Commit Graph

852 Commits

Author SHA1 Message Date
Nick Mathewson
20d6f787aa Fix "make check-spaces" issues 2012-06-05 00:49:18 -04:00
Nick Mathewson
913067f788 Resolve about 24 DOCDOCs 2012-06-05 00:17:54 -04:00
Nick Mathewson
0fa107a6aa Update copyright dates to 2012; add a few missing copyright statements 2012-06-04 20:58:17 -04:00
Nick Mathewson
173b18c79b Add about 60 more DOCDOC comments to 0.2.3
Also, try to resolve some doxygen issues.  First, define a magic
"This is doxygen!" macro so that we take the correct branch in
various #if/#else/#endifs in order to get the right documentation.
Second, add in a few grouping @{ and @} entries in order to get some
variables and fields to get grouped together.
2012-06-04 19:59:08 -04:00
Nick Mathewson
281a5e4670 Warn and ignore the MyFamily setting if BridgeRelay is also set
Roger explains at
  http://archives.seul.org/tor/talk/Nov-2011/msg00209.html :

  "If you list your bridge as part of your family in the relay
  descriptor, then everybody can learn your bridge fingerprint, and
  they can look up your bridge's descriptor (and thus location) at
  the bridge directory authority."

Now, we can't stop relays from listing bridges, but we can warn when
we notice a bridge listing anybody, which might help some.

This fixes bug 4657; it's a fix on 0.2.0.3-alpha, where bridges were
first introduced.
2012-05-24 12:39:26 -04:00
Nick Mathewson
3f55b76360 Merge remote-tracking branch 'public/bug5139' 2012-05-16 11:47:13 -04:00
Nick Mathewson
31eb73f88e Do not publish the "git-XXX" tag in server descriptors
Instead, allow packagers to put a 'TOR_BUILD_TAG' field in the
server descriptor to indicate a platform-specific value, if they
need to.  (According to weasel, this was his use for the git- tag
previously.)

This is part of 2988
2012-05-11 18:06:12 -04:00
Nick Mathewson
e0655708a2 Merge remote-tracking branch 'asn/bug4865_take2' 2012-05-11 11:52:51 -04:00
Nick Mathewson
02a650786b Fix O(n^2) performance when parsing a big pile of extrainfos
We were doing an O(n) strlen in router_get_extrainfo_hash() for
every one we tried to parse.  Instead, have
router_get_extrainfo_hash() take the length of the extrainfo as an
argument, so that when it's called from
extrainfo_parse_from_string(), it doesn't do a strlen() over the
whole pile of extrainfos.
2012-05-10 17:41:31 -04:00
Linus Nordberg
6b4af10716 Ignore [::] when building descriptors.
This is how IPv6 says "0.0.0.0" and something we will have to
translate into a globally reachable address before putting it in a
descriptor.

The fix is a short term solution until a real one is implemented.

Closes #5146.
2012-05-03 22:19:38 +02:00
Nick Mathewson
7c8032c22b Bridges should never set the send_unencrypted flag on any of their descs
Fix for bug 5139.
2012-04-27 11:51:48 -04:00
Nick Mathewson
461771ebbc Merge branch 'bug4438-v2' 2012-04-24 11:18:41 -04:00
Nick Mathewson
db81cdbb0f Tweak the bug4438 fix a little: different check, better log
Instead of checking for 'rejected' and calling everything else okay,
let's check for 'outdated' and call everythign else a problem.  This
way we don't risk missing future errors so much.

When logging a message that _looks_ like an error message at info, we
should mention that it isn't really a problem.
2012-04-24 11:17:36 -04:00
George Kadianakis
6d2898607b Fix issues found by nickm.
* Document fmt_addr_impl() and friends.
* Parenthesize macro arguments.
* Rename get_first_listener_addrport_for_pt() to
  get_first_listener_addrport_string().
* Handle port_cfg_t with no_listen.
* Handle failure of router_get_active_listener_port_by_type().
* Add an XXX to router_get_active_listener_port_by_type().
2012-04-12 22:42:37 +02:00
Nick Mathewson
6a9e693fbe Suppress "decided to publish new descriptor" message when not a server
The message only means that we're publishing a new descriptor when we
are actually in some kind of server mode, and publication is on.

Fix for bug 3942; bugfix on 0.2.3.2-alpha.
2012-04-02 18:59:21 -04:00
George Kadianakis
fedf76a2e6 Introduce and use router_get_active_listener_port_by_type().
router_get_active_listener_port_by_type() iterates all connections,
trying to find a listener of a specific type, and returns its TCP
port.
2012-03-31 13:54:09 +02:00
Nick Mathewson
f348daa6fb Merge remote-tracking branch 'linus/bug4875_2' 2012-03-29 10:53:09 -04:00
Linus Nordberg
734fad4103 Make relays handle an address suggestion from a directory server giving an IPv6 address.
last_guessed_ip becomes a tor_addr_t.

Most parts of router_new_address_suggestion() learns
about IPv6 (resolve_my_address() is still IPv4 only).
2012-03-28 22:16:55 +02:00
Linus Nordberg
341e37e38c Move the logging of 'My line' to debug level (#5151). 2012-03-19 05:12:19 +01:00
Nick Mathewson
26e789fbfd Rename nonconformant identifiers.
Fixes bug 4893.

