nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-09-22 22:14:58 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,218 Commits 53 Branches 629 Tags 108 MiB
32d6acade8
Commit Graph

8552 Commits

Author SHA1 Message Date
Nick Mathewson
f729e1e984 Merge branch 'feature3457-v4-nm-squashed' 
Conflicts:
	src/or/rendclient.c
 2012-01-11 12:10:14 -05:00
Nick Mathewson
b5af456685 Use spaceless ISO8601 time format, not sec,usec. 2012-01-11 12:08:01 -05:00
Nick Mathewson
3826e058ac Implement proposal 187: reserve a cell type for client authorization 
This needs a changes file and more testing.
 2012-01-11 11:10:18 -05:00
Nick Mathewson
ce703bd53e defensive programming to catch duplicate calls to connection_init_or_handshake_state 2012-01-11 11:10:17 -05:00
Nick Mathewson
c5b58df775 Add clarity/typesafety wrappers for control_event_circuit_status_minor 2012-01-11 10:28:20 -05:00
Nick Mathewson
0e911abf27 Rename CIRC2 to CIRC_MINOR 
Also give the arguments to control_event_circuit_status_minor real
names.
 2012-01-11 10:19:24 -05:00
Nick Mathewson
fe4811471d Chop out the intro point calculation until it is simple enough for nickm to grok 2012-01-10 19:20:00 -05:00
Robert Ransom
31d6350737 Use my original formula for number of replacements for an intro point 
A fixup commit which was intended to make this formula easier to read
broke it instead.
 2012-01-10 19:20:00 -05:00
Nick Mathewson
5e9d349979 Merge remote-tracking branch 'public/bug4650_nm_squashed' 2012-01-10 17:59:49 -05:00
Nick Mathewson
8d74fba651 Merge branch 'absolute_cookie_file' 2012-01-10 15:00:02 -05:00
Sebastian Hahn
6b9298ef72 Log which votes we still need to fetch 
This might help us see which authorities are problematic in getting
their vote published the first time.
 2012-01-10 16:13:30 +01:00
Sebastian Hahn
50a50392b7 Advertise dirport if accountingmax is large enough 
When we have an effective bandwidthrate configured so that we cannot
exceed our bandwidth limit in one accounting interval, don't disable
advertising the dirport. Implements ticket 2434.
 2012-01-10 09:59:36 -05:00
Nick Mathewson
2a9b279163 Merge remote-tracking branch 'rransom-tor/bug4883' 2012-01-10 09:33:55 -05:00
Robert Ransom
72ed4a41f5 Fix brown-paper-bag bug in #4759 fix 
Fixes #4883, not yet in any release.
 2012-01-09 22:03:04 -08:00
Nick Mathewson
4e14ce4dba Report cookie file location as absolute in protocolinfo message 2012-01-09 13:20:48 -05:00
Nick Mathewson
838ec086be Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-09 12:22:29 -05:00
Nick Mathewson
6fd61cf767 Fix a trivial log message error in renservice.c 
Fixes bug 4856; bugfix on 0.0.6

