Commit Graph

1026 Commits

Author SHA1 Message Date
Nick Mathewson
53c3174ee4 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-18 11:01:43 -05:00
Nick Mathewson
d388f9d879 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-18 11:01:33 -05:00
Nick Mathewson
94db8f32e4 Make all the free() functions from container.h clear their targets 2017-11-17 12:01:19 -05:00
Nick Mathewson
9f2efd02a1 Minimal implementation of bridge-distribution-request
Just advertise the line when we're a bridge, using "any" if we're
published or "none" if we aren't.

This is done in lieu of a full backport of #18329.
2017-11-13 20:44:51 -05:00
Nick Mathewson
594cf92498 Merge branch 'feature18329_029_squashed' into maint-0.3.2 2017-10-24 19:35:28 -04:00
Nick Mathewson
613b18f0af Always set bridge-distribution-request on bridges' descriptors.
Also, warn the user if the BridgeDistribution option is
unrecognized, and reject the value if it is invalid.
2017-10-24 19:26:24 -04:00
Roger Dingledine
ebab521525 Add new BridgeDistribution config option
Bridge relays can use it to add a "bridge-distribution-request" line
to their bridge descriptor, which tells BridgeDB how they'd like their
bridge address to be given out.

Implements tickets 18329.
2017-10-24 19:26:24 -04:00
Nick Mathewson
c1deabd3b0 Run our #else/#endif annotator on our source code. 2017-09-15 16:24:44 -04:00
Roger Dingledine
3247518f22 fix a copy-pasta issue from long ago 2017-09-13 22:28:06 -04:00
Nick Mathewson
035fe2d208 Remove named_map and unnamed_map from networkstatus.c 2017-09-12 09:56:42 -04:00
Nick Mathewson
2df7f1d59d Merge branch 'ed25519_lookup' 2017-09-08 12:18:22 -04:00
Nick Mathewson
b91dce9454 Merge branch 'maint-0.3.1' 2017-08-25 11:39:38 -04:00
Nick Mathewson
6069c829f9 Merge branch 'bug19418_029' into maint-0.3.1 2017-08-25 11:38:24 -04:00
Nick Mathewson
80d3887360 Refactor node lookup APIs to take flags
Right now there's a single warn_if_unnamed flag for
router_get_consensus_status_by_nickname() and
node_get_by_nickname(), that is nearly always 1.  I've turned it
into an 'unsigned' bitfield, and inverted its sense.  I've added the
flags argument to node_get_by_hex_id() too, though it does nothing
there right now.

I've removed the router_get_consensus_status_by_nickname() function,
since it was only used in once place.

This patch changes the warning behavior of GETINFO ns/name/<name>,
since all other name lookups from the controller currently warn.

Later I'm going to add more flags, for ed25519 support.
2017-08-22 19:13:40 -04:00
Nick Mathewson
418f3d6298 Make sure we always wind up checking i2d_*'s output.
The biggest offender here was sometimes not checking the output of
crypto_pk_get_digest.

Fixes bug 19418.  Reported by Guido Vranken.
2017-08-09 09:24:16 -04:00
Nick Mathewson
96cf608b2e Merge branch 'bug22885_squashed' 2017-08-03 09:33:40 -04:00
Nick Mathewson
7f32920648 Don't send missing X-Desc-Gen-Reason on startup
Since we start with desc_clean_since = 0, we should have been
starting with non-null desc_dirty_reason.

Fixes bug 22884; bugfix on 0.2.3.4-alpha when X-Desc-Gen-Reason was
added.
2017-08-03 09:33:33 -04:00
Isis Lovecruft
c59ba01550
rephist: Remove unused crypto_pk statistics.
These statistics were largely ununsed, and kept track of statistical information
on things like how many time we had done TLS or how many signatures we had
verified.  This information is largely not useful, and would only be logged
after receiving a SIGUSR1 signal (but only if the logging severity level was
less than LOG_INFO).

