Commit Graph

12236 Commits

Author SHA1 Message Date
teor (Tim Wilson-Brown)
d5c70d7102 Restore and improve download schedule unit tests 2016-05-19 07:58:41 -04:00
teor (Tim Wilson-Brown)
ab0a7e2961 Remove consensus_max_download_tries by refactoring
No behaviour change

This function is used twice. The code is simpler if we split
it up and inline it where it is used.
2016-05-19 07:58:40 -04:00
teor (Tim Wilson-Brown)
84ab26c320 Stop downloading consensuses when a consensus has been downloaded
Previosuly, during bootstrap, we would continue to download
consensuses if we had a consensus, but didn't have the certificates
to validate it.
2016-05-19 07:58:40 -04:00
Nick Mathewson
2729f166cb whitespace fixes 2016-05-17 20:08:03 -04:00
Nick Mathewson
ab932cd7bf Remove duplicate siging_key_cert fields.
With the fix for #17150, I added a duplicate certificate here.  Here
I remove the original location in 0.2.8.  (I wouldn't want to do
that in 027, due to the amount of authority-voting-related code
drift.)

Closes 19073.
2016-05-17 20:04:16 -04:00
Nick Mathewson
a7f6e434be Merge branch 'maint-0.2.8' 2016-05-17 19:48:49 -04:00
Nick Mathewson
3f49474349 Merge branch 'bug17150_027_extra' into maint-0.2.8 2016-05-17 19:47:22 -04:00
Nick Mathewson
00f74e0372 Improve API of routerinfo_incompatible_with_extrainfo()
This API change makes it so that routerinfo_incompatible...() no
longer takes a routerinfo_t, so that it's obvious that it should
only look at fields from the signed_descriptor_t.

This change should prevent a recurrence of #17150.
2016-05-17 13:24:01 -04:00
Nick Mathewson
49ff09aef2 Fix another, more subtle, case of bug 17150.
We need to make sure that the corresponding sd and ei match in their
certificates.
2016-05-17 13:16:36 -04:00
Nick Mathewson
8acfac7375 Copy the signing_key_cert field into signed_descriptor_t
We need this field to be in signed_descriptor_t so that
routerinfo_incompatible_with_extrainfo can work correctly (#17150).
But I don't want to move it completely in this patch, since a great
deal of the code that messes with it has been in flux since 0.2.7,
when this ticket was opened.  I should open another ticket about
removing the field from routerinfo_t and extrainfo_t later on.

This patch fixes no actual behavior.
2016-05-17 13:14:04 -04:00
Nick Mathewson
64748f2f98 Fix documentation for routerinfo_incompatible_with_extrainfo 2016-05-17 13:08:34 -04:00
Nick Mathewson
7d1eb0d570 When making sure digest256 matches in ei, look at sd, not ri.
The routerinfo we pass to routerinfo_incompatible_with_extrainfo is
the latest routerinfo for the relay.  The signed_descriptor_t, on
the other hand, is the signed_descriptor_t that corresponds to the
extrainfo.  That means we should be checking the digest256 match
with that signed_descriptor_t, not with the routerinfo.

Fixes bug 17150 (and 19017); bugfix on 0.2.7.2-alpha.
2016-05-17 12:57:03 -04:00
Nick Mathewson
44da47d3c1 Move extra_info_digest256 into signed_descriptor_t
This patch includes no semantic changes; it's just a field movement.

It's prerequisite for a fix to 19017/17150.
2016-05-17 12:53:12 -04:00
Nick Mathewson
36909674b4 Merge remote-tracking branch 'teor/bug18963-remember-v2' 2016-05-17 12:15:53 -04:00
Nick Mathewson
6382cd93cb Merge branch 'maint-0.2.8' 2016-05-17 11:10:20 -04:00
Nick Mathewson
548d14247e Merge remote-tracking branch 'arma/bug18616-v4' into maint-0.2.8 2016-05-17 10:48:12 -04:00
Roger Dingledine
06031b441e touchups and refactorings on bug 18616 branch
no behavior changes
2016-05-16 17:43:47 -04:00
David Goulet
50ff24e276 dirauth: don't use hardcoded length when parsing digests
When parsing detached signature, we make sure that we use the length of the
digest algorithm instead of an hardcoded DIGEST256_LEN in order to avoid
comparing bytes out of bound with a smaller digest length such as SHA1.

Fixes #19066

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-05-16 11:18:51 -04:00
Nick Mathewson
607a9056d4 Merge branch 'ftrapv_v3'
There were some conflicts here, and some breakage to fix concerning
library link order in newer targets.
2016-05-12 13:00:45 -04:00
Nick Mathewson
e40cfc4425 Move the ctime part of choose_array_element_by_weight into di_ops
This way it gets the ctime options.
2016-05-12 11:21:28 -04:00
Nick Mathewson
20432fc541 Refactor out u64_dbl_t
This type saved a tiny amount of allocation, but not enough to be
worth keeping.

(This is in preparation for moving choose_array_element_by_weight)
2016-05-12 11:21:28 -04:00
Nick Mathewson
ce854a8d22 Add -ftrapv to gcc-hardening ... mostly!
We know there are overflows in curve25519-donna-c32, so we'll have
to have that one be fwrapv.

