Commit Graph

2160 Commits

Author SHA1 Message Date
Nick Mathewson
ddc65e2b33 Parse prop171 options; refactor listener/port option code
Proposal 171 gives us a new syntax for parsing client port options.
You can now have as many FooPort options as you want (for Foo in
Socks, Trans, DNS, NATD), and they can have address:port arguments,
and you can specify the level of isolation on those ports.

Additionally, this patch refactors the client port parsing logic to
use a new type, port_cfg_t.  Previously, ports to be bound were
half-parsed in config.c, and later re-parsed in connection.c when
we're about to bind them.  Now, parsing a port means converting it
into a port_cfg_t, and binding it uses only a port_cfg_t, without
needing to parse the user-provided strings at all.

We should do a related refactoring on other port types.  For
control ports, that'll be easy enough.  For ORPort and DirPort,
we'll want to do this when we solve proposal 118 (letting servers
bind to and advertise multiple ports).

This implements tickets 3514 and 3515.
2011-07-19 01:58:43 -04:00
Nick Mathewson
2163e420b2 Merge remote-tracking branch 'public/bug3560' 2011-07-18 17:57:06 -04:00
George Kadianakis
51cdd30c01 Let's be smarter while parsing {Client,Server}TransportPlugin lines. 2011-07-18 16:42:31 +02:00
George Kadianakis
a8f21f91cf Updated #includes etc. to use transports.[ch]. 2011-07-18 02:33:31 +02:00
George Kadianakis
684aca7faf Changed a couple of 180 spec stuff according to #3578.
* Restored "proxy" in external ServerTransportPlugin lines.
* Changed the extended OR port and ORPort env. vars to addr:port.
2011-07-14 01:03:35 +02:00
George Kadianakis
73a1e98cb9 Add support for managed {Client,Server}TransportPlugin parsing. 2011-07-13 18:58:11 +02:00
Nick Mathewson
1aab5b6b39 Merge remote-tracking branch 'public/bug1666'
Conflicts:
	doc/spec/socks-extensions.txt
	src/or/buffers.c
	src/or/config.c
	src/or/connection_edge.c
2011-07-13 12:12:16 -04:00
Nick Mathewson
b49e561f01 Turn on microdescriptors for clients 2011-07-11 16:54:43 -04:00
Nick Mathewson
e006aa5dfa Merge remote-tracking branch 'public/bug2841'
Conflicts:
	src/or/config.c
2011-07-11 15:57:12 -04:00
Nick Mathewson
6b670d6032 Merge branch 'bug3263' 2011-07-07 11:08:03 -04:00
Nick Mathewson
bc3c54a07f Have transitions in public_server_mode count as affects_descriptor
Previously, we'd get a new descriptor for free when
public_server_mode() changed, since it would count as
affects_workers, which would call init_keys(), which would make us
regenerate a new descriptor.  But now that we fixed bug 3263,
init_keys() is no longer necessarily a new descriptor, and so we
need to make sure that public_server_mode() counts as a descriptor
transition.
2011-07-07 11:05:06 -04:00
Nick Mathewson
7212538997 Future-proof and user-proof parse_bridge_line 2011-07-03 00:02:13 -04:00
Nick Mathewson
c0de533c56 Simplify parse_client_transport_line 2011-07-02 23:32:17 -04:00
Nick Mathewson
ded6bbf70a Style and grammar tweaks on 2841 branch 2011-07-02 23:26:37 -04:00
Nick Mathewson
c4b831e92d Small tweaks to 2841 code
- const-ify some transport_t pointers
    - Remove a vestigial argument to parse_bridge_line
    - Make it compile without warnings on my laptop with
      --enable-gcc-warnings
2011-07-02 23:12:32 -04:00
Nick Mathewson
da62af6f6b Replace a "const const" with a "const"
Looks like this squeaked in while I was doing a search-and-replace
to constify things.  Coverity CID 483.
2011-07-01 11:11:35 -04:00
George Kadianakis
36468ec44b Trivial code tweaks and documentation updates. 2011-06-28 05:43:40 +02:00
George Kadianakis
1fe8bee656 Revised how we handle ClientTransportPlugin and Bridge lines.
Multiple Bridge lines can point to the same one ClientTransportPlugin
line, and we can have multiple ClientTransportPlugin lines in our
configuration file that don't match with a bridge. We also issue a
warning when we have a Bridge line with a pluggable transport but we
can't match it to a ClientTransportPlugin line.
2011-06-22 23:28:11 +02:00
George Kadianakis
5a05deb574 Various small tweaks around config.c and or.h 2011-06-21 18:49:04 +02:00
Nick Mathewson
8653f31d8d Fix overwide line in config.c 2011-06-20 15:29:22 -04:00
intrigeri
8b265543eb Add port 6523 (Gobby) to LongLivedPorts. 2011-06-20 12:08:46 -04:00
Nick Mathewson
a046966baf Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/or.h
2011-06-19 21:00:15 -04:00
Nick Mathewson
3b41551b61 Revert "Add an "auto" option to UseBridges"
This reverts commit 507c1257a4.
2011-06-17 16:45:53 -04:00
Nick Mathewson
47c8433a0c Make the get_options() return const
This lets us make a lot of other stuff const, allows the compiler to
generate (slightly) better code, and will make me get slightly fewer
patches from folks who stick mutable stuff into or_options_t.

const: because not every input is an output!
2011-06-14 13:17:06 -04:00
Nick Mathewson
8839b86085 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-14 12:25:33 -04:00
Jérémy Bobbio
54d7d31cba Make ControlSocketsGroupWritable work with User.
Original message from bug3393:

check_private_dir() to ensure that ControlSocketsGroupWritable is
safe to use. Unfortunately, check_private_dir() only checks against
the currently running user… which can be root until privileges are
dropped to the user and group configured by the User config option.

The attached patch fixes the issue by adding a new effective_user
argument to check_private_dir() and updating the callers. It might
not be the best way to fix the issue, but it did in my tests.

(Code by lunar; changelog by nickm)
2011-06-14 12:18:32 -04:00
George Kadianakis
93526cdf0b Fixes small bugs. 2011-06-14 16:00:55 +02:00
George Kadianakis
a79bea40d8 We now warn the user if a proxy server is not up when we try to connect with it. 2011-06-14 02:51:59 +02:00
George Kadianakis
00ec4b2c00 Various trivial changes.
* Improved function documentation.
* Renamed find_bridge_transport_by_addrport() to
  find_transport_by_bridge_addrport().
* Sanitized log severities we use.
* Ran check-spaces.
2011-06-12 16:41:32 +02:00
George Kadianakis
e09f302589 We can now match our transports with our bridges. 2011-06-11 23:20:39 +02:00
George Kadianakis
20c31c80fb ClientTransportPlugin parsing done. 2011-06-11 17:08:31 +02:00
Robert Ransom
f45261cb29 Increase default required uptime for HSDirs to 25 hours 2011-06-03 12:17:53 -04:00
Robert Ransom
1546054d81 Add a VoteOnHidServDirectoriesV2 configuration option 2011-06-03 12:16:55 -04:00
Nick Mathewson
14c0251d95 Use an autobool for UseBridges_ 2011-06-03 11:17:15 -04:00
Nick Mathewson
13ec1bf5c2 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-03 10:47:35 -04:00
Nick Mathewson
507c1257a4 Add an "auto" option to UseBridges
UseBridges 1 now means "connect only to bridges; if you know no
bridges, don't make connections."  UseBridges auto means "Use bridges
if they are known, and we have no EntryNodes set, and we aren't a
server."  UseBridges 0 means "don't use bridges."
2011-06-02 15:11:21 -04:00
Jacob Appelbaum
f79a75f597 New configuration option: DisableDebuggerAttachment
If set to 1, Tor will attempt to prevent basic debugging
attachment attempts by other processes. (Default: 1)

Supports Mac OS X and Gnu/Linux.

Sebastian provided useful feedback and refactoring suggestions.

Signed-off-by: Jacob Appelbaum <jacob@appelbaum.net>
2011-06-01 17:35:43 -07:00
Nick Mathewson
a610ebc3a6 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-06-01 11:08:28 -04:00
Roger Dingledine
56771f392e stop asserting at boot
The patch for 3228 made us try to run init_keys() before we had loaded
our state file, resulting in an assert inside init_keys. We had moved
it too early in the function.

Now it's later in the function, but still above the accounting calls.
2011-05-30 23:50:37 -04:00
Nick Mathewson
d274f539e5 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 15:51:46 -04:00
Roger Dingledine
f118dc80e0 minor cleanups while reviewing 3216 2011-05-30 15:31:06 -04:00
Nick Mathewson
5dc3c462dc Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-30 12:43:25 -04:00
Nick Mathewson
f08f0e9dde Reinit keys at the start of options_act().
Previously we did this nearer to the end (in the old_options &&
transition_affects_workers() block).  But other stuff cares about
keys being consistent with options... particularly anything which
tries to access a key, which can die in assert_identity_keys_ok().

Fixes bug 3228; bugfix on 0.2.2.18-alpha.
2011-05-30 12:41:46 -04:00
Nick Mathewson
2527acb2dc Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/Makefile.am
	src/or/control.c
2011-05-23 01:23:53 -04:00
Nick Mathewson
b80a8bba19 Merge branch 'feature3049-v2' into maint-0.2.2
Conflicts:
	src/common/Makefile.am
2011-05-23 01:19:04 -04:00
Roger Dingledine
cb7fff193e Merge branch 'maint-0.2.2' 2011-05-21 18:14:16 -04:00
Sebastian Hahn
3ff7925a70 Don't recreate descriptor on sighup
We used to regenerate our descriptor whenever we'd get a sighup. This
was caused by a bug in options_transition_affects_workers() that would
return true even if the options were exactly the same. Down the call
path we'd call init_keys(), which made us make a new descriptor which
the authorities would reject, and the node would subsequently fall out
of the consensus.

This patch fixes only the first part of this bug:
options_transition_affects_workers() behaves correctly now. The second
part still wants a fix.
2011-05-21 16:08:21 -04:00
Robert Ransom
b3133d1cad Exit immediately if we can't monitor our owning controller process
tor_process_monitor_new can't currently return NULL, but if it ever can,
we want that to be an explicitly fatal error, without relying on the fact
that monitor_owning_controller_process's chain of caller will exit if it
fails.
2011-05-20 08:25:42 -07:00
Robert Ransom
4b266c6e72 Implement __OwningControllerProcess option
Implements part of feature 3049.
2011-05-20 08:25:42 -07:00
Roger Dingledine
0a4649e657 Merge branch 'maint-0.2.2' 2011-05-20 03:03:46 -04:00
Roger Dingledine
b8ffb00cf1 log the reason for publishing a new relay descriptor
now we have a better chance of hunting down the root cause of bug 1810.
2011-05-19 23:59:52 -04:00
Roger Dingledine
18f1b354ec Merge branch 'maint-0.2.2' 2011-05-17 21:15:24 -04:00
Roger Dingledine
073fed06c4 discard circuits when we change our bridge configuration
otherwise we might reuse circuits from the previous configuration,
which could be bad depending on the user's situation
2011-05-17 21:13:59 -04:00
Nick Mathewson
c240efab86 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-17 19:53:06 -04:00
Michael Yakubovich
a3707a1052 Fix bug2752 : 48-char HTTPProxyAuthenticator limitation
Bumped the char maximum to 512 for HTTPProxyAuthenticator &
HTTPSProxyAuthenticator. Now stripping all '\n' after base64
encoding in alloc_http_authenticator.
2011-05-16 16:09:35 -04:00
Nick Mathewson
4ac8ff9c9f Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:22:44 -04:00
Sebastian Hahn
4198261291 Clean up the 2972 implementation a little 2011-05-15 20:20:28 -04:00
Jérémy Bobbio
d41ac64ad6 Add UnixSocketsGroupWritable config flag
When running a system-wide instance of Tor on Unix-like systems, having
a ControlSocket is a quite handy mechanism to access Tor control
channel.  But it would be easier if access to the Unix domain socket can
be granted by making control users members of the group running the Tor
process.

This change introduces a UnixSocketsGroupWritable option, which will
create Unix domain sockets (and thus ControlSocket) 'g+rw'. This allows
ControlSocket to offer same access control measures than
ControlPort+CookieAuthFileGroupReadable.

See <http://bugs.debian.org/552556> for more details.
2011-05-15 20:20:28 -04:00
Nick Mathewson
f2c1702182 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/circuitbuild.h
2011-05-15 20:17:17 -04:00
Nick Mathewson
2b9c5ee301 Preserve bridge download status across SETCONF, HUP
This code changes it so that we don't remove bridges immediately when
we start re-parsing our configuration.  Instead, we mark them all, and
remove all the marked ones after re-parsing our bridge lines.  As we
add a bridge, we see if it's already in the list.  If so, we just
unmark it.

This new behavior will lose the property we used to have that bridges
were in bridge_list in the same order in which they appeared in the
torrc.  I took a quick look through the code, and I'm pretty sure we
didn't actually depend on that anywhere.

This is for bug 3019; it's a fix on 0.2.0.3-alpha.
2011-05-15 20:13:44 -04:00
Nick Mathewson
68acfefbdb Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-15 20:12:20 -04:00
Nick Mathewson
bc44393eb5 Fixup whitespace issues from 3122 commit 2011-05-15 20:12:01 -04:00
Nick Mathewson
37e3fb8af2 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/connection_edge.c
2011-05-15 11:44:51 -04:00
Nick Mathewson
da8297dbcb Handle transitions in Automap*, VirtualAddrNetwork correctly
Previously, if they changed in torrc during a SIGHUP, all was well,
since we would just clear all transient entries from the addrmap
thanks to bug 1345.  But if you changed them from the controller, Tor
would leave old mappings in place.

The VirtualAddrNetwork bug has been here since 0.1.1.19-rc; the
AutomapHosts* bug has been here since 0.2.0.1-alpha.
2011-05-13 16:59:31 -04:00
Nick Mathewson
a3ae591115 When TrackExitHosts changes, remove all no-longer-valid mappings
This bug couldn't happen when TrackExitHosts changed in torrc, since
the SIGHUP to reload the torrc would clear out all the transient
addressmap entries before.  But if you used SETCONF to change
TrackExitHosts, old entries would be left alone: that's a bug, and so
this is a bugfix on Tor 0.1.0.1-rc.
2011-05-13 16:28:50 -04:00
Nick Mathewson
600744b4be Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/dirserv.c
	src/or/or.h
2011-05-13 10:48:07 -04:00
Nick Mathewson
7f654a6a6f Add a ControlPortFileGroupWritable option 2011-05-13 10:41:29 -04:00
Nick Mathewson
dad12188a6 Write automatically-chosen control ports to a file. 2011-05-13 10:41:28 -04:00
Nick Mathewson
3da661b242 Advertise correct DirPort/ORPort when configured with "auto"
We'll eventually want to do more work here to make sure that the ports
are stable over multiple invocations.  Otherwise, turning your node on
and off will get you a new DirPort/ORPort needlessly.
2011-05-13 10:41:18 -04:00
Nick Mathewson
6f5998fd73 Correct the signature for is_listening_on_low_port for "auto" ports 2011-05-13 10:41:18 -04:00
Nick Mathewson
5fec8fe559 "(Socks|Control|etc)Port auto" now tells Tor to open an arbitrary port
This is the major part of the implementation for trac issue 3076.
2011-05-13 10:41:18 -04:00
Nick Mathewson
7649adbce6 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-05-11 22:55:29 -04:00
Nick Mathewson
8057b7363e Merge remote-tracking branch 'origin/maint-0.2.1' into maint-0.2.2 2011-05-11 22:52:26 -04:00
Nick Mathewson
13847b8db6 Fix crash when read_file_to_string() fails in SAVECONF
The new behavior is to try to rename the old file if there is one there
that we can't read.  In all likelihood, that will fail too, but at least
we tried, and at least it won't crash.
2011-05-11 22:05:41 -04:00
Nick Mathewson
e6980faec4 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/directory.c
2011-05-09 13:39:51 -04:00
Nick Mathewson
09d7af7789 Merge remote-tracking branch 'public/bug3022_v2' into maint-0.2.2 2011-05-09 13:37:56 -04:00
Nick Mathewson
4cc348e896 Code to make clients fetch and use microdescriptors for circuit building
To turn this on, set UseMicrodescriptors to "1" (or "auto" if you
want it on-if-you're-a-client).  It should go auto-by-default once
0.2.3.1-alpha is released.

Because of our node logic, directory caches will never use
microdescriptors when they have the right routerinfo available.
2011-05-05 20:54:12 -04:00
Nick Mathewson
3df22887a3 Replace _AUTHORITY enum values with _DIRINFO values (automted) 2011-05-05 20:54:12 -04:00
Nick Mathewson
6e58575767 Automated rename from authority_type_t to dirinfo_type_t
We were already overloading this type to mean "a directory that can
serve us X" in addition to "a directory that is an authority for X."
2011-05-05 20:54:11 -04:00
Nick Mathewson
ba1143e468 Add a new configuration type, "AUTOBOOL", to handle 1/0/auto types
We only have one of these now, but I'm about to add a few more.

Yes, I have already thought of the "Filenotfoundian logic" joke.
2011-05-05 20:54:11 -04:00
Nick Mathewson
c48d6da24c Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-29 11:15:11 -04:00
Nick Mathewson
dbd73b9689 Clean up a warning a bit 2011-04-29 11:14:53 -04:00
Nick Mathewson
20d6ac3530 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 21:17:51 -04:00
Nick Mathewson
f0d9e2d650 Merge remote-tracking branch 'arma/bug3012' into maint-0.2.2 2011-04-28 21:15:14 -04:00
Roger Dingledine
66de6f7eb8 relays checkpoint their state file twice a day 2011-04-28 21:06:25 -04:00
Nick Mathewson
cd42ae7185 Only authorities should automatically download v2 networkstatus documents
Clients and relays haven't used them since early 0.2.0.x.  The only
remaining use by authorities learning about new relays ahead of scedule;
see proposal 147 for what we intend to do about that.

We're leaving in an option (FetchV2Networkstatus) to manually fetch v2
networkstatuses, because apparently dnsel and maybe bwauth want them.

This fixes bug 3022.
2011-04-28 21:06:07 -04:00
Nick Mathewson
b0a7e0d6ca Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 20:55:03 -04:00
Roger Dingledine
df3cf881d1 stop putting wacky values into state->lastwritten 2011-04-28 20:40:15 -04:00
Nick Mathewson
f38ecd5ac0 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-28 18:14:50 -04:00
Robert Ransom
df5c7fedbd Don't allow v0 HS auths to act as clients
A v0 HS authority stores v0 HS descriptors in the same descriptor
cache that its HS client functionality uses.  Thus, if the HS
authority operator clears its client HS descriptor cache, ALL v0
HS descriptors will be lost.  That would be bad.
2011-04-28 18:10:16 -04:00
Nick Mathewson
8b686d98c4 Merge maint-0.2.2 for the bug1090-part1-squashed branch
Resolved conflicts in:
	doc/tor.1.txt
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection_edge.c
	src/or/connection_edge.h
	src/or/directory.c
	src/or/rendclient.c
	src/or/routerlist.c
	src/or/routerlist.h

These were mostly releated to the routerinfo_t->node_t conversion.
2011-04-27 14:36:30 -04:00
Nick Mathewson
80adb3de50 When there is a transition in permitted nodes, apply it to trackexithosts map
IOW, if we were using TrackExitHosts, and we added an excluded node or
removed a node from exitnodes, we wouldn't actually remove the mapping
that points us at the new node.

Also, note with an XXX022 comment a place that I think we are looking
at the wrong string.
2011-04-26 23:54:17 -04:00
Nick Mathewson
128582cc1f Simplify calls to routerset_equal
The routerset_equal function explicitly handles NULL inputs, so
there's no need to check inputs for NULL before calling it.

Also fix a bug in routerset_equal where a non-NULL routerset with no
entries didn't get counted as equal to a NULL routerset.  This was
untriggerable, I think, but potentially annoying down the road.
2011-04-26 23:54:17 -04:00
Roger Dingledine
9f47cfc21a make formal a constraint that's been true a while now 2011-04-26 23:54:15 -04:00
Roger Dingledine
ad3da53536 If EntryNodes and ExcludeNodes overlap, obey ExcludeNodes. 2011-04-26 23:53:49 -04:00
Nick Mathewson
075d904d39 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/or/dirserv.h
2011-04-26 11:05:54 -04:00
Sebastian Hahn
4c789ec08c Don't leak the local hostname in relay nicknames
Fixes bug 2979, reported by tagnaq.
2011-04-26 05:08:32 +02:00
Nick Mathewson
5230cc4fe7 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-04-25 19:04:13 -04:00
Sebastian Hahn
91aa6f08bc Make the Log configuration option expand ~ 2011-04-22 16:06:52 +02:00
Nick Mathewson
67d88a7d60 Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	src/common/address.c
	src/common/compat_libevent.c
	src/common/memarea.c
	src/common/util.h
	src/or/buffers.c
	src/or/circuitbuild.c
	src/or/circuituse.c
	src/or/connection.c
	src/or/directory.c
	src/or/networkstatus.c
	src/or/or.h
	src/or/routerlist.c
2011-04-07 12:17:20 -04:00
Nick Mathewson
1a49fdecf8 Tweaks to Cagara's CountPrivateBandwidth patch:
- Document it in the manpage
  - Add a changes entry
  - No need to log when it is set: we don't log for other options.
  - Use doxygen to document the new flag.
  - Test truth of C variables with "if (x)", not "if (x == 1)".
  - Simplify a complex boolean expression by breaking it up.
2011-04-05 16:24:42 -04:00
Daniel Cagara
e61f3293e4 Patch from cagara: Add a CountPrivateBandwidth flag 2011-04-05 16:24:01 -04:00
Nick Mathewson
05887f10ff Triage the XXX022 and XXX021 comments remaining in the code
Remove some, postpone others, leave some alone.  Now the only
remaining XXX022s are ones that seem important to fix or investigate.
2011-03-25 18:32:27 -04:00
Nick Mathewson
1db6eb6cb7 Merge remote-tracking branch 'origin/maint-0.2.2' 2011-03-16 18:10:24 -04:00
Nick Mathewson
9dfa244484 Document a few more members. 2011-03-16 18:10:15 -04:00
Nick Mathewson
02d93caa09 Backport: Generate version tags using Git, not (broken) svn revisions.
Partial backport of daa0326aaa .
Resolves bug 2402.  Bugfix on 0.2.1.15 (for the part where we switched to
git) and on 0.2.1.30 (for the part where we dumped micro-revisions.)
2011-03-11 11:01:17 -05:00
Nick Mathewson
671318c3a8 Revert "Simplest fix to bug2402: do not include SVN versions"
This reverts commit a1073ee956.

Apparently, we totally misunderstood how the debian packages were using
microrevisions.  Better fix that!
2011-03-11 10:47:25 -05:00
Nick Mathewson
63651b9191 Merge remote branch 'origin/maint-0.2.2'
Trivial conflicts fixed in or.h

Conflicts:
	src/or/or.h
2011-03-08 16:20:53 -05:00
Sebastian Hahn
5c7c5e593f Tweak the bug2250 fix slightly
Rename the _UsingTestingTorNetwork hidden option to
_UsingTestNetworkDefaults (thanks Nick for the suggestion) and added a
changes file.
2011-03-01 10:05:18 +01:00
Sebastian Hahn
34e47d1052 Fix GETINFO config-text for private networks
In private networks, the defaults for some options are changed. This
means that in options_validate(), where we're testing that the defaults
are what we think they are, we fail. Use a workaround by setting a
hidden configuration option _UsingTestingTorNetwork when we have altered
the configuration this way, so that options_validate() can do the right
thing.