These changes are pure mechanical, and were generated with this
perl script:

  /usr/bin/perl -w -i.bak -p

  s/crypto_pk_env_t/crypto_pk_t/g;
  s/crypto_dh_env_t/crypto_dh_t/g;
  s/crypto_cipher_env_t/crypto_cipher_t/g;
  s/crypto_digest_env_t/crypto_digest_t/g;

  s/aes_free_cipher/aes_cipher_free/g;
  s/crypto_free_cipher_env/crypto_cipher_free/g;
  s/crypto_free_digest_env/crypto_digest_free/g;
  s/crypto_free_pk_env/crypto_pk_free/g;

  s/_crypto_dh_env_get_dh/_crypto_dh_get_dh/g;
  s/_crypto_new_pk_env_rsa/_crypto_new_pk_from_rsa/g;
  s/_crypto_pk_env_get_evp_pkey/_crypto_pk_get_evp_pkey/g;
  s/_crypto_pk_env_get_rsa/_crypto_pk_get_rsa/g;

  s/crypto_new_cipher_env/crypto_cipher_new/g;
  s/crypto_new_digest_env/crypto_digest_new/g;
  s/crypto_new_digest256_env/crypto_digest256_new/g;
  s/crypto_new_pk_env/crypto_pk_new/g;

  s/crypto_create_crypto_env/crypto_cipher_new/g;

  s/connection_create_listener/connection_listener_new/g;
  s/smartlist_create/smartlist_new/g;
  s/transport_create/transport_new/g;
2012-01-18 15:53:30 -05:00
Nick Mathewson
5579bc0eaf whitespace fixes 2012-01-16 15:07:47 -05:00
Nick Mathewson
cc02823d7f Convert instances of tor_snprintf+strdup into tor_asprintf
These were found by looking for tor_snprintf() instances that were
followed closely by tor_strdup(), though I probably converted some
other snprintfs as well.
2012-01-16 15:03:13 -05:00
Nick Mathewson
edcc9981d8 Try to use smartlist_add_asprintf consistently
(To ensure correctness, in every case, make sure that the temporary
variable is deleted, renamed, or lowered in scope, so we can't have
any bugs related to accidentally relying on the no-longer-filled
variable.)
2012-01-16 15:02:51 -05:00
Sebastian Hahn
50a50392b7 Advertise dirport if accountingmax is large enough
When we have an effective bandwidthrate configured so that we cannot
exceed our bandwidth limit in one accounting interval, don't disable
advertising the dirport. Implements ticket 2434.
2012-01-10 09:59:36 -05:00
Linus Nordberg
32d10bdfb3 Whitespace changes. 2011-11-30 11:55:46 -05:00
Linus Nordberg
39ec781b8f Make the router_get_*_orport interface consistent with node_*. 2011-11-30 11:55:46 -05:00
Linus Nordberg
3b51b326e4 Make router_get_{prim,alt,pref}_addr_port take tor_addr_port_t *.
Rename to *_orport for consistency with node_*.
2011-11-30 11:55:46 -05:00
Linus Nordberg
f786307ab7 First chunk of support for bridges on IPv6
Comments below focus on changes, see diff for added code.

New type tor_addr_port_t holding an IP address and a TCP/UDP port.

New flag in routerinfo_t, ipv6_preferred.  This should go in the
node_t instead but not now.

Replace node_get_addr() with
- node_get_prim_addr() for primary address, i.e. IPv4 for now
- node_get_pref_addr() for preferred address, IPv4 or IPv6.

Rename node_get_addr_ipv4h() node_get_prim_addr_ipv4h() for
consistency.  The primary address will not allways be an IPv4 address.
Same for node_get_orport() -> node_get_prim_orport().

Rewrite node_is_a_configured_bridge() to take all OR ports into account.

Extend argument list to extend_info_from_node and
extend_info_from_router with a flag indicating if we want to use the
routers primary address or the preferred address.  Use the preferred
address in as few situtations as possible for allowing clients to
connect to bridges over IPv6.
2011-11-30 11:55:45 -05:00
Nick Mathewson
19a82d2936 Bridges can advertise a single IPv6 address with orport
This is deliberately more restrictive than we'd want to be.

Needs testing!
2011-11-30 11:55:44 -05:00
Nick Mathewson
11d5a9f63d Initial support for simplest use of prop186 or-address lines
This lets a routerinfo_t have a single IPv6 or-address, and adds
support for formatting and parsing those lines.
2011-11-30 11:55:44 -05:00
Nick Mathewson
5f0a8dcd2c Initial hacking for proposal 186.
This code handles the new ORPort options, and incidentally makes all
remaining port types use the new port configuration systems.

There are some rough edges!  It doesn't do well in the case where your
Address says one thing but you say to Advertise another ORPort.  It
doesn't handle AllAddrs.  It doesn't actually advertise anything besides
the first listed advertised IPv4 ORPort and DirPort.  It doesn't do
port forwarding to them either.

It's not tested either, it needs more documentation, and it probably
forgets to put the milk back in the refrigerator.
2011-11-30 11:55:44 -05:00
Nick Mathewson
da6c136817 Merge remote-tracking branch 'asn-mytor/bug4548_take2' 2011-11-29 18:30:41 -05:00
Nick Mathewson
df9b76460c New 'DisableNetwork' option to prevent Tor from using the network
Some controllers want this so they can mess with Tor's configuration
for a while via the control port before actually letting Tor out of
the house.

We do this with a new DisableNetwork option, that prevents Tor from
making any outbound connections or binding any non-control
listeners.  Additionally, it shuts down the same functionality as
shuts down when we are hibernating, plus the code that launches
directory downloads.

To make sure I didn't miss anything, I added a clause straight to
connection_connect, so that we won't even try to open an outbound
socket when the network is disabled.  In my testing, I made this an
assert, but since I probably missed something, I've turned it into a
BUG warning for testing.
2011-11-28 15:44:10 -05:00
George Kadianakis
055d6c01ff Write dynamic DH parameters to a file.
Instead of only writing the dynamic DH prime modulus to a file, write
the whole DH parameters set for forward compatibility. At the moment
we only accept '2' as the group generator.