Only apply the asan, ubsan, and trapv options to the code that does
not need to run in constant time.  Those options introduce branches
to the code they instrument.

(These introduced branches should never actually be taken, so it
might _still_ be constant time after all, but branch predictors are
complicated enough that I'm not really confident here. Let's aim for
safety.)

Closes 17983.
2016-05-12 11:21:28 -04:00
Nick Mathewson
58e0e587a6 Merge branch 'maint-0.2.8' 2016-05-12 11:09:40 -04:00
Nick Mathewson
ce6f2d1c4d Merge remote-tracking branch 'arma/bug19003-try2' into maint-0.2.8 2016-05-12 11:09:33 -04:00
Roger Dingledine
5a83122961 Authorities now sort the "package" lines in their votes
(They are already sorted in the consensus documents)

Fixes bug 18840; bugfix on 0.2.6.3-alpha.
2016-05-11 19:04:13 -04:00
Roger Dingledine
694f1fe808 write v3-status-votes file earlier in consensus voting
Make directory authorities write the v3-status-votes file out
to disk earlier in the consensus process, so we have the votes
even if we abort the consensus process later on.

Resolves ticket 19036.
2016-05-11 17:34:38 -04:00
Nick Mathewson
e3a4511049 Merge remote-tracking branch 'public/bug18815' 2016-05-11 14:12:39 -04:00
Roger Dingledine
ad8b9dcd47 Merge branch 'maint-0.2.8' 2016-05-11 13:43:06 -04:00
Roger Dingledine
163cee1b64 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-11 13:42:40 -04:00
Roger Dingledine
d40e8695f4 unbreak the build (when warnings are enabled) 2016-05-11 13:42:00 -04:00
Nick Mathewson
60e9e48448 Merge branch 'ticket16698_v2' 2016-05-11 13:39:38 -04:00
Nick Mathewson
03ae44a9e8 Fix comment for directory_handle_command_get 2016-05-11 13:39:11 -04:00
teor (Tim Wilson-Brown)
cdb528d841
Fetch certificates from the same directory as previous certificates
Improves the fix to #18963.
2016-05-11 13:30:30 -04:00
teor (Tim Wilson-Brown)
730cfeb6bd
Fetch certificates from the same directory as the consensus
Resolves ticket 18963; fix on #4483 in 0.2.8.1-alpha.
2016-05-11 13:30:08 -04:00
Nick Mathewson
3c6f059e6a Merge remote-tracking branch 'arma/feature18760' 2016-05-11 13:22:31 -04:00
Nick Mathewson
e9e6a1f547 Merge branch 'maint-0.2.8' 2016-05-11 13:20:57 -04:00
Nick Mathewson
8d962233f6 Merge remote-tracking branch 'teor/bug18816_simplify' into maint-0.2.8 2016-05-11 13:20:51 -04:00
Nick Mathewson
022d32252a Merge branch 'maint-0.2.8' 2016-05-11 13:17:02 -04:00
Nick Mathewson
24fbb9a81b Merge branch 'maint-0.2.7' into maint-0.2.8 2016-05-11 13:15:17 -04:00
John Brooks
bf3e32a452 Fix out-of-bounds write during voting with duplicate ed25519 keys
In dirserv_compute_performance_thresholds, we allocate arrays based
on the length of 'routers', a list of routerinfo_t, but loop over
the nodelist. The 'routers' list may be shorter when relays were
filtered by routers_make_ed_keys_unique, leading to an out-of-bounds
write on directory authorities.

This bug was originally introduced in 26e89742, but it doesn't look
possible to trigger until routers_make_ed_keys_unique was introduced
in 13a31e72.

Fixes bug 19032; bugfix on tor 0.2.8.2-alpha.
2016-05-11 13:11:03 -04:00
teor (Tim Wilson-Brown)
797ece042d
Confim we want certificates from fallbacks
Comment-only change
2016-05-11 13:08:45 -04:00
teor (Tim Wilson-Brown)
2cbad2aac7
Revert "Switch between fallback and authority when auth cert fetch fails"
This reverts commit 92d7ee08b8.
2016-05-11 13:06:13 -04:00
Roger Dingledine
b8b5bccfd9 refactor the #19003 patches
fix the logic in one of the comments
2016-05-11 13:03:49 -04:00
Nick Mathewson
71267bef4c Merge branch 'maint-0.2.8' 2016-05-11 12:36:55 -04:00
Nick Mathewson
28e1aa1118 Merge branch 'bug18761_028_squashed' into maint-0.2.8 2016-05-11 12:36:27 -04:00
Nick Mathewson
b59d79134e Log find_rp_for_intro_() failures at LOG_PROTOCOL_WARN.
Closes ticket 18761.

Also fix a whitespace issue.
2016-05-11 12:36:19 -04:00
Nick Mathewson
79f9e63ebf Merge branch 'maint-0.2.8' 2016-05-11 12:30:18 -04:00
Nick Mathewson
50d777dcf4 Split directory_handle_command_get into subfunctions.
This was one of our longest functions, at 600 lines.  It makes a nice
table-driven URL-based function instead.

The code is a bit ugly, it leave the indentation as it is in hopes of
making pending directory.c changes easier to merge.  Later we can
clean up the indentation.

