Commit Graph

20953 Commits

Author SHA1 Message Date
Ola Bini
ade5005853
Add tests for the rend cache 2015-09-15 16:21:50 +02:00
teor (Tim Wilson-Brown)
d3358a0a05 ExitPolicy accept6/reject6 produces IPv6 wildcard addresses only
In previous versions of Tor, ExitPolicy accept6/reject6 * produced
policy entries for IPv4 and IPv6 wildcard addresses.

To reduce operator confusion, change accept6/reject6 * to only produce
an IPv6 wildcard address.

Resolves bug #16069.

Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
36ad8d8fdc Warn about redundant torrc ExitPolicy lines due to accept/reject *:*
Tor now warns when ExitPolicy lines occur after accept/reject *:*
or variants. These lines are redundant, and were always ignored.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:12 +10:00
teor (Tim Wilson-Brown)
e033d5e90b Ignore accept6/reject6 IPv4, warn about unexpected rule outcomes
When parsing torrc ExitPolicies, we now warn if:
  * an IPv4 address is used on an accept6 or reject6 line. The line is
    ignored, but the rest of the policy items in the list are used.
    (accept/reject continue to allow both IPv4 and IPv6 addresses in torrcs.)
  * a "private" address alias is used on an accept6 or reject6 line.
    The line filters both IPv4 and IPv6 private addresses, disregarding
    the 6 in accept6/reject6.

When parsing torrc ExitPolicies, we now issue an info-level message:
  * when expanding an accept/reject * line to include both IPv4 and IPv6
    wildcard addresses.

In each instance, usage advice is provided to avoid the message.

Partial fix for ticket 16069. Patch by "teor".
Patch on 2eb7eafc9d and a96c0affcb (25 Oct 2012),
released in 0.2.4.7-alpha.
2015-09-16 00:13:03 +10:00
teor (Tim Wilson-Brown)
31eb486c46 Add get_interface_address[6]_list for a list of interface IP addresses
Add get_interface_address[6]_list by refactoring
get_interface_address6. Add unit tests for new and existing functions.

Preparation for ticket 17027. Patch by "teor".
Patch on 42b8fb5a15 (11 Nov 2007), released in 0.2.0.11-alpha.
2015-09-15 17:04:18 +10:00
teor (Tim Wilson-Brown)
99d2869ab5 Add unit tests for wildcard, IPv4, IPv6 routerset parsing
Tests changes to enable IPv6 literals in routerset_parse in #17060.
Patch by "teor".
2015-09-14 20:16:43 +10:00
teor (Tim Wilson-Brown)
c58b3726d6 Allow IPv6 literal addresses in routersets
routerset_parse now accepts IPv6 literal addresses.

Fix for ticket 17060. Patch by "teor".
Patch on 3ce6e2fba2 (24 Jul 2008), and related commits,
released in 0.2.1.3-alpha.
2015-09-14 20:01:36 +10:00
teor (Tim Wilson-Brown)
60312dc08b Update comments about ExitPolicy parsing
Fix incomplete and incorrect comments.

Comment changes only.
2015-09-14 11:12:28 +10:00
Nick Mathewson
a444b11323 Convince coverity that we do not have a particular memory leak 2015-09-13 14:44:46 -04:00
Nick Mathewson
902517a7c0 Use SSL_get_client_ciphers() on openssl 1.1+, not SSL_get_ciphers...
(which isn't correct.)

Fixes bug 17047; bugfix on 0.2.7.2-alpha, introduced by the merge in
0030765e04, apparently.
2015-09-13 11:51:51 -04:00
David Goulet
8b98172579 Add a rend cache failure info dup function
When validating a new descriptor against our rend cache failure, we were
added the failure entry to the new cache entry without duplicating. It was
then freed just after the validation ending up in a very bad memory state
that was making tor abort(). To fix this, a dup function has been added and
used just before adding the failure entry.

