Commit Graph

12712 Commits

Author SHA1 Message Date
Nick Mathewson
80e2896d52 comment tweak. Fixes 20271. patch from pastly. 2016-10-06 12:04:04 -04:00
Muhammad Falak R Wani
fdc0a660b4 dircollate: Use correct tor_calloc args.
Flip the tor_calloc arguments in the call.

Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com>
2016-10-05 13:06:27 -04:00
Nick Mathewson
785176e975 Clean up and fix exit policy check in connection_exit_connect().
Previously, we would reject even rendezvous connections to IPv6
addresses when IPv6Exit was false.  But that doesn't make sense; we
don't count that as "exit"ing.  I've corrected the logic and tried
to make it a lottle more clear.

Fixes bug 18357; this code has been wrong since 9016d9e829 in
0.2.4.7-alpha.
2016-10-05 12:44:53 -04:00
Nick Mathewson
05aed5b635 Allow a unix: address to contain a C-style quoted string.
Feature 18753 -- all this to allow spaces.
2016-10-04 15:43:20 -04:00
Matt Traudt
5503eec3aa Change some dirvote.c comments to reflect reality 2016-10-03 20:43:50 -04:00
Nick Mathewson
4bbdebff3f Merge remote-tracking branch 'arma/bug20277' 2016-10-03 14:05:26 -04:00
Paolo Inglese
ae4077916c Fix parse_virtual_addr_network minimum network size 2016-10-03 12:18:51 +01:00
Roger Dingledine
14a6047210 remove whitespace accidentally added in 4f1a04ff 2016-10-02 19:34:23 -04:00
Roger Dingledine
9228db5f1b remove confusing comment about conditional consensus download
We removed that feature in 0.2.4.2-alpha, but some comments seem to
have lingered.

I didn't add a changes/ file since this is just internal code cleanup.
2016-10-02 19:13:35 -04:00
Roger Dingledine
f0fb55ad30 simplify we_use_microdescriptors_for_circuits() 2016-10-02 02:22:03 -04:00
Roger Dingledine
782b6ec288 Bridges and relays now use microdescriptors
(like clients do) rather than old-style router descriptors. Now bridges
will blend in with clients in terms of the circuits they build.

Fixes bug 6769; bugfix on 0.2.3.2-alpha.
2016-10-02 01:12:27 -04:00
Roger Dingledine
bfaded9143 Bridge-using clients now use their cached microdesc consensus
Clients that use bridges were ignoring their cached microdesc-flavor
consensus files, because they only thought they should use the microdesc
flavor once they had a known-working bridge that could offer microdescs,
and at first boot no bridges are known-working.

This bug caused bridge-using clients to download a new microdesc consensus
on each startup.

Fixes bug 20269; bugfix on 0.2.3.12-alpha.
2016-10-01 16:34:17 -04:00
Yawning Angel
847e001d28 Bug 20261: Disable IsolateClientAddr on AF_LOCAL SocksPorts.
The client addr is essentially meaningless in this context (yes, it is
possible to explicitly `bind()` AF_LOCAL client side sockets to a path,
but no one does it, and there are better ways to grant that sort of
feature if people want it like using `SO_PASSCRED`).
2016-09-30 18:43:31 +00:00
Nick Mathewson
53255e925c Fix memory leak from prop264 branch. CID 1373401 2016-09-28 08:21:33 -07:00
Nick Mathewson
153ff4f559 fix a warning in protover. 2016-09-26 11:03:31 -07:00
Nick Mathewson
ed5d2daba1 Merge remote-tracking branch 'public/ticket20001_v2' 2016-09-26 11:01:10 -07:00
Nick Mathewson
97337844b7 Merge branch 'protover_v2_squashed' 2016-09-26 11:00:08 -07:00
Nick Mathewson
501fc3bbc6 protovers: during voting, assert that we are not voting to shut down.
As a failsafe, we should make sure that no authority ever votes for
a set of protocol versions that it does not itself support.
2016-09-26 10:56:54 -07:00
Nick Mathewson
1ab641a70e Remove version_known, and subtly change the meaning of protocols_known 2016-09-26 10:56:53 -07:00
Nick Mathewson
f3382bd722 Rename "proto " to "pr " in consensuses 2016-09-26 10:56:53 -07:00
Nick Mathewson
4cbfee14d4 Update prop264 implementation to split HSMid->HS{Intro,Rend} 2016-09-26 10:56:53 -07:00
Nick Mathewson
0a3da5ce79 prop264: sometimes check client _and_ server versions.
As before, we check server protocols whenever server_mode(options)
is true and we check client protocols whenever server_mode(options)
is false.

Additionally, we now _also_ check client protocols whenever any
client port is set.
2016-09-26 10:56:53 -07:00
Nick Mathewson
afe0419db7 Rename get_supported_protocols to protover_get_supported_protocols 2016-09-26 10:56:53 -07:00
Nick Mathewson
3a3120819c Rename compute_protover_vote to protover_compute_vote 2016-09-26 10:56:53 -07:00
Nick Mathewson
4f57d5871e Update authority votes to match updated proposal. 2016-09-26 10:56:52 -07:00
Nick Mathewson
e402cddefe Clean whitespace, add missing documentation 2016-09-26 10:56:52 -07:00
Nick Mathewson
1e29c68ba9 Remove DoS vector in protover.c voting code 2016-09-26 10:56:51 -07:00
Nick Mathewson
e525f5697f Use protocols to see when EXTEND2 support exists.
(Technically, we could just remove extend2 cell checking entirely,
since all Tor versions on our network are required to have it, but
let's keep this around as an example of How To Do It.)
2016-09-26 10:56:51 -07:00
Nick Mathewson
90a6fe318c Vote on 'proto' lines and include them after 'v' lines.
(Despite the increased size of the consensus, this should have
approximately zero effect on the compressed consensus size, since
the "proto" line should be completely implied by the "v" line.)
2016-09-26 10:56:51 -07:00
Nick Mathewson
f33b90324a Include protocol versions in votes. 2016-09-26 10:56:51 -07:00
Nick Mathewson
d97a385535 Workaround a test bug 2016-09-26 10:56:51 -07:00
Nick Mathewson
a3e82563df Implement voting on the protocol-version options 2016-09-26 10:56:51 -07:00
Nick Mathewson
84f913024d Include protocol version lines in votes. 2016-09-26 10:56:50 -07:00
Nick Mathewson
07a9b79520 Remove a little duplicated code before it becomes a lot 2016-09-26 10:56:50 -07:00
Nick Mathewson
c6a2204e23 Add code to infer protocol versions for old Tor versions. 2016-09-26 10:56:50 -07:00
Nick Mathewson
a232161f7b Cover the error cases of parsing protocol versions
Also, detect an additional failure type. Thanks, tests!