The DH parameters gets stored in base64-ed DER format to the
'dynamic_dh_params' file.
2011-11-26 19:29:57 +01:00
George Kadianakis
e3cee8bc2e Simply initialize TLS context if DynamicDHGroups change.
We used to do init_keys() if DynamicDHGroups changed after a HUP, so
that the dynamic DH modulus was stored on the disk. Since we are now
doing dynamic DH modulus storing in crypto.c, we can simply initialize
the TLS context and be good with it.

Introduce a new function router_initialize_tls_context() which
initializes the TLS context and use it appropriately.
2011-11-25 18:15:26 +01:00
George Kadianakis
4938bcc06a Do dynamic DH modulus storing in crypto.c. 2011-11-25 17:39:28 +01:00
George Kadianakis
7c37a664c1 Rename 'dynamic prime' to 'dynamic DH modulus'. 2011-11-25 01:00:58 +01:00
George Kadianakis
782c907c7c s/DynamicPrimes/DynamicDHGroups/g 2011-11-25 01:00:14 +01:00
George Kadianakis
94076d9e3b Move crypto_get_stored_dynamic_prime() to crypto.c 2011-11-24 22:59:01 +01:00
George Kadianakis
2ef68980a7 Move store_dynamic_prime() to crypto.c. 2011-11-24 22:32:10 +01:00
George Kadianakis
cabb8e54c7 Tone down the logging. 2011-11-24 22:14:09 +01:00
George Kadianakis
8a726dd0dd Implement dynamic prime reading and storing to disk. 2011-11-24 22:13:44 +01:00
George Kadianakis
659381e00d Introduce the DynamicPrimes configuration option. 2011-11-24 22:09:06 +01:00
Roger Dingledine
3992c5487f fix trivial typo
somebody should s/authoritative directory server/directory authority/g
at some point
2011-11-16 18:10:13 -05:00
Sebastian Hahn
4ccc8d0292 Don't exit on dirauths for some config transitions 2011-11-08 12:44:12 +01:00
Roger Dingledine
1fcaeb6092 Merge branch 'maint-0.2.2' 2011-09-13 18:32:00 -04:00
Roger Dingledine
4a351b4b9e Merge branch 'maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/main.c
	src/or/router.c
2011-09-13 18:27:13 -04:00
Roger Dingledine
62ec584a30 Generate our ssl session certs with a plausible lifetime
Nobody but Tor uses certs on the wire with 2 hour lifetimes,
and it makes us stand out. Resolves ticket 4014.
2011-09-13 18:24:45 -04:00
Nick Mathewson
5c53a0f867 fix a const warning 2011-09-07 15:06:01 -04:00
Nick Mathewson
3e3480d704 Report reason for generating descriptor in an HTTP header
Suggested by arma; based on 3327.
2011-09-07 15:03:28 -04:00
Nick Mathewson
1f4b6944c0 Upload descriptors more often when recent desc is unlisted
Right now we only force a new descriptor upload every 18 hours.
This can make servers become unlisted if they upload a descriptor at
time T which the authorities reject as being "too similar" to one
they uploaded before. Nothing will actually make the server upload a
new descriptor later on, until another 18 hours have passed.

This patch changes the upload behavior so that the 18 hour interval
applies only when we're listed in a live consensus with a descriptor
published within the last 18 hours.  Otherwise--if we're not listed
in the live consensus, or if we're listed with a publication time
over 18 hours in the past--we upload a new descriptor every 90
minutes.

This is an attempted bugfix for #3327.  If we merge it, it should
obsolete #535.
2011-09-07 15:01:52 -04:00
Nick Mathewson
ddc65e2b33 Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.

Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t.  Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them.  Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.

We should do a related refactoring on other port types.  For
control ports, that'll be easy enough.  For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).

This implements tickets 3514 and 3515.
2011-07-19 01:58:43 -04:00
Nick Mathewson
6b670d6032 Merge branch 'bug3263' 2011-07-07 11:08:03 -04:00
Nick Mathewson
47c8433a0c Make the get_options() return const
This lets us make a lot of other stuff const, allows the compiler to
generate (slightly) better code, and will make me get slightly fewer
patches from folks who stick mutable stuff into or_options_t.

const: because not every input is an output!
2011-06-14 13:17:06 -04:00
Nick Mathewson
8839b86085 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-14 12:25:33 -04:00
Jérémy Bobbio
54d7d31cba Make ControlSocketsGroupWritable work with User.
Original message from bug3393:

check_private_dir() to ensure that ControlSocketsGroupWritable is
safe to use. Unfortunately, check_private_dir() only checks against
the currently running user… which can be root until privileges are
dropped to the user and group configured by the User config option.

The attached patch fixes the issue by adding a new effective_user
argument to check_private_dir() and updating the callers. It might
not be the best way to fix the issue, but it did in my tests.

(Code by lunar; changelog by nickm)
2011-06-14 12:18:32 -04:00
Nick Mathewson
0a4a3de3de Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.c
2011-06-02 12:56:45 -04:00
Sebastian Hahn
df42eb0a18 Fix unit test failure in dir/formats
options->DirPort is 0 in the unit tests, so
router_get_advertised_dir_port() would return 0 so we wouldn't pick a
dirport. This isn't what we want for the unit tests. Fixes bug
introduced in 95ac3ea594.
2011-06-02 13:44:33 +02:00
Nick Mathewson
d0e7c545ba Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 16:14:45 -04:00
Nick Mathewson
e035cea031 Merge branch 'bug3216_v2' into maint-0.2.2 2011-05-30 16:12:53 -04:00
Nick Mathewson
fa1d47293b Merge remote-tracking branch 'origin/maint-0.2.2'
The conflicts were mainly caused by the routerinfo->node transition.

