:00
Nick Mathewson
a2f0e7a65b Cut down on the OS information we give.
For uname-based detection, we now give only the OS name (e.g.,
"Darwin", "Linux".)  For Windows, we give only the Operating System
name as inferred from dw(Major|Minor)version, (e.g., "Windows XP",
"Windows 7"), and whether the VER_NT_SERVER flag is set.

For ticket 2988.
2012-05-11 17:52:53 -04:00
Nick Mathewson
35d08e30d8 An attempt at bug3940 and making AllowDotExit 0 work with MapAddress
This time, I follow grarpamp's suggestion and move the check for
.exit+AllowDotExit 0 to the top of connection_ap_rewrite_and_attach,
before any rewriting occurs.  This way, .exit addresses are
forbidden as they arrive from a socks connection or a DNSPort
request, and not otherwise.

It _is_ a little more complicated than that, though.  We need to
treat any .exit addresses whose source is TrackHostExits as meaning
that we can retry without that exit.  We also need to treat any
.exit address that comes from an AutomapHostsOnResolve operation as
user-provided (and thus forbidden if AllowDotExits==0), so that
transitioning from AllowDotExits==1 to AllowDotExits==0 will
actually turn off automapped .exit addresses.
2012-05-11 17:16:29 -04:00
Nick Mathewson
4bac223311 Fix a couple of wide lines 2012-05-11 13:01:07 -04:00
Nick Mathewson
0888c2f8f5 When no usable exit satisfies a predicted port, stop predicting it.
Fix for bug 3296.
2012-05-11 12:52:21 -04:00
Nick Mathewson
6757261e8f Raise thresholds for declaring bootstrapping complete.
This patch changes the total serverdesc threshold from 25% to 75%
and the exit threshold from 33% to 50%.  The goal is to make
initially constructed circuits less horrible, and to make initial
less awful (since fetching directory information in parallel with
whatever the user is trying to do can hurt their performance).

Implements ticket 3196.
2012-05-11 12:09:00 -04:00
Nick Mathewson
e0655708a2 Merge remote-tracking branch 'asn/bug4865_take2' 2012-05-11 11:52:51 -04:00
Nick Mathewson
84ddc4b6aa Merge remote-tracking branch 'public/bug5091' 2012-05-11 11:45:40 -04:00
Roger Dingledine
648db9a4b7 Merge branch 'maint-0.2.2' 2012-05-10 17:57:31 -04:00
Roger Dingledine
436654ee96 fix over-wide line from f661747370 2012-05-10 17:46:19 -04:00
Nick Mathewson
02a650786b Fix O(n^2) performance when parsing a big pile of extrainfos
We were doing an O(n) strlen in router_get_extrainfo_hash() for
every one we tried to parse.  Instead, have
router_get_extrainfo_hash() take the length of the extrainfo as an
argument, so that when it's called from
extrainfo_parse_from_string(), it doesn't do a strlen() over the
whole pile of extrainfos.
2012-05-10 17:41:31 -04:00
Nick Mathewson
62f8e3926d Merge remote-tracking branch 'public/bug4591' 2012-05-10 15:55:12 -04:00
Nick Mathewson
0b1a334842 Merge branch 'bug5786' 2012-05-10 15:44:41 -04:00
Nick Mathewson
c78a42685f Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/util.c
	src/test/test_util.c
2012-05-10 15:41:04 -04:00
Nick Mathewson
79c4c8195a Merge branch 'bug5786_range_022' into maint-0.2.2 2012-05-10 15:38:57 -04:00
Nick Mathewson
57ed459b0d Refactor new getcwd code
Make sure that the "path_length *= 2" statement can't overflow.

