Commit Graph

20218 Commits

Author SHA1 Message Date
Nick Mathewson
d2d6a1b082 Make our seccomp2 sandbox handle Glibc 2.26
There are three changes here:
  * We need to allow epoll_pwait.
  * We need to allow PF_NETLINK sockets to be opened with SOCK_CLOEXEC.
  * We need to use openat() instead of open().

Note that this fix is not complete, since the openat() change is
turned off.  The next commit will make the openat() change happen
when we're running glibc 2.26 or later.

Fix for 24315.
2017-11-16 13:56:22 -05:00
Nick Mathewson
7461cd3067 Permit kill(pid, 0) in the seccomp2 sandbox.
We don't want to allow general signals to be sent, but there's no
problem sending a kill(0) to probe whether a process is there.

Fixes bug 24198; bugfix on 0.2.5.1-alpha when the seccomp2 sandbox
was introduced.
2017-11-16 12:44:47 -05:00
Nick Mathewson
95238eb917 Fix a traceback when closing a blocked connection "immediately".
When we close a connection via connection_close_immediately, we kill
its events immediately. But if it had been blocked on bandwidth
read/write, we could try to re-add its (nonexistent) events later
from connection_bucket_refill -- if we got to that callback before
we swept the marked connections.

Fixes bug 24167.  Fortunately, this hasn't been a crash bug since we
introduced connection_check_event in 0.2.9.10, and backported it.

This is a bugfix on commit 89d422914a, I believe, which
appeared in Tor 0.1.0.1-rc.
2017-11-16 12:05:56 -05:00
David Goulet
380a95116a relay: Avoid extra LOG_NOTICE for every new descriptor batch
Commit 56c5e282a7 suppressed that same log
statement in directory_info_has_arrived() for microdescriptors so do the same
for the descriptors. As the commit says, we already have the bootstrap
progress for this.

Fixes #23861

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-16 10:57:05 -05:00
Nick Mathewson
2a98fcb848 Downgrade evdns warnings about weird replies.
evdns is allowed to give us unrecognized object types; it is allowed
to give us non-IPv4 answer types, and it is (even) allowed to give
us empty answers without an error.

Closes ticket 24097.
2017-11-16 09:30:19 -05:00
Nick Mathewson
93dbce4ddd Log a better message if a router we're re-adding is expired.
Addresses ticket 20020.
2017-11-16 08:35:06 -05:00
Nick Mathewson
ef55a7a69a Tweak the message when we re-enable CBT.
Implements ticket 20963.
2017-11-15 14:42:59 -05:00
Nick Mathewson
ceeacc734d Merge branch 'maint-0.3.2' 2017-11-15 14:25:25 -05:00
Nick Mathewson
ae8683621a Merge remote-tracking branch 'asn/bug23662_032' into maint-0.3.2 2017-11-15 14:25:20 -05:00
Nick Mathewson
6aeabd454e Reindent the body of get_data_directory()
I don't know why it wasn't indented properly, but we may as well fix
it now.
2017-11-14 15:56:25 -05:00
Nick Mathewson
192be00691 Make the DataDirectory option immutable.
By convention, the torrc options that the user sets are
unchangeable.  If we need to change them, we should be using a copy
that's stored in another field

To avoid trouble, I'm keeping DataDirectory as the name for the
field that the rest of Tor uses, and using DataDirectory_option for
the confparse-controlled field.

This commit also modernizes some older string handling code in the
DataDirectory normalization function.
2017-11-14 15:54:36 -05:00
Nick Mathewson
bf8a7201ce Remove remove_file_if_very_old() -- nothing calls it. 2017-11-14 15:33:58 -05:00
Nick Mathewson
702a13c9d3 Merge branch 'maint-0.3.2' 2017-11-14 14:45:11 -05:00
Nick Mathewson
6dc784bdb3 Merge remote-tracking branch 'dgoulet/bug24230_032_01' into maint-0.3.2 2017-11-14 14:45:07 -05:00
George Kadianakis
c4a56ed5c2 Silence a warning about failed descriptor uploads.
Due to #23662 this can happen under natural causes and does not disturb
the functionality of the service. This is a simple 0.3.2 fix for now,
and we plan to fix this properly in 0.3.3.
2017-11-14 17:16:33 +02:00
Nick Mathewson
9f2efd02a1 Minimal implementation of bridge-distribution-request
Just advertise the line when we're a bridge, using "any" if we're
published or "none" if we aren't.

This is done in lieu of a full backport of #18329.
2017-11-13 20:44:51 -05:00
Nick Mathewson
1d5e693b63 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 20:36:04 -05:00
Nick Mathewson
50fbede459 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 20:36:04 -05:00
Nick Mathewson
1b9bb2c847 Merge branch 'bug22895_027' into maint-0.2.9 2017-11-13 20:35:59 -05:00
Nick Mathewson
fea5c8a015 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 12:57:58 -05:00
Nick Mathewson
543fd89fb7 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-13 12:57:58 -05:00
Nick Mathewson
800797e7f3 Merge branch 'bug23291_028' into maint-0.2.8 2017-11-13 12:57:55 -05:00
Nick Mathewson
0c6d05cdd4 Merge branch 'maint-0.3.2' 2017-11-13 12:27:44 -05:00
Nick Mathewson
d0b75b5ade Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-13 12:27:36 -05:00
David Goulet
7df28ce299 hs-v3: Fix consensus param "hsdir-interval" name
The dir-spec.txt specifies it to be "hsdir_interval" (underscore).

Fixes #24262

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-13 11:48:56 -05:00
Nick Mathewson
0b4e59b7c6 Merge remote-tracking branch 'sebastian/bug24137' 2017-11-13 11:32:35 -05:00
Nick Mathewson
3300a6e93a Merge remote-tracking branch 'arma/ticket23637' into maint-0.3.2 2017-11-13 11:20:20 -05:00
Nick Mathewson
16bdb9e365 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:18:02 -05:00
Nick Mathewson
91188540af Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-13 11:18:02 -05:00
Nick Mathewson
ab415ae950 Merge remote-tracking branch 'teor/bug23470-029' into maint-0.2.9 2017-11-13 11:17:58 -05:00
Nick Mathewson
9092e9019a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:15:50 -05:00
Nick Mathewson
666653758d Merge branch 'bug8185_025' into maint-0.2.9 2017-11-13 11:15:47 -05:00
Nick Mathewson
0fc2b7f82e Merge branch 'bug8185_031' into maint-0.3.1 2017-11-13 11:15:40 -05:00
Nick Mathewson
ece63105d9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-13 11:13:22 -05:00
Nick Mathewson
c928fb988a Merge branch 'ticket21953_029' into maint-0.2.9 2017-11-13 11:13:18 -05:00
Nick Mathewson
fdefda95bc Add corresponding rust-c coupling comments to C 2017-11-13 10:03:46 -05:00
Nick Mathewson
edf3d6b7ee Merge remote-tracking branch 'chelseakomlo/24032-cargo-rust-sync' 2017-11-13 09:59:10 -05:00
Nick Mathewson
a5ef2b619d Make node_get_curve25519_onion_key() return a const ptr 2017-11-12 17:07:16 -05:00
Nick Mathewson
f92736517b Merge branch 'bug23577_squashed' 2017-11-12 17:05:39 -05:00
Neel Chauhan
fb718e9912 Make setup_introduce1_data() take a node_t instead of an extend_info_t
Clients add rendezvous point IPv6 addresses to introduce cell link specifiers,
when the node has a valid IPv6 address.

Also check the node's IPv4 address is valid before adding any link specifiers.

Implements #23577.
2017-11-12 17:05:25 -05:00
Neel Chauhan
0ee50a414c Introduce node_get_curve25519_onion_key() 2017-11-12 17:05:25 -05:00
Chelsea Holland Komlo
1c50331b9a annotate where C and Rust need to stay in sync 2017-11-11 23:19:34 -05:00
Nick Mathewson
11eaf208c0 Merge branch 'bug24247_032' 2017-11-11 14:46:33 -05:00
Nick Mathewson
a7ca71cf6b Fix mock_crypto_pk_public_checksig__nocheck() to handle short RSA keys
This function -- a mock replacement used only for fuzzing -- would
have a buffer overflow if it got an RSA key whose modulus was under
20 bytes long.

Fortunately, Tor itself does not appear to have a bug here.

Fixes bug 24247; bugfix on 0.3.0.3-alpha when fuzzing was
introduced.  Found by OSS-Fuzz; this is OSS-Fuzz issue 4177.
2017-11-11 14:44:45 -05:00
Nick Mathewson
ef92511577 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-11-11 12:23:34 -05:00
Nick Mathewson
512dfa15ed Merge branch 'maint-0.3.1' into maint-0.3.2 2017-11-11 12:23:34 -05:00
Nick Mathewson
f8707e4f6c Merge branch 'maint-0.3.2' 2017-11-11 12:23:34 -05:00
Nick Mathewson
9666c620d5 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-11-11 12:23:33 -05:00
Nick Mathewson
c9b76a12f5 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-11-11 12:23:33 -05:00
Nick Mathewson
5348c8996f Merge branch 'maint-0.2.9' into maint-0.3.0 2017-11-11 12:23:33 -05:00
David Goulet
42ce6f78c8 control: Fix wrong Action on failure to upload an HS descriptor
On failure to upload, the HS_DESC event would report "UPLOAD_FAILED" as the
Action but it should have reported "FAILED" according to the spec.

Fixes #24230

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-10 15:31:31 -05:00
Karsten Loesing
6f8c32b7de Update geoip and geoip6 to the November 6 2017 database. 2017-11-10 10:14:09 +01:00
Nick Mathewson
039a776367 slight improvement to rust idiomicity 2017-11-09 09:48:52 -05:00
Nick Mathewson
c80bb04542 Rust implementation of protocol_list_supports_protocol_or_later() 2017-11-09 09:42:09 -05:00
Nick Mathewson
6ea3db6fa7 Fix unit test behavior: we need to be in STATE_LIVE. 2017-11-09 09:30:43 -05:00
Nick Mathewson
552218437c Merge branch 'ticket12062_squashed' 2017-11-09 09:20:55 -05:00
Nick Mathewson
0c6eabf088 Audit all of the "is the network turned off" checks.
DisableNetwork is a subset of net_is_disabled(), which is (now) a
subset of should_delay_dir_fetches().