Conflicts:
	src/or/circuitbuild.c
	src/or/command.c
	src/or/connection_edge.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/relay.c
	src/or/rendservice.c
	src/or/routerlist.c
2011-05-30 15:41:46 -04:00
Nick Mathewson
7e67a24038 Merge branch 'bug3045' into maint-0.2.2
Conflicts:
	src/or/circuitbuild.c
2011-05-30 15:18:59 -04:00
Nick Mathewson
3c0d944b07 Improve comments and defensive programming for 3045
The comment fixes are trivial.  The defensive programming trick is to
tolerate receiving NULL inputs on the describe functions. That should
never actually happen, but it seems like the likeliest mistake for us
to make in the future.
2011-05-30 15:15:10 -04:00
Nick Mathewson
0e1fad648d Don't try to build descriptors when router_get_advertised_or_port()==0
The previous attempt was incomplete: it told us not to publish a
descriptor, but didn't stop us from generating one.  Now we treat an
absent OR port the same as not knowing our address.  (This means
that when we _do_ get an OR port, we need to mark the descriptor
dirty.)

More attempt to fix bug3216.
2011-05-24 18:05:37 -04:00
Nick Mathewson
95ac3ea594 Don't build descriptors if ORPort auto is set and we have no OR listener
This situation can happen easily if you set 'ORPort auto' and
'AccountingMax'.  Doing so means that when you have no ORPort, you
won't be able to set an ORPort in a descriptor, so instead you would
just generate lots of invalid descriptors, freaking out all the time.

Possible fix for 3216; fix on 0.2.2.26-beta.
2011-05-24 21:12:23 +02:00
Nick Mathewson
2527acb2dc Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/Makefile.am
	src/or/control.c
2011-05-23 01:23:53 -04:00
Roger Dingledine
af0e8d834e don't mark our descriptor dirty if our onion key hasn't changed 2011-05-21 19:23:27 -04:00
Roger Dingledine
1ba1bdee4b naked constants are ugly 2011-05-21 18:55:23 -04:00
Roger Dingledine
6b54edef4f finish a comment nickm started in 8ebceeb3 2011-05-21 18:34:55 -04:00
Roger Dingledine
cb7fff193e Merge branch 'maint-0.2.2' 2011-05-21 18:14:16 -04:00
Roger Dingledine
0e8949a8fa remove some (confusing) dead code 2011-05-21 16:12:37 -04:00
Roger Dingledine
0a4649e657 Merge branch 'maint-0.2.2' 2011-05-20 03:03:46 -04:00
Roger Dingledine
b8ffb00cf1 log the reason for publishing a new relay descriptor
now we have a better chance of hunting down the root cause of bug 1810.
2011-05-19 23:59:52 -04:00
Nick Mathewson
b95dd03e5f Log descriptions of nodes, not just nicknames.
This patch introduces a few new functions in router.c to produce a
more helpful description of a node than its nickame, and then tweaks
nearly all log messages taking a nickname as an argument to call these
functions instead.

There are a few cases where I left the old log messages alone: in
these cases, the nickname was that of an authority (whose nicknames
are useful and unique), or the message already included an identity
and/or an address.  I might have missed a couple more too.

This is a fix for bug 3045.
2011-05-15 21:58:46 -04:00
Nick Mathewson
600744b4be Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/dirserv.c
	src/or/or.h
2011-05-13 10:48:07 -04:00
Nick Mathewson
3da661b242 Advertise correct DirPort/ORPort when configured with "auto"
We'll eventually want to do more work here to make sure that the ports
are stable over multiple invocations.  Otherwise, turning your node on
and off will get you a new DirPort/ORPort needlessly.
2011-05-13 10:41:18 -04:00
Nick Mathewson
7267647bd7 Reapply the automated memcmp conversion to 0.2.3 to catch newly added memcmps 2011-05-11 16:41:14 -04:00
Nick Mathewson
9fba014e3f Merge remote-tracking branch 'public/bug3122_memcmp_022' into bug3122_memcmp_023
Conflicts in various places, mainly node-related.  Resolved them in
favor of HEAD, with copying of tor_mem* operations from bug3122_memcmp_022.

	src/common/Makefile.am
	src/or/circuitlist.c
	src/or/connection_edge.c
	src/or/directory.c
	src/or/microdesc.c
	src/or/networkstatus.c
	src/or/router.c
	src/or/routerlist.c
	src/test/test_util.c
2011-05-11 16:39:45 -04:00
Nick Mathewson
44ad734573 Merge remote-tracking branch 'public/3122_memcmp_squashed' into bug3122_memcmp_022
Conflicts throughout.  All resolved in favor of taking HEAD and
adding tor_mem* or fast_mem* ops as appropriate.

	src/common/Makefile.am
	src/or/circuitbuild.c
	src/or/directory.c
	src/or/dirserv.c
	src/or/dirvote.c
	src/or/networkstatus.c
	src/or/rendclient.c
	src/or/rendservice.c
	src/or/router.c
	src/or/routerlist.c
	src/or/routerparse.c
	src/or/test.c
2011-05-11 16:24:29 -04:00
Nick Mathewson
59f9097d5c Hand-conversion and audit phase of memcmp transition
Here I looked at the results of the automated conversion and cleaned
them up as follows:

   If there was a tor_memcmp or tor_memeq that was in fact "safe"[*] I
   changed it to a fast_memcmp or fast_memeq.

   Otherwise if there was a tor_memcmp that could turn into a
   tor_memneq or tor_memeq, I converted it.

This wants close attention.