Move the "malloc and getcwd" loop into its own function.
2012-05-10 14:20:15 -04:00
Nick Mathewson
e30a4311e2 Merge remote-tracking branch 'linus/bug5146' 2012-05-10 14:07:23 -04:00
Nick Mathewson
8c09923f20 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-05-10 11:50:14 -04:00
Ravi Chandra Padmala
f661747370 Add missing CRLFs to AUTHCHALLENGE failure replies
Fix #5760
2012-05-10 11:13:09 +05:30
Nick Mathewson
98a30daf34 Fix a segfault in pt/protocol test
Now that the pt code logs mp->argv[0] all over the place, we need to
be sure to set up mp->argv in our tests.

Bugfix on e603692adc, not in any released version.
2012-05-08 09:38:56 -04:00
Nick Mathewson
d9ba9f91d2 Detect out-of-bounds bwweightscale values early in the voting process
If the authorities agreed on a sufficiently bad bwweightscale value
(<=0 or == INT32_MAX), the bandwidth algorithm could make the voters
assert while computing the consensus.

Fix for bug5786; bugfix on 0.2.2.17-alpha
2012-05-07 12:47:13 -04:00
Nick Mathewson
c8a0cceae2 Check more thoroughly for dups when parsing networkstatus parameters
See changes file for details.

Partial fix for bug 5786; fix on 0.2.2.2-alpha.
2012-05-07 12:40:05 -04:00
Nick Mathewson
9b344628ed Handle out-of-range values in tor_parse_* integer functions
The underlying strtoX functions handle overflow by saturating and
setting errno to ERANGE.  If the min/max arguments to the
tor_parse_* functions are equal to the minimum/maximum of the
underlying type, then with the old approach, we wouldn't treat a
too-large value as genuinely broken.

Found this while looking at bug 5786; bugfix on 19da1f36 (in Tor
0.0.9), which introduced these functions.
2012-05-07 12:25:59 -04:00
Nick Mathewson
66dbbc2960 Apply a patch from Gisle Vanem to make tor-gencert build under MSVC
(Note: It makes sense to use tor-gencert on Windows for testing
purposes only.  If you are a directory authority operator, and you
are contemplating running tor-gencert on a Windows box in an actual
production environment, you are probably making a mistake.)
2012-05-07 11:31:08 -04:00
Nick Mathewson
3f48c7575e Merge branch 'bug5645_take2' 2012-05-07 11:09:50 -04:00
Nick Mathewson
f84f75c59c Make a cast less const-violating; make a field size explicit. 2012-05-07 11:09:02 -04:00
George Kadianakis
d2e9d17134 Reorder rend_mid_rendezvous() to do protocol violation checks on top. 2012-05-07 18:05:54 +03:00
Nick Mathewson
120d524fba Merge branch 'bug5070_take2' 2012-05-07 11:03:33 -04:00
Nick Mathewson
eefdb9eec2 Using %d to printf an enum may not be by-the-standard okay. 2012-05-07 11:02:17 -04:00
Nick Mathewson
74810f95ad Fix an overwide line 2012-05-07 10:59:23 -04:00
Nick Mathewson
39e69a0a8c Fix comments: There is no such thing as a NUL pointer 2012-05-07 10:57:59 -04:00
Nick Mathewson
9ceec869b5 Document some transports.c behaviors and assumptions 2012-05-07 09:55:14 -04:00
Karsten Loesing
24731ce6a7 Update to the May 2012 GeoIP database. 2012-05-07 12:50:47 +02:00
Roger Dingledine
c648f9751f fix quad typo in comments
i assume if nickm maintained "libeven" this would never have been
introduced. :)
2012-05-07 01:54:53 -04:00
Nick Mathewson
a1538d607d Fix bug 5762: detect missing accept4 that gives ENOSYS
We had been checking for EINVAL, but that means that SOCK_* isn't
supported, not that the syscall itself is missing.

Bugfix on 0.2.3.1-alpha, which started to use accept4.
2012-05-04 13:18:14 -04:00
Linus Nordberg
6b4af10716 Ignore [::] when building descriptors.
This is how IPv6 says "0.0.0.0" and something we will have to
translate into a globally reachable address before putting it in a
descriptor.

