Commit Graph

8066 Commits

Author SHA1 Message Date
Nick Mathewson
94f85f216a Turn streq_opt into a generic strcmp_opt. 2011-07-19 02:36:11 -04:00
Nick Mathewson
172f8acbe7 Stick controller-originated resolves in their own session group 2011-07-19 02:02:17 -04:00
Nick Mathewson
8314fa5e5c Implement sensible isolation for tunneled directory conns
One-hop dirconn streams all share a session group, and get the
ISO_SESSIONGRP flag: they may share circuits with each other and
nothing else.

Anonymized dirconn streams get a new internal-use-only ISO_STREAM
flag: they may not share circuits with anything, including each other.
2011-07-19 02:02:17 -04:00
Nick Mathewson
424063e3b2 Implement destaddr-based isolation
The new candidate rule, which arma suggested and I like, is that
the original address as received from the client connection or as
rewritten by the controller is the address that counts.
2011-07-19 02:02:11 -04:00
Nick Mathewson
aef30547dc Add an option to limit the number of non-open client circuits.
This is mainly meant as a way to keep clients from accidentally
DOSing themselves by (e.g.) enabling IsolateDestAddr or
IsolateDestPort on a port that they use for HTTP.
2011-07-19 01:58:45 -04:00
Nick Mathewson
20c0581a79 Launch sufficient circuits to satisfy pending isolated streams
Our old "do we need to launch a circuit for stream S" logic was,
more or less, that if we had a pending circuit that could handle S,
we didn't need to launch a new one.

But now that we have streams isolated from one another, we need
something stronger here: It's possible that some pending C can
handle either S1 or S2, but not both.

This patch reuses the existing isolation logic for a simple
solution: when we decide during circuit launching that some pending
C would satisfy stream S1, we "hypothetically" mark C as though S1
had been connected to it.  Now if S2 is incompatible with S1, it
won't be something that can attach to C, and so we'll launch a new
stream.

When the circuit becomes OPEN for the first time (with no streams
attached to it), we reset the circuit's isolation status.  I'm not
too sure about this part: I wanted some way to be sure that, if all
streams that would have used a circuit die before the circuit is
done, the circuit can still get used.  But I worry that this
approach could also lead to us launching too many circuits.  Careful
thought needed here.
2011-07-19 01:58:45 -04:00
Nick Mathewson
773bfaf91e Implement stream isolation
This is the meat of proposal 171: we change circuit_is_acceptable()
to require that the connection is compatible with every connection
that has been linked to the circuit; we update circuit_is_better to
prefer attaching streams to circuits in the way that decreases the
circuits' usefulness the least; and we update link_apconn_to_circ()
to do the appropriate bookkeeping.
2011-07-19 01:58:45 -04:00
Nick Mathewson
1d3c8c1f74 Add a new isolation type and field: "nym epoch"
The "nym epoch" of a stream is defined as the number of times that
NEWNYM had been called before the stream was opened.  All streams
are isolated by nym epoch.

This feature should be redundant with existing signewnym stuff, but
it provides a good belt-and-suspenders way for us to avoid ever
letting any circuit type bypass signewnym.
2011-07-19 01:58:45 -04:00
Nick Mathewson
461623e7f9 Const-ify a few functions 2011-07-19 01:58:44 -04:00
Nick Mathewson
ea0a9b16b9 (Unused) backend logic for stream isolation
This patch adds fields to track how streams should be isolated, and
ensures that those fields are set correctly.  It also adds fields to
track what streams can go on a circuit, and adds functions to see
whether a streams can go on a circuit and update the circuit
accordingly.  Those functions aren't yet called.
2011-07-19 01:58:44 -04:00
Nick Mathewson
d2205ca458 Refactor listener_connection_t into its own type.
This will allow us to add more fields to listener_connection_t
without bloating the other connection types.
2011-07-19 01:58:44 -04:00
Nick Mathewson
ddc65e2b33 Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.

Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t.  Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them.  Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.

We should do a related refactoring on other port types.  For
control ports, that'll be easy enough.  For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).

This implements tickets 3514 and 3515.
2011-07-19 01:58:43 -04:00
Nick Mathewson
2163e420b2 Merge remote-tracking branch 'public/bug3560' 2011-07-18 17:57:06 -04:00
Nick Mathewson
218e84b634 Remember optimistically sent data until we have gotten a CONNECTED
Since we can retry failed streams under some circumstances, we need
to be ready to send data queued on them.
2011-07-18 15:43:16 -04:00
Nick Mathewson
34a52534bb Add a generic_buffer_t to use the best buffer type we have on hand
Also add a quick function to copy all the data in a buffer.  (This
one could be done much better, but let's see if it matters.)
2011-07-18 15:36:20 -04:00
Nick Mathewson
1e441df2d0 Only use optimistic data with exits that support it
This adds a little code complexity: we need to remember for each
node whether it supports the right feature, and then check for each
connection whether it's exiting at such a node.  We store this in a
flag in the edge_connection_t, and set that flag at link time.
2011-07-18 13:56:22 -04:00
Nick Mathewson
ba5d758104 Initial optimistic_client fixes
- Conform to make check-spaces
  - Build without warnings from passing size_t to %d
  - Use connection_get_inbuf_len(), not buf_datalen (otherwise bufferevents
    won't work).
  - Don't log that we're using this feature at warn.
2011-07-18 13:00:48 -04:00
Ian Goldberg
326d5c156d Implement the client side of optimistic data (proposal 174) 2011-07-18 12:56:45 -04:00
George Kadianakis
cfb473ed34 Changed a printf() to a log_debug(). 2011-07-18 17:08:55 +02:00
George Kadianakis
69271b2a38 Reuse get_string_from_pipe() in log_from_pipe(). 2011-07-18 17:06:16 +02:00
George Kadianakis
51cdd30c01 Let's be smarter while parsing {Client,Server}TransportPlugin lines. 2011-07-18 16:42:31 +02:00
George Kadianakis
14c5a24fe7 Replaced ST_* enum prefix for stream status with IO_STREAM_*. 2011-07-18 02:35:29 +02:00
George Kadianakis
a8f21f91cf Updated #includes etc. to use transports.[ch]. 2011-07-18 02:33:31 +02:00
George Kadianakis
d8c04c7ea5 Renamed pluggable_transports.[ch] to transports.[ch]. 2011-07-18 02:19:38 +02:00
Nick Mathewson
975150a13e Better messages when we're stalled because of microdescriptors
It's a little confusing for me to say "only X/Y descriptors" when
I have microdescriptors enabled.  So, let's fix that.
2011-07-15 19:38:27 -04:00
Nick Mathewson
b8943461c0 Fix bug in upload/download of hsdesc with microdescs
Previously we were using router_get_by_id(foo) to test "do we have a
descriptor that will let us make an anonymous circuit to foo".  But
that isn't right for microdescs: we should have been using node_t.

Fixes bug 3601; bugfix on 0.2.3.1-alpha.
2011-07-15 18:55:12 -04:00
Nick Mathewson
8157dcbdf8 Merge remote-tracking branch 'sebastian/compile_warning' 2011-07-15 17:54:49 -04:00
Nick Mathewson
2b660f9781 Fix a wide line. "Tradition!" 2011-07-15 17:53:13 -04:00
Sebastian Hahn
2d0b56a505 Fix a compile warning on OS X 10.6 2011-07-15 23:12:43 +02:00
Nick Mathewson
6aef89bda4 Remove compare_addr_to_node_policy
Instead, use compare_tor_addr_to_node_policy everywhere.