[*] I'm erring on the side of caution here, and leaving some things
as tor_memcmp that could in my opinion use the data-dependent
fast_memcmp variant.
2011-05-11 16:12:51 -04:00
Nick Mathewson
db7b2a33ee Automated conversion of memcmp to tor_memcmp/tor_mem[n]eq
This commit is _exactly_ the result of

perl -i -pe 's/\bmemcmp\(/tor_memcmp\(/g' src/*/*.[ch]
perl -i -pe 's/\!\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*==\s*tor_memcmp\(/tor_memeq\(/g' src/*/*.[ch]
perl -i -pe 's/0\s*!=\s*tor_memcmp\(/tor_memneq\(/g' src/*/*.[ch]
git checkout src/common/di_ops.[ch]
git checkout src/or/test.c
git checkout src/common/test.h
2011-05-11 16:12:51 -04:00
Nick Mathewson
4cc348e896 Code to make clients fetch and use microdescriptors for circuit building
To turn this on, set UseMicrodescriptors to "1" (or "auto" if you
want it on-if-you're-a-client).  It should go auto-by-default once
0.2.3.1-alpha is released.

Because of our node logic, directory caches will never use
microdescriptors when they have the right routerinfo available.
2011-05-05 20:54:12 -04:00
Nick Mathewson
3df22887a3 Replace _AUTHORITY enum values with _DIRINFO values (automted) 2011-05-05 20:54:12 -04:00
Nick Mathewson
6e58575767 Automated rename from authority_type_t to dirinfo_type_t
We were already overloading this type to mean "a directory that can
serve us X" in addition to "a directory that is an authority for X."
2011-05-05 20:54:11 -04:00
Nick Mathewson
ba1143e468 Add a new configuration type, "AUTOBOOL", to handle 1/0/auto types
We only have one of these now, but I'm about to add a few more.

Yes, I have already thought of the "Filenotfoundian logic" joke.
2011-05-05 20:54:11 -04:00
Nick Mathewson
f38ecd5ac0 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 18:14:50 -04:00
Nick Mathewson
6dfc0d5301 Avoid false positives from proxy_mode()
Previously it would erroneously return true if ListenAddr was set for
a client port, even if that port itself was 0.  This would give false
positives, which were not previously harmful... but which were about
to become.
2011-04-28 18:11:58 -04:00
Nick Mathewson
8b686d98c4 Merge maint-0.2.2 for the bug1090-part1-squashed branch
Resolved conflicts in:
	doc/tor.1.txt
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection_edge.c
	src/or/connection_edge.h
	src/or/directory.c
	src/or/rendclient.c
	src/or/routerlist.c
	src/or/routerlist.h

These were mostly releated to the routerinfo_t->node_t conversion.
2011-04-27 14:36:30 -04:00
Sebastian Hahn
8e2904e269 Fix a log msg 2011-04-26 23:55:22 -04:00
Nick Mathewson
ca74badbe9 If we're excluded, and StrictNodes is set, do not do self-tests. 2011-04-26 23:54:15 -04:00
Roger Dingledine
5710ea6475 three more cases where maybe we want to exclude 2011-04-26 23:54:15 -04:00
Nick Mathewson
32341ac467 Merge remote-tracking branch 'public/bug2402_again' into maint-0.2.1 2011-04-06 16:13:22 -04:00
Nick Mathewson
ebf6786ab3 Merge remote branch 'origin/maint-0.2.2'
Fixed conflict: router_get_my_routerinfo now returns const

Conflicts:
	src/or/router.c
2011-03-14 17:22:38 -04:00
Nick Mathewson
b97d9abd09 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-03-14 17:04:53 -04:00
Roger Dingledine
1a9d19e972 we're not reachable if we don't have a routerinfo yet 2011-03-13 15:47:59 -04:00
Nick Mathewson
02d93caa09 Backport: Generate version tags using Git, not (broken) svn revisions.
Partial backport of daa0326aaa .
Resolves bug 2402.  Bugfix on 0.2.1.15 (for the part where we switched to
git) and on 0.2.1.30 (for the part where we dumped micro-revisions.)
2011-03-11 11:01:17 -05:00
Nick Mathewson
b7f201f746 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/policies.c
	src/or/policies.h
2011-02-22 14:10:42 -05:00
Nick Mathewson
cdc59c198a Don't let bad DNS make exit policy and declared exit policy get out of sync
Patch from "postman" on trac. Fixes bg 2366. Bug on 0.1.2.5-alpha.
2011-02-22 14:06:28 -05:00
Nick Mathewson
d120ee1c63 Merge remote branch 'origin/maint-0.2.2' 2011-02-22 01:03:06 -05:00
Robert Ransom
444a955e4a Don't crash a bridge authority on SIGHUP if it's not in the consensus
Fixes bug 2572.
2011-02-16 04:12:37 -08:00
Roger Dingledine
4ff97e3775 Merge branch 'maint-0.2.2' 2011-01-15 22:39:15 -05:00
Sebastian Hahn
026e7987ad Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param
can do to us is to break our Tor (and only if the other Tors are
reliably broken in the same way) so that the majority of directory
authorities can't pull any attacks that are worse than the DoS that
they can trigger by simply shutting down.

One of these worse things was the cbtnummodes parameter, which could
lead to heap corruption on some systems if the value was sufficiently
large.