Fixes bug 2250, bugfix on 0.2.1.2-alpha (the version introducing private
network options).
2011-02-26 09:11:41 +01:00
Nick Mathewson
a2a8adeee5 Merge remote branch 'origin/maint-0.2.2' 2011-02-25 11:24:35 -05:00
Nick Mathewson
aa178aae03 Merge branch 'bug1863_bwhist' into maint-0.2.2 2011-02-25 11:22:12 -05:00
Nick Mathewson
7605985b3f Merge remote branch 'public/bug2402_nothing' into maint-0.2.1 2011-02-22 15:54:13 -05:00
Nick Mathewson
2eadbd41f0 Merge remote branch 'sebastian/bug2496' 2011-02-22 14:17:11 -05:00
Nick Mathewson
46b07462ae Merge remote branch 'origin/maint-0.2.2' 2011-02-22 13:02:42 -05:00
Nick Mathewson
9d5873cdae Merge branch 'log_domains' into maint-0.2.2 2011-02-22 13:01:02 -05:00
George Kadianakis
ee95430d39 Implement more heartbeat message stuff.
(This squashes multiple commits:

* Adds uptime monitoring support.
* Adds circuit counting code.
* Trivially tweaks the documentation.
* Trivial run_scheduled_events() code tweaking.
* Adds a status.h to export functions.
* Added bandwidth monitoring code.
* Added consensus presense detection code.
* Restricts the precision of the bandwidth output.
* Various fixes.
* Fixed style and spacing problems.
* Tidied up src/or/Makefile.am
* Couple of minor fixes on status.c functions.
* 'Implemented' client heartbeat support
)
2011-02-22 12:40:38 -05:00
Sebastian Hahn
098b6ba72d Initial heartbeat subsystem commit.
Sets:
* Documentation
* Logging domain
* Configuration option
* Scheduled event
* Makefile
It also creates status.c and the log_heartbeat() function.

All code was written by Sebastian Hahn. Commit message was
written by me (George Kadianakis).
2011-02-22 12:40:36 -05:00
Nick Mathewson
0ba69714b4 Merge remote branch 'sebastian/bug2444' 2011-02-22 11:10:57 -05:00
Nick Mathewson
f1a004797e Merge remote-tracking branch 'origin/maint-0.2.2'
Conflicts:
	doc/tor.1.txt
2011-02-10 15:52:04 -05:00
Robert Ransom
449d895f06 Merge branch 'bug2408-v2-021-common' into bug2408-v2-022 2011-02-09 03:05:21 -08:00
Robert Ransom
7bf06d4a4f Ignore and warn about "PublishServerDescriptor hidserv"
Fixes #2408.
2011-02-09 02:33:24 -08:00
Nick Mathewson
cc9809c1f7 Merge remote branch 'origin/maint-0.2.2' 2011-02-08 14:37:31 -05:00
Nick Mathewson
d43470ad8a Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2011-02-08 14:37:02 -05:00
Roger Dingledine
bcbcda309a move the clause above the "if bw is too low" check 2011-02-07 23:22:45 -05:00
Roger Dingledine
20b75989ac dtrt when only relaybandwidthburst is set
fixes bug 2470
2011-02-07 23:21:33 -05:00
Nick Mathewson
ff5810aea9 Merge remote branch 'origin/maint-0.2.2' 2011-02-07 12:47:04 -05:00
Sebastian Hahn
7736f44698 Don't tell Tor client users about missing geoip
They don't need the geoip file for stats, so a missing geoipfile is not
a big issue. Also make the log message a bit friendlier. Fixes bug 2496.
2011-02-06 00:27:47 +01:00
Sebastian Hahn
490d397dbf Log which config file we read
It is often not entirely clear what options Tor was built with, so it
might not be immediately obvious which config file Tor is using when it
found one. Log the config file at startup.
2011-01-27 15:31:34 +01:00
Nick Mathewson
d92a415bed Add an option to disable the block-private-addresses feature
Suggested by rransom.  Probably necessary for testing network mode.
2011-01-26 11:35:24 -05:00
Nick Mathewson
89ee779f92 Add a torrc option to report log domains 2011-01-25 15:53:15 -05:00
Nick Mathewson
36880b3f17 Merge remote branch 'origin/maint-0.2.2' 2011-01-25 14:30:01 -05:00
Sebastian Hahn
68f8ca357f Fix assert for relay/bridge state change
When we added support for separate client tls certs on bridges in
a2bb0bfdd5 we forgot to correctly initialize this when changing
from relay to bridge or vice versa while Tor is running. Fix that
by always initializing keys when the state changes.

Fixes bug 2433.
2011-01-25 14:13:06 -05:00
Nick Mathewson
a1073ee956 Simplest fix to bug2402: do not include SVN versions
When we stopped using svn, 0.2.1.x lost the ability to notice its svn
revision and report it in the version number.  However, it kept
looking at the micro-revision.i file... so if you switched to master,
built tor, then switched to 0.2.1.x, you'd get a micro-revision.i file
from master reported as an SVN tag.  This patch takes out the "include
the svn tag" logic entirely.

Bugfix on 0.2.1.15-rc; fixes bug 2402.
2011-01-25 14:08:13 -05:00
Nick Mathewson
1b8f2ef550 Merge remote branch 'origin/maint-0.2.2' 2011-01-15 12:03:44 -05:00
Nick Mathewson
ed87738ede Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/or/config.c
	src/or/networkstatus.c
	src/or/rendcommon.c
	src/or/routerparse.c
	src/or/test.c
2011-01-15 12:02:55 -05:00
Nick Mathewson
115782bdbe Fix a heap overflow found by debuger, and make it harder to make that mistake again
Our public key functions assumed that they were always writing into a
large enough buffer.  In one case, they weren't.

(Incorporates fixes from sebastian)
2011-01-15 11:49:25 -05:00
Nick Mathewson
cbcae4aef1 Merge remote branch 'origin/maint-0.2.2' 2011-01-12 12:38:54 -05:00
Nick Mathewson
5044cb9752 Explain bug2346 fix better based on suggestions from arma 2011-01-12 12:37:42 -05:00
Nick Mathewson
95968a625e Wait 60 minutes before retrying failed state save; bug2346 2011-01-10 16:51:11 -05:00
Nick Mathewson
105b94b75b Add Maxima lists to bandwidth state.
Right now, Tor routers don't save the maxima values from the
bw_history_t between sessions.  That's no good, since we use those
values to determine bandwidth.  This code adds a new BWHist.*Maximum
set of values to the state file.  If they're not present, we estimate
them by taking the observed total bandwidth and dividing it by the
period length, which provides a lower bound.

This should fix bug 1863.  I'm calling it a feature.
2011-01-10 14:47:39 -05:00
Nick Mathewson
8730884ebe Merge remote branch 'origin/maint-0.2.2' 2011-01-03 11:53:28 -05:00
Nick Mathewson
f1de329e78 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2
Conflicts:
	src/common/test.h
	src/or/test.c
2011-01-03 11:51:17 -05:00
Nick Mathewson
1a07348a50 Bump copyright statements to 2011 2011-01-03 11:50:39 -05:00
Sebastian Hahn
da91900135 Disable stats requiring geoip info if we have none
In other parts of the code we will otherwise attempt to collect these
statistics, and that will lead to crashes.
2010-12-22 08:34:41 +01:00
Nick Mathewson
00775ab4ed Merge remote branch 'karsten/dirreq-stats-default'
Conflicts:
	src/or/config.c
2010-12-21 16:01:00 -05:00
Nick Mathewson
95e21779a3 Merge remote branch 'origin/maint-0.2.2' 2010-12-21 15:53:32 -05:00
Nick Mathewson
e895919b17 Merge remote branch 'public/bug2060' into maint-0.2.2 2010-12-21 15:53:03 -05:00
Nick Mathewson
1d0f8fe53c Merge remote branch 'origin/maint-0.2.2' 2010-12-16 10:06:36 -05:00
Nick Mathewson
591f65dde6 Merge remote branch 'origin/maint-0.2.1' into maint-0.2.2 2010-12-16 10:05:07 -05:00
Karsten Loesing
3c3b1d14fd Change gabelmoo's IP address and ports. 2010-12-16 13:28:30 +01:00
Robert Hogan
bf136b94de bug1666 - Pass-through support for SOCKS5 authentication
If a SOCKS5 client insists on authentication, allow it to
negotiate a connection with Tor's SOCKS server successfully.
Any credentials the client provides are ignored.

This allows Tor to work with SOCKS5 clients that can only
support 'authenticated' connections.

Also add a bunch of basic unit tests for SOCKS4/4a/5 support
in buffers.c.
2010-12-14 19:47:22 +00:00
Karsten Loesing
f56529b4b2 Call the new config option ConnDirectionStatistics. 2010-12-03 16:47:52 +01:00
Karsten Loesing
5dfdf075ac Add metric on uni/bidirectional connection usage. 2010-12-03 16:47:51 +01:00
Nick Mathewson
12f3186719 Disable DirPort when BridgeRelay is set 2010-11-22 13:12:48 -05:00
Roger Dingledine
6b82a6e88d Merge branch 'maint-0.2.2' 2010-11-16 00:16:25 -05:00
Roger Dingledine
a08a7e0fc6 warn more about AllowSingleHopExits 2010-11-16 00:13:25 -05:00
Nick Mathewson
8c2affe637 Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
	src/or/cpuworker.c
2010-11-15 14:14:13 -05:00
Nick Mathewson
433a98131a Merge remote branch 'sebastian/manpagefixups' into maint-0.2.2 2010-11-15 14:07:00 -05:00
Roger Dingledine
a29596556c Merge branch 'maint-0.2.2'
Conflicts:

	src/or/config.c
2010-11-11 12:19:37 -05:00
Roger Dingledine
362bb5c625 Merge branch 'maint-0.2.1' into maint-0.2.2 2010-11-11 12:12:17 -05:00
Roger Dingledine
0a38358210 let unpublished bridges learn their ip address too 2010-11-11 11:26:42 -05:00
Sebastian Hahn
5040c855d1 Break NoPublish support 2010-11-10 15:48:26 +01:00
Sebastian Hahn
556a1b9e45 Change Natd into NATD in our options.
Breaking this out of the last commit because this might be more
controversial.
2010-11-10 15:48:26 +01:00
Sebastian Hahn
b9cac605ab Synx manpage and source wrt option capitalization
We had a spelling discrepancy between the manpage and the source code
for some option. Resolve these in favor of the manpage, because it
makes more sense (for example, HTTP should be capitalized).
2010-11-10 15:48:26 +01:00
Sebastian Hahn
13a7e8bea3 Comment out the (unused) RunTesting option
The code that makes use of the RunTesting option is #if 0, so setting
this option has no effect. Mark the option as obsolete for now, so that
Tor doesn't list it as an available option erroneously.
2010-11-10 15:48:25 +01:00
Karsten Loesing
499661524b Turn on directory request statistics by default.
Change the default values for collecting directory request statistics and
inlcuding them in extra-info descriptors to 1.

Don't break if we are configured to collect directory request or entry
statistics and don't have a GeoIP database. Instead, print out a notice
and skip initializing the affected statistics code.
2010-11-10 12:11:08 +01:00
Nick Mathewson
d238d8386f Add a testing-only option to use bufferevent_openssl as a filter
We need filtering bufferevent_openssl so that we can wrap around
IOCP bufferevents on Windows.  This patch adds a temporary option to
turn on filtering mode, so that we can test it out on non-IOCP
systems to make sure it hasn't got any surprising bugs.

It also fixes some allocation/teardown errors in using
bufferevent_openssl as a filter.
2010-11-09 15:36:27 -05:00
Nick Mathewson
1fb342dfab Merge branch 'loggranularity' 2010-11-08 12:40:33 -05:00
Nick Mathewson
152c9cba65 Make LogTimeGranularity respect validate_only 2010-11-08 12:40:26 -05:00
Karsten Loesing
ed45bc198f Fix log granularity based on Nick's comments.
Instead of rejecting a value that doesn't divide into 1 second, round to
the nearest divisor of 1 second and warn.

Document that the option only controls the granularity written by Tor to a
file or console log. It does not (for example) "batch up" log messages to
affect times logged by a controller, times attached to syslog messages, or
the mtime fields on log files.
2010-11-08 17:38:59 +01:00
Roger Dingledine
d96c9cd00e Merge branch 'maint-0.2.2' 2010-11-06 17:42:37 -04:00
Nick Mathewson
c109ffaef9 Fix bug in tor_parse_string when Address is given as a dotted quad.
Found by Ian Goldberg and Mashael AlSabah.

Bugfix on 0.2.3.0-alpha dev.
2010-11-01 15:52:43 -04:00
Sebastian Hahn
f87c6f100d Remove delay to become HSDir in privnets 2010-10-26 18:37:57 +02:00
Nick Mathewson
a7cf788740 Merge branch 'bug1992_part1' 2010-10-15 17:08:18 -04:00
Nick Mathewson
b97da61b5a Tweak the fmt_addr32 code
Clarify documentation, rename a local, and fix a memory leak.
2010-10-15 17:07:27 -04:00
Nick Mathewson
3aec655694 Merge remote branch 'arma/bug1982_2'
Resolved a minor conflict in:
	src/or/circuitbuild.c
2010-10-13 16:07:37 -04:00
Karsten Loesing
8c5ba9388b Make logging resolution configurable.
Implements enhancement 1668.
2010-10-04 08:15:18 +02:00
Roger Dingledine
22f723e4a3 refactor all these tor_inet_ntoa idioms
but don't refactor the ones that look messy
2010-10-01 21:31:09 -04:00
Nick Mathewson
f9ea242aca Implement node-based router family code
Also, make the NodeFamily option into a list of routersets.  This
lets us git rid of router_in_nickname_list (or whatever it was
called) without porting it to work with nodes, and also lets people
specify country codes and IP ranges in NodeFamily
2010-10-01 18:14:27 -04:00
Steven Murdoch
a6dc00fa75 Start tor-fw-helper in the background, and log whatever it outputs 2010-09-30 11:40:37 -04:00
Roger Dingledine
0ed8d5a537 allow countries and IP addresses in EntryNodes 2010-09-29 03:00:06 -04:00
Nick Mathewson
73d93c033d Autodetect the number of CPUs when possible if NumCPUs==0
This is needed for IOCP, since telling the IOCP backend about all
your CPUs is a good idea.  It'll also come in handy with asn's
multithreaded crypto stuff, and for people who run servers without
reading the manual.
2010-09-28 14:42:21 -04:00
Nick Mathewson
c612ddee17 Add a new option to enable/disable IOCP support 2010-09-28 14:01:45 -04:00
Nick Mathewson
af7fab020a Merge remote branch 'origin/maint-0.2.2'
Conflicts:
	src/or/config.c
2010-09-27 17:52:20 -04:00
Nick Mathewson
c97072ef34 Merge branch 'bug1751_enabling' into maint-0.2.2 2010-09-27 17:08:03 -04:00
Nick Mathewson
6c5b9ba625 Change bug1751 enabling code based on comments from arma 2010-09-27 17:07:22 -04:00
Nick Mathewson
ffd5070b04 Convert bufferevents to use rate-limiting.
This requires the latest Git version of Libevent as of 24 March 2010.
In the future, we'll just say it requires Libevent 2.0.5-alpha or
later.

Since Libevent doesn't yet support hierarchical rate limit groups,
there isn't yet support for tracking relayed-bytes separately when
using the bufferevent system.  If a future version does add support
for hierarchical buckets, we can add that back in.
2010-09-27 14:22:18 -04:00
Nick Mathewson
c9cb4f0a0e Rename has_completed_circuit to can_complete_circuit
Also redocument it.  Related to #1362.
2010-09-22 01:52:57 -04:00
Nick Mathewson
e476ffc2ba Merge branch 'bug1789' 2010-09-21 14:29:59 -04:00
Nick Mathewson
ef5925237d First cut of code to enable RefuseUnknownExits
The RefuseUnknownExits config option is now a tristate, with "1"
meaning "enable it no matter what the consensus says", "0" meaning
"disable it no matter what the consensus says", and "auto" meaning "do
what the consensus says".  If the consensus is silent, we enable
RefuseUnknownExits.

This patch also changes the dirserv logic so that refuseunknownexits
won't make us cache unless we're an exit.
2010-09-21 01:03:29 -04:00
Nick Mathewson
2920d88667 Base our expected bw accounting usage on time before soft limit
Previously, we were also considering the time spent in
soft-hibernation.  If this was a long time, we would wind up
underestimating our bandwidth by a lot, and skewing our wakeup time
towards the start of the accounting interval.

This patch also makes us store a few more fields in the state file,
including the time at which we entered soft hibernation.

Fixes bug 1789.  Bugfix on 0.0.9pre5.
2010-09-03 14:29:17 -04:00
Nick Mathewson
c0c7868250 Make the windows build succeed with or without -DUNICODE enabled.
This should keep WinCE working (unicode always-on) and get Win98
working again (unicode never-on).

There are two places where we explicitly use ASCII-only APIs, still:
in ntmain.c and in the unit tests.

This patch also fixes a bug in windoes tor_listdir that would cause
the first file to be listed an arbitrary number of times that was
also introduced with WinCE support.

Should fix bug 1797.
2010-08-20 13:40:01 -04:00
Sebastian Hahn
219f7415d1 Warn for bad combination of cookie options
Setting CookieAuthFileGroupReadable but without setting CookieAuthFile makes
no sense, because unix directory permissions for the data directory prevent
the group from accessing the file anyways.
2010-08-20 02:45:10 +02:00
Roger Dingledine
c1260cb6ec delay geoip stats even more for relays-turned-bridges 2010-08-18 16:12:44 -04:00
Nick Mathewson
a509dbba50 Merge commit 'karsten/dirbytes2'
Conflicts:
	src/or/rephist.h
2010-08-18 10:06:14 -04:00
Karsten Loesing
db94b7f46e Count bytes we spend on answering directory requests. 2010-08-18 13:54:41 +02:00
Sebastian Hahn
4c49d3c27e Refactor circuit_build_times_parse_state
Remove the msg parameter to pass an error message out. This
wasn't needed and made it harder to detect a memory leak.
2010-08-16 00:45:32 +02:00
Roger Dingledine
8d588e7b1a reinit per-conn token buckets on config or consensus change 2010-08-15 04:01:42 -04:00
Roger Dingledine
45c6b5de17 tiny change i found in my other sandbox 2010-08-11 01:48:29 -04:00
Sebastian Hahn
d365bc965d Only delay counting bridge users if we were a relay before 2010-08-05 13:05:32 +02:00
Karsten Loesing
166c2f4d92 Allow enabling or disabling *Statistics while Tor is running.
With this patch we stop scheduling when we should write statistics using a
single timestamp in run_scheduled_events(). Instead, we remember when a
statistics interval starts separately for each statistic type in geoip.c
and rephist.c. Every time run_scheduled_events() tries to write stats to
disk, it learns when it should schedule the next such attempt.

This patch also enables all statistics to be stopped and restarted at a
later time.

This patch comes with a few refactorings, some of which were not easily
doable without the patch.
2010-08-05 13:05:25 +02:00
Nick Mathewson
9265190b16 Merge branch 'bug1384' 2010-08-02 12:53:52 -04:00
Sebastian Hahn
a9d055c5c5 Fix a compile warning on OS X 10.6
Also update the changes file to contain a note on which bug was
fixed by this.
2010-08-02 18:45:17 +02:00
Chris Ball
73a4c0690e Bug #919: Don't rebind ports if we receive SIGHUP while hibernating. 2010-08-02 12:14:01 -04:00
Chris Ball
9ffa977981 Bug #928: Disallow BridgeRelay 1 and ORPort 0 configuration 2010-08-02 12:04:04 -04:00
Chris Ball
600ba86f4a Bug #1107: Complain if PublishServerDescriptor receives 0 or 1 in a list
0 or 1 should only be passed as the sole argument. Warn for now, reject
in 0.2.3.x.
2010-08-02 12:02:06 -04:00
Nick Mathewson
39378bf182 Warn when encounter the same (non-list) option twice in the same place
It's okay to get (say) a SocksPort line in the torrc, and then a
SocksPort on the command line to override it, and then a SocksPort via
a controller to override *that*.  But if there are two occurrences of
SocksPort in the torrc, or on the command line, or in a single SETCONF
command, then the user is likely confused.  Our old code would not
help unconfuse the user, but would instead silently ignore all but
the last occurrence.

This patch changes the behavior so that if the some option is passed
more than once to any torrc, command line, or SETCONF (each of which
coincidentally corresponds to a call to config_assign()), and the
option is not a type that allows multiple occurrences (LINELIST or
LINELIST_X), then we can warn the user.

This closes trac entry 1384.
2010-07-31 13:16:48 -04:00
Sebastian Hahn
df9d42cef5 Create rephist.h 2010-07-27 10:00:46 +02:00
Sebastian Hahn
b0cd4551ab Create relay.h 2010-07-27 10:00:45 +02:00
Sebastian Hahn
7bd8dee463 Create policies.h 2010-07-27 10:00:45 +02:00
Sebastian Hahn
69fcbbaa89 Create networkstatus.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
0f1548ab18 Create main.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
a86f464f6b Create hibernate.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
dc2f1666ff Create dns.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
85f7d54418 Create dirvote.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
7d4c027fb0 Create dirserv.h 2010-07-27 07:58:16 +02:00
Sebastian Hahn
98d1314c7e Create cpuworker.h 2010-07-27 07:58:15 +02:00
Sebastian Hahn
0bfa34e1f6 Create control.h 2010-07-27 07:58:15 +02:00
Sebastian Hahn
78b6a4650b Create connection_edge.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
2a74101f7a Create connection.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
c4f8f1316e Create config.h 2010-07-27 07:58:14 +02:00
Sebastian Hahn
174a88dd79 Create circuitlist.h 2010-07-27 07:58:13 +02:00
Sebastian Hahn
21155204c6 Create circuitbuild.h 2010-07-27 07:58:13 +02:00
Sebastian Hahn
85a1d635d5 Create rendservice.h 2010-07-27 07:56:26 +02:00
Sebastian Hahn
7caa8351b8 Create rendclient.h 2010-07-27 07:56:26 +02:00
Sebastian Hahn
cbee969f40 Create routerlist.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
c53b6cc831 Create router.h 2010-07-27 07:56:25 +02:00
Sebastian Hahn
ff4030f621 Create geoip.h 2010-07-27 07:56:25 +02:00
Nick Mathewson
0b4b51314f Make the controller act more usefully when GETINFO fails
Right now it says "552 internal error" because there's no way for
getinfo_helper_*() countries to specify an error message.  This
patch changes the getinfo_helper_*() interface, and makes most of the
getinfo helpers give useful error messages in response to failures.

This should prevent recurrences of bug 1699, where a missing GeoIPFile
line in the torrc made GETINFO ip-to-county/* fail in a "not obvious
how to fix" way.
2010-07-18 17:05:58 +02:00
Mike Perry
a9edb0b4f6 More gracefully handle corrupt state files.
Save a backup if we get odd circuitbuildtimes and other state info.

In the case of circuit build times, we no longer assert, and reset our state.
2010-07-06 12:11:22 -07:00
Nick Mathewson
bea55766af Merge remote branch 'mikeperry/cbt-bugfixes3' 2010-06-29 18:57:50 -04:00
Roger Dingledine
1def582217 Group in torrc is obsolete, so stop checking it 2010-06-27 02:31:00 -04:00
Mike Perry
c6c8fbf852 Split the circuit timeout and close codepaths.
We need to record different statistics at point of timeout, vs the point
of forcible closing.

Also, give some better names to constants and state file variables
to indicate they are not dealing with timeouts, but abandoned circuits.
2010-06-15 20:04:42 -07:00
Nick Mathewson
7be7f15198 Answer question from Roger. 2010-06-14 18:32:44 -04:00
Roger Dingledine
9f31a0098d a line that's been sitting in my sandbox for months 2010-06-14 18:25:37 -04:00
Nick Mathewson
945633476a Merge commit 'sebastian/hostnamewarn' 2010-06-11 13:21:31 -04:00
Nick Mathewson
be1c4672c4 Merge commit 'origin/maint-0.2.1' 2010-06-11 13:20:20 -04:00
Karsten Loesing
6c49b6bb77 Add maatuska as eighth v3 directory authority. 2010-06-11 19:10:55 +02:00
Mike Perry
38770dd6a5 Add timeout count state variable. 2010-06-09 00:22:34 -07:00
Sebastian Hahn
10fdb9ee0a Add option to not warn when getting an IP instead of hostname 2010-06-07 12:44:25 +02:00
valerino
8d31141ccb Port Tor to work on Windows CE
Most of the changes here are switches to use APIs available on Windows
CE.  The most pervasive change is that Windows CE only provides the
wide-character ("FooW") variants of most of the windows function, and
doesn't support the older ASCII verions at all.

This patch will require use of the wcecompat library to get working
versions of the posix-style fd-based file IO functions.