Some of these changes are redundant with others higher or lower in
the call stack.  The ones that I think are behavior-relevant are
listed in the changes file.  I've also added comments in a few
places where the behavior is subtle.

Fixes bug 12062; bugfix on various versions.
2017-11-09 09:19:42 -05:00
Nick Mathewson
0626031564 Merge branch 'ticket20895' 2017-11-09 09:17:53 -05:00
Nick Mathewson
59c1016aba Merge branch 'maint-0.3.2' 2017-11-09 08:17:46 -05:00
Nick Mathewson
aa1d90b40c Merge branch 'bug23985_029' into maint-0.3.2 2017-11-09 08:15:46 -05:00
Nick Mathewson
ce3d5da0d2 Merge branch 'maint-0.3.2' 2017-11-09 08:02:36 -05:00
Nick Mathewson
40c64f45f0 Re-remove AllowDotExit deprecation.
This was accidentally reintroduced in 5a46074e55.  It should be
harmless, though: the option is obsolete, so calling it deprecated
is redundant.
2017-11-09 07:58:27 -05:00
Nick Mathewson
c8859582a2 bump to 0.3.2.4-alpha-dev 2017-11-08 16:44:53 -05:00
Nick Mathewson
7556636ac2 Merge branch 'maint-0.3.2' 2017-11-08 14:59:18 -05:00
David Goulet
fa70aabb62 dirauth: Recalculate voting schedule at first vote
Commit e67f4441eb introduced a safeguard against
using an uninitialized voting schedule object. However, the dirvote_act() code
was looking roughly at the same thing to know if it had to compute the timings
before voting with this condition:

  if (!voting_schedule.voting_starts) {
    ...
    dirvote_recalculate_timing(options, now);
  }

The sr_init() function is called very early and goes through the safeguard
thus the voting schedule is always initilized before the first vote.

That first vote is a crucial one because we need to have our voting schedule
aligned to the "now" time we are about to use for voting. Then, the schedule
is updated when we publish our consensus or/and when we set a new consensus.
From that point on, we only want to update the voting schedule through that
code flow.

This "created_on_demand" is indicating that the timings have been recalculated
on demand by another subsystem so if it is flagged, we know that we need to
ignore its values before voting.

Fixes #24186

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-08 14:46:49 -05:00
Nick Mathewson
90fb57ec18 Merge branch 'maint-0.3.2' 2017-11-08 13:26:50 -05:00
Nick Mathewson
0dc55fb247 Don't delay descriptor fetches when missing info needed for circuits
When we have fewer than 15 descriptors to fetch, we will delay the
fetch for a little while.  That's fine, if we can go ahead and build
circuits... but if not, it's a poor choice indeed.

Fixes bug 23985; bugfix on 0.1.1.11-alpha.

In 0.3.0.3-alpha, when we made primary guard descriptors necessary
for circuit building, this situation got worse.
2017-11-08 13:22:16 -05:00
Nick Mathewson
31a907881e downgrade severity for get_voting_schedule() 2017-11-08 11:50:57 -05:00
Nick Mathewson
d1a1d95c41 Merge branch 'maint-0.3.2' 2017-11-08 11:02:51 -05:00
Nick Mathewson
02f05f2de2 Merge remote-tracking branch 'dgoulet/bug23751_032_01' into maint-0.3.2 2017-11-08 10:56:33 -05:00
Nick Mathewson
c74a817e83 Merge branch 'bug23318-redux_029' into maint-0.3.2 2017-11-08 10:47:22 -05:00
teor
6e4ebd41bb Stop calculating total twice in frac_nodes_with_descriptors()
Cleanup after 23318.
2017-11-08 10:45:18 -05:00
teor
4f944cc4cc Check arguments and initialise variables in compute_weighted_bandwidths()
Cleanup after 23318.
2017-11-08 10:45:18 -05:00
teor
fcaa4ab824 Actually log the total bandwidth in compute_weighted_bandwidths()
Fixes bug 24170; bugfix on 0.2.4.3-alpha.
2017-11-08 10:45:18 -05:00
teor
14b0bba06e Use node counts in networks with all zero-bandwidths
When calculating the fraction of nodes that have descriptors, and all
all nodes in the network have zero bandwidths, count the number of nodes
instead.

Fixes bug 23318; bugfix on 0.2.4.10-alpha.
2017-11-08 10:45:18 -05:00
Nick Mathewson
3c03e237ab Remove an erroneous 0.5 in compute_weighted_bandwidths()
Back in 0.2.4.3-alpha (e106812a77), when we switched from using
double to using uint64 for selecting by bandwidth, I got the math
wrong: I should have used llround(x), or (uint64_t)(x+0.5), but
instead I wrote llround(x+0.5).  That means we would always round
up, rather than rounding to the closest integer

Fixes bug 23318; bugfix on 0.2.4.3-alpha.
2017-11-08 10:45:18 -05:00
David Goulet
dcabf801e5 sched: Ignore closed channel after flushing cells
The flush cells process can close a channel if the connection write fails but
still return that it flushed at least one cell. This is due because the error
is not propagated up the call stack so there is no way of knowing if the flush
actually was successful or not.

Because this would require an important refactoring touching multiple
subsystems, this patch is a bandaid to avoid the KIST scheduler to handle
closed channel in its loop.

Bandaid on #23751.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-08 09:44:39 -05:00
Nick Mathewson
c2c1fa6b95 Merge branch 'maint-0.3.2' 2017-11-08 08:13:14 -05:00
Nick Mathewson
e5a83062ed Merge branch 'bug23816_029_squashed' into maint-0.3.2 2017-11-08 08:11:22 -05:00
Nick Mathewson
cb29687e93 Replace our random-exponential-delay algorithm.
This patch has implementations of the "decorrelated" and "full"
algorithms from https://www.awsarchitectureblog.com/2015/03/backoff.html
2017-11-08 07:56:16 -05:00
Nick Mathewson
b780e84f25 Merge branch 'maint-0.3.2' 2017-11-07 20:36:04 -05:00
Nick Mathewson
3dc61a5d71 Revert "Remove an erroneous 0.5 in compute_weighted_bandwidths()"
This reverts commit 01e984870a.
2017-11-07 20:35:19 -05:00
Nick Mathewson
ea5ea5f554 Merge branch 'maint-0.3.2' 2017-11-07 14:01:10 -05:00
Nick Mathewson
c58471325a Merge remote-tracking branch 'dgoulet/bug24161_032_01' into maint-0.3.2 2017-11-07 14:00:18 -05:00
Nick Mathewson
c7d1d1ad2e Bump to 0.3.2.4-alpha 2017-11-07 13:22:27 -05:00
David Goulet
e67f4441eb Add a safe guard to avoid using a zeroed voting schedule
dirvote_get_next_valid_after_time() is the only public function that uses the
voting schedule outside of the dirvote subsystem so if it is zeroed,
recalculate its timing if we can that is if a consensus exists.

Part of #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-07 11:14:45 -05:00
David Goulet
8171d9f50f Recalculate voting schedule first when getting a new consensus
Because the HS and SR subsystems can use the voting schedule early (with the
changes in #23623 making the SR subsystem using the static voting schedule
object), we need to recalculate the schedule very early when setting the new
consensus.

Fixes #24161

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-07 11:08:12 -05:00
Nick Mathewson
c6c4a421fd Merge branch 'maint-0.3.2' 2017-11-07 09:58:53 -05:00
Nick Mathewson
9d848ca58a Merge remote-tracking branch 'asn/ticket23623_032_01' into maint-0.3.2 2017-11-07 09:58:42 -05:00
Nick Mathewson
0227aab1b7 Merge branch 'maint-0.3.2' 2017-11-06 13:01:56 -05:00
Nick Mathewson
7d767706ef Merge branch 'bug24150_032_squashed' into maint-0.3.2 2017-11-06 12:59:23 -05:00
Nick Mathewson
5240afa713 Fix a memory leak on decryption non-failure of v3 hsdesc
If it decrypts something that turns out to start with a NUL byte,
then decrypt_desc_layer() will return 0 to indicate the length of
its result.  But 0 also indicates an error, which causes the result
not to be freed by decrypt_desc_layer()'s callers.

Since we're trying to stabilize 0.3.2.x, I've opted for the simpler
possible fix here and made it so that an empty decrypted string will
also count as an error.

Fixes bug 24150 and OSS-Fuzz issue 3994.

The original bug was present but unreachable in 0.3.1.1-alpha. I'm
calling this a bugfix on 0.3.2.1-alpha since that's the first version
where you could actually try to decrypt these descriptors.
2017-11-06 12:59:11 -05:00
Nick Mathewson
02a4c641da Merge branch 'maint-0.3.2' 2017-11-06 10:16:19 -05:00
Nick Mathewson
bebdd91058 Fix a 32-bit formatting warning 2017-11-06 10:16:10 -05:00
Nick Mathewson
7097c4a37a Merge remote-tracking branch 'dgoulet/bug24053_033_01' 2017-11-06 10:04:22 -05:00
Nick Mathewson
3beb3dac2d Merge branch 'maint-0.3.2' 2017-11-06 09:49:06 -05:00
Nick Mathewson
c80293706f Merge remote-tracking branch 'public/bug23318_029' into maint-0.3.2 2017-11-06 09:48:51 -05:00
Nick Mathewson
f755f9b9e6 Merge branch 'maint-0.3.2' 2017-11-05 14:41:53 -05:00
Nick Mathewson
9f3d9c68ab Merge branch 'bug21394_029' into maint-0.3.2 2017-11-05 14:39:37 -05:00
Sebastian Hahn
9827574308 Fix DNS resolution on busy exit relays
Thanks to Dhalgren who analyzed this issue two years ago and found a
solution!
2017-11-05 14:36:32 -05:00
Nick Mathewson
9f650b24e9 Merge branch 'maint-0.3.2' 2017-11-05 14:09:21 -05:00
Alex Xu (Hello71)
a72e13a669 Fix rust welcome message typo. 2017-11-05 13:58:51 -05:00
Sebastian Hahn
d3fee8b823 ClientDNSRejectInternalAddresses in non-default networks
Once again allow the flag to be set, unless the default network is used.
Thanks to nickm for a suggestion for the workaround to a test failure.
2017-11-04 18:31:02 +01:00
Sebastian Hahn
e491c05f96 Undo deprecation of ClientDNSRejectInternalAddresses 2017-11-04 18:31:00 +01:00
Sebastian Hahn
5a46074e55 Revert "Make ClientDNSRejectInternalAddresses testing-only."
This reverts commit 27fa4a98d2.
2017-11-04 18:30:59 +01:00
Sebastian Hahn
e24df58245 fixup! Allow bootstrapping networks to have Exit flags 2017-11-04 04:18:32 +01:00
Sebastian Hahn
4d6b679318 Allow bootstrapping networks to have Exit flags
Relevant for non-test networks
2017-11-03 23:07:30 +01:00
Nick Mathewson
cceb43c5e3 Merge branch 'maint-0.3.2' 2017-11-02 10:34:08 -04:00
David Goulet
0386280487 nodelist: Downgrade warning to protocol warning
The node_get_ed25519_id() warning can actually be triggered by a relay flagged
with NoEdConsensus so instead of triggering a warning on all relays of the
network, downgrade it to protocol warning.

