Nick Mathewson
2ba6542517
Merge remote-tracking branch 'sysrqb/bug15220_026_sysrqb'
2015-07-16 15:38:08 -04:00
Nick Mathewson
cc3a791d55
fix a windows unused var warning
2015-06-28 02:18:15 -04:00
David Goulet
699acd8d54
Validate the open file limit when creating a socket
...
Fixes #16288
Signed-off-by: David Goulet <dgoulet@ev0ke.net>
2015-06-25 11:30:47 -04:00
Nick Mathewson
2f67a6e8c9
Merge remote-tracking branch 'origin/maint-0.2.6'
2015-06-04 15:02:47 -04:00
Yawning Angel
f2ff814582
Set session_group after the port's data structure has been populated.
...
Fixes #16247 , patch by "jojelino".
2015-06-04 13:53:35 +00:00
Yawning Angel
915c7438a7
Add "ADD_ONION"/"DEL_ONION" and "GETINFO onions/*" to the controller.
...
These commands allow for the creation and management of ephemeral
Onion ("Hidden") services that are either bound to the lifetime of
the originating control connection, or optionally the lifetime of
the tor instance.
Implements #6411 .
2015-04-28 10:19:08 -04:00
Yawning Angel
196499da73
Use a custom Base64 encoder with more control over the output format.
2015-04-23 09:06:58 -04:00
Sebastian Hahn
348f2744cf
Initialize two variables
...
This is a trivial change to get around two compiler warnings when
assertions are removed during coverage builds.
2015-03-21 02:00:17 +01:00
Nick Mathewson
809517a863
Allow {World,Group}Writable on AF_UNIX {Socks,Control}Ports.
...
Closes ticket 15220
2015-03-11 13:31:33 -04:00
Roger Dingledine
a1bdb6e42c
fix typo in comment
2015-03-03 19:12:27 -05:00
Nick Mathewson
f1fa85ea73
Fix running with the seccomp2 sandbox
...
We had a regression in 0.2.6.3-alpha when we stopped saying
IPPROTO_TCP to socket(). Fixes bug 14989, bugfix on 0.2.6.3-alpha.
2015-02-23 12:16:08 -05:00
Sebastian Hahn
e0c3de40ad
Fix check-spaces complaints
2015-02-06 21:36:40 +01:00
Nick Mathewson
d1e52d9a2a
Correctly handle OutboundBindAddress again.
...
ca5ba2956b
broke this; bug not in any
released Tor.
Also fix a typo.
Fixes 14541 and 14527. Reported by qbi.
2015-01-30 07:29:23 -05:00
Nick Mathewson
4c1a779539
Restrict unix: addresses to control and socks for now
2015-01-29 14:51:59 -05:00
Nick Mathewson
204374f7d9
Remove SocksSocket; it's now spelled differently thanks to 14451
...
Also, revise bug12585 changes file to mention new syntax
2015-01-29 14:46:20 -05:00
Andrea Shepard
ca5ba2956b
Support connection_exit_connect() to AF_UNIX sockets
2015-01-28 14:30:23 -05:00
Nick Mathewson
23fc1691b6
Merge branch 'better_workqueue_v3_squashed'
2015-01-21 14:47:16 -05:00
Nick Mathewson
4b23b398a3
Merge branch 'bug8546_squashed'
...
Conflicts:
src/or/connection.c
src/or/or.h
src/or/relay.c
2015-01-16 09:31:50 -05:00
Nick Mathewson
49bdfbabb4
Replace field-by-field copy with memcpy for entry_port_cfg
2015-01-16 09:23:03 -05:00
Nick Mathewson
13dac5e463
Move entry_port_cfg_t fields in entry_connection_t
...
Also rename some options for uniformity, and apply this script:
@@
entry_connection_t *conn;
@@
conn->
+entry_cfg.
\(
isolation_flags
\|
session_group
\|
socks_prefer_no_auth
\|
ipv4_traffic
\|
ipv6_traffic
\|
prefer_ipv6
\|
cache_ipv4_answers
\|
cache_ipv6_answers
\|
use_cached_ipv4_answers
\|
use_cached_ipv6_answers
\|
prefer_ipv6_virtaddr
\)
2015-01-16 09:22:58 -05:00
Nick Mathewson
58d17add5e
Combine entry_port_cfg_t fields in listener_connection_t
...
Also, revise the code using these options with this cocci script:
@@
listener_connection_t *conn;
@@
conn->
+entry_cfg.