This bug was introduced in 79fc5217, back in 2004.
 2012-01-09 12:21:04 -05:00
Nick Mathewson
d4de312b3c Merge remote-tracking branch 'rransom-tor/bug4842' 2012-01-09 11:59:08 -05:00
Roger Dingledine
ecdea4eeaf Merge branch 'maint-0.2.2' 2012-01-08 12:17:16 -05:00
Roger Dingledine
cc1580dbe0 when the consensus fails, list which dir auths were in or out 2012-01-08 12:14:44 -05:00
Roger Dingledine
04bf17c50c nickname, not identity fingerprint, will help more 2012-01-08 12:09:01 -05:00
Roger Dingledine
78e95b7b71 tell me who votes are actually for, not just where they're from 2012-01-08 10:03:46 -05:00
Roger Dingledine
19c372daf0 clean up a comment that confused arturo 2012-01-07 07:41:46 -05:00
Robert Ransom
b46a7ebb2b Don't remove rend cpath element from relaunched service-side rend circs 
Fixes bug 4842, not in any release.
 2012-01-06 22:44:20 -08:00
Sebastian Hahn
98959f63ac Disallow disabling DisableDebuggerAttachment on runnning Tor 
Also, have tor_disable_debugger_attach() return a tristate of
success/failure/don't-know-how , and only log appropriately.
 2012-01-04 15:09:02 -05:00
Nick Mathewson
65420e4cb5 Merge remote-tracking branch 'rransom-tor/bug1297b-v2' 2012-01-04 13:50:24 -05:00
Robert Ransom
0bd53b8d87 Verbotify documentation comments for the #1297-fix flags 2012-01-04 09:37:49 -08:00
Nick Mathewson
47b7a27929 Merge remote-tracking branch 'origin/maint-0.2.2' 2012-01-03 13:22:34 -05:00
Sebastian Hahn
5d9be49540 Fix a check-spaces violation in compat.c 
Also fix a comment typo
 2011-12-30 23:30:57 +01:00
Sebastian Hahn
d861b4cc9d Fix spelling in a controlsocket log msg 
Fixes bug 4803.
 2011-12-30 23:27:02 +01:00
Nick Mathewson
bfae41328e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 16:52:31 -05:00
Nick Mathewson
84bf8e3808 Merge remote-tracking branch 'public/bug4788' into maint-0.2.2 2011-12-28 16:50:45 -05:00
Nick Mathewson
e3a6493898 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-28 15:57:48 -05:00
Nick Mathewson
c563551eef Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-12-28 15:56:37 -05:00
Nick Mathewson
120a745346 Bug 4786 fix: don't convert EARLY to RELAY on v1 connections 
We used to do this as a workaround for older Tors, but now it's never
the correct thing to do (especially since anything that didn't
understand RELAY_EARLY is now deprecated hard).
 2011-12-28 15:54:06 -05:00
Robert Ransom
2b189a222b Don't exit when marking a newly created _C_INTRODUCING circ for close 2011-12-28 09:02:14 -08:00
Nick Mathewson
9bcb187387 Authorities reject insecure Tors. 
This patch should make us reject every Tor that was vulnerable to
CVE-2011-0427.  Additionally, it makes us reject every Tor that couldn't
handle RELAY_EARLY cells, which helps with proposal 110 (#4339).
 2011-12-27 21:47:04 -05:00
Robert Ransom
836161c560 Add an option to close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
f88c8ca8c9 Don't close HS service-side rend circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
078e3e9dd5 Add an option to close 'almost-connected' HS client circs on timeout 2011-12-27 08:02:43 -08:00
Robert Ransom
4b13c33c0c Don't close HS client circs which are 'almost connected' on timeout 2011-12-27 08:02:42 -08:00
Nick Mathewson
334a0513de Downgrade relay_early-related warning 2011-12-26 18:11:41 -05:00
Roger Dingledine
3aade2fab7 Merge remote-tracking branch 'nickm/prop110_v2' 2011-12-25 17:43:09 -05:00
Robert Ransom
4c3a23b283 Look up the rend circ whose INTRODUCE1 is being ACKed correctly 
This change cannibalizes circuit_get_by_rend_query_and_purpose because it
had exactly one caller.
 2011-12-22 23:46:09 -08:00
Nick Mathewson
7cb804343b Merge remote-tracking branch 'rransom/feature2411-v4' 2011-12-22 10:51:39 -05:00
Nick Mathewson
782b7f49d8 Fix bug2571: warn on EntryNodes set and UseEntryGuards disabled 2011-12-22 10:31:52 -05:00
Kamran Riaz Khan
a1c1fc72d1 Prepend cwd for relative config file paths. 
Modifies filenames which do not start with '/' or '.' on non-Windows
platforms; uses _fullpath on Windows.
 2011-12-22 10:17:48 -05:00
Nick Mathewson
2710a96ba4 Allow prop110 violations if AllowNonearlyExtend is set in consensus 2011-12-22 10:12:49 -05:00
Nick Mathewson
847541ce5d Log what fraction of EXTEND cells have died for being non-early 2011-12-22 09:51:59 -05:00
Nick Mathewson
0187bd8728 Implement the last of proposal 110 
Reject all EXTEND requests not received in a relay_early cell
 2011-12-22 09:51:59 -05:00
Robert Ransom
66f77561c0 Mark each intro circ with the rend cookie sent in its INTRODUCE1 cell 
Needed by fix for #4759.
 2011-12-22 06:45:45 -08:00
Nick Mathewson
878a684386 Merge remote-tracking branch 'public/bug4697' 2011-12-22 09:45:26 -05:00
Nick Mathewson
8cdeaedf86 Convert a couple of char[256]s into sockaddr_storage 2011-12-21 11:23:13 -05:00
Nick Mathewson
f75660958c Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-21 11:20:56 -05:00
Nick Mathewson
b5e6bbc01d Do not even try to keep going on a socket with socklen==0 
Back in #1240, r1eo linked to information about how this could happen
with older Linux kernels in response to nmap.  Bugs #4545 and #4547
are about how our approach to trying to deal with this condition was
broken and stupid.  Thanks to wanoskarnet for reminding us about #1240.

This is a fix for the abovementioned bugs, and is a bugfix on
0.1.0.3-rc.
 2011-12-21 11:19:41 -05:00
Nick Mathewson
14127f226d Merge remote-tracking branch 'asn-mytor/bug4531' 2011-12-20 14:40:16 -05:00
Nick Mathewson
26053bd7c9 Merge remote-tracking branch 'asn-mytor/bug4725_take2' 2011-12-20 14:28:31 -05:00
George Kadianakis
0cfdd88adb Don't call tor_tls_set_logged_address till after checking conn->tls. 
Fixes bug 4531.
 2011-12-20 19:21:15 +01:00
Nick Mathewson
ba1766bc3f Add explicit cast to make gcc happy 2011-12-20 11:19:57 -05:00
Nick Mathewson
4080ac9eee Merge branch 'bug3825b-v8-squashed' 2011-12-20 11:15:49 -05:00
Robert Ransom
dae000735e Adjust n_intro_points_wanted when a service's intro points are closed 2011-12-20 11:15:33 -05:00
Robert Ransom
46783eb6d7 Extract function to determine how many intros an intro point has handled 2011-12-20 11:15:31 -05:00
Martin Hebnes Pedersen
d5e964731c Fixed build with GCC < 3.3 
Preprocessor directives should not be put inside the arguments
of a macro. This is not supported on older GCC releases (< 3.3)
thus broke compilation on Haiku (running gcc2).
 2011-12-19 11:27:08 -05:00
Martin Hebnes Pedersen
f783a326b8 -lm should not be hardcoded. 
On some platforms (Haiku/BeOS) libm lives in libcore.