One advantage of this is that compare_tor_addr_to_node_policy can
better distinguish 0.0.0.0 from "unknown", which caused a nasty bug
with microdesc users.
2011-07-15 13:04:12 -04:00
Nick Mathewson
f40df02f3e Treat null address as "unknown", not "rejected" in md policy
Previously, we had an issue where we'd treat an unknown address as
0, which turned into "0.0.0.0", which looked like a rejected
address.  This meant in practice that as soon as we started doing
comparisons of unknown uint32 addresses to short policies, we'd get
'rejected' right away.  Because of the circumstances under which
this would be called, it would only happen when we had local DNS
cached entries and we were looking to launch new circuits.
2011-07-15 13:04:06 -04:00
Nick Mathewson
3380dc9cc0 Remove compare_addr_to_addr_policy
Nothing used it but the unit tests; everything else knows to use
compare_tor_addr_to_addr_policy instead.
2011-07-15 12:31:09 -04:00
Nick Mathewson
44cfa53873 Make WIN32_WINNT defines conditional
Requested by Gisle Vanem on tor-dev.  I'm not quite sure this is the
right solution, but it's probably harmless.
2011-07-15 10:03:59 -04:00
Nick Mathewson
852b131281 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/control.c
2011-07-14 17:22:23 -04:00
Nick Mathewson
2e34416c6d Improve error msg on failed getinfo fingerprint 2011-07-14 17:19:52 -04:00
Nick Mathewson
642cff5bca Only download microdesc consensus from caches that support it
Bugfix on 0.2.3.1-alpha; found by arma; never got a bug number.
2011-07-14 14:19:18 -04:00
George Kadianakis
86b20e0d8a Reverting the accounting thing introduced in 5492de76 till I think how it should be done properly. 2011-07-14 04:24:10 +02:00
George Kadianakis
684aca7faf Changed a couple of 180 spec stuff according to #3578.
* Restored "proxy" in external ServerTransportPlugin lines.
* Changed the extended OR port and ORPort env. vars to addr:port.
2011-07-14 01:03:35 +02:00
George Kadianakis
5492de76dd Put some last missing pieces together.
* Add some utility transport functions in circuitbuild.[ch] so that we
  can use them from pt.c.
* Make the accounting system consider traffic coming from proxies.
* Make sure that we only fetch bridge descriptors when all the
  transports are configured.
2011-07-13 19:06:07 +02:00
George Kadianakis
9ba2d0e439 Create the pluggable_transports.[ch] source files responsible for talking the 180 talk. 2011-07-13 19:00:28 +02:00
George Kadianakis
73a1e98cb9 Add support for managed {Client,Server}TransportPlugin parsing. 2011-07-13 18:58:11 +02:00
Nick Mathewson
5000e59b5f Change GETINFO fingerprint to look at server_mode, not my_descriptor
It's possible for us to be a server and have a fingerprint without
having yet generated a descriptor.

Fixes bug 3577; bugfix on 0.2.0.1-alpha
2011-07-13 12:45:18 -04:00
Nick Mathewson
e8bfe89365 Resolve a warning from the bug1666 branch 2011-07-13 12:13:12 -04:00
Nick Mathewson
1aab5b6b39 Merge remote-tracking branch 'public/bug1666'
Conflicts:
	doc/spec/socks-extensions.txt
	src/or/buffers.c
	src/or/config.c
	src/or/connection_edge.c
2011-07-13 12:12:16 -04:00
Nick Mathewson
9a6642f6f5 Avoid warning in broken_state_count_compare 2011-07-12 11:23:55 -04:00
Nick Mathewson
16c5a62a66 Add more error checks to socks parsing code
Suggested by Linus to avoid uninitialized reads or infinite loops if
it turns out our code is buggier than we had thought.
2011-07-12 10:51:31 -04:00
Nick Mathewson
597da4989e Merge branch 'bug2798' 2011-07-11 17:04:21 -04:00
Nick Mathewson
d82384658d Tweaks to bug2798 based on comments by arma 2011-07-11 17:02:03 -04:00
Nick Mathewson
b49e561f01 Turn on microdescriptors for clients 2011-07-11 16:54:43 -04:00
Nick Mathewson
b55e31aeb4 Merge remote-tracking branch 'rransom-tor/bug3427' 2011-07-11 16:32:58 -04:00
Nick Mathewson
42ff326afa Merge branch 'bug2616' 2011-07-11 16:22:12 -04:00
Nick Mathewson
2a594fcde9 Disable recording new broken conns when we have bootstrapped
Rationale: right now there seems to be no way for our bootstrap
status to dip under 100% once it has reached 100%.  Thus, recording
broken connections after that point is useless, and wastes memory.

If at some point in the future we allow our bootstrap level to go
backwards, then we should change this rule so that we disable
recording broken connection states _as long as_ the bootstrap status
is 100%.
2011-07-11 16:13:17 -04:00
Nick Mathewson
e253e9577f Clear broken connection map on successful bootstrap 2011-07-11 16:13:17 -04:00
Nick Mathewson
3f97c665aa Document feature3116 fns and improve output
- We were reporting the _bottom_ N failing states, not the top N.
- With bufferevents enabled, we logged all TLS states as being "in
  bufferevent", which isn't actually informative.
- When we had nothing to report, we reported nothing too loudly.
- Also, we needed documentation.
2011-07-11 16:13:17 -04:00
Nick Mathewson
b0de8560f6 Report the states of failed TLS connections from bootstrap_problem 2011-07-11 16:13:17 -04:00
Nick Mathewson
b25ca8af06 Limit the number of different handshake reasons to report
If connections failed in more than 10 different states, let's just
report the top ten states.
2011-07-11 16:13:17 -04:00
Nick Mathewson
734d9486f6 Record the states of failing OR connections
This code lets us record the state of any outgoing OR connection
that fails before it becomes open, so we can notice if they're all
dying in the same SSL state or the same OR handshake state.

More work is still needed:
  - We need documentation
  - We need to actually call the code that reports the failure when
    we realize that we're having a hard time connecting out or
    making circuits.
  - We need to periodically clear out all this data -- perhaps,
    whenever we build a circuit successfully?
  - We'll eventually want to expose it to controllers, perhaps.

Partial implementation of feature 3116.
2011-07-11 16:13:17 -04:00
Nick Mathewson
0fd8ce15c2 Make a function static
Now that connection_dir_about_to_close() is in directory.c, there's
no reason to expose connection_dir_request_failed().
2011-07-11 16:13:17 -04:00
Nick Mathewson
a2ad31a92b Split connection_about_to_close_connection into separate functions
This patch does NOTHING but:
  - move code
  - add declarations and includes as needed to make the new code
    work
  - declare the new functions.
2011-07-11 16:13:16 -04:00
Nick Mathewson
616d85fdd8 Fix compilation from 2841 branch 2011-07-11 15:59:03 -04:00
Nick Mathewson
e006aa5dfa Merge remote-tracking branch 'public/bug2841'
Conflicts:
	src/or/config.c
2011-07-11 15:57:12 -04:00
Linus Nordberg
4ce302c8e5 Fix cut'n'paste bug in comment. 2011-07-11 20:52:52 +02:00
Nick Mathewson
e158f8de4b Rename and tweak nodelist_add_node_family() to add node
It's very easy for nodelist_add_node_family(sl,node) to accidentally
add 'node', and kind of hard to make sure that it omits it.  Instead
of taking pains to leave 'node' out, let's instead make sure that we
always include it.

I also rename the function to nodelist_add_node_and_family, and
audit its users so that they don't add the node itself any longer,
since the function will take care of that for them.

Resolves bug 2616, which was not actually a bug.
2011-07-11 11:21:47 -04:00
Nick Mathewson
2797fd8f68 Revise code for adding EntryNodes to guards.
Previously, we'd just take all the nodes in EntryNodes, see which
ones were already in the guard list, and add the ones that weren't.
There were some problems there, though:

   * We'd add _every_ entry in EntryNodes, and add them in the order
     they appeared in the routerlist.  This wasn't a problem
     until we added the ability to give country-code or IP-range
     entries in the EntryNodes set, but now that we did, it is.