This commit fixes this particular issue and also introduces sanity
checking for all consensus parameters.
2011-01-15 19:42:17 +01:00
Nick Mathewson
8730884ebe Merge remote branch 'origin/maint-0.2.2' 2011-01-03 11:53:28 -05:00
Nick Mathewson
f1de329e78 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/test.h
	src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50 Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
Karsten Loesing
0bd884cd5b Make connection direction statistics compile again. 2010-12-03 17:37:13 +01:00
Karsten Loesing
8db10c6d2f Write bidirectional connection stats in single line.
There's no need to have a separate line conn-stats-end for the end date
and interval length with only a single line conn-bi-direct following.
2010-12-03 16:47:53 +01:00
Karsten Loesing
f56529b4b2 Call the new config option ConnDirectionStatistics. 2010-12-03 16:47:52 +01:00
Karsten Loesing
5dfdf075ac Add metric on uni/bidirectional connection usage. 2010-12-03 16:47:51 +01:00
Nick Mathewson
ae6b31aba9 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-11-24 17:06:26 -05:00
Robert Ransom
de75afc556 Avoid dereferencing NULL if a bridge fails to build an ei descriptor.
Reported by an anonymous commenter on Trac.
2010-11-24 13:18:11 -08:00
Roger Dingledine
d77bc69b0c found this whitespace fix in a sandbox 2010-11-21 15:57:22 -05:00
Nick Mathewson
e361de80bb Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/router.c
2010-11-19 16:58:22 -05:00
Nick Mathewson
54551f3148 Merge branch 'fix2183', remote branch 'rransom/fix2195-v2' into maint-0.2.2 2010-11-19 16:48:13 -05:00
Robert Ransom
69472ca421 Fix logic error in router_dump_router_to_string.
Spotted by Nick Mathewson.
2010-11-19 13:23:45 -08:00
Nick Mathewson
e88486bc9d Add comments to some of the bug2183 fix code 2010-11-19 16:13:11 -05:00
Robert Ransom
780b8f4287 Generate a router descriptor even if generating an extra-info descriptor fails.
Fixes bug #2195.
2010-11-17 08:33:48 -08:00
Robert Ransom
213bcb3c40 Do not emit an extra-info-digest descriptor line if the digest is zero. 2010-11-17 08:32:17 -08:00
Karsten Loesing
0f1afaf595 Tweak the bugfix for 2183 a bit more. 2010-11-17 10:43:14 +01:00
Nick Mathewson
8c2affe637 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/cpuworker.c
2010-11-15 14:14:13 -05:00
Karsten Loesing
ff1cf35442 Don't use log_err for non-criticial warnings. 2010-11-15 13:39:53 +01:00
Karsten Loesing
cec21652a7 Try harder not to exceed the 50 KB extra-info descriptor limit.
Our checks that we don't exceed the 50 KB size limit of extra-info
descriptors apparently failed. This patch fixes these checks and reserves
another 250 bytes for appending the signature. Fixes bug 2183.
2010-11-15 12:51:51 +01:00
Karsten Loesing
8833381d9c Add two fixes to the new geoip-db-digest line. 2010-11-12 09:11:11 +01:00
Sebastian Hahn
556a1b9e45 Change Natd into NATD in our options.
Breaking this out of the last commit because this might be more
controversial.
2010-11-10 15:48:26 +01:00
Karsten Loesing
423c2a7a27 Add GeoIP file digest to extra-info descriptor. 2010-11-09 09:42:36 +01:00
Nick Mathewson
ccec0a1bd3 Merge remote branch 'origin/maint-0.2.2' 2010-10-26 13:59:09 -04:00
Sebastian Hahn
213139f887 Properly refcount client_identity_key
In a2bb0bf we started using a separate client identity key. When we are
in "public server mode" (that means not a bridge) we will use the same
key. Reusing the key without doing the proper refcounting leads to a
segfault on cleanup during shutdown. Fix that.

Also introduce an assert that triggers if our refcount falls below 0.
That should never happen.
2010-10-26 18:22:04 +02:00
Nick Mathewson
17fdde3d92 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/common/tortls.c
2010-10-21 16:23:01 -04:00
Nick Mathewson
441241c136 Fix a whitespace error 2010-10-21 16:12:04 -04:00
Nick Mathewson
03adb8caad Add some asserts to get_{tlsclient|server}_identity_key
We now require that:
  - Only actual servers should ever call get_server_identity_key
  - If you're being a client or bridge, the client and server keys should
    differ.
  - If you're being a public relay, the client and server keys
    should be the same.
2010-10-21 13:54:12 -04:00
Nick Mathewson
704076680a Rename get_client_identity_key to get_tlsclient_identity_key 2010-10-21 13:54:02 -04:00
Nick Mathewson
a7cf788740 Merge branch 'bug1992_part1' 2010-10-15 17:08:18 -04:00
Robert Ransom
a2bb0bfdd5 Maintain separate server and client identity keys when appropriate.
Fixes a bug described in ticket #988.
2010-10-04 21:51:53 -07:00
Robert Ransom
17efbe031d Maintain separate server and client TLS contexts.
Fixes bug #988.
2010-10-04 21:51:47 -07:00
Robert Ransom
d3879dbd16 Refactor tor_tls_context_new:
* Make tor_tls_context_new internal to tortls.c, and return the new
  tor_tls_context_t from it.

* Add a public tor_tls_context_init wrapper function to replace it.
2010-10-04 17:57:29 -07:00
Robert Ransom
89dffade8d Add public_server_mode function. 2010-10-04 17:57:29 -07:00
Roger Dingledine
22f723e4a3 refactor all these tor_inet_ntoa idioms
but don't refactor the ones that look messy
2010-10-01 21:31:09 -04:00
Nick Mathewson
26e897420e Initial conversion to use node_t throughout our codebase.
A node_t is an abstraction over routerstatus_t, routerinfo_t, and
microdesc_t.  It should try to present a consistent interface to all
of them.  There should be a node_t for a server whenever there is
  * A routerinfo_t for it in the routerlist
  * A routerstatus_t in the current_consensus.
(note that a microdesc_t alone isn't enough to make a node_t exist,
since microdescriptors aren't usable on their own.)