Also, remove unused mallinfo export code from directory.c

Closes ticket 16698
2016-05-10 14:19:03 -04:00
teor (Tim Wilson-Brown)
92d7ee08b8
Switch between fallback and authority when auth cert fetch fails 2016-05-10 11:25:55 -04:00
teor (Tim Wilson-Brown)
64b948f5fa
Use the consensus download schedule for authority certificates
Previously, we were using the generic schedule for some downloads,
and the consensus schedule for others.

Resolves ticket 18816; fix on fddb814fe in 0.2.4.13-alpha.
2016-05-10 11:25:50 -04:00
Roger Dingledine
53aaed81dd get rid of another no-longer-used function 2016-05-10 11:16:30 -04:00
Roger Dingledine
be0e1e9e2f Stop being so strict about the payload length of "rendezvous1" cells
We used to be locked in to the "tap" handshake length, and now we can
handle better handshakes like "ntor".

Resolves ticket 18998.

I checked that relay_send_command_from_edge() behaves fine when you
hand it a payload with length 0. Clients behave fine too, since current
clients remain strict about the required length in the rendezvous2 cells.
(Clients will want to become less strict once they have an alternate
format that they're willing to receive.)
2016-05-09 20:34:27 -04:00
Roger Dingledine
aa6341d4b9 stop looping once we know what the answer will be
suggested during code review by dgoulet
2016-05-09 14:42:42 -04:00
Roger Dingledine
1f72653544 fix a bug where relays would use the aggressive client bootstrapping retry number 2016-05-09 14:42:32 -04:00
Roger Dingledine
d5a96286c2 simplify more -- we only call these funcs when bootstrapping 2016-05-09 14:42:21 -04:00
Roger Dingledine
c98fbd4169 remove some more unused code 2016-05-09 14:42:09 -04:00
Roger Dingledine
bcae392e0e avoid another redundant check
we should avoid launching a consensus fetch if we don't want one,
but if we do end up with an extra one, we should let the other checks
take care of it.
2016-05-09 14:41:54 -04:00
Nick Mathewson
33d3572a1d Merge branch 'feature15588_squashed' 2016-05-09 14:41:36 -04:00
Roger Dingledine
e230e80ab3 get rid of the scattered checks to cancel a consensus fetch
We'll back off from the request in connection_ap_handshake_attach_circuit,
or cancel it in connection_dir_close_consensus_fetches, and those are the
only places we need to check.
2016-05-09 14:41:32 -04:00
Roger Dingledine
a7665df2f8 close other consensus fetches when we get a consensus
not once per second, and only do it when a consensus arrives
2016-05-09 14:41:14 -04:00
Roger Dingledine
59da060f10 use the new function here too 2016-05-09 14:40:54 -04:00
Roger Dingledine
91c58013be avoid following through on a consensus fetch if we have one already arriving 2016-05-09 14:40:42 -04:00
Roger Dingledine
ce8266d52d fix typos/etc before i go nuts on #18809 2016-05-09 14:40:21 -04:00
John Brooks
162aa14eef Move rend client name checks to one function 2016-05-09 14:30:34 -04:00
teor (Tim Wilson-Brown)
c2817774c2
Allow directories in small networks to bootstrap
Skip DirPort checks when the consensus has no exits.

Resolves #19003, bugfix on #18050 in 0.2.8.1-alpha.
2016-05-09 14:29:07 -04:00
John Brooks
dcc11674db Add client auth for ADD_ONION services 2016-05-09 14:28:58 -04:00
John Brooks
d15354c73b Add client auth to rend_service_add_ephemeral 2016-05-09 14:28:08 -04:00
John Brooks
d5a23ce115 Move rend auth cookie en-/decoding to a function
Tor stores client authorization cookies in two slightly different forms.
The service's client_keys file has the standard base64-encoded cookie,
including two chars of padding. The hostname file and the client remove
the two padding chars, and store an auth type flag in the unused bits.

The distinction makes no sense. Refactor all decoding to use the same
function, which will accept either form, and use a helper function for
encoding the truncated format.
2016-05-09 14:28:08 -04:00
teor (Tim Wilson-Brown)
0c41ae1832
Add a comment to have_enough_path_info()
Comment only change
2016-05-09 14:26:13 -04:00
John Brooks
e7ff23beea Make rend_authorized_client_free public
This is needed by control.c.

Also, check whether client_name is set before doing memwipe.
2016-05-09 13:53:24 -04:00
John Brooks
896271d525 Use uint8_t for rend descriptor_cookie fields 2016-05-09 13:53:09 -04:00
Nick Mathewson
641cdc345c Merge branch 'maint-0.2.8' 2016-05-05 08:25:27 -04:00
teor (Tim Wilson-Brown)
03fc4cf04c Refactor router_pick_directory_server_impl to use node functions
No behavioural change

This makes the use of the node explicit in the function, rather
than hiding the node lookup in fascist_firewall_allows_rs.
2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
225448ad34 Comment-only change to clarify routerstatus_t IPv4 byte order 2016-05-05 08:24:17 -04:00
teor (Tim Wilson-Brown)
7ec273bd4a Rename skip_or and skip_dir to avoid confusion
Variable rename only
2016-05-05 08:24:17 -04:00
Nick Mathewson
68d913c49c Merge branch 'feature18483-028-v2-squashed' into maint-0.2.8 2016-05-05 08:16:36 -04:00
teor (Tim Wilson-Brown)
9aa280cc0c Only choose directory DirPorts on relays 2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
88deb52d55 Make clients only select directories with reachable ORPorts
This makes sure clients will only select relays which support
begindir over ORPort.
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
833b5f71a7 Make clients always use begindir for directory requests
This improves client anonymity and avoids directory header tampering.
The extra load on the authorities should be offset by the fallback
directories feature.