     (Fix: We now shuffle the entry nodes before adding them; only
     add up to 10*NumEntryGuards)

   * We didn't screen EntryNodes for the Guard flag.  That's okay
     if the user has specified two or three entry nodes manually,
     but if they have listed a whole subcontinent, we should
     restrict ourselves to the entries that are currently guards.

     (Fix: separate out the new guard from the new non-guard nodes,
     and add the Guards first.)

   * We'd prepend new EntryNodes _before_ the already configured
     EntryNodes.  This could lead to churn.

     (Fix: don't prepend these.)

This patch also pre-screens EntryNodes entries for
reachableaddresses/excludenodes, even though we check for that
later.  This is important now, since we cap the number of entries
we'll add.
2011-07-11 10:58:07 -04:00
Nick Mathewson
60832766ac Look at the right consensus in router_add_to_routerlist()
Just looking at the "latest" consensus could give us a microdesc
consensus, if microdescs were enabled. That would make us decide
that every routerdesc was unlisted in the latest consensus and drop
them all: Ouch.

Fixes bug 3113; bugfix on 0.2.3.1-alpha.
2011-07-11 10:02:24 -04:00
Nick Mathewson
3799ce7970 Merge branch 'bug2797' 2011-07-11 09:48:38 -04:00
Nick Mathewson
7dcd105be3 Remove a redundant condition in compare_addr_to_node_policy
A && A == A.

Found by frosty_un
2011-07-08 14:11:49 -04:00
Nick Mathewson
a4d339cf08 Make nodelist_purge avoid orphaned microdescs in rs-less nodes
We have an invariant that a node_t should have an md only if it has
a routerstatus.  nodelist_purge tried to preserve this by removing
all nodes without a routerstatus or a routerinfo.  But this left
nodes with a routerinfo and a microdesc untouched, even if they had
a routerstatus.

Bug found by frosty_un.
2011-07-07 15:28:45 -04:00
Nick Mathewson
64c8e8edda Kill redundant checks around routerset_contains_*()
All of the routerset_contains*() functions return 0 if their
routerset_t argument is NULL.  Therefore, there's no point in
doing "if (ExcludeNodes && routerset_contains*(ExcludeNodes...))",
for example.

This patch fixes every instance of
         if (X && routerstatus_contains*(X,...))

Note that there are other patterns that _aren't_ redundant.  For
example, we *don't* want to change:
        if (EntryNodes && !routerstatus_contains(EntryNodes,...))

Fixes #2797.  No bug here; just needless code.
2011-07-07 11:52:13 -04:00
Nick Mathewson
174cbff8cf Merge remote-tracking branch 'public/bug3153'
Conflicts:
	src/or/nodelist.c
2011-07-07 11:14:04 -04:00
Nick Mathewson
6b670d6032 Merge branch 'bug3263' 2011-07-07 11:08:03 -04:00
Nick Mathewson
bc3c54a07f Have transitions in public_server_mode count as affects_descriptor
Previously, we'd get a new descriptor for free when
public_server_mode() changed, since it would count as
affects_workers, which would call init_keys(), which would make us
regenerate a new descriptor.  But now that we fixed bug 3263,
init_keys() is no longer necessarily a new descriptor, and so we
need to make sure that public_server_mode() counts as a descriptor
transition.
2011-07-07 11:05:06 -04:00
Nick Mathewson
31120ff692 Remove unused var in write_to_evbuffer_zlib 2011-07-07 11:00:51 -04:00
Nick Mathewson
57822cbbbe Avoid double-free in bufferevent read/write cbs
Fixes bug 3404; bugfix on 0.2.3.1-alpha.
2011-07-07 11:00:21 -04:00
Nick Mathewson
f883ec09b5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-07 09:56:01 -04:00
Sebastian Hahn
3ab09763ce Correctly send a SUCCEEDED event for rdns requests
The issue was that we overlooked the possibility of reverse DNS success
at the end of connection_ap_handshake_socks_resolved(). Issue discovered
by katmagic, thanks!
2011-07-07 05:38:38 +02:00
Roger Dingledine
ab8c0d4c9e Merge branch 'maint-0.2.2' 2011-07-06 00:49:11 -04:00
Roger Dingledine
4f74979173 appease check-spaces 2011-07-06 00:48:22 -04:00
Nick Mathewson
0be2934186 Merge remote-tracking branch 'rransom-tor/bug3465-023-v2' 2011-07-05 16:01:07 -04:00
Nick Mathewson
335ff915c7 Merge remote-tracking branch 'rransom-tor/bug3465-022' into maint-0.2.2 2011-07-05 15:52:11 -04:00
Nick Mathewson
6053e11ee6 Refactor the interfaces of transport/proxy lookup fns
Returning a tristate is needless here; we can just use the yielded
transport/proxy_type field to tell whether there's a proxy, and have
the return indicate success/failure.

Also, store the proxy_type in the or_connection_t rather than letting
it get out of sync if a configuration reload happens between launching
the or_connection and deciding what to say with it.
2011-07-03 00:13:41 -04:00
Nick Mathewson
7212538997 Future-proof and user-proof parse_bridge_line 2011-07-03 00:02:13 -04:00
Nick Mathewson
c0de533c56 Simplify parse_client_transport_line 2011-07-02 23:32:17 -04:00
Nick Mathewson
ded6bbf70a Style and grammar tweaks on 2841 branch 2011-07-02 23:26:37 -04:00
Nick Mathewson
c4b831e92d Small tweaks to 2841 code
- const-ify some transport_t pointers
    - Remove a vestigial argument to parse_bridge_line
    - Make it compile without warnings on my laptop with
      --enable-gcc-warnings
2011-07-02 23:12:32 -04:00
Nick Mathewson
e273890b10 Merge branch 'cov217_master' 2011-07-01 12:57:21 -04:00
Nick Mathewson
734e860d98 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-07-01 12:56:40 -04:00
Nick Mathewson
06f0c1aa6a Merge branch 'cov217_022_squashed' into maint-0.2.2 2011-07-01 12:56:14 -04:00
Nick Mathewson
bc91cb6e45 Use strlcpy when copying node IDs into measured_bw_line_t
We were using strncpy before, which isn't our style for stuff like
this.

This isn't a bug, though: before calling strncpy, we were checking
that strlen(src) was indeed == HEX_DIGEST_LEN, which is less than
sizeof(dst), so there was no way we could fail to NUL-terminate.
Still, strncpy(a,b,sizeof(a)) is an idiom that we ought to squash
everyplace.

Fixes CID #427.
2011-07-01 12:56:07 -04:00
Nick Mathewson
2ba19f9b4a Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-07-01 12:55:23 -04:00
Nick Mathewson
959da6b7f2 Use strlcpy in create_unix_sockaddr()
Using strncpy meant that if listenaddress were ever >=
sizeof(sockaddr_un.sun_path), we would fail to nul-terminate
sun_path.  This isn't a big deal: we never read sun_path, and the
kernel is smart enough to reject the sockaddr_un if it isn't
nul-terminated.  Nonetheless, it's a dumb failure mode.  Instead, we
should reject addresses that don't fit in sockaddr_un.sun_path.

Coverity found this; it's CID 428.  Bugfix on 0.2.0.3-alpha.
2011-07-01 12:54:24 -04:00
Nick Mathewson
46297bc7bd Fix a rare memory leak in rend_cache_store
When we rejected a descriptor for not being the one we wanted, we
were letting the parsed descriptor go out of scope.

Found by Coverity; CID # 30.

Bugfix on 0.2.1.26.

(No changes file yet, since this is not in any 0.2.1.x release.)
2011-07-01 12:54:19 -04:00
Nick Mathewson
eca982d3eb Defensive programming: don't crash with broken node_t
Every node_t has either a routerinfo_t or a routerstatus_t, so every
node_t *should* have a nickname.  Nonetheless, let's make sure in
hex_digest_nickname_matches().