Fixes #17041

Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-09-11 15:09:07 +02:00
Nick Mathewson
41891cbf93 Merge remote-tracking branch 'public/ed25519_hup_v2' 2015-09-10 10:37:13 -04:00
Nick Mathewson
901732a1bc Merge remote-tracking branch 'teor/make-test-network-all' 2015-09-10 10:35:06 -04:00
Nick Mathewson
5342760a5b Merge remote-tracking branch 'teor/configure-use-colon' 2015-09-10 10:03:44 -04:00
teor (Tim Wilson-Brown)
4bc8dc1c76 fixup Some slower configurations need 35 seconds to bootstrap
Some slower configurations, like OS X i386, need 35 seconds to reliably
bootstrap larger chutney networks. Increase default bootstrap time in
src/test/test-network.h to 35 seconds.
2015-09-10 17:40:47 +10:00
teor (Tim Wilson-Brown)
c6383bf90b Use : rather than /bin/true in configure.ac
Some platforms have true at different locations, like /usr/bin/true.
2015-09-10 17:33:59 +10:00
Nick Mathewson
6f35fd07c9 Bump default test-network bootstrap time to 35 sec (see 16953) 2015-09-09 13:23:32 -04:00
Nick Mathewson
fa89eb60e9 Merge remote-tracking branch 'yawning/feature15482_fixup' 2015-09-09 09:56:59 -04:00
Yawning Angel
f6c446db47 Check NoKeepAliveIsolateSOCKSAuth in a better place.
No functional changes, but since NoKeepAliveIsolateSOCKSAuth isn't
part of isoflag, it should be checked where all other similar options
are, and bypass the (no-op) masking at the end.
2015-09-09 13:52:30 +00:00
Nick Mathewson
2f8c0584bf Fold changes files into changelog 2015-09-09 09:44:31 -04:00
Nick Mathewson
638e5f976b Fix warnings from lintChanges 2015-09-09 09:35:05 -04:00
Sebastian Hahn
46e22762fa Keep unused smartlist storage zeroed
Helps catch bugs with our smartlist usage and shouldn't be too
expensive. If it shows up in profiles we can re-investigate.
2015-09-09 15:23:25 +02:00
Nick Mathewson
98be93d6d7 changes file for 16953 2015-09-08 14:44:34 -04:00
Nick Mathewson
c59257d378 Merge remote-tracking branch 'teor/make-test-network-all' 2015-09-08 14:43:34 -04:00
teor (Tim Wilson-Brown)
036966e3ec Increase default boostrap time in test-network.sh
Increase default boostrap time in test-network.sh to 30 seconds,
for larger networks like bridges+ipv6+hs.

This avoids the failure-hiding issues inherent in the retry approach
in #16952.
2015-09-09 04:21:07 +10:00
Nick Mathewson
7ffc048f0a Make NoKeepAliveIsolateSOCKSAuth work as expected 2015-09-08 14:03:54 -04:00
Nick Mathewson
fcec1f3381 Merge branch 'feature15482_squashed' 2015-09-08 14:03:04 -04:00
Yawning Angel
54510d4d1a Add KeepAliveIsolateSOCKSAuth as a SOCKSPort option.
This controls the circuit dirtyness reset behavior added for Tor
Browser's user experience fix (#15482). Unlike previous iterations
of this patch, the tunable actually works, and is documented.
2015-09-08 14:02:08 -04:00
teor (Tim Wilson-Brown)
60c6debda8 make test-network-all exit 1 if any test network fails 2015-09-09 03:06:01 +10:00
Nick Mathewson
4c6fd7106f Merge branch 'bug16980' 2015-09-08 10:41:51 -04:00
Nick Mathewson
280672bdbc Handle negative inputs to crypto_random_time_range().
(These inputs are possible when Shadow starts the world at time_t 0,
and breaks our assumption that Tor didn't exist in the 1970s.)

Fixes regression introduced in 241e6b09. Fixes #16980.
2015-09-08 10:22:01 -04:00
teor (Tim Wilson-Brown)
5feae32f46 Add "make test-network-all" to verify multiple test networks
make test-network-all is Makefile target which verifies a series
of test networks generated using test-network.sh and chutney.