This also simplifies the fixes to #18809.
2016-05-05 08:16:28 -04:00
teor (Tim Wilson-Brown)
2e5b35db81
Make directory node selection more reliable
Delete an unnecessary check for non-preferred IP versions.

Allows clients which can't reach any directories of their
preferred IP address version to get directory documents.

Patch on #17840 in 0.2.8.1-alpha.
2016-05-05 11:54:53 +10:00
Nick Mathewson
2da2718609 Merge branch 'maint-0.2.8' 2016-05-04 15:23:38 -04:00
Nick Mathewson
01e7f42a09 Merge branch 'bug18921_squashed' into maint-0.2.8 2016-05-04 15:23:26 -04:00
teor (Tim Wilson-Brown)
0cf90bac2a Choose the correct address for one-hop connections
After #17840 in 0.2.8.1-alpha, we incorrectly chose an IPv4
address for all DIRIND_ONEHOP directory connections,
even if the routerstatus didn't have an IPv4 address.

This likely affected bridge clients with IPv6 bridges.

Resolves #18921.
2016-05-04 15:23:14 -04:00
Nick Mathewson
e24c902272 Merge branch 'maint-0.2.8' 2016-05-04 14:47:13 -04:00
Nick Mathewson
31332a878d Merge branch 'bug18710_025' into maint-0.2.8 2016-05-04 14:47:04 -04:00
Scott Dial
0ca3f495c6 Fix dnsserv.c assertion when no supported questions are requested.
The problem is that "q" is always set on the first iteration even
if the question is not a supported question. This set of "q" is
not necessary, and will be handled after exiting the loop if there
if a supported q->type was found.

    [Changes file by nickm]

lease enter the commit message for your changes. Lines starting
2016-05-04 14:45:09 -04:00
Nick Mathewson
8340becd39 Merge branch 'maint-0.2.8' 2016-05-02 14:02:15 -04:00
s0rlxmh0
054d939853 (cherry-picked by nickm, with changes file from isis.) 2016-05-02 14:01:36 -04:00
Nick Mathewson
b2083cba9e Merge remote-tracking branch 'dgoulet/bug13239_029_01' 2016-05-02 13:55:00 -04:00
teor (Tim Wilson-Brown)
b6ba6afa37 Refactor DirPort & begindir descriptor checks
No actual behaviour changes
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
211e56ad87 Remove redundant descriptor checks for OR/Dir reachability
The ORPort and DirPort must be reachable, or we won't publish a
descriptor.
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
b51316c0e7 Refactor common code out of reachability checks
No actual changes in behavior
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
d3c60f2bd7 Avoid checking ORPort reachability when the network is disabled
This is consistent with existing DirPort reachability checks.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
75dd2a285b Descriptors depend on more config options now they list begindir support
Bugfix on #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
692828bea5 Decide to advertise begindir support like we decide to advertise DirPort
Decide to advertise begindir support in a similar way to how
we decide to advertise DirPort.

Fix up the associated descriptor-building unit tests.

Resolves #18616, bugfix on 0c8e042c30 in #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
Nick Mathewson
fb9c9e04f0 Merge branch 'maint-0.2.8' 2016-04-26 19:27:39 -04:00
teor (Tim Wilson-Brown)
1fd4340f82 April 2016 fallbacks for 0.2.8-rc 2016-04-26 19:26:22 -04:00
Nick Mathewson
4a44e2d6f1 Merge remote-tracking branch 'yawning-schwanenleid/feature18685' 2016-04-26 13:39:50 -04:00
Nick Mathewson
bff53aabce Remove redundant declarations of MIN
Apparently somewhere along the line we decided that MIN might be
missing.

But we already defined it (if it was missing) in compat.h, which
everybody includes.

Closes ticket 18889.
2016-04-25 15:28:58 -04:00
David Goulet
1e553b6c68 Increase number of preemptive internal circuits
When we connect to a hidden service as a client we may need three internal
circuits, one for the descriptor retrieval, introduction, and rendezvous.
Let's try to make sure we have them. Closes #13239.

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-19 14:24:20 -04:00
Nick Mathewson
4f37919fa1 Change UseOptimisticData default to 1.
This lets us use optimistic data for downloading our initial
consensus.

Closes ticket 18815.
2016-04-18 13:55:23 -04:00
Nick Mathewson
12e26a6e76 Disambiguate: Avoid defining two static functions called chunk_free_unchecked 2016-04-15 12:20:14 -04:00
Nick Mathewson
0e354ad459 Merge branch 'assert_nonfatal_squashed' 2016-04-14 16:25:21 -04:00
Nick Mathewson
532820b11c Add a BUG macro for usage in if checks. 2016-04-14 16:25:06 -04:00
Nick Mathewson
a885271c08 Add new tor_assert_nonfatal*() macros.
Unlike tor_assert(), these macros don't abort the process.  They're
good for checking conditions we want to warn about, but which don't
warrant a full crash.