[commit message by nickm]
2010-05-24 11:46:45 -04:00
Mike Perry
29e0d70814 Bug 1296: Add option+logic to disable CBT learning.
There are now four ways that CBT can be disabled:

1. Network-wide, with the cbtdisabled consensus param.
2. Via config, with "LearnCircuitBuildTimeout 0"
3. Via config, with "AuthoritativeDirectory 1"
4. Via a state file write failure.
2010-05-10 13:11:48 -07:00
Nick Mathewson
927425150b Merge branch 'asprintf' 2010-04-02 12:30:46 -04:00
Roger Dingledine
1108358e96 let people test the RefuseUnknownExits idea 2010-03-10 22:43:23 -05:00
Roger Dingledine
625963d92a commit my annotations while i was hunting down the host order bug 2010-03-05 16:04:01 -05:00
Nick Mathewson
eb2e56ad3c Merge commit 'origin/maint-0.2.1'
Conflicts:
	src/or/config.c
	src/or/test.c
2010-03-04 18:44:31 -05:00
Nick Mathewson
3ff092391b Apply Roger's bug 1269 fix.
From http://archives.seul.org/tor/relays/Mar-2010/msg00006.html :

   As I understand it, the bug should show up on relays that don't set
   Address to an IP address (so they need to resolve their Address
   line or their hostname to guess their IP address), and their
   hostname or Address line fails to resolve -- at that point they'll
   pick a random 4 bytes out of memory and call that their address. At
   the same time, relays that *do* successfully resolve their address
   will ignore the result, and only come up with a useful address if
   their interface address happens to be a public IP address.
2010-03-04 18:37:40 -05:00
Nick Mathewson
47e919424d Tweak users of snprintf to use asprintf where appropriate 2010-02-28 21:46:50 -05:00
Nick Mathewson
b006e3279f Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	src/common/test.h
	src/or/test.c
2010-02-27 17:16:31 -05:00
Nick Mathewson
c3e63483b2 Update Tor Project copyright years 2010-02-27 17:14:21 -05:00
Sebastian Hahn
2917c0596c Restrict PerConnBWRate|Burst to INT32_MAX, update manpage
All other bandwidthrate settings are restricted to INT32_MAX, but
this check was forgotten for PerConnBWRate and PerConnBWBurst. Also
update the manpage to reflect the fact that specifying a bandwidth
in terabytes does not make sense, because that value will be too
large.
2010-02-25 12:33:15 +01:00
Nick Mathewson
d35b8dc582 Make expand_filename into a tor_strdup() alias on windows.
On Windows, we don't have a notion of ~ meaning "our homedir", so we
were deliberately using an #ifdef to avoid calling expand_filename()
in multiple places.  This is silly: The right place to turn a function
into a no-op on a single platform is in the function itself, not in
every single call-site.
2010-02-22 12:42:31 -05:00
Sebastian Hahn
1dfbec482c Remove some redundant code in options_save_current()
get_torrc_fname() does the same thing we did in this code, so let's
replace it.
2010-02-22 12:21:58 +01:00
Nick Mathewson
715f104eeb Merge remote branch 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-02-18 12:01:56 -05:00
Roger Dingledine
3e6a37e61e new dannenberg address; make moria2's demise official. 2010-02-12 14:31:08 -05:00
Sebastian Hahn
fe18275563 Add Windows version detection for Vista and 7
Vista is Windows 6.0, and 7 is Windows 6.1. Fixes bug 1097.

Also fix a coding style violation.
2010-02-10 08:40:44 +01:00
Nick Mathewson
a6a1b8b815 Merge remote branch 'origin/maint-0.2.1' 2010-02-09 12:58:25 -05:00
Sebastian Hahn
a168cd2a54 Don't use gethostbyname() in resolve_my_address()
Tor has tor_lookup_hostname(), which prefers ipv4 addresses automatically.
Bug 1244 occured because gethostbyname() returned an ipv6 address, which
Tor cannot handle currently. Fixes bug 1244; bugfix on 0.0.2pre25.
Reported by Mike Mestnik.
2010-02-08 15:49:54 +01:00
Roger Dingledine
37ca182c7e Merge branch 'maint-0.2.1' into master
Conflicts:

	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h
2010-01-19 14:51:39 -05:00
Roger Dingledine
adae600715 rotate keys for moria1 and gabelmoo 2010-01-19 14:12:39 -05:00
Roger Dingledine
4d71d43772 add config options to override.
somebody should add man page entries.
2009-12-29 23:13:03 -05:00
Sebastian Hahn
9f1618b518 Remove online config descriptions.
They weren't in sync with reality nor manpage, and only useful to a human
who could simply have checked the manpage.
2009-12-25 16:35:47 +01:00
Sebastian Hahn
03da1af9ca Fix a typo 2009-12-25 16:33:56 +01:00
Roger Dingledine
937607056b a changelog and doc fixes for the strictnodes work 2009-12-21 04:38:49 -05:00
Roger Dingledine
ef81649d2f Be more willing to use an unsuitable circuit for exit.
Specifically, there are two cases: a) are we willing to start a new
circuit at a node not in your ExitNodes config option, and b) are we
willing to make use of a circuit that's already established but has an
unsuitable exit.

Now we discard all your circuits when you set ExitNodes, so the only
way you could end up with an exit circuit that ends at an unsuitable
place is if we explicitly ran out of exit nodes, StrictNodes was 0,
and we built this circuit to solve a stream that needs solving.

Fixes bug in dc322931, which would ignore the just-built circuit because
it has an unsuitable exit.
2009-12-21 03:52:32 -05:00
Roger Dingledine
c75a2eea60 Abandon circs if the user changes Exclude*Nodes
If ExcludeNodes or ExcludeExitNodes changes on a config reload,
mark and discard all our origin circuits.
2009-12-21 03:52:32 -05:00
Roger Dingledine
580066f2f6 Switch to a StrictNodes config option.
This is step one of handling ExcludedNodes better. This first
step is just to make EntryNodes and ExitNodes do what they did
before.
2009-12-21 03:52:31 -05:00
Nick Mathewson
05a2473b7f Merge branch 'ewma' 2009-12-18 22:33:02 -05:00
Karsten Loesing
d38268a8c7 Remove v0 hidden service statistics code.
The HSAuthorityRecordStats option was used to track statistics of overall
hidden service usage on the version 0 hidden service authorities. With the
version 2 hidden service directories being deployed and version 0
descriptors being phased out, these statistics are not as useful anymore.

Goodbye, you fine piece of software; my first major code contribution to
Tor.
2009-12-17 09:15:06 +01:00
Nick Mathewson
350181529e Merge branch 'safelogging2'
Conflicts:
	ChangeLog
2009-12-15 17:26:09 -05:00
Nick Mathewson
fcbd65b45c Refactor the safe_str_*() API to make more sense.
The new rule is: safe_str_X() means "this string is a piece of X
information; make it safe to log."  safe_str() on its own means
"this string is a piece of who-knows-what; make it safe to log".
2009-12-15 17:25:34 -05:00
Nick Mathewson
60b01c6d5e Change interface for configuring cell ewma algorithm.
The rule is now: take the value from the CircuitPriorityHalflife
config option if it is set.  If it zero, disable the cell_ewma
algorithm.  If it is set, use it to calculate the scaling factor.
If it is not set, look for a CircPriorityHalflifeMsec parameter in the
consensus networkstatus.  If *that* is zero, then disable the cell_ewma
algorithm; if it is set, use it to calculate the scaling factor.
If it is not set at all, disable the algorithm.
2009-12-15 13:58:24 -05:00
Nick Mathewson
06e8370c33 Optimize cell-ewma circuit priority algorithm.
There are two big changes here:
  - We store active circuits in a priority queue for each or_conn,
    rather than doing a linear search over all the active circuits
    before we send each cell.
  - Rather than multiplying every circuit's cell-ewma by a decay
    factor every time we send a cell (thus normalizing the value of a
    current cell to 1.0 and a past cell to alpha^t), we instead
    only scale down the cell-ewma every tick (ten seconds atm),
    normalizing so that a cell sent at the start of the tick has
    value 1.0).
2009-12-13 21:05:53 -05:00
Roger Dingledine
f7d99b62a3 New controller command "getinfo config-text"
It returns the contents that Tor would write if you send it a SAVECONF
command, so the controller can write the file to disk itself.
2009-12-13 19:21:06 -05:00
Can Tang
d3be00e0f4 Favor quiet circuits when choosing which order to relay cells in.
Each circuit is ranked in terms of how many cells from it have been
relayed recently, using a time-weighted average.

This patch has been tested this on a private Tor network on PlanetLab,
and gotten improvements of 12-35% in time it takes to fetch a small
web page while there's a simultaneous large data transfer going on
simultaneously.

[Commit msg by nickm based on mail from Ian Goldberg.]
2009-12-12 19:06:38 -05:00
Nick Mathewson
9e6225ae16 Merge commit 'sebastian/coverity' 2009-12-12 02:10:19 -05:00
Nick Mathewson
0c1b3070cf Now that FOO_free(NULL) always works, remove checks before calling it. 2009-12-12 02:07:59 -05:00
Nick Mathewson
a8190b09a3 Cache the parsed value of SafeLogging as an enum. 2009-12-12 01:12:47 -05:00
Sebastian Hahn
3807db001d *_free functions now accept NULL
Some *_free functions threw asserts when passed NULL. Now all of them
accept NULL as input and perform no action when called that way.

This gains us consistence for our free functions, and allows some
code simplifications where an explicit null check is no longer necessary.
2009-12-12 03:29:44 +01:00
Sebastian Hahn
f258647433 Allow SafeLogging to exclude client related information 2009-12-12 02:26:11 +01:00
Roger Dingledine
403f99eaa4 add a minimum for CircuitStreamTimeout, plus a man page
plus some other unrelated touchups that have been sitting in my
sandbox
2009-11-22 07:15:30 -05:00
Roger Dingledine
7f3f88bed3 New config option "CircuitStreamTimeout"
New config option "CircuitStreamTimeout" to override our internal
timeout schedule for how many seconds until we detach a stream from
a circuit and try a new circuit. If your network is particularly
slow, you might want to set this to a number like 60.
2009-11-21 23:36:36 -05:00
Sebastian Hahn
f1b7295b27 Disallow command line keywords with more than two dashes as prefix.
This might help fix cid 422, where coverity fails to notice that
argv strings are null-escaped.
2009-10-27 17:50:24 +01:00
Jacob Appelbaum
2aac39a779 Implement DisableAllSwap to avoid putting secret info in page files.
This commit implements a new config option: 'DisableAllSwap'
This option probably only works properly when Tor is started as root.
We added two new functions: tor_mlockall() and tor_set_max_memlock().
tor_mlockall() attempts to mlock() all current and all future memory pages.
For tor_mlockall() to work properly we set the process rlimits for memory to
RLIM_INFINITY (and beyond) inside of tor_set_max_memlock().
We behave differently from mlockall() by only allowing tor_mlockall() to be
called one single time. All other calls will result in a return code of 1.
It is not possible to change DisableAllSwap while running.
A sample configuration item was added to the torrc.complete.in config file.
A new item in the man page for DisableAllSwap was added.
Thanks to Moxie Marlinspike and Chris Palmer for their feedback on this patch.

Please note that we make no guarantees about the quality of your OS and its
mlock/mlockall implementation. It is possible that this will do nothing at all.
It is also possible that you can ulimit the mlock properties of a given user
such that root is not required. This has not been extensively tested and is
unsupported. I have included some comments for possible ways we can handle
this on win32.
2009-10-27 04:28:40 -04:00
Nick Mathewson
8519d36633 Merge commit 'origin/maint-0.2.1' 2009-10-26 22:40:24 -04:00
Nick Mathewson
8bada1ef67 Add missing break statements for Coverity CIDs #406,407.
The code for these was super-wrong, but will only break things when we
reset an option on a platform where sizeof(time_t) is different from
sizeof(int).
2009-10-26 21:35:26 -04:00
Nick Mathewson
5ef97ddd42 Merge commit 'origin/maint-0.2.1'
Conflicts:
	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/or/config.c
	src/win32/orconfig.h
2009-10-15 12:33:22 -04:00
Roger Dingledine
2bee297d57 Move moria1 and Tonga to alternate IP addresses. 2009-10-15 12:14:18 -04:00
Roger Dingledine
6265b9f09d Move dizum to an alternate IP address. 2009-10-11 14:59:14 -04:00
Roger Dingledine
b9e8f0a013 Move Tonga to an alternate IP address 2009-09-30 22:35:05 -04:00
Roger Dingledine
69ecc127e9 Move moria1 to a nearby IP address 2009-09-30 18:46:55 -04:00
Nick Mathewson
3e82981795 Fix some win32 compilation warnings 2009-09-28 19:56:36 -04:00
Roger Dingledine
67f280feb3 Let our config abbreviations rewrite more than once 2009-09-17 20:32:42 -04:00
Mike Perry
0352d43917 Move circuitbuildtimeout config check.
We want it to be under our control so it doesn't mess
up initialization. This is likely the cause for
the bug the previous assert-adding commit (09a75ad) was
trying to address.
2009-09-16 15:58:42 -07:00
Mike Perry
63be2df84f Fix issues found by arma in review. 2009-09-16 15:55:36 -07:00
Roger Dingledine
672e2f6908 space/indent cleanups, plus point out three bugs 2009-09-16 15:55:32 -07:00
Mike Perry
6eba08e22f Use our variable directly for timeout.
Using CircuitBuildTimeout is prone to issues with SIGHUP, etc.
Also, shuffle the circuit build times array after loading it
in so that newer measurements don't replace chunks of
similarly timed measurements.
2009-09-16 15:52:04 -07:00
Mike Perry
b52bce91fc Write unit tests and fix issues they uncovered. 2009-09-16 15:51:10 -07:00
Mike Perry
04414830fe Implement the pareto fitting and timeout calculating bits. 2009-09-16 15:48:52 -07:00
Mike Perry
7750bee21d Clean up Fallon's partially complete GSoC project.
The code actually isn't that bad. It's a shame she didn't finish.
Using it as the base for this feature.
2009-09-16 15:48:51 -07:00
Roger Dingledine
40bcab1faf ConsensusParams config option lists key=value params
finishes the authority-operator interface side of proposal 167.
2009-09-15 04:40:08 -04:00
Nick Mathewson
1cda6f3e75 Merge commit 'origin/maint-0.2.1' 2009-09-01 15:59:40 -04:00
Sebastian Hahn
d76fd59a7e Remove a debug printf 2009-09-01 21:58:11 +02:00
Sebastian Hahn
aea9cf1011 Fix compile warnings on Snow Leopard
Big thanks to nickm and arma for helping me with this!
2009-09-01 18:36:27 +02:00
Nick Mathewson
00b37f071d Revise parsing of time and memory units to handle spaces.
When we added support for fractional units (like 1.5 MB) I broke
support for giving units with no space (like 2MB).  This patch should
fix that.  It also adds a propoer tor_parse_double().

Fix for bug 1076.  Bugfix on 0.2.2.1-alpha.
2009-08-31 00:18:55 -04:00
Nick Mathewson
1d9b8a1e16 Merge commit 'karsten/proposal-166-impl-master' 2009-08-26 11:36:40 -04:00
Nick Mathewson
c9203749a2 A changelog entry and a bit more documentation for socks-client 2009-08-26 11:34:45 -04:00
Nick Mathewson
707a6bd659 Merge commit 'public/socks-client'
Resolved conflict in:
	src/or/or.h
2009-08-26 11:27:19 -04:00
Nick Mathewson
daa0326aaa Add the first 8 bytes of the git commit digest to our versions.
Note that unlike subversion revision numbers, it isn't meaningful to
compare these for anything but equality.  We define a sort-order anyway,
in case one of these accidentally slips into a recommended-versions
list.
2009-08-21 12:31:13 -04:00
Karsten Loesing
4e29f33427 Write all statistics to disk exactly every 24 hours. 2009-08-19 15:41:12 +02:00
Karsten Loesing
9179bcb923 Include contents of *-stats files in descriptor. 2009-08-17 13:30:10 +02:00
Karsten Loesing
d97e95cb62 Remove ./configure option for cell statistics. 2009-08-17 13:30:09 +02:00
Karsten Loesing
ab7729f472 Remove ./configure option for entry and dir request statistics. 2009-08-17 13:29:50 +02:00
Nick Mathewson
b9e45cc508 Merge commit 'mikeperry/bandwidth-voting-final' 2009-08-14 17:12:05 -04:00
Karsten Loesing
9d16a59fcc Remove ./configure option for exit port statistics. 2009-08-14 14:56:38 +02:00
Roger Dingledine
5f0fb9a109 Merge branch 'maint-0.2.1' into tmp_merge 2009-08-10 01:37:29 -04:00
Roger Dingledine
8abe3bac7e Set up urras as the seventh v3 directory authority. 2009-08-10 01:32:51 -04:00
Roger Dingledine
3e4379c2e7 Disable .exit notation unless AllowDotExit is 1. 2009-08-07 19:26:41 -04:00
Roger Dingledine
da88e05edc try loading the bandwidth measurement file on startup too,
in case it's broken.
2009-08-06 11:48:03 -07:00
Mike Perry
6fbdf635fa Implement measured bw parsing + unit tests. 2009-08-06 11:48:03 -07:00
Nick Mathewson
df354a002c Merge commit 'origin/maint-0.2.1'
Resolved onflicts in:
	ChangeLog
	src/or/config.c
	src/or/or.h
2009-07-30 10:16:04 -04:00
Nick Mathewson
4577bda766 Cleaner fix for get_effective_bw(rate|burst), with comment on why it is ok. 2009-07-30 10:14:12 -04:00
Nick Mathewson
efe966944d Fix signed/unsigned comparison warnings in get_effective_bw(rate|burst) 2009-07-30 09:15:07 -04:00
Roger Dingledine
6249b0fd77 Fix a signed/unsigned compile warning in 0.2.1.19 2009-07-28 18:34:35 -04:00
Roger Dingledine
e8e88922a7 Merge branch 'maint-0.2.1' into master 2009-07-28 18:19:57 -04:00
Sebastian Hahn
3e45445104 Changing MaxAdvertisedBW may not need a republish
Relays no longer publish a new server descriptor if they change
their MaxAdvertisedBandwidth config option but it doesn't end up
changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
fixes bug 1026. Patch from Sebastian.
2009-07-27 23:53:06 -04:00
Nick Mathewson
2b0e8fb39f Merge commit 'ioerror/DirFetchInfoExtraEarly'
Conflicts:
	ChangeLog
2009-07-25 00:52:54 -04:00
Sebastian Hahn
5c0b418a6f don't warn about DirReqStatistics when the option is disabled
Reported by Zax on #tor
2009-07-23 13:50:18 +02:00
Nick Mathewson
022d251cb7 Merge branch 'dirreq-timing' 2009-07-16 15:26:07 -04:00
Sebastian Hahn
989e74e5c0 fix long line 2009-07-15 17:26:11 +02:00
Karsten Loesing
8c496d1660 Some tweaks to statistics.
Changes to directory request statistics:

- Rename GEOIP statistics to DIRREQ statistics, because they now include
  more than only GeoIP-based statistics, whereas other statistics are
  GeoIP-dependent, too.
- Rename output file from geoip-stats to dirreq-stats.
- Add new config option DirReqStatistics that is required to measure
  directory request statistics.
- Clean up ChangeLog.

Also ensure that entry guards statistics have access to a local GeoIP
database.
2009-07-15 16:32:40 +02:00
Nick Mathewson
d4b31cf98f Allow interval and memunit cfg variables to be set to fractions. 2009-07-15 10:02:49 -04:00
Jacob Appelbaum
e7576f92de Add support for a new option: FetchDirInfoExtraEarly
This new option will allow clients to download the newest fresh consensus
much sooner than they normally would do so, even if they previously set
FetchDirInfoEarly. This includes a proper ChangeLog entry and an updated man
page.
2009-07-13 16:30:42 -07:00
Roger Dingledine
9ece0955f7 fix comments and other typos 2009-07-13 17:34:46 -04:00
Nick Mathewson
041a7b9896 Merge commit 'karsten/entrystats-master'
Conflicts:
	ChangeLog
	configure.in
	src/or/config.c
	src/or/or.h
2009-07-07 14:26:50 -04:00
Karsten Loesing
c0b6cb132b If configured, write entry-node statistics to disk periodically. 2009-07-05 20:48:16 +02:00
Karsten Loesing
b493a2ccb9 If configured, write cell statistics to disk periodically. 2009-07-05 19:53:25 +02:00
Karsten Loesing
4d6af73db8 If configured, write per-port exit statistics to disk periodically.
[Original patch series from Karsten, revised and squashed by Nick]
2009-07-02 12:37:05 -04:00
Sebastian Hahn
38476e2555 Log a notice about collecting geoip stats 2009-06-25 18:06:52 +02:00
Karsten Loesing
e6a1e7001b Add warning that the results of --enable-geoip-stats are different from those in master. 2009-06-22 11:51:19 -04:00
Nick Mathewson
659fc13da5 Change proxy-address type to tor_addr_t to allow ipv6 proxies. 2009-06-19 12:48:00 -04:00
Christopher Davis
75472c19c3 Enable Tor to connect through SOCKS 4/5 proxies
Added a sanity check in config.c and a check in directory.c
directory_initiate_command_rend() to catch any direct connection attempts
when a socks proxy is configured.
2009-06-19 12:16:15 -04:00
Nick Mathewson
c0af3cdfb6 Move the Libvent setup logic into compat_libevent from config.
This has been some pretty ugly and voodoo-laden code.  I've tried to
clean it up a bit, but more work probably remains.
2009-06-12 14:27:52 -04:00
Nick Mathewson
e5b88dc83f Update Tor to use Libevent 2.0 APIs when available.
This patch adds a new compat_libevent.[ch] set of files, and moves our
Libevent compatibility and utilitity functions there.  We build them
into a separate .a so that nothing else in src/commmon depends on
Libevent (partially fixing bug 507).

Also, do not use our own built-in evdns copy when we have Libevent
2.0, whose evdns is finally good enough (thus fixing Bug 920).
2009-06-12 14:27:52 -04:00
Nick Mathewson
77ffd6b2a7 Merge commit 'origin/maint-0.2.1' 2009-05-31 19:17:22 -04:00
Nick Mathewson
e84ddead34 Merge branch 'hardware_accel_improvements' 2009-05-31 13:36:50 -04:00
Nick Mathewson
3ca10bb62f Fix-ups for dynamic OpenSSL engine patch.
Include a changelog, and don't try to compare strings with !=.
2009-05-31 13:36:18 -04:00
Karsten Loesing
dfebc88d56 Warn and exit when we are configured to measure GeoIP statistics, but have no GeoIP database. 2009-05-30 23:35:21 +02:00
Nick Mathewson
d66c379765 Clean up a bit of C logic, and fix an erroneous warning.
(Simplify "if (cond) return 1; return 0;" to "return cond;", and don't
give a warning when we start with accounting on but dirport off.)
2009-05-29 23:28:01 -04:00
Sebastian Hahn
e70fe116d3 Consider *ListenAddress when warning about low ports and hibernation
Tas (thanks!) noticed that when *ListenAddress is set, Tor would
still warn on startup when *Port is low and hibernation is active.
The patch parses all the *ListenAddress lines, and checks the
ports. Bugfix on 0.2.1.15-rc
2009-05-30 03:09:39 +02:00
Nick Mathewson
4913a8c4ba Merge commit 'origin/maint-0.2.1' 2009-05-28 16:07:49 -04:00
Nick Mathewson
260de44313 Fixes to spelling fixes. Thanks, Roger! 2009-05-28 12:22:48 -04:00
Nick Mathewson
cb18fc2190 Merge commit 'origin/maint-0.2.1' 2009-05-27 18:12:18 -04:00
Nick Mathewson
ec7e054668 Spell-check Tor. 2009-05-27 17:55:51 -04:00
Nick Mathewson
0e2618dd54 Merge commit 'origin/maint-0.2.1' 2009-05-27 14:20:18 -04:00
Karsten Loesing
54c97c9133 Change the way how directories that are configured with --enable-geoip-stats write geoip stats to disk.
- Write geoip stats to disk every 24 hours, not every hour.
- Remove configuration options and define reasonable defaults.
- Clear history of client requests every 24 hours (which wasn't done at
  all before).
2009-05-27 19:13:31 +02:00
Karsten Loesing
5f03d6c547 Fix bug 932 even more.
Ignore connections two hours after switching from bridge to relay or back.
2009-05-27 19:10:54 +02:00
Roger Dingledine
05e55d82b6 simplify options_act() 2009-05-24 20:31:50 -04:00
Martin Peck
7703b887f5 Add support for dynamic OpenSSL hardware crypto acceleration engines. 2009-05-23 16:42:44 -07:00
Nick Mathewson
4201a3735f Merge commit 'origin/maint-0.2.1' 2009-05-22 11:56:51 -04:00
phobos
678092750b fix a spelling mistake in config.c for "contries" 2009-05-22 01:26:17 -04:00
Nick Mathewson
479d21254a Merge commit 'origin/maint-0.2.1' 2009-05-13 16:55:42 -04:00
Nick Mathewson
a38ed1a235 Use | with flags, not +. 2009-05-13 16:45:59 -04:00
Karsten Loesing
9e97067b2f Prevent bridges from publishing router descriptors.
Bridges are not supposed to publish router descriptors to the directory
authorities. It defeats the point of bridges when they are included in the
public relay directory.