There are three ways to get a node_t right now: looking it up by ID,
looking it up by nickname, and iterating over the whole list of
microdescriptors.

All (or nearly all) functions that are supposed to return "a router"
-- especially those used in building connections and circuits --
should return a node_t, not a routerinfo_t or a routerstatus_t.

A node_t should hold all the *mutable* flags about a node.  This
patch moves the is_foo flags from routerinfo_t into node_t.  The
flags in routerstatus_t remain, but they get set from the consensus
and should not change.

Some other highlights of this patch are:

  * Looking up routerinfo and routerstatus by nickname is now
    unified and based on the "look up a node by nickname" function.
    This tries to look only at the values from current consensus,
    and not get confused by the routerinfo_t->is_named flag, which
    could get set for other weird reasons.  This changes the
    behavior of how authorities (when acting as clients) deal with
    nodes that have been listed by nickname.

  * I tried not to artificially increase the size of the diff here
    by moving functions around.  As a result, some functions that
    now operate on nodes are now in the wrong file -- they should
    get moved to nodelist.c once this refactoring settles down.
    This moving should happen as part of a patch that moves
    functions AND NOTHING ELSE.

  * Some old code is now left around inside #if 0/1 blocks, and
    should get removed once I've verified that I don't want it
    sitting around to see how we used to do things.

There are still some unimplemented functions: these are flagged
with "UNIMPLEMENTED_NODELIST()."  I'll work on filling in the
implementation here, piece by piece.

I wish this patch could have been smaller, but there did not seem to
be any piece of it that was independent from the rest.  Moving flags
forces many functions that once returned routerinfo_t * to return
node_t *, which forces their friends to change, and so on.
2010-10-01 18:14:27 -04:00
Nick Mathewson
d84d20cbb2 Try to make most routerinfo_t interfaces const 2010-10-01 18:14:27 -04:00
Roger Dingledine
734ba2f937 fix comment 2010-10-01 14:11:08 -04:00
Roger Dingledine
6cb5383e56 log when we guess our ip address, not just when we fail 2010-10-01 13:32:38 -04:00
Roger Dingledine
9d7f0badb5 changelog entry for bug1751 2010-09-27 17:44:00 -04:00
Nick Mathewson
6c5b9ba625 Change bug1751 enabling code based on comments from arma 2010-09-27 17:07:22 -04:00
Nick Mathewson
ef5925237d First cut of code to enable RefuseUnknownExits
The RefuseUnknownExits config option is now a tristate, with "1"
meaning "enable it no matter what the consensus says", "0" meaning
"disable it no matter what the consensus says", and "auto" meaning "do
what the consensus says".  If the consensus is silent, we enable
RefuseUnknownExits.

This patch also changes the dirserv logic so that refuseunknownexits
won't make us cache unless we're an exit.
2010-09-21 01:03:29 -04:00
Sebastian Hahn
05072723cb Create routerparse.h 2010-07-27 10:00:46 +02:00
Sebastian Hahn
df9d42cef5 Create rephist.h 2010-07-27 10:00:46 +02:00
Sebastian Hahn
b0cd4551ab Create relay.h 2010-07-27 10:00:45 +02:00
Sebastian Hahn
7bd8dee463 Create policies.h 2010-07-27 10:00:45 +02:00
Sebastian Hahn
0f1548ab18 Create main.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
a86f464f6b Create hibernate.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
dc2f1666ff Create dns.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
7d4c027fb0 Create dirserv.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
bec1c838ca Create directory.h 2010-07-27 07:58:15 +02:00
Sebastian Hahn
0bfa34e1f6 Create control.h 2010-07-27 07:58:15 +02:00
Sebastian Hahn
2a74101f7a Create connection.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
c4f8f1316e Create config.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
01c7b60a80 Create circuituse.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
174a88dd79 Create circuitlist.h 2010-07-27 07:58:13 +02:00
Sebastian Hahn
cbee969f40 Create routerlist.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
c53b6cc831 Create router.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
ff4030f621 Create geoip.h 2010-07-27 07:56:25 +02:00
Roger Dingledine
b264192083 finally get rid of "clique mode" 2010-04-23 19:39:42 -04:00
Roger Dingledine
573e1d40b3 finally get rid of "clique mode" 2010-04-21 21:35:18 -04:00
Nick Mathewson
b006e3279f Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	src/common/test.h
	src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2 Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Nick Mathewson
937b5cdd41 Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	src/or/routerparse.c
2010-02-27 15:34:02 -05:00
Sebastian Hahn
b67657bd95 Properly handle non-terminated strings
Treat strings returned from signed_descriptor_get_body_impl() as not
NUL-terminated. Since the length of the strings is available, this is
not a big problem.

Discovered by rieo.
2010-02-27 02:13:22 +01:00
Karsten Loesing
7e65871ccc Fix a memory corruption bug while collecting bridge stats
We accidentally freed the internal buffer for bridge stats when we
were writing the bridge stats file or honoring a control port
request for said data. Change the interfaces for
geoip_get_bridge_stats* to prevent these problems, and remove the
offending free/add a tor_strdup.