This commit also changes the default implementation for
tor_fragile_assert() to tor_assert_nonfatal_unreached_once().

Closes ticket 18613.
2016-04-14 16:24:28 -04:00
Roger Dingledine
525307c0ea fix typos/etc before i go nuts on #18809 2016-04-13 00:06:30 -04:00
Roger Dingledine
0aacc07036 encourage rejected relays to contact us
When the directory authorities refuse a bad relay's descriptor,
encourage the relay operator to contact us. Many relay operators
won't notice this line in their logs, but it's a win if even a
few learn why we don't like what their relay was doing.

Resolves ticket 18760.

I didn't specify a contact mechanism (e.g. an email address), because
every time we've done that in the past, a few years later we noticed
that the code was pointing people to an obsolete contact address.
2016-04-12 19:54:04 -04:00
Nick Mathewson
eafcd7b0fc Merge branch 'maint-0.2.8' 2016-04-12 13:02:37 -04:00
Nick Mathewson
591029253f Merge branch 'bug14334_squashed' 2016-04-07 10:59:55 -04:00
George Kadianakis
d5acb633ae Don't mark guards as unreachable if connection_connect() fails. 2016-04-07 10:59:46 -04:00
David Goulet
40827da3bf Turn TestingClientBootstrap* into non-testing options
This changes simply renames them by removing "Testing" in front of them and
they do not require TestingTorNetwork to be enabled anymore.

Fixes #18481

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-04-07 10:57:59 -04:00
Nick Mathewson
7532cd439b When we get a bad nickname, explain what a good one is.
Closes #18300; patch from "icanhasaccount".
2016-04-07 10:54:53 -04:00
Nick Mathewson
20d39e86af Merge branch 'maint-0.2.8' 2016-04-05 23:18:48 -04:00
Roger Dingledine
d037369e56 quiet debug logs from periodic_event_dispatch()
Stop blasting twelve lines per second from periodic_event_dispatch()
at loglevel debug.

Resolves ticket 18729; fix on 0.2.8.1-alpha.
2016-04-05 23:13:55 -04:00
teor (Tim Wilson-Brown)
5d2b1c784b Clarify comments on connection_t's address fields 2016-04-05 13:45:09 +10:00
Nick Mathewson
705d3b221e Merge branch 'incoming_queue_symbol_fix' 2016-04-01 14:16:49 -04:00
Nick Mathewson
4b3e6c4d43 Merge branch 'maint-0.2.8' 2016-04-01 08:18:03 -04:00
Nick Mathewson
fdb57db581 Merge branch 'bug18133_027' into maint-0.2.8 2016-04-01 08:17:56 -04:00
Nick Mathewson
4093f343ca fix indentation 2016-04-01 08:16:21 -04:00
Nick Mathewson
9e57ffa520 Merge branch 'maint-0.2.8' 2016-04-01 08:15:05 -04:00
Nick Mathewson
e247093e0e Merge remote-tracking branch 'karsten/task-18460-2' into maint-0.2.8 2016-04-01 08:10:58 -04:00
Yawning Angel
a19f4192da Issue a STATUS_SERVER event on meaningful hibernation state changes.
Implements feature #18685.
2016-03-30 20:19:11 +00:00
Nick Mathewson
beba70ec77 Don't declare "incoming_queue" in every file including channel.h
Found with my wacky symbol-usage-enforcer.
2016-03-29 13:55:14 -04:00
Andrea Shepard
0b45cab147 Merge branch 'bug18570_027' into maint-0.2.7 2016-03-29 15:01:36 +00:00
Roger Dingledine
1103d82492 fix typo in comment 2016-03-29 10:56:26 -04:00
Andrea Shepard
1218d731d1 Merge branch 'bug16248_027' into maint-0.2.7 2016-03-29 14:33:45 +00:00
Nick Mathewson
4e76b206b5 Merge remote-tracking branch 'arma/feature18624' 2016-03-29 08:06:21 -04:00
Nick Mathewson
90c24c0ced Merge branch 'maint-0.2.8' 2016-03-28 20:09:22 -04:00
Nick Mathewson
ba87f5bb25 Fix my dumb unreleased bug in 18673 2016-03-28 20:09:09 -04:00
Nick Mathewson
055a7a198a Rename tor_dup_addr to tor_addr_to_str_dup.
Patch from icanhasaccount; closes 18462.
2016-03-28 16:36:51 -04:00
Nick Mathewson
addd181721 Fix memory leak in TestingEnableCellStatsEvent
Only when we were actually flushing the cell stats to a controller
would we free them.  Thus, they could stay in RAM even after the
circuit was freed (eg if we didn't have any controllers).