This patch puts out a warning and exits when the node is configured as
a bridge and to publish v1, v2, or v3 descriptors at the same time.

Also fixes part of bug 932.
2009-05-13 16:45:59 -04:00
Nick Mathewson
fc091e8a96 When our bridge status changes, forget old geoip data.
This fixes bug 932, where all of our usage totals for users when we
were a regular server would get included in the extrainfo document.
2009-05-13 16:45:59 -04:00
Nick Mathewson
a271c5370a Merge commit 'origin/maint-0.2.1' into m3 2009-05-12 14:04:51 -04:00
Sebastian Hahn
a28215a150 Warn when hibernation and low-port on non-windows is configured
This addresses the first part of bug 918. Users are now warned when
they try to use hibernation in combination with a port below 1024
when they're not on Windows. We don't want to die here, because
people might run Tor as root, use a capabilities system or some
other platform that will allow them to re-attach low ports.

Wording suggested by Marian
2009-05-12 20:00:00 +02:00
Nick Mathewson
fdbdb4dc15 Include the *_sha1.i files in their own *_codedigest.c files.
This way we do not need to rebuild util.c and/or config.c whenever
any unrelated source file in src/common or src/or has changed.
2009-05-08 12:35:36 -04:00
Karsten Loesing
9b32e8c141 Update copyright to 2009. 2009-05-04 11:28:27 -04:00
Karsten Loesing
4ebcc4da34 Update copyright to 2009. 2009-05-02 22:00:54 +02:00
Nick Mathewson
6ac3a8b0cd Command-line option to dump SHA1 digests of all source files.
Now, when you call tor --digests, it dumps the SHA1 digest of each
source file that Tor was built with.  We support both 'sha1sum' and
'openssl sha1'.  If the user is building from a tarball and they
haven't edited anything, they don't need any program that calculates
SHA1.  If they _have_ modified a file but they don't have a program to
calculate SHA1, we try to build so we do not output digests.
2009-04-29 14:46:04 -04:00
Roger Dingledine
39ceda7e05 Raise the minimum bandwidth to be a relay from 20000 bytes to 20480
bytes (aka 20KB/s), to match our documentation. Also update
directory authorities so they always assign the Fast flag to relays
with 20KB/s of capacity. Now people running relays won't suddenly
find themselves not seeing any use, if the network gets faster
on average.


svn:r19305
2009-04-12 07:56:58 +00:00
Roger Dingledine
93c0a81491 If the bridge config line doesn't specify a port, assume 443.
This makes bridge lines a bit smaller and easier for users to
understand.

Also, remove a duplicate changelog entry from the past.


svn:r19260
2009-04-11 00:16:05 +00:00
Roger Dingledine
c4145e5390 commit sebastian's patch to not require contactinfo when testingtornetwork
is set


svn:r19257
2009-04-10 07:02:19 +00:00
Nick Mathewson
b13496b62a Possible fix for broken country settings in ExcludeExitNodes.
It turns out that we weren't updating the _ExcludeExitNodesUnion set's
country numbers when we reloaded (or first loaded!) the IP-to-country
file.  Spotted by Lark.  Bugfix on 0.2.1.6-alpha.

svn:r18575
2009-02-16 15:15:06 +00:00
Nick Mathewson
c7315e65ae Disable KQUEUE from inside Tor if the OSX version is prior to 10.4.0
svn:r18450
2009-02-09 16:07:02 +00:00
Nick Mathewson
87124f54d0 This patch changes the default location where config and data files
are stored when the --enable-local-appdata option is configured.  This
changes the Windows path from %APPDATA% to a host local
%USERPROFILE%\Local Settings\Application Data\ path (aka,
LOCAL_APPDATA).

Patch from coderman.



svn:r18122
2009-01-15 23:07:11 +00:00
Nick Mathewson
a0a5440826 Make the last bunch of libevent version detection silliness work on macosx.
svn:r18015
2009-01-07 21:13:02 +00:00
Nick Mathewson
a6504cdea7 Check that Libevent header version matches Libevent library version.
Unfortunately, old Libevents don't _put_ a version in their headers, so
this can get a little tricky.  Fortunately, the only binary-compatibility
issue we care about is the size of struct event.  Even more fortunately,
Libevent 2.0 will let us keep binary compatiblity forever by letting us
decouple ourselves from the structs, if we like.

svn:r18014
2009-01-07 21:05:02 +00:00
Nick Mathewson
6f1ceaefaa Slightly better messages on ControlListenAddress 0.0.0.0
svn:r17963
2009-01-06 16:57:42 +00:00
Nick Mathewson
92ce533f71 Another round of downgrading removing or postponing XXXX021 issues. Some remain, though.
svn:r17888
2009-01-04 19:47:21 +00:00
Nick Mathewson
c4b8fef362 Remove svn $Id$s from our source, and remove tor --version --version.
The subversion $Id$ fields made every commit force a rebuild of
whatever file got committed.  They were not actually useful for
telling the version of Tor files in the wild.

svn:r17867
2009-01-04 00:35:51 +00:00
Nick Mathewson
3a8a2cb2de Downgrade some xxx021s, comment more on others, etc
svn:r17823
2008-12-29 20:17:24 +00:00
Nick Mathewson
558e9899e4 Document most undocumented variables.
svn:r17754
2008-12-23 17:56:31 +00:00
Nick Mathewson
b68379b13b Add DOCDOC entries for undocumented static and global variables.
svn:r17739
2008-12-22 19:00:05 +00:00
Karsten Loesing
61055ae719 gabelmoo has a new IP address (once more).
svn:r17717
2008-12-22 00:48:10 +00:00
Nick Mathewson
122170c1d3 Downlgrade tweak, and answer lots of XXX021s. No actual code fixes in this patch.
svn:r17686
2008-12-18 16:11:24 +00:00
Nick Mathewson
1510d50fab Oops: SeverDNS->ServerDNS.
svn:r17664
2008-12-17 23:20:07 +00:00
Nick Mathewson
7d92053286 Remove RedirectExit feature; it has been deprecated since 0.2.0.3-alpha
svn:r17663
2008-12-17 23:02:04 +00:00
Nick Mathewson
6693f32530 Resolve many DOCDOCs.
svn:r17662
2008-12-17 22:58:20 +00:00
Nick Mathewson
2ad36f68c8 Rename ServerDNSAllowBrokenResolvConf to ServerDNSAllowBrokenConfig.
(Many users have no idea what a resolv.conf is, and shouldn't be forced to learn.  The old option will keep working for now.)
Also, document it.

svn:r17661
2008-12-17 22:58:14 +00:00
Roger Dingledine
048f2a179b Clip the MaxCircuitDirtiness config option to a minimum of 10
seconds. Warn the user if lower values are given in the
configuration. Bugfix on 0.1.0.1-rc. Patch by Sebastian.
Clip the CircuitBuildTimeout to a minimum of 30 seconds. Warn the
user if lower values are given in the configuration. Bugfix on
0.1.1.17-rc. Patch by Sebastian.


svn:r17657
2008-12-17 22:32:17 +00:00
Nick Mathewson
53d3f812bd Add new internal-use-only option for controllers to use to prevent SIGHUP from reloading the configuration. Fixes bug 856.
svn:r17567
2008-12-10 22:17:02 +00:00
Nick Mathewson
9aa706e20c Bug 691 fix: do not shutdown Tor servers right away if the network is down.
svn:r17566
2008-12-10 20:45:31 +00:00
Nick Mathewson
b32bac88e8 Mark DirPortFrontPage as a FILENAME rather than a STRING. Right now this has no effect.
svn:r17520
2008-12-08 18:00:34 +00:00
Jacob Appelbaum
48aca3c999 Small whitespace fix to properly format if () {} statement.
svn:r17503
2008-12-07 01:51:56 +00:00
Jacob Appelbaum
f70146ca91 This helps return a better error message when the file supplied to DirPortFrontPage is missing.
svn:r17502
2008-12-07 01:48:30 +00:00
Roger Dingledine
21892d8a9c cleanups on r17500
svn:r17501
2008-12-07 01:34:45 +00:00
Jacob Appelbaum
6b178b46ef New DirPortFrontPage option that takes an html file and publishes it as "/" on the DirPort. Now relay operators can provide a disclaimer without needin to set up a separate webserver. There's a sample disclaimer in contrib/tor-exit-notice.html.
svn:r17500
2008-12-07 01:21:19 +00:00
Nick Mathewson
bd6b3072f9 Change logging code to use fds instead of stdio. Fixes bug 861, and probably makes logging slightly faster. Not a backport candidate: bug 861 is too obscure and harmless.
svn:r17456
2008-12-02 23:36:58 +00:00
Roger Dingledine
bc128c0b03 vidalia asks us for the value of the Group config option. but now
it's obsolete. which causes us to inform the user every time, even
though the user can't do anything about it other than get confused.

now it's an info-level log by default.


svn:r17206
2008-11-07 04:38:58 +00:00
Roger Dingledine
14773f42a7 now that we drop privs more thoroughly, switch_id() is no longer
idempotent. so now we remember if we've succeeded, and if so we
don't even try.


svn:r17204
2008-11-07 04:34:47 +00:00
Steven Murdoch
9d68ed08e9 Patch from Jacob Appelbaum and me to make User option more robust, properly set supplementary groups, deprecated the Group option, and log more information on credential switching
svn:r17200
2008-11-07 02:06:12 +00:00
Nick Mathewson
0c9dfffe5a Implement the 0x20-hack to make DNS poisoning harder against us, especially when resolving large names. Add a cfg option to disable it, since apparently 3/10 of a percent of servers get it wrong.
svn:r17171
2008-10-29 19:20:02 +00:00
Karsten Loesing
c53f1f83e7 gabelmoo has a new IP address.
svn:r17160
2008-10-27 15:04:45 +00:00
Roger Dingledine
c7af43a624 Now NodeFamily and MyFamily config options allow spaces in
identity fingerprints, so it's easier to paste them in.
Suggested by Lucky Green.


svn:r17021
2008-10-01 03:41:33 +00:00
Roger Dingledine
26aa741169 Remove the old v2 directory authority 'lefkada' from the default
list. It has been gone for many months.


svn:r17005
2008-09-29 19:27:20 +00:00
Roger Dingledine
9678f166a8 If we have correct permissions on $datadir, we complain to stdout
and fail to start. But dangerous permissions on
$datadir/cached-status/ would cause us to open a log and complain
there. Now complain to stdout and fail to start in both cases. Fixes
bug 820, reported by seeess.


svn:r16998
2008-09-29 10:09:05 +00:00
Nick Mathewson
e147e867be Proposal 152 implementation from Josh Albrecht, with tweaks.
svn:r16983
2008-09-26 18:58:45 +00:00
Nick Mathewson
02c71a7eb4 Widen the conditions under which we whine about not having a geoip file to include "a country code was configured in a node list."
svn:r16968
2008-09-25 21:06:32 +00:00
Nick Mathewson
8bbbbaf87b Add country-code support to configured node lists to implement the ever-popular "no exits in Monaco" feature (ExcludeExitNodes {MC}). Also allow country codes and IP ranges in ExitNodes. (EntryNodes needs more work.) Based on code by Robert Hogan. Needs more testing.
svn:r16966
2008-09-25 20:21:35 +00:00
Karsten Loesing
f0a5ef804f Directory mirrors store and serve v2 hidden service descriptors by default.
svn:r16858
2008-09-11 20:06:04 +00:00
Nick Mathewson
339f094056 Refactor some code and add some asserts based on scanner results.
svn:r16783
2008-09-05 21:19:53 +00:00
Nick Mathewson
0b8117a5c0 Fix numerous memory leaks: some were almost impossible to trigger, and some almost inevitable.
svn:r16779
2008-09-05 20:52:15 +00:00
Nick Mathewson
f80ac31d74 Add a lockfile to the Tor data directory to avoid situations where two Tors start with the same datadir, or where a --list-fingerprints races with a server to create keys, or such.
svn:r16722
2008-09-01 20:06:26 +00:00
Nick Mathewson
97245376d9 Next patch from Karsten: client-side configuration stuff for proposal 121.
svn:r16510
2008-08-12 16:12:26 +00:00
Nick Mathewson
22259a0877 The first of Karsten's proposal 121 patches: configure and maintain client authorization data. Tweaked a bit: see comments on or-dev.
svn:r16475
2008-08-08 14:36:11 +00:00
Nick Mathewson
635f3c8aee r17664@tombo: nickm | 2008-08-06 12:32:09 -0400
Patch from Christopher Davis: open /dev/pf before dropping privileges.  Fixes bug 782.  Backport candidate.


svn:r16450
2008-08-06 16:32:17 +00:00
Nick Mathewson
960a0f0a99 r17641@31-33-44: nickm | 2008-08-05 16:07:53 -0400
Initial conversion of uint32_t addr to tor_addr_t addr in connection_t and related types.  Most of the Tor wire formats using these new types are in, but the code to generate and use it is not.  This is a big patch.  Let me know what it breaks for you.


svn:r16435
2008-08-05 20:08:19 +00:00
Roger Dingledine
d01813a8dd Take out the TestVia config option, since it was a workaround for
a bug that was fixed in Tor 0.1.1.21.


svn:r16409
2008-08-05 00:12:05 +00:00
Nick Mathewson
9da0482007 r17358@pc-10-8-1-079: nickm | 2008-07-25 16:41:03 +0200
Split out the address manipulation functions from compat and util: they were about 21% of the total of those, and spread out too much.


svn:r16208
2008-07-25 14:43:24 +00:00
Nick Mathewson
15b2b8bd69 r17309@aud-055: nickm | 2008-07-23 16:05:43 +0200
Patch from Christian Wilms: remove (HiddenService|Rend)(Exclude)?Nodes options.  They never worked properly, and nobody seems to be using them.  Resolves bug 754.


svn:r16144
2008-07-23 14:07:32 +00:00
Nick Mathewson
c8160bce1f r17188@tombo: nickm | 2008-07-18 14:35:18 -0400
Add new ExcludeExitNodes option.  Also add a new routerset type to handle Exclude[Exit]Nodes.  It is optimized for O(1) membership tests, so as to make choosing a random router run in O(N_routers) time instead of in O(N_routers*N_Excluded_Routers).


svn:r16061
2008-07-18 18:36:32 +00:00
Karsten Loesing
28296ad6e8 Correct punctuation.
svn:r15690
2008-07-06 13:59:36 +00:00
Karsten Loesing
33ced73597 Added prefixes to testing-network-only configuration options.
svn:r15375
2008-06-20 17:03:13 +00:00
Nick Mathewson
ed174245c6 implement more fine-tuning options for stats code
svn:r15345
2008-06-18 04:34:52 +00:00
Nick Mathewson
6299f4429a Clean up a macro/cpp interaction related to bug 707. Also, add a new "filename" config value type which is currently just a synonym for string, but which might be subject to expansion later.
svn:r15305
2008-06-16 18:09:53 +00:00
Nick Mathewson
96bf9cd4c5 Comments and doc tweaks on Karsten's testing-dir-networks patch
svn:r15254
2008-06-14 16:11:37 +00:00
Nick Mathewson
0831cc3dbc Patch from Karsten to implement proposal 135 ("Testing Tor Networks").
svn:r15253
2008-06-14 16:01:29 +00:00
Nick Mathewson
97c06691b9 Malloc does not return size_t. (bug noticed by lodger.)
svn:r15252
2008-06-14 15:42:29 +00:00
Roger Dingledine
62b507fee0 forward-port r15129, but also note the real way we should fix it.
svn:r15130
2008-06-11 11:12:29 +00:00
Roger Dingledine
b8bde32c3a forward-port r14934
svn:r14936
2008-06-04 09:02:25 +00:00
Roger Dingledine
f3d679d4cc blind-forward-port that, while i'm at it
svn:r14929
2008-06-04 07:08:05 +00:00
Nick Mathewson
ac330d9ba7 New code to implement proposal for local geoip stats. Only enabled with --enable-geoip-stats passed to configure.
svn:r14802
2008-05-29 02:29:35 +00:00
Nick Mathewson
a335b94c8f On win32, default to looking for the geoip file in the same directory as torrc. This is a dumb hack; it should turn into a general mechanism.
svn:r14796
2008-05-29 01:22:30 +00:00
Roger Dingledine
7f61dafe8d include the geoip file in the tarball, and load it by default
when tor starts.
this breaks rpms and maybe other packages.


svn:r14764
2008-05-28 04:37:34 +00:00
Nick Mathewson
0b6b356f71 r19725@catbus: nickm | 2008-05-13 08:47:18 -0400
Forward-port: update authority keys affected by Debian OpenSSL bug (See CVE-2008-0166 or http://lists.debian.org/debian-security-announce/2008/msg00152.html )


svn:r14603
2008-05-13 12:47:27 +00:00
Nick Mathewson
f3f6ecef48 r19690@catbus: nickm | 2008-05-11 22:13:31 -0400
Implement a proposal to let a directory authority migrate its identity key without ceasing to sign consensuses.


svn:r14584
2008-05-12 02:14:01 +00:00
Roger Dingledine
a1366be7ee forward-port r14421
svn:r14424
2008-04-23 00:31:20 +00:00
Roger Dingledine
39c402c29f when add_file_log() fails, tell us why.
svn:r14277
2008-04-01 21:05:31 +00:00
Peter Palfrader
9d132fbde6 Add --hush switch.
New --hush command-line option similar to --quiet.  While --quiet disables all
logging to the console on startup, --hush limits the output to messages of
warning and error severity.


svn:r14222
2008-03-27 17:25:49 +00:00
Nick Mathewson
12b217bce8 r19091@catbus: nickm | 2008-03-27 12:42:57 -0400
Stop reading torrc when all we want to do is --hash-password.  Fix based on patch from Sebastian Hahn. Backport candidate.


svn:r14214
2008-03-27 16:46:34 +00:00
Nick Mathewson
365f16b199 r18787@catbus: nickm | 2008-03-13 11:11:52 -0400
Make set-option functions return sensible error codes from an enum, not mysterious negative integers


svn:r14004
2008-03-13 15:11:56 +00:00
Nick Mathewson
11e464c331 r18753@catbus: nickm | 2008-03-11 14:56:39 -0400
Make some assert()s into tor_assert()s.  Make some tor_assert()s called from logging into assert()s, and document why.


svn:r13977
2008-03-11 18:56:41 +00:00
Nick Mathewson
8b24e01599 r18723@catbus: nickm | 2008-03-11 00:25:30 -0400
Fix bug spotted by mwenge: a server_event should not be a sever_event.  Also, fix compile errors in config.c and control.c with --enable-gcc-warnings.


svn:r13957
2008-03-11 04:30:14 +00:00
Peter Palfrader
bc4095c70c different exit codes for options_init_from_string()
Change options_init_from_string() so that it returns different exit codes in the
error case, depending on what went wrong.  Also push the responsibility to log
the error to the caller.


svn:r13947
2008-03-10 12:41:49 +00:00
Peter Palfrader
8c71d7ea16 options_init_from_torrc(): split off options_init_from_string()
svn:r13946
2008-03-10 12:41:44 +00:00
Peter Palfrader
947fd064a3 Store options we got from commandline seperately from bare argv/argc
svn:r13945
2008-03-10 12:41:40 +00:00
Peter Palfrader
00d64fd213 options_init_from_torrc(): move code that loads torrc into its own function
move code that loads torrc from disk and sets torrc_fname into its own function


svn:r13944
2008-03-10 12:41:36 +00:00
Peter Palfrader
ded55fa296 options_init_from_torrc(): tread non-existing torrc like empty torrc.
Tread the case of a non-existing conffile, when allowed, exactly like the one
with an empty torrc.


svn:r13943
2008-03-10 12:41:33 +00:00
Peter Palfrader
e8f4d79ec1 options_init_from_torrc(): move code that looks for torrc into its own function
Part of options_init_from_torrc()'s job was looking for -f flags (to specify
an alternate config file) on the command line, complaining if more than one
is given or the given does not exist.  If none is given then use the compiled-in
default location, accepting if it does not exist.  This logic has been moved
into its own function in an attemped to make options_init_from_torrc() easier
to deal with.


svn:r13942
2008-03-10 12:41:29 +00:00
Peter Palfrader
4118e319c7 options_init_from_torrc(): Split argv processing into two parts
Split the argv processing loop into two poarts, one that deals with
figuring out which conffile to use, and the other that figures out
which "command" (hash fingerprint, verify config, list fpr, run tor)
the user asked for.

There is a third part further down that imports command line args
into the config but that is not touched.


svn:r13941
2008-03-10 12:41:26 +00:00
Roger Dingledine
0df1564298 forward-port recent changes
svn:r13935
2008-03-10 07:50:09 +00:00
Nick Mathewson
7587e16796 r18639@catbus: nickm | 2008-03-07 20:11:48 -0500
Change semantics of add-a-log functions to copy severity setup: that is way less error-prone.  Fix up config.c to act accordingly.


svn:r13888
2008-03-08 01:11:54 +00:00
Nick Mathewson
f56ba5f3d6 r18630@catbus: nickm | 2008-03-05 17:31:33 -0500
Implement domain-selection for logging.  Source is documented; needs documentation in manpage (maybe).  For now, see doxygen comment on parse_log_severity_config in log.c


svn:r13875
2008-03-05 22:31:39 +00:00
Peter Palfrader
9e7b4400dc minor cleanup
in options_act() we set running_tor to options->command == CMD_RUN_TOR
once and used that in all but one place.  Now we use running_tor in that
place also.


svn:r13819
2008-03-03 12:48:13 +00:00
Roger Dingledine
cd4b95e402 Make "HashedControlPassword" an alias for "__HashedControlSessionPassword"
if it appears on the commandline. should help with bug 586.


svn:r13683
2008-02-22 23:20:28 +00:00
Nick Mathewson
e68760ac0f r14388@tombo: nickm | 2008-02-21 22:44:28 -0500
More 64-to-32 fixes.


svn:r13672
2008-02-22 03:44:36 +00:00
Nick Mathewson
5c03f82a65 r18345@catbus: nickm | 2008-02-21 13:45:04 -0500
Do the last part of arma's fix for bug 437: Track the origin of every addrmap, and use this info so we can remove all the trackhostexits-originated mappings for a given exit.


svn:r13660
2008-02-21 18:45:11 +00:00
Roger Dingledine
b3c0d066e5 other cleanups that have been sitting in my sandbox
svn:r13649
2008-02-21 09:01:32 +00:00
Nick Mathewson
47e6247673 r18294@catbus: nickm | 2008-02-20 22:42:44 -0500
Fix a spelling error and clean up a recent veracode-induced integer overflow check.  Both spotted by Chris Palmer.


svn:r13639
2008-02-21 03:42:56 +00:00
Nick Mathewson
1df0647c66 r18291@catbus: nickm | 2008-02-20 22:35:32 -0500
Resolve all DOCDOC issues, and document some other undocumented code, and fix a changelog entry.


svn:r13638
2008-02-21 03:38:46 +00:00
Nick Mathewson
93aa335516 r18269@catbus: nickm | 2008-02-20 17:28:24 -0500
Apply patch from Sebastian Hahn: stop imposing an arbitrary maximum on the number of file descriptors used for busy servers.  Bug reported by Olaf Selke.


svn:r13626
2008-02-20 22:28:26 +00:00
Nick Mathewson
42c4670e27 r18230@catbus: nickm | 2008-02-19 18:29:43 -0500
Add a few asserts to catch possible errors found by veracode.


svn:r13598
2008-02-19 23:29:45 +00:00
Roger Dingledine
810bfe970c make explicit that we don't care if a rename() call fails.
potential bug reported by veracode.


svn:r13590
2008-02-19 22:25:20 +00:00
Roger Dingledine
33c754315b clear up another connlimit lie
svn:r13582
2008-02-19 21:08:27 +00:00
Nick Mathewson
faa56a500b r14236@tombo: nickm | 2008-02-17 13:44:55 -0500
Partial fix for bug 586: Add an ephemeral __HashedControlSessionPassword.


svn:r13543
2008-02-17 18:45:07 +00:00
Nick Mathewson
6366dcd8ee r14186@tombo: nickm | 2008-02-15 18:38:52 -0500
Add an XXXX021 item so we eventually stop calling setuid() and setgid() unnecessarily.


svn:r13533
2008-02-15 23:39:17 +00:00
Roger Dingledine
c054f90f02 New config option ServerDNSAllowBrokenResolvConf to start a relay
even when the local resolv.conf file is missing, broken, or contains
only unusable nameservers.