Fixes bug 1208.
2010-01-26 11:55:43 +01:00
Nick Mathewson
3b4b6009a0 Merge remote branch 'origin/maint-0.2.1' 2010-01-23 20:46:57 -05:00
Nick Mathewson
aec4aea190 Fix two rare leaks spotted by rieo. 2010-01-23 20:46:38 -05:00
Karsten Loesing
f80672d747 Remove duplicate words and a duplicate newline. 2009-12-18 12:55:05 +01:00
Karsten Loesing
e1e5c1b3ab Fix bridge statistics.
Fix statistics on client numbers by country as seen by bridges that were
broken in 0.2.2.1-alpha. Also switch to reporting full 24-hour intervals
instead of variable 12-to-48-hour intervals.
2009-12-17 09:22:55 +01:00
Nick Mathewson
0c1b3070cf Now that FOO_free(NULL) always works, remove checks before calling it. 2009-12-12 02:07:59 -05:00
Karsten Loesing
56c2385157 Fix bug 1113.
Bridges do not use the default exit policy, but reject *:* by default.
2009-10-27 01:03:41 -07:00
Nick Mathewson
8519d36633 Merge commit 'origin/maint-0.2.1' 2009-10-26 22:40:24 -04:00
Nick Mathewson
5c73da7faa Fix two memory leaks found by Coverity (CIDs 417-418)
The first happens on an error case when a controller wants an
impossible directory object.  The second happens when we can't write
our fingerprint file.
2009-10-26 22:12:40 -04:00
Nick Mathewson
8b2f6b27fd Make signature-generation code handle different key and digest lengths. 2009-10-15 15:17:12 -04:00
Roger Dingledine
768bc04feb fix two comment bugs for load_stats_file() 2009-09-28 23:25:23 -04:00
Karsten Loesing
94b57f9f36 Fix an issue with including stats in extra-info descriptors. 2009-09-28 15:20:21 +02:00
Sebastian Hahn
0a71d1c6a7 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 22:16:46 +02:00
Roger Dingledine
a225469ded Merge branch 'maint-0.2.1' 2009-08-31 16:26:01 -04:00
Roger Dingledine
4c297f74f7 Only send reachability status events on overall success/failure
We were telling the controller about CHECKING_REACHABILITY and
REACHABILITY_FAILED status events whenever we launch a testing
circuit or notice that one has failed. Instead, only tell the
controller when we want to inform the user of overall success or
overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
by SwissTorExit.
2009-08-31 16:14:41 -04:00
Nick Mathewson
1d9b8a1e16 Merge commit 'karsten/proposal-166-impl-master' 2009-08-26 11:36:40 -04:00
Karsten Loesing
8c29b7920a Add some fixes after discussion with Nick.
- Refactor geoip.c by moving duplicate code into rotate_request_period().
- Don't leak memory when cleaning up cell queues.
- Make sure that exit_(streams|bytes_(read|written)) are initialized in all
  places accessing these arrays.
- Read only the last block from *stats files and ensure that its timestamp
  is not more than 25 hours in the past and not more than 1 hour in the
  future.
- Stop truncating the last character when reading *stats files.

The only thing that's left now is to avoid reading whole *stats files into
memory.
2009-08-21 23:02:36 +02:00
Nick Mathewson
daa0326aaa Add the first 8 bytes of the git commit digest to our versions.
Note that unlike subversion revision numbers, it isn't meaningful to
compare these for anything but equality.  We define a sort-order anyway,
in case one of these accidentally slips into a recommended-versions
list.
2009-08-21 12:31:13 -04:00
Karsten Loesing
75c59d1a92 Some final (?) cleanups of proposal 166 implementation. 2009-08-19 23:36:27 +02:00
Karsten Loesing
93fd0d3755 Fix a couple of bugs that showed up at runtime. 2009-08-19 19:16:00 +02:00
Karsten Loesing
6592cbe3e1 Don't write extra-info document to debug logs. 2009-08-19 17:15:51 +02:00
Karsten Loesing
42229d1d84 Move all *-stats file to subdirectory stats/. 2009-08-19 17:10:40 +02:00
Karsten Loesing
a5508583ee Include only the last 24 hours of stats in extra-info documents. 2009-08-19 16:30:00 +02:00
Karsten Loesing
dccadb30cd Clean up proposal 166 and its implementation. 2009-08-18 15:53:08 +02:00
Karsten Loesing
20c95a3d21 Fix trivial bug when uploading extra-info documents. 2009-08-17 13:30:10 +02:00
Karsten Loesing
9179bcb923 Include contents of *-stats files in descriptor. 2009-08-17 13:30:10 +02:00
Karsten Loesing
ab7729f472 Remove ./configure option for entry and dir request statistics. 2009-08-17 13:29:50 +02:00
Nick Mathewson
e0dc2e907e Merge commit 'origin/maint-0.2.1' 2009-08-12 22:02:07 -04:00
Karsten Loesing
a98643c1b5 Fix possible segmentation fault on directory authorities.
The more verbose logs that were added in ee58153 also include a string
that might not have been initialized. This can lead to segfaults, e.g.,
when setting up private Tor networks. Initialize this string with NULL.
2009-08-11 17:33:58 +02:00
Roger Dingledine
e8e88922a7 Merge branch 'maint-0.2.1' into master 2009-07-28 18:19:57 -04:00
Sebastian Hahn
3e45445104 Changing MaxAdvertisedBW may not need a republish
Relays no longer publish a new server descriptor if they change
their MaxAdvertisedBandwidth config option but it doesn't end up
changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
fixes bug 1026. Patch from Sebastian.
2009-07-27 23:53:06 -04:00
Roger Dingledine
a73acdd46f Write fingerprint to file and log without spaces
Now it will look like the fingerprints in our bridges documentation,
and confuse fewer users.
2009-07-27 22:51:20 -04:00
Karsten Loesing
8c496d1660 Some tweaks to statistics.
Changes to directory request statistics:

- Rename GEOIP statistics to DIRREQ statistics, because they now include
  more than only GeoIP-based statistics, whereas other statistics are
  GeoIP-dependent, too.
- Rename output file from geoip-stats to dirreq-stats.
- Add new config option DirReqStatistics that is required to measure
  directory request statistics.
- Clean up ChangeLog.

Also ensure that entry guards statistics have access to a local GeoIP
database.
2009-07-15 16:32:40 +02:00