Fixes bug 18673; bugfix on 0.2.5.1-alpha.
2016-03-28 11:12:15 -04:00
Nick Mathewson
68e663f777 Fix memory leaks that stopped chutney working with asan 2016-03-28 10:24:28 -04:00
Nick Mathewson
9604a5ba91 Fix memory-counting error in rephist.c. Bug 18651. (Now with actual patch) 2016-03-28 07:40:20 -04:00
Nick Mathewson
4895d8288c Do not treat "DOCDOC" as doxygen. 2016-03-26 10:11:45 -04:00
Nick Mathewson
c0568a89d9 Whitespace fixes 2016-03-26 09:54:31 -04:00
Nick Mathewson
dd572dac34 Fix all doxygen warnings (other than missing docs) 2016-03-26 09:53:12 -04:00
teor (Tim Wilson-Brown)
6057fb2f5b Clarify excess consensus connection cleanup by adding comments
Comment-only change
2016-03-26 08:16:33 -04:00
Karsten Loesing
b79d8590c9 Include IPv6 consensus downloads in dirreq stats.
Fixes #18460.
2016-03-25 20:56:29 +01:00
Roger Dingledine
8251fe5150 use a clearer argument for connection_ap_make_link()
that function calls it argument "want_onehop", so it makes more
sense to pass that boolean into it.
2016-03-24 19:57:39 -04:00
Roger Dingledine
98abd49f6f remove the extraneous dir_port variable
we already are using "port" to describe the place we're going to
ask to connect to.
2016-03-24 19:14:32 -04:00
Roger Dingledine
fbd79f38c2 remove a redundant check about whether dirport is 0 2016-03-24 19:14:31 -04:00
Roger Dingledine
f590a303db revert the or_connection and dir_connection flags
They incorrectly summarized what the function was planning to do,
leading to wrong behavior like making an http request to an orport,
or making a begindir request to a dirport.

This change backs out some of the changes made in commit e72cbf7a, and
most of the changes made in commit ba6509e9.

This patch resolves bug 18625. There more changes I want to make
after this one, for code clarity.
2016-03-24 19:14:21 -04:00
Roger Dingledine
c4208ef65f dir auths only give Guard if they're giving Stable
This change allows us to simplify path selection for clients, and it
should have minimal effect in practice since >99% of Guards already have
the Stable flag. Implements ticket 18624.
2016-03-24 15:00:01 -04:00
David Goulet
ba6509e9e1 Fix broken directory request to the DirPort
Commit e72cbf7a4 introduced a change to directory_initiate_command_rend()
that made tor use the ORPort when making a directory request to the DirPort.
The primary consequence was that a relay couldn't selftest its DirPort thus
failing to work and join the network properly.

The main issue was we were always considering an anonymized connection to be
an OR connection which is not true.

Fixes #18623

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-03-24 13:57:53 -04:00
Nick Mathewson
424af93ded Merge branch 'bug18517_squashed' 2016-03-24 10:14:05 -04:00
teor (Tim Wilson-Brown)
f2153f9716 Always allow OR connections to bridges on private addresses
Regardless of the setting of ExtendAllowPrivateAddresses.

This fixes a bug with pluggable transports that ignore the
(potentially private) address in their bridge line.

Fixes bug 18517; bugfix on 23b088907f in tor-0.2.8.1-alpha.
2016-03-24 10:13:58 -04:00
Nick Mathewson
54559e5845 Merge remote-tracking branch 'teor/bug18351' 2016-03-24 09:33:58 -04:00
Nick Mathewson
ea9472d085 Merge remote-tracking branch 'teor/bug18489' 2016-03-24 09:01:28 -04:00
teor (Tim Wilson-Brown)
b1569e39c8 Check if fallbacks support extrainfo descriptors before requesting them
When requesting extrainfo descriptors from a trusted directory
server, check whether it is an authority or a fallback directory
which supports extrainfo descriptors.

Fixes bug 18489; bugfix on 90f6071d8d in tor-0.2.4.7-alpha.

Reported by "atagar", patch by "teor".
2016-03-24 22:03:58 +11:00
teor (Tim Wilson-Brown)
eb5a262a15 Code indentation whitespace-only fix 2016-03-24 21:56:37 +11:00
teor (Tim Wilson-Brown)
355f78364a Clarify ReachableAddress log messages
Make it clearer that they are about outgoing connection attempts.
Specify the options involved where they were missing from one log
message.
Clarify a comment.
2016-03-24 20:59:49 +11:00
teor (Tim Wilson-Brown)
f2a344e397 Downgrade IP version warnings to avoid filling logs
Downgrade logs and backtraces about IP versions to
info-level. Only log backtraces once each time tor runs.

Assists in diagnosing bug 18351; bugfix on c3cc8e16e in
tor-0.2.8.1-alpha.

Reported by "sysrqb" and "Christian", patch by "teor".
2016-03-24 10:39:23 +11:00
Nick Mathewson
ca8423a703 Merge remote-tracking branch 'public/bug18253' 2016-03-22 10:08:50 -04:00
Roger Dingledine
580e549f75 remove extraneous breaks
commit edeba3d4 removed a switch, but left the "break" lines in
from that switch. fortunately the resulting behavior was not wrong,
since there was an outer switch that it was ok to break from.
2016-03-21 17:11:18 -04:00
Roger Dingledine
4861e24552 fix indentation after #18332 patches
no actual changes here -- but the new indenting makes it clear
that the fixes in #18332 were not as good as they should have been.
the next commit will deal with that.
2016-03-21 17:08:02 -04:00
Nick Mathewson
6a91cab79c Merge branch 'maint-0.2.7' 2016-03-21 13:26:04 -04:00
Nick Mathewson
2f2fba8a91 Use nth consistently in dircollate.h.
Documentation-only patch. Issue 17668.T6.
2016-03-21 13:24:09 -04:00
Nick Mathewson
b24f15a9a1 In routers_make_ed_keys_unique, break ties for published_on
This ensures that if we can't use published_on to decide an ed,rsa
mapping, we at least decide deterministically.

