bugfix: actually complain if we duplicate mark-for-close a circuit
add more logging for relay ends that claim dns resolve failed, so we can
find out why they're not being retried.
svn:r1798
otherwise they might have a socket -1, and if we leave them around
they'll muck up poll/select.
i think this was the cause of our win32 and os x fakepoll crashes,
and probably would cause other errors down the road.
svn:r1786
bunch of half-initialized services. This should solve half of
weasel's current bug. The crash is the other half.
(arma: should we also call rend_services_init on hup?)
svn:r1578
choose an intro point, connect to it,
choose a rend point, connect to it and establish a cookie,
get an ack from the rendezvous point,
and know when both circs are ready for her.
APConns don't use conn->purpose anymore
don't initiate a renddesc lookup if one is already in progress
also fix a buffer overflow in nickname parsing (only exploitable
by the operator though)
svn:r1471
let you specify the purpose of circuits you launch
bugfix: we used to be declaring the first successful circuit too early -- when the first hop finished. now we're more accurate.
svn:r1421
This allows us to do a directory connection *through* tor just
as if we're doing it as an application.
Make ap_conns tolerate it when the application sends stuff before
The socks handshake is done (it just buffers it).
Tell directory_initiate_command the length of the payload (because
it might include nuls).
Add a directory_has_arrived function to, for example, start building
the rendezvous service descriptor.
svn:r1412
* read all the time (before we would ignore eof sometimes, oops)
* we can handle different urls now
* send back 404 for an un-handled url
* commands initiated by the client can handle payloads now
* introduce conn->purpose to avoid exponential state-space explosion
svn:r1400
this resolves a subtle bug where tor clients were preferentially using
the directory servers, since when they start building circuits they
know only about the directory servers
on the other hand, it now takes longer after startup before there's
a working circuit. so it goes.
svn:r1350
successful/failed connections, successful/failed extends, and
connection uptimes.
It's still not done: more tests are needed, and not everything calls
connection/circuit_mark_for_close properly. This skews the results.
Also, there needs to be a 'testing' mode for non-OP ORs, where they
periodically build circuits just to test whether extends work.
svn:r1313
we were never writing anything when hold_open_until_flushed was set,
since conn_write returns early if marked_for_conn is set.
seems a bit better now.
svn:r1214
who wants to shut down a connection calls connection_mark_for_close instead
of setting marked_for_close to 1. This automatically removes the connection
from the DNS cache if needed, sends a RELAY END cell if appropriate, and can
be changed to do whatever else is needed.
Still to do:
- The same for circuits, maybe.
- Add some kind of hold_connection_open_until_flushed flag, maybe.
- Change stuff that closes connections with return -1 to use mark_for_close,
maybe.
svn:r1145
add some more data to be flushed but never turn POLLOUT on. not sure
how commonly this bug was hit, but it would be a doozy.
Also add some asserts to see if it happens elsewhere.
svn:r1142
directory is the string that dirserv.c and directory.c deal with
routerlist is routerinfo's that are bundled together in routers.c
rename some of the get_routerlist functions to set_routerlist
preparing to break into router.c for stuff the router does,
and routerlist.c for handling routerlist.
svn:r886
Increment failure counts only when circuits close without having been built.
Reset failure counts only on the second, and when circuits are done building.
svn:r847
Move writing of pidfile after daemonizing, and also after setting the [ug]id:
This means that the tor user needs write priviliges to the pidfile location.
It needs it for unlinking the pidfile anyway.
svn:r846
bugfix: keep going when a circ fails in circuit_n_conn_open
(make circuit_enumerate_by_naddr_nport obsolete)
bugfix: make circuit_n_conn_open only look at circ's that start at us
bugfix: only try circuit_n_conn_open if we're an OP. Otherwise we
expect connections to always already be up.
bugfix: when choosing path length, pay attention to whether the directory
says a router is down.
bugfix: when picking good exit, skip routers which are known to be down
(more work needs to be done on this one)
svn:r838
setuid, because after we setuid we don't have the priviledges we
need to setgid anymore, duh. merged switch_user() and
switch_group() into switch_id(), since that code has to be wound
together.
- return -1 from switch_id() if it's not defined to do anything else.
- moved daemoinize(), write_pidfile(), and switch_id() from main.c to
util.c
svn:r656
setuid and setgid respectively, and die if it can't.