The fix is a short term solution until a real one is implemented.

Closes #5146.
2012-05-03 22:19:38 +02:00
George Kadianakis
e603692adc Make transports.c logs a bit more helpful. 2012-05-03 04:40:36 +03:00
Nick Mathewson
c9afd6f9c5 Add a missing ntohl to tell_controller_about_resolve_result
Fix for bug 5723; bugfix on 0.2.3.1-alpha (commit 22f723e4)
2012-05-01 17:21:47 -04:00
Roger Dingledine
81d9a9368f bump to 0.2.3.15-alpha-dev 2012-04-30 16:43:08 -04:00
Roger Dingledine
2513a3e959 bump to 0.2.3.15-alpha 2012-04-30 16:16:30 -04:00
Nick Mathewson
c03a233faa Remove __ from HAVE_EXTERN_ENVIRON_DECLARED__
I think that the trailing __ got added in false analogy to
HAVE_MACRO__func__, HAVE_MACRO__FUNC__, and HAVE_MACRO__FUNCTION__.
But those macros actually indicate the presence of __func__,
__FUNC__, and __FUNCTION__ respectively.  The __ at the end of
HAVE_EXTERN_ENVIRON_DECLARED would only be appropriate if the
environ were declared__, whatever that means.

(As a side-note, HAVE_MACRO__func__ and so on should probably be
renamed HAVE_MACRO___func__ and so on.  But that can wait.)

This is an identifier renaming only.
2012-04-30 12:52:16 -04:00
Nick Mathewson
f0212197cc Only disable cert chaining on the first TLS handshake
If the client uses a v2 cipherlist on the renegotiation handshake,
it looks as if they could fail to get a good cert chain from the
server, since they server would re-disable certificate chaining.

This patch makes it so the code that make the server side of the
first v2 handshake special can get called only once.

Fix for 4591; bugfix on 0.2.0.20-rc.
2012-04-27 12:13:56 -04:00
Nick Mathewson
9df89aacbd Close OR connections that send junk before AUTHORIZE/VERSIONS
Fix for 4369.
2012-04-27 12:02:55 -04:00
Nick Mathewson
7c8032c22b Bridges should never set the send_unencrypted flag on any of their descs
Fix for bug 5139.
2012-04-27 11:51:48 -04:00
Nick Mathewson
8f070ecbc0 When downloading bridge descs from a bridge authority, always be anonymous 2012-04-27 11:27:32 -04:00
Nick Mathewson
9dddfe83f3 Several mingw/msvc/cross-compilation fixes
They boil down to:
 - MS_WINDOWS is dead and replaced with _WIN32, but we let a few
   instances creep in when we merged Esteban's tests.
 - Capitalizing windows header names confuses mingw.
 - #ifdef 0 ain't C.
 - One unit test wasn't compiled on windows, but was being listed
   anyway.
 - One unit test was checking for the wrong value.

Gisle Vanem found and fixed the latter 3 issues.
2012-04-26 18:36:25 -04:00
Nick Mathewson
f86bd1d5a4 Merge remote-tracking branch 'arma/bug5623' 2012-04-24 15:25:21 -04:00
Roger Dingledine
1cbde0bd50 peel off some unnecessary parens 2012-04-24 12:26:00 -04:00
Roger Dingledine
ae94e36a1d Merge remote-tracking branch 'nickm/bug2497' 2012-04-24 12:19:07 -04:00
Nick Mathewson
4314d1a15a Merge remote-tracking branch 'public/bug4572' 2012-04-24 11:38:51 -04:00
Arturo Filastò
e0e4b84757 Add a check_no_tls_errors() to read_to_buf_tls
Fixes bug #4528 "read_to_buf_tls(): Inconsistency in code".