Fixes #24025

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-02 10:33:57 -04:00
Nick Mathewson
65d22dc2f2 Merge branch 'maint-0.3.2' 2017-11-02 10:32:18 -04:00
Nick Mathewson
cb42c62c9e Merge branch 'dgoulet_ticket23753_032_02_squashed' into maint-0.3.2 2017-11-02 10:30:42 -04:00
David Goulet
6dc591a024 sched: Rate limit scheduler_bug_occurred()
Just in case we end up hitting a SCHED_BUG() multiple times, rate limit the
log warning.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-02 10:30:33 -04:00
Matt Traudt
52050bb2c6 sched: Add another SCHED_BUG() callsite 2017-11-02 10:30:33 -04:00
David Goulet
3931a6f264 sched: Use SCHED_BUG() macro in scheduler
When a BUG() occurs, this macro will print extra information about the state
of the scheduler and the given channel if any. This will help us greatly to
fix future bugs in the scheduler especially when they occur rarely.

Fixes #23753

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-02 10:30:33 -04:00
Nick Mathewson
f865993653 Merge branch 'maint-0.3.2' 2017-11-02 10:26:30 -04:00
teor
27ea6fcd31 Test that IPv6-only clients can use microdescriptors
When running "make test-network-all", test that IPv6-only clients can use
microdescriptors. IPv6-only microdescriptor client support was fixed in
tor 0.3.0.1-alpha.

Requires chutney master 61c28b9 or later.

Closes ticket 24109.
2017-11-02 10:25:49 -04:00
Nick Mathewson
a46dcc0709 Merge branch 'maint-0.3.2' 2017-11-02 10:22:35 -04:00
Nick Mathewson
6a9a118f90 Tweak a comment for a minor but important distinction 2017-11-02 10:22:32 -04:00
Nick Mathewson
3aab8307a5 Merge branch 'ticket23820_032_01_squashed' into maint-0.3.2 2017-11-02 10:19:29 -04:00
teor
176bfe1bed Don't run IPv6-only v3 single onion service tests using chutney
Part of #23820.
2017-11-02 10:19:05 -04:00
teor
cc072b6fbf Stop users configuring IPv6-only v3 single onion services
They are not yet implemented: they will upload descriptors, but won't be
able to rendezvous, because IPv6 addresses in link specifiers are ignored.

Part of #23820.
2017-11-02 10:19:05 -04:00
teor
a4f34c1106 Improve v3 onion service logging for intro and rend points
Diagnostics for #23820.
2017-11-02 10:19:05 -04:00
teor
77ed99b1a7 Remove buggy IPv6 and ed25519 handling from get_lspecs_from_extend_info()
The previous version of this function had the following issues:
* it didn't check if the extend_info contained an IPv6 address,
* it didn't check if the ed25519 identity key was valid.
But we can't add IPv6 support in a bugfix release.

Instead, BUG() if the address is an IPv6 address, so we always put IPv4
addresses in link specifiers. And ignore missing ed25519 identifiers,
rather than generating an all-zero link specifier.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-11-02 10:19:05 -04:00
Nick Mathewson
a321f8f4af Merge branch 'buf_for_stringbuffer_squashed' 2017-11-02 10:01:30 -04:00
Nick Mathewson
8993159f3d Refactor geoip_get_dirreq_history to use buf_t 2017-11-02 10:00:32 -04:00
Nick Mathewson
3b30015143 Refactor connection_write_to_buf_impl_(); add one that takes a buf_t 2017-11-02 10:00:32 -04:00
Nick Mathewson
095e15f8ac Add a zero-copy buffer move implementation. 2017-11-02 10:00:32 -04:00
Nick Mathewson
5240d02a11 Refactor write_http_response_header_impl() to use buf_t 2017-11-02 10:00:32 -04:00
Nick Mathewson
d5ba4851bd Add buf_t API helpers for using buffers to construct outputs. 2017-11-02 10:00:32 -04:00
Roger Dingledine
7700b99fe6 easy typos while reviewing commits 2017-11-01 16:44:09 -04:00
Sebastian Hahn
acdd349dee rename {,TOR_}RUST_DEPENDENCIES 2017-11-01 13:45:15 -04:00
Nick Mathewson
cd606d5ad3 Merge remote-tracking branch 'public/owning_control_fd' 2017-11-01 13:28:31 -04:00
Nick Mathewson
ef25f957e7 Merge branch 'tor_api_squashed' 2017-11-01 13:22:16 -04:00
Nick Mathewson
221f5238ae tor_runner.c: Add a circumlocution and a caveat. 2017-11-01 13:22:09 -04:00
Nick Mathewson
8c49194505 Add more usage notes on tor_api.h 2017-11-01 13:22:09 -04:00
Nick Mathewson
8b313bd4ad Explain purpose, usage, and status of tor_runner.c 2017-11-01 13:22:09 -04:00
Nick Mathewson
e8682c8594 Add a small library to emulate tor_run_main() with exec() 2017-11-01 13:22:09 -04:00
Nick Mathewson
fa02ea102e Add a public tor_api.h with an implementation in tor_api.c
The main effect of this change is to commit to an extensible
long-term API.

Closes ticket 23684.
2017-11-01 13:22:09 -04:00
David Goulet
198ede5314 test: Fix SR initialization in routerlist test
Fixes #24053

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-11-01 11:39:52 -04:00
Roger Dingledine
9635843342 trivial comment fixes
done while i was trying to debug nearby code
2017-10-31 23:09:00 -04:00
David Goulet
bd631a649b test: Fix voting schedule for hs_service.c
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:49:31 -04:00
David Goulet
814f4c6967 test: Fix voting schedule for hs_common.c
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:49:19 -04:00
David Goulet
19d32fd0d6 test: Fix voting schedule for shared random
Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:48:50 -04:00
Nick Mathewson
43cbcd3896 Merge branch 'maint-0.3.2' 2017-10-31 14:31:55 -04:00
Nick Mathewson
0627512368 Merge branch 'bug24082_032' into maint-0.3.2 2017-10-31 14:31:21 -04:00
Nick Mathewson
f9aed40156 Merge branch 'maint-0.3.2' 2017-10-31 14:18:52 -04:00
Nick Mathewson
c3ea1ccf04 double newline 2017-10-31 14:18:48 -04:00
David Goulet
33da5d7672 test: Initialize the voting schedule in test_dir.c
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 14:07:41 -04:00
Nick Mathewson
2b6f246652 Merge branch 'maint-0.3.2' 2017-10-31 14:04:34 -04:00
Nick Mathewson
8dffc46748 Merge branch 'hsdescv3_fuzz_more' into maint-0.3.2 2017-10-31 14:04:31 -04:00
Nick Mathewson
b76a161e01 Merge branch 'fix-torrcd-sandbox-22605v2' 2017-10-31 13:58:33 -04:00
Nick Mathewson
00e781142b Don't give "exitrelay may become 0 when no policy" warning on ReducedExitPolicy 2017-10-31 13:25:41 -04:00
Nick Mathewson
6e2f8de62d Fix: when BridgeRelay is set, you do not get any exit policy. 2017-10-31 13:25:41 -04:00
Neel Chauhan
b70e11ef6b Add code for letting user select Reduced Exit Policy 2017-10-31 13:25:41 -04:00
Nick Mathewson
4700ba6c3d Merge branch 'maint-0.3.2' 2017-10-31 12:19:42 -04:00
Nick Mathewson
3d93ec3ef4 Merge branch 'bug23762_032_02_squashed' into maint-0.3.2 2017-10-31 12:14:21 -04:00
David Goulet
5dbcd48f0e hs-v3: Attempt descriptor refetch when dirinfo changes
When the directory information changes, callback to the HS client subsystem so
it can check if any pending SOCKS connections are waiting for a descriptor. If
yes, attempt a refetch for those.

Fixes #23762

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 12:14:11 -04:00
Nick Mathewson
c9ad172dd4 Merge branch 'bug23571_033_squashed' 2017-10-31 11:59:18 -04:00
teor
e9f57e193d Consistently use braced blocks in hibernate_go_dormant() 2017-10-31 11:58:34 -04:00
teor
e57604183c When hibernating, close connections normally and allow them to flush
Bugfix on 7267 in 0.2.4.7-alpha
2017-10-31 11:58:34 -04:00
Nick Mathewson
5a21b27083 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-31 11:43:14 -04:00
Nick Mathewson
f2e23d38ab Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-31 11:43:14 -04:00
Nick Mathewson
7c59c751b0 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-31 11:43:14 -04:00
Nick Mathewson
cf98ca715c Merge branch 'maint-0.3.2' 2017-10-31 11:43:14 -04:00
Nick Mathewson
04d4786cc4 Merge remote-tracking branch 'public/bug23693_029' into maint-0.2.9 2017-10-31 11:43:07 -04:00
David Goulet
ce99ebf25d Make tor recalculate voting schedule even if not a dirauth
Because the HS subsystem needs the voting schedule to compute time period, we
need all tor type to do that.