 * FIXES #19871.
 * REMOVES note_crypto_pk_op(), dump_pk_op(), and pk_op_counts from
   src/or/rephist.c.
 * REMOVES every external call to these functions.
2017-07-13 20:24:48 +00:00
Nick Mathewson
e84127d99e Merge remote-tracking branch 'asn/bug21969_bridges_030' into maint-0.3.0 2017-06-28 13:48:52 -04:00
Nick Mathewson
35d6313500 Call it a BUG to use -1 in authdir_mode_handles_descs 2017-06-21 13:49:17 -04:00
huyvq
ad97714f22 Remove obsolete authdir_mode_any_nonhidserv()
- Replace it with authdir_mode()
2017-06-21 13:49:17 -04:00
huyvq
18cd1993ca Convert authdir_mode_handles_descs() to alternative wrappers
-authdir_mode_handles_descs(options, ROUTER_PURPOSE_BRIDGE) to authdir_mode_bridge(options).

- authdir_mode_handles_descs(options, ROUTER_PURPOSE_GENERAL) to authdir_mode_v3(options).
2017-06-21 13:49:17 -04:00
huyvq
d92b999757 Convert authdir_mode_handles_descs(options, -1) with authdir_mode(options) 2017-06-21 13:49:17 -04:00
huyvq
0471c905a1 Remove obsolete authdir_mode_any_main() 2017-06-21 13:49:17 -04:00
Nick Mathewson
e3b1573be6 Merge branch 'maint-0.3.0' 2017-06-05 15:52:06 -04:00
Nick Mathewson
a9be768959 Bugfix: Regenerate more certificates when appropriate
Previously we could sometimes change our signing key, but not
regenerate the certificates (signing->link and signing->auth) that
were signed with it.  Also, we would regularly replace our TLS x.509
link certificate (by rotating our TLS context) but not replace our
signing->link ed25519 certificate.  In both cases, the resulting
inconsistency would make other relays reject our link handshakes.

Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
2017-05-31 18:45:35 -04:00
Roger Dingledine
5f74749fba get rid of some dead code (leftover from commit fa04fe1) 2017-05-24 23:37:00 -04:00
Roger Dingledine
d22d565331 add copy of MyFamily element to the descriptor, not the element itself
If we add the element itself, we will later free it when we free the
descriptor, and the next time we go to look at MyFamily, things will
go badly.

Fixes the rest of bug 22368; bugfix on 0.3.1.1-alpha.
2017-05-24 23:37:00 -04:00
Roger Dingledine
a7e75ff796 don't free the values in options->MyFamily when we make a descriptor
If we free them here, we will still attempt to access the freed memory
later on, and also we will double-free when we are freeing the config.

Fixes part of bug 22368.
2017-05-24 23:32:32 -04:00
George Kadianakis
e102ad60d0 Refactor directory_initiate_command() so that it accepts guard_state. 2017-05-22 15:45:46 +03:00
Nick Mathewson
d76cffda60 Merge remote-tracking branch 'public/my-family-list-fix-4498' 2017-05-10 11:12:24 -04:00
Nick Mathewson
2a1013948d Merge branch 'dgoulet_ticket22060_031_01_squashed' 2017-05-09 10:32:21 -04:00
David Goulet
7f95ef6e66 config: Remove {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
039e2a24da config: Remove TLSECGroup option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
David Goulet
d52a1e2faa config: Remove AllowSingleHopExits option
Deprecated in 0.2.9.2-alpha, this commits changes it as OBSOLETE() and cleans
up the code associated with it.

Partially fixes #22060

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-05-09 10:30:52 -04:00
Nick Mathewson
4d30dde156 Merge branch 'netflow_padding-v6-rebased2-squashed' 2017-05-08 13:54:59 -04:00
Mike Perry
b0e92634d8 Netflow record collapsing defense.
This defense will cause Cisco, Juniper, Fortinet, and other routers operating
in the default configuration to collapse netflow records that would normally
be split due to the 15 second flow idle timeout.

Collapsing these records should greatly reduce the utility of default netflow
data for correlation attacks, since all client-side records should become 30
minute chunks of total bytes sent/received, rather than creating multiple
separate records for every webpage load/ssh command interaction/XMPP chat/whatever
else happens to be inactive for more than 15 seconds.

The defense adds consensus parameters to govern the range of timeout values
for sending padding packets, as well as for keeping connections open.

The defense only sends padding when connections are otherwise inactive, and it
does not pad connections used solely for directory traffic at all. By default
it also doesn't pad inter-relay connections.

