Add a LastRotatedOnionKey variable to the state file, so we can rotate onion keys a week after they change even if we never stay up for a whole week at a time. Should fix bug 368.
svn:r9120
New socks command CONNECT_DIR. New config option TunnelDirConns that
builds a circ ending at the directory server and delivers a BEGIN_DIR
cell if it's running 0.1.2.2-alpha or later. We still need to make
one-hop circs when appropriate, while making other conns avoid them.
svn:r9098
intended. this way we don't call resolve-my-address, which
yells and screams if we're using an internal address (mere
clients should not have to care).
svn:r8998
Fix router_new_address_suggestion() so it only changes last_guessed_ip() when it actually calls resolve_my_address(). (bug found by dev-girl)
svn:r8996
Win32 patch from Matt Edman: fix compilation bugs by casting to int; defining SSIZE_T; defining USE_TWOS_COMPLEMENT in windows orconfig.h; and using the proper names for win32 functions on GetProcAddress. Also fixes bug 295.
svn:r8669
The otherwise regrettable MIPSpro C compiler warns about values set but never used, and about mixing enums and ints; these are good warnings, and so should be fixed. This removes some dead code and some potential bugs. Thanks to pnx.
svn:r8664
Partial implementation of revised nickname syntax for controllers. Implement ability to look up routers by "verbose" nicknames; add a per-v1-control-connection flag to turn the feature on in events. Needs testing, spec, ability to actually turn on the flag, double-checking that we wont overflow any nickname buffers, and changelog.
svn:r8582
hidden service authorities too.
- Just because your DirPort is open doesn't mean people should be
able to remotely teach you about hidden service descriptors. Now
only accept rendezvous posts if you've got HSAuthoritativeDir set.
svn:r8573
Make "is a v1 authority", "is a v2 authority", and "is a hidden service authority" into separate flags so we can eventually migrate more trust away from moria.
svn:r8523
(we avoid simply by not doing any new tests when we change IPs --
it looks like we retain our previous bandwidth estimates, so there's
no need to do new exercise. though in some cases new exercises may
still be useful. one day we'll do something smarter.)
svn:r8402
Refactor dirserv_parse_fingerprint_file(fname) into dirserv_load_fingerprint_file():
There is not need to put together the path to the approved-routers file in more than one place.
svn:r8386
Refactor connection_t into edge, or, dir, control, and base subtypes. This might save some RAM on busy exit servers, but really matters most in terms of correctness.
svn:r6906
to be reachable. This will help reduce the number of descriptors
we have for ourselves floating around, since it's quite likely
other things (e.g. DirPort) will change during that minute too.
svn:r6786
by asking the directory authorities. This code only kicks in when you
would normally have exited with a "no address" error.
This design is flawed, though, since the X-Your-Address-Is header is not
authenticated, and doing it this way introduces too many new attacks. The
right answer is to give IP address hints inside the HELLO cell; much of
this code can be reused when we switch.
svn:r6774
try to rebuild long-term connections to directory authorities, and
directory authorities no longer try to rebuild long-term connections to
all servers.
We still don't hang up connections in these two cases though -- we need
to look at it more carefully to avoid flapping, and we likely need to
wait til 0.1.1.x is obsolete.
svn:r6712
1) Surround all constants by (parens), whether we'll be using them
in a denominator or not.
2) Express all time periods as products (24*60*60), not as multiplied-out
constants (86400).
3) Comments like "(60*60) /* one hour */" are as pointless as comments
like "c = a + b; /* set c to the sum of a and b */". Remove them.
4) All time periods should be #defined constants, not given inline.
5) All time periods should have doxygen comments.
6) All time periods, unless specified, are in seconds. It's not necessary
to say so.