Part of #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-31 09:55:24 -04:00
Nick Mathewson
5dce134fbb Initialize the mock options in the fuzzing code
Fixes bug 24082; bugfix on 0.3.0.3-alpha.  Found by Brian Carpenter.
2017-10-30 17:05:26 -04:00
Nick Mathewson
332d6bf901 Merge branch 'maint-0.3.2' 2017-10-30 11:07:44 -04:00
Nick Mathewson
5bee5fbac7 Merge remote-tracking branch 'public/bug23774_032' into maint-0.3.2 2017-10-30 11:07:26 -04:00
Nick Mathewson
7515eefb70 remove errant ; 2017-10-27 17:58:50 -04:00
Nick Mathewson
26e0909e51 In the hsdescv3 fuzzer, replace the decryption function.
The new decryption function performs no decryption, skips the salt,
and doesn't check the mac.  This allows us to fuzz the
hs_descriptor.c code using unencrypted descriptor test, and exercise
more of the code.

Related to 21509.
2017-10-27 14:28:02 -04:00
Nick Mathewson
5e52beceb0 Only prototype rust_welcome_string() when it exists. 2017-10-27 13:03:24 -04:00
Nick Mathewson
69502942b0 [rust] Avoid a clone in contract_protocol_list() 2017-10-27 13:02:14 -04:00
Nick Mathewson
12f58b42a8 Allow test_rust.sh to run from outside the makefile
(This is just a matter of making sure that we handle the case where
abs_top_builddir is not set)
2017-10-27 12:54:52 -04:00
Nick Mathewson
6e08807b54 Add a build-rust alias to just rebuild the rust code. 2017-10-27 12:52:07 -04:00
Nick Mathewson
1e66ab363a [rust] Add "unsafe" to the testing-mode tor_malloc_ wrapper.
This change lets us remove the allow(unused_unsafe) directive
from allocate_and_copy_string().
2017-10-27 12:49:51 -04:00
Nick Mathewson
3a364529a4 Make distcleancheck pass with --enable-rust 2017-10-27 12:35:13 -04:00
Nick Mathewson
d5eea977be bump to 0.3.2.3-alpha-dev. 2017-10-27 12:33:13 -04:00
Nick Mathewson
2153814ba8 Include rust files in 'make dist' 2017-10-27 12:19:31 -04:00
Nick Mathewson
7f764bcba8 repair "make distcheck" 2017-10-27 11:59:15 -04:00
Nick Mathewson
f803c1bb17 declare shutdown_did_not_work_callback() with ATTR_NORETURN 2017-10-27 11:51:42 -04:00
Nick Mathewson
79e7c0af0e Add a comment about removing the failsafe event loop exit code 2017-10-27 11:15:43 -04:00
Nick Mathewson
0a10335d2e Clarify doc on tell_event_loop_to_run_external_code() 2017-10-27 11:14:37 -04:00
Nick Mathewson
30a681553f Merge remote-tracking branch 'public/exit_carefully' 2017-10-27 11:13:05 -04:00
Nick Mathewson
fa78546dbc Make sure all C files have copyright/license notices 2017-10-27 10:59:36 -04:00
Nick Mathewson
f5e9e2748f Merge branch 'protover-rust-impl_squashed' 2017-10-27 10:05:30 -04:00
Nick Mathewson
2ca8fcb892 Add missing copyright/license statements on all .rs files
(Yes, I have Chelsea's permission.)
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
6be75bd61d cargo fmt; fix line length warnings 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
90daad999e remove experimental rust features
allow unsafe on function that calls C
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
7999d0bf6b update tor_allocate and add tests 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
7d126b9db9 remove unused include.am for rust modules 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
cd2a036959 refactor smartlist for readability
limit scoping of unsafe, and other cleanup
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
91bca5c31b move to allocating c strings from rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
76bbdfbfa9 add tor allocator for rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
d14a83f74f remove unneeded dependencies, remove types where unnecessary 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
0c4d535972 refactor build infrastructure for single rust binary 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
be583a34a3 use tor allocator for string allocation in rust 2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
0c04b54d4d minimize scope for unsafe
update documentation

missing check for null
2017-10-27 10:02:08 -04:00
Chelsea Holland Komlo
d1820c1516 rust implementation of protover 2017-10-27 10:02:08 -04:00
David Goulet
7ee0a2b9aa sr: Don't use a dynamic voting schedule
The exposed get_voting_schedule() allocates and return a new object everytime
it is called leading to an awful lot of memory allocation when getting the
start time of the current round which is done for each node in the consensus.

Closes #23623

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-27 09:23:37 -04:00
David Goulet
60164f057c dirvote: Move code. No behavior change
Needed for next commit to address #23623.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-27 09:23:18 -04:00
Nick Mathewson
fb88527195 update to 0.3.2.3-alpha 2017-10-27 08:59:07 -04:00
Nick Mathewson
a0f8c01004 Merge branch 'maint-0.3.2' 2017-10-27 08:05:04 -04:00
David Goulet
e598c6f6de hs-v3: Check the ed25519 key when picking intro point
If the intro point supports ed25519 link authentication, make sure we don't
have a zeroed key which would lead to a failure to extend to it.

We already check for an empty key if the intro point does not support it so
this makes the check on the key more consistent and symmetric.

Fixes #24002

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-26 14:54:20 -04:00
Nick Mathewson
4af1653e0f Merge branch 'maint-0.3.2' 2017-10-26 10:43:05 -04:00
David Goulet
c4ef21ff5e fuzzing: Make hsdescv3 use the decoding API correctly
Fixes #21509

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-26 09:52:15 -04:00
David Goulet
4d2de821ce Revert "Temporarily disable compilation of the v3 hs fuzzing code"
This reverts commit 5ef656e7d1.
2017-10-26 09:41:47 -04:00
George Kadianakis
42a47c0e7d Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-10-26 13:36:04 +03:00
George Kadianakis
cbc70437a7 Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-10-26 13:36:04 +03:00
teor
b4aa8fc3d9
Remove buggy IPv6 support from pick_intro_point() and service_intro_point_new()
The previous version of these functions had the following issues:
* they can't supply both the IPv4 and IPv6 addresses in link specifiers,
* they try to fall back to a 3-hop path when the address for a direct
  connection is unreachable, but this isn't supported by
  launch_rendezvous_point_circuit(), so it fails.
But we can't fix these things in a bugfix release.

Instead, always put IPv4 addresses in link specifiers.
And if a v3 single onion service can't reach any intro points, fail.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-10-26 17:02:46 +11:00
teor
20b0e9e07d
Remove buggy IPv6 support from hs_get_extend_info_from_lspecs()
The previous version of this function has the following issues:
* it doesn't choose between IPv4 and IPv6 addresses correctly, and
* it doesn't fall back to a 3-hop path when the address for a direct
  connection is unreachable.
But we can't fix these things in a bugfix release.

Instead, treat IPv6 addresses like any other unrecognised link specifier
and ignore them. If there is no IPv4 address, return NULL.

This supports v3 hidden services on IPv4, dual-stack, and IPv6, and
v3 single onion services on IPv4 only.

Part of 23820, bugfix on 0.3.2.1-alpha.
2017-10-26 14:38:06 +11:00
George Kadianakis
1a6814c096 Fix offending unittest and add changes file for #23862. 2017-10-25 20:22:52 +03:00
George Kadianakis
dfd3ed5bdc Remove a duplicate call to update_microdesc_downloads()
This call happens before we update our entry guards, so it needs to be
removed for the fix to #23862 to work.
2017-10-25 20:22:52 +03:00
George Kadianakis
10c5eae3fa Update entry guard state whenever we download a consensus.
Update guard state even if we don't have enough dirinfo since that
actually affects the future download of dirinfos.

Fixes #23862 on 0.3.0.1-alpha
2017-10-25 20:22:52 +03:00
George Kadianakis
8c8d3b90f7 Add a unittest that reveals the offending case of #23862. 2017-10-25 20:22:52 +03:00
Nick Mathewson
c7a1a987d6 Merge branch 'maint-0.3.2' 2017-10-25 12:25:41 -04:00
David Goulet
9592797cf3 hs-v2: Copy needed information between service on prunning
Turns out that when reloading a tor configured with hidden service(s), we
weren't copying all the needed information between the old service object to
the new one.

For instance, the desc_is_dirty timestamp wasn't which could lead to the
service uploading its desriptor much later than it would need to.

The replaycache wasn't also moved over and some intro point information as
well.