\(
isolation_flags
\|
session_group
\|
socks_prefer_no_auth
\|
ipv4_traffic
\|
ipv6_traffic
\|
prefer_ipv6
\|
cache_ipv4_answers
\|
cache_ipv6_answers
\|
use_cached_ipv4_answers
\|
use_cached_ipv6_answers
\|
prefer_ipv6_virtaddr
\)
2015-01-16 09:22:53 -05:00
Nick Mathewson
f444f2b1d3
Split client-specific and server-specific parts of port_cfg_t
...
Also, apply this cocci script to transform accesses. (Plus manual
migration for accesses inside smartlist_foreach loops.)
@@
port_cfg_t *cfgx;
@@
cfgx->
+server_cfg.
\(
no_advertise
\|
no_listen
\|
all_addrs
\|
bind_ipv4_only
\|
bind_ipv6_only
\)
@@
port_cfg_t *cfgx;
@@
cfgx->
+entry_cfg.
\(
isolation_flags
\|
session_group
\|
socks_prefer_no_auth
\|
ipv4_traffic
\|
ipv6_traffic
\|
prefer_ipv6
\|
cache_ipv4_answers
\|
cache_ipv6_answers
\|
use_cached_ipv4_answers
\|
use_cached_ipv6_answers
\|
prefer_ipv6_virtaddr
\)
2015-01-16 09:22:49 -05:00
Nick Mathewson
1e896214e7
Refactor cpuworker to use workqueue/threadpool code.
2015-01-14 11:23:34 -05:00
Nick Mathewson
518b0b3c5f
Do not log a notice on every socks connection
2015-01-14 09:54:40 -05:00
Nick Mathewson
17c568b95c
Fix new unused variable warning in connection_listener_new
2015-01-13 13:45:35 -05:00
Andrea Shepard
066acaf6b9
Explicitly chmod AF_UNIX sockets to 0600 when *GroupWritable isn't specified
2015-01-13 00:27:04 +00:00
Andrea Shepard
4316bb601a
Remove no-longer-accurate comment from connection.c
2015-01-13 00:21:59 +00:00
Andrea Shepard
62f297fff0
Kill duplicated code in connection_listener_new()
2015-01-12 16:26:34 +00:00
Andrea Shepard
a3bcde3638
Downgrade open/close log message for SocksSocket
2015-01-07 22:57:51 +00:00
Andrea Shepard
2ca1c386b0
Bring sanity to connection_listener_new()
2015-01-07 22:51:24 +00:00
Andrea Shepard
48633c0766
Rename is_tcp in connection_listener_new(), since AF_UNIX means SOCK_STREAM no longer implies TCP
2015-01-07 19:45:59 +00:00
Andrea Shepard
c6451e4c9f
Refactor check_location_for_unix_socket()/check_location_for_socks_unix_socket() to eliminate duplicated code
2015-01-07 19:17:04 +00:00
Jacob Appelbaum
8d59ddf3cb
Commit second draft of Jake's SOCKS5-over-AF_UNIX patch. See ticket #12585 .
...
Signed-off-by: Andrea Shepard <andrea@torproject.org>
2015-01-07 17:42:57 +00:00
Nick Mathewson
1abd526c75
Merge remote-tracking branch 'public/bug12985_025'
2015-01-07 11:55:50 -05:00
Nick Mathewson
f54e54b0b4
Bump copyright dates to 2015, in case someday this matters.
2015-01-02 14:27:39 -05:00
Nick Mathewson
1c05dfd0b6
Merge branch 'ticket7356_squashed'
2014-12-21 14:48:53 -05:00
rl1987
fc7d5e598b
Using CHANNEL_FINISHED macro in connection.c
2014-12-21 14:48:38 -05:00
Nick Mathewson
a28df3fb67
Merge remote-tracking branch 'andrea/cmux_refactor_configurable_threshold'
...
Conflicts:
src/or/or.h
src/test/Makefile.nmake
2014-11-27 22:39:46 -05:00
Nick Mathewson
fcdcb377a4
Add another year to our copyright dates.
...
Because in 95 years, we or our successors will surely care about
enforcing the BSD license terms on this code. Right?
2014-10-28 15:30:16 -04:00
rl1987
14d59fdc10
Updating message that warns about running out of sockets we can use.
2014-10-28 14:13:25 -04:00
Andrea Shepard
8852a1794c
Track total queue size per channel, with overhead estimates, and global queue total
2014-09-30 22:49:03 -07:00
Nick Mathewson
b448ec195d
Clear the cached address from resolve_my_address() when our IP changes
...
Closes 11582; patch from "ra".