Now I can run a local network on my laptop when I'm on an airplane.


svn:r13402
2008-02-06 12:46:17 +00:00
Nick Mathewson
e09c207c3c r17910@catbus: nickm | 2008-02-05 15:36:29 -0500
Check for correctness of AuthDir* options in options_validate; check for possible bugs where options_validate() is happy but parse_policies_from_options() is sad.


svn:r13384
2008-02-05 21:39:32 +00:00
Roger Dingledine
426a9bbde1 Don't trigger an assert if we start a directory authority with a
private IP address (like 127.0.0.1).


svn:r13371
2008-02-04 16:58:50 +00:00
Roger Dingledine
dad9f434e0 correct copyright statement
svn:r13370
2008-02-04 16:54:14 +00:00
Roger Dingledine
9d1832dd5a Set up dannenberg (run by CCC) as the sixth v3 directory
authority.


svn:r13231
2008-01-22 22:38:38 +00:00
Roger Dingledine
ff62154ba3 New config options WarnPlaintextPorts and RejectPlaintextPorts so
Tor can warn and/or refuse connections to ports commonly used with
vulnerable-plaintext protocols.

We still need to figure out some good defaults for them.


svn:r13198
2008-01-20 05:54:15 +00:00
Nick Mathewson
4a3b7496f0 r17639@catbus: nickm | 2008-01-15 19:09:21 -0500
Fix some hard to trigger but nonetheless real memory leaks spotted by an anonymous contributor.  Needs review.  Partial backport candidate.


svn:r13147
2008-01-16 05:27:19 +00:00
Nick Mathewson
a984011814 r17623@catbus: nickm | 2008-01-15 00:22:04 -0500
bulletproof option_get_canonical_name()


svn:r13135
2008-01-15 05:57:14 +00:00
Nick Mathewson
3b8f76aa51 r17611@catbus: nickm | 2008-01-14 13:44:16 -0500
add some missing checks for failing return values.


svn:r13130
2008-01-14 19:00:23 +00:00
Nick Mathewson
ca5f670fab r17548@catbus: nickm | 2008-01-10 11:08:12 -0500
Make proposal-109 behavior optional.


svn:r13090
2008-01-10 16:08:47 +00:00
Roger Dingledine
7d3bf1608b Set up gabelmoo (run by Karsten Loesing) as the fifth v3 directory
authority.


svn:r13079
2008-01-08 23:51:48 +00:00
Nick Mathewson
dd35fe59c4 r17499@catbus: nickm | 2008-01-07 13:39:46 -0500
Bugfix on fix for 557: Make values containing special characters work right with getconf, setconf, and saveconf.  Document this in control-spec.txt


svn:r13056
2008-01-07 18:54:55 +00:00
Nick Mathewson
17036de8b7 r17469@catbus: nickm | 2008-01-05 20:14:07 -0500
Fix bug 579: Count DNSPort and hidden services when checking whether Tor is going to do anything.  Change "no configured ports" from fatal to warning.


svn:r13036
2008-01-06 01:14:11 +00:00
Nick Mathewson
86f5180853 r15786@tombo: nickm | 2008-01-02 01:11:51 -0500
Push the strdups used for parsing configuration lines into parse_line_from_string().  This will make it easier to parse more complex value formats, which in turn will help fix bug 557


svn:r13020
2008-01-02 06:59:12 +00:00
Roger Dingledine
c10faf5085 fix some irix compile complaints; make "kbytes" work as a memory unit
svn:r12936
2007-12-23 04:22:55 +00:00
Roger Dingledine
abf9fadcca start working on serving bridge status from the dirport, for
bridge communities.


svn:r12927
2007-12-22 10:54:21 +00:00
Roger Dingledine
ce636beff9 If the user sets RelayBandwidthRate but doesn't set
RelayBandwidthBurst, then make them equal rather than erroring out.


svn:r12925
2007-12-22 09:13:24 +00:00
Roger Dingledine
be906a836a If BridgeRelay is set to 1, then the default for
PublishServerDescriptor is now "bridge" rather than "v2,v3".


svn:r12923
2007-12-22 09:04:46 +00:00
Roger Dingledine
39d910e97b Make PublishServerDescriptor default to 1, so the default doesn't
have to change as we invent new directory protocol versions.


svn:r12922
2007-12-22 08:27:42 +00:00
Roger Dingledine
7b60d6c526 Directory authorities should only automatically download Extra Info
documents if they're v1, v2, or v3 authorities.


svn:r12898
2007-12-21 06:33:02 +00:00
Roger Dingledine
9ebf86bb66 new config option FetchDirInfoEarly for tup/ioerror and the tordnsel
svn:r12896
2007-12-21 06:08:00 +00:00
Roger Dingledine
f0e7c4f0da Only Tors that want to mirror the v2 directory info should
create the "cached-status" directory in their datadir. All Tors
used to create it. Bugfix on 0.1.2.x.

Bridge relays with DirPort set to 0 no longer cache v1 or v2
directory information; there's no point. Bugfix on trunk.


svn:r12887
2007-12-20 06:47:59 +00:00
Nick Mathewson
2f922937d3 r17274@catbus: nickm | 2007-12-20 01:14:09 -0500
Don't try to create the datadir when we are only verifying the configuration or hashing a password. Resolves bug 540.


svn:r12884
2007-12-20 06:15:09 +00:00
Roger Dingledine
f405f9b614 Make getinfo ns/purpose/bridge actually work
Also, dump our bridge router status entries to disk every 30 minutes.


svn:r12871
2007-12-19 04:58:58 +00:00
Nick Mathewson
a697573ce9 r15562@tombo: nickm | 2007-12-18 23:23:59 -0500
Remove the LearnAuthorityAddrFromCerts option; make it always-on.  One option down, ~160 options to go.


svn:r12870
2007-12-19 04:24:05 +00:00
Nick Mathewson
5488bc3e16 r17231@catbus: nickm | 2007-12-18 16:21:55 -0500
Document and clean-up geoip code; give it some unit tests.


svn:r12856
2007-12-18 21:27:08 +00:00
Nick Mathewson
820159cac5 r15530@tombo: nickm | 2007-12-17 16:54:03 -0500
First wodge of geoip code so bridges can figure out which countries are blocking them.


svn:r12845
2007-12-17 22:44:11 +00:00
Roger Dingledine
1d8a8063b9 clean up copyrights, and assign 2007 copyrights to The Tor Project, Inc
svn:r12786
2007-12-12 21:09:01 +00:00
Roger Dingledine
40efd7d47b but don't disable all the default v1 authorities quite yet
svn:r12778
2007-12-12 04:46:16 +00:00
Roger Dingledine
3b2dd8d763 Three new config options (AlternateDirAuthority,
AlternateBridgeAuthority, and AlternateHSAuthority) that let the
user selectively replace the default directory authorities, rather
than the all-or-nothing replacement that DirServer offers.


svn:r12777
2007-12-12 04:38:54 +00:00
Roger Dingledine
78f532678c Relays were publishing their server descriptor to v1 and v2
directory authorities, but they didn't try publishing to v3-only
authorities. Fix this; and also stop publishing to v1 authorities.


svn:r12759
2007-12-11 20:18:12 +00:00
Roger Dingledine
ee6ae92670 New config options AuthDirBadDir and AuthDirListBadDirs for
authorities to mark certain relays as "bad directories" in the
networkstatus documents. Also supports the "!baddir" directive in
the approved-routers file.


svn:r12754
2007-12-10 16:49:54 +00:00
Roger Dingledine
d95e7c7d67 also clear the hsdir status flag in routerinfo_t when the relay is no
longer listed in the relevant networkstatus document.


svn:r12752
2007-12-10 16:40:14 +00:00
Roger Dingledine
6dfd47467e Allow multiple HashedControlPassword config lines, to support
multiple controller passwords.


svn:r12732
2007-12-09 04:59:27 +00:00
Roger Dingledine
9b162ef430 only clear the bridge list if options->Bridges is set.
this doesn't matter yet so we aren't adding them in other
ways yet.


svn:r12730
2007-12-09 03:38:57 +00:00
Roger Dingledine
ae1aa5a1bb Set up lefkada (run by Geoff Goodell) as the fourth v3 directory
authority.


svn:r12724
2007-12-08 20:16:34 +00:00
Roger Dingledine
2b8ca7b4a4 patch from karsten to clean up documentation and to integrate
more fixes into rend-spec.txt.


svn:r12715
2007-12-07 21:27:58 +00:00
Nick Mathewson
2e378295d6 r16997@catbus: nickm | 2007-12-06 18:56:33 -0500
Make http://torproject urls into https://torproject urls.  Patch from steve.


svn:r12708
2007-12-06 23:56:36 +00:00
Nick Mathewson
92372b156a r16995@catbus: nickm | 2007-12-06 18:42:53 -0500
patch from steve: replace more tor.eff.org instances with torproject.org


svn:r12707
2007-12-06 23:42:59 +00:00
Roger Dingledine
b277954501 put a note so the distant future developers can simplify tor
svn:r12691
2007-12-06 11:19:00 +00:00
Roger Dingledine
d46b8a3eac Stop being so aggressive about fetching dir info if your DirPort is
on but your ORPort is off.

Add a new config option BridgeRelay that specifies you want to
be a bridge relay. Right now the only difference is that it makes
you answer begin_dir requests, and it makes you cache dir info,
even if your DirPort isn't on.

Refactor directory_caches_dir_info() into some more functions.


svn:r12668
2007-12-04 18:35:03 +00:00
Roger Dingledine
f8df8d791e start to refactor dirserver_mode()
svn:r12621
2007-12-01 04:58:53 +00:00
Roger Dingledine
ad0fcef576 other trivial tweaks
svn:r12614
2007-11-30 18:53:14 +00:00
Roger Dingledine
fea55c7c2d two pieces of r12607 for karsten to look at closer
svn:r12609
2007-11-29 15:37:17 +00:00
Roger Dingledine
aaf35cccf7 karsten's second refactoring patch
svn:r12607
2007-11-29 15:25:04 +00:00
Roger Dingledine
2e40510f02 if we think our ip address just changed, log what we thought it
changed *to*.


svn:r12551
2007-11-22 01:38:54 +00:00
Roger Dingledine
aaefad64a1 stop lying in the config file comment we write out regarding
PublishServerDescriptor.


svn:r12550
2007-11-22 00:44:08 +00:00
Roger Dingledine
a54ce34e35 Don't crash if we get an unexpected value for the
PublishServerDescriptor config option. Reported by Matt Edman;
bugfix on 0.2.0.9-alpha.


svn:r12549
2007-11-22 00:43:22 +00:00
Roger Dingledine
094096d320 get rid of the __ConsiderAllRoutersAsHidServDirectories config option
svn:r12528
2007-11-17 12:28:18 +00:00
Roger Dingledine
6514843026 cleanups, bump to 0.2.0.12-alpha
svn:r12516
2007-11-17 02:22:56 +00:00
Peter Palfrader
3e9369ebd9 Changing the ExitPolicyRejectPrivate setting should cause us to rebuild the
descriptor.


svn:r12507
2007-11-15 15:51:17 +00:00
Roger Dingledine
8ca51869fd Allow people to say PreferTunnelledDirConns rather than
PreferTunneledDirConns, for those alternate-spellers out there.


svn:r12466
2007-11-11 01:06:16 +00:00
Roger Dingledine
473a054b4c Set up ides (run by Mike Perry) as the third v3 directory authority.
svn:r12423
2007-11-07 21:20:45 +00:00
Roger Dingledine
fcc115e763 Raise the default BandwidthRate/BandwidthBurst to 5MB/10MB, to
accommodate the growing number of servers that use the default
and are reaching it.


svn:r12364
2007-11-03 22:08:52 +00:00
Nick Mathewson
832ef9562f r14623@tombo: nickm | 2007-11-01 22:25:18 -0400
More tweaks from karsten, with some cleanup and commentary.


svn:r12319
2007-11-02 02:25:28 +00:00
Nick Mathewson
2645219b4c r16322@catbus: nickm | 2007-11-01 00:26:15 -0400
Implement --quiet.


svn:r12306
2007-11-01 04:38:43 +00:00
Nick Mathewson
401b5c26de r16320@catbus: nickm | 2007-11-01 00:11:20 -0400
Learn new addresses for authorities from their certificates.


svn:r12305
2007-11-01 04:14:23 +00:00
Nick Mathewson
fcd42ebef4 r16301@catbus: nickm | 2007-10-31 16:43:49 -0400
A couple of small tweaks to karsten's latest patch, and note an issue with using a bitmap to represent a single int.


svn:r12300
2007-10-31 20:48:08 +00:00
Nick Mathewson
779b615bc2 r16300@catbus: nickm | 2007-10-31 15:36:41 -0400
Next patch from Karsten:  rename some macros, tunnel dir connections, generate (and upload) multiple descriptors as appropriate.


svn:r12299
2007-10-31 20:48:06 +00:00
Nick Mathewson
024798ee4c r16263@catbus: nickm | 2007-10-29 15:08:17 -0400
Tidy last patch a bit.


svn:r12273
2007-10-29 19:10:47 +00:00
Nick Mathewson
e136f00ca8 r16262@catbus: nickm | 2007-10-29 13:21:35 -0400
Patch from Karsten: Code to act as (and use) v2 hidden service directories.


svn:r12272
2007-10-29 19:10:42 +00:00
Nick Mathewson
1c451b9db9 r16252@catbus: nickm | 2007-10-29 11:13:03 -0400
Change symbol from DATADIR to SHARE_DATADIR, since DATADIR conflicts with objidl.h in mingw.


svn:r12268
2007-10-29 15:15:49 +00:00
Nick Mathewson
f09d53bbf1 r16246@catbus: nickm | 2007-10-28 19:34:58 -0400
Implement a FallbackNetworkstatusFile (default to $prefix/share/tor/fallback-consensus) to that we know about lots of directory servers and routers when we start up the first time.


svn:r12259
2007-10-28 23:44:53 +00:00
Roger Dingledine
4ef1c459ba Refuse to start if both ORPort and UseBridges are set. Bugfix
on 0.2.0.x.


svn:r12182
2007-10-25 04:40:27 +00:00
Nick Mathewson
64b4b5a04e r16051@catbus: nickm | 2007-10-22 18:53:53 -0400
fix a dumb bug in r12102.


svn:r12111
2007-10-22 22:54:28 +00:00
Nick Mathewson
c47eb2c8d9 r16032@catbus: nickm | 2007-10-22 11:56:53 -0400
When our directory status or our v3 authority status changes, reschedule operations as appropriate. (Fixes some xxxx020 items)


svn:r12102
2007-10-22 16:32:04 +00:00
Nick Mathewson
59b1b08753 r15905@catbus: nickm | 2007-10-18 09:58:54 -0400
Document some functions while I can still rememberf what they do.  Fix up some whitespace.


svn:r12018
2007-10-18 14:19:51 +00:00
Nick Mathewson
35abfa1f77 r15899@catbus: nickm | 2007-10-18 07:49:15 -0400
"if (!router_get_trusted_dirservers())" is a bad test: router_get_trusted_dirservers() always returns a list.  Instead, check for whether the list is empty.


svn:r12013
2007-10-18 11:50:20 +00:00
Nick Mathewson
e8bd32b347 r15880@catbus: nickm | 2007-10-17 14:56:51 -0400
Patch from robert hogan: do not reset trusted dir server list when we get a config option.


svn:r12001
2007-10-17 19:23:52 +00:00
Nick Mathewson
f988f93b1a r15877@catbus: nickm | 2007-10-17 12:54:56 -0400
Make unverified-consensus get removed when it is accepted or rejected.  Make a new get_datadir_fname*() set of functions to eliminate the common code of "get the options, get the datadir, append some stuff".


svn:r12000
2007-10-17 16:55:44 +00:00
Roger Dingledine
5aa76cdaa8 Correctly check for bad options to the "PublishServerDescriptor"
config option. Bugfix on 0.2.0.1-alpha; reported by Matt Edman.


svn:r11968
2007-10-16 03:26:39 +00:00
Nick Mathewson
09dfe31ff4 r15750@catbus: nickm | 2007-10-13 20:06:47 -0400
Eventually delete the obsolete cached-routers and cached-routers.new files, so they don't sit around on disk forever.


svn:r11918
2007-10-14 00:13:06 +00:00
Nick Mathewson
6670122619 r14885@Kushana: nickm | 2007-10-11 10:36:16 -0400
Document minimal values for voting times.  Use a macro instead of a magic number.  Remove an "enforce this" xxxx020 that was already enforced.


svn:r11868
2007-10-11 16:06:42 +00:00
Nick Mathewson
8439c4ec2f r15512@catbus: nickm | 2007-10-02 16:27:43 -0400
Make some functions static; remove some dead code.


svn:r11750
2007-10-02 20:35:23 +00:00
Peter Palfrader
b16224c311 add a v3 authority
svn:r11542
2007-09-20 21:36:56 +00:00
Roger Dingledine
53f57dd7c0 Set up moria1 as the first v3 directory authority.
svn:r11506
2007-09-19 03:22:01 +00:00
Nick Mathewson
5fcc48d389 r14425@Kushana: nickm | 2007-09-13 13:00:57 -0400
Do not load state when options->command is not RUN_TOR. (Resolves bug 499; backport candidate)


svn:r11437
2007-09-13 17:01:08 +00:00
Nick Mathewson
f17a38ab04 r14940@catbus: nickm | 2007-09-06 13:22:26 -0400
Move NT services code into its own C file.  Probably will not build happily on win32 yet; more hacking needed.


svn:r11388
2007-09-06 17:42:05 +00:00
Andrew Lewman
c5b4f779ec Fixed misspelling of "connection" caught by kate.
svn:r11382
2007-09-06 00:36:53 +00:00
Nick Mathewson
d57c1c5c56 r14328@Kushana: nickm | 2007-09-04 20:17:34 -0400
There is no good reason to make hashedcontrolpassword and cookieauthentication mutually exclusive.  So let's not.


svn:r11377
2007-09-05 00:31:07 +00:00
Nick Mathewson
c8e379a4cd r14259@Kushana: nickm | 2007-08-30 02:33:55 -0400
Teach tor about more libevent versions.  Be more clear that "Known bugs" means "it will crash or something."  Most significantly, stop issuing dire warnings every time we run with kqueue on os x: it seems to have worked for a while now.


svn:r11314
2007-08-30 06:34:17 +00:00
Nick Mathewson
4266039c19 r14826@catbus: nickm | 2007-08-29 13:19:55 -0400
Add a line to the state file for each guard to let us know which version added the guard.  If the line is absent, assume the guard was added by whatever version of Tor last wrote the state file.  Remove guards if the version that added them was using a bad guard selection algorithm.  (Previously, we removed guards if the version that wrote the file was using a bad guard selection algorithm, even if the guards themselves were chosen by a good version.) 


svn:r11298
2007-08-29 17:22:00 +00:00
Nick Mathewson
7cbe302b3f r14231@Kushana: nickm | 2007-08-27 14:56:14 -0400
Most configuration options have the same names in or.h and in torrc.  Make the macros reflect this, so that it is easier to fit them onto a line, and so that mismatched options stand out more


svn:r11290
2007-08-27 18:56:20 +00:00
Nick Mathewson
d3224bad42 r14227@Kushana: nickm | 2007-08-27 11:33:28 -0400
Add a new ClientDNSRejectInternalAddresses option (default: on) to refuse to believe that any address can map to or from an internal address.  This blocks some kinds of potential browser-based attacks, especially on hosts using DNSPort.  Also clarify behavior in some comments.  Backport candiate?


svn:r11287
2007-08-27 15:33:58 +00:00
Roger Dingledine
c4ee55ed26 Set up Tonga as the default bridge directory authority.
svn:r11276
2007-08-25 22:02:55 +00:00
Roger Dingledine
da1485088c formatting cleanups
svn:r11273
2007-08-25 21:31:34 +00:00
Roger Dingledine
df98447be5 revert the recommended-guard-version thing. it did not do what we
want, which is to expire old guards *every* time somebody moves
from an old version to the new one.

also, refine which version numbers count as 'new enough'.


svn:r11272
2007-08-25 20:34:13 +00:00
Roger Dingledine
738ecba367 make the last patch do what i actually want. it was a bit tricky
since we want the default guardversion to be 0 (which is what it is
if there's no guardversion line), yet when we're validating a freshly
configed and defaulted state, we don't want to complain.


svn:r11264
2007-08-24 08:12:25 +00:00
Roger Dingledine
9bacf68851 cleanups on r11258
svn:r11263
2007-08-24 08:01:47 +00:00
Roger Dingledine
d39c7515d1 patch from mike perry to a) stop overloading guards as much, and
b) raise the max-believable-bandwidth to 10MB/s.


svn:r11258
2007-08-24 06:30:34 +00:00
Roger Dingledine
8a21232256 Stop putting the authentication cookie in a file called "0"
in your working directory if you don't specify anything for the
new CookieAuthFile option. Reported by Matt Edman.


svn:r11237
2007-08-21 03:11:56 +00:00
Nick Mathewson
df0a141a27 r14740@catbus: nickm | 2007-08-20 13:00:52 -0400
Only load MTBF data if we are running tor


svn:r11226
2007-08-20 17:02:04 +00:00
Nick Mathewson
3effc8b267 r14733@catbus: nickm | 2007-08-20 12:32:44 -0400
Clean up MTBF storage code. Do not count times that we have been down toward the current run.  Handle backward timewarps correctly.  Store MTBF data on exit in addition to periodically.


svn:r11225
2007-08-20 16:34:17 +00:00
Nick Mathewson
9958dc8d53 r14729@catbus: nickm | 2007-08-20 11:58:02 -0400
Trigger load and save of MTBF data.


svn:r11219
2007-08-20 15:59:31 +00:00
Roger Dingledine
96cff65f85 backport candidate:
Refuse to start with certain directory authority keys, and 
encourage people using them to stop.


svn:r11171
2007-08-19 02:51:54 +00:00
Roger Dingledine
2df9bb937d clean up the cookieauth stuff
svn:r11146
2007-08-16 19:27:31 +00:00
Nick Mathewson
718953dbe9 r14606@catbus: nickm | 2007-08-16 13:45:01 -0400
Implement CookieAuthFile and CookieAuthFileGroupReadable.  Backport candidate.


svn:r11141
2007-08-16 17:46:01 +00:00
Nick Mathewson
d5bd7d9fa3 r14032@Kushana: nickm | 2007-08-15 11:35:16 -0400
Add unit tests for median functions; enforce sensible ranges for intervals and delays.


svn:r11121
2007-08-15 15:38:58 +00:00
Roger Dingledine
f606d74f56 backport candidate:
- If we require CookieAuthentication but we fail to write the
  cookie file, we would warn but not exit, and end up in a state
  where no controller could authenticate. Now we exit.
- If we require CookieAuthentication, stop generating a new cookie
  every time we change any piece of our config.


svn:r11117
2007-08-15 15:26:14 +00:00
Nick Mathewson
2a31f09af6 r14018@Kushana: nickm | 2007-08-14 15:39:35 -0400
Resolve XXXX020s in config.c


svn:r11108
2007-08-14 20:19:46 +00:00
Nick Mathewson
42fa1de585 r14017@Kushana: nickm | 2007-08-14 15:13:14 -0400
Enable more code for v3 voting timing information.  Also, spec clarification.