Fixes #23790

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-25 11:21:28 -04:00
Nick Mathewson
f68c1b1406 bump to 0.3.1.8-dev 2017-10-25 09:28:05 -04:00
Nick Mathewson
4edbbee2fd bump to 0.3.0.12-dev 2017-10-25 09:27:50 -04:00
Nick Mathewson
46091a88ca bump to 0.2.9.13-dev 2017-10-25 09:27:23 -04:00
Nick Mathewson
9969b0dfda bump to 0.2.8.16-dev 2017-10-25 09:27:07 -04:00
Nick Mathewson
82f8b27ff5 bump to 0.2.5.15-dev 2017-10-25 09:26:53 -04:00
Nick Mathewson
e5c341eb7c Merge branch 'maint-0.3.2' 2017-10-24 19:43:13 -04:00
Nick Mathewson
3498183807 Turn a comment into a doxygen comment.
Crediting this * to teor, in penance for mis-crediting his x removal
to Isis.  The balance is restored.
2017-10-24 19:42:18 -04:00
Nick Mathewson
e7126a1030 Merge remote-tracking branch 'catalyst-oniongit/bug20532_031' into maint-0.3.2 2017-10-24 19:41:26 -04:00
Nick Mathewson
8d908b961f Merge branch 'maint-0.3.2' 2017-10-24 19:37:11 -04:00
Nick Mathewson
8cc57bccfe Isis has been noticing typos. 2017-10-24 19:37:09 -04:00
Nick Mathewson
b95ef19a77 Merge branch 'feature18329_029_squashed' into maint-0.3.2 2017-10-24 19:35:32 -04:00
Nick Mathewson
594cf92498 Merge branch 'feature18329_029_squashed' into maint-0.3.2 2017-10-24 19:35:28 -04:00
Nick Mathewson
f3af74ccf5 Updates to fix check-spaces/check-changes warnings 2017-10-24 19:35:16 -04:00
Nick Mathewson
44e8aaa9aa Adjust test to allow hyphens too. 2017-10-24 19:33:38 -04:00
Isis Lovecruft
02cde0d939 test: Add unittest for descriptors with BridgeDistribution option. 2017-10-24 19:26:24 -04:00
Isis Lovecruft
b0e10f23ba doc: Improve documentation for check_bridge_distribution_setting(). 2017-10-24 19:26:24 -04:00
Nick Mathewson
613b18f0af Always set bridge-distribution-request on bridges' descriptors.
Also, warn the user if the BridgeDistribution option is
unrecognized, and reject the value if it is invalid.
2017-10-24 19:26:24 -04:00
Roger Dingledine
ebab521525 Add new BridgeDistribution config option
Bridge relays can use it to add a "bridge-distribution-request" line
to their bridge descriptor, which tells BridgeDB how they'd like their
bridge address to be given out.

Implements tickets 18329.
2017-10-24 19:26:24 -04:00
Taylor Yu
9b60acd4d4 Rewrite bridge addresses earlier
Call rewrite_node_address_for_bridge() in
launch_direct_bridge_descriptor_fetch() in case there's an existing
node_t for it.
2017-10-24 17:35:17 -05:00
Nick Mathewson
649000662d Merge remote-tracking branch 'arma/ticket23637' 2017-10-24 12:52:41 -04:00
Nick Mathewson
5325e7ccab bump version in the other places :/ 2017-10-24 09:11:17 -04:00
Nick Mathewson
552b620280 bump version in the other places :/ 2017-10-24 09:11:07 -04:00
Nick Mathewson
cbb41ddfef bump to 0.3.1.8 2017-10-24 09:09:50 -04:00
Nick Mathewson
743eee4930 bump to 0.2.5.15 2017-10-24 09:09:00 -04:00
Nick Mathewson
abbd6a36fc Merge branch 'maint-0.3.2' 2017-10-24 08:25:29 -04:00
Nick Mathewson
0d4addfc73 Merge branch 'bug23952_032' into maint-0.3.2 2017-10-24 08:24:12 -04:00
Nick Mathewson
f0a6ea0bfd Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 15:55:48 -04:00
Nick Mathewson
f7707c9031 Merge branch 'maint-0.3.2' 2017-10-23 15:55:48 -04:00
Nick Mathewson
b1d6cf2508 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 15:55:48 -04:00
Nick Mathewson
9ae4ffc076 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 15:55:08 -04:00
Nick Mathewson
b1bd1bf19f Merge remote-tracking branch 'teor/bug23874-029' into maint-0.2.9 2017-10-23 15:53:45 -04:00
Nick Mathewson
48ee85e0c6 Have LOG_PROTOCOL_WARN call its own function
Also, make the function that implements LOG_PROTOCOL_WARN use a
cached value of the desired loglevel, rather than calling
get_options().
2017-10-23 12:22:26 -04:00
Nick Mathewson
af33fdd7c1 Remove the length limit from write_http_status_line
Fixes bug 23908; bugfix on 0.3.1.6-rc when we made the keypin
failure message really long.

Backport from 0.3.2's 771fb7e7ba,
where arma said "get rid of the scary 256-byte-buf landmine".
2017-10-23 09:21:22 -04:00
Nick Mathewson
fcd5c3144a Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 09:11:10 -04:00
Nick Mathewson
eac4c374e4 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 09:11:10 -04:00
Nick Mathewson
49e8352f16 Merge branch 'maint-0.3.2' 2017-10-23 09:11:10 -04:00
Nick Mathewson
6a7aa47357 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 09:11:10 -04:00
Nick Mathewson
85115796bb Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 09:11:10 -04:00
Nick Mathewson
a5f5bda462 Adjust test, now that there are 9 dirauths again 2017-10-23 09:11:07 -04:00
Nick Mathewson
1db5081ba1 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 09:06:34 -04:00
Nick Mathewson
c93ecb8189 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 09:06:34 -04:00
Nick Mathewson
d99c6b7252 Merge branch 'maint-0.3.2' 2017-10-23 09:06:34 -04:00
Nick Mathewson
009141c6a8 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 09:06:34 -04:00
Nick Mathewson
23e3d57e12 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 09:06:34 -04:00
Nick Mathewson
8cc147aa83 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-23 09:04:56 -04:00
David Goulet
15a699462d dirauth: Add bastet to the default authorities
Fixes #23910

Based on a patch by dgoulet; backported to 0.2.5
2017-10-23 09:03:36 -04:00
Nick Mathewson
97046436b2 Merge branch 'maint-0.3.2' 2017-10-23 08:59:12 -04:00
Nick Mathewson
c958fda6e2 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 08:59:11 -04:00
Nick Mathewson
783e458c07 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:59:11 -04:00
Nick Mathewson
b8dedaee74 Merge branch 'maint-0.3.1' into maint-0.3.2 2017-10-23 08:59:11 -04:00
Nick Mathewson
df57d1e0c0 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 08:59:11 -04:00
Nick Mathewson
9a1b385462 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-23 08:58:28 -04:00
Nick Mathewson
132e2f69b1 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-23 08:53:25 -04:00
Nick Mathewson
74e8fd22c9 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:53:25 -04:00
Nick Mathewson
b68de63eb6 Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-23 08:53:25 -04:00
Nick Mathewson
6f87a85897 Merge remote-tracking branch 'public/bug23690_028' into maint-0.2.8 2017-10-23 08:53:14 -04:00
Nick Mathewson
35574d4a9a Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:47:58 -04:00
Nick Mathewson
fcaf3335b4 Merge remote-tracking branch 'public/bug23081_025' into maint-0.2.9 2017-10-23 08:47:52 -04:00
Nick Mathewson
d29e4c0597 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-23 08:46:29 -04:00
Nick Mathewson
68dea082e7 Merge remote-tracking branch 'public/bug22349_029' into maint-0.2.9 2017-10-23 08:46:26 -04:00
Nick Mathewson
a62f59f000 Mark "previously validated foo could not be set" blocks as unreachable. 2017-10-20 19:28:12 -04:00
Nick Mathewson
c4a07b261b Add unit tests for cases of starting with bogus keygen arguments
In particular, this tests that we give an appropriate warning when
we are told to use some keygen argument, but --keygen is not specified.
2017-10-20 19:27:48 -04:00
Nick Mathewson
3c99b810a4 Exit more carefully when options_act() fails.
Also, annotate options_act() with places where we should be
pre-validating values.
2017-10-20 11:39:17 -04:00
Nick Mathewson
1df43aff41 Return instead of exiting in options_init_from_torrc() 2017-10-20 11:39:17 -04:00
Nick Mathewson
853e73e815 Return from instead of exit()ing when ed25519 key check fails. 2017-10-20 11:39:17 -04:00
Nick Mathewson
c247a2df6b On locking failure, return -1 instead of exit()ing.
This is safe, since the only caller (options_act) will check the
return value, and propagate failure.
2017-10-20 11:39:17 -04:00
Nick Mathewson
9bafc3b1ef Replace most bad exits in main.c, hibernate.c
This should make most of the reasons that we hibernate cleaner.
2017-10-20 11:39:17 -04:00
Nick Mathewson
c82cc8acb5 Add a failsafe to kill tor if the new exit code doesn't work.
It _should_ work, and I don't see a reason that it wouldn't, but
just in case, add a 10 second timer to make tor die with an
assertion failure if it's supposed to exit but it doesn't.
2017-10-20 11:39:17 -04:00
Nick Mathewson
f0c3b62381 Expose a new function to make the event loop exit once and for all.
Instead of calling tor_cleanup(), exit(x), we can now call
tor_shutdown_event_loop_and_exit.
2017-10-20 11:39:17 -04:00
Nick Mathewson
78cbced45c Rename "tell_event_loop_to_finish" to "...run_external_code"
This function was never about 'finishing' the event loop, but rather
about making sure that the code outside the event loop would be run
at least once.
2017-10-20 09:59:48 -04:00
Nick Mathewson
35746a9ee7 Comment-only change: annotate exit() calls.
Sometimes when we call exit(), it's because the process is
completely hopeless: openssl has a broken AES-CTR implementation, or
the clock is in the 1960s, or something like that.

But sometimes, we should return cleanly from tor_main() instead, so
that embedders can keep embedding us and start another Tor process.

I've gone through all the exit() and _exit() calls to annotate them
with "exit ok" or "XXXX bad exit" -- the next step will be to fix
the bad exit()s.

First step towards 23848.
2017-10-19 13:42:28 -04:00
Nick Mathewson
0956242158 Mark some unreachable code in compat_winthreads.c as unreachable 2017-10-19 13:21:48 -04:00
Nick Mathewson
72b5e4a2db Move tor_git_revision into a new module.
At first, we put the tor_git_revision constant in tor_main.c, so
that we wouldn't have to recompile config.o every time the git
revision changed.  But putting it there had unintended side effect
of forcing every program that wanted to link libor.a (including
test, test-slow, the fuzzers, the benchmarks, etc) to declare their
own tor_git_revision instance.

That's not very nice, especially since we want to start supporting
others who want to link against Tor (see 23846).

So, create a new git_revision.c file that only contains this
constant, and remove the duplicated boilerplate from everywhere
else.

Part of implementing ticket 23845.
2017-10-18 13:49:35 -04:00
Nick Mathewson
f1bf9bf819 Add __OwningControllerFD to allow controllers without controlports
This feature should help programs that want to launch and manage a
Tor process, as well as programs that want to launch and manage a
Tor instance in a separate thread.  Right now, they have to open a
controlport, and then connect to it, with attendant authentication
issues.  This feature allows them to just start with an
authenticated connection.