Also added 'network' to the list of libraries to search for connect().
 2011-12-19 11:27:08 -05:00
George Kadianakis
539cb627f7 Server transports should be instructed to bind on INADDR_ANY by default. 2011-12-18 13:21:58 +01:00
Nick Mathewson
e5e50d86ca Ignore all bufferevent events on a marked connection 
Bug 4697; fix on 0.2.3.1-alpha
 2011-12-17 14:06:10 -05:00
Nick Mathewson
37504b5efa Merge remote-tracking branch 'asn-mytor/bug4726' 2011-12-17 12:49:15 -05:00
George Kadianakis
6d35f08e01 Doxygenize the file-level documentation of transports.c. 2011-12-16 11:01:56 +01:00
Nick Mathewson
e402edd960 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-12-15 11:32:49 -05:00
Nick Mathewson
562c974ee7 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-12-15 11:28:44 -05:00
Nick Mathewson
9d0777839b Add a fix for the buf_pullup bug that Vektor reported 2011-12-15 11:28:24 -05:00
Robert Ransom
59b5379424 Remove comment complaining that we try to attach all streams to circs 
It's inefficient, but the more efficient solution (only try to attach
streams aiming for this HS) would require far more complexity for a gain
that should be tiny.
 2011-12-09 11:28:42 -05:00
Robert Ransom
832bfc3c46 Clear stream-isolation state on rend circs if needed to attach streams 
Fixes bug 4655; bugfix on 0.2.3.3-alpha.
 2011-12-09 11:28:42 -05:00
Robert Ransom
7b6b2d5fb8 Refactor stream attachment in circuit_has_opened 
Put the 'try attaching streams, clear isolation state if possible, retry
attaching streams' loop in its own separate function, where it belongs.
 2011-12-09 11:28:33 -05:00
Roger Dingledine
ae07af564e paint bug2474's fix a different neon color 
this way people with 80-column logs may read more of the warning
 2011-12-08 04:41:56 -05:00
Nick Mathewson
8bb853b2a2 Merge remote-tracking branch 'public/revert_4312' 2011-12-07 21:12:20 -05:00
Roger Dingledine
299034edf5 clarify a debug line 2011-12-07 18:12:11 -05:00
Nick Mathewson
021ff31ba6 Revert "Get rid of tor_tls_block_renegotiation()." 
This reverts commit 340809dd22.
 2011-12-06 19:49:21 -05:00
Nick Mathewson
616b60cef3 Revert "Use callback-driven approach to block renegotiations." 
This reverts commit 406ae1ba5a.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
df1f72329a Revert "Refactor tor_event_base_once to do what we actually want" 
This reverts commit 7920ea55b8.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
3a17a1a62f Revert "Avoid a double-mark in connection_or_close_connection_cb" 
This reverts commit 633071eb3b.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
135a5102a3 Revert "Make pending libevent actions cancelable" 
This reverts commit aba25a6939.
 2011-12-06 19:49:20 -05:00
Nick Mathewson
50fd99d7ef Revert "Set renegotiation callbacks immediately on tls inititation" 
This reverts commit e27a26d568.
 2011-12-06 19:49:19 -05:00
Nick Mathewson
4f47db3280 Merge remote-tracking branch 'sebastian/coverity' 2011-12-05 11:56:03 -05:00
Nick Mathewson
15d99fe4eb Add comment about bug4651 fix 2011-12-05 11:29:43 -05:00
Sebastian Hahn
60c330a251 cid 432: Remove dead code if we don't handle a consensus 
Bugfix on 0.2.3.1, fixes the second half of bug 4637.
 2011-12-04 17:36:23 +01:00
Robert Ransom
f5730d4698 Don't send two ESTABLISH_RENDEZVOUS cells when opening a new rend circ 2011-12-03 22:06:50 -08:00
Nick Mathewson
682a85ff7c Don't just tell the controller "foo" on id mismatch 
Fixes bug 4169; bugfix on 0.2.1.1-alpha.
 2011-12-02 16:27:33 -05:00
Nick Mathewson
5303918091 Init conn->addr to "unspec" on cpuworker connections 
Fixes bug 4532 reported by "troll_un"
 2011-12-02 16:21:50 -05:00
Nick Mathewson
6171bdd105 Don't call tor_tls_set_logged_address till after checking conn->tls 
Fixes bug 4531; partial backport of e27a26d5.
 2011-12-02 16:15:52 -05:00
Nick Mathewson
f78fc8cfb4 Give DirAllowPrivateAddress an explicit default 
By convention, we say whether each bool's default is 0 or 1

Fixes 4536; found by "troll_un"
 2011-12-02 16:04:18 -05:00
Nick Mathewson
cf14a520c8 Resolve bug 3448: remove mention of tor-ops (which is not in use) 2011-12-02 15:42:15 -05:00
Robert Ransom
5ffa7102c0 Don't segfault when checking whether a not-yet-used intro point should expire 
Found by katmagic.  Bugfix on the #3460 branch, not yet in any release.
 2011-12-01 15:26:45 -08:00
Linus Nordberg
c06c80b7f7 Fix warnings. 
Remove environ declaration.
Use ORPort->value.  And it's a string.
Make tmp a char *.
 2011-12-01 09:40:47 +01:00
Murdoch@cl.cam.ac.uk
b0d3c6a878 Only define set_buffer_lengths_to_zero if bufferevents are enabled 
Otherwise, on Windows, gcc will warn about the function being unused
 2011-11-30 18:06:55 -05:00
Nick Mathewson
d04f21bf39 Merge branch 'feature2553-v4-rebased' 2011-11-30 14:54:33 -05:00
Arturo Filastò
db648fe886 Add some more documentation 2011-11-30 14:54:15 -05:00
Robert Ransom
c90c33fd53 Turn off LearnCircuitBuildTimeout when tor2web mode is on 2011-11-30 14:54:15 -05:00
Robert Ransom
328c9582a9 Add ifdefs to disable assertion in connection_ap_handshake_send_begin 2011-11-30 14:54:15 -05:00
Robert Ransom
a364f88477 Add ifdefs to disable #3332 assertions 2011-11-30 14:54:15 -05:00
Robert Ransom
826f1d5b0a Use single-hop intro and rend circuits when in tor2web mode 2011-11-30 14:54:15 -05:00
Robert Ransom
29287ed0ed Perform single-hop HS desc fetches when in tor2web mode 2011-11-30 14:54:15 -05:00
Robert Ransom
ebf524b48b Don't allow tor2web-mode Tors to connect to non-HS addresses 
The client's anonymity when accessing a non-HS address in tor2web-mode
would be easily nuked by inserting an inline image with a .onion URL, so
don't even pretend to access non-HS addresses through Tor.
 2011-11-30 14:54:15 -05:00
Robert Ransom
5f3e6eb0b9 Warn loudly on startup and SIGHUP if Tor is built for a non-anonymous mode 2011-11-30 14:54:14 -05:00
Robert Ransom
543a36a55b Add a compile-time #define to control whether Tor runs in 'tor2web mode' 
The Tor2webMode torrc option is still required to run a Tor client in
'tor2web mode', but now it can't be turned on at runtime in a normal build
of Tor.  (And a tor2web build of Tor can't be used as a normal Tor client,
so we don't have to worry as much about someone distributing packages with
this particular pistol accessible to normal users.)
 2011-11-30 14:54:14 -05:00
Nick Mathewson
3b88b63826 Merge branch 'bug933_nm_rebased_v2' 
Conflicts:
	src/test/test.c
 2011-11-30 14:10:22 -05:00
Nick Mathewson
e8d598c4ac Tweak addressmap_rewrite a little more 
This resolves a loop warning on "MapAddress *.example.com
example.com", makes the rewrite log messages correct, and fixes the
behavior of "MapAddress *.a *.b" when just given "a" as an input.
 2011-11-30 14:08:11 -05:00
Nick Mathewson
66859e2d4a Fix an issue in my mapaddress domains code spotted by arma 
MapAddress *.torproject.org torproject.org would have been interpreted
as a map from a domain to itself, and would have cleared the mapping.
Now we require not only a match of domains, but of wildcards.
 2011-11-30 14:08:11 -05:00
Nick Mathewson
04c622d720 Add some post-comma spaces to please arma 
Incidentally, we've got 30969 lines in master with a comma
in them, of which 1995 have a comma followed by a non-newline,
non-space character.  So about 93% of our commas are right,
but we have a substantial number of "crowded" lines.
 2011-11-30 14:08:11 -05:00
Nick Mathewson
ff3eb8e023 Forbid remapping of * 
It might be nice to support this someday, but for now it would fail
with an infinite remap cycle.  (If I say "remap * *.foo.exit",
then example.com ->
     example.com.foo.exit ->
     example.com.foo.exit.foo.exit ->
     example.com.foo.exit.foo.exit.foo.exit -> ...)
 2011-11-30 14:08:11 -05:00
Nick Mathewson
69d16900aa Refactor addressmap_match_superdomains and representation of wildcards 
In this new representation for wildcarded addresses, there are no
longer any 'magic addresses': rather, "a.b c.d", "*.a.b c.d" and
"*.a.b *.c.d" are all represented by a mapping from "a.b" to "c.d". we
now distinguish them by setting bits in the addressmap_entry_t
structure, where src_wildcard is set if the source address had a
wildcard, and dst_wildcard is set if the target address had a
wildcard.