This check was added back in 0.1.0.3-rc, but somehow we forgot to
leave it in when we refactored read_to_buf_tls in 0.1.0.5-rc.

(patch by Arturo; commit message and changes file by nickm)
2012-04-24 11:36:38 -04:00
Roger Dingledine
526beb7be6 be willing to use nodes in excludeexitnodes as directory mirrors
fixes bug 5623.
2012-04-24 11:26:05 -04:00
Nick Mathewson
461771ebbc Merge branch 'bug4438-v2' 2012-04-24 11:18:41 -04:00
Nick Mathewson
db81cdbb0f Tweak the bug4438 fix a little: different check, better log
Instead of checking for 'rejected' and calling everything else okay,
let's check for 'outdated' and call everythign else a problem.  This
way we don't risk missing future errors so much.

When logging a message that _looks_ like an error message at info, we
should mention that it isn't really a problem.
2012-04-24 11:17:36 -04:00
Nick Mathewson
6f5a74002a Merge remote-tracking branch 'public/bug5112' 2012-04-24 11:14:22 -04:00
Nick Mathewson
3e4ccbc4ba Merge remote-tracking branch 'public/bug5537' 2012-04-24 11:05:50 -04:00
Anthony G. Basile
cffc85bb0b Fix compile error against miniupnpc-1.6 when --enable-upnp
The bump from miniupnpc-1.5 to 1.6 changes the definition of
two functions used by tor-fw-helper-upnp.c, upnpDiscover() and
UPNP_AddPortMapping().  This patch addresses this and adds a
check in configure.in for backwards compatibility.

Thanks to Nickolay Kolchin-Semyonov for some hints.

X-Tor-Bug-URL: https://trac.torproject.org/projects/tor/ticket/5434
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=376621
Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
2012-04-24 10:56:39 -04:00
Roger Dingledine
bdd7e2878b bump to 0.2.3.14-alpha-dev 2012-04-23 03:34:04 -04:00
Roger Dingledine
987b5d08b2 bump to 0.2.3.14-alpha 2012-04-23 03:17:28 -04:00
Roger Dingledine
770433f194 update the torrc.sample timestamp, and clarify socksport 0 2012-04-23 03:10:40 -04:00
Roger Dingledine
6718b6e781 Merge remote-tracking branch 'nickm/bug5438' 2012-04-23 02:03:40 -04:00
Robert Ransom
627c37ad6a Don't reset intro-point creation rate-limiting timer
Previously, we would reset it at the drop of a hat -- every time a second
passes without any of the intro-point circs already launched for the
service failing.

Fixes bug 4607.
2012-04-20 17:23:31 -04:00
Nick Mathewson
5630b61f5c Merge remote-tracking branch 'public/bug5647_cleanup' 2012-04-20 11:28:57 -04:00
Nick Mathewson
2d24994d16 Merge remote-tracking branch 'asn-mytor/bug5601' 2012-04-19 17:53:19 -04:00
Nick Mathewson
f2384d5e2c Make base64_decode in rend_parse_client_keys more foolproof
In general, whenever we can, we should be doing
  base64_decode(buf, sizeof(buf), s, strlen(s)),
and not
  base_64_decode(buf, expr1, s, expr2)
where we hope that expr1 is a good name for the size of buf and expr2
is a good formula for the length of the base64 expression in s.
2012-04-19 17:13:47 -04:00
Nick Mathewson
bd7724a57e Merge remote-tracking branch 'origin/maint-0.2.2' 2012-04-19 17:08:09 -04:00
Nick Mathewson
074bf72a2c If DisableNetwork, don't even try to open non-controller listeners
Fix for 5604; bugfix on 0.2.3.9-alpha, which introduced DisableNetwork.
2012-04-18 23:32:02 -04:00
Nick Mathewson
f6afd4efa6 Fix a log-uninitialized-buffer bug.
Fix for 5647; bugfix on 0.2.1.5-alpha.
2012-04-18 23:02:09 -04:00
Nick Mathewson
e9dae1ff2e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rendservice.c