(How distinctly I recall thee)
2016-09-26 10:56:50 -07:00
Nick Mathewson
c1be8f9d57 Basic backend for the protocol-versions voting algorithm.
[This is a brute-force method that potentially uses way too much
RAM. Need to rethink this a little. Right now you can DOS an
authority by saying "Foo=1-4294967295".]
2016-09-26 10:56:49 -07:00
Nick Mathewson
7f718c46f3 Actually check for missing protocols and exit as appropriate. 2016-09-26 10:56:49 -07:00
Nick Mathewson
cca1e0acff Add necessary code to parse and handle required/recommended protocols 2016-09-26 10:56:49 -07:00
Nick Mathewson
4df12239f6 Emit and parse protocol lists in router descriptors 2016-09-26 10:56:49 -07:00
Nick Mathewson
b2b2e1c7f2 checkpoint basic protover backend 2016-09-26 10:56:48 -07:00
Andrea Shepard
006c26f54f Abolish globals in entrynodes.c; relativize guard context to new guard_selection_t structure 2016-09-25 02:11:44 +00:00
Nick Mathewson
6a01164538 Merge branch 'maint-0.2.8' 2016-09-23 09:30:56 -04:00
Nick Mathewson
db6153e70c Merge remote-tracking branch 'teor/broken-028-fallbacks' into maint-0.2.8 2016-09-23 09:29:55 -04:00
teor
30275b048f
Remove another fallback whose operator opted-out 2016-09-22 16:38:04 -07:00
Nick Mathewson
077f6a4888 Merge branch 'maint-0.2.8' 2016-09-22 15:20:31 -04:00
Nick Mathewson
6e96eababe Merge branch 'bug20203_027_squashed' into maint-0.2.8 2016-09-22 15:17:00 -04:00
Nick Mathewson
e4aaf76660 When clearing cells from a circuit for OOM reasons, tell cmux we did so.
Not telling the cmux would sometimes cause an assertion failure in
relay.c when we tried to get an active circuit and found an "active"
circuit with no cells.

Additionally, replace that assert with a test and a log message.

Fix for bug 20203. This is actually probably a bugfix on
0.2.8.1-alpha, specifically my code in 8b4e5b7ee9 where I
made circuit_mark_for_close_() do less in order to simplify our call
graph. Thanks to "cypherpunks" for help diagnosing.
2016-09-22 15:16:07 -04:00
Nick Mathewson
cff1274b06 Simplify a few functions that dont need to call get_latest_consensus() so much 2016-09-21 15:20:27 -04:00
Nick Mathewson
266d7733f8 fix wide lines 2016-09-21 15:15:17 -04:00
Nick Mathewson
2196c7ad64 Remove current_consensus macro.
It's a macro that calls down to a function whose behavior has been
getting progresively more complicated.... but we named it as if it
were a variable.  That's not so smart.  So, replace it with a
function call to a function that was just doing "return
current_consensus".

Fixes bug 20176.
2016-09-21 15:13:19 -04:00
Nick Mathewson
f6d7b71719 Merge remote-tracking branch 'isis/bug20201' 2016-09-21 12:20:33 -04:00
Isis Lovecruft
f1d7b7b600
Update documentation for parse_bridge_line() in src/or/config.c.
* FIXES #20201: https://bugs.torproject.org/20201
2016-09-21 13:26:34 +00:00
Nick Mathewson
62ee4f185f Merge branch 'maint-0.2.8' 2016-09-20 19:30:45 -04:00
Nick Mathewson
9ebe202da0 Merge remote-tracking branch 'public/bug20103_028_v3' into maint-0.2.8 2016-09-20 19:30:24 -04:00
Nick Mathewson
06d99aa2c4 Merge branch 'maint-0.2.8' 2016-09-20 19:29:17 -04:00
teor
19a9872be2
fixup! Update hard-coded fallback list based on pre-0.2.9 checks 2016-09-21 09:13:04 +10:00
David Goulet
32926b008b dns: Always enable DNS request for our DNSPort
Commit 41cc1f612b introduced a "dns_request"
configuration value which wasn't set to 1 for an entry connection on the
DNSPort leading to a refusal to resolve the given hostname.

This commit set the dns_request flag by default for every entry connection
made to the DNSPort.

Fixes #20109

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-09-20 15:05:31 -04:00
Nick Mathewson
9b5a19c64b Don't look at any routerstatus_t when the networkstatus is inconsistent
For a brief moment in networkstatus_set_current_consensus(), the old
consensus has been freed, but the node_t objects still have dead
pointers to the routerstatus_t objects within it.  During that
interval, we absolutely must not do anything that would cause Tor to
look at those dangling pointers.

Unfortunately, calling the (badly labeled!) current_consensus macro
or anything else that calls into we_use_microdescriptors_for_circuits(),
can make us look at the nodelist.

The fix is to make sure we identify the main consensus flavor
_outside_ the danger zone, and to make the danger zone much much
smaller.

Fixes bug 20103.  This bug has been implicitly present for AGES; we
just got lucky for a very long time.  It became a crash bug in
0.2.8.2-alpha when we merged 35bbf2e4a4 to make
find_dl_schedule start looking at the consensus, and 4460feaf28
which made node_get_all_orports less (accidentally) tolerant of
nodes with a valid ri pointer but dangling rs pointer.
2016-09-20 10:43:58 -04:00
teor
c6d51b4577
Update hard-coded fallback list based on pre-0.2.9 checks 2016-09-20 16:49:45 +10:00
Nick Mathewson
425f5e6d40 Fix a bogus memwipe length in rend_service_load_auth_keys().
Bugfix on a4f46ff8ba. Found by Coverity.
2016-09-14 10:58:53 -04:00
Nick Mathewson
4f4e995d42 Merge branch 'bug20081' 2016-09-14 10:17:04 -04:00
Nick Mathewson
2c7d09dfd2 Fix a check-spaces warning. 2016-09-13 10:24:45 -04:00
Nick Mathewson
9f0cb5af15 Merge branch 'feature-17178-v7-squashed-v2' 2016-09-13 10:20:08 -04:00
teor
f311c9ffa2 Replace OnionService* with HiddenService* in option names
And make consequential line-length adjustments.
2016-09-13 10:13:57 -04:00
teor
365ca3ca0f Refactor Single Onion code to improve consistency
* Check consistency between the two single onion torrc options
* Use the more relevant option each time we check for single onion mode
* Clarify log messages
* Clarify comments
* Otherwise, no behaviour change
2016-09-13 10:13:57 -04:00
teor
f686fa2ee6 Comments: prefer circuit_build_times_disabled() to LearnCircuitBuildTimeout 2016-09-13 10:13:57 -04:00
teor
a00fee2f54 Ephemeral Single Onion Services must have the NonAnonymous ADD_ONION flag
Tor checks that the flag matches the configured onion service anonymity.

Tor refuses to create unflagged onion service using ADD_ONION, if they
would be non-anonymous. The error is:
512 Tor is in non-anonymous onion mode

Similarly, if the NonAnonymous flag is present, and Tor has the default
anonymous onion config:
512 Tor is in anonymous onion mode
2016-09-13 10:13:57 -04:00
teor
a4f46ff8ba Refactor the hidden service code to use rend_service_path
And make consequential changes to make it less error-prone.

No behaviour change.
2016-09-13 10:13:57 -04:00
teor
65b2d34c9c Allow the unit tests to pass a service list to rend_service_load_all_keys 2016-09-13 10:13:56 -04:00
teor
41f96078c2 Refactor UseEntryNodes so the original configured value is preserved
Parse the value to UseEntryNodes_option, then set UseEntryNodes before
validating options.