This lets the case where "*.a.b *.c.d" or "*.a.b c.d" remap the
address "a.b" get handled trivially, and lets us simplify and improve
the addressmap_match_superdomains implementation: we can now have it
run in O(parts of address) rather than O(entries in addressmap).
 2011-11-30 14:08:11 -05:00
Robert Hogan
53ce6bb52d Address nickm's comments at https://trac.torproject.org/projects/tor/ticket/933#comment:8 
1. Only allow '*.' in MapAddress expressions. Ignore '*ample.com' and '.example.com'.
       This has resulted in a slight refactoring of config_register_addressmaps.
    2. Add some more detail to the man page entry for AddressMap.
    3. Fix initialization of a pointer to NULL rather than 0.
    4. Update the unit tests to cater for the changes in 1 and test more explicitly for
       recursive mapping.
 2011-11-30 14:08:10 -05:00
Robert Hogan
909e9769ec Address nickm's comments at https://trac.torproject.org/projects/tor/ticket/933#comment:4 
1. Implement the following mapping rules:

   MapAddress a.b.c d.e.f # This is what we have now
   MapAddress .a.b.c d.e.f # Replaces any address ending with .a.b.c with d.e.f
   MapAddress .a.b.c .d.e.f # Replaces the .a.b.c at the end of any addr with .d.e.f

   (Note that 'a.b.c .d.e.f' is invalid, and will be rejected.)

2. Add tests for the new rules.

3. Allow proper wildcard annotation, i.e. '*.d.e' '.d.e' will still work.

4. Update addressmap_entry_t with an is_wildcard member.
 2011-11-30 14:08:10 -05:00
Robert Hogan
c6d8c6baaa bug933 - Match against super-domains in MapAddress 
Allow MapAddress to handle directives such as:

MapAddress .torproject.org .torserver.exit
MapAddress .org 1.1.1.1

Add tests for addressmap_rewrite.
 2011-11-30 14:08:10 -05:00
Nick Mathewson
9da99b4939 Fix a memory leak in error path of my default-torrc code 
Fixes Coverity CID # 500
 2011-11-30 12:16:39 -05:00
Nick Mathewson
c5e2bfa983 appease "make check-spaces" 2011-11-30 12:09:53 -05:00
Nick Mathewson
8cc8b016c8 Merge branch 'ipv6_bridges_squashed' 2011-11-30 12:02:13 -05:00
Nick Mathewson
5412b3728c Rename one more recalcitrant function. 2011-11-30 12:01:16 -05:00
Linus Nordberg
1dca559db8 Warn user about client ignoring non-preferred IP address for a bridge. 2011-11-30 11:55:46 -05:00
Linus Nordberg
32d10bdfb3 Whitespace changes. 2011-11-30 11:55:46 -05:00
Linus Nordberg
39ec781b8f Make the router_get_*_orport interface consistent with node_*. 2011-11-30 11:55:46 -05:00
Linus Nordberg
3b51b326e4 Make router_get_{prim,alt,pref}_addr_port take tor_addr_port_t *. 
Rename to *_orport for consistency with node_*.
 2011-11-30 11:55:46 -05:00
Linus Nordberg
2376a6ade4 Merge node_get_{prim,pref,pref_ipv6}_addr with their _orport counterparts. 
This keeps the IP address and TCP for a given OR port together,
reducing the risk of using an address for one address family with a
port of another.

Make node_get_addr() a wrapper function for compatibility.
 2011-11-30 11:55:46 -05:00
Linus Nordberg
529820f8ba Use correct address family where necessary for bridges on IPv6. 2011-11-30 11:55:46 -05:00
Linus Nordberg
f89c619679 Use the preferred address and port when initiating a connection. 
This is not as conservative as we could do it, f.ex. by looking at the
connection and only do this for connections to bridges.  A non-bridge
should never have anything else than its primary IPv4 address set
though, so I think this is safe.
 2011-11-30 11:55:46 -05:00
Linus Nordberg
f6ce9e4ea5 Take IPv6 into account when rewriting routerinfo for a bridge and maintain ipv6_preferred. 
Don't touch the string representation in routerinfo_t->address.