Should quiet CID 434.
2011-07-01 11:43:34 -04:00
Nick Mathewson
1d18c2deb6 Don't shadow parameters with local variables
This is a little error-prone when the local has a different type
from the parameter, and is very error-prone with both have the same
type.  Let's not do this.

Fixes CID #437,438,439,440,441.
2011-07-01 11:33:07 -04:00
Nick Mathewson
a0ae80788c Replace 4 more sscanf()s with tor_sscanf()
For some inexplicable reason, Coverity departs from its usual
standards of avoiding false positives here, and warns about all
sscanf usage, even when the formatting strings are totally safe.

Addresses CID # 447, 446.
2011-07-01 11:26:30 -04:00
Nick Mathewson
da62af6f6b Replace a "const const" with a "const"
Looks like this squeaked in while I was doing a search-and-replace
to constify things.  Coverity CID 483.
2011-07-01 11:11:35 -04:00
Nick Mathewson
05c424f4b8 Refactor fetch_from_buf_socks() to be greedy
Previously, fetch_from_buf_socks() might return 0 if there was still
data on the buffer and a subsequent call to fetch_from_buf_socks()
would return 1.  This was making some of the socks5 unit tests
harder to write, and could potentially have caused misbehavior with
some overly verbose SOCKS implementations.  Now,
fetch_from_buf_socks() does as much processing as it can, and
returns 0 only if it really needs more data.  This brings it into
line with the evbuffer socks implementation.
2011-06-29 17:45:27 -04:00
Nick Mathewson
ee42fe8fbb Don't drain extra data when parsing socks auth methods
We added this back in 0649fa14 in 2006, to deal with the case where
the client unconditionally sent us authentication data.  Hopefully,
that's not needed any longer, since we now can actually parse
authentication data.
2011-06-29 17:29:33 -04:00
Nick Mathewson
2e6604f42e Record username/password data in socks_request_t
This change also requires us to add and use a pair of
allocator/deallocator functions for socks_request_t, instead of
using tor_malloc_zero/tor_free directly.
2011-06-29 13:08:46 -04:00
Nick Mathewson
204bce7e3c If we negotiate authentication, require it. 2011-06-29 12:16:09 -04:00
Nick Mathewson
aec396d9d0 Be more strict about when to accept socks auth message
In the code as it stood, we would accept any number of socks5
username/password authentication messages, regardless of whether we
had actually negotiated username/password authentication.  Instead,
we should only accept one, and only if we have really negotiated
username/password authentication.

This patch also makes some fields of socks_request_t into uint8_t,
for safety.
2011-06-29 12:12:58 -04:00
Nick Mathewson
9b3f48c074 Fix 'make check-spaces' 2011-06-29 11:47:35 -04:00
Nick Mathewson
1ed615ded7 Correct byte-counting in socks auth parsing code 2011-06-29 11:45:15 -04:00
George Kadianakis
36468ec44b Trivial code tweaks and documentation updates. 2011-06-28 05:43:40 +02:00
Robert Ransom
ca6efcf507 Make handle_control_setevents table-driven 2011-06-25 17:45:33 -07:00
Robert Ransom
c780bc4d0b Merge branch 'bug3465-022' into bug3465-023
* bug3465-022:
  Add BUILDTIMEOUT_SET to the result of GETINFO events/names
  Correct a comment
  Fix minor comment issues
2011-06-25 15:04:07 -07:00
Robert Ransom
93d52f6739 Add BUILDTIMEOUT_SET to the result of GETINFO events/names 2011-06-25 15:02:11 -07:00
Robert Ransom
53f87a89f0 Correct a comment 2011-06-24 15:18:22 -07:00
Nick Mathewson
0b536469ee Merge remote-tracking branch 'rransom-tor/bug3456' 2011-06-24 16:48:38 -04:00
Robert Ransom
76d0d62bd9 Correct terminology in comment 2011-06-24 11:28:52 -07:00
Robert Ransom
58f801fadf Store cpath_build_state_t flags in one-bit bitfields, not ints 2011-06-24 11:28:15 -07:00
Robert Ransom
cb1b20dbad Fix minor comment issues 2011-06-23 15:46:15 -07:00
Nick Mathewson
9919b01275 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-22 18:15:27 -04:00
George Kadianakis
1fe8bee656 Revised how we handle ClientTransportPlugin and Bridge lines.
Multiple Bridge lines can point to the same one ClientTransportPlugin
line, and we can have multiple ClientTransportPlugin lines in our
configuration file that don't match with a bridge. We also issue a
warning when we have a Bridge line with a pluggable transport but we
can't match it to a ClientTransportPlugin line.
2011-06-22 23:28:11 +02:00
Robert Ransom
d7254bea11 Fix minor comment issues 2011-06-22 14:09:43 -07:00
George Kadianakis
5a05deb574 Various small tweaks around config.c and or.h 2011-06-21 18:49:04 +02:00
George Kadianakis
298f170036 Tweaked connection{.c,.h,_or.c} based on nick's comments.
* Tweaked doxygen comments.
* Changed returns of get_proxy_addrport().
* Ran make check-spaces.
* Various small code tweaks.
2011-06-21 18:48:43 +02:00
George Kadianakis
392e947df5 Fixes on circuitbuild.[ch] based on nick's comments.
* Renamed transport_info_t to transport_t.
* Introduced transport_get_by_name().
* Killed match_bridges_with_transports().
  We currently *don't* detect whether any bridges miss their transports,
  of if any transports miss their bridges.
* Various code and aesthetic tweaks and English language changes.
2011-06-21 18:46:50 +02:00
Nick Mathewson
64a5a4177f Merge branch 'bug3367' 2011-06-21 11:32:52 -04:00
Nick Mathewson
e617a34d58 Add, use a bufferevent-safe connection_flush()
A couple of places in control.c were using connection_handle_write()
to flush important stuff (the response to a SIGNAL command, an
ERR-level status event) before Tor went down.  But
connection_handle_write() isn't meaningful for bufferevents, so we'd
crash.

This patch adds a new connection_flush() that works for all connection
backends, and makes control.c use that instead.

Fix for bug 3367; bugfix on 0.2.3.1-alpha.
2011-06-21 10:22:54 -04:00
Nick Mathewson
8653f31d8d Fix overwide line in config.c 2011-06-20 15:29:22 -04:00
intrigeri
8b265543eb Add port 6523 (Gobby) to LongLivedPorts. 2011-06-20 12:08:46 -04:00
Nick Mathewson
a046966baf Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/or.h
2011-06-19 21:00:15 -04:00
Robert Ransom
eeedc5c13c Put hashes of all tor source files into or_sha1.i 2011-06-18 00:54:04 -07:00
Nick Mathewson
3b41551b61 Revert "Add an "auto" option to UseBridges"
This reverts commit 507c1257a4.
2011-06-17 16:45:53 -04:00
Nick Mathewson
42d6f34590 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-17 15:25:18 -04:00
Nick Mathewson
85d4c290d7 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-06-17 15:24:23 -04:00
Robert Ransom
010b8dd4f6 Abandon rendezvous circuits on SIGNAL NEWNYM 2011-06-17 15:22:23 -04:00
Nick Mathewson
31b9b1a5bb Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-17 15:04:29 -04:00
Nick Mathewson
209229f100 Merge branch 'bug3407' into maint-0.2.2 2011-06-17 14:59:39 -04:00
Robert Ransom
227896e447 Make send_control_event_impl's behaviour sane 2011-06-17 13:57:25 -04:00
Robert Ransom
70785f87bb Fix comment typo 2011-06-17 13:57:25 -04:00
Robert Ransom
68cd0a9abe Make connection_printf_to_buf's behaviour sane 2011-06-17 13:57:25 -04:00
Roger Dingledine
64bfbcb918 log when we finish ssl handshake and move to renegotiation
debug-level since it will be quite common. logged at both client
and server side. this step should help us track what's going on
with people filtering tor connections by our ssl habits.
2011-06-17 03:31:59 -04:00
Nick Mathewson
a857f61e27 Merge remote-tracking branch 'rransom-tor/bug3332-v2' 2011-06-15 11:33:40 -04:00
Robert Ransom
44eafa9697 Assert that HS operations are not performed using single-hop circuits
(with fixes by Nick Mathewson to unbreak the build)
2011-06-14 21:32:49 -07:00
Nick Mathewson
875a551409 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-14 13:46:46 -04:00
Nick Mathewson
a25c0a5bf8 Merge remote-tracking branch 'public/bug3369' into maint-0.2.2 2011-06-14 13:46:10 -04:00
Nick Mathewson
19febed9e5 Merge remote-tracking branch 'rransom-tor/bug3349' 2011-06-14 13:39:26 -04:00
Nick Mathewson
47c8433a0c Make the get_options() return const
This lets us make a lot of other stuff const, allows the compiler to
generate (slightly) better code, and will make me get slightly fewer
patches from folks who stick mutable stuff into or_options_t.