Bug 23900.
2017-10-18 13:36:53 -04:00
Nick Mathewson
f0daaf8d60 Expose connection_init_accepted_conn. 2017-10-18 12:55:09 -04:00
Nick Mathewson
4eb5753bd2 New function for Tor to treat itself as the "owner" of a socket
Our socket accounting functions assumed that we'd never be asked to
close a socket that we didn't open ourselves.  But now we want to
support taking control sockets that we inherit -- so we need a way
of taking ownership of them, so we don't freak out later on when we
close them.
2017-10-18 12:17:44 -04:00
Nick Mathewson
5bcd8dc5c4 Make the mark_socket_open() no-op treat the socket as used.
This is preliminary for extracting the "take socket ownership" code
into its own function.
2017-10-18 12:13:26 -04:00
Nick Mathewson
5d219ecf98 Update Longclaw's IP address; fixes 23592. 2017-10-17 14:00:30 -04:00
Nick Mathewson
8652f3e9e8 Fix memory leak when freeing socket_table in KIST. 2017-10-17 13:40:31 -04:00
Nick Mathewson
d8604b8729 Merge branch 'teor_bug23813_squashed' 2017-10-15 20:36:23 -04:00
teor
eaf9c0f25a Describe what router_reset_descriptor_download_failures() actually does
Comment-only change.

Part of #23813.
2017-10-15 20:36:18 -04:00
teor
5bca66be49
Clear the address when node_get_prim_orport() returns early
Fixes bug 23874; bugfix on 0.2.8.2-alpha.
2017-10-15 16:48:36 -04:00
teor
67eeee0c71
Add a new consensus method that removes IPv6 address lines from microdescs
Implements #23828.
2017-10-15 12:31:39 -04:00
teor
56dbba3207
Add a consensus method for IPv6 address lines in the microdesc consensus
Implements #23826.
2017-10-15 12:31:06 -04:00
teor
b8d4588c90
Add a consensus_method argument to routerstatus_format_entry()
And pass ROUTERSTATUS_FORMAT_NO_CONSENSUS_METHOD when it's not applicable.

Preparation for #23826.
2017-10-15 12:09:52 -04:00
teor
305f947671
Improve the comment on networkstatus_compute_consensus() 2017-10-15 12:08:55 -04:00
Nick Mathewson
e00f12ec6c bump version on master to 0.3.3.0-alpha-dev 2017-10-15 11:57:06 -04:00
Nick Mathewson
bdf60fc7ce Merge branch 'maint-0.3.0' into maint-0.3.1 2017-10-05 11:03:36 -04:00
Nick Mathewson
0cd7c1af37 Merge branch 'maint-0.3.1' 2017-10-05 11:03:36 -04:00
Nick Mathewson
2984d99165 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-10-05 11:03:35 -04:00
Nick Mathewson
d6bdec1595 Merge branch 'maint-0.2.5' into maint-0.2.8 2017-10-05 11:03:35 -04:00
Nick Mathewson
ad7db10770 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-10-05 11:03:35 -04:00
Karsten Loesing
b9d9b16b76 Update geoip and geoip6 to the October 4 2017 database. 2017-10-05 16:56:14 +02:00
David Goulet
469ee6e6fe hs-v3: Refactor client refetch function
Create a function that tells us if we can fetch or not the descriptor for the
given service key.

No behavior change. Mostly moving code but with a slight change so the
function can properly work by returning a boolean and also a possible fetch
status code.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-04 15:50:22 -04:00
Taylor Yu
44e4a96bb5 Don't expect permission failure if running as root
Skip test_config_include_no_permission() when running as root, because
it will get an unexpected success from config_get_lines_include().
This affects some continuous integration setups.  Fixes bug 23758.
2017-10-04 08:42:05 -05:00
David Goulet
2e8de0de3b sched: Implement SCHED_BUG()
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 14:43:09 -04:00
cathugger
9d90f9829c hs-v3: Always generate the public key file on disk
Fixes #23748

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 11:19:10 -04:00
Nick Mathewson
1e7e36da4b Merge branch 'bug23672_032_01_squashed' 2017-10-03 10:56:52 -04:00
David Goulet
30d2e0b71e test: Add an HS v3 descriptor fetch unit test
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 10:56:46 -04:00
David Goulet
c232b6b59c hs-v3: Close pending SOCKS connection on descriptor fetch error
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-10-03 10:56:46 -04:00
Nick Mathewson
783a44b2cd Merge remote-tracking branch 'asn/bug23670' 2017-10-03 09:05:16 -04:00
George Kadianakis
f7306b16ec entrynodes: Better naming for dir info check functions. 2017-10-03 15:55:19 +03:00
Nick Mathewson
a6c62cbd13 Merge branch 'bug23678_032' 2017-10-03 08:18:08 -04:00
Nick Mathewson
f923aeee1b Follow-up on 23678: fix socks/wrong_protocol test 2017-10-03 08:17:41 -04:00
Nick Mathewson
f2e820c45f torcert.c: mark some lines unreachable by tests
These are related to handling of failures on functions which can't
fail.
2017-10-03 08:07:36 -04:00
Nick Mathewson
bb7288b2c3 Make the fp_pair_map tests cover {get,set}_by_digests 2017-10-03 08:07:36 -04:00
George Kadianakis
5352785d0c entrynodes: Error msg for missing guard descs is now more informative. 2017-10-03 14:41:20 +03:00
George Kadianakis
f2231306ba entrynodes: Move guard dirinfo check below path dirinfo check.
We do that because we want to use the path fraction dirinfo data in case
we are missing primary guard dirinfo.
2017-10-03 14:41:18 +03:00
George Kadianakis
c9729853a5 entrynodes: Be specific about how many primary descriptors we miss. 2017-10-03 14:39:34 +03:00
Nick Mathewson
d0cae9fbc5 bump master to 0.3.2.2-alpha-dev 2017-10-02 19:19:51 -04:00
Alexander Færøy
c61508f9aa
Bump version to 0.3.2.2-alpha.
Signed-off-by: Isis Lovecruft <isis@torproject.org>
2017-10-02 19:23:32 +00:00
Nick Mathewson
ad4dcd7d1a Fix our "not an HTTP Proxy" message in light of HTTPTunnelPort
When we added HTTPTunnelPort, the answer that we give when you try
to use your SOCKSPort as an HTTP proxy became wrong.  Now we explain
that Tor sorta _is_ an HTTP proxy, but a SOCKSPort isn't.

I have left the status line the same, in case anything is depending
on it.  I have removed the extra padding for Internet Explorer,
since the message is well over 512 bytes without it.

Fixes bug 23678; bugfix on 0.3.2.1-alpha.
2017-10-02 12:53:13 -04:00
Nick Mathewson
c50c98ba6a Make changes in server_mode() affect workers; fix a crash.
Without this fix, changes from client to bridge don't trigger
transition_affects_workers(), so we would never have actually
initialized the cpuworkers.

Fixes bug 23693.  Bugfix on 3bcdb26267 0.2.6.3-alpha, which
fixed bug 14901 in the general case, but not on the case where
public_server_mode() did not change.
2017-10-02 11:11:30 -04:00
Nick Mathewson
dddae36f5e Merge remote-tracking branch 'dgoulet/ticket23696_032_01' 2017-09-29 17:46:50 -04:00
Nick Mathewson
ca2e7eabc2 Merge branches 'bug8185_031' and 'bug8185_diagnostic_032' 2017-09-29 17:26:40 -04:00
David Goulet
070064de89 sched: Always initialize scheduler_last_run to now
Because our monotonic time interface doesn't play well with value set to 0,
always initialize to now() the scheduler_last_run at init() of the KIST
scheduler.

Fixes #23696

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-29 14:07:55 -04:00
Matt Traudt
3ef7e6f187 sched: Don't get KIST stuck in an infinite loop
When a channel is scheduled and flush cells returns 0 that is no cells to
flush, we flag it back in waiting for cells so it doesn't get stuck in a
possible infinite loop.

It has been observed on moria1 where a closed channel end up in the scheduler
where the flush process returned 0 cells but it was ultimately kept in the
scheduling loop forever. We suspect that this is due to a more deeper problem
in tor where the channel_more_to_flush() is actually looking at the wrong
queue and was returning 1 for an empty channel thus putting the channel in the
"Case 4" of the scheduler which is to go back in pending state thus
re-considered at the next iteration.

This is a fix that allows the KIST scheduler to recover properly from a not
entirelly diagnosed problem in tor.

Fixes #23676

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-29 11:06:31 -04:00
Nick Mathewson
fc6c0b46fb Merge branch 'bug23690_additional_032' 2017-09-29 10:29:40 -04:00
Nick Mathewson
b0ddaac074 Make some assertions nonfatal to help prevent bug23690 recurrence. 2017-09-29 10:29:33 -04:00
Nick Mathewson
8ccefa7b7a Merge branch 'bug23690_028' 2017-09-29 10:28:33 -04:00
Nick Mathewson
f7222e6d8c Clear outbuf_flushlen when we clear a connection's outbuf
When we added single_conn_free_bytes(), we cleared the outbuf on a
connection without setting outbuf_flushlen() to 0.  This could cause
an assertion failure later on in flush_buf().

Fixes bug 23690; bugfix on 0.2.6.1-alpha.
2017-09-29 10:00:14 -04:00
Nick Mathewson
1a5746f8e1 Merge branch 'bug8185_025' into bug8185_031 2017-09-29 09:37:01 -04:00
Nick Mathewson
d256d4c0a6 Don't package cells onto marked circuits.
This caused a BUG log when we noticed that the circuit had no
channel.  The likeliest culprit for exposing that behavior is
d769cab3e5, where we made circuit_mark_for_close() NULL out
the n_chan and p_chan fields of the circuit.

Fixes bug 8185; bugfix on 0.2.5.4-alpha, I think.
2017-09-29 09:33:47 -04:00
Nick Mathewson
1b6ccb52ea Log more information when bug8185 is about to trigger.
My current theory is that this is just a marked circuit that hasn't
closed yet, but let's gather more information in case that theory is
wrong.