This way, Authorities, Tor2web, and Single Onion Services don't write
spurious "UseEntryNodes 0" lines to their configs. Document the fact that
these tor configurations ignore UseEntryNodes in the manual page.

Also reorder options validation so we modify UseEntryNodes first, then
check its value against EntryNodes.

And silence a warning about disabled UseEntryNodes for hidden services
when we're actually in non-anonymous single onion service mode.
2016-09-13 10:13:56 -04:00
teor
0285f4f34d Use CircuitBuildTimeout whenever circuit_build_times_disabled is true
Previously, we checked LearnCircuitBuildTimeout directly.

Fixes bug #20073 in commit 5b0b51ca3 on tor 0.2.4.12-alpha.
2016-09-13 10:13:56 -04:00
teor
3e4a401ead Fix a typo in a comment in rend_consider_services_intro_points 2016-09-13 10:13:56 -04:00
teor
4d9d2553ba Fix a typo in the LearnCircuitBuildTimeout disabled log message 2016-09-13 10:13:56 -04:00
teor
c43211fd6c When LearnCircuitBuildTimeout is disabled by other options, be quieter 2016-09-13 10:13:56 -04:00
teor
07d32d2e68 Remove a duplicate non-anonymous warning log message
We log this message every time we validate tor's options.
There's no need to log a duplicate in main() as well.

(It is impossible to run main() without validating our options.)
2016-09-13 10:13:56 -04:00
teor (Tim Wilson-Brown)
831cf6d1d8 Refactor crypto init to use existing options variable 2016-09-13 10:13:56 -04:00
teor
e5ad00330c Make Tor2web work with ReachableAddresses and CRN_DIRECT_CONN
The changes in #19973 fixed ReachableAddresses being applied
too broadly, but they also broke Tor2web (somewhat unintentional)
compatibility with ReachableAddresses.

This patch restores that functionality, which makes intro and
rend point selection is consistent between Tor2web and Single Onion
Services.
2016-09-13 10:13:55 -04:00
teor
75ebbed557 Make Single Onion Service intro points respect ReachableAddresses 2016-09-13 10:13:55 -04:00
teor (Tim Wilson-Brown)
b560f852f2 Implement Prop #260: Single Onion Services
Add experimental OnionServiceSingleHopMode and
OnionServiceNonAnonymousMode options. When both are set to 1, every
hidden service on a tor instance becomes a non-anonymous Single Onion
Service. Single Onions make one-hop (direct) connections to their
introduction and renzedvous points. One-hop circuits make Single Onion
servers easily locatable, but clients remain location-anonymous.
This is compatible with the existing hidden service implementation, and
works on the current tor network without any changes to older relays or
clients.

Implements proposal #260, completes ticket #17178. Patch by teor & asn.

squash! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! fixup! Implement Prop #260: Single Onion Services

Redesign single onion service poisoning.

When in OnionServiceSingleHopMode, each hidden service key is poisoned
(marked as non-anonymous) on creation by creating a poison file in the
hidden service directory.

Existing keys are considered non-anonymous if this file exists, and
anonymous if it does not.

Tor refuses to launch in OnionServiceSingleHopMode if any existing keys
are anonymous. Similarly, it refuses to launch in anonymous client mode
if any existing keys are non-anonymous.

Rewrite the unit tests to match and be more comprehensive.
Adds a bonus unit test for rend_service_load_all_keys().
2016-09-13 10:10:54 -04:00
teor (Tim Wilson-Brown)
b494ccc3c9 Make rend_service_free available to the unit tests
Also check that the port list exists before freeing it.

Patch by asn.
2016-09-13 10:08:06 -04:00
Nick Mathewson
8fdf2f583c Unit tests for proposal 271 client-side implementation 2016-09-13 09:45:55 -04:00
Nick Mathewson
08d2d7c404 prop272: Believe that all routers are Valid and Running.
(We check consensus method when deciding whether to assume a node is
valid.  No need to check the consensus method for Running, since
we will never see a method before 13.)

Closes ticket 20001

g
2016-09-13 09:29:22 -04:00
Nick Mathewson
20c4b01694 Make preferred_chunk_size avoid overflow, handle big inputs better
Also, add tests for the function.

Closes 20081; bugfix on 0.2.0.16-alpha. This is a Guido Vranken
issue. Thanks, Guido!
2016-09-13 09:07:12 -04:00
Nick Mathewson
64521a9d35 Merge remote-tracking branch 'public/solaris_warnings_028' 2016-09-11 16:52:24 -04:00
Nick Mathewson
3fcd5d71ad Fix typo error in bug warning in relay.c 2016-09-08 15:15:57 -04:00
Nick Mathewson
e9fdec2b1d capture and detect expected BUG messages in shared-random tests 2016-09-08 15:13:53 -04:00
Nick Mathewson
e9b1d0619f Merge remote-tracking branch 'dgoulet/ticket18693_029_01' 2016-09-07 11:46:00 -04:00
Nick Mathewson
2a3b651790 Merge remote-tracking branch 'sebastian/bug20064' 2016-09-07 11:38:43 -04:00
Nick Mathewson
af58a89b86 Merge remote-tracking branch 'teor/bug20012' 2016-09-06 19:14:02 -04:00
Nick Mathewson
128f7ffbc0 Merge remote-tracking branch 'public/ticket20002' 2016-09-06 14:27:13 -04:00
Nick Mathewson
5927ed8d33 checkSpace.pl now forbids more identifiers.
The functions it warns about are:
  assert, memcmp, strcat, strcpy, sprintf, malloc, free, realloc,
  strdup, strndup, calloc.

Also, fix a few lingering instances of these in the code. Use other
conventions to indicate _intended_ use of assert and
malloc/realloc/etc.
2016-09-06 12:35:37 -04:00
Nick Mathewson
440228907d Merge remote-tracking branch 'sebastian/bug20065' 2016-09-06 10:12:42 -04:00
teor
55a2bfb056
Fix an indentation issue in rend_config_services 2016-09-06 17:49:52 +10:00
Sebastian Hahn
74d710e7dc Give useful error if authority_signing_key doesn't exist 2016-09-06 00:14:20 +02:00
Sebastian Hahn
0d485fcfef Vote Exit correctly with DirAllowPrivateAddresses set
When allowing private addresses, mark Exits that only exit to private
locations as such. Fixes bug 20064; bugfix on 0.2.2.9-alpha.
2016-09-05 23:39:47 +02:00
Andrea Shepard
341a159ab4 Appease make check-spaces 2016-09-05 17:47:39 +00:00
Nick Mathewson
bbac9e1d0c Don't warn on unlink(bw_accounting) when errno == ENOENT
Patch from pastly; fixes bug 19964.
2016-08-31 10:57:09 -04:00
Nick Mathewson
c15b99e6e9 Fix a deref-before-null-check complaint
Found by coverity scan; this is CID 1372329.