const: because not every input is an output!
2011-06-14 13:17:06 -04:00
Nick Mathewson
22efe20309 Fix another check_private_dir instance in master 2011-06-14 12:28:16 -04:00
Nick Mathewson
8839b86085 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-14 12:25:33 -04:00
Jérémy Bobbio
54d7d31cba Make ControlSocketsGroupWritable work with User.
Original message from bug3393:

check_private_dir() to ensure that ControlSocketsGroupWritable is
safe to use. Unfortunately, check_private_dir() only checks against
the currently running user… which can be root until privileges are
dropped to the user and group configured by the User config option.

The attached patch fixes the issue by adding a new effective_user
argument to check_private_dir() and updating the callers. It might
not be the best way to fix the issue, but it did in my tests.

(Code by lunar; changelog by nickm)
2011-06-14 12:18:32 -04:00
George Kadianakis
93526cdf0b Fixes small bugs. 2011-06-14 16:00:55 +02:00
George Kadianakis
5b050a9b08 This commit is an attempt to beautify the previous commit.
It creates some helper functions that return the proxy type, proxy addr/port, etc.
2011-06-14 04:28:36 +02:00
George Kadianakis
abe03f4943 Our warning now is much more specific, mentioning proxy type/addr/port.
Not included in the previous commit, because the implementation is
ugly; I see no other way of doing this though.
2011-06-14 03:27:07 +02:00
George Kadianakis
a79bea40d8 We now warn the user if a proxy server is not up when we try to connect with it. 2011-06-14 02:51:59 +02:00
intrigeri
910472c514 client-side DNS proxy server: reply NOTIMPL to unsupported queries
Fix for bug 3369.
2011-06-13 13:37:45 -04:00
George Kadianakis
00ec4b2c00 Various trivial changes.
* Improved function documentation.
* Renamed find_bridge_transport_by_addrport() to
  find_transport_by_bridge_addrport().
* Sanitized log severities we use.
* Ran check-spaces.
2011-06-12 16:41:32 +02:00
George Kadianakis
29203b7f3f We can now connect using transports as well! 2011-06-12 00:14:11 +02:00
George Kadianakis
e09f302589 We can now match our transports with our bridges. 2011-06-11 23:20:39 +02:00
George Kadianakis
20c31c80fb ClientTransportPlugin parsing done. 2011-06-11 17:08:31 +02:00
Sebastian Hahn
8283767365 Fix a memleak in nodelist_assert_ok() 2011-06-08 21:38:42 +02:00
Sebastian Hahn
f303274490 Fix a rare memleak during stats writing
If rep_hist_buffer_stats_write() was called unitinitalized, we'd leak
memory.
2011-06-08 21:35:26 +02:00
Sebastian Hahn
680646e0de Don't use signed 1-bit bitfields
This was harmless, we never compared it to anything but itself or 0.
But Coverity complained, and it had a point.
2011-06-08 21:30:41 +02:00
Sebastian Hahn
9e56ac27da Comment out some obviously dead code.
Coverity warned about it, it's harmless to comment out.
2011-06-08 21:30:41 +02:00
Sebastian Hahn
e6fff7235e Remove a few dead assignments during router parsing 2011-06-08 21:30:40 +02:00
Sebastian Hahn
3033f8459b Remove a dead variable in the heartbeat code 2011-06-08 21:11:42 +02:00
Sebastian Hahn
db7dd3ee7a remove some dead code, found by coverity 2011-06-08 21:07:54 +02:00
Sebastian Hahn
da3256b5ae Update the uptime string to include an hours indicator
Before, it wasn't really obvious if one meant hours:minutes or
minutes:seconds etc.
2011-06-08 19:52:30 +02:00
Nick Mathewson
d696bd1bfc Fix crash bug (3361) when setting off-flavor networkstatus
When we set a networkstatus in the non-preferred flavor, we'd check
the time in the current_consensus.  But that might have been NULL,
which could produce a crash as seen in bug 3361.
2011-06-07 14:46:28 -04:00
Nick Mathewson
8cd5a3c186 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-06 16:20:22 -04:00
Nick Mathewson
42e4e156d9 Detect insanely large circuit build state; don't give its length to rand_int 2011-06-06 16:18:06 -04:00
Robert Ransom
8a69cc0468 Report SIGNAL event to controllers when acting on delayed NEWNYM
Fixes bug 3349.
2011-06-05 05:43:27 -07:00
Robert Ransom
f45261cb29 Increase default required uptime for HSDirs to 25 hours 2011-06-03 12:17:53 -04:00
Robert Ransom
1546054d81 Add a VoteOnHidServDirectoriesV2 configuration option 2011-06-03 12:16:55 -04:00
Nick Mathewson
12f9c91c06 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 11:36:21 -04:00
Nick Mathewson
7aa20b20bf Merge branch 'bug3318c' into maint-0.2.2 2011-06-03 11:34:32 -04:00
Nick Mathewson
bbf2fee8ff Reject 128-byte keys that are not 1024-bit
When we added the check for key size, we required that the keys be
128 bytes.  But RSA_size (which defers to BN_num_bytes) will return
128 for keys of length 1017..1024.  This patch adds a new
crypto_pk_num_bits() that returns the actual number of significant
bits in the modulus, and uses that to enforce key sizes.

Also, credit the original bug3318 in the changes file.
2011-06-03 11:31:19 -04:00
Nick Mathewson
50e4c98a5a Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 11:18:03 -04:00
Nick Mathewson
14c0251d95 Use an autobool for UseBridges_ 2011-06-03 11:17:15 -04:00
Nick Mathewson
de069f5ea7 Merge remote-tracking branch 'rransom/bug2748-v2' into maint-0.2.2 2011-06-03 11:16:48 -04:00
Nick Mathewson
13ec1bf5c2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 10:47:35 -04:00
Nick Mathewson
507c1257a4 Add an "auto" option to UseBridges
UseBridges 1 now means "connect only to bridges; if you know no
bridges, don't make connections."  UseBridges auto means "Use bridges
if they are known, and we have no EntryNodes set, and we aren't a
server."  UseBridges 0 means "don't use bridges."
2011-06-02 15:11:21 -04:00
Nick Mathewson
587cc31140 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/rendclient.c
2011-06-02 15:07:08 -04:00
Nick Mathewson
80038b5453 Merge remote-tracking branch 'rransom-tor/bug3309' into maint-0.2.2 2011-06-02 15:06:04 -04:00
Nick Mathewson
6a320b9905 Merge remote-tracking branch 'origin/maint-0.2.2'
This merge was a bit nontrivial, since I had to write a new
node_is_a_configured_bridge to parallel router_is_a_configured_bridge.