Conflicts were due to new NON_ANONYMOUS_MODE_ENABLED tor2web code; I
think I resolved them correctly.
2012-04-18 22:30:02 -04:00
George Kadianakis
2d276ab9d9 rend_service_introduce(): do protocol violation check before anything else.
(Cherry-picked from 6ba13e4 by nickm)
2012-04-18 22:26:06 -04:00
Nick Mathewson
4db5a1e151 Remove needless check for a buffer that could not be NULL.
Fixes coverity CID 508: coverity scan doesn't like checking a
variable for non-NULL after it has been definitely dereferenced.

This should take us back down to zero coverity issues.
2012-04-18 10:38:39 -04:00
Nick Mathewson
0b1ec16058 Don't fetch v2 networkstatuses from caches, even if auths are down
Fix for 5635; fix on 0.2.2.26-beta, where caches stopped fetching this
information.
2012-04-17 17:18:59 -04:00
Peter Palfrader
5d7fab9477 Document unit of bandwidth related options in sample torrc. 2012-04-13 16:33:36 -04:00
George Kadianakis
6d2898607b Fix issues found by nickm.
* Document fmt_addr_impl() and friends.
* Parenthesize macro arguments.
* Rename get_first_listener_addrport_for_pt() to
  get_first_listener_addrport_string().
* Handle port_cfg_t with no_listen.
* Handle failure of router_get_active_listener_port_by_type().
* Add an XXX to router_get_active_listener_port_by_type().
2012-04-12 22:42:37 +02:00
George Kadianakis
32267809b5 Trivially refactor validate_pluggable_transports_config().
* Remove the ugly if statement.
* constify 'bridge_info_t' in SMARTLIST_FOREACH_BEGIN.
2012-04-12 01:35:46 +02:00
George Kadianakis
9d9b5ed0c6 Improve the message of validate_pluggable_transports_config(). 2012-04-12 01:27:58 +02:00
Nick Mathewson
77e51224fa Obsolete GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
Closes ticket 4572.
2012-04-11 10:59:11 -04:00
Nick Mathewson
ab338e3bb8 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-04-11 10:06:49 -04:00
Nick Mathewson
86c4b750da Merge branch 'bug5593' into maint-0.2.2 2012-04-11 10:04:31 -04:00
Nick Mathewson
5465ac5ea3 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-04-11 09:26:37 -04:00
Karsten Loesing
b395b59353 Update to the April 2012 GeoIP database. 2012-04-11 14:15:49 +02:00
Nick Mathewson
dd3f4f1bdb Include a Host: header with any HTTP/1.1 proxy request
Bugfix on 0.2.2.1-alpha, which added the orginal HTTP proxy
authentication code.  Fix for bug 5593.
2012-04-10 12:00:20 -04:00
Sebastian Hahn
ed8374eb5a Simplify DH prime generation logic some.
This is just refactoring work here. The old logic was kind of
convoluted, especially after the bug 5572 fix. We don't actually need to
distinguish so many cases here. Dropping detection of the
"!old_options || !old_options->DynamicDHGroups" case is fine because
that's the same that we'd do for clients.

Also add a changes file for bug 5572.
2012-04-08 01:11:02 +02:00
Daniel 'koolfy' Faucon
ce5422ecd1 fix bug 5572 2012-04-07 23:56:52 +02:00
Nick Mathewson
15ac8c5711 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-04-04 21:05:42 -04:00
Nick Mathewson
439fc704f1 Wrap long line; strlen("ides")<strlen("turtles"). 2012-04-04 21:05:19 -04:00
Sebastian Hahn
b24487d106 ides has become turtles, and gotten a new IP address
As per ticket 5569
2012-04-05 01:53:04 +02:00
Nick Mathewson
b8e582255e Merge remote-tracking branch 'asn-mytor/bug5558_take2' 2012-04-03 12:06:07 -04:00
George Kadianakis
b80728a115 tor_vsscanf(): Don't return -1 if '%%' doesn't match.
tor_vsscanf() is supposed to return the current number of matches on
match failure.
2012-04-03 16:20:24 +02:00
Nick Mathewson
6a9e693fbe Suppress "decided to publish new descriptor" message when not a server
The message only means that we're publishing a new descriptor when we
are actually in some kind of server mode, and publication is on.