svn:r11107
2007-08-14 20:19:40 +00:00
Nick Mathewson
cd5eaf53f9 r14003@kushana: nickm | 2007-08-13 22:23:49 -0400
Resolve a pile of XXXXs in and around voting code


svn:r11099
2007-08-14 02:23:57 +00:00
Nick Mathewson
4e4dcb2571 r13989@Kushana: nickm | 2007-08-13 16:31:03 -0400
Actually store the v3 authority id digest of a trusteddirserver


svn:r11091
2007-08-13 20:31:08 +00:00
Nick Mathewson
33cf3ada94 r14526@catbus: nickm | 2007-08-13 14:08:37 -0400
Make voting interval configurable.


svn:r11083
2007-08-13 18:09:38 +00:00
Nick Mathewson
3fc04529d4 r14093@catbus: nickm | 2007-08-08 01:49:54 -0400
Include fewer redundant headers; use the compiler search paths better.


svn:r11060
2007-08-08 05:50:31 +00:00
Nick Mathewson
1c513979fc r13919@Kushana: nickm | 2007-08-02 10:58:31 -0700
Warn about unsafe ControlPort configurations.


svn:r11038
2007-08-02 21:03:40 +00:00
Roger Dingledine
57c6264ede tweak comment
svn:r10998
2007-07-30 23:52:58 +00:00
Roger Dingledine
1b01ad6d38 writing instructions before you release means you can make sure
your instructions don't seg fault


svn:r10984
2007-07-30 08:42:47 +00:00
Roger Dingledine
468d922280 start hunting bugs, first in a non-crashy manner
svn:r10978
2007-07-30 01:07:06 +00:00
Nick Mathewson
4a240552c4 r13834@catbus: nickm | 2007-07-19 15:40:42 -0400
Another patch from croup: drop support for address masks that do not correspond to bit prefixes.  Nobody has used this for a while, and we have given warnings for a long time.


svn:r10881
2007-07-19 19:40:45 +00:00
Roger Dingledine
fcbb817db5 free another string, and the buffer freelists, on exit.
svn:r10851
2007-07-17 09:26:45 +00:00
Nick Mathewson
483c1e9017 r13774@catbus: nickm | 2007-07-16 12:23:28 -0400
Tweaks on constrained socket buffers patch from coderman: Add a changelog; rename some variables; fix some long lines and whitespace; make ConstrainedSockSize a memunit; pass setsockopt a void.


svn:r10843
2007-07-16 16:23:36 +00:00
Nick Mathewson
f4a6673758 r13773@catbus: nickm | 2007-07-16 11:58:25 -0400
Initial "constrained socket buffers" patch from coderman. needs tweaking.


svn:r10842
2007-07-16 16:23:34 +00:00
Nick Mathewson
7705314777 r13637@catbus: nickm | 2007-07-06 14:24:27 -0400
fix copy-paste error in config message src/or/config.c .  Apply
 initial (but pared-down) version of launch-resolve-via-controller
 patch from Robert Hogan.
 


svn:r10780
2007-07-10 17:13:24 +00:00
Nick Mathewson
5adfa09fce r13477@catbus: nickm | 2007-06-17 14:22:03 -0400
Sun CC likes to give warnings for the do { } while(0) construction for making statement-like macros.  Define STMT_BEGIN/STMT_END macros that do the right thing, and use them everywhere.


svn:r10645
2007-06-17 18:22:39 +00:00
Roger Dingledine
af658b7828 More work towards making bridge users able to connect via bridges:
- demand options->Bridges and options->TunnelDirConns if 
    options->UseBridges is set.
  - after directory fetches, accept descriptors that aren't referenced by
    our networkstatuses, *if* they're for a configured bridge.
  - delay directory fetching until we have at least one bridge descriptor.
  - learn how to build a one-hop circuit when we have neither routerinfo
    nor routerstatus for our destination.
  - teach directory connections how to pick a bridge as the destination
    directory when doing non-anonymous fetches.
  - tolerate directory commands for which the dir_port is 0.
  - remember descriptors when the requested_resource was "authority", 
    rather than just ignoring them.
  - put bridges on our entry_guards list once we have a descriptor for them.
    When UseBridges is set, only pick entry guards that are bridges. Else
    vice versa.


svn:r10571
2007-06-12 09:17:23 +00:00
Roger Dingledine
04995f197d more building blocks towards being able to fetch bridge descriptors
svn:r10548
2007-06-10 07:34:21 +00:00
Roger Dingledine
1ae7708ff8 discard the "bridge list" stubs that i hope i never need.
svn:r10547
2007-06-10 00:30:14 +00:00
Roger Dingledine
a97c3b8c2d Be clearer on the various roles for auth dir types.
Bridge authorities no longer write bridge descriptors to their
cached-routers file -- this gets complex because of extrainfo documents.


svn:r10545
2007-06-09 07:05:19 +00:00
Nick Mathewson
1a29d68081 r13276@catbus: nickm | 2007-06-05 19:45:33 -0400
Remove another long-dead #if 0 I missed before


svn:r10511
2007-06-06 04:51:33 +00:00
Nick Mathewson
210beff55a r13266@catbus: nickm | 2007-06-05 16:38:08 -0400
Patch from peter palfrader: control interface via unix domain socket


svn:r10504
2007-06-05 20:54:49 +00:00
Peter Palfrader
502879e0b4 Remove force flag from retry_all_listeners() and retry_listeners(). It always was 0.
svn:r10486
2007-06-04 16:54:42 +00:00
Nick Mathewson
6d447e04a2 r13189@catbus: nickm | 2007-06-03 19:08:01 -0400
Oops. Only bind ports and start libevent if we are actually running Tor.


svn:r10474
2007-06-03 23:08:07 +00:00
Nick Mathewson
d3ee41619c r13186@catbus: nickm | 2007-06-03 19:00:20 -0400
Bind ports before setuid/setgid.


svn:r10473
2007-06-03 23:00:26 +00:00
Roger Dingledine
1407cf9de3 fix up a comment
svn:r10453
2007-06-02 20:22:31 +00:00
Nick Mathewson
5b6d7f10f3 r13143@catbus: nickm | 2007-06-01 16:43:40 -0400
Try to fix some mipspro compiler warnings. There will still be some left.


svn:r10444
2007-06-02 12:44:54 +00:00
Nick Mathewson
5d4b426a33 r13103@catbus: nickm | 2007-05-31 14:40:18 -0400
Fix patch r10411; fix from robert hogan.


svn:r10422
2007-05-31 18:48:31 +00:00
Nick Mathewson
1cb1ebbfe0 r13090@catbus: nickm | 2007-05-30 03:17:57 -0400
If the user makes a torrc that exceeds the bandwidth cap by one byte, let them have it.


svn:r10411
2007-05-30 07:18:00 +00:00
Roger Dingledine
c8fd65a936 If Tor is invoked from something that isn't a shell (e.g. Vidalia),
now we expand "-f ~/.tor/torrc" correctly. Suggested by Matt Edman.


svn:r10351
2007-05-26 08:04:15 +00:00
Roger Dingledine
0f71ade42f fix compile on bsd
svn:r10339
2007-05-25 21:56:47 +00:00
Roger Dingledine
0c047b87f5 polish r9933-r9994
svn:r10335
2007-05-25 19:41:31 +00:00
Nick Mathewson
39fe91b9a2 r12946@catbus: nickm | 2007-05-25 10:46:50 -0400
Add an AutomapHostsOnResolve option.  It seems to work.


svn:r10324
2007-05-25 14:48:16 +00:00
Nick Mathewson
703bf19620 r12942@catbus: nickm | 2007-05-24 16:31:22 -0400
Well, that was easier than I thought it would be.  Tor is now a DNS proxy as well as a socks proxy.  Probably some bugs remain, but since it A) has managed to resolve one address for me successfully, and B) will not affect anybody who leaves DNSPort unset, it feel like a good time to commit.


svn:r10317
2007-05-24 20:31:30 +00:00
Nick Mathewson
687461d36c r12920@catbus: nickm | 2007-05-24 13:12:52 -0400
and remove an XXX012.


svn:r10308
2007-05-24 17:13:08 +00:00
Nick Mathewson
212a3c3478 r12919@catbus: nickm | 2007-05-24 13:04:56 -0400
backport candidate: Warn when using a version of libevent before 1.3b to run a server on osx or bsd: these versions of libevent interact badly with userspace threads.


svn:r10307
2007-05-24 17:13:05 +00:00
Roger Dingledine
e583827d60 new ip addresses for moria1 and moria2; new ports for moria2
svn:r10296
2007-05-22 23:51:39 +00:00
Nick Mathewson
c9fa4e6583 r12898@catbus: nickm | 2007-05-22 13:11:04 -0400
More v3 directory code: have authorities load certificates; have everybody store certificates to disk and load them; provide a way to configure v3 authorities.


svn:r10293
2007-05-22 17:58:25 +00:00
Nick Mathewson
e935d73b34 r12852@catbus: nickm | 2007-05-22 11:00:27 -0400
Use svn revisions consistently throughout all log messages.


svn:r10291
2007-05-22 15:48:46 +00:00
Nick Mathewson
5364833be0 r13017@Kushana: nickm | 2007-05-20 13:40:45 -0400
Address points in r10227.


svn:r10229
2007-05-20 17:43:55 +00:00
Roger Dingledine
ddd0054a85 point out two remote crash bugs, a memory leak, and a few other
items we should probably look into.


svn:r10227
2007-05-20 14:15:23 +00:00
Nick Mathewson
ec55cf526d r12981@Kushana: nickm | 2007-05-18 14:12:19 -0400
First cut at code to download extra-info docs.  Also note a bad bug in directory.c (look for the string BUG BUG BUG).


svn:r10209
2007-05-18 21:19:19 +00:00
Nick Mathewson
bfdc366037 r12763@catbus: nickm | 2007-05-15 05:29:33 -0400
Make --enable-gcc-warnings happy on the upcoming gcc 4.2


svn:r10195
2007-05-15 21:17:42 +00:00
Roger Dingledine
440b7f0c70 polish r9726-r9903
svn:r10182
2007-05-13 09:25:06 +00:00
Nick Mathewson
ceac39aa8a r12697@catbus: nickm | 2007-05-09 00:15:40 -0400
Change authority_type_t to a set of flags; use it more consistently.


svn:r10144
2007-05-09 04:15:46 +00:00
Roger Dingledine
07bf274d98 Interim commit: new config options Bridge and UseBridges.
It is becoming increasingly clear to me that bridges should
be a special case of entry guards, not a whole separate pile
of nearly identical functions.


svn:r10141
2007-05-08 11:28:05 +00:00
Roger Dingledine
d136f2a7b2 When we are reporting the DirServer line we just parsed, we were
logging the second stanza of the key fingerprint, not the first.


svn:r10140
2007-05-08 10:33:46 +00:00
Roger Dingledine
e4f40dd794 Change the PublishServerDescriptor config option from a boolean
into a string: "v1", "v2", bridge", "". Continue to support
"0" and "1".


svn:r10136
2007-05-08 09:09:26 +00:00
Roger Dingledine
f8a8b27dd2 add a 'bridge' flag for dirserver config entries
svn:r10128
2007-05-07 08:26:50 +00:00
Roger Dingledine
713626bd73 make it work on windows/etc again, i presume
svn:r10118
2007-05-04 10:43:01 +00:00
Roger Dingledine
10efbed2f5 ok, i'm not so good at counting
svn:r10117
2007-05-04 10:39:17 +00:00
Roger Dingledine
462dfe2012 make MaxAdvertisedBandwidth into a legal default
svn:r10115
2007-05-04 09:25:23 +00:00
Roger Dingledine
b1d93df038 if you're using relaybandwidthrate and relaybandwidthburst, make
sure that's reflected in your router descriptor.


svn:r10114
2007-05-04 09:20:13 +00:00
Roger Dingledine
dc795203aa early skeletal support for running a bridge directory authority
svn:r10112
2007-05-04 08:04:27 +00:00
Roger Dingledine
1b95bbdba6 New config option V2AuthoritativeDirectory that all directory
authorities should set. This will let future authorities choose 
not to serve V2 directory information.

Also, go through and revamp all the authdir_mode stuff so it tries
to do the right thing if you're an auth but not a V1 or V2 auth.


svn:r10092
2007-05-02 09:12:04 +00:00
Nick Mathewson
26abac8c4c r12625@catbus: nickm | 2007-05-01 16:41:23 -0400
Remove the _UploadExtraInfo option, since I tried turning it on and moria[12] seem not to have exploded.


svn:r10089
2007-05-01 20:41:27 +00:00
Nick Mathewson
89ab267cfb r12619@catbus: nickm | 2007-05-01 16:13:42 -0400
Add code to upload extrainfos to authorities running 0.2.0.0-alpha-dev (r10070) or later.


svn:r10086
2007-05-01 20:13:49 +00:00
Nick Mathewson
18ba9fe81f r12580@catbus: nickm | 2007-04-30 13:29:05 -0400
Initial version of patch from Karsten Loesing: Add an HSAuthorityRecordStats option to track statistics of overall hidden service usage without logging information that would be useful to an attacker.


svn:r10067
2007-04-30 17:46:13 +00:00
Roger Dingledine
7fb4365cd3 Add a new config option __DisablePredictedCircuits designed for
use by the controller, when we don't want Tor to build any circuits
preemptively.


svn:r10054
2007-04-30 09:18:48 +00:00
Nick Mathewson
bfac679cd4 A hack I've been wanting for a while: when building a -dev version
from an SVN repository, use the current svn revision in the platform
string and in the output of --version.



svn:r9976
2007-04-16 23:56:31 +00:00
Nick Mathewson
38a5f09502 r12349@catbus: nickm | 2007-04-11 09:18:15 -0400
Add code to shrink the cell memory pool by discarding empty chunks that have been empty for the last 60 seconds.  Also, instead of having test.c duplicate declarations for exposed functions, put them inside #ifdef foo_PRIVATE blocks in the headers.  This prevents bugs where test.c gets out of sync.


svn:r9944
2007-04-11 13:18:25 +00:00
Roger Dingledine
b4f743562f Add a separate set of token buckets for relayed traffic. Right
now that's just defined as answers to directory requests.


svn:r9881
2007-03-20 02:55:31 +00:00
Nick Mathewson
02ce8e6b12 r12474@Kushana: nickm | 2007-03-06 16:10:05 -0500
We have a PATH_SEPARATOR macro.  How about we use it?


svn:r9782
2007-03-09 21:39:30 +00:00
Nick Mathewson
52713788b4 r12080@catbus: nickm | 2007-03-04 21:40:55 -0500
Remove dnsworkers and related code. there goes another 550 lines of code.


svn:r9736
2007-03-05 02:40:58 +00:00
Nick Mathewson
7fcceb2c25 r12074@catbus: nickm | 2007-03-04 15:11:43 -0500
Make all LD_BUG log messsages get prefixed with "Bug: ".  Remove manually-generated "Bug: "s from log-messages.  (Apparently, we remembered to add them about 40% of the time.)


svn:r9733
2007-03-04 20:11:46 +00:00
Nick Mathewson
2780bb74c8 r12014@catbus: nickm | 2007-02-28 19:41:20 -0500
Niels has accepted the patch from Scott Lamb to implement better signal handling: I can take "get the pthread_sigprocmask situation under control" off my plate.


svn:r9696
2007-03-01 00:41:35 +00:00
Nick Mathewson
11d89141ac r12012@catbus: nickm | 2007-02-28 18:25:18 -0500
Twiddle constants wrt uploading hidden service descriptors.


svn:r9694
2007-03-01 00:41:28 +00:00
Roger Dingledine
08c75f4349 avoid a few headaches
svn:r9686
2007-02-28 20:24:09 +00:00
Nick Mathewson
dae5fc7982 r11981@catbus: nickm | 2007-02-28 11:55:27 -0500
Clamp declarable bandwidth at INT32_MAX, not INT_MAX.


svn:r9677
2007-02-28 16:56:07 +00:00
Nick Mathewson
333bf44471 r11944@catbus: nickm | 2007-02-25 14:43:18 -0500
Add a lower-bound on MaxAdvertisedBandwidth.


svn:r9652
2007-02-25 19:43:23 +00:00
Roger Dingledine
50f22e858a doc pedant
svn:r9634
2007-02-24 07:50:38 +00:00
Nick Mathewson
d4aaffc6e7 r11824@catbus: nickm | 2007-02-16 13:16:47 -0500
Move all struct-offset-manipulation macros into util.h, and use them consistently.  Because there are days when "SUBTYPE_P(handle, subtype, _base)" is just easier to read and write than "(basetp*)(((handle) - STRUCT_OFFSET(subtype, _base))".


svn:r9592
2007-02-16 20:00:43 +00:00
Nick Mathewson
e5d3269b10 r11822@catbus: nickm | 2007-02-16 12:49:20 -0500
Tech config.c about libevent 1.3, and resolve all docdoc elements in config.c


svn:r9591
2007-02-16 18:12:47 +00:00
Nick Mathewson
759c58151e r11775@catbus: nickm | 2007-02-12 16:39:09 -0500
Update copyright dates.


svn:r9570
2007-02-12 21:39:53 +00:00
Roger Dingledine
b3ac3acefc If we start a server with ClientOnly 1, then set ClientOnly to 0
and hup, stop triggering an assert based on an empty onion_key.


svn:r9540
2007-02-09 00:22:43 +00:00
Nick Mathewson
e00a1cbf16 r11726@catbus: nickm | 2007-02-08 16:04:53 -0500
Resolve some XXXX012 items:
   - Remove PathlenCoinWeight: if we want it again, we can add it
     back in.
   - Ditto with RelayBandwidth*.
   - Decide to leave in the "hey, you didn't set end_reason!" BUG log message,
     but stop telling people to bug me personally.
   - Postpone strengthening assert_connection_ok(): it's important, but 
     it's also a good way to introduce weird bugs.
   - Move some expensive consistency checking from dns_free_all() into
     assert_cache_ok().


svn:r9533
2007-02-08 22:07:56 +00:00
Nick Mathewson
f4a1c17e5a r11666@catbus: nickm | 2007-02-06 13:17:24 -0500
Implement an --ignore-missing-torrc option


svn:r9501
2007-02-06 18:36:21 +00:00
Nick Mathewson
fefba95363 r11629@catbus: nickm | 2007-02-02 15:06:17 -0500
Removing the last DOCDOC comment hurt so much that I had to use Doxygen to identify undocumented macros and comments, and add 150 more DOCDOCs to point out where they were.  Oops.  Hey, kids!  Fixing some of these could be your first Tor patch!


svn:r9477
2007-02-02 20:06:43 +00:00
Nick Mathewson
07e6eecdb2 r12122@Kushana: nickm | 2007-02-02 10:41:39 -0500
Fail when we are unable to parse the nameserver configuration.


svn:r9475
2007-02-02 18:58:04 +00:00
Nick Mathewson
76f896e714 r11607@catbus: nickm | 2007-01-30 17:19:27 -0500
Audit non-const char arguments; make a lot more of them const.


svn:r9466
2007-01-30 22:19:41 +00:00
Nick Mathewson
ac0dbc3d9b r11585@catbus: nickm | 2007-01-29 11:26:03 -0500
Oops; fix compilation.


svn:r9457
2007-01-29 18:13:39 +00:00
Nick Mathewson
21f5e06862 r11583@catbus: nickm | 2007-01-29 11:19:48 -0500
Make man page stop saying that BandwidthRate is for incoming bandwidth only; Add some XXX012s for config options that should maybe die.


svn:r9455
2007-01-29 18:13:34 +00:00
Nick Mathewson
af857f2da5 r11967@Kushana: nickm | 2007-01-15 16:13:15 -0500
tidy up more whitespace issues


svn:r9356
2007-01-15 21:21:14 +00:00
Roger Dingledine
a9c250837e patch from edmanm to make "-nt-service" command-line work too
svn:r9349
2007-01-15 08:52:01 +00:00
Andrew Lewman
930e12920d Update copyright in config.c while I'm there. Update man page to
reflect all available options to tor binary.


svn:r9341
2007-01-13 05:09:09 +00:00
Nick Mathewson
c1b5f53679 r11938@Kushana: nickm | 2007-01-11 11:02:28 -0500
Check addresses for rfc953-saneness at exit too, and give a PROTOCOL_WARN when they fail.  Also provide a mechanism to override this, so blossom can have its @@##$$^.whatever.exit hostnames if it wants.


svn:r9336
2007-01-11 16:02:39 +00:00
Roger Dingledine
35bd6caa1a Fix crash with "tor --list-fingerprint" (reported by seeess).
svn:r9328
2007-01-10 23:48:24 +00:00
Nick Mathewson
bc14afe064 r11872@Kushana: nickm | 2007-01-06 02:14:12 -0500
Implement a control status event for bad libevent version/method combos.  Warn that libevent <1.1 with select() is needlessly slow.  Reply to comment.


svn:r9284
2007-01-06 07:34:02 +00:00
Nick Mathewson
c8466c5919 r11824@Kushana: nickm | 2007-01-03 17:15:28 -0500
control-spec: upcase arguments in status events; note unimplemented events individually
 r11825@Kushana:  nickm | 2007-01-03 17:41:43 -0500
 Implement EXTERNAL IP server status event.
 r11826@Kushana:  nickm | 2007-01-03 17:47:10 -0500
 Implement BAD_SERVER_DESCRIPTOR server status event.
 r11827@Kushana:  nickm | 2007-01-03 18:01:56 -0500
 Implement SOCKS_UNKNOWN_PROTOCOL and DANGEROUS_SOCKS client events.
 r11828@Kushana:  nickm | 2007-01-03 18:23:22 -0500
 Implement BUG controller events. Also, flush ERR-level status events just like ERR-level log messages.
 r11829@Kushana:  nickm | 2007-01-03 23:37:27 -0500
 Yet more status events: CLOCK_SKEW, GOOD/ACCEPTED_SERVER_DESCRIPTOR, {CHECKING_}REACHABILITY_{SUCCEEDED|FAILED}
 r11833@Kushana:  nickm | 2007-01-05 16:56:37 -0500
 Note some unimplementedness in control-spec.txt


svn:r9279
2007-01-06 05:42:31 +00:00
Roger Dingledine
466650aa14 when we added orport= to the dirserver line, we started
freeing the string in the middle. this was probably xiando's
crash bug.


svn:r9265
2007-01-05 01:23:34 +00:00
Roger Dingledine
7b88380690 Avoid a double-free when parsing malformed DirServer lines.
svn:r9264
2007-01-05 01:12:10 +00:00
Roger Dingledine
da2ff14839 Set orport= for 4 of the 5 dir authorities; Fix getinfo ns/all; Fix seg
fault when starting a server without a fingerprint file present.


svn:r9261
2007-01-04 05:41:24 +00:00
Roger Dingledine
50f0e36094 man page entries for TunnelDirConns and PreferTunneledDirConns
and add a todo item for nick in case he gets bored :)


svn:r9260
2007-01-04 04:35:18 +00:00
Roger Dingledine
50e36dc11b more cleanups, including a shiny new XXX012
svn:r9250
2007-01-03 10:30:26 +00:00
Roger Dingledine
d677332a83 checkpoint as we add PreferTunneledDirConns config option
svn:r9249
2007-01-03 06:33:03 +00:00
Roger Dingledine
9545bbf57f - When the user uses bad syntax in the Log config line, stop
suggesting other bad syntax as a replacement.


svn:r9247
2007-01-03 03:56:17 +00:00
Nick Mathewson
6fbf17e7b0 r11749@Kushana: nickm | 2006-12-29 00:51:42 -0500
Remove dead code; make targets of addressmap commands/configs use AllowNonRFC953Hostnames


svn:r9211
2006-12-29 05:51:50 +00:00
Nick Mathewson
d9f1f3533d r11724@Kushana: nickm | 2006-12-28 14:22:35 -0500
Refactor and unify my-ip-addr-changed logic.  Make change in IP address or in nameservers reset and relaunch DNS hijacking tests.


svn:r9200
2006-12-28 21:29:20 +00:00
Nick Mathewson
e5f5b96ca6 r11723@Kushana: nickm | 2006-12-28 13:52:48 -0500
Fix bug 364: check for whether popular hostnames (curently google, yahoo, mit, and slashdot) are getting wildcarded.  If they are, we are probably behind a DNS server that is useless: change our exit policy to reject *:*.