Resolves 17668.T3
2016-03-21 13:24:09 -04:00
Nick Mathewson
beef6ed451 Assert that dircollator is collated when we're reading its output.
Fix for 17668.S2.
2016-03-21 13:24:09 -04:00
Nick Mathewson
48f8229504 After we strip out duplicate entries from 'routers', don't use 'rl'.
We've got to make sure that every single subsequent calculation in
dirserv_generate_networkstatus_vote_obj() are based on the list of
routerinfo_t *after* we've removed possible duplicates, not before.
Fortunately, none of the functions that were taking a routerlist_t
as an argument were actually using any fields other than this list
of routers.

Resolves issue 18318.DG3.
2016-03-21 13:24:09 -04:00
Nick Mathewson
fa07c60c67 Fix another case of 17668: Add NoEdConsensus
I had a half-built mechanism to track, during the voting process,
whether the Ed25519 value (or lack thereof) reflected a true
consensus among the authorities.  But we never actually inserted this
field in the consensus.

The key idea here is that we first attempt to match up votes by pairs
of <Ed,RSA>, where <Ed> can be NULL if we're told that there is no
Ed key.  If this succeeds, then we can treat all those votes as 'a
consensus for Ed'.  And we can include all other votes with a
matching RSA key and no statement about Ed keys as being "also about
the same relay."

After that, we look for RSA keys we haven't actually found an entry
for yet, and see if there are enough votes for them, NOT considering
Ed keys.  If there are, we match them as before, but we treat them
as "not a consensus about ed".

When we include an entry in a consensus, if it does not reflect a
consensus about ed keys, then we include a new NoEdConsensus flag on
it.

This is all only for consensus method 22 or later.

Also see corresponding dir-spec patch.
2016-03-21 13:24:09 -04:00
Nick Mathewson
60ca3f358f Document has_ed25519_listing 2016-03-21 13:23:32 -04:00
Nick Mathewson
13a31e72db Never vote for an ed key twice.
When generating a vote, and we have two routerinfos with the same ed
key, omit the one published earlier.

This was supposed to have been solved by key pinning, but when I
made key pinning optional, I didn't realize that this would jump up
and bite us.  It is part of bug 18318, and the root cause of 17668.
2016-03-21 13:23:32 -04:00
Nick Mathewson
c20e34e189 Fix log message subjects in networkstatus_parse_vote_from_string()
Some of these messages called the thing being parsed a "vote" whether
it is a vote or a consensus.

Fixes bug 18368.
2016-03-21 13:23:32 -04:00
Nick Mathewson
6182e34628 Document dircollate.c (and remove an unused global) 2016-03-21 13:23:32 -04:00
Nick Mathewson
233180a9ab Merge remote-tracking branch 'public/bug18548' 2016-03-21 12:36:41 -04:00
Nick Mathewson
005a20ec85 Log a better message when OfflineMasterKey is set.
Fixes bug 18133; bugfix on 0.2.7.2-alpha.
2016-03-21 11:57:23 -04:00
Nick Mathewson
ddd30f966a Merge remote-tracking branch 'arma/ticket18332-try3' 2016-03-21 10:41:23 -04:00
Nick Mathewson
13eb120bea Merge remote-tracking branch 'special/bug18600' 2016-03-21 10:32:39 -04:00
Nick Mathewson
cb3f9bc2d4 Merge branch 'bug18570_027' 2016-03-21 10:20:16 -04:00
Andrea Shepard
bd87d37a86 Make sure channel_t queues its own copy of incoming cells 2016-03-21 10:14:47 -04:00
John Brooks
2c057c2833 Scrub service name in introduction circuit warning
Fixes bug 18600.
2016-03-21 19:23:28 +07:00
Roger Dingledine
e28448a23e Bridges now refuse "rendezvous2" publish attempts
Suggested during review of ticket 18332.
2016-03-16 16:46:14 -04:00
Nick Mathewson
368825ff45 Sandbox: Don't preseed getaddrinfo(gethostname()) in client mode.
If we're a server with no address configured, resolve_my_hostname
will need this.  But not otherwise.  And the preseeding itself can
consume a few seconds if like tails we have no resolvers.