To summarize, the old (lack of) style would allow:
#define FOO_RETRY_INTERVAL 60*60 /* one hour (seconds) */
next_try = now + 3600;
The new style is:
/** How often do we reattempt foo? */
#define FOO_RETRY_INTERVAL (60*60)
next_try = now + RETRY_INTERVAL;
svn:r6142
FetchServerDescriptors and FetchHidServDescriptors for whether
to fetch server info and hidserv info or let the controller do it,
and also PublishServerDescriptor and PublishHidServDescriptors.
Add AllDirActionsPrivate undocumented option -- if you set it, you'll
need the controller to bootstrap you enough to build your first circuits.
svn:r6047
This means all exit policies will begin with rejecting private addresses,
unless the server operator explicitly turns it off.
Also, make our code to remove redundancies in the exit policy smarter,
so it can detect "reject foo, reject bar, reject *" patterns.
Lastly, we can get rid of the "exit policy implicitly accepts" code,
since we make everything more explicit now.
svn:r5888
could start doing reachability testing using the new IP address and
ports. This is because we were using the internal descriptor to learn
what to test, yet we were only rebuilding the descriptor once we
decided we were reachable.
svn:r5723
we screwed up the formatting in wild and unpredictable ways.
fix it before it becomes convention to format logs in wild and
unpredictable ways.
still need to do src/common/ someday.
svn:r5551
don't tell you (it happens!); and rotate TLS connections once a week.
1) If an OR conn becomes more than a week old, make it obsolete.
2) If it's obsolete and empty, kill it.
3) When an OR makes a second connection to you, allow it.
4) If we want to send a new create cell, but the best conn we've
got is obsolete, and the router is 0.1.1.9-alpha-cvs or later, ask
for a new conn instead.
5) When we time out on circuit building on the first hop, make that
connection obsolete.
svn:r5429
warn when we'recalling a non-named server by its nickname;
don't warn twice about the same name.
Fix a bug in routers_update_status_from_networkstatus that made nearly
all clients never update routerinfo_t.is_named.
Try to list MyFamily elements by key, not by nickname.
Only warn about names that we generated ourself, or got from the local
user.
On TLS handshake, only check the other router's nickname against its
expected nickname if is_named is set.
svn:r5185
The main change is to not advertise if we're running at capacity and
either a) we could hibernate or b) our capacity is low and we're using
a default dirport.
svn:r5148
connection.c:
- Add some more connection accessor functions to make directory
download redundancy checking work.
directory.c, or.h, router.c, routerlist.c:
- Start on logic to note when networkstatus downloads fail.
dirserv.c, routerlist.c, routerparse.c:
- Start maintaining an is_named field in routerstatus_t. Don't
actually look at it yet.
dirserv.c, routerlist.c:
- Remove expired networkstatus objects.
or.h:
- Make some booleans into bitfields
- Add prototypes
routerlist.c:
- Sort networkstatus list by publication time
- Function to remove old (older than 10 days) networkstatus objects.
- Function to set a list of routerinfo_ts' status info from the
current set of networkstatus objects.
- Function to tell which routerinfos we need to download based no the
current set of networkstatus objects.
- Do not launch a networkstatus download if a redundant one is in progress.
routerparse.c:
- Keep router entries in networkstatus sorted by digest.
svn:r5012
- Distinguish v1 authorities (all currently trusted directories) from
v2 authorities (all trusted directories).
- Add configuration option for which dirs are v1 authories.
- Add configuration option for whether to be a v1 authority.
- Make trusted dirserver selection functions take options to
choose which functionality we need.
- Remove option when getting directory cache to see whether they
support running-routers; they all do now. Replace it with one
to see whether caches support v2 stuff.
- Parse, cache, and serve network-status objects properly.
- Serve compressed groups of router descriptors. The compression logic
here could be more memory-efficient.
-
svn:r4911
Probably very buggy, since I can't actually run an authdir.
Features
- Generate and publish new network-status format
- Code to cache and re-serve network-status objects generated by others.
- Publish individual descriptors (by fingerprint, by "all", and by
"tell me yours.") [Still needs compression logic]
- Publish client and server recommended versions seprately.