Also, reindent some oddly indented code.
2016-08-31 10:32:10 -04:00
teor
0a3009bb85
Stop inadvertently upgrading client intro connections to ntor
Also stop logging the intro point details on error by default.

Fixes #20012, introduced with ntor in tor 0.2.4.8-alpha.
2016-08-31 15:10:58 +10:00
teor (Tim Wilson-Brown)
16386a8cd1
Count unix sockets when counting client listeners
Users can't run an anonymous client and non-anonymous single
onion service at the same time. We need to know whether we have
any client ports or sockets open to do this check.

When determining whether a client port (SOCKS, Trans, NATD, DNS)
is set, count unix sockets when counting client listeners. This
has no user-visible behaviour change, because these options are
set once and never read in the current tor codebase.

Don't count sockets when setting ControlPort_set, that's what
ControlSocket is for. (This will be reviewed in #19665.)

Don't count sockets when counting server listeners, because the code
that uses these options expects to count externally-visible ports.
(And it would change the behaviour of Tor.)
2016-08-31 13:41:31 +10:00
Nick Mathewson
e3bf8854c8 We no longer need to tag UseNTorHandshake as deprecated, since it is obsolete 2016-08-29 15:03:55 -04:00
Nick Mathewson
bbaa7d09a0 Merge remote-tracking branch 'teor/reject-tap-v6' 2016-08-29 15:02:11 -04:00
Nick Mathewson
9b9fb63276 prop272: When voting, include no non-Valid relays in consensus
Implements ticket 20002, and part of proposal 272.
2016-08-26 14:14:34 -04:00
Andrea Shepard
32fbc9738a Fix OOS comparator fix 2016-08-26 00:01:25 +00:00
David Goulet
9e1cb3660b Fix duplicated if condition in connection.c
Furthermore, fix a test that could returned an uninitialized value.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-08-25 14:52:28 -04:00
Nick Mathewson
1dfa2213a4 Merge remote-tracking branch 'andrea/ticket18640_v3' 2016-08-25 14:29:06 -04:00
teor (Tim Wilson-Brown)
382a28951f Check onion hostnames against client port flags
Check NoOnionTraffic before attaching a stream.

NoOnionTraffic refuses connections to all onion hostnames,
but permits non-onion hostnames and IP addresses.
2016-08-24 14:40:54 -04:00
teor (Tim Wilson-Brown)
b311f82026 Check non-onion hostnames & IP addresses against client port flags
Check NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic before
attaching a stream.

NoDNSRequest refuses connections to all non-onion hostnames,
but permits IP addresses.
NoIPv4Traffic refuses connections to IPv4 addresses, but resolves
hostnames.
NoIPv6Traffic refuses connections to IPv6 addresses, but resolves
hostnames.

Combined, they refuse all non-onion hostnames and IP addresses.
2016-08-24 14:40:54 -04:00
teor (Tim Wilson-Brown)
45b4e63519 Make Tor2Web error message clearer
Tor2Web refuses non-onion hostnames and IP addresses.
2016-08-24 14:40:54 -04:00
teor (Tim Wilson-Brown)
f41ddbecc6 Comment-only punctuation fix 2016-08-24 14:40:53 -04:00
teor (Tim Wilson-Brown)
41cc1f612b Parse *Port flags NoDNSRequest, NoOnionTraffic & OnionTrafficOnly
OnionTrafficOnly is equivalent to NoDNSRequest, NoIPv4Traffic,
and NoIPv6Traffic.

Add unit tests for parsing and checking option validity.
Add documentation for each flag to the man page.

Add changes file for all of #18693.

Parsing only: the flags do not change client behaviour (yet!)
2016-08-24 14:40:53 -04:00
Nick Mathewson
10f8607125 make check-spaces fixes 2016-08-24 13:39:22 -04:00
Nick Mathewson
5132905419 Merge branch 'maint-0.2.8' 2016-08-24 10:45:11 -04:00
teor
b1ad024d30 Fix path selection on firewalled clients
Signed-off-by: teor <teor2345@gmail.com>
2016-08-24 10:07:47 -04:00
Nick Mathewson
297635f806 Merge branch 'maint-0.2.8' 2016-08-24 10:03:19 -04:00
Nick Mathewson
d3a975ea05 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-08-24 10:02:52 -04:00
Isis Lovecruft
41ab23bed5 Replace Tonga with Bifroest.
* FIXES #19728: https://bugs.torproject.org/19728
 * CLOSES #19690: https://bugs.torproject.org/19690
2016-08-24 10:01:23 -04:00
teor
19816f2f78
Add a stub for rend_service_allow_direct_connection
It always returns 0. It should be replaced with the Single
Onion version from #17178 when both are merged.
2016-08-24 11:02:19 +10:00
teor (Tim Wilson-Brown)
10aa913acc
Client & HS ignore UseNTorHandshake, all non-HS handshakes use ntor
Rely on onion_populate_cpath to check that we're only using
TAP for the rare hidden service cases.

Check and log if handshakes only support TAP when they should support
ntor.
2016-08-24 11:02:00 +10:00
teor (Tim Wilson-Brown)
cad9046632
Improve comments in circuit_get_cpath_* 2016-08-24 10:32:22 +10:00
teor (Tim Wilson-Brown)
febd4ab0e5
Client & HS make sure every hop in every non-HS path supports ntor
When a client connects to an intro point not in the client's consensus,
or a hidden service connects to a rend point not in the hidden service's
consensus, we are stuck with using TAP, because there is no ntor link
specifier.
2016-08-24 10:32:10 +10:00
Nick Mathewson
a0398dd348 Merge remote-tracking branch 'jigsaw/fix-17758' 2016-08-23 09:57:14 -04:00
Nick Mathewson
ff65618f16 Merge remote-tracking branch 'jigsaw/fix-15381' 2016-08-23 09:55:37 -04:00
Nick Mathewson
e8d7953c61 Use tor_assert, not assert. 2016-08-23 09:24:20 -04:00
Nick Mathewson
bd45f7c668 Merge branch 'bug13953_squashed' 2016-08-23 09:22:04 -04:00
teor
a60ef72345 Reword the router_check_descriptor_address_port_consistency log message
The new message covers static and dynamic public IPv4 addresses,
and external / internal addresses in NAT setups.
2016-08-23 09:16:08 -04:00
Nick Mathewson
62b239dd9c Merge branch 'maint-0.2.8' 2016-08-22 10:19:15 -04:00
Nick Mathewson
0ba05313d5 Do not pass NULL to log(%s) in dir_server_new.
This bug had existed since 0.2.4.7-alpha, but now that we have
FallbackDirs by default, it actually matters.

Fixes bug 19947; bugfix on 0.2.4.7-alpha or maybe 0.2.8.1-alpha.