svn:r9199
2006-12-28 21:29:11 +00:00
Nick Mathewson
c12a1f1e3a r11701@Kushana: nickm | 2006-12-24 01:24:39 -0500
fix warning on win32.


svn:r9184
2006-12-24 06:32:20 +00:00
Nick Mathewson
4d948281c3 r11676@Kushana: nickm | 2006-12-23 20:42:17 -0500
Add an orport option to dirserver lines so that clients can tell where to connect to open an encrypted tunnel to a dirserver even before they have its descriptor.


svn:r9171
2006-12-24 02:45:27 +00:00
Nick Mathewson
bf74dcd855 r11658@Kushana: nickm | 2006-12-20 15:58:44 -0500
Remove long-deprecated log and accounting options.


svn:r9164
2006-12-20 21:02:10 +00:00
Nick Mathewson
2e1e919d65 r11657@Kushana: nickm | 2006-12-20 15:11:19 -0500
Fixes to check-docs script; add some docs; mark some options as deprecated in the online docs.


svn:r9163
2006-12-20 21:02:02 +00:00
Nick Mathewson
e9ad1650c0 r11651@Kushana: nickm | 2006-12-20 12:05:04 -0500
Add a maintainer script and a new make target "make check-docs" to get a quick dump of which options are undocumented where, and which documentation refers to nonexistent options.


svn:r9160
2006-12-20 17:05:48 +00:00
Nick Mathewson
bf6702cf8b r11645@Kushana: nickm | 2006-12-19 14:22:36 -0500
Reject hostnames with invalid characters, in an attempt to catch more errors earlier.  Add an option to disable this behavior.


svn:r9156
2006-12-19 19:48:58 +00:00
Nick Mathewson
f53a269928 r11598@Kushana: nickm | 2006-12-15 15:59:00 -0500
Add internal documentation for a bunch of configuration options.  We should do something to keep this list, the canonical list, the tor.1 list, and the torrc.complete list in sync.


svn:r9133
2006-12-15 21:27:19 +00:00
Roger Dingledine
bdf470c263 turn TunnelDirConns on by default.
that's what alpha releases are for, right?


svn:r9129
2006-12-15 21:06:21 +00:00
Nick Mathewson
38bd6837db r11588@Kushana: nickm | 2006-12-15 02:04:32 -0500
Add a LastRotatedOnionKey variable to the state file, so we can rotate onion keys a week after they change even if we never stay up for a whole week at a time.  Should fix bug 368.


svn:r9120
2006-12-15 07:04:37 +00:00
Nick Mathewson
fdb10ff0b5 r11580@Kushana: nickm | 2006-12-15 00:09:46 -0500
Resolve bug 369: Check for integer underflow when printing "bytes left" accounting numbers.  Also fix a copyright date that I noticed while reading the bug.  Also make a buffer big enough that strings will not get truncated.  All are backport candidates.


svn:r9115
2006-12-15 05:12:42 +00:00
Roger Dingledine
c44dd3870e clarify our use of local time vs GMT
svn:r9109
2006-12-14 23:39:14 +00:00
Roger Dingledine
0dbf725927 Infrastructure to test BEGIN_DIR cells.
New socks command CONNECT_DIR. New config option TunnelDirConns that
builds a circ ending at the directory server and delivers a BEGIN_DIR
cell if it's running 0.1.2.2-alpha or later. We still need to make
one-hop circs when appropriate, while making other conns avoid them.


svn:r9098
2006-12-13 00:28:56 +00:00
Roger Dingledine
29099a98c2 fix xiando's bug -- we were reporting stuff about hibernation
even though it wasn't enabled.


svn:r9055
2006-12-09 02:55:40 +00:00
Nick Mathewson
cf04e1e6e7 r11479@Kushana: nickm | 2006-12-07 23:38:54 -0500
Refactor GETINFO into a table-driven dispatch, as suggested by arma.  My brain hurts.


svn:r9052
2006-12-08 04:39:13 +00:00
Nick Mathewson
7c79495137 r11468@Kushana: nickm | 2006-12-07 14:56:57 -0500
Revise logic used to flush state to disk. Now, we try to batch non-urgent changes so that we do not do too many writes, and we save very-non-urgent changes every once in a rare while, and we never save more than once per second.


svn:r9047
2006-12-07 20:11:30 +00:00
Nick Mathewson
63e4cfbeb6 r11461@Kushana: nickm | 2006-12-07 13:16:45 -0500
Change logging format of state file to only include non-default values.  Adjust clients to never store bandwidth history in the state file. (Possible backport candidate.)


svn:r9043
2006-12-07 18:57:29 +00:00
Nick Mathewson
9243e54177 r9313@totoro: nickm | 2006-11-13 20:07:41 -0500
Try to compile with fewer warnings on irix64's MIPSpro compiler /
 environment, which apparently believes that:
   - off_t can be bigger than size_t.
   - only mean kids assign things they do not subsequently inspect.
 
 I don't try to fix the "error" that makes it say:
 
 cc-3970 cc: WARNING File = main.c, Line = 1277
   conversion from pointer to same-sized integral type (potential portability
           problem)
 
     uintptr_t sig = (uintptr_t)arg;
 
 Because really, what can you do about a compiler that claims to be c99
 but doesn't understand that void* x = NULL; uintptr_t y = (uintptr_t) x;
 is safe?
 


svn:r8948
2006-11-14 01:07:52 +00:00
Nick Mathewson
0f6402f17b r9309@totoro: nickm | 2006-11-13 19:05:41 -0500
Whitespace fixes, and clean up code from last natd patch.


svn:r8947
2006-11-14 00:06:45 +00:00
Nick Mathewson
1913cb915e r9308@totoro: nickm | 2006-11-13 18:41:23 -0500
Add support for (Free?)BSD's natd, which was an old way to let you
 have your firewall automatically redirect traffic.  (Original patch
 from Zajcev Evgeny, updated for 0.1.2.x by tup.)
 


svn:r8946
2006-11-14 00:06:31 +00:00
Roger Dingledine
e473ca2427 give a nicer warning message when windows people try to
configure syslog in their torrc


svn:r8841
2006-10-27 19:35:12 +00:00
Roger Dingledine
d48828dbe1 good thing we didn't have to track this bug down the old-fashioned way
svn:r8800
2006-10-23 05:29:40 +00:00
Nick Mathewson
42bab1c6d3 r9318@Kushana: nickm | 2006-10-22 15:22:57 -0400
Let directory authorities set the BadExit flag if they like.  Also, refactor directory authority code so we can believe multiple things about a single router, and do fewer linear searches.


svn:r8794
2006-10-23 03:48:42 +00:00
Nick Mathewson
7551c44a53 r9274@Kushana: nickm | 2006-10-19 16:16:58 -0400
Add unit tests for tor_mmap_file(); make tor_mmap_t.size always be the size of the file (not the size of the mapping); add an extra argument to read_file_to_str() so it can return the size of the result string.


svn:r8762
2006-10-19 23:05:02 +00:00
Nick Mathewson
faf7445255 r9061@totoro: nickm | 2006-10-17 11:18:28 -0400
Oops. Libevent 1.2 exists.  Add it to our enum, even though we dont care yet.


svn:r8740
2006-10-17 15:20:15 +00:00
Nick Mathewson
b713b370bf r9060@totoro: nickm | 2006-10-17 11:12:48 -0400
Apply patch from Mike Perry: add more reasons for circuit destroys. (Slightly tweaked to avoid allocating a number for an "internal" reason.)


svn:r8739
2006-10-17 15:20:00 +00:00
Nick Mathewson
c6f2d725d0 r8957@totoro: nickm | 2006-10-08 22:35:17 -0400
The otherwise regrettable MIPSpro C compiler warns about values set but never used, and about mixing enums and ints; these are good warnings, and so should be fixed.  This removes some dead code and some potential bugs. Thanks to pnx.


svn:r8664
2006-10-09 02:35:51 +00:00
Roger Dingledine
f2bd0e2f16 more minor cleanups
svn:r8630
2006-10-07 06:28:50 +00:00
Roger Dingledine
246fecb585 the other half of the is_local_IP patch
svn:r8581
2006-10-03 05:45:58 +00:00
Nick Mathewson
4c56ac93ca r8851@totoro: nickm | 2006-10-02 18:13:27 -0400
Remove/clarify some XXXs for no longer being accurate; for begin things we do not indend to fix; for already being parts of big todo issues (like "/* XXX ipv6 */"); etc. Also fix some spaces.


svn:r8580
2006-10-02 22:13:42 +00:00
Nick Mathewson
bff83b666c r8846@totoro: nickm | 2006-10-02 16:59:57 -0400
Move is_local_IP to config.c; have it check for same-/24; make it used only for reachability (not for banwidth, because that is probably not what we want). Fixes an XXX.


svn:r8578
2006-10-02 21:00:35 +00:00
Roger Dingledine
a3efc8e3d1 - V1 authorities should set "HSAuthoritativeDir 1" to continue being
hidden service authorities too.
- Just because your DirPort is open doesn't mean people should be
  able to remotely teach you about hidden service descriptors. Now
  only accept rendezvous posts if you've got HSAuthoritativeDir set.


svn:r8573
2006-10-01 22:16:55 +00:00
Roger Dingledine
96a4cb1dfa touchups
svn:r8558
2006-10-01 04:55:12 +00:00
Nick Mathewson
7d366f61cb r9025@Kushana: nickm | 2006-09-29 18:33:13 -0400
Differentiate more duplicated log entries


svn:r8542
2006-09-29 22:33:40 +00:00
Nick Mathewson
8308a37908 r9023@Kushana: nickm | 2006-09-29 17:27:24 -0400
Make distinct all non-bug messages at notice or higher that appear 3 or more times.


svn:r8541
2006-09-29 22:33:34 +00:00
Nick Mathewson
8992bf6204 r8776@totoro: nickm | 2006-09-29 00:50:46 -0400
Reserve the nickname "Unnamed" for routers that can't pick a hostname; any
 router can call itself Unnamed; directory servers will never allocate Unnamed
 to any particular router; clients won't believe that any router is the
 canonical Unnamed.
 


svn:r8529
2006-09-29 04:51:28 +00:00
Nick Mathewson
907fc6c73e r8977@Kushana: nickm | 2006-09-28 19:56:41 -0400
Make "is a v1 authority", "is a v2 authority", and "is a hidden service authority" into separate flags so we can eventually migrate more trust away from moria.


svn:r8523
2006-09-28 23:57:59 +00:00
Nick Mathewson
d174cccd0b r8975@Kushana: nickm | 2006-09-28 17:13:53 -0400
Document entry-guard related functions


svn:r8521
2006-09-28 23:57:52 +00:00
Nick Mathewson
49ad1eefa1 Add an EnforceDistinctSubnets option so that clients who know what they are doing (mainly people with private testing networks) can disable our same-/16 detection.
svn:r8504
2006-09-25 22:12:54 +00:00
Roger Dingledine
bc848c8740 add 6697 (ircs) as longlivedport.
svn:r8496
2006-09-25 05:24:43 +00:00
Roger Dingledine
aa77298819 remove 8888 as a long lived port. i can't remember why it's
on the list.


svn:r8461
2006-09-22 19:29:26 +00:00
Nick Mathewson
7c21dabef1 r8878@Kushana: nickm | 2006-09-21 17:15:47 -0400
Trivial whitespace cleanups.


svn:r8443
2006-09-21 21:48:55 +00:00
Nick Mathewson
e4a9b4de4e r8875@Kushana: nickm | 2006-09-21 16:46:28 -0400
Resolve bug 330: detect ISPs that want to hijack failing DNS requests and basically domain-squat the entire internet.


svn:r8440
2006-09-21 21:48:22 +00:00
Nick Mathewson
04bec67574 r8874@Kushana: nickm | 2006-09-21 15:22:27 -0400
Rename and document SearchDomains and ResolvConf options; warn if ServerDNSResolvConfFile is given but eventdns isnt enabled.


svn:r8439
2006-09-21 21:48:16 +00:00
Nick Mathewson
083e9c2b59 r8873@Kushana: nickm | 2006-09-21 14:38:22 -0400
Fix a bug: Remember, each call to escaped() replaces the value returned from the last call to escaped().


svn:r8438
2006-09-21 21:48:11 +00:00
Roger Dingledine
9af3175687 parameterize the loudness of get_interface_address()
svn:r8358
2006-09-09 19:20:27 +00:00
Roger Dingledine
5a8563baed new config option AvoidDiskWrites for people running tors on
usb keys and other media that degrades when you write.
not implemented yet, so just a reminder.


svn:r8331
2006-09-07 00:30:29 +00:00
Nick Mathewson
000b7b287c r8724@Kushana: nickm | 2006-09-06 04:32:28 -0400
Fix spaces; restore support for mapping files over 4GB on win32 (?)


svn:r8326
2006-09-06 08:42:16 +00:00
Mike Chiussi
6ec9c1092a - made configure check if we are building for win32
- made configure link to required system dll's if building for win32
- added diffs for libevent 1.1b
- forced user to turn off eventdns if win32 is set 
- cleaned up tor_mmap_file()_win32 (not sure if it's stable)
- cleaned up some warnings and typos




svn:r8322
2006-09-06 01:49:55 +00:00
Roger Dingledine
585ae26783 patch from tup
svn:r8321
2006-09-05 14:30:06 +00:00
Nick Mathewson
f170e5798f r8692@Kushana: nickm | 2006-08-31 13:38:07 -0400
Fix bug 327 (part 2): Cast char to unsigned char before passing to toupper/tolower.  (Follow the same idiom as with isupper and friends, in case we run into the same problem on SGI or whereever it was.)


svn:r8310
2006-08-31 17:39:51 +00:00
Nick Mathewson
54ca0387a5 r8608@Kushana: nickm | 2006-08-27 16:57:47 -0400
Make it possible to change nameserver options while Tor is running.


svn:r8255
2006-08-28 03:15:55 +00:00
Nick Mathewson
be7054c626 r8607@Kushana: nickm | 2006-08-27 15:45:42 -0400
Change configuration strategy for eventdns. Instead of elaborate option set, just allow the user to specify another resolv.conf to use.


svn:r8254
2006-08-28 03:15:50 +00:00
Roger Dingledine
c0cb1c7bd2 remove some more vestiges of cvs
svn:r8229
2006-08-26 06:51:02 +00:00
Roger Dingledine
171a00ec50 fix a log level -- err is for things that kill tor, warn is for
things that tor can recover from.

also, avoid situations where people who don't read their logs
accumulate ten thousand useless files in their datadir.


svn:r8227
2006-08-26 04:48:50 +00:00
Nick Mathewson
c82c4a9e8b r8572@Kushana: nickm | 2006-08-25 16:35:49 -0400
Fix for bug 308: When we have a state file we cannot parse, tell the user, and move it aside.


svn:r8224
2006-08-25 21:01:56 +00:00
Roger Dingledine
5194b91053 avoid complaining about our SOCKS proxy proxy.
svn:r7053
2006-08-14 10:00:15 +00:00
Roger Dingledine
f294575469 fix funny-looking assignment that crashes unit tests
svn:r7027
2006-08-11 07:41:21 +00:00
Nick Mathewson
09a895e222 r7324@Kushana: nickm | 2006-08-10 23:23:15 -0700
Add more warnings to the list of those we tolerate. Start using GCC attributes more, for better error checking and better code generation.


svn:r7020
2006-08-11 07:09:17 +00:00
Nick Mathewson
02d42d9138 Fix crash in first-time option validation. Oops.
svn:r7018
2006-08-10 19:56:10 +00:00
Nick Mathewson
7ddd9e8cd9 r7304@Kushana: nickm | 2006-08-10 01:58:05 -0700
Fix verbose compilation errors; make sure transparent proxy fails when no method is configured.


svn:r7012
2006-08-10 09:02:26 +00:00
Nick Mathewson
3da737ac98 r7303@Kushana: nickm | 2006-08-10 01:52:19 -0700
whitespace fixes


svn:r7011
2006-08-10 09:02:12 +00:00
Nick Mathewson
74df271e00 r7302@Kushana: nickm | 2006-08-10 01:48:44 -0700
Warn about open TransListenAddress values.


svn:r7010
2006-08-10 09:02:02 +00:00
Nick Mathewson
5cff4164a0 r7299@Kushana: nickm | 2006-08-10 01:08:58 -0700
Patch from Tup to add support for transparent AP connections: this basically bundles the functionality of trans-proxy-tor into the tor mainline.  Now hosts with compliant pf/netfilter implementations can redirect TCP connections straight to Tor without diverting through SOCKS.


svn:r7007
2006-08-10 09:01:37 +00:00
Roger Dingledine
8075928b2a a way to make tor more stable in crummy situations
svn:r7005
2006-08-10 08:00:54 +00:00
Nick Mathewson
35f0881802 Experimentally re-enable kqueue on OSX when using libevent 1.1b or later. Log when we are doing this, so we can diagnose it when it fails.
svn:r7004
2006-08-10 08:00:13 +00:00
Nick Mathewson
f2a0df4d02 Recommend libevent 1.1b for kqueue and win32 methods; deprecate libevent 1.0b harder; make libevent recommendation system saner.
svn:r7003
2006-08-10 07:39:47 +00:00
Nick Mathewson
f4e506f423 Remove STRUCT_OFFSET from config.c
svn:r6811
2006-07-23 05:33:10 +00:00
Roger Dingledine
00aefaab6b think harder about my logic
svn:r6806
2006-07-22 07:19:11 +00:00
Roger Dingledine
2d6a4d283b i lied, that won't work at all. maybe this will.
svn:r6805
2006-07-22 07:15:34 +00:00
Roger Dingledine
444f096d2d more bulletproof reachability testing
svn:r6804
2006-07-22 05:29:31 +00:00
Roger Dingledine
9db7b2c068 Allow servers with no hostname or IP address to learn their IP address
by asking the directory authorities. This code only kicks in when you
would normally have exited with a "no address" error.

This design is flawed, though, since the X-Your-Address-Is header is not
authenticated, and doing it this way introduces too many new attacks. The
right answer is to give IP address hints inside the HELLO cell; much of
this code can be reused when we switch.


svn:r6774
2006-07-17 06:35:06 +00:00
Roger Dingledine
ee5f512e13 parameterize the loudness of resolve_my_address(), and call things
IP addresses, not IPs.


svn:r6764
2006-07-15 20:26:05 +00:00
Roger Dingledine
51454157a0 Fix a crash if you enable FascistFirewall but not FirewallPorts.
Reported by Frediano Ziglio.


svn:r6746
2006-07-08 17:38:46 +00:00
Nick Mathewson
a40ad152b1 When using eventdns: suppress logging of addresses when SafeLogging is active, and make set of nameservers configurable from torrc.
svn:r6744
2006-07-07 17:33:30 +00:00
Roger Dingledine
fad85f173a when an exit node gets a malformed begin cell, don't complain to
the node operator, since he can't do anything about it.


svn:r6733
2006-07-06 02:44:07 +00:00
Roger Dingledine
98c6bf6192 oops, we were ignoring options->ExcludeNodes when picking entry guards.
it is still the case that we ignore it with respect to entry guards
that we've already picked.


svn:r6726
2006-07-04 20:25:17 +00:00
Roger Dingledine
cbc4cd93ac allow people to start their tor with runasdaemon set but
with no logs set at all.


svn:r6604
2006-06-12 06:03:15 +00:00
Roger Dingledine
889b8d5bac Add a new config option TestVia, that lets you specify preferred middle
hops to use for testing circuits. Perhaps this will let me debug the
reachability problem better.


svn:r6581
2006-06-10 00:26:39 +00:00
Roger Dingledine
11dcb7f4ae try a better string at the top of torrc's autogenerated torrc.
svn:r6569
2006-06-09 02:20:42 +00:00
Roger Dingledine
91bd12c20d re-enable per-connection rate limiting. get rid of the "OP bandwidth"
concept. lay groundwork for "bandwidth classes" -- separate global
buckets that apply depending on what sort of conn it is.


svn:r6563
2006-06-07 09:18:53 +00:00
Nick Mathewson
853e2d99b6 Add a new warning to our "warn a lot" list: unused parameters. This means we have to explicitly "use" unuseds, but it can catch bugs. (It caught two coding mistakes so far.)
svn:r6532
2006-06-04 22:42:13 +00:00
Roger Dingledine
6066d68ac3 make options->RedirectExit work again; resolve bug 293.
svn:r6492
2006-05-24 11:13:03 +00:00
Roger Dingledine
13c4590dd1 ignore RunAsDaemon more thoroughly when we're running on windows.
svn:r6471
2006-05-23 07:04:55 +00:00
Nick Mathewson
7484ca06a5 [Forward-port ]Test and document last patch.
svn:r6400
2006-04-18 03:51:18 +00:00
Nick Mathewson
0df40a393b [forward-port] Implement an option, VirtualAddrMask, to set which addresses get handed out in response to mapaddress requests. Needs testing and docs!
svn:r6398
2006-04-18 03:36:28 +00:00
Roger Dingledine
64041d2dbf ok, put moria1 back in, since it's v1 and thus we need to send
our rendezvous descriptors to it.

eventually we might make a 'v1only' tag that explains it's only
for rendezvous descriptors.


svn:r6382
2006-04-11 14:12:04 +00:00
Roger Dingledine
e720cc6589 drop moria1 from the list of authorities.
svn:r6381
2006-04-10 21:40:43 +00:00
Peter Palfrader
beb9e0721a Stop assuming every authority is a v1 authority
svn:r6377
2006-04-10 21:29:29 +00:00
Roger Dingledine
12d461a245 make DirFetchPeriod and StatusFetchPeriod truly obsolete.
svn:r6373
2006-04-10 20:16:46 +00:00
Nick Mathewson
1064bbc62a Fix a wide line
svn:r6357
2006-04-10 08:05:00 +00:00
Roger Dingledine
ed38f46ebc lower the minimum required number of fd's to 1000, so we can
have some overhead for valgrind on linux, where the default
ulimit -n is 1024.


svn:r6338
2006-04-09 10:28:00 +00:00
Roger Dingledine
a589650496 i like the name FetchUselessDescriptors better.
svn:r6327
2006-04-08 21:48:14 +00:00
Roger Dingledine
2a94c8b493 add a new config option FetchUselessRouters, off by default, for
when you plan to run "exitlist" on this client and you want to know
about even the non-running descriptors.


svn:r6326
2006-04-08 21:35:17 +00:00
Roger Dingledine
b5737aab91 add dizum as the fifth authoritative directory server.
svn:r6323
2006-04-08 21:03:49 +00:00
Nick Mathewson
5d466b7611 Fix a couple of things that make GCC complain with verbose warnings on. Also, fix some whitespace.
svn:r6317
2006-04-08 05:43:52 +00:00
Roger Dingledine
1e04b70d49 make NoPublish (even though deprecated) work again.
svn:r6287
2006-04-02 02:59:48 +00:00
Roger Dingledine
6f08d121d9 Refactor and consolidate addr/exit policies into a new policies.c.
Fix some minor bugs and memory leaks along the way.


svn:r6246
2006-03-27 02:25:34 +00:00
Roger Dingledine
e1c8e3ca6e also send syntax and parse errors back to the controller.
svn:r6242
2006-03-26 08:09:19 +00:00
Roger Dingledine
b899b9592a When the controller's *setconf commands fail, collect an error message
in a string and hand it back. This starts to resolve bug 275.


svn:r6241
2006-03-26 06:51:26 +00:00
Peter Palfrader
e90bebf27b Say private address instead of internal address.
Both are wrong or at least not entirely correct but nobody would
understand "special-use address as listed in RFC3330" I guess.


svn:r6236
2006-03-25 21:24:28 +00:00
Roger Dingledine
216e349cb2 parameterize two more timeout constants in circuit-land.
svn:r6220
2006-03-22 00:52:37 +00:00
Roger Dingledine
ad236d4b8b freeing is not the same as setting to null
svn:r6219
2006-03-22 00:03:51 +00:00
Roger Dingledine
28fafb9022 new config option SocksTimeout: How long do we let a socks connection
wait unattached before we fail it?