Also, set or clear the routerinfo_t->ipv6_preferred flag based on the
address family of the bridge.
 2011-11-30 11:55:45 -05:00
Linus Nordberg
6048f01971 Use preferred address when looking for bridges by routerinfo_t. 
This should be safe to do for all uses of get_configured_bridge_by_routerinfo().
 2011-11-30 11:55:45 -05:00
Linus Nordberg
7b02d1a73e Clarify function documentation. 2011-11-30 11:55:45 -05:00
Linus Nordberg
f786307ab7 First chunk of support for bridges on IPv6 
Comments below focus on changes, see diff for added code.

New type tor_addr_port_t holding an IP address and a TCP/UDP port.

New flag in routerinfo_t, ipv6_preferred.  This should go in the
node_t instead but not now.

Replace node_get_addr() with
- node_get_prim_addr() for primary address, i.e. IPv4 for now
- node_get_pref_addr() for preferred address, IPv4 or IPv6.

Rename node_get_addr_ipv4h() node_get_prim_addr_ipv4h() for
consistency.  The primary address will not allways be an IPv4 address.
Same for node_get_orport() -> node_get_prim_orport().

Rewrite node_is_a_configured_bridge() to take all OR ports into account.

Extend argument list to extend_info_from_node and
extend_info_from_router with a flag indicating if we want to use the
routers primary address or the preferred address.  Use the preferred
address in as few situtations as possible for allowing clients to
connect to bridges over IPv6.
 2011-11-30 11:55:45 -05:00
Linus Nordberg
5bee213d23 Turn get_first_advertised_v4_port_by_type() into get_first_advertised_port_by_type_af(). 2011-11-30 11:55:45 -05:00
Linus Nordberg
1c2c3314a9 Add some logging and comments. 2011-11-30 11:55:44 -05:00
Nick Mathewson
19a82d2936 Bridges can advertise a single IPv6 address with orport 
This is deliberately more restrictive than we'd want to be.

Needs testing!
 2011-11-30 11:55:44 -05:00
Nick Mathewson
11d5a9f63d Initial support for simplest use of prop186 or-address lines 
This lets a routerinfo_t have a single IPv6 or-address, and adds
support for formatting and parsing those lines.
 2011-11-30 11:55:44 -05:00
Nick Mathewson
5f0a8dcd2c Initial hacking for proposal 186. 
This code handles the new ORPort options, and incidentally makes all
remaining port types use the new port configuration systems.

There are some rough edges!  It doesn't do well in the case where your
Address says one thing but you say to Advertise another ORPort.  It
doesn't handle AllAddrs.  It doesn't actually advertise anything besides
the first listed advertised IPv4 ORPort and DirPort.  It doesn't do
port forwarding to them either.

It's not tested either, it needs more documentation, and it probably
forgets to put the milk back in the refrigerator.
 2011-11-30 11:55:44 -05:00
Robert Ransom
825f3d31b1 Add an assert before dereferencing entry_conn->socks_request 
This may turn a segfault which katmagic saw into an assertion failure.
 2011-11-29 20:34:33 -08:00
Nick Mathewson
628b735fe3 Merge remote-tracking branch 'rransom-tor/bug3460-v4' 
Conflicts:
	src/or/rendservice.c
 2011-11-29 20:56:39 -05:00
Nick Mathewson
fdc0aa8c45 Merge remote-tracking branch 'rransom-tor/bug4605' 2011-11-29 20:28:08 -05:00
Robert Ransom
e70610878a Add 'config-defaults-file' to getinfo_items table 
Bugfix on commit 230422b955, not yet in any
release; fixes bug #4605.
 2011-11-29 17:13:39 -08:00
Robert Ransom
4150d92eea Set torrc_fname in load_torrc_from_disk 
Bugfix on commit 230422b955, not yet in any
release. Fixes bug #4604; reported by koolfy.
 2011-11-29 17:11:49 -08:00
Nick Mathewson
8bb23c7def Merge branch 'bug4587_v2' 2011-11-29 19:15:40 -05:00
Nick Mathewson
e27a26d568 Set renegotiation callbacks immediately on tls inititation 
This way, we can't miss a renegotiation attempt in a v2 handshake,
or miss excess renegotiation attempts.  Partial fix for bug 4587.
 2011-11-29 19:10:19 -05:00
Nick Mathewson
da6c136817 Merge remote-tracking branch 'asn-mytor/bug4548_take2' 2011-11-29 18:30:41 -05:00
Nick Mathewson
83f66db79e Merge branch 'disable_network' 2011-11-29 17:52:23 -05:00
Nick Mathewson
9e8f3ee8e4 Fix some DOCDOCs 2011-11-29 17:52:16 -05:00
Nick Mathewson
8c5a2c5b80 Make sure we never launch an evdns resolve when DisableNetwork is 1 2011-11-29 17:46:54 -05:00
Nick Mathewson
9e25422eed Merge branch 'multilevel_cfg' 2011-11-29 17:38:19 -05:00
Nick Mathewson
aba25a6939 Make pending libevent actions cancelable 
This avoids a dangling pointer issue in the 3412 code, and should
fix bug 4599.
 2011-11-29 17:08:29 -05:00
Nick Mathewson
116dd4ae4f log a notice when disablenetwork is set 2011-11-28 16:07:13 -05:00
Nick Mathewson
df9b76460c New 'DisableNetwork' option to prevent Tor from using the network 
Some controllers want this so they can mess with Tor's configuration
for a while via the control port before actually letting Tor out of
the house.

We do this with a new DisableNetwork option, that prevents Tor from
making any outbound connections or binding any non-control
listeners.  Additionally, it shuts down the same functionality as
shuts down when we are hibernating, plus the code that launches
directory downloads.