Statistics on the total padding in the last 24 hours are exported to the
extra-info descriptors.
2017-05-08 13:49:21 -04:00
Nick Mathewson
8aadd60eac Replace remaining directory_initiate_command_* instances 2017-04-21 15:08:28 -04:00
Daniel Pinto
fa04fe1674 MyFamily config string is now a list. #4998 2017-04-14 13:04:37 +01:00
Nick Mathewson
58680d0429 Merge branch 'ahf_bugs_21641_squashed' 2017-03-17 11:16:24 -04:00
Alexander Færøy
853b54dea4 Add periodic timer for expiring old onion keys.
This patch adds a new timer that is executed when it is time to expire
our current set of old onion keys. Because of proposal #274 this can no
longer be assumed to be at the same time we rotate our onion keys since
they will be updated less frequently.

See: https://bugs.torproject.org/21641
2017-03-17 11:15:43 -04:00
Alexander Færøy
d88f10cdf2 Add API to query the current onion key grace period.
This patch adds an API to get the current grace period, in days, defined
as the consensus parameter "onion-key-grace-period-days".

As per proposal #274 the values for "onion-key-grace-period-days" is a
default value of 7 days, a minimum value of 1 day, and a maximum value
defined by other consensus parameter "onion-key-rotation-days" also
defined in days.

See: https://bugs.torproject.org/21641
2017-03-17 11:15:43 -04:00
Alexander Færøy
23ae5b655b Make MIN_ONION_KEY_LIFETIME a consensus parameter defined value.
This patch turns `MIN_ONION_KEY_LIFETIME` into a new function
`get_onion_key_lifetime()` which gets its value from a network consensus
parameter named "onion-key-rotation-days". This allows us to tune the
value at a later point in time with no code modifications.

We also bump the default onion key lifetime from 7 to 28 days as per
proposal #274.

See: https://bugs.torproject.org/21641
2017-03-17 11:15:43 -04:00
Nick Mathewson
7505f452c8 Run the copyright update script. 2017-03-15 16:13:17 -04:00
David Goulet
e16148a582 relay: Honor DataDirectoryGroupReadable at key init
Our config code is checking correctly at DataDirectoryGroupReadable but then
when we initialize the keys, we ignored that option ending up at setting back
the DataDirectory to 0700 instead of 0750. Patch by "redfish".

Fixes #19953

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-01-17 14:40:01 -05:00
J. Ryan Stinnett
d5df9fa235 Replace "people" with the appropriate network component in comments
Fixes #18145.
2016-12-12 09:50:21 -05:00
Nick Mathewson
e93234af70 Merge branch 'feature15056_v1_squashed' 2016-12-08 16:49:24 -05:00
Nick Mathewson
c35d481f56 Merge branch 'maint-0.2.9' 2016-11-21 12:44:21 -05:00
Roger Dingledine
3bb40b213b refactor router_pick_published_address to have another arg
no change in behavior except fewer log entries in the case where we use
a cached result.
2016-11-16 16:13:03 -05:00
Nick Mathewson
b5e75ae7dd Add an ed25519 identity to extend_info 2016-11-10 09:43:27 -05:00
Nick Mathewson
c58592e658 Merge branch 'maint-0.2.9' 2016-11-08 18:51:19 -05:00
Nick Mathewson
d73c671d6d policy_is_reject_star():
ome policies are default-reject, some default-accept.  But
policy_is_reject_star() assumed they were all default_reject.  Fix
that!

Also, document that policy_is_reject_star() treats a NULL policy as
empty. This allows us to simplify the checks in
parse_reachable_addresses() by quite a bit.

Fxes bug 20306; bugfix on 0.2.8.2-alpha.
2016-10-31 15:05:56 -04:00
overcaffeinated
265d5446fa Automated change to use smartlist_add_strdup
Use the following coccinelle script to change uses of
smartlist_add(sl, tor_strdup(str)) to
smartlist_add_strdup(sl, string) (coccinelle script from nickm
via bug 20048):

@@
expression a;
expression b;
@@
- smartlist_add
+ smartlist_add_strdup
   (a,
- tor_strdup(
   b
- )
  )
2016-10-27 10:26:06 +01:00
Nick Mathewson
54fda6b98a Module-level docs for ext_orport and router.c 2016-10-18 19:32:49 -04:00
Nick Mathewson
49d7feb8a0 Tweak patch for 18529.
- function doesn't need to be inline.

- rename function

- Make documentation more pedantically correct

- Remove needless "? 1 : 0."
2016-10-13 09:19:51 -04:00
Nick Mathewson
1fc3e29108 Remove duplicate code that checks for default authorities
Patch from ericho.