Diagnostic for 8185.
2017-09-29 09:24:01 -04:00
Nick Mathewson
4e6374c26b Merge remote-tracking branch 'catalyst-oniongit/bug23691' 2017-09-28 19:07:23 -04:00
Taylor Yu
2ae1b7e2db Fix leak in test_util.c
AddressSanitizer found a leak in test_util_decompress_dos_impl().
Fixes bug #23691.
2017-09-28 17:53:38 -05:00
Alexander Færøy
8d6940814a
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 20:17:41 +02:00
Alexander Færøy
c2fac2c6b0
Enable disabled test that was disabled due to bug #23551
See: https://bugs.torproject.org/23551
2017-09-28 18:58:15 +02:00
Alexander Færøy
44dc4b73ec
Better error handling when trying to compress/decompress into empty buffer.
This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
2017-09-28 18:58:15 +02:00
Alexander Færøy
c3b7f9d762
Fix whitespace issue in compress.c 2017-09-28 18:58:15 +02:00
Alexander Færøy
a196fdb622
Fix typo in buffers.c. 2017-09-28 18:58:09 +02:00
Nick Mathewson
3a073c463d Improve unit test coverage for compression code.
These tests try uncompressing garbage, verify that we won't
make compression bombs, and verify that we won't uncompress
compression bombs.
2017-09-28 12:20:02 -04:00
Nick Mathewson
14614a592e Fix spelling: compressing, not compresing 2017-09-28 12:17:34 -04:00
Nick Mathewson
f71ff0cabc Unit test for case where %included dir exists but is unreadable 2017-09-28 09:49:30 -04:00
Nick Mathewson
5b6f2713cd unit test for config_lines_dup_and_filter 2017-09-28 09:40:17 -04:00
Nick Mathewson
55873107d0 Correct docs for config_lines_dup_and_filter 2017-09-28 09:40:04 -04:00
Nick Mathewson
a64d79ca4c Move around some LCOV_EXCLs in src/common
Apparently, my compiler now generates coverage markers for
label-only lines, so we need to exclude those too if they are meant
to be unreachable.
2017-09-28 09:25:17 -04:00
Nick Mathewson
99e52711bb Add unit test for buf_get_line(). 2017-09-28 08:35:30 -04:00
Nick Mathewson
01d67a9071 Note an unreachable (?) section in buffers.c 2017-09-28 08:35:24 -04:00
Nick Mathewson
f21102c069 Let's get 100% coverage for proto_http while we're at it.
There was some coverage before, but it was mostly accidental.
2017-09-27 21:45:55 -04:00
Nick Mathewson
57f04a482e Test more error cases of our socks code.
Coverage is now respectable. :)
2017-09-27 19:37:36 -04:00
Nick Mathewson
6882e711d0 Add unit tests for SOCKS functions that parse server responses
We use these when we're acting as a SOCKS client, but we'd never
actually written tests for them :/
2017-09-27 18:55:14 -04:00
Nick Mathewson
5418aa84ee socks5 unit tests: add check for ipv6 address type. 2017-09-27 11:23:09 -04:00
Nick Mathewson
04f7873bab Socks tests for bad socks5 username/passwd auth. 2017-09-27 11:16:29 -04:00
Nick Mathewson
14124f82df Mark some tests in parse_socks.c as unreachable (BUG, LCOV)
These tests aren't reachable, given their actual arguments.  I'm
going to mark them as BUG(), and as unreachable with LCOV.
2017-09-27 11:16:20 -04:00
Nick Mathewson
5427365907 testing: test many possible truncated SOCKS commands
Many of the 'truncated command' paths in fetch_from_buf_socks() were
not reached by the tests.  This new unit test tries to check them
exhaustively.
2017-09-27 10:54:56 -04:00
David Goulet
cf75c1af66 hs-v3: Don't fetch descriptor if we have a pending request
If 6 SOCKS requests are opened at once, it would have triggered 6 fetches
which ultimately poke all 6 HSDir. We don't want that, if we have multiple
SOCKS requests for the same service, do one fetch only.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-27 09:24:35 -04:00
George Kadianakis
178a2bbcff prop224: Fix one last instance of get_time_period_num() with now.
When purging last HSDir requests, we used time(NULL) for computing the
service blinded key but in all other places in our codebase we actually
use the consensus times. That can cause wrong behavior if the consensus
is in a different time period than time(NULL).

This commit is required for proper purging of HSDir requests.
2017-09-27 09:24:35 -04:00
George Kadianakis
6051375cca prop224: Update some function docs with the right retval. 2017-09-27 09:24:35 -04:00
Nick Mathewson
a57f495c1a Move ext_or_command tests to test_proto_misc.c
No other code changes.
2017-09-27 09:11:15 -04:00
Nick Mathewson
b8b016940d Add unit tests for var_cell and control0 proto functions. 2017-09-27 09:09:00 -04:00
Taylor Yu
8f8a4c0ced Eat redundant semicolons 2017-09-26 15:12:34 -04:00
David Goulet
40ab25db62 hs-v3: Don't non fatal assert if we can't get the intro extend info
Fixes #23159.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-26 13:55:51 -04:00
Nick Mathewson
6beeb10070 Merge branch 'typecheck4' 2017-09-26 12:26:01 -04:00
Nick Mathewson
49d2346b80 Type bug in shared_random_state -- make sure Version is int.
The confparse field has type UINT, which corresponds to an int
type.  We had uint32_t.

This shouldn't cause trouble in practice, since int happens to
4-bytes wide on every platform where an authority is running.  It's
still wrong, though.
2017-09-26 12:25:34 -04:00
Nick Mathewson
a5b18dfba9 Make the TransProxyType field non-const
The correct type for a STRING confparse value is char *, not const
char *.
2017-09-26 12:25:07 -04:00
Nick Mathewson
4d11a468b2 Correct two state-file variable types.
These should have been int, but we had listed them as unsigned.
That's an easy mistake to make, since "int" corresponds with either
INT or UINT in the configuration file.

This bug cannot have actually caused a problem in practice, since we
check those fields' values on load, and ensure that they are in
range 0..INT32_MAX.
2017-09-26 12:25:01 -04:00
Nick Mathewson
eb54a856a2 Add test to make sure all confparse variables are well-typed
New approach, suggested by Taylor: During testing builds, we
initialize a union member of an appropriate pointer type with the
address of the member field we're trying to test, so we can make
sure that the compiler doesn't warn.

My earlier approach invoked undefined behavior.
2017-09-26 12:24:04 -04:00
Nick Mathewson
1f3db0514e Merge remote-tracking branch 'asn/ticket23645_032_01' 2017-09-26 08:55:59 -04:00
David Goulet
648d5ea67e hs: Improve logging
Also demote a log message that can occur under natural causes
(if the circuit subsystem is missing descriptors/consensus etc.).
The HS subsystem will naturally retry to connect to intro points,
so no need to make that log user-facing.
2017-09-26 13:55:44 +03:00
David Goulet
4190f602bd circuit: Log n_circ_id and global identifier of HS circuits
So we can track them more easily in the logs and match any open/close/free
with those identifiers.

Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:21:04 -04:00
David Goulet
767b1815e9 circuit: Log circuit identifiers when cannibalizing
This removes the "nickname" of the cannibalized circuit last hop as it is
useless. It now logs the n_circ_id and global identifier so we can match it
with other logging statement.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:08:11 -04:00
David Goulet
fb4a82c485 circuit: Keep a copy of n_circ_id for logging
Prior to the log statement, the circuit n_circ_id value is zeroed so keep a
copy so we can log it at the end.

Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:04:30 -04:00
David Goulet
de54e14312 circuit: Closing reason are signed values
Part of #23645

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 16:01:12 -04:00
Nick Mathewson
45530ed729 Merge branch 'bug22109' 2017-09-25 14:32:04 -04:00
Nick Mathewson
81c4793232 Make testing rend1_payload variables static
This fixes a clang warning.
2017-09-25 13:26:43 -04:00
Nick Mathewson
90e8d1f58f Merge branch 'bug23539_032_01_squashed' 2017-09-25 11:12:56 -04:00
Nick Mathewson
581e2c8b2c Whitespace fix. 2017-09-25 11:12:45 -04:00
Matt Traudt
7bbc29b0f2 sched: make interval a plain int; initialize with macro 2017-09-25 11:11:30 -04:00
David Goulet
ef2a449cce sched: Make KISTSchedRunInterval non negative
Fixes #23539.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-25 11:11:30 -04:00
Nick Mathewson
777e828ef3 Merge remote-tracking branch 'asn/ticket23420_032_01' 2017-09-25 09:24:36 -04:00
George Kadianakis
03b3f5486a prop224: Add test for parsing RENDEZVOUS1 cell.
Just making sure that added padding does not screw up cell parsing.
2017-09-25 15:00:06 +03:00
Roger Dingledine
8dff23eb34 Assign Exit flag only for ports 80 and 443
Make the "Exit" flag assignment only depend on whether the exit
policy allows connections to ports 80 and 443. Previously relays
would get the Exit flag if they allowed connections to one of
these ports and also port 6667.