To make sure I didn't miss anything, I added a clause straight to
connection_connect, so that we won't even try to open an outbound
socket when the network is disabled.  In my testing, I made this an
assert, but since I probably missed something, I've turned it into a
BUG warning for testing.
 2011-11-28 15:44:10 -05:00
Nick Mathewson
230422b955 Support for a defaults torrc file. 
This will mainly help distributors by giving a way to set system or package
defaults that a user can override, and that a later package can replace.

No promises about the particular future location or semantics for this:
we will probably want to tweak it some before 0.2.3.x-rc

The file is searched for in CONFDIR/torrc-defaults , which can be
overridden with the "--defaults-torrc" option on the command line.
 2011-11-27 22:25:52 -05:00
Nick Mathewson
73436a1d6f Add the ability to append and clear linelist options from cmdline 
This will be important for getting stuff to work right across zones.
 2011-11-27 21:32:51 -05:00
Nick Mathewson
9ce5801e22 Make linelists always overridden by the command line 
This starts an effort to refactor torrc handling code to make it easier
to live with.  It makes it possible to override exit policies from the
command line, and possible to override (rather than append to) socksport
lists from the command line.

It'll be necessary to make a "base" torrc implementation work at all.
 2011-11-27 18:13:32 -05:00
Robert Ransom
a2791f43f5 Correct documentation comments for fields formerly named accepted_intros 2011-11-27 09:30:16 -08:00
Robert Ransom
256bcb4755 Rename accepted_intros fields 2011-11-27 09:26:48 -08:00
Sebastian Hahn
e5e4bfd167 Implement consensus method 12 (proposal 178) 2011-11-27 09:29:33 -05:00
George Kadianakis
055d6c01ff Write dynamic DH parameters to a file. 
Instead of only writing the dynamic DH prime modulus to a file, write
the whole DH parameters set for forward compatibility. At the moment
we only accept '2' as the group generator.

The DH parameters gets stored in base64-ed DER format to the
'dynamic_dh_params' file.
 2011-11-26 19:29:57 +01:00
George Kadianakis
fa013e1bc5 Normal relays should generate dynamic DH moduli as well. 2011-11-26 05:57:17 +01:00
Nick Mathewson
633071eb3b Avoid a double-mark in connection_or_close_connection_cb 2011-11-25 17:21:11 -05:00
Nick Mathewson
7920ea55b8 Refactor tor_event_base_once to do what we actually want 
This version avoids the timeout system entirely, gives a nicer
interface, and lets us manage allocation explicitly.
 2011-11-25 17:18:54 -05:00
Nick Mathewson
e5f2f10844 Merge remote-tracking branch 'asn/bug4312' 2011-11-25 17:00:47 -05:00
Nick Mathewson
b1bd30c24c Make the pt/transports test not crash. 2011-11-25 16:54:06 -05:00
Nick Mathewson
d6c18c5804 Make process_handle_t private and fix some unit tests 
Let's *not* expose more cross-platform-compatibility structures, or
expect code to use them right.

Also, don't fclose() stdout_handle and stdin_handle until we do
tor_process_handle_destroy, or we risk a double-fclose.
 2011-11-25 16:47:25 -05:00
Nick Mathewson
093e6724c7 Merge remote-tracking branch 'asn/bug3472_act2' 2011-11-25 16:00:31 -05:00
Nick Mathewson
cb8059b42d Merge remote-tracking branch 'sebastian/pure_removal' 2011-11-25 14:54:04 -05:00
George Kadianakis
e3cee8bc2e Simply initialize TLS context if DynamicDHGroups change. 
We used to do init_keys() if DynamicDHGroups changed after a HUP, so
that the dynamic DH modulus was stored on the disk. Since we are now
doing dynamic DH modulus storing in crypto.c, we can simply initialize
the TLS context and be good with it.