- Add digest of descriptor to routerinfo_t, so we can track them better, and
length, so we can server them more easily.
Cleanups
- Unify code to sign directory-like things
- Make resolve_my_address() able to tell you which name it wound up resolving.
- Unify code to store and serve directory-like things so it all uses
cached_dir_t.
- Unify code to set the value of cached_dir_t objects.
svn:r4835
Tor server, and only list them as running if they've been found to
be reachable.
Dirservers also log trouble servers, but only start complaining loudly
after they've been up for an hour, to reduce false positives. We still
need to do something about the fact that it is quite loud when there
are many trouble servers.
svn:r4829
Force new descriptor upload every 18 hours, not 24, to avoid races.
Change rate-limiting on new descriptors due to bandwidth changes, from
45 minutes to 20 minutes.
svn:r4814
when building testing circs for orport testing, require high-bandwidth
nodes, so fewer circs fail. complain about unreachable orport separately
from unreachable dirport.
svn:r3935
Add 'testing' circuit purpose, for reachability testing.
Notice when our IP changes, and reset stats.
Try to pull down a directory via Tor to see if our DirPort is working.
Try to extend a circuit back to us to see if our ORPort is working.
Only publish a descriptor if they're both reachable.
These mostly work, and I'd better get them in before I cause conflicts.
svn:r3703
- Mapaddress
- Postdescriptor
- GetInfo on descriptors
Required changes elsewhere:
- Keep the most recent running_routers_t in the routerlist_t. That way we
can learn about new routers and remember whether we were last told that
they were up or down. Also enables more simplifications.
- Keep the signed descriptor inside routerinfo_t. This makes
descriptor_entry_t in dirservers.c unneeded.
- Rename AddressMap (the verb) to MapAddress. Keep AddressMap as a noun.
- Check addresses for plausibility before mapping them.
svn:r3696
this is important for the dirport, because clients will still
ask you for a directory, and they'll be sad when you're down.
and do the other ports too, because hey, they're not listening.
svn:r3133
Now we can try setting an option but back out if it fails to parse, or
if it's disallowed (e.g. changing RunAsDaemon from 1 to 0).
Use parse_line_from_str rather than parse_line_from_file.
svn:r2692
maintain it.
Have clients default to the nickname "client" in their certificates.
Give a less frightening warning on obsolete (pre-0.0.8) routerinfo_t's.
svn:r2568
files have really old descriptors for the authdirservers, so we're
asking them in the new format because they're too old.
now we actually compare the version to a cutoff version, and act
appropriately.
also take this chance to use only >=0.0.8 servers for dns resolves,
because of the recent bugs. we'll bump to >=0.0.9pre1 once there are
some servers running that.
svn:r2380
options->Address with the resolved one at startup.
o detect our address right before we make a routerinfo each time.
o external IP vs bind-IP. Already done, just use options->Address.
o OutboundBindAddress config option, to bind to a specific
IP address for outgoing connect()s.
svn:r2241
o and/or while avoiding unreliable nodes, depending on goals
o 'fascistfirewall' option to pick dirservers on port 80 and ORs on
port 443.
o if a begin failed due to exit policy, but we believe the IP should have been allowed, switch that router to exitpolicy reject *:* until we get our next directory.
svn:r2231
introduce an authdir_mode() macro to match the others.
don't initialize uptime to the number of seconds since 1970.
non-authoritative dirservers don't cache their directory on disk.
make only authdirservers use clique_mode.
only read approved-routers file if you're an authdirserver.
even authdirservers fetch a new directory in do_hup.
retry_all_connections() is now called retry_all_listeners().
router_parse_list_from_string() correctly reports the router number
it's working on.
only call dirserv_add_own_fingerprint() and
dirserv_add_descriptor() on startup if we're an authdirserver.
if AuthDir and !ORPort then fail.
if AuthDir and ClientOnly then fail.
svn:r2061