Rubiate wrote the patch; teor wrote the changes file.
2016-08-22 01:22:19 -04:00
Andrea Shepard
9a09513c0b Use connection_mark_for_close() rather than connection_mark_on_flush() on OOS 2016-08-20 04:43:01 +00:00
Andrea Shepard
31028af440 Add DisableOOSCheck option, on by default until we have better heuristics 2016-08-20 04:36:37 +00:00
Andrea Shepard
3efe92ba58 Consider the case that a connection doesn't have a valid socket during OOS 2016-08-20 03:57:32 +00:00
Andrea Shepard
1a7709d409 Add connection_is_moribund() inline 2016-08-20 03:34:16 +00:00
Andrea Shepard
a403230fe3 Use SMARTLIST_FOREACH in connection_count_moribund() per code review 2016-08-20 03:12:58 +00:00
Andrea Shepard
dbdac1dc27 s/connection_handle_oos/connection_check_oos/g per code review 2016-08-20 02:44:33 +00:00
Andrea Shepard
d65f030915 Unit test for pick_oos_victims() 2016-08-20 01:43:52 +00:00
Andrea Shepard
e17083b432 Unit test for kill_conn_list_for_oos() 2016-08-20 01:43:52 +00:00
Andrea Shepard
26c2ded00c Unit test for connection_handle_oos() 2016-08-20 01:43:51 +00:00
Andrea Shepard
709f2cbf58 Implement OOS comparator 2016-08-20 01:43:51 +00:00
Andrea Shepard
d502efbd47 Implement pick_oos_victims() except for sort step 2016-08-20 01:43:51 +00:00
Andrea Shepard
e9464737af Implement kill_conn_list_for_oos() 2016-08-20 01:43:50 +00:00
Andrea Shepard
c76d45bdec Stub out pick_oos_victims() and kill_conn_list_for_oos() 2016-08-20 01:43:50 +00:00
Andrea Shepard
2bc19171ef Implement connection_count_moribund() for OOS handler 2016-08-20 01:43:50 +00:00
Andrea Shepard
4f253d4c67 Don't say OOS unless the ConnLimit thresholds have been set 2016-08-20 01:43:49 +00:00
Andrea Shepard
34d9d02150 Stub out connection_handle_oos() and call it from places we can change the socket count or thresholds 2016-08-20 01:43:46 +00:00
Andrea Shepard
1c0c0022d8 Compute thresholds for OOS from ConnLimit_ when setting options 2016-08-20 01:42:30 +00:00
Nick Mathewson
3c8baa77a1 Log a warning when Testing options are deprecated. 2016-08-19 20:21:04 -04:00
Nick Mathewson
05ad2db283 Add comments to explain when things were deprecated 2016-08-19 20:09:51 -04:00
Nick Mathewson
507f07de09 Merge remote-tracking branch 'public/deprecation_v2' 2016-08-19 19:58:51 -04:00
Nick Mathewson
5aad921e3a Rename free_voting_schedule to voting_schedule_free. Wrap line. Follow if convention. 2016-08-19 19:44:19 -04:00
Nick Mathewson
3e8f93bb10 Merge remote-tracking branch 'jigsaw/fix-19562' 2016-08-19 19:41:53 -04:00
Daniel Pinto
8c0fdf6a27 Added a voting_schedule_free function to free voting schedules.
Existing Uses of the tor_free function on voting schedules were
replaced with voting_schedule_free.
Fixes #19562.
2016-08-16 17:53:38 +01:00
Daniel Pinto
3d6ae798cf Fixes inconsistent version prefix in log messages.
Fixes #15381.
2016-08-16 17:22:16 +01:00
Daniel Pinto
4f19f85eda Prevents negative number of written bytes on error message.
Fixes #17758.
2016-08-16 17:12:18 +01:00
teor
4b4389280e
Check parameters to router_check_descriptor_address_port_consistency 2016-08-16 14:39:46 +10:00
teor
427663428b
Refactor duplicate code in router_check_descriptor_address_consistency
No behaviour change
2016-08-16 14:05:46 +10:00
s7r
4d2b3164ec Make log message clearer
Longer and more explicit log message so we don't confuse users with behind NAT with working configurations and state that public IP addresses only should be provided with "Address", won't work with internal addresses.
2016-08-15 09:50:10 +00:00
Nick Mathewson
be820f41a3 Fix quite a few slow memory leaks in config.c
This bug was introduced in 8bbbbaf87b when we added a separate
or_options_free() function but didn't start using it everywhere.

Fixes bug 19466.
2016-08-12 18:47:35 -04:00
Nick Mathewson
7f145b54af Merge remote-tracking branch 'public/Fix_19450' 2016-08-12 16:11:28 -04:00
Andrea Shepard
09a0f2d0b2 Eliminate redundant hourly reset of descriptor download failures 2016-08-10 03:34:54 +00:00
Andrea Shepard
05853485a4 Debug logging for router/consensus descriptor download resets 2016-08-10 03:34:54 +00:00
Nick Mathewson
f5dcab8072 Add new warn_deprecated option to config_assign*().
Also, collapse all the config_assign*() options into a flags
argument, since having two boolean arguments was already confusing.
2016-08-03 12:52:26 -04:00
Nick Mathewson
f3314aa6e1 Deprecate some SocksPort sub-options. 2016-08-03 12:24:07 -04:00
Nick Mathewson
9b6ff4c882 Teach checkOptionDocs about deprecation.
In particular, teach it that deprecated options must exist.
2016-08-03 12:16:58 -04:00
Nick Mathewson
66e610da72 Mark a big pile of options as deprecated. 2016-08-03 12:08:57 -04:00
Nick Mathewson
e6220ccbf8 Add deprecation for configuration options that need to go away. 2016-08-03 11:43:19 -04:00
Nick Mathewson
c9b8d4c086 We no longer use config_var_description_t 2016-08-03 11:19:08 -04:00
Nick Mathewson
7b896fe61e Remove/fix remaining evbuffer references 2016-08-02 14:02:35 -04:00
Nick Mathewson
4d4ccc505b Search for remaining references to 'bufferevent'.
Remove or adjust as appropriate.
2016-08-02 13:59:47 -04:00
Nick Mathewson
46ef4487d3 Remove generic_buffer_*() functions as needless.
These functions were there so that we could abstract the differences
between evbuffer and buf_t.  But with the bufferevent removal, this
no longer serves a purpose.
2016-08-02 13:50:00 -04:00
Nick Mathewson
cd9d39d54b Rename generic_buffer_set_to_copy, since generic buffers are not a thing 2016-08-02 13:33:41 -04:00
Nick Mathewson
88a7a02728 Bufferevent removal: remove more bufferevent-only options
(All this IOCP stuff was bufferevent-only.)
2016-08-02 13:33:08 -04:00
Nick Mathewson
c68a23a135 Bufferevent removal: remove HAS_BUFFEREVENT macros and usage
This is another way that we had bufferevents-only code marked.
2016-08-02 13:15:10 -04:00
Nick Mathewson
8e9a6543e1 More bufferevent removal: bev_str is no longer needed in tor_init 2016-08-02 13:08:00 -04:00
teor
8c2ee16b8f
Get the extend_info_from_router check the right way around 2016-08-02 14:28:56 +10:00
Nick Mathewson
f3575a45ce Merge branch 'maint-0.2.8' 2016-07-29 10:23:38 -04:00
teor (Tim Wilson-Brown)
1c4a2dd208 Remove a fallback that was on the hardcoded list, then opted-out
The fallback was added in 0.2.8.2-alpha.
2016-07-29 10:23:15 -04:00
Andrea Shepard
1995328a3d Keep make check-spaces happy 2016-07-29 05:05:12 +00:00
Nick Mathewson
dffc6910b1 Three more -Wshadow fixes. 2016-07-28 11:24:03 -04:00
Nick Mathewson
94bff894f9 Fix a large pile of solaris warnings for bug 19767.
In nearly all cases, this is a matter of making sure that we include
orconfig.h before we include any standard c headers.
2016-07-28 10:47:46 -04:00
Nick Mathewson
9fe6fea1cc Fix a huge pile of -Wshadow warnings.
These appeared on some of the Jenkins platforms. Apparently some
GCCs care when you shadow globals, and some don't.
2016-07-28 10:22:10 -04:00
Nick Mathewson
a8676b1ede Merge branch 'bug18902_squashed' 2016-07-28 06:59:03 -04:00
Nick Mathewson
4757303873 Fix all -Wshadow warnings on Linux
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
Nick Mathewson
f0488551e7 Merge branch 'bug19639_squashed' 2016-07-26 19:31:15 -04:00
teor (Tim Wilson-Brown)
64bf6b70a8 Check that extend_info_from_router is never called on a client 2016-07-26 19:31:05 -04:00
Nick Mathewson
d70fac15ff Merge remote-tracking branch 'teor/bug19702' 2016-07-26 19:12:23 -04:00
Nick Mathewson
61ce6dcb40 Make monotime test mocking work with oom tests. 2016-07-21 07:02:34 -04:00
Nick Mathewson
558f7d3701 Merge branch 'monotonic_v2_squashed' 2016-07-19 11:42:26 +02:00
Nick Mathewson
1e3cf1cc83 Be sure to call monotime_init() at startup. 2016-07-19 11:40:47 +02:00
Nick Mathewson
c7558c906a Use coarse monotonic timer instead of cached monotonized libevent time. 2016-07-19 11:40:46 +02:00
teor (Tim Wilson-Brown)
d8cd994ef6
Allow clients to retry HSDirs much faster in test networks 2016-07-18 13:25:15 +10:00
Andrea Shepard
94c27d4e8f Keep make check-spaces happy 2016-07-17 23:22:29 +00:00
teor (Tim Wilson-Brown)
579a80d4ae
Clients avoid choosing nodes that can't do ntor
If we know a node's version, and it can't do ntor, consider it not running.
If we have a node's descriptor, and it doesn't have a valid ntor key,
consider it not running.