Conflicts:
	src/or/circuitbuild.c
2011-06-02 13:05:00 -04:00
Nick Mathewson
0a4a3de3de Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.c
2011-06-02 12:56:45 -04:00
Nick Mathewson
385c59798a Merge remote-tracking branch 'arma/bug3321' into maint-0.2.2 2011-06-02 12:55:56 -04:00
Sebastian Hahn
df42eb0a18 Fix unit test failure in dir/formats
options->DirPort is 0 in the unit tests, so
router_get_advertised_dir_port() would return 0 so we wouldn't pick a
dirport. This isn't what we want for the unit tests. Fixes bug
introduced in 95ac3ea594.
2011-06-02 13:44:33 +02:00
Robert Ransom
fc4158dad7 Add info-level log messages during HS-client-state purge
I hope these will never be useful, but having them and not needing them is
better than needing them and not having them.
2011-06-02 03:07:09 -07:00
Robert Ransom
d7af8a2f07 Refactor HS client state-clearing code into a separate function 2011-06-02 02:57:29 -07:00
Robert Ransom
b0e7925c02 Clear last_hid_serv_requests on SIGNAL NEWNYM
Fixes bug #3309.
2011-06-02 02:52:40 -07:00
Robert Ransom
a1d866edc9 Make last_hid_serv_requests functions less fragile
Previously, Tor would dereference a NULL pointer and crash if
lookup_last_hid_serv_request were called before the first call to
directory_clean_last_hid_serv_requests.  As far as I can tell, that's
currently impossible, but I want that undocumented invariant to go away
in case I^Wwe break it someday.
2011-06-02 02:52:40 -07:00
Robert Ransom
9ac2f63e0f Unbreak the build 2011-06-01 13:07:26 -04:00
Nick Mathewson
a610ebc3a6 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-01 11:08:28 -04:00
Nick Mathewson
0fd3ad75da Report wrong key sizes correctly
When we introduced NEED_KEY_1024 in routerparse.c back in
0.2.0.1-alpha, I forgot to add a *8 when logging the length of a
bad-length key.

Bugfix for 3318 on 0.2.0.1-alpha.
2011-06-01 11:07:17 -04:00
Roger Dingledine
7039c34519 fix a bridge edge case similar to 2511
If you had configured a bridge but then switched to a different bridge
via the controller, you would still be willing to use the old one.
2011-05-31 20:43:55 -04:00
Roger Dingledine
56771f392e stop asserting at boot
The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.

Now it's later in the function, but still above the accounting calls.
2011-05-30 23:50:37 -04:00
Nick Mathewson
d0e7c545ba Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 16:14:45 -04:00
Nick Mathewson
e035cea031 Merge branch 'bug3216_v2' into maint-0.2.2 2011-05-30 16:12:53 -04:00
Nick Mathewson
d274f539e5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 15:51:46 -04:00
Nick Mathewson
d35a555348 Merge branch 'bug3289' into maint-0.2.2 2011-05-30 15:50:35 -04:00
Sebastian Hahn
ca538290af Warn when two hs use the same directory
This simple implementation has a few issues, but it should do for
0.2.2.x. We will want to revisit this later and make it smarter.
2011-05-30 15:47:06 -04:00
Nick Mathewson
fa1d47293b Merge remote-tracking branch 'origin/maint-0.2.2'
The conflicts were mainly caused by the routerinfo->node transition.

Conflicts:
	src/or/circuitbuild.c
	src/or/command.c
	src/or/connection_edge.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/relay.c
	src/or/rendservice.c
	src/or/routerlist.c
2011-05-30 15:41:46 -04:00
Roger Dingledine
f118dc80e0 minor cleanups while reviewing 3216 2011-05-30 15:31:06 -04:00
Nick Mathewson
7e67a24038 Merge branch 'bug3045' into maint-0.2.2
Conflicts:
	src/or/circuitbuild.c
2011-05-30 15:18:59 -04:00
Nick Mathewson
3c0d944b07 Improve comments and defensive programming for 3045
The comment fixes are trivial.  The defensive programming trick is to
tolerate receiving NULL inputs on the describe functions. That should
never actually happen, but it seems like the likeliest mistake for us
to make in the future.
2011-05-30 15:15:10 -04:00
Nick Mathewson
21de9d46e2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/compat.c
	src/or/main.c
2011-05-30 14:58:26 -04:00
Nick Mathewson
da7c60dcf3 Merge remote-tracking branch 'public/bug3270' into maint-0.2.2 2011-05-30 14:49:49 -04:00
Nick Mathewson
5dc3c462dc Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 12:43:25 -04:00
Nick Mathewson
f08f0e9dde Reinit keys at the start of options_act().
Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block).  But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().

Fixes bug 3228; bugfix on 0.2.2.18-alpha.
2011-05-30 12:41:46 -04:00
Nick Mathewson
4b57ec6e5e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/circuituse.c
2011-05-30 12:33:54 -04:00
Nick Mathewson
16cfca501f Merge branch 'bug1297a' into maint-0.2.2 2011-05-30 12:25:07 -04:00
Robert Ransom
8fc02a8e0c Use the normal four-hop CBT for client intro circuits
Fixes another part of bug 1297.
2011-05-30 12:24:51 -04:00
Robert Ransom
112d204fad Set timestamp_dirty on HS circuits as circuit_expire_building requires
Fixes part of #1297; bugfix on 48e0228f1e,
when circuit_expire_building was changed to assume that timestamp_dirty
was set when a circuit changed purpose to _C_REND_READY.  (It wasn't.)
2011-05-30 12:24:51 -04:00
Roger Dingledine
6917728637 Merge branch 'maint-0.2.2' 2011-05-29 19:11:07 -04:00
Roger Dingledine
5f182ea10e answer an XXX nickm asked in aa950e6c4 2011-05-29 18:52:37 -04:00
Nick Mathewson
285cf998bc Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/eventdns.c
2011-05-28 02:09:48 -04:00
Nick Mathewson
c319949550 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-28 02:08:39 -04:00
Nick Mathewson
ee72557d52 Merge branch 'bug2574' into maint-0.2.1 2011-05-28 02:07:48 -04:00
Nick Mathewson
42b15a0aaa Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-28 01:55:34 -04:00
Robert Ransom
39480c7978 Correct some outdated comments 2011-05-24 22:20:12 -07:00
Nick Mathewson
0e1fad648d Don't try to build descriptors when router_get_advertised_or_port()==0
The previous attempt was incomplete: it told us not to publish a
descriptor, but didn't stop us from generating one.  Now we treat an
absent OR port the same as not knowing our address.  (This means
that when we _do_ get an OR port, we need to mark the descriptor
dirty.)

More attempt to fix bug3216.
2011-05-24 18:05:37 -04:00
Nick Mathewson
95ac3ea594 Don't build descriptors if ORPort auto is set and we have no OR listener
This situation can happen easily if you set 'ORPort auto' and
'AccountingMax'.  Doing so means that when you have no ORPort, you
won't be able to set an ORPort in a descriptor, so instead you would
just generate lots of invalid descriptors, freaking out all the time.

Possible fix for 3216; fix on 0.2.2.26-beta.
2011-05-24 21:12:23 +02:00
Nick Mathewson
be76850995 Work correctly if your nameserver is ::1
We had all the code in place to handle this right... except that we
were unconditionally opening a PF_INET socket instead of looking at
sa_family.  Ow.

Fixes bug 2574; not a bugfix on any particular version, since this
never worked before.
2011-05-23 17:42:38 -04:00
Nick Mathewson
a5232e0c4c Fix GCC 4.6's new -Wunused-but-set-variable warnings.
Most instances were dead code; for those, I removed the assignments.
Some were pieces of info we don't currently plan to use, but which
we might in the future.  For those, I added an explicit cast-to-void
to indicate that we know that the thing's unused.  Finally, one was
a case where we were testing the wrong variable in a unit test.
That one I fixed.