(If the User option is set, tor will setgid to the user's gid as well.)
This happens after the pidfile is created, so that in cases where tor
needs to be root to work with the pidfile, it will at least be able to
create it, although it won't be able to delete it. That sucks, but
it's somewhat better than not being able to create the pidfile in the
first place.
svn:r652
If DebugLogFile is specified, log to it at -l debug
If LogFile is specified, log to it at the -l from the commandline
(default info)
If no LogFile *and* not a Daemon, then log to stdout.
Make conn->s = -1 by default (this might break things)
When kill -USR1, prefer to log at INFO, but make sure they always see it.
svn:r596
Improve debugging output on fingerprint checking.
Make sure to add our own fingerprint to the fingerprint list _before_
adding our own descriptor, or else we'll reject ourself.
Don't call a directory invalid just because we have a newer descriptor
for some router.
Use router_get_dir_hash to generate hashes for signed directories.
Make sure we add our own descriptor successfully.
Don't fall-through on failed base64-endode.
svn:r514
fix a variety of seg faults
don't try to list OPs in running-routers
write cached-directory to disk when rebuilding the dir
on boot, dirservers load approved-routers file
on boot, dirservers load cached directory file
svn:r508
ERR is if something fatal just happened
WARNING is something bad happened, but we're still running. The bad thing
is either a bug in the code, an attack or buggy protocol/implementation
of the remote peer, etc. The operator should examine the bad thing and
try to correct it.
(No error or warning messages should be expected. I expect most people
to run on -l warning eventually.)
NOTICE is never ever used.
INFO means something happened (maybe bad, maybe ok), but there's nothing
you need to (or can) do about it.
DEBUG is for everything louder than INFO.
svn:r486
redo all the config files for the new format (we'll redo them again soon)
fix (another! yuck) segfault in log_fn when input is too large
tor_tls_context_new() returns -1 for error, not NULL
fix segfault in check_conn_marked() on conn's that die during tls handshake
make ORs also initialize conn from router when we're the receiving node
make non-dirserver ORs upload descriptor to every dirserver on startup
add our local address to the descriptor
add Content-Length field to POST command
revert the Content-Length search in fetch_from_buf_http() to previous code
fix segfault in memmove in fetch_from_buf_http()
raise maximum allowed headers/body size in directory.c
svn:r484
'buf_t' is now an opaque type defined in buffers.c .
Router descriptors now include all keys; routers generate keys as
needed on startup (in a newly defined "data directory"), and generate
their own descriptors. Descriptors are now self-signed.
Implementation is not complete: descriptors are never published; and
upon receiving a descriptor, the directory doesn't do anything with
it.
At least "routers.or" and orkeygen are now obsolete, BTW.
svn:r483
Fixed up the assert_*_ok funcs some (more work remains)
Changed config so it reads either /etc/torrc or the -f arg, never both
Finally tracked down a nasty bug with our use of tls:
It turns out that if you ask SSL_read() for no more than n bytes, it
will read the entire record from the network (and maybe part of the next
record, I'm not sure), give you n bytes of it, and keep the remaining
bytes internally. This is fine, except our poll-for-read looks at the
network, and there are no bytes pending on the network, so we never know
to ask SSL_read() for more bytes. Currently I've hacked it so if we ask
for n bytes and it returns n bytes, then it reads again right then. This
will interact poorly with our rate limiting; we need a cleaner solution.
svn:r481
deal with content-length headers better when reading http
don't assume struct socks4_info is a packed struct
fail the socks handshake if destip is zero
flesh out conn_state_to_string() for dir conn
fix typo (bug) in connection_handle_read()
directory get is now called fetch, post is now upload
reopen logs on sighup
svn:r475
this paves the way for supporting socks5 and other handshakes
it also removes those pesky AP-only variables from connection_t
also hacked a fix for a bug where some streams weren't ending properly --
maybe because marked connections weren't flushing properly?
svn:r472
your client exits if you're running a version not in the
directory's list of acceptable versions (unless you have a
config variable set to override).
svn:r408
(expiry time set to 100 seconds so we can play with it)
exit connections are now informed when pending resolves fail
we kill off the oldest busy worker when we're under attack and need to
resolve something new
svn:r356
i've eliminated the master dns process, so now the workers just
act like regular connections and are handled by the normal pollarray.
everything seems to still work. ;)
svn:r327