2014-09-29 13:47:58 -04:00
Nick Mathewson
e07206afea
Merge remote-tracking branch 'yawning/bug_8402'
2014-09-10 23:41:55 -04:00
Nick Mathewson
e3c143f521
Merge remote-tracking branch 'origin/maint-0.2.5'
2014-09-02 11:58:08 -04:00
Nick Mathewson
efcab43956
Fix a number of clang analyzer false-positives
...
Most of these are in somewhat non-obvious code where it is probably
a good idea to initialize variables and add extra assertions anyway.
Closes 13036. Patches from "teor".
2014-09-02 11:56:56 -04:00
Nick Mathewson
d8fe499e08
Revert "restore the sensible part of ac268a83408e1450544db2f23f364dfa3"
...
This reverts commit b82e166bec
.
We don't need that part in 0.2.5, since 0.2.5 no longer supports
non-multithreaded builds.
2014-08-29 12:25:05 -04:00
Nick Mathewson
b0138cd055
Merge remote-tracking branch 'public/bug12985_024' into bug12984_025
2014-08-29 12:24:52 -04:00
Nick Mathewson
b82e166bec
restore the sensible part of ac268a8340
...
We don't want to call event_del() postfork, if cpuworkers are
multiprocess.
2014-08-29 12:21:57 -04:00
Nick Mathewson
4144b4552b
Always event_del() connection events before freeing them
...
Previously, we had done this only in the connection_free() case, but
when we called connection_free_() directly from
connections_free_all(), we didn't free the connections.
2014-08-29 11:33:05 -04:00
Nick Mathewson
b408125288
Merge remote-tracking branch 'andrea/bug11302'
2014-07-16 16:58:41 +02:00
Anthony G. Basile
d504a4e36f
src/or/connection.c: expose bucket_millis_empty for bufferevents test
...
Currently tor fails to build its test when enabled with bufferevents
because an #ifndef USE_BUFFEREVENTS hides bucket_millis_empty() and
friends. This is fine if we don't run tests, but if we do, we need
these functions in src/or/libtor-testing.a when linking src/test/test.
This patch moves the functions outside the #ifndef and exposes them.
See downstream bug:
https://bugs.gentoo.org/show_bug.cgi?id=510124
2014-07-16 10:37:00 +02:00
Nick Mathewson
3a2e25969f
Merge remote-tracking branch 'public/ticket6799_024_v2_squashed'
...
Conflicts:
src/or/channel.c
src/or/circuitlist.c
src/or/connection.c
Conflicts involved removal of next_circ_id and addition of
unusable-circid tracking.
2014-06-11 11:57:56 -04:00
Nick Mathewson
6557e61295
Replace last_added_nonpadding with last_had_circuits
...
The point of the "idle timeout" for connections is to kill the
connection a while after it has no more circuits. But using "last
added a non-padding cell" as a proxy for that is wrong, since if the
last circuit is closed from the other side of the connection, we
will not have sent anything on that connection since well before the
last circuit closed.
This is part of fixing 6799.
When applied to 0.2.5, it is also a fix for 12023.
2014-06-11 11:27:04 -04:00
Nick Mathewson
463f6628d3
Give each or_connection_t a slightly randomized idle_timeout
...
Instead of killing an or_connection_t that has had no circuits for
the last 3 minutes, give every or_connection_t a randomized timeout,
so that an observer can't so easily infer from the connection close
time the time at which its last circuit closed.
Also, increase the base timeout for canonical connections from 3
minutes to 15 minutes.
Fix for ticket 6799.
2014-06-11 11:27:04 -04:00
Yawning Angel
1210bdf146
Log the correct proxy type on failure.
...
get_proxy_addrport fills in proxy_type with the correct value, so there
is no point in logging something that's a "best guess" based off the
config.
2014-05-21 08:14:39 +00:00
Yawning Angel
cd56b1a86e
Remove get_bridge_pt_addrport().
...
The code was not disambiguating ClientTransportPlugin configured and
not used, and ClientTransportPlugin configured, but in a failed state.
The right thing to do is to undo moving the get_transport_by_addrport()
call back into get_proxy_addrport(), and remove and explicit check for
using a Bridge since by the time the check is made, if a Bridge is
being used, it is PT/proxy-less.
2014-05-21 08:14:39 +00:00
Yawning Angel
41d2b4d3af
Allow ClientTransportPlugins to use proxies
...
This change allows using Socks4Proxy, Socks5Proxy and HTTPSProxy with
ClientTransportPlugins via the TOR_PT_PROXY extension to the
pluggable transport specification.
This fixes bug #8402 .
2014-05-21 08:14:38 +00:00
Nick Mathewson
9b4ac986cb
Use tor_getpw{nam,uid} wrappers to fix bug 11946
...