This resolves bug 3208.
2011-05-23 17:04:38 -04:00
Nick Mathewson
2527acb2dc Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/Makefile.am
	src/or/control.c
2011-05-23 01:23:53 -04:00
Nick Mathewson
b80a8bba19 Merge branch 'feature3049-v2' into maint-0.2.2
Conflicts:
	src/common/Makefile.am
2011-05-23 01:19:04 -04:00
Nick Mathewson
cfeafe5e77 Use a 64-bit type to hold sockets on win64.
On win64, sockets are of type UINT_PTR; on win32 they're u_int;
elsewhere they're int.  The correct windows way to check a socket for
being set is to compare it with INVALID_SOCKET; elsewhere you see if
it is negative.

On Libevent 2, all callbacks take sockets as evutil_socket_t; we've
been passing them int.

This patch should fix compilation and correctness when built for
64-bit windows.  Fixes bug 3270.
2011-05-23 00:17:48 -04:00
Roger Dingledine
af0e8d834e don't mark our descriptor dirty if our onion key hasn't changed 2011-05-21 19:23:27 -04:00
Roger Dingledine
1ba1bdee4b naked constants are ugly 2011-05-21 18:55:23 -04:00
Roger Dingledine
6b54edef4f finish a comment nickm started in 8ebceeb3 2011-05-21 18:34:55 -04:00
Roger Dingledine
cb7fff193e Merge branch 'maint-0.2.2' 2011-05-21 18:14:16 -04:00
Roger Dingledine
0e8949a8fa remove some (confusing) dead code 2011-05-21 16:12:37 -04:00
Roger Dingledine
0235fe34d2 Merge branch 'bug1810' into maint-0.2.2 2011-05-21 16:09:55 -04:00
Sebastian Hahn
3ff7925a70 Don't recreate descriptor on sighup
We used to regenerate our descriptor whenever we'd get a sighup. This
was caused by a bug in options_transition_affects_workers() that would
return true even if the options were exactly the same. Down the call
path we'd call init_keys(), which made us make a new descriptor which
the authorities would reject, and the node would subsequently fall out
of the consensus.

This patch fixes only the first part of this bug:
options_transition_affects_workers() behaves correctly now. The second
part still wants a fix.
2011-05-21 16:08:21 -04:00
Roger Dingledine
a2851d3034 what's up with this trailing whitespace 2011-05-20 23:30:37 -04:00
Robert Ransom
7b34e3a965 Split out owning-controller-loss shutdown code into a function 2011-05-20 08:25:43 -07:00
Robert Ransom
bb860cedb2 Implement TAKEOWNERSHIP command 2011-05-20 08:25:43 -07:00
Robert Ransom
338a026610 Split control connection cleanup out of connection_free 2011-05-20 08:25:42 -07:00
Robert Ransom
86aeb152ca Fix comment typo 2011-05-20 08:25:42 -07:00
Robert Ransom
36afdebe1a Add an XXX 2011-05-20 08:25:42 -07:00
Robert Ransom
90f810801e Fix trailing asterisk in the output of "GETINFO info/names" 2011-05-20 08:25:42 -07:00
Robert Ransom
b3133d1cad Exit immediately if we can't monitor our owning controller process
tor_process_monitor_new can't currently return NULL, but if it ever can,
we want that to be an explicitly fatal error, without relying on the fact
that monitor_owning_controller_process's chain of caller will exit if it
fails.
2011-05-20 08:25:42 -07:00
Robert Ransom
4b266c6e72 Implement __OwningControllerProcess option
Implements part of feature 3049.
2011-05-20 08:25:42 -07:00
Roger Dingledine
0a4649e657 Merge branch 'maint-0.2.2' 2011-05-20 03:03:46 -04:00
Roger Dingledine
b8ffb00cf1 log the reason for publishing a new relay descriptor
now we have a better chance of hunting down the root cause of bug 1810.
2011-05-19 23:59:52 -04:00
Sebastian Hahn
c13fb7feb1 Fix a compile warning on OSX 10.6 2011-05-20 05:53:55 +02:00
Roger Dingledine
18f1b354ec Merge branch 'maint-0.2.2' 2011-05-17 21:15:24 -04:00
Roger Dingledine
073fed06c4 discard circuits when we change our bridge configuration
otherwise we might reuse circuits from the previous configuration,
which could be bad depending on the user's situation
2011-05-17 21:13:59 -04:00
Roger Dingledine
92081f3cdc Merge branch 'maint-0.2.2' 2011-05-17 20:50:18 -04:00
Roger Dingledine
07c5026efa refetch bridge descriptors in a timely fashion
When we configure a new bridge via the controller, don't wait up to ten
seconds before trying to fetch its descriptor. This wasn't so bad when
you listed your bridges in torrc, but it's dreadful if you configure
your bridges via vidalia.
2011-05-17 20:48:46 -04:00
Nick Mathewson
c240efab86 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-17 19:53:06 -04:00
Nick Mathewson
bc89ef0ca8 Merge branch 'bug2752' into maint-0.2.2 2011-05-17 19:51:53 -04:00
Nick Mathewson
e0e8424f1e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-17 19:47:48 -04:00
Nick Mathewson
21ed575826 Handle NULL argument to get_configured_bridge_by_addr_port_digest
Fixes bug 2313; bugfix on 0.2.2.26-beta.
2011-05-17 19:46:47 -04:00
Nick Mathewson
2e07925a52 Oops; that function got renamed. 2011-05-17 19:45:05 -04:00
Robert Ransom
480a75cbbd Check onion keys in microdescriptors, too 2011-05-17 19:39:00 -04:00
Michael Yakubovich
a3707a1052 Fix bug2752 : 48-char HTTPProxyAuthenticator limitation
Bumped the char maximum to 512 for HTTPProxyAuthenticator &
HTTPSProxyAuthenticator. Now stripping all '\n' after base64
encoding in alloc_http_authenticator.
2011-05-16 16:09:35 -04:00
Nick Mathewson
03ccce6d77 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-16 14:50:53 -04:00
Nick Mathewson
e908e3a332 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Fixed trivial conflict due to headers moving into their own .h files
from or.h.

Conflicts:
	src/or/or.h
2011-05-16 14:49:55 -04:00
Nick Mathewson
4a22046c86 squash! Add crypto_pk_check_key_public_exponent function
Rename crypto_pk_check_key_public_exponent to crypto_pk_public_exponent_ok:
it's nice to name predicates s.t. you can tell how to interpret true
and false.
2011-05-16 14:45:06 -04:00
Robert Ransom
987190c2bc Require that certain public keys have public exponent 65537 2011-05-16 14:28:46 -04:00
Robert Ransom
7571e9f1cb Check fetched rendezvous descriptors' service IDs 2011-05-16 14:07:24 -04:00
Nick Mathewson
e423447f53 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection.c
2011-05-16 11:12:22 -04:00
Nick Mathewson
919bf6ff3c Merge remote-tracking branch 'public/bug2850' into maint-0.2.2
Fixed a trivial conflict where this and the ControlSocketGroupWritable
code both added different functions to the same part of connection.c.

Conflicts:
	src/or/connection.c
2011-05-16 11:10:17 -04:00
Nick Mathewson
b95dd03e5f Log descriptions of nodes, not just nicknames.
This patch introduces a few new functions in router.c to produce a
more helpful description of a node than its nickame, and then tweaks
nearly all log messages taking a nickname as an argument to call these
functions instead.

There are a few cases where I left the old log messages alone: in
these cases, the nickname was that of an authority (whose nicknames
are useful and unique), or the message already included an identity
and/or an address.  I might have missed a couple more too.