Refactor these checks so they're consistent between authorities and clients.
2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
a76d528bec
Clients no longer download descriptors for relays without ntor 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
24e8bb2d83
Relays make sure their own descriptor has an ntor key 2016-07-15 09:55:49 +10:00
teor (Tim Wilson-Brown)
33da2abd05
Authorities reject descriptors without ntor keys
Before, they checked for version 0.2.4.18-rc or later, but this
would not catch relays without version lines, or buggy or malicious
relays missing an ntor key.
2016-07-15 09:55:49 +10:00
U+039b
c735220a0b
Remove bufferevents dead code
Signed-off-by: U+039b <*@0x39b.fr>
2016-07-14 18:46:37 +02:00
Nick Mathewson
466259eb50 Merge remote-tracking branch 'sebastian/libevent2' 2016-07-08 09:57:31 -04:00
Nick Mathewson
acba4cc954 test coverage on onion_fast: 0%->100% 2016-07-06 13:43:12 -04:00
Nick Mathewson
ae22c249c3 Improve test coverage a little on onion*.c 2016-07-06 12:37:52 -04:00
Nick Mathewson
9c1d8cdd8d Merge branch 'maint-0.2.8' 2016-07-06 10:17:22 -04:00
teor (Tim Wilson-Brown)
b167e82f62
When checking if a routerstatus is reachable, don't check the node
This fixes #19608, allowing IPv6-only clients to use
microdescriptors, while preserving the ability of bridge clients
to have some IPv4 bridges and some IPv6 bridges.

Fix on c281c036 in 0.2.8.2-alpha.
2016-07-06 14:46:22 +10:00
Nick Mathewson
78196c8822 Merge remote-tracking branch 'teor/bug18456' 2016-07-05 19:10:08 -04:00
Nick Mathewson
8cae4abbac Merge branch 'maint-0.2.8' 2016-07-05 12:43:17 -04:00
Nick Mathewson
8d25ab6347 Merge remote-tracking branch 'weasel/bug19557' into maint-0.2.8 2016-07-05 12:40:25 -04:00
Nick Mathewson
74cbbda86e Merge remote-tracking branch 'weasel/bug19556' into maint-0.2.8 2016-07-05 12:39:40 -04:00
Nick Mathewson
f54ffa463a Merge branch 'maint-0.2.8' 2016-07-05 12:23:25 -04:00
Nick Mathewson
f4408747d3 Merge branch 'maint-0.2.7' into maint-0.2.8 2016-07-05 12:23:14 -04:00
Nick Mathewson
6e96aadadb Merge branch 'maint-0.2.6' into maint-0.2.7 2016-07-05 12:22:47 -04:00
Nick Mathewson
c28ba994ec Merge branch 'maint-0.2.5' into maint-0.2.6 2016-07-05 12:21:25 -04:00
Nick Mathewson
9d3de77d4d Merge branch 'maint-0.2.4' into maint-0.2.5 2016-07-05 12:20:42 -04:00
Nick Mathewson
e11cc95717 Merge remote-tracking branch 'asn/bug19555' 2016-07-05 12:17:21 -04:00
Nick Mathewson
87758dbebc Merge remote-tracking branch 'dgoulet/bug19567_029_01' 2016-07-05 12:14:04 -04:00
Nick Mathewson
8ba4ba0a74 Grammar.
I grepped and hand-inspected the "it's" instances, to see if any
were supposed to be possessive.  While doing that, I found a
"the the", so I grepped to see if there were any more.
2016-07-05 12:10:12 -04:00
Sebastian Hahn
e7b70b69ec Remove src/or/eventdns_tor.h based on cypherpunk's review 2016-07-04 21:39:43 +02:00
David Goulet
267e16ea61 sr: add the base16 RSA identity digest to commit
Keep the base16 representation of the RSA identity digest in the commit object
so we can use it without using hex_str() or dynamically encoding it everytime
we need it. It's used extensively in the logs for instance.

Fixes #19561

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 12:05:48 -04:00
David Goulet
cc34929abc sr: Fix comment in shared_random.h
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:44:10 -04:00
David Goulet
c6de05d529 sr: Remove useless code in disk_state_update()
This patch also updates a comment in the same function for accuracy.