Use this value for controller socks timeout, for normal socks
timeout, and for hidden-service socks timeout.


svn:r6217
2006-03-21 23:27:43 +00:00
Roger Dingledine
f11509e494 when upgrading to newer versions, throw away entry guards
picked by the old wrong algorithms.


svn:r6215
2006-03-21 23:06:47 +00:00
Roger Dingledine
0e68ec0846 put lefkada on port 80, officially.
svn:r6209
2006-03-21 16:57:03 +00:00
Roger Dingledine
415c9e878a add lefkada as a fourth auth dir server.
svn:r6205
2006-03-21 04:41:20 +00:00
Roger Dingledine
d8195e4128 Implement Jason Holt's SafeSocks config option.
Also put a URL in the warning message for unsafe socks4 use --
previously we'd only had the URL for unsafe socks5 use. Oops.


svn:r6190
2006-03-19 01:44:53 +00:00
Roger Dingledine
c06e6ddadd Finish the transition from the word 'verified' to the words
'named' and 'valid'.


svn:r6188
2006-03-19 01:21:59 +00:00
Roger Dingledine
868d456c3b make it so there is one place to edit for new dirservers, not two.
svn:r6186
2006-03-18 22:37:27 +00:00
Roger Dingledine
4f14826cb3 Actually, only v1 auth dir servers need to define recommendedversions.
But versioning dirservers do need to cause recommendclientversions
and recommendedserverversions to somehow be non-empty.


svn:r6181
2006-03-17 23:25:40 +00:00
Roger Dingledine
c7839a17f5 when we're an auth dir server but don't claim to be a versioning
auth dir server, don't demand that we define RecommendedVersions.


svn:r6180
2006-03-17 23:21:42 +00:00
Roger Dingledine
51fc6799ad right now we don't support entryguards on auth dirservers,
but that doesn't mean we need to remind them every time
they start up.


svn:r6179
2006-03-17 23:19:51 +00:00
Nick Mathewson
053411e827 Comments: cleanups and additions.
svn:r6174
2006-03-17 05:50:41 +00:00
Peter Palfrader
866f6293ff I wonder what an internal internet protocol is
svn:r6159
2006-03-14 22:52:20 +00:00
Peter Palfrader
86a964d868 When we try to be a server and Address is not explicitly set
and our hostname resolves to a private IP address, try
to use an interface address if it has a public address.


svn:r6158
2006-03-14 22:51:15 +00:00
Peter Palfrader
ebfb3fea6d Fix minor semantic error with no real effect:
we were doing "is_internal_IP(htonl(in.s_addr))" but in.s_addr is
in network order and is_internal_IP wants host order.  Change to
"is_internal_IP(ntohl(in.s_addr))".


svn:r6155
2006-03-13 19:09:52 +00:00
Nick Mathewson
bd8ffccae7 More cleanups noticed by weasel; also, remove macros that nobody uses.
svn:r6143
2006-03-12 23:31:16 +00:00
Nick Mathewson
474c60b743 Cleanup on time-relaqted constants. New conventions:
1) Surround all constants by (parens), whether we'll be using them
     in a denominator or not.
  2) Express all time periods as products (24*60*60), not as multiplied-out
     constants (86400).
  3) Comments like "(60*60) /* one hour */" are as pointless as comments
     like "c = a + b; /* set c to the sum of a and b */".  Remove them.
  4) All time periods should be #defined constants, not given inline.
  5) All time periods should have doxygen comments.
  6) All time periods, unless specified, are in seconds.  It's not necessary
     to say so.

To summarize, the old (lack of) style would allow:

  #define FOO_RETRY_INTERVAL 60*60 /* one hour (seconds) */
  next_try = now + 3600;

The new style is:

  /** How often do we reattempt foo? */
  #define FOO_RETRY_INTERVAL (60*60)

  next_try = now + RETRY_INTERVAL;


svn:r6142
2006-03-12 22:48:18 +00:00
Roger Dingledine
98476c71d2 make tor --verify-config closer to working
svn:r6137
2006-03-12 20:46:00 +00:00
Roger Dingledine
0bd46086c3 fix bug reported by gozu: if we get a linelist or linelist_s
config option from the torrc and it has no value, warn and
skip rather than silently resetting it to its default.


svn:r6125
2006-03-11 18:40:33 +00:00
Nick Mathewson
5777ee0e1a Add some functions to escape values from the network before sending them to the log. Use them everywhere except for routerinfo->plaftorm, routerinfo->contact_info, and rend*.c. (need sleep now)
svn:r6087
2006-03-05 09:50:26 +00:00
Nick Mathewson
6a4e304d9e Allow private:* in routerdescs; not generated yet (because older Tors do not understand it); needs testing.
svn:r6086
2006-03-05 05:27:59 +00:00
Roger Dingledine
498c13b4df make the NoPublish option obsolete.
svn:r6052
2006-02-20 01:21:48 +00:00
Roger Dingledine
276a7bd038 the other half of fixing bug 257. catch an error in more places.
svn:r6050
2006-02-20 01:06:27 +00:00
Roger Dingledine
57bcdcecf1 try to address bug 257: if rename() fails during saveconf, tell
the controller.


svn:r6049
2006-02-19 23:12:26 +00:00
Roger Dingledine
6a52867846 New config options to address bug 251:
FetchServerDescriptors and FetchHidServDescriptors for whether
to fetch server info and hidserv info or let the controller do it,
and also PublishServerDescriptor and PublishHidServDescriptors.

Add AllDirActionsPrivate undocumented option -- if you set it, you'll
need the controller to bootstrap you enough to build your first circuits.


svn:r6047
2006-02-19 22:02:02 +00:00
Roger Dingledine
266254f42b clean up the Reachable*Addresses changes
svn:r6041
2006-02-19 08:31:47 +00:00
Roger Dingledine
a9fcf4ced2 this is why you're not supposed to cut-and-paste code
svn:r6037
2006-02-18 06:46:01 +00:00
Peter Palfrader
aa5443551d Make it compile with VC7. It does not yet link.
svn:r6033
2006-02-18 02:02:21 +00:00
Peter Palfrader
0cc2390f8c Warn if ReachableAddresses is set when also ReachableDirAddresses and ReachableORAddresses are set.
svn:r6010
2006-02-13 22:29:37 +00:00
Peter Palfrader
5eea6c76df Split ReachableAddresses into ReachableDirAddresses and ReachableORAddresses
svn:r6009
2006-02-13 21:17:20 +00:00
Roger Dingledine
d113b75da6 more log conversions.
whee.


svn:r6003
2006-02-13 09:02:35 +00:00
Roger Dingledine
7d80921afa resolve too-long-lines
svn:r6001
2006-02-13 08:22:57 +00:00
Nick Mathewson
2a4555fedd Style on config_addr_policy_intersectes, which looks ok to me.
svn:r5998
2006-02-13 07:16:32 +00:00
Roger Dingledine
350313d77a Let the users set ControlListenAddress in the torrc.
This can be dangerous, but there are some cases (like a secured
LAN) where it makes sense.


svn:r5997
2006-02-13 06:25:16 +00:00
Peter Palfrader
6c4d873591 Compress exit policies even more. please review
svn:r5995
2006-02-13 01:54:31 +00:00
Nick Mathewson
dba155ecff Generate 18.0.0.0/8 address policy format in descs when we can; warn when the mask is not reducible to a bit-prefix.
svn:r5991
2006-02-12 23:58:22 +00:00
Nick Mathewson
98ec124c6a Drop redundant exit policy entries, not just identical ones.
svn:r5987
2006-02-12 22:59:38 +00:00
Nick Mathewson
e7b2d5cd47 Retain unrecognized options in state file, so that we can be forward-compatible.
svn:r5985
2006-02-12 22:28:30 +00:00
Roger Dingledine
b5ac6fc707 more helpful log message when running servers on obsolete windows.
svn:r5975
2006-02-12 00:14:58 +00:00
Roger Dingledine
094ccd34a9 bump up the period for forcing a hidden service descriptor upload
from 20 minutes to 1 hour.


svn:r5972
2006-02-12 00:12:36 +00:00
Roger Dingledine
981815146a compress exit policies even more -- look for duplicate lines
and remove them.


svn:r5971
2006-02-12 00:03:06 +00:00
Roger Dingledine
6c093a17a9 bugfix in config_cmp_addr_policies() -- we were treating a pair
of exit policies if they were equal even if one said accept and
the other said reject.


svn:r5970
2006-02-11 23:47:24 +00:00
Nick Mathewson
f1b91924b2 Keep running if we ask for an impossible stdout log; just warn.
svn:r5964
2006-02-11 21:56:03 +00:00
Nick Mathewson
91847124bf Warn if running obsolete windows as a server.
svn:r5961
2006-02-11 21:26:40 +00:00
Roger Dingledine
5f051574d5 Happy new year!
svn:r5949
2006-02-09 05:46:49 +00:00
Nick Mathewson
97bff8edaa Fix a const-non-const warning
svn:r5923
2006-02-06 04:55:27 +00:00
Roger Dingledine
92ef9e37e7 Add a new config option ExitPolicyRejectPrivate which defaults to 1.
This means all exit policies will begin with rejecting private addresses,
unless the server operator explicitly turns it off.

Also, make our code to remove redundancies in the exit policy smarter,
so it can detect "reject foo, reject bar, reject *" patterns.

Lastly, we can get rid of the "exit policy implicitly accepts" code,
since we make everything more explicit now.


svn:r5888
2006-02-01 03:53:52 +00:00
Roger Dingledine
f8b9a8d457 bump the default bandwidthrate to 3 MB, and burst to 6 MB
svn:r5874
2006-01-28 08:28:15 +00:00
Roger Dingledine
21be9dc3c0 when you tried to set orport through the controller, it would
trigger an assert because you hadn't made your onion keys yet
you wanted to launch cpu workers.

now init keys first, reset uptime, and tell the user that we're
starting the reachability testing.


svn:r5835
2006-01-17 04:01:32 +00:00
Roger Dingledine
f0d4b3d18f turn crypto hardware acceleration off by default, until we find
somebody smart who can test it for us.


svn:r5829
2006-01-16 20:08:33 +00:00
Nick Mathewson
c562ca494a add missing warning
svn:r5806
2006-01-11 20:09:37 +00:00
Nick Mathewson
fefa34d525 Fix double-free of torrc_fname
svn:r5805
2006-01-11 20:01:47 +00:00
Nick Mathewson
adbe0f0ada Fix bug 240: dont dump descriptions when not dumping actual config lines.
svn:r5804
2006-01-11 19:43:14 +00:00
Nick Mathewson
099b9ce2f9 Fix bug 230: add a rollback function to reverse all changes since the last mark_logs_temp(), and move log initialization into the two-phase part of option setting.
svn:r5803
2006-01-11 19:40:14 +00:00
Nick Mathewson
d60faa7c93 Fix another memleak. I love you, valgrind!
svn:r5794
2006-01-11 04:09:40 +00:00
Roger Dingledine
d1baa0c4a6 we were leaking 3KB every time the entry guards changed, every time
the controller called saveconf, and every 20 minutes.


svn:r5788
2006-01-11 03:20:53 +00:00
Roger Dingledine
8f271f2f5a we changed the name of AccountingBytesReadInInterval
change its state file description too


svn:r5785
2006-01-10 23:26:59 +00:00
Roger Dingledine
7d1f675c85 entry nodes are now entry guards.
this is our last easy chance for a wholesale change. heave ho.


svn:r5782
2006-01-10 22:42:44 +00:00
Roger Dingledine
b2d79f278b or_state_validate() needs an extra arg too or it will crash
svn:r5772
2006-01-10 20:38:33 +00:00
Roger Dingledine
f4299f0f44 hack to address bug 238.
needs a better fix, but not for 0.1.1.11.


svn:r5771
2006-01-10 20:27:47 +00:00
Roger Dingledine
f71273c216 fix bug 235
svn:r5768
2006-01-10 20:06:24 +00:00
Nick Mathewson
7fc62029d4 Refuse to use RunAsDaemon when torrc is a relative path. Fixes bug 229.
svn:r5767
2006-01-10 20:00:20 +00:00
Roger Dingledine
f88fa3efc1 helper nodes are dead
svn:r5743
2006-01-07 00:41:50 +00:00
Nick Mathewson
65f76bad4f Add descriptions for state variables; rename AccountingBytesRead{In}Interval; remove extraneous and unused struct member.
svn:r5739
2006-01-06 15:43:03 +00:00
Roger Dingledine
c5a5161fb5 prevent auth dir servers from enabling entry nodes.
svn:r5702
2006-01-02 08:40:58 +00:00
Roger Dingledine
358052416d bugfix: only try to use the EntryNodes config option if it is set.
svn:r5701
2006-01-02 05:14:21 +00:00
Roger Dingledine
ea6ea8ec22 Make UseEntryNodes true by default. Let the fun begin.
svn:r5698
2006-01-02 05:00:03 +00:00
Roger Dingledine
aa604ef2c2 bugfix: only try to parse the TorVersion if there is one.
svn:r5697
2006-01-02 04:58:12 +00:00
Roger Dingledine
839111b85a tolerate a mal-formed or unrecognized tor version in the state file.
svn:r5696
2006-01-02 04:45:18 +00:00
Roger Dingledine
0bd25f5d43 save and validate TorVersion in the state file.
svn:r5694
2006-01-02 04:14:52 +00:00
Roger Dingledine
6c693dbda6 add a TorVersion state string.
not yet set to anything.


svn:r5687
2005-12-31 08:16:07 +00:00
Roger Dingledine
5947388968 Finish implementing config's EntryNodes and StrictEntryNodes option.
The logging is way verbose for now.


svn:r5683
2005-12-31 06:32:57 +00:00
Roger Dingledine
dbd7b97eff helper nodes are dead. long live entry nodes.
(config options EntryNodes and StrictEntryNodes still not
implemented.)


svn:r5673
2005-12-28 09:07:31 +00:00
Roger Dingledine
94bff33357 and compiling would be good too
svn:r5657
2005-12-27 02:48:35 +00:00
Roger Dingledine
370dcbc7ba and some comments
svn:r5656
2005-12-27 02:48:02 +00:00
Roger Dingledine
5807bd0635 make it clearer in the auto-generated config file that you
probably shouldn't be editing this one yourself.


svn:r5655
2005-12-27 02:46:53 +00:00
Peter Palfrader
4bd65f0f98 Keep bandwidth history accross restarts/crashes
svn:r5637
2005-12-23 23:56:42 +00:00
Nick Mathewson
89eded7b17 Add "panic" option to reject all servers not in fingerprint list.
svn:r5601
2005-12-15 21:39:38 +00:00
Nick Mathewson
1af630d32c Bite the bullet and limit all our source lines to 80 characters, the way IBM intended.
svn:r5582
2005-12-14 20:40:40 +00:00
Roger Dingledine
77c0f6d456 a first go at fixing a bug matt edman reported: when he tries
to "setconf log" via the controller, it is friendly and gives
him a log to stdout, even though he didn't ask for one.


svn:r5562
2005-12-11 10:01:21 +00:00
Roger Dingledine
46d563fe00 whenever we hupped or did a controller setconf, we were prepending
another reachableaddresses *:80,*:443 if fascistfirewall was set,
and we were appending another reject *:* regardless.


svn:r5560
2005-12-11 09:18:25 +00:00
Roger Dingledine
a4e1014f4d i think fascistfirewall still has its uses. it's a synonym
for a certain reachableaddresses line, but it's easier to
remember and people already understand it. i think we should
think about undeprecating it.


svn:r5559
2005-12-11 08:59:02 +00:00
Roger Dingledine
58366ffd24 when we changed from log_fn to debug/info/notice/warn/err,
we screwed up the formatting in wild and unpredictable ways.

fix it before it becomes convention to format logs in wild and
unpredictable ways.

still need to do src/common/ someday.


svn:r5551
2005-12-10 09:36:26 +00:00
Roger Dingledine
9b0a40ec78 crank the max line limit down to 150 chars.
svn:r5550
2005-12-10 08:27:01 +00:00
Nick Mathewson
39265dd72e In my private little universe, terminals are still 80 columns. Impose a 160-character-per-line limit; this will creep down.
svn:r5548
2005-12-09 05:37:26 +00:00
Nick Mathewson
95e471c9a6 Normalize whitespace
svn:r5547
2005-12-09 05:22:15 +00:00
Nick Mathewson
33c4445846 For some bizarre reason, MSVC does not implement GCC extensions. Who would have thought?
svn:r5546
2005-12-09 05:20:02 +00:00
Roger Dingledine
a438f2abcd let the user configure a sockslistenaddress on other private IPs
besides 127.x.y.z without complaining.
and give a better message in the log.


svn:r5544
2005-12-09 02:46:46 +00:00
Nick Mathewson
d57029ffe8 Make code to handle "private" alias work when assume_action is set.
svn:r5542
2005-12-08 23:58:23 +00:00
Nick Mathewson
338f23114f Oops. 0.0.0.0/8 and 169.254.0.0/16 are also special.
svn:r5536
2005-12-08 19:58:14 +00:00
Nick Mathewson
1b770817c0 Add private:* as an alias in configuration for policies.
svn:r5534
2005-12-08 19:40:24 +00:00
Nick Mathewson
898968b3ac Warn when binding to a public address for socks. This warning needs to be improved. Also, make options_validate() only warn when an option is changed to a bad value.. (Previously, it warned when an option was bad and any option was changed.)
svn:r5532
2005-12-08 18:56:32 +00:00
Nick Mathewson
f031ee8246 Make clients use CREATE_FAST cells. add an option to disable this.
svn:r5524
2005-12-07 22:09:02 +00:00
Roger Dingledine
5c949fce51 Start obeying our firewall options more rigorously:
- If we can't get to a dirserver directly, try going via Tor.
  - Don't ever try to connect (as a client) to a place our firewall
    options forbid.
  - If we specify a proxy and also firewall options, obey the firewall
    options even when we're using the proxy: some proxies can only proxy
    to certain destinations.


svn:r5431
2005-11-19 10:12:10 +00:00
Roger Dingledine
afb1c79879 Leave options->DirServers alone -- if the user didn't specify any,
just add the default ones directly to the trusted dirserver list.
This fixes a bug where people running controllers would setconf or
the equivalent, and Tor would start yelling at them about setting
their own DirServer lines.


svn:r5418
2005-11-18 02:47:09 +00:00
Roger Dingledine
c4aa9e7941 Add a new config option TestSocks so people can see if their
applications are using socks4, socks4a, socks5-with-ip, or
socks5-with-hostname. This way they don't have to keep mucking
with tcpdump and wondering if something got cached somewhere.


svn:r5399
2005-11-16 23:37:35 +00:00
Roger Dingledine
014c6bfe00 We were refusing to start if you define SocksListenAddress
but define SocksPort to be 0. But this is a standard configuration!
So don't fail.


svn:r5361
2005-11-11 22:41:07 +00:00
Roger Dingledine
c136bbe505 stop discouraging the old *BindAddress config options. we will
just confuse our users when they upgrade.


svn:r5354
2005-11-11 17:04:14 +00:00
Peter Palfrader
43c253958e Tor26's IP has changed to 86.59.21.38
svn:r5350
2005-11-05 20:20:51 +00:00
Nick Mathewson
35f1b7fa26 fix minor memory leak in config
svn:r5318
2005-10-25 18:06:29 +00:00
Nick Mathewson
5d85560d9e Remove last vestiges of old logging interface.
svn:r5317
2005-10-25 18:01:01 +00:00
Nick Mathewson
932106f54c Efficiency hack: call tor_fix_source_file late, not early. Add "BUG" domain. Domains are now bitmasks... just in case. Make some err msgs non-general.
svn:r5309
2005-10-25 07:05:03 +00:00
Nick Mathewson
27fcbf87f3 Add a missing struct initializer field
svn:r5264
2005-10-17 23:00:08 +00:00
Roger Dingledine
fd165329b8 start calling it *ListenAddress rather than *BindAddress,
since none of our users know what it means to bind an address or port.


svn:r5260
2005-10-17 03:17:29 +00:00
Nick Mathewson
22c72bd9c5 Add ability to warn when using abbrev mechanism to deprecate option names
svn:r5259
2005-10-17 03:06:00 +00:00
Roger Dingledine
03dcef4c78 start the process of reducing clutter in server logs
svn:r5253
2005-10-17 00:35:53 +00:00
Nick Mathewson
905ef987e2 Make --hash-password not craash on exit.
svn:r5243
2005-10-12 19:08:48 +00:00
Nick Mathewson
9a1d204318 Avoid warning on end-of-function
svn:r5242
2005-10-12 18:43:03 +00:00
Nick Mathewson
fd9bfef13b Funny. I could have sworn it compiled this morning when I checked it in.
svn:r5239
2005-10-12 17:16:25 +00:00
Nick Mathewson
a7ca56b537 More work towards a sane digest-based liveness testing.
svn:r5238
2005-10-12 13:49:13 +00:00
Nick Mathewson
2f49e058d0 Now that directory admins assure me they have adjested teir configs, it is safe to make authorities be non-versioning, non-naming by default.
svn:r5230
2005-10-08 05:47:58 +00:00
Roger Dingledine
0e5b6a84eb without braces, what will hold up the code?
svn:r5209
2005-10-06 05:08:00 +00:00
Nick Mathewson
ba24193ab5 Make doxygen marginally happier
svn:r5208
2005-10-06 04:33:40 +00:00
Nick Mathewson
ba67d14d40 On sighup, if usehelpernodes changed to 1, use new circuits.
svn:r5203
2005-10-05 23:02:40 +00:00
Nick Mathewson
2d203fdcf3 link nicknames to trusted directory servers; log these nicknames when mentioning servers; also, when we get a naming conflict; log which nicknames or keys are supposed to bind.
svn:r5184
2005-10-04 21:21:09 +00:00
Nick Mathewson
e4a6a03249 switch semantics of authdirinvalid/reject
svn:r5182
2005-10-04 19:52:58 +00:00
Nick Mathewson
80f2e10228 Stop leaking or_state_t on shutdown.
svn:r5171
2005-09-30 21:16:47 +00:00
Nick Mathewson
92451f74a8 Reformat inconsistent function declarations.
svn:r5160
2005-09-30 01:09:52 +00:00
Nick Mathewson
ebf6476e8e Provide dire warnings to any users who set DirServer; move it out of torrc.sample and into torrc.complete.
svn:r5132
2005-09-23 20:44:22 +00:00
Nick Mathewson
20b9111266 Implement new version handling code.
svn:r5100
2005-09-21 00:41:06 +00:00
Nick Mathewson
e72e76cad6 Make authdirs smarter. Reject/invalidate by key and IP. Remember that not every authdir has to be a naming authdir.
svn:r5074
2005-09-15 14:39:05 +00:00
Nick Mathewson
922cee3d0c Clean up a few warnings that make gcc twig out a bit.
svn:r5062
2005-09-14 20:59:25 +00:00
Nick Mathewson
7c6679d8dc Add new config.c function to set options that can fail, and roll back if they do. This should solve the setconf-an-impossible-port bug.
svn:r5046
2005-09-14 02:36:29 +00:00
Roger Dingledine
93be26a74a stop the call duplication inside config_assign()
svn:r5045
2005-09-14 02:35:06 +00:00
Roger Dingledine
10893e7254 simplify
svn:r5043
2005-09-14 02:18:28 +00:00
Roger Dingledine
c78aafe4b5 and take the bang out
svn:r5042
2005-09-14 02:13:35 +00:00
Roger Dingledine
62fe24c40c ok, ok, csv's get replaced even when we assign them from the torrc.
svn:r5041
2005-09-14 02:12:29 +00:00
Roger Dingledine
1f930a9a70 checkpoint: clean up and document the three ways to call config_assign()
and reduce code duplication in config_free() and option_is_same().


svn:r5040
2005-09-14 02:07:35 +00:00
Roger Dingledine
cfe34812eb bugfix: if you gave tor an odd number of command-line arguments,
we were silently ignoring the last one. now we complain and fail.


svn:r4988
2005-09-10 04:40:27 +00:00
Roger Dingledine
9b54cd349d break out a new function config_assign_value() that just assigns the
value it's given, and doesn't do any of their weird clearing or resetting
stuff. use that when we're trying to clear or reset values.


svn:r4984
2005-09-10 02:42:32 +00:00
Roger Dingledine
cfa321374d reject ports 465 and 587 by default now too
svn:r4974
2005-09-09 22:46:43 +00:00
Nick Mathewson
047e105daf Fix a bug in config_dump: we want to run options_validate on the defaults, not (again, uselessly) on the configuration. This was introduced when we made the config code more generic.
svn:r4965
2005-09-09 20:08:26 +00:00