This is a fix for bug 3045.
2011-05-15 21:58:46 -04:00
Nick Mathewson
4ac8ff9c9f Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:22:44 -04:00
Nick Mathewson
4b800408fa Check permissions on the directory holding a control socket 2011-05-15 20:20:29 -04:00
Nick Mathewson
3b6cbf2534 Add a function to pull off the final component of a path 2011-05-15 20:20:29 -04:00
Sebastian Hahn
4198261291 Clean up the 2972 implementation a little 2011-05-15 20:20:28 -04:00
Jérémy Bobbio
d41ac64ad6 Add UnixSocketsGroupWritable config flag
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel.  But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.

This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.

See <http://bugs.debian.org/552556> for more details.
2011-05-15 20:20:28 -04:00
Nick Mathewson
f2c1702182 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/circuitbuild.h
2011-05-15 20:17:17 -04:00
Nick Mathewson
2b9c5ee301 Preserve bridge download status across SETCONF, HUP
This code changes it so that we don't remove bridges immediately when
we start re-parsing our configuration.  Instead, we mark them all, and
remove all the marked ones after re-parsing our bridge lines.  As we
add a bridge, we see if it's already in the list.  If so, we just
unmark it.

This new behavior will lose the property we used to have that bridges
were in bridge_list in the same order in which they appeared in the
torrc.  I took a quick look through the code, and I'm pretty sure we
didn't actually depend on that anywhere.

This is for bug 3019; it's a fix on 0.2.0.3-alpha.
2011-05-15 20:13:44 -04:00
Nick Mathewson
68acfefbdb Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:12:20 -04:00
Nick Mathewson
bc44393eb5 Fixup whitespace issues from 3122 commit 2011-05-15 20:12:01 -04:00
Nick Mathewson
4c3853aca8 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/networkstatus.c
2011-05-15 20:09:10 -04:00
Nick Mathewson
00ff80e0ae Fixup whitespace issues from 3122 commit 2011-05-15 20:06:36 -04:00
Nick Mathewson
1f7b9e61ce Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 12:18:39 -04:00
Nick Mathewson
69ff26b05c Merge branch 'bug3026' into maint-0.2.2 2011-05-15 12:18:23 -04:00
Nick Mathewson
37e3fb8af2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection_edge.c
2011-05-15 11:44:51 -04:00
Nick Mathewson
f287100934 Replace a nasty add-malloc-snprintf with a nice clean asprintf 2011-05-15 11:41:49 -04:00
Nick Mathewson
a5d40c2d0f Merge branch 'bug1345' into maint-0.2.2 2011-05-15 11:40:14 -04:00
Nick Mathewson
2bb6bdc3f9 Better doc for consider_recording_trackexithost 2011-05-15 11:37:33 -04:00
Nick Mathewson
2fd9cfdc23 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/routerlist.c
2011-05-15 11:23:02 -04:00
Nick Mathewson
228b77f64e Merge branch 'bug2732-simpler' into maint-0.2.2 2011-05-15 11:17:54 -04:00
Nick Mathewson
1b512fb914 Rip out more of hid_serv_acting_as_directory
rransom notes correctly that now that we aren't checking our HSDir
flag, we have no actual reason to check whether we are listed in the
consensus at all when determining if we should act like a hidden
service directory.
2011-05-15 11:17:44 -04:00
Nick Mathewson
f11c269ed6 Merge remote-tracking branch 'asn-mytor/heartbeat' 2011-05-15 11:07:06 -04:00
George Kadianakis
ce3b553926 Fix bug3183 2011-05-15 03:13:52 +02:00
Nick Mathewson
da8297dbcb Handle transitions in Automap*, VirtualAddrNetwork correctly
Previously, if they changed in torrc during a SIGHUP, all was well,
since we would just clear all transient entries from the addrmap
thanks to bug 1345.  But if you changed them from the controller, Tor
would leave old mappings in place.

The VirtualAddrNetwork bug has been here since 0.1.1.19-rc; the
AutomapHosts* bug has been here since 0.2.0.1-alpha.
2011-05-13 16:59:31 -04:00
Nick Mathewson
a3ae591115 When TrackExitHosts changes, remove all no-longer-valid mappings
This bug couldn't happen when TrackExitHosts changed in torrc, since
the SIGHUP to reload the torrc would clear out all the transient
addressmap entries before.  But if you used SETCONF to change
TrackExitHosts, old entries would be left alone: that's a bug, and so
this is a bugfix on Tor 0.1.0.1-rc.
2011-05-13 16:28:50 -04:00
Nick Mathewson
ec81d17d0c Raise the TrackHostExits membership code into its own function 2011-05-13 16:22:10 -04:00
Nick Mathewson
09da83e1e8 Don't clear out transient addressmap entries on HUP
If you really want to purge the client DNS cache, the TrackHostExits
mappings, and the virtual address mappings, you should be using NEWNYM
instead.

Fixes bug 1345; bugfix on Tor 0.1.0.1-rc.

Note that this needs more work: now that we aren't nuking the
transient addressmap entries on HUP, we need to make sure that
configuration changes to VirtualAddressMap and TrackHostExits actually
have a reasonable effect.
2011-05-13 16:20:01 -04:00
Nick Mathewson
600744b4be Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/dirserv.c
	src/or/or.h
2011-05-13 10:48:07 -04:00
Nick Mathewson
7f654a6a6f Add a ControlPortFileGroupWritable option 2011-05-13 10:41:29 -04:00
Nick Mathewson
dad12188a6 Write automatically-chosen control ports to a file. 2011-05-13 10:41:28 -04:00
Nick Mathewson
c55c8f0d49 new GETINFO command to return list of listeners of a given type 2011-05-13 10:41:19 -04:00
Nick Mathewson
3da661b242 Advertise correct DirPort/ORPort when configured with "auto"
We'll eventually want to do more work here to make sure that the ports
are stable over multiple invocations.  Otherwise, turning your node on
and off will get you a new DirPort/ORPort needlessly.
2011-05-13 10:41:18 -04:00
Nick Mathewson
6f5998fd73 Correct the signature for is_listening_on_low_port for "auto" ports 2011-05-13 10:41:18 -04:00
Nick Mathewson
61c06cbc66 Teach retry_listener about "auto" ports.
Otherwise, it will just immediately close any port declared with "auto"
on the grounds that it wasn't configured.  Now, it will allow "auto" to
match any port.

This means FWIW if you configure a socks port with SocksPort 9999
and then transition to SocksPort auto, the original socksport will
not get closed and reopened.  I'm considering this a feature.
2011-05-13 10:41:18 -04:00
Nick Mathewson
5fec8fe559 "(Socks|Control|etc)Port auto" now tells Tor to open an arbitrary port
This is the major part of the implementation for trac issue 3076.
2011-05-13 10:41:18 -04:00
Nick Mathewson
87c79cf017 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 19:41:59 -04:00
Nick Mathewson
e0d5a6e184 Downgrade the "we launched 10 circuits for this stream" message. (See bug 3080) 2011-05-12 19:41:08 -04:00
Nick Mathewson
af85017177 Merge remote-tracking branch 'public/bug3122_memcmp_023' 2011-05-12 19:27:18 -04:00
Nick Mathewson
59a6df8882 Merge remote-tracking branch 'public/bug3122_memcmp_022' into maint-0.2.2 2011-05-12 19:25:14 -04:00
Nick Mathewson
1f678277a1 Merge remote-tracking branch 'public/bug3122_memcmp_squashed' into maint-0.2.1 2011-05-12 19:20:40 -04:00
Nick Mathewson
696cd1cfe2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 18:51:33 -04:00
mikey99
42fcf059d2 Fixes ticket #2503
HTTPS error code 403 is now reported as:
"The https proxy refused to allow connection".
Used a switch statement for additional error codes to be explained
in the future.
2011-05-12 17:33:09 -04:00
Nick Mathewson
621e95a4f3 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-12 11:21:59 -04:00