Resolves ticket 23637.
2017-09-24 19:27:07 -04:00
Roger Dingledine
a1f31c0671 fix typo 2017-09-22 17:26:29 -04:00
Nick Mathewson
01e984870a Remove an erroneous 0.5 in compute_weighted_bandwidths()
Back in 0.2.4.3-alpha (e106812a77), when we switched from using
double to using uint64 for selecting by bandwidth, I got the math
wrong: I should have used llround(x), or (uint64_t)(x+0.5), but
instead I wrote llround(x+0.5).  That means we would always round
up, rather than rounding to the closest integer

Fixes bug 23318; bugfix on 0.2.4.3-alpha.
2017-09-22 15:29:15 -04:00
Nick Mathewson
22e2c3bf7d Fix check-spaces and a weird copyright. 2017-09-22 12:20:26 -04:00
Nick Mathewson
230a336798 Use setup_full_capture_of_logs for 21800
setup_capture_of_logs() doesn't actually suppress warnings :p
2017-09-22 10:22:47 -04:00
Nick Mathewson
ac3fdb74c2 Remove unused chosen_scheduler_type variable. 2017-09-22 09:56:54 -04:00
Nick Mathewson
122eab78d9 Merge remote-tracking branch 'pastly/bug23552_032_03' 2017-09-22 09:54:41 -04:00
David Goulet
dc5c9af6c3 hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-22 09:09:13 -04:00
Nick Mathewson
91467e04b1 Merge branch 'bug22805_v2_squashed' 2017-09-22 08:58:17 -04:00
Nick Mathewson
95a7e7e925 Stop using CREATE_FAST as a signifier of clienthood.
Relays send it, and we may as well let them.  Part of our fix for
22805.
2017-09-22 08:57:45 -04:00
Nick Mathewson
ceb49c1c5f Use channel_is_client() accessor in channelpadding.c.
Also, allow channel_is_client() to take a const channel.
2017-09-22 08:55:53 -04:00
Nick Mathewson
d1e0e486e9 Stop clearing the is_client flag on channel directly 2017-09-22 08:55:53 -04:00
Nick Mathewson
66aff2d8f3 Remove or_circuit_t.is_first_hop; use channel_is_client() instead
The is_first_hop field should have been called used_create_fast,
but everywhere that we wanted to check it, we should have been
checking channel_is_client() instead.
2017-09-22 08:55:53 -04:00
Matt Traudt
88b317ef28 sched: move code to respect comments
The diff is confusing, but were two static scheduler functions that
needed moving to static comment block.

No code change. Thanks dgoulet for original commit
2017-09-22 08:52:27 -04:00
Matt Traudt
22699e3f16 sched: only log when scheduler type changes
Closes 23552. Thanks dgoulet for original impl
2017-09-22 08:51:22 -04:00
Nick Mathewson
512c57cff9 test_util: capture the log in the correct place. 2017-09-22 08:51:03 -04:00
Nick Mathewson
00d7b60557 Merge branch 'bug21800' 2017-09-21 17:39:54 -04:00
Nick Mathewson
bb9b8e65bb Merge remote-tracking branch 'pastly/bug23581_032_03' 2017-09-21 17:33:10 -04:00
Nick Mathewson
33d44dc4ac Capture "Result does not fit in tor_timegm()" warnings in util tests
Fixes bug 21800; bugfix on 0.2.9.x
2017-09-21 15:32:16 -04:00
David Goulet
7f3dc8327a hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:38:43 -04:00
David Goulet
1749e07891 hs: Improve comments for when we change timestamps
Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:24:36 -04:00
David Goulet
c20d4db7bf sched: Hard exit if we can't select a scheduler
Fixes #23581

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 14:18:42 -04:00
David Goulet
6045bdd4a0 hs: Avoid possible double circuit close on error
Fixes #23610

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-21 13:13:53 -04:00
Nick Mathewson
4c7a89a226 Merge remote-tracking branch 'catalyst-oniongit/bug23607' 2017-09-21 10:58:06 -04:00
Nick Mathewson
c7b7cf8e18 Merge branch 'maint-0.3.1' 2017-09-21 10:39:10 -04:00
Mike Perry
d70a793cfc Bug 23608: Mock time for all channelpadding tests. 2017-09-21 10:36:57 -04:00
Taylor Yu
ad814cad41 Avoid assertion failure for state file clock skew
The clock_skew_warning() refactoring allowed calls from
or_state_load() to control_event_bootstrap_problem() to occur prior
bootstrap phase 0, causing an assertion failure.  Initialize the
bootstrap status prior to calling clock_skew_warning() from
or_state_load().
2017-09-20 18:54:37 -05:00
Taylor Yu
1c017edac3 Use correct sign for state file clock skew
or_state_load() was using an incorrect sign convention when calling
clock_skew_warning() to warn about state file clock skew.  This caused
the wording of the warning to be incorrect about the direction of the
skew.
2017-09-20 18:50:39 -05:00
Nick Mathewson
ac8e26a415 Use correct name for authtype 3 in a comment. 2017-09-20 15:46:21 -04:00
David Goulet
9b4513c5d1 hs: Log the intro point when we clean it up
When we remove an intro point from the service list, log info about it and
some useful data.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20 13:08:16 -04:00
David Goulet
317dabc57f circuit: Log n_circ_id and global identifier
When we can, log the n circuit id and global identifier for origin circuit.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-20 12:52:53 -04:00
Nick Mathewson
2998350122 Merge branch 'bug23080' 2017-09-20 12:12:02 -04:00
Nick Mathewson
f9155ff416 Unit test to make sure that our platform string is parseable
Closes 22109.
2017-09-20 10:10:02 -04:00
Nick Mathewson
ff0aabc35d Merge branch 'maint-0.3.1' 2017-09-20 09:45:07 -04:00
Andreas Stieger
427c2cc9e8 in zstd compression, fix 32 bit build
format '%lu' expects argument of type 'long unsigned int', but argument ... has type 'size_t'

Closes ticket 23568.
2017-09-20 09:43:08 -04:00
Nick Mathewson
427ae164f3 Fix a comment that misunderstood is_canonical
is_canonical doesn't mean "am I connected to the one true address of
this relay"; it means "does this relay tell me that the address I'm
connected to belong to it."  The point is to prevent TCP-based MITM,
not to prevent the relay from multi-homing.

Related to 22890.
2017-09-20 09:41:01 -04:00
Nick Mathewson
c4e8548c59 Warn on ExtORPort USERADDR that is missing or 0.
Diagnoses violations on #23080.
2017-09-20 08:50:49 -04:00
Nick Mathewson
9e0587f806 Merge remote-tracking branch 'dgoulet/ticket23305_032_01' 2017-09-20 08:36:11 -04:00
Nick Mathewson
2c93be80d9 Merge branch 'maint-0.2.8' into maint-0.2.9 2017-09-20 08:32:55 -04:00
Nick Mathewson
746410fb24 Merge branch 'maint-0.2.9' into maint-0.3.0 2017-09-20 08:32:55 -04:00
Nick Mathewson
654820ec1c Merge branch 'maint-0.3.0' into maint-0.3.1 2017-09-20 08:32:55 -04:00
Nick Mathewson
a8f4f5742e Merge branch 'maint-0.3.1' 2017-09-20 08:32:55 -04:00
teor
8e52c46581
Remove longclaw's IPv6 address, as it will soon change
Authority IPv6 addresses were originally added in 0.2.8.1-alpha.

This leaves 3/8 directory authorities with IPv6 addresses, but there
are also 52 fallback directory mirrors with IPv6 addresses.

Resolves 19760.
2017-09-20 14:48:53 +10:00
Matt Traudt
4a3b61a5b3 sched: reorder code to fit comment bodies; comment typos
Closes 23560
2017-09-19 20:13:28 -04:00
Roger Dingledine
1c956ccd5f fix typos/etc found while starting to look at scheduler 2017-09-19 19:55:57 -04:00
Nick Mathewson
6628c95e54 Merge remote-tracking branch 'pastly2/bug23566_032_01' 2017-09-19 19:35:46 -04:00
Matt Traudt
951b9f1fa5 tests: fix transproxy tests on BSD systems 2017-09-19 19:20:55 -04:00
Matt Traudt
a8c54ce581 sched: Allow the new sched to react to new cons 2017-09-19 19:07:48 -04:00
Nick Mathewson
ac73913d40 Merge branch 'bug23583_029' 2017-09-19 14:12:29 -04:00
Nick Mathewson
10ea3343b5 Avoid integer error in TEST_BITOPS tests
If "1" is not 64 bits wide already, then "1 << i" will not actually
work.

This bug only affects the TEST_BITOPS code, and shouldn't matter for
the actual use of the timeout code (except if/when it causes this
test to fail).

Reported by dcb314@hotmail.com.  Fix for bug 23583.  Not adding a
changes file, since this code is never compiled into Tor.
2017-09-19 13:58:35 -04:00
David Goulet
5dea4b565f Add a BASE32_DIGEST_LEN define
Use this value instead of hardcoded values of 32 everywhere. This also
addresses the use of REND_DESC_ID_V2_LEN_BASE32 in
hs_lookup_last_hid_serv_request() for the HSDir encoded identity digest length
which is accurate but semantically wrong.

Fixes #23305.

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-19 12:33:04 -04:00
David Goulet
a3f5a24669 hs: Pad RENDEZVOUS1 v3 cell to match length of v2
RENDEZVOUS1 cell is 84 bytes long in v3 and 168 bytes long in v2 so this
commit pads with random bytes the v3 cells up to 168 bytes so they all look
alike at the rendezvous point.

Closes #23420

Signed-off-by: David Goulet <dgoulet@torproject.org>
2017-09-19 09:13:28 -04:00
Nick Mathewson
84d587bed8 Merge remote-tracking branch 'teor/minor-comments' 2017-09-19 08:24:49 -04:00
teor
e77ece3b31
Avoid a compilation warning on macOS in scheduler_ev_add()
This warning is caused by a different tv_usec data type on macOS
compared to the system on which the patch was developed.

Fixes 23575 on 0.3.2.1-alpha.
2017-09-19 16:32:47 +10:00
teor
429d88ad6a
Improve comments around connection_or_client_used() 2017-09-19 14:30:27 +10:00
teor
228d782229
Improve comments formatting in connection.c 2017-09-19 14:30:09 +10:00
Nick Mathewson
6afc924d7e Correct what-is-deprecated-when comments 2017-09-18 15:11:33 -04:00
Nick Mathewson
94a88eaa45 Merge remote-tracking branch 'public/ticket19704' 2017-09-18 15:02:16 -04:00
Nick Mathewson
32858610c7 bump to 0.3.2.1.-alpha-dev 2017-09-18 14:40:13 -04:00
Nick Mathewson
0e85b71066 bump to 0.3.1.7-dev 2017-09-18 14:40:04 -04:00
Nick Mathewson
e78347fcc2 bump to 0.3.0.11-dev 2017-09-18 14:39:55 -04:00