Fixes bug 18548.
2016-03-15 11:19:59 -04:00
Nick Mathewson
b48f8a8114 Fix whitespace. 2016-03-15 09:21:29 -04:00
Nick Mathewson
c9899ee640 Merge remote-tracking branch 'weasel/bug18458' 2016-03-15 09:18:24 -04:00
Peter Palfrader
d8626d34e5 Fix log message: say RelaxDirModeCheck instead of StrictDirModes 2016-03-14 20:27:53 +01:00
Nick Mathewson
dd7c999617 Make unix sockets work with the linux seccomp2 sandbox again
I didn't want to grant blanket permissions for chmod() and chown(),
so here's what I had to do:
   * Grant open() on all parent directories of a unix socket
   * Write code to allow chmod() and chown() on a given file only.
   * Grant chmod() and chown() on the unix socket.
2016-03-14 14:07:02 -04:00
Nick Mathewson
0cdeac77e0 Don't chmod/chown unix sockets if their permissions are already ok
This is a part of a fix for 18253; bugfix on 0.2.8.1-alpha.

Alternatively, we could permit chmod/chown in the sandbox, but I
really don't like giving the sandbox permission to alter
permissions.
2016-03-14 13:40:44 -04:00
Nick Mathewson
a64be7eaa9 Merge remote-tracking branch 'public/bug16248_027' 2016-03-14 12:53:57 -04:00
Nick Mathewson
307b863556 Add comments to connection_check_event(). 2016-03-14 12:53:21 -04:00
David Goulet
d8b93b31a0 hs: Do not close desc fetch conn. if we can't pick an HSDir
Launching 7 descriptor fetches makes a connection to each HSDir that is 6
and the seventh one fails to pick an HSDir because they are all being used
already so it was killing all pending connections at once.

Fixes #15937

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-03-14 11:00:46 -04:00
Nick Mathewson
a86f78a9f2 Merge remote-tracking branch 'teor/bug17153' 2016-03-11 11:23:58 -05:00
Nick Mathewson
fe0d346a6d Merge remote-tracking branch 'teor/bug8976_01_028' 2016-03-11 11:11:38 -05:00
Nick Mathewson
91d7cf50c6 Change behavior on missing/present event to warn instead of asserting.
Add a changes file.
2016-03-11 10:50:36 -05:00
Roger Dingledine
edeba3d472 simplify rend_cache_store_status_t back to a boolean
it used to be a tri-state, but now it's just a bi-state, so we can
take out all the machinery like the enum.
2016-03-11 10:49:57 -05:00
Roger Dingledine
dc500c8cb4 rip out rend_id_is_in_interval()
it was used by hid_serv_responsible_for_desc_id(), which we no
longer use.
2016-03-11 10:46:21 -05:00
Roger Dingledine
5390296338 rip out hid_serv_acting_as_directory()
When we made HidServDirectoryV2 always 1, we removed the situation
where a relay could choose not to be an HSDir. Now simplify the
rest of the code to reflect this decision.

(We have to remove two apparently unrelated free() calls in the unit
tests, since they used to free stuff that we created as a side effect
of calling router_get_my_routerinfo(), and now we no longer call that.)
2016-03-11 10:45:03 -05:00
Roger Dingledine
e167910fce rip out hid_serv_responsible_for_desc_id()
This simplifies relay behavior, because the relay offers the hsdir
functionality independent of whether the directory authorities have
decided this relay is suitable for clients to use yet.

Implements ticket 18332.
2016-03-11 10:40:31 -05:00
Nick Mathewson
e79da62645 If we start/stop reading on a dnsserv connection, don't assert.
Fixes bug 16248. Patch from cypherpunks.  Bugfix on 0.2.0.1-alpha.
2016-03-11 10:33:19 -05:00
Nick Mathewson
ef31c8862f Add changes file for 18448; refactor
(I've made it so FreeBSD || FreeBSD_kernel is enough to ensure that
we think you might have ipfw, and so that the logic is all in one
place.)
2016-03-11 10:05:28 -05:00
Steven Chamberlain
db263442af enable and test transproxy on FreeBSD derivatives #18448
The transproxy feature is only enabled when __FreeBSD__ is defined, and
only regular FreeBSD does that.  Change this to __FreeBSD_kernel__ which
is defined on derivatives as well.

This enables the relevant options/validate__transproxy test on FreeBSD
derivatives.
2016-03-11 10:01:25 -05:00
Hassan Alsibyani
b1917a0614 moving hid_serv_get_responsible_directories and hid_serv_acting_as_directory from routerlist.c to rendcommon.c 2016-03-11 09:15:48 -05:00
teor (Tim Wilson-Brown)
b0ca80c23f Reject multicast rendezvous point addresses
Unless ExtendAllowPrivateAddresses is 1.
2016-03-04 18:21:13 +01:00
teor (Tim Wilson-Brown)
10330c1234 Remove an extraneous space in a log message 2016-03-01 19:08:02 +01:00
Peter Palfrader
1ef7df551d First RelaxDirModeCheck implementation 2016-03-01 17:08:14 +01:00
teor (Tim Wilson-Brown)
2120e14009 Allow internal IPv6 addresses in descriptors in private networks 2016-03-01 16:48:16 +01:00
Nick Mathewson
69fc025e95 Merge remote-tracking branch 'teor/fallbacks-201602-v2' 2016-02-28 15:51:22 +01:00
Nick Mathewson
88ad2f5fb2 Merge remote-tracking branch 'teor/bug18123' 2016-02-28 15:40:35 +01:00
Nick Mathewson
57699de005 Update the copyright year. 2016-02-27 18:48:19 +01:00