Fixes 18529. Simple refactoring.
2016-10-13 09:19:37 -04:00
Nick Mathewson
53255e925c Fix memory leak from prop264 branch. CID 1373401 2016-09-28 08:21:33 -07:00
Nick Mathewson
97337844b7 Merge branch 'protover_v2_squashed' 2016-09-26 11:00:08 -07:00
Nick Mathewson
afe0419db7 Rename get_supported_protocols to protover_get_supported_protocols 2016-09-26 10:56:53 -07:00
Nick Mathewson
4df12239f6 Emit and parse protocol lists in router descriptors 2016-09-26 10:56:49 -07:00
Sebastian Hahn
74d710e7dc Give useful error if authority_signing_key doesn't exist 2016-09-06 00:14:20 +02:00
Nick Mathewson
bbaa7d09a0 Merge remote-tracking branch 'teor/reject-tap-v6' 2016-08-29 15:02:11 -04:00
Nick Mathewson
e8d7953c61 Use tor_assert, not assert. 2016-08-23 09:24:20 -04:00
Nick Mathewson
bd45f7c668 Merge branch 'bug13953_squashed' 2016-08-23 09:22:04 -04:00
teor
a60ef72345 Reword the router_check_descriptor_address_port_consistency log message
The new message covers static and dynamic public IPv4 addresses,
and external / internal addresses in NAT setups.
2016-08-23 09:16:08 -04:00
teor
4b4389280e
Check parameters to router_check_descriptor_address_port_consistency 2016-08-16 14:39:46 +10:00
teor
427663428b
Refactor duplicate code in router_check_descriptor_address_consistency
No behaviour change
2016-08-16 14:05:46 +10:00
s7r
4d2b3164ec Make log message clearer
Longer and more explicit log message so we don't confuse users with behind NAT with working configurations and state that public IP addresses only should be provided with "Address", won't work with internal addresses.
2016-08-15 09:50:10 +00:00
teor
8c2ee16b8f
Get the extend_info_from_router check the right way around 2016-08-02 14:28:56 +10:00
Nick Mathewson
a8676b1ede Merge branch 'bug18902_squashed' 2016-07-28 06:59:03 -04:00
Nick Mathewson
4757303873 Fix all -Wshadow warnings on Linux
This is a partial fix for 18902.
2016-07-28 06:58:44 -04:00
teor (Tim Wilson-Brown)
64bf6b70a8 Check that extend_info_from_router is never called on a client 2016-07-26 19:31:05 -04:00
teor (Tim Wilson-Brown)
24e8bb2d83
Relays make sure their own descriptor has an ntor key 2016-07-15 09:55:49 +10:00
Nick Mathewson
d6b2af7a3a Merge branch 'bug19180_easy_squashed' 2016-06-11 10:15:40 -04:00
Nick Mathewson
53a3b39da1 Add -Wmissing-variable-declarations, with attendant fixes
This is a big-ish patch, but it's very straightforward.  Under this
clang warning, we're not actually allowed to have a global variable
without a previous extern declaration for it.  The cases where we
violated this rule fall into three roughly equal groups:
  * Stuff that should have been static.
  * Stuff that was global but where the extern was local to some
    other C file.
  * Stuff that was only global when built for the unit tests, that
    needed a conditional extern in the headers.

The first two were IMO genuine problems; the last is a wart of how
we build tests.
2016-06-11 10:11:54 -04:00
Nick Mathewson
4f1a04ff9c Replace nearly all XXX0vv comments with smarter ones
So, back long ago, XXX012 meant, "before Tor 0.1.2 is released, we
had better revisit this comment and fix it!"

But we have a huge pile of such comments accumulated for a large
number of released versions!  Not cool.

So, here's what I tried to do:

  * 0.2.9 and 0.2.8 are retained, since those are not yet released.

  * XXX+ or XXX++ or XXX++++ or whatever means, "This one looks
    quite important!"

  * The others, after one-by-one examination, are downgraded to
    plain old XXX.  Which doesn't mean they aren't a problem -- just
    that they cannot possibly be a release-blocking problem.
2016-05-30 16:18:16 -04:00
Nick Mathewson
8c1c71aa2c Merge branch 'maint-0.2.8' 2016-05-26 12:12:54 -04:00
Nick Mathewson
a873ba8edd Fix two long lines 2016-05-26 12:11:57 -04:00
Nick Mathewson
4a14c2cfc7 Merge branch 'maint-0.2.8' 2016-05-19 15:56:39 -04:00
Nick Mathewson
2729f166cb whitespace fixes 2016-05-17 20:08:03 -04:00
Nick Mathewson
ab932cd7bf Remove duplicate siging_key_cert fields.
With the fix for #17150, I added a duplicate certificate here.  Here
I remove the original location in 0.2.8.  (I wouldn't want to do
that in 027, due to the amount of authority-voting-related code
drift.)