Introduce a new function router_initialize_tls_context() which
initializes the TLS context and use it appropriately.
 2011-11-25 18:15:26 +01:00
Sebastian Hahn
75d8ad7320 Purge ATTR_PURE from the code 
We're using it incorrectly in many cases, and it doesn't help as far as
we know.
 2011-11-25 17:57:50 +01:00
George Kadianakis
f477ddcc20 Only bother with dynamic DH moduli if we are a bridge. 2011-11-25 17:44:43 +01:00
George Kadianakis
4938bcc06a Do dynamic DH modulus storing in crypto.c. 2011-11-25 17:39:28 +01:00
Peter Palfrader
86be8fcf0a Handle build-trees better. 
Properly create git revision and source file sha1sums include files when
building tor not in its source tree but in a dedicated build tree.
 2011-11-24 23:56:01 -05:00
Nick Mathewson
eaa3a379f0 Move disable-debugger-attachment fn to compat where it belongs. Fix whitespace 2011-11-24 23:45:47 -05:00
Nick Mathewson
3508de3cd6 Tweak disable_debugger_attachment a little 
Don't warn when we have no implementation of this function (since it's
on-by-default); reformat the changes entry; fix an overlong line.
 2011-11-24 23:39:52 -05:00
Nick Mathewson
68114ca52c Merge remote-tracking branch 'ioerror/DisableDebuggerAttachment' 
Conflicts:
	src/or/config.c
 2011-11-24 23:38:32 -05:00
Nick Mathewson
f634228a07 Merge remote-tracking branch 'public/feature4516' 2011-11-24 22:59:37 -05:00
George Kadianakis
1d1d5ae7f8 Finishing touches. 
- Make check-spaces happy.
- Remove a stray header from crypto.h
 2011-11-25 01:08:31 +01:00
George Kadianakis
7c37a664c1 Rename 'dynamic prime' to 'dynamic DH modulus'. 2011-11-25 01:00:58 +01:00
George Kadianakis
782c907c7c s/DynamicPrimes/DynamicDHGroups/g 2011-11-25 01:00:14 +01:00
George Kadianakis
94076d9e3b Move crypto_get_stored_dynamic_prime() to crypto.c 2011-11-24 22:59:01 +01:00
George Kadianakis
2ef68980a7 Move store_dynamic_prime() to crypto.c. 2011-11-24 22:32:10 +01:00
George Kadianakis
cabb8e54c7 Tone down the logging. 2011-11-24 22:14:09 +01:00
George Kadianakis
8a726dd0dd Implement dynamic prime reading and storing to disk. 2011-11-24 22:13:44 +01:00
George Kadianakis
42bda231ee Make DynamicPrimes SIGHUP-able. 
Instead of passing the DynamicPrimes configuration option to
crypto_global_init(), generate and set a new TLS DH prime when we read
the torrc.
 2011-11-24 22:13:38 +01:00
George Kadianakis
659381e00d Introduce the DynamicPrimes configuration option. 2011-11-24 22:09:06 +01:00
Robert Ransom
17113448d2 Include circ creation time in CIRC events, etc. 2011-11-24 06:55:16 -08:00
Robert Ransom
88e0026d2f Send CIRC2 event when a circuit is cannibalized 2011-11-24 06:55:06 -08:00
Robert Ransom
296b8d0b10 Add CIRC2 control-port event, and send it when a circ's purpose changes 2011-11-24 06:54:55 -08:00
Robert Ransom
104c50fedb Log whenever a circuit's purpose is changed 2011-11-24 06:52:38 -08:00
Robert Ransom
d0ed7cbf8b List service address in CIRC events for HS-related circs 2011-11-24 06:32:55 -08:00
Robert Ransom
c7d01b0541 Report HS circ states stored in circ purpose field in CIRC events 2011-11-24 06:32:55 -08:00
Robert Ransom
8d5200c6b5 Use fewer TO_ORIGIN_CIRCUIT casts in getinfo_helper_events 2011-11-24 06:32:55 -08:00
Robert Ransom
c818f1f25d Use the new circ-description function for GETINFO circuit-status 2011-11-24 06:32:54 -08:00
Robert Ransom
b7c765b1b1 Report circuit build_state flags in CIRC events 2011-11-24 06:32:54 -08:00
Robert Ransom
9ce76adfe8 Split circuit-description code into a separate function 2011-11-24 06:32:54 -08:00
Robert Ransom
b149ab00d7 Separate circuit-close reasons from circ description 2011-11-24 06:32:54 -08:00
Robert Ransom
b2212bf9b4 Add Tor2webMode configuration option 2011-11-24 03:54:32 -08:00
Nick Mathewson
f067067ee6 Merge branch 'bug2474' 
Had to resolve conflicts wrt the " (using bufferevents)" addition to the
startup string.

Conflicts:
	src/or/main.c
 2011-11-23 17:14:54 -05:00
Nick Mathewson
2b4d4ffa8f Tweak the "this is not a stable release" warning some more 2011-11-23 17:09:36 -05:00
Sebastian Hahn
841247a586 Fix a compile warning on 64bit OS X 
Backport of 68475fc5c5 which accidentally
only made it into master. Fixes bug 4547. Bug isn't in any released
version.
 2011-11-23 12:06:55 -05:00
Sebastian Hahn
68475fc5c5 Fix a compile warning on 64bit OS X 2011-11-23 01:41:37 +01:00
Roger Dingledine
fce107b11e raise AuthDirFastGuarantee from 20KB to 100KB 
This patch reverts part of 39ceda7e05 (where it used to be 100KB).
 2011-11-21 18:44:59 -05:00
Roger Dingledine
58764d8ec6 apparently or_options_t likes being a const in master 2011-11-21 18:42:07 -05:00
Roger Dingledine
6a76007b08 Merge branch 'maint-0.2.2' 
Conflicts:
	src/or/dirserv.c
 2011-11-21 18:36:49 -05:00
Roger Dingledine
c0ec4eafc5 parameterize bw cutoffs to guarantee Fast and Guard flags 
Now it will be easier for researchers to simulate Tor networks with
different values. Resolves ticket 4484.
 2011-11-21 18:22:10 -05:00
Nick Mathewson
f4e053d6df Merge branch 'bug4518' into maint-0.2.2 2011-11-21 17:25:51 -05:00
Nick Mathewson
929074b368 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-21 10:52:38 -05:00
Nick Mathewson
b3c988f0d7 Merge remote-tracking branch 'public/bug3963' into maint-0.2.2 2011-11-21 10:52:15 -05:00
Nick Mathewson
0539c34c35 Merge branch 'bug4360' 2011-11-21 10:48:02 -05:00
Nick Mathewson
7992eb43c5 Log more loudly on a bad cert from an authority. 
Clock skew made this situation way too frequent so we demoted it to
"protocol_warn", but when there's an authority, it should really just
be warn.
 2011-11-20 00:48:25 -05:00
Nick Mathewson
8e388bc39c Only call cull_wedged_cpuworkers once every 60 seconds. 
The function is over 10 or 20% on some of Moritz's profiles, depending
on how you could.

Since it's checking for a multi-hour timeout, this is safe to do.

Fixes bug 4518.
 2011-11-19 18:30:55 -05:00
Nick Mathewson
53dac6df18 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-18 19:09:08 -05:00
Sebastian Hahn
6ef44b7849 Don't log about stats when running as a client without geoip 
Completely disable stats if we aren't running as a relay. We won't
collect any anyway, so setting up the infrastructure for them and
logging about them is wrong. This also removes a confusing log
message that clients without a geoip db would have seen.

Fixes bug 4353.
 2011-11-19 00:50:03 +01:00
Nick Mathewson
b88db7573c Merge remote-tracking branch 'public/benchmark' 2011-11-18 18:42:49 -05:00
Nick Mathewson
6e6a661296 New UserspaceIOCPBuffers option to set SO_{SND,RCV}BUF to zero 
When running with IOCP, we are in theory able to use userspace-
allocated buffers to avoid filling up the stingy amount of kernel
space allocated for sockets buffers.