Fix for bug 3942; bugfix on 0.2.3.2-alpha.
2012-04-02 18:59:21 -04:00
Daniel 'koolfy' Faucon
116dcf6ca9 Make it clear that bridges should not be set in MyFamily 2012-04-02 18:16:13 -04:00
Roger Dingledine
c7cbd06d5f Merge branch 'maint-0.2.2'
Conflicts:
	src/or/config.c
2012-04-01 16:03:16 -04:00
Roger Dingledine
5fed1ccd90 put a _ before or_options_t elements that aren't configurable
it's fine with me if we change the current convention, but we should
actually decide to change it if we want to.
2012-04-01 15:59:38 -04:00
Nick Mathewson
341c6a59db Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c

Conflict was in or_options_free, where two newly added fields had free
calls in the same place.
2012-04-01 00:46:52 -04:00
Nick Mathewson
9a69c24150 Do not use strcmp() to compare an http authenticator to its expected value
This fixes a side-channel attack on the (fortunately unused!)
BridgePassword option for bridge authorities.  Fix for bug 5543;
bugfix on 0.2.0.14-alpha.
2012-04-01 00:42:04 -04:00
George Kadianakis
10232dc042 Pass OR address to PT proxy, even with IPv6 or ORListenAddress.
Introduce get_first_listener_addrport_for_pt() which returns a string
containing the addrport of the first listener we could find. Use it to
form the TOR_PT_ORPORT managed proxy protocol line.
2012-03-31 14:04:58 +02:00
George Kadianakis
fedf76a2e6 Introduce and use router_get_active_listener_port_by_type().
router_get_active_listener_port_by_type() iterates all connections,
trying to find a listener of a specific type, and returns its TCP
port.
2012-03-31 13:54:09 +02:00
George Kadianakis
da6e0993dc Generalize fmt_addr() to support IPv6 decorations. 2012-03-31 13:48:20 +02:00
Nick Mathewson
548f2e32cd Remove the deprecated FooListenAddress options from torrc.sample.in
Bug 5438.
2012-03-30 16:53:02 -04:00
Nick Mathewson
a74905cea4 We allow IPv6 connections, don't use sockaddr_in with getsockname
This fixes client_check_address_changed to work better with IPv6 Tor
clients, and prevents them from spewing errors. Fix for ticket 5537.
2012-03-30 16:43:52 -04:00
Nick Mathewson
cc35157805 Twiddle ROUTER_{MAX_COSMETIC_TIME_DIFFERENCE,MAX_AGE_TO_PUBLISH}
This is ticket 2479. Roger's original explanation was:

   We have a series of bugs where relays publish a descriptor within
   12 hours of their last descriptor, but the authorities drop it
   because it's not different "enough" from the last one and it's
   too close to the last one.

   The original goal of this idea was to a) reduce the number of new
   descriptors authorities accept (and thus have to store) and b)
   reduce the total number of descriptors that clients and mirrors
   fetch. It's a defense against bugs where relays publish a new
   descriptor every minute.

   Now that we're putting out one consensus per hour, we're doing
   better at the total damage that can be caused by 'b'.

   There are broader-scale design changes that would help here, and
   we've had a trac entry open for years about how relays should
   recognize that they're not in the consensus, or recognize when
   their publish failed, and republish sooner.

   In the mean time, I think we should change some of the parameters
   to make the problem less painful.
2012-03-30 15:38:16 -04:00