When running with User set, we frequently try to look up our
information in the user database (e.g., /etc/passwd). The seccomp2
sandbox setup doesn't let us open /etc/passwd, and probably
shouldn't.
To fix this, we have a pair of wrappers for getpwnam and getpwuid.
When a real call to getpwnam or getpwuid fails, they fall back to a
cached value, if the uid/gid matches.
(Granting access to /etc/passwd isn't possible with the way we
handle opening files through the sandbox. It's not desirable either.)
2014-05-14 13:53:14 -04:00
Nick Mathewson
d3c05a79f0
Merge branch 'scanbuild_fixes'
2014-04-25 01:24:39 -04:00
Nick Mathewson
895b6789e8
scan-build: get_proxy_addrport should always set its outputs
...
When get_proxy_addrport returned PROXY_NONE, it would leave
addr/port unset. This is inconsistent, and could (if we used the
function in a stupid way) lead to undefined behavior. Bugfix on
5b050a9b0
, though I don't think it affects tor-as-it-is.
2014-04-18 20:41:40 -04:00
Nick Mathewson
bd169aa9a5
Merge remote-tracking branch 'public/bug11553_024' into bug11553_025
...
Conflicts:
src/or/channel.h
2014-04-18 13:00:45 -04:00
Nick Mathewson
0d75344b0e
Switch to random allocation on circuitIDs.
...
Fixes a possible root cause of 11553 by only making 64 attempts at
most to pick a circuitID. Previously, we would test every possible
circuit ID until we found one or ran out.
This algorithm succeeds probabilistically. As the comment says:
This potentially causes us to give up early if our circuit ID
space is nearly full. If we have N circuit IDs in use, then we
will reject a new circuit with probability (N / max_range) ^
MAX_CIRCID_ATTEMPTS. This means that in practice, a few percent
of our circuit ID capacity will go unused.
The alternative here, though, is to do a linear search over the
whole circuit ID space every time we extend a circuit, which is
not so great either.
This makes new vs old clients distinguishable, so we should try to
batch it with other patches that do that, like 11438.
2014-04-18 12:58:58 -04:00
Nick Mathewson
c856193199
Merge remote-tracking branch 'andrea/bug11304'
2014-04-16 23:13:30 -04:00
Andrea Shepard
65a0f895c7
Check for orconns and use connection_or_close_for_error() when appropriate in connection_handle_write_impl()
2014-04-15 23:03:16 -07:00
Andrea Shepard
6ee9138576
Call connection_or_close_for_error() properly if write_to_buf() ever fails on an orconn
2014-04-15 21:25:49 -07:00
Andrea Shepard
a5544e589d
Close orconns correctly through channels when setting DisableNetwork to 1
2014-04-15 20:19:39 -07:00
Nick Mathewson
d290e36576
Fix make_socket_reusable() on windows. Bug not in any released Tor
2014-04-02 21:11:45 -04:00
Nick Mathewson
60abc4804f
Don't warn when setsockopt(SO_REUSEABLE) on accept()ed socket says EINVAL
...
This should fix bug10081. I believe this bug pertains to OSX
behavior, not any Tor behavior change.
2014-03-27 13:55:18 -04:00
Karsten Loesing
7450403410
Take out remaining V1 directory code.
2014-03-18 10:40:10 +01:00
Nick Mathewson
cce06b649e
Merge remote-tracking branch 'asn/bug11069_take2'
2014-03-11 11:04:47 -04:00
George Kadianakis
1c475eb018
Throw control port warning if we failed to connect to all our bridges.
2014-03-10 22:52:07 +00:00
Roger Dingledine
bd49653f8e
trivial whitespace fixes
2014-03-03 06:53:08 -05:00
Nick Mathewson
b3a6907493
Remove a bunch of functions that were never called.
2014-02-15 15:33:34 -05:00
Nick Mathewson
372adfa09a
Merge remote-tracking branch 'origin/maint-0.2.4'
2014-02-07 10:38:24 -05:00
Andrea Shepard
707c1e2e26
NULL out conns on tlschans when freeing in case channel_run_cleanup() is late; fixes bug 9602
2014-02-06 14:47:34 -08:00
Nick Mathewson
b4e8d8dc0e
Merge remote-tracking branch 'public/bug9716_024' into maint-0.2.4
2014-02-06 16:29:08 -05:00
Nick Mathewson
5991f9a156
TransProxyType replaces TransTPROXY option
...
I'm making this change now since ipfw will want its own option too,
and proliferating options here isn't sensible.