The bufferevent_async implementation in Libevent provides this
ability, in theory.  (There are likely to be remaining bugs).  This
patch adds a new option that, when using IOCP bufferevents, sets
each socket's send and receive buffers to 0, so that we should use
this ability.

When all the bugs are worked out here, if we are right about bug 98,
this might solve or mitigate bug 98.

This option is experimental and will likely require lots of testing
and debugging.
 2011-11-18 17:43:03 -05:00
Nick Mathewson
6a6233b70b Fix a couple of memory leaks in rend_add_service spotted by coverity 2011-11-17 17:14:49 -05:00
Roger Dingledine
95163ec072 trivial code cleanup in generate_v2_networkstatus_opinion() 2011-11-16 18:59:20 -05:00
Roger Dingledine
3992c5487f fix trivial typo 
somebody should s/authoritative directory server/directory authority/g
at some point
 2011-11-16 18:10:13 -05:00
Nick Mathewson
2408934516 Merge remote-tracking branch 'sebastian/bug2893' 2011-11-16 17:30:24 -05:00
Sebastian Hahn
7bd46344df Eat all whitespace after a control command 2011-11-16 18:14:06 +01:00
Roger Dingledine
67650a869d allow manual control port authenticate via netcat 2011-11-16 18:14:03 +01:00
Sebastian Hahn
688b53059e Don't fail to send netinfo if real_addr is unset 
If we haven't set real_addr on a connection, we also now that _base.addr
hasn't been tampered with. So we can use that.
 2011-11-16 16:05:46 +01:00
Nick Mathewson
69dd993a92 Make certificate skew into a protocol warning 2011-11-15 15:57:46 -05:00
Nick Mathewson
26fcb4bb8c Merge remote-tracking branch 'sebastian/bug4469' 2011-11-15 11:59:37 -05:00
Nick Mathewson
3ef40f6993 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-15 11:42:38 -05:00
Sebastian Hahn
4b8d2ad6f5 Fix compile warnings on windows 2011-11-15 13:34:04 +01:00
Nick Mathewson
5bea660f8e Use real_addr in send_netinfo 
Reported by "troll_un"; bugfix on 0.2.0.10-alpha; fixes bug 4349.
 2011-11-14 22:43:40 -05:00
Nick Mathewson
4af82fb388 Merge remote-tracking branch 'public/bug4367' 2011-11-14 22:35:49 -05:00
George Kadianakis
406ae1ba5a Use callback-driven approach to block renegotiations. 
Also use this new approach in the bufferevents-enabled case.
 2011-11-13 14:47:11 +01:00
Nick Mathewson
ce51887291 All-in-one benchmark test for cell crypto 2011-11-11 13:06:17 -05:00
Nick Mathewson
f0589da0e3 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-09 11:04:40 -05:00
Nick Mathewson
d4489a2851 Rewrite comment at head of eventdns.c 
Let's make it more obvious to the everyday reader that eventdns.c is
  a) Based on Libevent's evdns.c
  b) Slated for demolition
  c) Supposed to keep API-compatibility with Libevent.
  d) Not worth tweaking unless there's a bug.
 2011-11-09 00:23:44 -05:00
Sebastian Hahn
4ccc8d0292 Don't exit on dirauths for some config transitions 2011-11-08 12:44:12 +01:00
Robert Ransom
565463243c Include HiddenServiceDir in some warning messages 2011-11-07 17:02:50 -08:00
Robert Ransom
bfb900e426 Add some XXXes 2011-11-07 15:32:43 -08:00
Robert Ransom
ef2b0bd528 Add GETINFO md/id/* and md/name/* items for relay microdescs 2011-11-07 15:32:33 -08:00
Nick Mathewson
4a7225d4c9 Merge remote-tracking branch 'rransom-tor/bug4411' 2011-11-07 11:57:07 -05:00
Robert Ransom
749b37bcf4 Fix assert on clients of and authorities for v0 HS descs 2011-11-07 08:48:23 -08:00
Nick Mathewson
ceebc8283f Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-07 11:48:02 -05:00
Nick Mathewson
ca282e5326 Merge branch 'bug4424' into maint-0.2.2 2011-11-07 11:47:28 -05:00
Nick Mathewson
02d89c5c66 Remove an extraneous "if" in the 4424 fix 2011-11-07 11:46:51 -05:00
Robert Ransom
65a0d7e7ef Don't leak an extend_info_t in rend_client_any_intro_points_usable 2011-11-07 08:35:51 -08:00
Nick Mathewson
51f53b590e Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-07 10:44:02 -05:00
Nick Mathewson
4d8306e0e9 Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-11-07 10:42:34 -05:00
Dan Rosenberg
d5161ab895 Fix remotely triggerable assert during ip decryption 
Fixes bug 4410.
 2011-11-06 17:23:14 +01:00
Nick Mathewson
c1005dd6d3 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-11-03 13:24:46 -04:00
George Kadianakis
3ae96845d3 Fix a memleak when fetching descriptors for bridges in ExcludeNodes. 2011-11-03 13:23:50 -04:00
Nick Mathewson
325a659cb1 Even when we can't answer an AUTH_CHALLENGE, send NETINFO. 
Fixes bug 4368; fix on 0.2.3.6-alpha; bug found by "frosty".
 2011-11-03 12:40:02 -04:00
Nick Mathewson
248b967ce6 Add comments and changes file for 4361; tweak control flow a bit 2011-11-03 12:31:31 -04:00
frosty
3dd2f990a3 Do not send a NETINFO cell as a client until after we have got a CERT cell 2011-11-03 12:03:05 -04:00
Nick Mathewson
88c4b425bd Fix bug 4367: correctly detect auth_challenge cells we can't use 
Found by frosty_un, bugfix on 0.2.3.6-alpha, fix suggested by arma.
 2011-11-03 11:52:35 -04:00
Andrea Gelmini
72d4d762c1 Remove some duplicate includes 2011-11-03 10:23:33 -04:00
Sebastian Hahn
eb30999972 Fix a check-spaces complaint 2011-11-02 20:57:58 +01:00