It runs IPv6 and mixed version test networks if the prerequisites are
available.

Each test network reports PASS, FAIL, or SKIP.
Closes ticket 16953. Patch by "teor".

Also adds "--hs-multi-client 1" option to TEST_NETWORK_FLAGS.
This resolves #17012.

Larger networks, such as bridges+hs, may fail until #16952 is merged.
2015-09-08 22:27:59 +10:00
teor (Tim Wilson-Brown)
6b118e1e1e Make test-network.sh more robust against arguments containing spaces 2015-09-08 22:27:12 +10:00
Donncha O'Cearbhaill
08b1738a18 Add changelog entry for feature #14846 2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
d47a4aec66 Separate lookup function for service rend cache
Performing lookups in both the client and service side descriptor
caches from the same rend_cache_lookup_entry() function increases the
risk of accidental API misuse.

I'm separating the lookup functions to keep the caches distinct.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
61ef356ab3 Rename rend_cache_service to rend_cache_local_service for clarity 2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
335d0b95d3 Clean old descriptors from the service-side rend cache
Parameterize the rend_cache_clean() function to allow it clean
old rendezvous descriptors from the service-side cache as well as
the client descriptor cache.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
ee1a4ce8b2 Require explict specification of cache type 2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
293410d138 Add replica number to HS_DESC CREATED event
Including the replica number in the HS_DESC CREATED event provides
more context to a control port client. The replica allows clients
to more easily identify each replicated descriptor from the
independantly output control events.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
0bd68bf986 Clean up service-side descriptor cache and fix potential double-free.
Entries in the service-side descriptor cache are now cleaned when
rend_cache_free_all() is called. The call to tor_free(intro_content)
in rend_cache_store_v2_desc_as_service() is moved to prevent a
potential double-free when a service has a descriptor with a newer
timestamp already in it's service-side descriptor cache.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
5dc2cbafef Specify descriptor cache type in rend_cache_lookup_entry()
Adds an Enum which represents the different types of rendezvous
descriptor caches. This argument is passed in each call to
rend_cache_lookup_entry() to specify lookup in the client-side or
service-side descriptor caches.
2015-09-08 12:34:05 +02:00
Donncha O'Cearbhaill
580673cf94 Add GETINFO hs/service/desc/id/ control command
Adds a control command to fetch a local service descriptor from the
service descriptor cache. The local service descriptor cache is
referenced by the onion address of the service.

This control command is documented in the control spec.
2015-09-08 12:33:56 +02:00
Nick Mathewson
d70b1b4da1 Never ever try to load the secret key if offline_master is set
(Not even if we can't find the public key.)
2015-09-04 09:55:07 -04:00
Nick Mathewson
0ba4e0895a Add "OfflineMasterKey" option
When this is set, and Tor is running as a relay, it will not
generate or load its secret identity key.  You can manage the secret
identity key with --keygen.  Implements ticket 16944.
2015-09-04 09:55:07 -04:00
Nick Mathewson
81e3deeb54 Fix an alignment issue in our extensions to ed25519_donna
Apparently this only happens with clang (or with some particular
clang versions), and only on i386.

Fixes 16970; bug not in any released Tor.

Found by Teor; fix from Yawning.
2015-09-04 09:30:59 -04:00
Nick Mathewson
81e58cd00a Fix windows test_keygen.sh. This time I think I have it! 2015-09-03 15:23:10 -04:00
Nick Mathewson
aa430c7225 Now normalize_exit has a bug number. 2015-09-03 15:10:57 -04:00
Nick Mathewson
604a18e680 Use absolute path for datadir in test_keygen.sh 2015-09-03 14:53:50 -04:00
Nick Mathewson
b63034ce3e Try to fix #16974; bug not in any released version 2015-09-03 14:42:50 -04:00
Nick Mathewson
ffb56863aa Make test_keygen.sh dump what the problem is on cmp failure 2015-09-03 12:51:58 -04:00