Closes 19073.
2016-05-17 20:04:16 -04:00
Nick Mathewson
a7f6e434be Merge branch 'maint-0.2.8' 2016-05-17 19:48:49 -04:00
Nick Mathewson
3f49474349 Merge branch 'bug17150_027_extra' into maint-0.2.8 2016-05-17 19:47:22 -04:00
Nick Mathewson
00f74e0372 Improve API of routerinfo_incompatible_with_extrainfo()
This API change makes it so that routerinfo_incompatible...() no
longer takes a routerinfo_t, so that it's obvious that it should
only look at fields from the signed_descriptor_t.

This change should prevent a recurrence of #17150.
2016-05-17 13:24:01 -04:00
Nick Mathewson
8acfac7375 Copy the signing_key_cert field into signed_descriptor_t
We need this field to be in signed_descriptor_t so that
routerinfo_incompatible_with_extrainfo can work correctly (#17150).
But I don't want to move it completely in this patch, since a great
deal of the code that messes with it has been in flux since 0.2.7,
when this ticket was opened.  I should open another ticket about
removing the field from routerinfo_t and extrainfo_t later on.

This patch fixes no actual behavior.
2016-05-17 13:14:04 -04:00
Nick Mathewson
44da47d3c1 Move extra_info_digest256 into signed_descriptor_t
This patch includes no semantic changes; it's just a field movement.

It's prerequisite for a fix to 19017/17150.
2016-05-17 12:53:12 -04:00
Nick Mathewson
36909674b4 Merge remote-tracking branch 'teor/bug18963-remember-v2' 2016-05-17 12:15:53 -04:00
Nick Mathewson
548d14247e Merge remote-tracking branch 'arma/bug18616-v4' into maint-0.2.8 2016-05-17 10:48:12 -04:00
Roger Dingledine
06031b441e touchups and refactorings on bug 18616 branch
no behavior changes
2016-05-16 17:43:47 -04:00
teor (Tim Wilson-Brown)
cdb528d841
Fetch certificates from the same directory as previous certificates
Improves the fix to #18963.
2016-05-11 13:30:30 -04:00
Roger Dingledine
b8b5bccfd9 refactor the #19003 patches
fix the logic in one of the comments
2016-05-11 13:03:49 -04:00
teor (Tim Wilson-Brown)
c2817774c2
Allow directories in small networks to bootstrap
Skip DirPort checks when the consensus has no exits.

Resolves #19003, bugfix on #18050 in 0.2.8.1-alpha.
2016-05-09 14:29:07 -04:00
teor (Tim Wilson-Brown)
c75bf388b5
Warn users when addresses in ports and descriptor are inconsistent
This mitigates bug 13953.
2016-05-07 10:22:02 -07:00
teor (Tim Wilson-Brown)
b6ba6afa37 Refactor DirPort & begindir descriptor checks
No actual behaviour changes
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
211e56ad87 Remove redundant descriptor checks for OR/Dir reachability
The ORPort and DirPort must be reachable, or we won't publish a
descriptor.
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
b51316c0e7 Refactor common code out of reachability checks
No actual changes in behavior
2016-04-28 12:26:39 +10:00
teor (Tim Wilson-Brown)
d3c60f2bd7 Avoid checking ORPort reachability when the network is disabled
This is consistent with existing DirPort reachability checks.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
692828bea5 Decide to advertise begindir support like we decide to advertise DirPort
Decide to advertise begindir support in a similar way to how
we decide to advertise DirPort.

Fix up the associated descriptor-building unit tests.

Resolves #18616, bugfix on 0c8e042c30 in #12538 in 0.2.8.1-alpha.
2016-04-28 12:26:38 +10:00
teor (Tim Wilson-Brown)
10330c1234 Remove an extraneous space in a log message 2016-03-01 19:08:02 +01:00
teor (Tim Wilson-Brown)
2120e14009 Allow internal IPv6 addresses in descriptors in private networks 2016-03-01 16:48:16 +01:00