(See #10582 and #10267 )
2014-02-03 13:56:19 -05:00
Nick Mathewson
fd8947afc2
Move the friendly warning about TPROXY and root to EPERM time
...
I'm doing this because:
* User doesn't mean you're running as root, and running as root
doesn't mean you've set User.
* It's possible that the user has done some other
capability-based hack to retain the necessary privileges.
2014-02-02 15:45:00 -05:00
Nick Mathewson
09ccc4c4a3
Add support for TPROXY via new TransTPRoxy option
...
Based on patch from "thomo" at #10582 .
2014-01-31 12:59:35 -05:00
Nick Mathewson
8f793c38fb
Move other #9731 check to start of its functions
...
At arma's suggestion. Looks like I missed this one.
2013-10-31 14:29:18 -04:00
Nick Mathewson
96f92f2062
Move #9731 checks to start of their functions
...
At arma's suggestion.
2013-10-31 14:10:23 -04:00
Nick Mathewson
702c0502cf
Merge remote-tracking branch 'public/bug9731'
2013-10-31 14:09:18 -04:00
Karsten Loesing
2e0fad542c
Merge branch 'morestats4' into morestats5
...
Conflicts:
doc/tor.1.txt
src/or/config.c
src/or/connection.h
src/or/control.c
src/or/control.h
src/or/or.h
src/or/relay.c
src/or/relay.h
src/test/test.c
2013-10-28 12:09:42 +01:00
Nick Mathewson
4b8282e50c
Log the origin address of controller connections
...
Resolves 9698; patch from "sigpipe".
2013-10-25 11:52:45 -04:00
Nick Mathewson
67bb1a44bd
Merge remote-tracking branch 'public/bug9716_024'
2013-09-19 10:50:34 -04:00
Nick Mathewson
c5532889a8
Don't apply read/write buckets to cpuworker connections
...
Fixes bug 9731
2013-09-13 13:39:18 -04:00
Nick Mathewson
9205552daa
Don't apply read/write buckets to non-limited connections
...
Fixes bug 9731
2013-09-13 13:37:53 -04:00
Karsten Loesing
d5f0d792dd
Pass around const struct timeval * instead of struct timeval.
...
Suggested by nickm.
2013-09-12 10:10:38 +02:00
Nick Mathewson
a2754d418d
Try using INT_MAX, not SOMAXCONN, to set listen() backlog.
...
Fall back to SOMAXCONN if INT_MAX doesn't work.
We'd like to do this because the actual maximum is overrideable by the
kernel, and the value in the header file might not be right at all.
All implementations I can find out about claim that this is supported.
Fix for 9716; bugfix on every Tor.
2013-09-11 13:30:45 -04:00
Nick Mathewson
74262f1571
Merge branch 'bug5040_4773_rebase_3'
2013-08-15 12:04:56 -04:00
Nick Mathewson
03e3881043
Tests for connection_write_ext_or_command.
2013-08-15 12:03:36 -04:00
Nick Mathewson
c342ea9879
Unit tests for ext_or_id_map.
2013-08-15 12:03:36 -04:00
Peter Retzlaff
ebd4ab1506
Prepare patch for ticket 5129 for merging.
...
- Preserve old eventdns code.
- Add function to close sockets cross-platform, without accounting.
- Add changes/ file.
2013-08-02 09:35:24 -04:00
George Kadianakis
210210f219
Make the Extended ORPort understand the TRANSPORT command.
2013-07-18 14:59:56 -04:00
George Kadianakis
c46f1b810d
More Extended ORPort code improvements.
...
* Change name of init_ext_or_auth_cookie_authentication().
* Add a small comment.
2013-07-18 14:59:56 -04:00
George Kadianakis
d8f74cc439
Move Extended ORPort code to its own module.
...
Move the code from the connection_or module to ext_orport.
This commit only moves code: it shouldn't modify anything.
2013-07-18 14:59:56 -04:00
George Kadianakis
e2e0d09dab
Various Extended ORPort code improvements.
...
* Add documentation.
* Free ext_or_auth_correct_client_hash.
* Use VPORT(ExtORPort) instead of V(ExtORPOrt).
See dfe03d36c8
for details.
2013-07-18 14:59:56 -04:00
George Kadianakis
93b9f85d41
Prepare codebase for the implementation of Extended ORPort auth.
2013-07-18 14:59:56 -04:00
George Kadianakis
d303228eca
Create the Extended ORPort authentication cookie file.
2013-07-18 14:59:55 -04:00
Nick Mathewson
8bf0382b22
Skeleton ExtORPort implementation. Needs testing, documentation.
...
Does not implement TransportControlPort yet.
2013-07-18 14:59:55 -04:00