Found by Coverity issue 1362985. Partily fixes #19567.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-04 11:33:41 -04:00
George Kadianakis
34bd333529 prop250: Fix voting_schedule_t memleak in sr_state_update(). 2016-07-04 17:42:25 +03:00
George Kadianakis
f03c74c631 prop250: Plug TorVersion memleak in disk_state_reset(). 2016-07-04 17:42:25 +03:00
Sebastian Hahn
265e40b481 Raise libevent dependency to 2.0.10-stable or newer
Only some very ancient distributions don't ship with Libevent 2 anymore,
even the oldest supported Ubuntu LTS version has it. This allows us to
get rid of a lot of compat code.
2016-07-04 12:40:09 +02:00
Sebastian Hahn
7ae34e722a
Remove urras as a default trusted directory authority
It had been a directory authority since 0.2.1.20.
2016-07-03 21:59:32 +02:00
Peter Palfrader
55d380f3df sandboxing: allow writing to stats/hidserv-stats
Our sandboxing code would not allow us to write to stats/hidserv-stats,
causing tor to abort while trying to write stats.  This was previously
masked by bug#19556.
2016-07-03 18:05:43 +02:00
Peter Palfrader
2c4e78d95b sandboxing: allow open() of stats dir
When sandboxing is enabled, we could not write any stats to disk.
check_or_create_data_subdir("stats"), which prepares the private stats
directory, calls check_private_dir(), which also opens and not just stats() the
directory.  Therefore, we need to also allow open() for the stats dir in our
sandboxing setup.
2016-07-03 17:47:45 +02:00
Andrea Shepard
be78e9ff37 Keep make check-spaces happy 2016-07-01 21:52:32 +00:00
Nick Mathewson
1597c42384 Fix i386 conversion warnings 2016-07-01 15:53:01 -04:00
Nick Mathewson
aaa3129043 Merge remote-tracking branch 'dgoulet/ticket16943_029_05-squashed'
Trivial Conflicts:
	src/or/or.h
	src/or/routerparse.c
2016-07-01 15:29:05 -04:00
David Goulet
36e201dffc prop250: Add a DEL state action and return const SRVs
The *get* state query functions for the SRVs now only return const pointers
and the DEL action needs to be used to delete the SRVs from the state.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
David Goulet
4a1904c126 prop250: Use the new dirvote_get_intermediate_param_value for AuthDirNumSRVAgreements
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
Nick Mathewson
6927467bef Refactor parameter computation and add a helper function
This patch makes us retain the intermediate list of K=V entries for
the duration of computing our vote, and lets us use that list with
a new function in order to look up parameters before the consensus
is published.

We can't actually use this function yet because of #19011: our
existing code to do this doesn't actually work, and we'll need a new
consensus method to start using it.

Closes ticket #19012.
2016-07-01 14:01:42 -04:00
David Goulet
09ecbdd8ee prop250: Fix format string encoding in log statement
Commit and reveal length macro changed from int to unsigned long int
(size_t) because of the sizeof().

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
David Goulet
e62f3133bb prop250: Change reveal_num to uint64_t and version to uint32_t
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:42 -04:00
George Kadianakis
899d2b890b prop250: Don't use {0} to init static struct -- causes warning on clang.
See ticket #19132 for the clang/llvm warning.

Since voting_schedule is a global static struct, it will be initialized
to zero even without explicitly initializing it with {0}.

This is what the C spec says:

	If an object that has automatic storage duration is not initialized
	explicitly, its value is indeterminate. If an object that has static
	storage duration is not initialized explicitly, then:

	— if it has pointer type, it is initialized to a null pointer;
	— if it has arithmetic type, it is initialized to (positive or unsigned) zero;
	— if it is an aggregate, every member is initialized (recursively) according to these rules;
	— if it is a union, the first named member is initialized (recursively) according to these rules.
2016-07-01 14:01:41 -04:00
George Kadianakis
ebbff31740 prop250: Silence a logging message.
LOG_NOTICE is a bit too much for that one.
2016-07-01 14:01:41 -04:00
George Kadianakis
f6f4668b1d prop250: Don't reject votes containing commits of unknown dirauths.
Instead just ignore those commits.

Squash this commit with 33b2ade.
2016-07-01 14:01:41 -04:00
David Goulet
5fe9a50c31 prop250: Pass the dst length to sr_srv_encode()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
d43646e191 prop250: Fix unit tests about the RSA fingerprint check
Code has been changed so every RSA fingerprint for a commit in our state is
validated before being used. This fixes the unit tests by mocking one of the
key function and updating the hardcoded state string.

Also, fix a time parsing overflow on platforms with 32bit time_t

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
cd858d78a7 prop250: Sort commits in lexicographical order in votes
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
63ca307127 prop250: Improve log messages
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
George Kadianakis
edea044147 prop250: Sort smartlist before you get most frequent SRV.
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
545b77e2f8 prop250: Only trust known authority when computing SRV
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
0f27d92e4c prop250: Add version to Commit line in vote and state
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
8ac88f6f97 prop250: Add a valid flag to sr_commit_t
We assert on it using the ASSERT_COMMIT_VALID() macro in critical places
where we use them expecting a commit to be valid.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
056b6186ad prop250: Use RSA identity digest instead of fingerprint
The prop250 code used the RSA identity key fingerprint to index commit in a
digestmap instead of using the digest.

To behavior change except the fact that we are actually using digestmap
correctly.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 14:01:41 -04:00
David Goulet
c0cec2ffd3 prop250: change time_t to uint64_t
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2016-07-01 14:01:41 -04:00
David Goulet
39be8af709 prop250: Add unit tests
Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
727d419a9d prop250: Initialize the SR subsystem and us it!
This commit makes it that tor now uses the shared random protocol by
initializing the subsystem.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
0c26a6db7e prop250: Parse votes and consensus
One of the last piece that parses the votes and consensus in order to update
our state and make decision for the SR values.

We need to inform the SR subsystem when we set the current consensus because
this can be called when loaded from file or downloaded from other authorities
or computed.

The voting schedule is used for the SR timings since we are bound to the
voting system.

Signed-off-by: David Goulet <dgoulet@torproject.org>
Signed-off-by: George Kadianakis <desnacked@riseup.net>
2016-07-01 14:01:41 -04:00
David Goulet
ca6ceec112 prop250: Put commits and SRVs in votes/consensus
This commit adds the commit(s) line in the vote as well as the SR values. It
also has the mechanism to add the majority SRVs in the consensus.

Signed-off-by: George Kadianakis <desnacked@riseup.net>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 13:25:03 -04:00
David Goulet
5b183328fd prop250: Add commit and SR values generation code
This adds the logic of commit and SR values generation. Furthermore, the
concept of a protocol run is added that is commit is generated at the right
time as well as SR values which are also rotated before a new protocol run.

Signed-off-by: George Kadianakis <desnacked@riseup.net>
Signed-off-by: David Goulet <dgoulet@torproject.org>
2016-07-01 13:23:27 -04:00
Nick Mathewson
ac9784f7f5 Fix a missing break; in dump_desc_init()
Found by coverity scan; this is CID 1362983
2016-07-01 10:02:22 -04:00
Nick Mathewson
0531d5155e Merge remote-tracking branch 'teor/bug19530-v2' 2016-07-01 10:00:37 -04:00
Nick Mathewson
903ec20c0b Merge branch 'maint-0.2.8' 2016-07-01 09:54:08 -04:00
teor (Tim Wilson-Brown)
514f0041d1
Avoid disclosing exit IP addresses in exit policies by default
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.

Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.
2016-07-01 15:37:13 +10:00
teor (Tim Wilson-Brown)
744077dd15
When tor can't find a directory, log less 2016-07-01 14:26:00 +10:00
teor (Tim Wilson-Brown)
516c02b178
Make authority_certs_fetch_missing support bridge hints
This also fixes an issue where bridge clients may have found a
routerstatus for a directory mirror, and connected to it directly.
2016-07-01 14:01:25 +10:00
teor (Tim Wilson-Brown)
f90bfaae8d
Refactor duplicate code in authority_certs_fetch_missing 2016-07-01 14:00:25 +10:00
teor (Tim Wilson-Brown)
d3ca6fe475
Call purpose_needs_anonymity in authority_certs_fetch_missing 2016-07-01 14:00:20 +10:00
teor (Tim Wilson-Brown)
b4dcf56768
Hex-encode raw digest before printing in authority_certs_fetch_missing 2016-07-01 14:00:07 +10:00
teor (Tim Wilson-Brown)
596ccbf839
Refactor authority_certs_fetch_missing to call get_options once 2016-07-01 09:35:27 +10:00
Nick Mathewson
69e22e294b Set binary mode when checking malformed descriptor. 2016-06-30 18:23:58 -04:00
Nick Mathewson
b750a77e3f fix naked memcmps 2016-06-30 15:34:16 -04:00
Nick Mathewson
2713de2a47 Fix more naked strdup/malloc/free instances 2016-06-30 14:36:31 -04:00
Nick Mathewson
c3b720fb26 Try to fix warnings when size_t is smaller than st.st_size. 2016-06-30 14:20:04 -04:00
Nick Mathewson
b5beb2afa6 fix a syntax warning 2016-06-30 14:19:55 -04:00
Nick Mathewson
ded7e8093c Fix three -Wtautological-constant-out-of-range-compare warnings. 2016-06-30 14:08:28 -04:00
Nick Mathewson
3627718348 Fix -Wextra-semi warning 2016-06-30 13:50:16 -04:00
Nick Mathewson
6d2f006bf4 Fix a 32-bit compilation failure 2016-06-30 13:47:45 -04:00
Nick Mathewson
8917c4f19f A little more specificity in documentation for getinfo download/ stuff
Also, a const.
2016-06-30 13:42:38 -04:00
Nick Mathewson
cb54390e0f Merge remote-tracking branch 'andrea/ticket19323_squashed' 2016-06-30 11:44:58 -04:00
Nick Mathewson
c6846d7bf0 Merge remote-tracking branch 'andrea/bug18322_v3_squashed' 2016-06-30 11:18:00 -04:00
Andrea Shepard
13a16e0011 Also check if the sandbox is configured as well as if it's active; sandbox_init() runs rather late in the startup process 2016-06-30 09:37:23 +00:00
Andrea Shepard
34d9dabed1 Do sandbox_is_active() check before reconstructing dump_desc() FIFO on startup too 2016-06-30 07:45:55 +00:00
Andrea Shepard
9580b99dab Add unit test for dump_desc_populate_fifo_from_directory() 2016-06-30 07:03:26 +00:00
Andrea Shepard
f99c9df02b Make things mockable for dump_desc_populate_fifo_from_directory() unit test 2016-06-30 07:03:26 +00:00
Andrea Shepard
42f089473a Unit test for dump_desc_populate_one_file() 2016-06-30 07:03:26 +00:00
Andrea Shepard
421cf21b3c Reload unparseable descriptor dump FIFO state from on-disk dumped descriptors at startup 2016-06-30 07:03:26 +00:00
Andrea Shepard
38cced90ef Move unparseable descriptor dumps into subdirectory of DataDir 2016-06-30 07:03:25 +00:00
Andrea Shepard
dc37546cff Add sandbox_is_active() check to dump_desc() 2016-06-30 07:03:25 +00:00
Andrea Shepard
603f483092 Use uint64_t for total length of dumped descriptors, nad be careful about overflows in the loop in dump_desc_fifo_add_and_clean() 2016-06-30 07:03:25 +00:00
Andrea Shepard
2a17b93cc4 Make options_get_datadir_fname2_suffix() mockable 2016-06-30 07:03:25 +00:00
Andrea Shepard
35fc5879fb Expose a few more dump_desc()-related things to the test suite 2016-06-30 07:03:25 +00:00
Andrea Shepard
17ed2fed68 Expose dump_desc() to the test suite and make things it calls mockable 2016-06-30 07:03:24 +00:00
Andrea Shepard
726dc9acf5 Remove old unparseable descriptor logging mechanism, add bump-to-head-of-queue for repeated unparseable descriptors, rename config variable 2016-06-30 07:03:24 +00:00
Andrea Shepard
1cde3e2776 Add multiple descriptor dump support for dump_desc() in routerparse.c; fixes bug 18322 2016-06-30 07:03:24 +00:00
Roger Dingledine
4dc7b3ca28 fix typo 2016-06-29 22:56:56 -04:00
Nick Mathewson
7602b0b31f Merge remote-tracking branch 'weasel/bug19503' 2016-06-29 16:10:10 -04:00
Andrea Shepard
657eaee6ae Expose GETINFO download status statics for test suite and make things mockable 2016-06-29 05:55:42 +00:00
Andrea Shepard
c692900728 Add bridge descriptor download status queries to GETINFO 2016-06-29 05:55:42 +00:00
Andrea Shepard
8798ca4be2 Add router descriptor download status queries to GETINFO 2016-06-29 05:55:42 +00:00
Andrea Shepard
18c6e13993 Expose authority certificate download statuses on the control port 2016-06-29 05:55:42 +00:00
Nick Mathewson
f42dbc4e26 Merge branch 'maint-0.2.8' 2016-06-28 19:15:43 -04:00
Nick Mathewson
2c9354fc10 Merge branch 'bug19071-extra-squashed' into maint-0.2.8 2016-06-28 19:15:20 -04:00
teor (Tim Wilson-Brown)
26146dbe9e Comment-out fallbacks in a way the stem fallback parser understands
If we manually remove fallbacks in C by adding '/*' and '*/' on separate
lines, stem still parses them as being present, because it only looks at
the start of a line.

Add a comment to this effect in the generated source code.
2016-06-28 19:15:08 -04:00
Nick Mathewson
d793a988cd Merge branch 'maint-0.2.8' 2016-06-28 11:22:48 -04:00
Nick Mathewson
bc9a0f82b3 whitespace fixes 2016-06-28 11:14:42 -04:00
Nick Mathewson
f87aa4555d Merge remote-tracking branch 'teor/bug18812' into maint-0.2.8 2016-06-28 11:12:51 -04:00
teor (Tim Wilson-Brown)
608c12baaf
Resolve bug18812 by logging fallback key changes at info level 2016-06-28 14:18:16 +10:00
teor (Tim Wilson-Brown)
812fd416ef
Make it clear that fallbacks include authorities
Comment-only change
2016-06-28 14:14:04 +10:00
teor (Tim Wilson-Brown)
14b1c7a66e
Refactor connection_or_client_learned_peer_id for bug18812
No behavioural change.
Also clarify some comments.
2016-06-28 14:12:18 +10:00